NTP is used to synchronize the clocks of devices in a network and ensure that they have a consistent and accurate time reference. However, without authentication, malicious actors could potentially manipulate or disrupt the time synchronization process, which can lead to security vulnerabilities.
NTP authentication enables secure communication between NTP servers and clients by requiring both parties to share a secret key. This helps verify the authenticity of the time information exchanged between devices.
In my last post, I showed you how to enable NTP service on a server and configure a router as an NTP client. Today, I will show you how to Configure NTP Authentication In Packet Tracer.
Network Topology
The network topology we will be making use of is shown in the image below. It is the same as the one we used in our post on how to configure an NTP server in a packet tracer. In this post, we will be configuring the NTP authentication on the network.
How to Configure NTP Authentication In Packet Tracer
Here are steps to Configure NTP Authentication In Packet Tracer;
Step 1: Enable Authentication on the NTP server
To configure NTP authentication, we first need to enable authentication on the NTP server. Go to services>NTP on the NTP server
Then enter the authentication key and password you want to use for the authentication. I entered “1” as the key and “netizzan” as the password.
Step 2: Configure Authentication on the NTP clients
Router0
R0>enable
R0#configure terminal
R0(config)#ntp authentication-key 1 md5 netizzan 20
R0(config)#ntp trusted-key 1
R0(config)#ntp update?
update-calendar
R0(config)#ntp update-calendar
R0(config)#ntp server 192.168.1.3 key 1
R0(config)#ntp authenticate
Router1
R1>enable
R1#configure terminal
R1(config)#ntp authentication-key 1 md5 netizzan 20
R1(config)#ntp trusted-key 1
R1(config)#ntp update-calendar
R1(config)#ntp server 192.168.1.3 key 1
R1(config)#ntp authenticate
Here is a quick explanation of what each of the commands does:
- Ntp authentication-key 1 md5 netizzan 20:
- ntp authentication key 1: This command creates an NTP authentication key with the ID 1.
- md5: specifies that the MD5 algorithm will be used for authentication.
- netizzan: The string “netizzan” is the secret key that will be used for MD5 authentication.
- 20: This is the key number used for authentication. It is a numeric value associated with the key.
- ntp trusted-key 1: This command designates the NTP authentication key with ID 1 as a trusted key. Trusted keys are used to authenticate NTP servers.
- ntp update-calendar: This command updates the system calendar using the NTP time. It ensures that the system clock is synchronized with the NTP server’s time.
- ntp server 192.168.1.3 key 1: ntp server 192.168.1.3 specifies the IP address of the NTP server that the client will synchronize with and
Key 1
associates the NTP server with the authentication key ID 1. This means that the NTP server is expected to provide the correct authentication key when communicating with the client. - ntp authenticate: This command globally enables NTP authentication on the client.
Step 3: Verify the configuration
After the configuration, you can check whether NTP is working using the command “show ntp status.”
Router1
R1#show ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**24
reference time is 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1990)
clock offset is 0.00 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec.
loopfilter state is 'FSET' (Drift set from file), drift is - 0.000001193 s/s system poll interval is 4, never updated.
R1#show ntp status
Clock is synchronized, stratum 2, reference is 192.168.1.3
nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**24
reference time is E779D61A.0000036F (3:59:22.879 UTC Fri Feb 24 2023)
clock offset is 0.00 msec, root delay is 0.00 msec
root dispersion is 52.98 msec, peer dispersion is 0.36 msec.
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is - 0.000001193 s/s system poll interval is 5, last update was 14 sec ago
Router0
R0#show ntp status
Clock is synchronized, stratum 2, reference is 192.168.1.3
nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**24
reference time is E779D6CF.0000002D (4:2:23.045 UTC Fri Feb 24 2023)
clock offset is 0.00 msec, root delay is 0.00 msec
root dispersion is 52.54 msec, peer dispersion is 0.48 msec.
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is - 0.000001193 s/s system poll interval is 6, last update was 32 sec ago.
Note: Because authentication is configured, it takes a long time for the NTP client to synchronize their time with the NTP server.
I am a passionate Networking Associate specializing in Telecommunications.
With a degree in Electronic engineering, I possess a strong understanding of electronic systems and the intricacies of telecommunications networks. I gained practical experience and valuable insights working for a prominent telecommunications company.
Additionally, I hold certifications in networking, which have solidified my expertise in network architecture, protocols, and optimization.
Through my writing skills, I aim to provide accurate and valuable knowledge in the networking field.
Connect with me on social media using the links below for more insights.
You can contact me using [email protected] or connect with me using any of the social media account linked below