Filter
Top Products
Implementing NTP on Cisco IOS XR Software
How to Implement NTP on Cisco IOS XR Software
SMC-178
Cisco IOS XR System Management Configuration Guide
Configuring NTP Authentication
This task explains how to configure NTP authentication.
Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP.
NTP Authentication
The encrypted NTP authentication scheme should be used when a reliable form of access control is
required. Unlike the access-list-based restriction scheme that is based on IP addresses, the encrypted
authentication scheme uses authentication keys and an authentication process to determine if NTP
synchronization packets sent by designated peers or servers on a local network are deemed as trusted,
before the time information that it carries along is accepted.
The authentication process begins from the moment an NTP packet is created. Cryptographic checksum
keys are generated using the MD5 Message Digest Algorithm and are embedded into the NTP
synchronization packet that is sent to a receiving client. When a packet is received by a client, its
cryptographic checksum key is decrypted and checked against a list of trusted keys. If authentication is
enabled and a key is trusted, the system is allowed to sync to the server that uses this key in its packets.
It is important to note that the encryption and decryption processes used in NTP authentication can be
very CPU-intensive and can seriously degrade the accuracy of the time that is propagated within a
network. If your network setup permits a more comprehensive model of access control, you should
consider the use of the access-list-based form of control instead.
After NTP authentication is properly configured, your networking device only synchronizes with and
provides synchronization to trusted time sources.
SUMMARY STEPS
1. configure
2. ntp
3. authenticate
4. authentication-key key-number md5 [clear | encrypted] key-name
5. trusted-key key-number
6. end
or
commit