02-04-2025
07:46 AM
- last edited on
02-04-2025
08:10 AM
by
shazubai
Hello Pros,
we have 5 2960x, , with the latest STIG released on last Wednesday. we need to update the NTP authentication to now use SHA-256.
The current IOS is running is C2960X-UNIVERSALK9-M
I was trying to add
(config)#ntp authentication-key 1 hmac-sha2-256 HEX:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. The 2960x switch is accepting sha2-256 key.
Thanks, in advanced.
Solved! Go to Solution.
02-04-2025 10:14 AM
The Cisco 2960X running the C2960X-UNIVERSALK9-M IOS does not support SHA-256 for NTP authentication. It only supports MD5 for NTP authentication keys. Unfortunately, there's no IOS version for the 2960X that adds support for SHA-256, as this feature is not available on the hardware platform. If SHA-256 is a strict STIG requirement, you may need to consider upgrading to a newer switch model, like the Catalyst 9200 or 9300, which support SHA-256 with the appropriate IOS XE versions
02-04-2025 11:07 AM
That's what I was thinking too. I tried to add SHA-256 Key to one of 9200 switch and it worked but not on C2960x model.
Thank you all Pros for your time and assistance.
02-04-2025 08:19 AM - edited 02-04-2025 08:45 AM
@Zee-Far-Man unfortunately it seems neither SHA-256 nor SHA appear to be supported for NTP currently - https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html
only MD5 is supported.
02-04-2025 10:14 AM
The Cisco 2960X running the C2960X-UNIVERSALK9-M IOS does not support SHA-256 for NTP authentication. It only supports MD5 for NTP authentication keys. Unfortunately, there's no IOS version for the 2960X that adds support for SHA-256, as this feature is not available on the hardware platform. If SHA-256 is a strict STIG requirement, you may need to consider upgrading to a newer switch model, like the Catalyst 9200 or 9300, which support SHA-256 with the appropriate IOS XE versions
02-04-2025 11:07 AM
That's what I was thinking too. I tried to add SHA-256 Key to one of 9200 switch and it worked but not on C2960x model.
Thank you all Pros for your time and assistance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide