Managing NTP Authentication
To prevent false time information from unauthorized servers, enable NTP
authentication to allow an authenticated server and client to exchange time information. The
currently supported authentication methods are the RSA Data Security, Inc. MD5 (Message-Digest algorithm 5) Message-Digest Algorithm and SHA-256.
First, enable NTP authentication globally on the switch. Then create an NTP authentication
key configured as trusted, to check the encryption key against the key on the receiving
device before an NTP packet is sent. After configuration is complete, an NTP server, peer,
and broadcast server can use NTP authenticated service.
-
To enable or disable NTP authentication globally on the
switch, use the following command:
enable ntp authentication
disable ntp authentication
-
To create or delete an RSA Data Security, Inc. MD5
Message-Digest Algorithm key for NTP authentication, use the following command:
create ntp key keyid [md5 |
sha256] {encrypted
encrypted_key_string |
key_string}
delete ntp key [keyid | all]
-
To configure an RSA Data Security, Inc. MD5 Message-Digest
Algorithm key as trusted or not trusted, use the following command:
configure ntp key keyid [trusted | not-trusted]
-
To display RSA Data Security, Inc. MD5 Message-Digest
Algorithm authentication, use the following command:
show ntp key
-
To display NTP authentication, use the following command:
show ntp sys-info
If
NTP authentication is enabled, then "Authentication" flag is set in "System Flags"
output.