Configure Authentication Keys

About this task

Configure up to 10 NTP authentication keys to use MD5 or SHA1 authentication.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Create an authentication key:

    ntp authentication-key <1-65534> type <md5|sha1>

  3. Enter the secret key:

    WORD <1-20>

  4. Re-enter the secret key:

    WORD <1-20>

  5. Enable MD5 or SHA1 authentication for the server:

    ntp server WORD<0–255> auth-enable

  6. Assign an authentication key to the server:

    ntp server WORD<0–46> authentication-key <0-65534>

    Note

    Note

    If you must disable authentication on the server, you must also disable authentication on the switch for example: no ntp server WORD<0–255> auth-enable

  7. Confirm the configuration:

    show ntp key

Example

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#ntp authentication-key 5 type md5
Enter the NTP secret key: ******
Reenter the NTP secret key: ******
Switch:1(config)#ntp server 192.0.2.187 auth-enable
Switch:1(config)#ntp server 192.0.2.187 authentication-key 5
Switch:1(config)#show ntp key
====================================================
                 NTP Key
====================================================
Key_Id            Type  
----------------------------------------------------
5                 MD5
10                SHA1  
20                MD5   
30                SHA1  
100               MD5 

Variable Definitions

The following table defines parameters for the ntp and ntp server commands.

Variable

Value

auth-enable

Activates MD5 or SHA1 authentication on this NTP server. The default is no authentication. To set this option to the default value, use the default operator with the command.

authentication-key <0-65534>

Specifies the key ID value used to generate the MD5 or SHA1 digest for the NTPv4 server. The default value is 0, which indicates disabled authentication. To set this option to the default value, use the default operator with the command.

type <md5|sha1>

Specifies the type of authentication, whether MD5 or SHA1. The default is MD5 authentication.

WORD<0–255>

Specifies the IPv4 or IPv6 address of the server.