Managing NTP Authentication

To prevent false time information from unauthorized servers, enable NTP authentication to allow an authenticated server and client to exchange time information. The currently supported authentication method is the RSA Data Security, Inc. MD5 (Message-Digest algorithm 5) Message-Digest Algorithm. First, enable NTP authentication globally on the switch. Then create an NTP authentication key configured as trusted, to check the encryption key against the key on the receiving device before an NTP packet is sent. After configuration is complete, an NTP server, peer, and broadcast server can use NTP authenticated service.

To enable or disable NTP authentication globally on the switch, use the following command:
enable ntp authentication

disable ntp authentication
To create or delete an RSA Data Security, Inc. MD5 Message-Digest Algorithm key for NTP authentication, use the following command:
create ntp key keyid md5 key_string

delete ntp key [keyid | all]
To configure an RSA Data Security, Inc. MD5 Message-Digest Algorithm key as trusted or not trusted, use the following command:
configure ntp key keyid [trusted | not-trusted]
To display RSA Data Security, Inc. MD5 Message-Digest Algorithm authentication, use the following command:
show ntp key
To display NTP authentication, use the following command:
show ntp sys-info
If NTP authentication is enabled, then "Authentication" flag is set in "System Flags" output.

Published March 2020prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback