PS:CCIE feature的一个考点,自己总结了一下最容易考到的地方以备日后复习之用。总结的并不完整,如果是想学习关于NTP内容的朋友,还是看一下CCNP课程中的ISCW,里面有NTP协议的详细讲解!
ntp master x
x:ntp时钟源等级,取值范围1-15,cisco配置为ntp master的话,默认是8,x越小,表示等
级越高,距离时钟源越近,后面的client逐跳增加。
ntp authentication-key 1 md5 xxx
(Defines an authentication key. Message authentication support is
provided using the MD5 algorithm. The key type md5 is currently the only key type
supported. The key value can be any arbitrary string of up to eight characters.)
ntp认证密钥,用来向对端发送密钥xxx的
ntp authentication
(Enables the NTP authentication feature. If this command is
specified, the system will not synchronize to a system unless its
NTP messages carry one of the authentication keys specified in
the ntp trusted-key global configuration command.)
需要认证:配置本地需要认证。
ntp trusted-key 1
(If a key is trusted, this system will be ready to synchronize to a system that uses this key
in its NTP packets.)
信任密钥1,须结合ntp authentication-key 1 md5 xxx
ntp server xxx <key xx>
为client指定ntp server的,如果server要求验证,后面加上key选项。
例一:
server:ntp master 2
ntp authentication
ntp authentication-key 1 md5 cisco
ntp authentication trusted-key 1
client:ntp server x.x.x.x key 1
ntp authentication-key 1 md5 cisco
这样配置的意思是master需要认证,并且信任密钥1,密钥1配置为cisco,在client上同样配置
了密钥1,这样才能认证成功
例二:
server:ntp master 2
ntp authentication-key 1 md5 cisco
client:ntp server x.x.x.x
ntp authentication
ntp authentication-key 1 md5 cisco
ntp authentication trusted-key 1
和例一类似,不过这次是client需要认证,master发送认证密钥到client
例三:
server:ntp master 2
ntp authentication
ntp authentication-key 1 md5 cisco
ntp authentication trusted-key 1
client:ntp server x.x.x.x key 1
ntp authentication
ntp authentication-key 1 md5 cisco
ntp authentication trusted-key 1
ntp master x
x:ntp时钟源等级,取值范围1-15,cisco配置为ntp master的话,默认是8,x越小,表示等
级越高,距离时钟源越近,后面的client逐跳增加。
ntp authentication-key 1 md5 xxx
(Defines an authentication key. Message authentication support is
provided using the MD5 algorithm. The key type md5 is currently the only key type
supported. The key value can be any arbitrary string of up to eight characters.)
ntp认证密钥,用来向对端发送密钥xxx的
ntp authentication
(Enables the NTP authentication feature. If this command is
specified, the system will not synchronize to a system unless its
NTP messages carry one of the authentication keys specified in
the ntp trusted-key global configuration command.)
需要认证:配置本地需要认证。
ntp trusted-key 1
(If a key is trusted, this system will be ready to synchronize to a system that uses this key
in its NTP packets.)
信任密钥1,须结合ntp authentication-key 1 md5 xxx
ntp server xxx <key xx>
为client指定ntp server的,如果server要求验证,后面加上key选项。
例一:
server:ntp master 2
ntp authentication
ntp authentication-key 1 md5 cisco
ntp authentication trusted-key 1
client:ntp server x.x.x.x key 1
ntp authentication-key 1 md5 cisco
这样配置的意思是master需要认证,并且信任密钥1,密钥1配置为cisco,在client上同样配置
了密钥1,这样才能认证成功
例二:
server:ntp master 2
ntp authentication-key 1 md5 cisco
client:ntp server x.x.x.x
ntp authentication
ntp authentication-key 1 md5 cisco
ntp authentication trusted-key 1
和例一类似,不过这次是client需要认证,master发送认证密钥到client
例三:
server:ntp master 2
ntp authentication
ntp authentication-key 1 md5 cisco
ntp authentication trusted-key 1
client:ntp server x.x.x.x key 1
ntp authentication
ntp authentication-key 1 md5 cisco
ntp authentication trusted-key 1
这次是双向认证。
本文转自loveme2351CTO博客,原文链接:http://blog.51cto.com/loveme23/175978 ,如需转载请自行联系原作者
