Configure Authentication Keys

About this task

Configure up to 10 NTP authentication keys to use MD5 or SHA1 authentication.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Create an authentication key:

    ntp authentication-key <1-65534> type <md5|sha1>

  3. Enter the secret key:

    WORD <1-20>

  4. Re-enter the secret key:

    WORD <1-20>

  5. Enable MD5 or SHA1 authentication for the server:

    ntp server WORD<1–110> auth-enable

  6. Assign an authentication key to the server:

    ntp server WORD<1–110> authentication-key <0-65534>

    Note

    Note

    If you must disable authentication on the server, you must also disable authentication on the switch for example: no ntp server WORD<1–110> auth-enable

  7. Confirm the configuration:

    show ntp key

Example

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#ntp authentication-key 5 type md5
Enter the NTP secret key: ******
Reenter the NTP secret key: ******
Switch:1(config)#ntp server 192.0.2.187 auth-enable
Switch:1(config)#ntp server 192.0.2.187 authentication-key 5
Switch:1(config)#show ntp key
====================================================
                 NTP Key
====================================================
Key_Id            Type  
----------------------------------------------------
5                 MD5
10                SHA1  
20                MD5   
30                SHA1  
100               MD5 

Variable Definitions

The following table defines parameters for the ntp and ntp server commands.

Variable

Value

auth-enable

Activates MD5 or SHA1 authentication on this NTP server. The default is no authentication.

authentication-key <0-65534>

Specifies the key ID value used to generate the MD5 or SHA1 digest for the NTPv4 server. The default value is 0, which indicates disabled authentication.

type <md5|sha1>

Specifies the type of authentication, whether MD5 or SHA1. The default is MD5 authentication.

WORD<1–110>

Specifies the IPv4 address, IPv6 address, or fully qualified domain name (FQDN) of the NTP server. If you use an FQDN, you must also configure the switch to use DNS.