Re: NTP Configuration with Authentication

Mokhalil82 · ‎10-05-2018

Hi

I am using 2 routers in the DC as NTP servers which will be getting their time from the domain controllers. Then all our network devices will be using the 2 routers as a primary and secondary NTP server. I am also looking to configure NTP authentication.

I have the following configuration, is there anything I could add or remove?

NTP SERVERS

ntp server x.x.x.x (Internal DC - No Authentication)
ntp authentication-key 1 md5 xxx
ntp max-associations 100
ntp trusted-key 1
ntp trusted-key 2
ntp peer y.y.y.y

ntp server y.y.y.y (Internal DC - No Authentication)
ntp authentication-key 2 md5 xxx
ntp max-associations 100
ntp trusted-key 1
ntp trusted-key 2
ntp peer x.x.x.x

CLIENT

ntp authentication-key 1 md5 xxx
ntp authentication-key 2 md5 xxx
ntp authenticate
ntp server x.x.x.x key 1 prefer
ntp server y.y.y.y key 2
ntp trusted-key 1
ntp trusted-key 2

Rob Ingram · ‎10-05-2018

Hi,

You could also use an ACL to further restrict who can communicate with the NTP server. This link might be of use to you

HTH

Mokhalil82 · ‎10-12-2018

Thankyou, so i guess the config is good but could in addition use ACLs to filter the NTP sources