Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure NTP Authentication Function

In the network with high requirement for the security, when running the NTP protocol, it is necessary to enable the authentication function. Authenticate the packet interacted by the NTP clock service requester and clock service provider to ensure that the clock service requester is synchronized with the valid time, improving the network security.

Configuration Condition

To configure the NTP authentication function, first complete the following task:

  • Configure the network layer address of the interface, making the network layer between the NTP clock service requester and clock service provider reachable.
  • The NTP clock service provider enables NTP.

Configure NTP Client/Server Authentication

When configuring the NTP client/server authentication, it is necessary to enable the authentication function on the client and server, configure the authentication key, set the authentication key as the trusted key, and specify the key associated with the server on the client.

Perform the following configuration on the NTP client.

Table 4-10 Configure the NTP client authentication


 

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Enable the NTP authentication function

ntp authenticate

Mandatory

By default, do not enable the NTP authentication function.

Configure the authentication key

ntp authentication-key key-number md5 {0 plain-key | 7 cipher-key}

Mandatory

By default, do not configure the authentication key.

Configure the specified key as the trusted key

ntp trusted-key key-number

Mandatory

By default, do not specify the trusted key.

Specify the key associated with the server

ntp server [ vrf vrf-name ] { ip-address | domain-name | ipv6 ipv6-address } [ version version | source interface-name ] key key-number

Mandatory

Perform the following configuration on the NTP server.

Table 4-11 Configure the NTP server authentication


 

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Enable the NTP authentication function

ntp authenticate

Mandatory

By default, do not enable the NTP authentication function.

Configure the authentication key

ntp authentication-key key-number md5 {0 plain-key | 7 cipher-key}

Mandatory

By default, do not configure the authentication key.

Specify the key as the trusted key

ntp trusted-key key-number

Mandatory

By default, do not specify the trusted key.

note


  • The server and client need to be configured with the same authentication key.

Configure NTP Peer Authentication

When configuring the NTP peer authentication, it is necessary to enable the authentication function on the active peer and passive peer, configure the authentication key, set the authentication key as the trusted key, and specify the key associated with the passive peer on the active peer.

Perform the following configuration on the NTP active peer.

Table 4-12 Configure the NTP active peer authentication


 

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Enable the NTP authentication function

ntp authenticate

Mandatory

By default, do not enable the NTP authentication function.

Configure the authentication key

ntp authentication-key key-number md5 {0 plain-key | 7 cipher-key}

Mandatory

By default, do not configure the authentication key.

Specify the key as the trusted key

ntp trusted-key key-number

Mandatory

By default, do not specify the trusted key.

Specify the key associated with the passive peer

ntp peer [ vrf vrf-name ] ip-address | domain-name | ipv6 ipv6-address [ version version | source interface-name ] key key-number

Mandatory

Perform the following configuration on the NTP passive peer.

Table 4-13 Configure the NTP passive peer authentication


 

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Enable the NTP authentication function

ntp authenticate

Mandatory

By default, do not enable the NTP authentication function.

Configure the authentication key

ntp authentication-key key-number md5 {0 plain-key | 7 cipher-key}

Mandatory

By default, do not configure the authentication key.

Specify the key as the trusted key

ntp trusted-key key-number

Mandatory

By default, do not specify the trusted key

note

  • The active peer and passive peer need to be configured with the same authentication key.

Configure NTP Broadcast Authentication

When configuring the NTP broadcast authentication, it is necessary to enable the authentication function on the broadcast client and broadcast server, configure the authentication key, set the authentication key as the trusted key, and specify the key associated with the broadcast server.

Perform the following configuration on the NTP broadcast client.

Table 4-14 Configure the NTP broadcast client authentication


 

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Enable the NTP authentication function

ntp authenticate

Mandatory

By default, do not enable the NTP authentication function.

Configure the authentication key

ntp authentication-key key-number md5 {0 plain-key | 7 cipher-key}

Mandatory

By default, do not configure the authentication key.

Specify the key as the trusted key

ntp trusted-key key-number

Mandatory

By default, do not specify the trusted key.

Perform the following configuration on the NTP broadcast server.

Table 4-15 Configure the NTP broadcast server authentication


 

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Enable the NTP authentication function

ntp authenticate

Mandatory

By default, do not enable the NTP authentication function.

Configure the authentication key

ntp authentication-key key-number md5 {0 plain-key | 7 cipher-key}

Mandatory

By default, do not configure the authentication key.

Specify the key as the trusted key

ntp trusted-key key-number

Mandatory

By default, do not specify the trusted key.

Enter the interface configuration mode

interface interface-name

-

Specify the key associated with the broadcast server

ntp broadcast-server [ version version- number ] key key-number

Mandatory

note


  • The broadcast server and broadcast client need to be configured with the same authentication key.