Symmetricom Time Server Network Card User Manual


 
B-102 TimeVault™ User’s Manual 6000-100AppB.fm Rev. D
Appendix B: MD5 Authentication and NTP Broadcast Mode NTP Broadcast Mode without Authentication
B.3 NTP Broadcast Mode without Authentication
Authentication was configured off by default for NTP version 3, but is configured on by
default for version 4. This means that NTP version 4 must use authentication, like MD5,
for broadcast time to work. To have it otherwise, you must specifically turn
authentication off in the “ntp.conf” file of the NTP time client.
B.3.1 Configuration of NTP on the Timeserver
For the NTP timeserver, authentication may be on or off - it does not matter. As an
example, here is a sample “ntp.conf” file.
server 192.168.1.49
server 206.54.0.20
server 206.54.0.21
broadcast 192.168.1.255
This file is stored on the Symmetricom timeserver in its Flash disk drive in the “/etc”
directory.
The critical line is: broadcast 192.168.1.255.
This line turns on the periodic broadcast of NTP time packets to the local LAN.
This IP address (the first three octets: 192.168.1) is a network address.
The LAN portion of the address, the last octet in this case, is set to all ones. You
may use all zeros for most LANs as the LAN address, instead of all ones. This
address allows NTP time packets to be received by all hosts on the local LAN
including the NTP time client. Ask your system administrator what your LAN
broadcast address is for your particular network and substitute it for the address in
this example.
The method outlined below should only be used when the LAN that the two NTP hosts are on is
a secure network. Otherwise, it is all too easy for an NTP time imposter to broadcast the
incorrect time to the NTP time client.