03-09-2018 05:16 AM - edited 03-01-2019 06:27 PM
Hi all,
I have configured NTP for authentication. Initially, I had failed to add the key number to the NTP server statements, but I have since fixed that.
BEFORE I added the key to the NTP server statements, all of my routers and switches were synchronized with my NTP servers in an un-authenticated manner.
As soon as I added the key to the NTP server statements, my "test" router immediately lost sync and presented me with: "UTC: Authentication key 0" This seems to indicate that authenticated ntp is blocked?
I can ping from the source to the NTP server. I'm not seeing any denials in my logs for either the source of the NTP server.
Thoughts?
03-09-2018 08:22 AM
- Well for starters, did you correctly configure the NTP key and number in the client configuration; please review the link below thoroughly:
M.
03-09-2018 09:18 AM
Sorry for not being clear. Yes, I've followed that procedure. I'm in a closed environment and not allowed to post my configs online. I can redact it a bit...
ntp logging
ntp authentication-key YY md5 XXXXXXXXXXXXXXXXXXXXXXXXXXXX 7
ntp authenticate
ntp server XX.XX.XX.XX key YY
I've placed the identical key on the NTP server. When I run "debug ntp authentication" and watch for authentication attempts, it states that it cannot find key YY.
03-09-2018 10:23 PM
- For the moment , I can only suggest to make sure that the NTP server is not running a too old software version (IOS/XE); sometimes bugs get fixed in NTP ; check the below link as a 'referenced example' :
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCtt32509/?referring_site=bugquickviewredir
M.
03-23-2018 04:12 AM
I discovered the problem-
Many online Cisco resources describe the process of configuring NTP, but most of them leave out the final, critical step: assigning a key number to the NTP server statement. I found that in some separate documentation after much digging.
So in addition to the most commonly known steps, don't forget:
NTP server XX.XX.XX.XX key <number>
In hindsight, it should have been obvious but I'm always smarter in hindsight.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide