cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1205
Views
0
Helpful
4
Replies

NTP Not Authenticating, blocked.

R_Acuti
Level 1
Level 1

Hi all,

 

I have configured NTP for authentication. Initially, I had failed to add the key number to the NTP server statements, but I have since fixed that.

 

BEFORE I added the key to the NTP server statements, all of my routers and switches were synchronized with my NTP servers in an un-authenticated manner.

 

As soon as I added the key to the NTP server statements, my "test" router immediately lost sync and presented me with:  "UTC:  Authentication key 0"  This seems to indicate that authenticated ntp is blocked?

 

I can ping from the source to the NTP server. I'm not seeing any denials in my logs for either the source of the NTP server.

 

Thoughts?

4 Replies 4

marce1000
VIP
VIP

 

 - Well for starters, did you correctly configure the NTP key and number in the client configuration; please review the link below thoroughly:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_3ntp.html#pgfId-1100303

M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Sorry for not being clear.  Yes, I've followed that procedure.  I'm in a closed environment and not allowed to post my configs online.  I can redact it a bit...

 

ntp logging

ntp authentication-key YY md5 XXXXXXXXXXXXXXXXXXXXXXXXXXXX 7

ntp authenticate

ntp server XX.XX.XX.XX key YY

 

I've placed the identical key on the NTP server. When I run "debug ntp authentication" and watch for authentication attempts, it states that it cannot find key YY.

 

 - For the moment , I can only suggest to make sure that the NTP server is not running  a too old software version (IOS/XE); sometimes bugs get fixed in NTP ; check the below link as a 'referenced example' :

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCtt32509/?referring_site=bugquickviewredir

M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

I discovered the problem-

 

Many online Cisco resources describe the process of configuring NTP, but most of them leave out the final, critical step:  assigning a key number to the NTP server statement. I found that in some separate documentation after much digging.

 

So in addition to the most commonly known steps, don't forget:

NTP server XX.XX.XX.XX key <number>

 

In hindsight, it should have been obvious but I'm always smarter in hindsight.

Review Cisco Networking for a $25 gift card