Manualshelf

Configuration manual

ManualsBrandsEnterasys ManualsSwitchEnterasys C5G124-24
61626364656667686970
SNTP Configuration
4-12 System Configuration
Unicast Polling Mode
When an SNTP client is operating in unicast mode, SNTP update requests are made directly to a
server, configured using the set sntp server command. The client queries these configured SNTP
servers at a fixed poll-interval configured using the set sntp poll-interval command. The order in
which servers are queried is based on a precedence value optionally specified when you configure
the server. The lower the configured precedence value, the higher the precedence for that server.
The default is for all servers to have the same precedence. In this case, the server ordering is based
upon the indexing of the server table.
The SNTP client makes a request to the SNTP server. The client waits a period of time configured
using the set sntp poll-timeout command for a response from the server. If the poll timeout timer
expires, the client will resend another request, up to the number of retries specified by the set sntp
poll-retry command. If the retries have been exhausted, the client request is sent to the next server
with the lowest configured precedence value or the next server in the server table, if precedence
values are the same. If no server responds, the client waits the configured poll-interval time period
and the process starts over again.
Broadcast Listening Mode
With SNTP configured for broadcast listening mode, the client is passive and it is the broadcast
server that broadcasts the time to the client. Broadcast listening uses the same poll-interval,
poll-timeout and poll-retry values as unicast polling.
SNTP Authentication
The Simple Network Time Protocol (SNTP) is used to provide a precise time reference for time
critical applications. Therefore, SNTP can pose a security risk if malicious users attempt to corrupt
a SNTP timestamp to create a false time on network equipment. SNTP security mechanisms
ensure that only authorized servers are allowed to distribute time samples to the SNTP clients.
SNTP provides increased security in the form of authentication. Authentication is intended to
overcome security risks by ensuring that any response received from an SNTP time server has
come from the intended reference. The user defines a key on the switch and enables
authentication. The same key must be defined on the server in order for the switch to accept
timestamp information from the server.
The client sends a request for time to an SNTP server. The server then responds to the client with a
time sample, along with the encrypted keys configured on the SNTP server. Upon receipt of the
time sample, the client un-encrypts the key and verifies the key against the trusted key configured
on the switch for a specified SNTP server. The client can then be sure that the received time sample
was indeed transmitted from the authorized SNTP server.
SNTP utilizes MD5 authentication (Message Digest Encryption 5), which safeguards device
synchronization paths to SNTP servers. MD5 is 128-bit cryptographic hash function, which
outputs a fingerprint of the key. MD5 verifies the integrity of the communication and
authenticates the origin of the communication.
Authentication Key and Trusted Key List
The SNTP authentication key specifies the authentication instance to be used by the SNTP client
when authenticating with the SNTP server. The SNTP client supports the configuration of up to 5
authentication keys. The authentication key instance ID is a numeric value. Each authentication
key instance specifies the authentication type and password. SNTP authentication supports the
MD5 authentication algorithm. The password is known to both the SNTP client and server. The
password consists of an ASCII string of up to 32 non-white characters.