Filter
Top Products
Time Protocols
SNTP: Viewing, Selecting, and Configuring
Configuring a Trusted Key
Trusted keys are used in SNTP authentication. In unicast mode, a trusted key
must be associated with a specific NTP/SNTP server. That key is used for
authenticating the SNTP packet.
In unicast mode, a specific server is configured on the switch so that the SNTP
client communicates with the specified server to get the date and time.
In broadcast mode, the SNTP client switch checks the size of the received
packet to determine if it is authenticated. If the broadcast packet is authenti-
cated, the key-id value is checked to see if the same key-id value is configured
on the SNTP client switch. If the switch is configured with the same key-id
value and the key-id value is configured as “trusted”, the authentication
succeeds. Only trusted key-id value information is used for SNTP authentica-
tion. See“Configuring Unicast and Broadcast Mode” on page 9-21 for informa-
tion about configuring these modes.
If the packet contains key-id value information that is not configured on the
SNTP client switch or the received packet contains no authentication infor-
mation, it is discarded. The SNTP client switch expects packets to be authen-
ticated if SNTP authentication is enabled.
When authentication succeeds, the time in the packet is used to update the
time on the switch.
Enter the following command to configure a key-id as trusted.
Syntax
:
sntp authentication key-id <key-id> trusted
no sntp authentication key-id <key-id> trusted
Trusted keys are used during the authentication process. The
switch can be configured with up to eight sets of key-id/key-
value pairs. One specific set must selected for authentication;
this is done by configuring the set as trusted.
The key-id itself must already be configured on the switch. To
enable authentication, at least one key-id must be configured
as trusted.
The no version of the command indicates the key is unreliable
(not trusted).
Default: No key is trusted by default.
9-19