10-05-2018 02:37 AM - edited 02-21-2020 11:01 AM
Hi
I am using 2 routers in the DC as NTP servers which will be getting their time from the domain controllers. Then all our network devices will be using the 2 routers as a primary and secondary NTP server. I am also looking to configure NTP authentication.
I have the following configuration, is there anything I could add or remove?
NTP SERVERS
ntp server x.x.x.x (Internal DC - No Authentication)
ntp authentication-key 1 md5 xxx
ntp max-associations 100
ntp trusted-key 1
ntp trusted-key 2
ntp peer y.y.y.y
ntp server y.y.y.y (Internal DC - No Authentication)
ntp authentication-key 2 md5 xxx
ntp max-associations 100
ntp trusted-key 1
ntp trusted-key 2
ntp peer x.x.x.x
CLIENT
ntp authentication-key 1 md5 xxx
ntp authentication-key 2 md5 xxx
ntp authenticate
ntp server x.x.x.x key 1 prefer
ntp server y.y.y.y key 2
ntp trusted-key 1
ntp trusted-key 2
10-05-2018 05:29 AM
Hi,
You could also use an ACL to further restrict who can communicate with the NTP server. This link might be of use to you
HTH
10-12-2018 12:32 AM
Thankyou, so i guess the config is good but could in addition use ACLs to filter the NTP sources
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: