Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1044
Views
0
Helpful
4
Replies

NTP Not Authenticating, blocked.

R_Acuti
Level 1
Level 1

‎03-09-2018 05:16 AM - edited ‎03-01-2019 06:27 PM

Hi all,

 

I have configured NTP for authentication. Initially, I had failed to add the key number to the NTP server statements, but I have since fixed that.

 

BEFORE I added the key to the NTP server statements, all of my routers and switches were synchronized with my NTP servers in an un-authenticated manner.

 

As soon as I added the key to the NTP server statements, my "test" router immediately lost sync and presented me with:  "UTC:  Authentication key 0"  This seems to indicate that authenticated ntp is blocked?

 

I can ping from the source to the NTP server. I'm not seeing any denials in my logs for either the source of the NTP server.

 

Thoughts?

Labels:
0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎03-09-2018 08:22 AM

 

 - Well for starters, did you correctly configure the NTP key and number in the client configuration; please review the link below thoroughly:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_3ntp.html#pgfId-1100303

M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

R_Acuti
Level 1
Level 1
In response to marce1000

‎03-09-2018 09:18 AM

Sorry for not being clear.  Yes, I've followed that procedure.  I'm in a closed environment and not allowed to post my configs online.  I can redact it a bit...

 

ntp logging

ntp authentication-key YY md5 XXXXXXXXXXXXXXXXXXXXXXXXXXXX 7

ntp authenticate

ntp server XX.XX.XX.XX key YY

 

I've placed the identical key on the NTP server. When I run "debug ntp authentication" and watch for authentication attempts, it states that it cannot find key YY.

0 Helpful

marce1000
VIP
VIP
In response to R_Acuti

‎03-09-2018 10:23 PM

 

 - For the moment , I can only suggest to make sure that the NTP server is not running  a too old software version (IOS/XE); sometimes bugs get fixed in NTP ; check the below link as a 'referenced example' :

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCtt32509/?referring_site=bugquickviewredir

M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

R_Acuti
Level 1
Level 1
In response to marce1000

‎03-23-2018 04:12 AM

I discovered the problem-

 

Many online Cisco resources describe the process of configuring NTP, but most of them leave out the final, critical step:  assigning a key number to the NTP server statement. I found that in some separate documentation after much digging.

 

So in addition to the most commonly known steps, don't forget:

NTP server XX.XX.XX.XX key <number>

 

In hindsight, it should have been obvious but I'm always smarter in hindsight.

0 Helpful
Customers Also Viewed These Support Documents