Routing & Switching

Cisco | Configuring NTP Authentication

How to add authentication to your NTP configuration.

cisco ntp authentication
cisco ntp authentication

R1 – Server

Router(config)#ntp master
Router(config)#ntp source loopback 0
Router(config)#ntp authenticate
Router(config)#ntp authentication-key 1 md5 changeme
Router(config)#ntp trusted-key 1
!
!!reference!!
!
Router(config)#ntp ?
  authenticate        Authenticate time sources
  authentication-key  Authentication key for trusted time sources
  master              Act as NTP master clock
  source              Configure interface for source address
  trusted-key         Key numbers for trusted time sources

Switch – Client

Switch(config)#ntp server 1.1.1.1
Switch(config)#ntp source loopback 0
Switch(config)#ntp authenticate
Switch(config)#ntp authentication-key 1 md5 changeme
Switch(config)#ntp trusted-key 1
!
!!reference!!
!
Switch(config)#ntp ?
  authenticate        Authenticate time sources
  authentication-key  Authentication key for trusted time sources
  server              Configure NTP server
  source              Configure interface for source address
  trusted-key         Key numbers for trusted time sources

Verifications

Switch#show ntp status 
Clock is synchronized, stratum 9, reference is 1.1.1.1        
nominal freq is 1000.0003 Hz, actual freq is 1000.0003 Hz, precision is 2**15
ntp uptime is 113000 (1/100 of seconds), resolution is 1000
reference time is DF30AC72.B6226802 (05:24:02.711 UTC Wed Aug 29 2018)
clock offset is 3264.0356 msec, root delay is 6.85 msec
root dispersion is 7972.70 msec, peer dispersion is 64.99 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000000 s/s
system poll interval is 64, last update was 398 sec ago.
!
Switch#show ntp associations 

  address         ref clock       st   when   poll reach  delay  offset   disp
*~1.1.1.1         127.127.1.1      8     20     64     7  2.156 3264.03  2.500
 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured