Authenticated NTP question

RonaldNutter · ‎10-07-2011

I am walking my way through the Cisco Best Practices documents and am currently working with NTP.

Here is my question - to make the security folks happy, I am looking to setup authenticated NTP internally. I currently have 6509's in place now and dont anticipate moving to Nexus anytime soon.

I have been looking for a way to run authenticated NTP internally and either not use authenticated NTP externally or use a different key if I go with an authenticated NTP server. From what I can see, I am not getting enough information to indicate whether or not what I am looking to do is possible or not.

Any suggestions ?

Ron

smitesh kharecha · ‎10-16-2011

Hi Ron,

Just to be clear, what I have understood is:

You want NTP to authenticate if it is going to sync from internally source

and if it tries to sync from external source, it shouldn't authenticate.

Correct me if I'm not in sync with your issue...

Regards,

Smitesh

RonaldNutter · ‎10-20-2011

Correct. I only what to use authenticated NTP for my internal connections and not authenticate if I go to an external NTP server. As long as I am pushing my luck, would like to see if it is possible to have one ntp key for internal authentication and a different ntp key for external authentication. As far fetched as that may sound, I can just about see that scenario occuring.

Ron