Managing NTP Authentication

To prevent false time information from unauthorized servers, enable NTP authentication to allow an authenticated server and client to exchange time information. The currently supported authentication methods are the RSA Data Security, Inc. MD5 Message-Digest Algorithm and SHA-256.

First, enable NTP authentication globally on the switch. Then create an NTP authentication key configured as trusted, to check the encryption key against the key on the receiving device before an NTP packet is sent. After configuration is complete, an NTP server, peer, and broadcast server can use NTP authenticated service.

To enable or disable NTP authentication globally on the switch, use the following command:
enable ntp authentication

disable ntp authentication
To create or delete an RSA Data Security, Inc. MD5 Message-Digest Algorithm key for NTP authentication, use the following command:
create ntp key keyid [md5 | sha256] {encrypted encrypted_key_string | key_string}

delete ntp key [keyid | all]
To configure an RSA Data Security, Inc. MD5 Message-Digest Algorithm key as trusted or not trusted, use the following command:
configure ntp key keyid [trusted | not-trusted]
To display RSA Data Security, Inc. MD5 Message-Digest Algorithm authentication, use the following command:
show ntp key
To display NTP authentication, use the following command:
show ntp sys-info
If NTP authentication is enabled, then "Authentication" flag is set in "System Flags" output.