Configuring Authentication Keys

About this task

Configure up to 10 NTP authentication keys to use MD5 or SHA1 authentication.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Create an authentication key:

    ntp authentication-key <1-65534> WORD<0–20> [type <md5|sha1>]

  3. Enable MD5 or SHA1 authentication for the server:

    ntp server WORD<0–255> auth-enable

  4. Assign an authentication key to the server:

    ntp server WORD<0–46> authentication-key <0-65534>

    Note

    Note

    If you must disable authentication on the server, you must also disable authentication on the switch for example: no ntp server WORD<0–255> auth-enable

  5. Confirm the configuration:

    show ntp key

Example

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#ntp authentication-key 5 SecretKey type md5
Switch:1(config)#ntp server 192.0.2.187 auth-enable
Switch:1(config)#ntp server 192.0.2.187 authentication-key 5
Switch:1(config)#show ntp key
==========================================================================================
                                    NTP Key
==========================================================================================
Key_Id      Key                             Type  
------------------------------------------------------------------------------------------
5           SecretKey                       MD5
10          a                               SHA1  
20          abcdef&^%#1112                  MD5   
30          1234567abcdtest                 SHA1  
100         b                               MD5 



Variable Definitions

The following table defines parameters for the ntp and ntp server commands.

Variable

Value

auth-enable

Activates MD5 or SHA1 authentication on this NTP server. The default is no authentication. To set this option to the default value, use the default operator with the command.

authentication-key <1-65534> WORD<0–20>

Creates an authentication key for MD5 or SHA1 authentication. To set this option to the default value, use the default operator with the command. The default configuration is to delete the authentication key.

authentication-key <0-65534>

Specifies the key ID value used to generate the MD5 or SHA1 digest for the NTPv4 server. The default value is 0, which indicates disabled authentication. To set this option to the default value, use the default operator with the command.

type <md5|sha1>

Specifies the type of authentication, whether MD5 or SHA1. The default is MD5 authentication.

WORD<0–255>

Specifies the IPv4 or IPv6 address of the server.