Cisco Systems SMC-169 manual Configuring NTP Authentication, SMC-178

Page 10

Implementing NTP on Cisco IOS XR Software

How to Implement NTP on Cisco IOS XR Software

Configuring NTP Authentication

This task explains how to configure NTP authentication.

Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP.

NTP Authentication

The encrypted NTP authentication scheme should be used when a reliable form of access control is required. Unlike the access-list-based restriction scheme that is based on IP addresses, the encrypted authentication scheme uses authentication keys and an authentication process to determine if NTP synchronization packets sent by designated peers or servers on a local network are deemed as trusted, before the time information that it carries along is accepted.

The authentication process begins from the moment an NTP packet is created. Cryptographic checksum keys are generated using the MD5 Message Digest Algorithm and are embedded into the NTP synchronization packet that is sent to a receiving client. When a packet is received by a client, its cryptographic checksum key is decrypted and checked against a list of trusted keys. If authentication is enabled and a key is trusted, the system is allowed to sync to the server that uses this key in its packets.

It is important to note that the encryption and decryption processes used in NTP authentication can be very CPU-intensive and can seriously degrade the accuracy of the time that is propagated within a network. If your network setup permits a more comprehensive model of access control, you should consider the use of the access-list-based form of control instead.

After NTP authentication is properly configured, your networking device only synchronizes with and provides synchronization to trusted time sources.

SUMMARY STEPS

1.configure

2.ntp

3.authenticate

4.authentication-key key-numbermd5 [clear encrypted] key-name

5.trusted-key key-number

6.end or commit

Cisco IOS XR System Management Configuration Guide

SMC-178

Image 10
Contents Implementing NTP on Cisco IOS XR Software NTP Functional Overview SMC-170Poll-Based Associations Configuring Poll-Based AssociationsSMC-171 Summary Steps SMC-172Broadcast-Based NTP Associations Configuring Broadcast-Based NTP AssociationsSMC-173 SMC-174 NTP Access Groups Configuring NTP Access GroupsSMC-175 SMC-176 SMC-177 NTP Authentication Configuring NTP AuthenticationSMC-178 Supported is md5 SMC-179Disabling NTP Services on a Specific Interface SMC-180SMC-181 Configuring the Source IP Address for NTP Packets SMC-182SMC-183 Configuring the System as an Authoritative NTP Server SMC-184Updating the Hardware Clock SMC-185SMC-186 Examples Verifying the Status of the External Reference ClockSMC-187 Configuring Broadcast-Based Associations Example Configuring Poll-Based Associations ExampleSMC-188 Configuring NTP Authentication Example Configuring NTP Access Groups ExampleSMC-189 Disabling NTP on an Interface Example Configuring the Source IP Address for NTP Packets ExampleSMC-190 Standards Updating the Hardware Clock ExampleRelated Documents MIBsTechnical Assistance RFCsSMC-192