50 Cisco LAN Switching Configuration Handbook
3. (Optional) Restrict access to NTP using authentication.
a. Enable NTP authentication:
(global) ntp authenticate
b. Define an authentication key:
(global) ntp authentication-key key-number md5 value
An MD5 authentication key numbered key-number is created. The key is given
a text-string value of up to eight clear-text characters. After the configuration
has been written to NVRAM, the key value displays in its encrypted form.
c. Apply one or more key numbers to NTP:
(global) ntp trusted-key key-number
Remote NTP peers must authenticate themselves using the authentication key num-
bered key-number. You can use this command multiple times to apply all desired
keys to NTP.
Example
This example shows a switch that is configured for the U.S. eastern time zone and day-
light savings time. The time is manually set.
Switch(config)# clock timezone EST –5
Switch(config)# clock summer-time EST recurring 1 sunday april 2:00
last sunday october 2:00
Switch(config)# end
Switch# clock set 15:30:00 August 11 1990
Switch# copy running-config startup-config
In the configuration that follows, NTP is enabled, and NTP is configured for authentication:
Switch(config)# ntp authenticate
Switch(config)# ntp authentication-key 1 md5 sourceA
Switch(config)# ntp authentication-key 2 md5 sourceB
Switch(config)# ntp trusted-key 1
Switch(config)# ntp trusted-key 2
Switch(config)# ntp peer 172.17.76.247 key 1
Switch(config)# ntp peer 172.31.31.1 key 2
One key, source1key, authenticates a peer at 172.17.76.247, whereas another key,
source2key, authenticates a peer at 172.31.31.1.
To Next Page
Loading...
Need help?
General