[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Configuring NTP Authentication

You can authenticate time synchronization to ensure that a C-series platform obtains its time services only from known sources. By default, network time synchronization is unauthenticated; the system synchronizes to whatever system appears to have the most accurate time. We highly recommend that you configure authentication of network time services.

Use the following configuration mode statements to configure authentication for NTP on a C-series platform:

system ntp {
    trusted-key [trusted-key...]; 
}

system ntp authentication-key key-number {
    value value;
}

system ntp broadcast address {
    key key; 
}

system ntp peer address {
    key key; 
}

system ntp server address {
    key key;
}

To configure NTP authentication:

  1. Specify authentication for other time servers.

Only time servers transmitting network time packets that contain one of the specified key numbers and whose key matches the value configured for that key number are eligible for synchronization. Other systems can synchronize to the local system without being authenticated.

[edit system ntp]
user@host# set trusted-key [trusted-key...] 

where trusted-key is a positive signed 32-bit integer (0-2147483647).

For example:

[edit system ntp]
user@host# set trusted-key 1

  1. Depending on the mode configured for NTP, specify a key value at the [edit system ntp server], [edit system ntp peer], or [edit system ntp broadcast] hierarchy level. For example:
  2. [edit system ntp server address]
    
    user@host# set key key
    
    
    

For example:

[edit system ntp server 192.0.2.30]
user@host# set key key1

The system transmits the specified authentication key when transmitting packets. The key is necessary if the remote system has authentication enabled so that it can synchronize to the local system.

  1. Define the authentication keys by assigning a number to the key and configuring its value.
  2. [edit system ntp]
    
    user@host# edit authentication-key key-number
    
    
    
    [edit system ntp authentication-key key-number]
    
    user@host# set value value
    
    
    

The key-number is the key number for the key. The key number must match on all systems using that particular key for authentication.

For example:

[edit system ntp]
user@host# edit authentication-key 1

edit system ntp authentication-key 1]
user@host# set value X7VY4ZE

  1. Verify the configuration.
  2. [edit system ntp]
    
    user@host# show
    
    trusted-key 1;
    
    server 192.0.2.30 key 1;
    
    authentication-key 1 {
    
      value ********;
    
    }
    
    
    

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]