NTP Authentication


You want to authenticate your NTP packets.


Use the ntp authentication command to authenticate NTP traffic between associations. To configure an NTP enabled router to require authentication when other devices connect to it, use the following commands:

Router1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#ntp authentication-key 2 md5 oreilly
Router1(config)#ntp authenticate
Router1(config)#ntp trusted-key 2

Then you must configure the same authentication-key on the client router:

Router2#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#ntp authentication-key 2 md5 oreilly
Router2(config)#ntp authenticate
Router2(config)#ntp trusted-key 2
Router2(config)#ntp server key 2


People often confuse authentication with encryption. Authentication proves the authenticity of a packet’s source, whereas encryption encodes or enciphers the packet contents. For the purposes of NTP, proving the authenticity of the packet is critical, whereas encrypting the contents of the packet is unnecessary, since it only contains time information, which isn’t terribly sensitive in itself.

Cisco fully supports NTP authentication defined in RFC 1305. NTP authentication ensures that NTP associations synchronize time only to known and trusted NTP servers. This prevents servers from masquerading as legitimate timeservers ...

Get Cisco IOS Cookbook, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.