5-5
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter5 Administering the Swi tc h Managing the System Time and Date
Configuring NTP Authentication
This procedure must be coordinated with the administrator of the NTP server; th e informat ion yo u conf i gure
in this procedure must be matched by the servers used by the switch to synchronize its time to the NTP server.
Beginning i n p r ivileged EXE C m ode, follow t h e s e s t e p s to authenticate the associations (communications
between devices running NTP that provide for accurate timekeeping) with other devices for security
purposes:
To disable NTP authentication, use the no ntp authenticate global configuration command. To remove
an authentication key, use the no ntp authentication-key number global configuration command. To
disable authentication of the identity of a device, use the no ntp trusted-key key-number global
configuration command.
This example shows how to configure the switch to synchronize only to de vices pro viding authenticati on
key 42 in the device’s NTP packets:
Switch(config)# ntp authenticate
Switch(config)# ntp authentication-key 42 md5 aNiceKey
Switch(config)# ntp trusted-key 42
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 ntp authenticate Enable the NTP authentication feature, which is disabled by
default.
Step3 ntp authentication-key number md5 value Define the authentication keys. By default, none are defined.
For number, specify a key number. The range is 1 to
4294967295.
md5 specifies that message authentication support is provided
by using the message digest algorithm 5 (MD5).
For value, enter an arbitrary string of up to eight characters for
the key.
The switch does not synchronize to a device unless both have one
of these authentication keys, and the key number is specified by the
ntp trusted-key key-number command.
Step4 ntp trusted-key key-number Specify one or more key numbers (defined in Step 3) that a peer
NTP device must provide in its NTP packets for this switch to
synchronize to it.
By default, no trusted keys are defined.
For key-number, specify the key defined in Step 3.
This command provides protection against accidentally
synchronizing the switch to a device that is not trusted.
Step5 end Return to privileged EXEC mode.
Step6 show running-config Verify your entries.
Step7 copy running-config startup-config (Optional) Save your entries in the configuration file.