Managing NTP Authentication

To prevent false time information from unauthorized servers, enable NTP authentication to allow an authenticated server and client to exchange time information. The currently supported authentication methods are the RSA Data Security, Inc. MD5 Message-Digest Algorithm and SHA-256.

When FIPS mode is enabled, Network Time Protocol (NTP) uses OpenSSL Federal Information Processing Standards (FIPS) library and supports only FIPS-compliant algorithms for authentication (SHA-256 authentication only). MD5 key configuration support is not available when FIPS mode is enabled, and existing MD5 key configurations are removed when FIPS mode comes into effect. For more information about FIPS mode, see Federal Information Processing Standards (FIPS) Mode.

First, enable NTP authentication globally on the switch. Then create an NTP authentication key configured as trusted, to check the encryption key against the key on the receiving device before an NTP packet is sent. After configuration is complete, an NTP server, peer, and broadcast server can use NTP authenticated service.