Alcatel-Lucent 6850-48 Manuale Supplementare
Configuring NTP
Configuring Network Time Protocol (NTP)
page 4-12
OmniSwitch AOS Release 6 Switch Management Guide
September 2009
Using Authentication
Authentication is used to encrypt the NTP messages sent between the client and server. The NTP server
and the NTP client must both have a text file containing the public and secret keys. (This file should be
obtained from the server administrator. For more information on the authentication file, see
and the NTP client must both have a text file containing the public and secret keys. (This file should be
obtained from the server administrator. For more information on the authentication file, see
Once both the client and server share a common MD5 encryption key, the MD5 key identification for the
NTP server must be specified on and labeled as trusted on the client side.
NTP server must be specified on and labeled as trusted on the client side.
The Omniswitch will use MD5 authentication. Key files reside in /flash/network/ntp.keys.
In order to generate a key file, access to a Solaris/Unix environment is required. Also required is the ntp-
keygen utility in Unix to generate the key file.
keygen utility in Unix to generate the key file.
Setting the Key ID for the NTP Server
Enabling authentication requires the following steps:
1 Make sure the key file is located in the /networking directory of the switch. This file must contain the
key for the server that provides the switch with its timestamp information.
key for the server that provides the switch with its timestamp information.
2 Make sure the key file with the NTP server’s MD5 key is loaded into the switch memory by issuing the
command, as shown:
-> ntp key load
keyword. This key identification number must be the one the server uses for MD5 encryption. For exam-
ple, to specify key identification number 2 for an NTP server with an IP address of 1.1.1.1, enter:
ple, to specify key identification number 2 for an NTP server with an IP address of 1.1.1.1, enter:
-> ntp server 1.1.1.1 key 2
4 Specify the key identification set above as trusted. A key that has been labeled as trusted is ready for
use in the authentication process. To set a key identification to be trusted, enter the
use in the authentication process. To set a key identification to be trusted, enter the
command with
the key identification number and trusted keyword. For example, to set key ID 5 to trusted status, enter
the following:
the following:
-> ntp key 5 trusted
Untrusted keys, even if they are in the switch memory and match an NTP server, will not authenticate
NTP messages.
NTP messages.
5 A key can be set to untrusted status by using the
command with the untrusted keyword. For
example, to set key ID 5 to untrusted status, enter the following:
-> ntp key 5 untrusted
Generating the MD5 key file
1 In the Omniswitch directory /flash is a file named random-seed. Transfer this file using FTP into the
Unix environment and rename it to .rnd.
Unix environment and rename it to .rnd.
2 Issue command,
ntp-keygen
with option -M, that refers generating a new MD5 key file, as shown:
-> ntp keygen -M