Reference Guide

ManualsBrandsDell ManualsComputer equipmentForce10 Z9000

681

682

683

684

685

686

687

688

689

690

Configuring NTP Authentication

NTP authentication and the corresponding trusted key provide a reliable means of exchanging NTP packets with trusted

time sources.

NTP authentication begins when the first NTP packet is created following the configuration of keys. NTP authentication

in FTOS uses the message digest 5 (MD5) algorithm and the key is embedded in the synchronization packet that is sent

to an NTP time source.

FTOS Behavior: FTOS versions 8.2.1.0 and later use an encryption algorithm to store the authentication key that is

different from previous FTOS versions; beginning in FTOS version 8.2.1.0, FTOS uses data encryption standard (DES)

encryption to store the key in the startup-config when you enter the ntp authentication-key command.

Therefore, if your system boots with a startup-configuration from an FTOS version prior to 8.2.1.0 in which you have

configured ntp authentication-key, the system cannot correctly decrypt the key and cannot authenticate the

NTP packets. In this case, re-enter this command and save the running-config to the startup-config.

To configure NTP authentication, use the following commands.

1. Enable NTP authentication.

CONFIGURATION mode

ntp authenticate

2. Set an authentication key.

CONFIGURATION mode

ntp authentication-key number md5 key

Configure the following parameters:

– number: the range is from 1 to 4294967295. This number must be the same as the number in the ntp

trusted-key command.

– key: enter a text string. This text string is encrypted.

3. Define a trusted key.

CONFIGURATION mode

ntp trusted-key number

Configure a number from 1 to 4294967295.

The number must be the same as the number used in the ntp authentication-key command.

4. Configure an NTP server.

CONFIGURATION mode

ntp server ip-address [key keyid] [prefer] [version number]

Configure the IP address of a server and the following optional parameters:

– key keyid: configure a text string as the key exchanged between the NTP server and the client.

– prefer: enter the keyword prefer to set this NTP server as the preferred server.

– version number: enter a number as the NTP version. The range is from 1 to 3.

To view the NTP configuration, use the show running-config ntp command in EXEC privilege mode. The

following example shows an encrypted authentication key (in bold). All keys are encrypted.

Example of Viewing NTP Configuration

FTOS#show running ntp

ntp authenticate

ntp authentication-

key 345 md5 5A60910F3D211F02

689