Users Guide
Authentication
NTP authentication and the corresponding trusted key provide a reliable exchange of NTP packets with trusted time sources.
NTP authentication begins with creating the first NTP packet after the key configuration. NTP authentication uses the message
digest 5 (MD5), SHA-1, and SHA2-256 algorithms. The key is embedded in the synchronization packet that is sent to an NTP
time source.
1. Enable NTP authentication in CONFIGURATION mode.
ntp authenticate
2. Set an authentication key number and key in CONFIGURATION mode, from 1 to 65535.
ntp authentication-key number hash-algorithm {0|9} key
● The number must match in the ntp trusted-key command.
● The supported hash-algorithms include md5, sha1, and sha2-256.
● The 0 specifies an unencrypted authentication key and 1 specifies an encrypted authentication key.
● The key is an encrypted string.
3. Define a trusted key in CONFIGURATION mode, from 1 to 65535. This number must match the configured NTP
authentication key.
ntp trusted-key number
4. Configure an NTP server in CONFIGURATION mode.
ntp server {hostname | ipv4-address | ipv6-address} [key keyid] [prefer]
● hostname—Enter the keyword to see the IP address or hostname of the remote device.
● ipv4-address—Enter an IPv4 address in A.B.C.D format.
● ipv6-address—Enter an IPv6 address in nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn format. Elision of zeros is
supported.
● key keyid—Enter a text string as the key exchanged between the NTP server and the client.
● prefer—Enter the keyword to set this NTP server as the preferred server.
5. Configure the NTP master and enter the stratum number that identifies the NTP server hierarchy in CONFIGURATION
mode, from 2 to 10. The default is 8.
The ntp master command enables the local switch to serve time to other client devices when the configured real-time
sources are not reachable.
ntp master {2–10}
Configure NTP
OS10(config)# ntp authenticate
OS10(config)# ntp trusted-key 345
OS10(config)# ntp authentication-key 345 md5 0 5A60910FED211F02
OS10(config)# ntp server 1.1.1.1 key 345
OS10(config)# ntp master 7
View NTP configuration
OS10(config)# do show running-configuration
!
ntp authenticate
ntp authentication-key 345 md5 0 5A60910FED211F02
ntp server 1.1.1.1 key 345
ntp trusted-key 345
ntp master 7
...
System management
205