06-05-2019 11:29 AM
We recently stood up two new Linux NTP servers. They are serving time to the network without issue until we add the MD5 key. Once we do we get the following error:
NTP Core(INFO): 10.1.1.1 C01C 8C bad_auth Invalid_NAK
NTP Core (ERROR): Invalid-NAK error at 79049 192.168.1.1<-10.1.1.1
Does anyone know what an invalid NAK is? I can only think that NAK stands for NTP Authentication Key but not sure and I've found nothing on Google. We've narrowed the issue to the Linux server however I'd love to know what this error message means. If anyone has a Linux background and could share some thoughts they would be appreciated as well.
Thank you,
Chuck
Additional information:
Please see the attached drawing and configs for a simplified version of our network.
The SDA to Fusion Router NTP syncs without issue using the MD5 key. Also the Fusion Routers sync to the OLD NTP servers (Linux) without issue.
When we compare the configs in the NEW Linux NTP servers to the OLD they are the same. We have verified that the MD5 keys are configured the same as the are on the switch.
02-20-2024 04:52 PM
Hi Chuck, I have also had this exact same error recently, this is caused by a mismatch of the authentication key number between server and client.
Eg - I had configured
NTP authentication-key 1 md5 xxxxx
NTP trusted-key 1
NTP server x.x.x.x key 1
This is incorrect as key value on the server side is 9
To correct I needed
NTP authentication-key 9 md5 xxxxx
NTP trusted-key 9
NTP server x.x.x.x key 9
Hope this helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide