Note that even though the Time Sync Mode is set to Sntp, time synchronization is disabled because no sntp
has disabled the SNTP Mode parameter.
SNTP client authentication
Enabling SNTP authentication allows network devices such as switches to validate the SNTP messages received
from an NTP or SNTP server before updating the network time. NTP or SNTP servers and clients must be
configured with the same set of authentication keys so that the servers can authenticate the messages they send
and clients (switches) can validate the received messages before updating the time.
This feature provides support for SNTP client authentication on switches, which addresses security
considerations when deploying SNTP in a network.
Requirements
You must configure the following to enable SNTP client authentication on the switch.
SNTP client authentication support
• Timesync mode must be SNTP. Use the timesync sntp command. (SNTP is disabled by default).
• SNTP must be in unicast or broadcast mode. See
Configuring unicast and broadcast mode for
authentication on page 45.
• The MD5 authentication mode must be selected.
• An SNTP authentication key-identifier (key-id) must be configured on the switch and a value (key-value)
must be provided for the authentication key. A maximum of 8 sets of key-id and key-value can be
configured on the switch.
• Among the keys that have been configured, one key or a set of keys must be configured as trusted. Only
trusted keys are used for SNTP authentication.
• If the SNTP server requires authentication, one of the trusted keys has to be associated with the SNTP server.
• SNTP client authentication must be enabled on the Switch. If client authentication is disabled, packets are
processed without authentication.
All of the above steps are necessary to enable authentication on the client.
SNTP server authentication support
NOTE: SNTP server is not supported on Switch products.
You must perform the following on the SNTP server:
• The same authentication key-identifier, trusted key, authentication mode and key-value that were configured
on the SNTP client must also be configured on the SNTP server.
• SNTP server authentication must be enabled on the server.
If any of the parameters on the server are changed, the parameters have to be changed on all the SNTP clients in
the network as well. The authentication check fails on the clients otherwise, and the SNTP packets are dropped.
Configuring the key-identifier, authentication mode, and key-value (CLI)
This command configures the key-id, authentication-mode, and key-value, which are required for
authentication. It is executed in the global configuration context.
42 Aruba 2930F / 2930M Management and Configuration Guide
for ArubaOS-Switch 16.08
To Next Page
Loading...
Need help?
General