Ntp And Authentication - Alcatel Omni Switch/Router User Manual

When planning your network, it is helpful to use the following general rules:
• It is usually not a good idea to synchronize a local time server with a peer (in other words,
a server at the same stratum), unless the latter is receiving time updates from a source that
has a lower stratum then from where the former is receiving time updates. This minimizes
common points of failure.
• Peer associations should only be configured between servers at the same stratum level.
Higher Strata should configure lower Strata, not the reverse.
• It is inadvisable to configure time servers in a domain to a single time source. Doing so
invites common points of failure.

NTP and Authentication

is designed to use either
NTP
ence upon timestamp information. This is done by using a key file. The key file is loaded
NTP
into the switch memory, and consists of a text file that lists key identifiers that correspond to
particular entities.
NTP
If authentication is enabled on an
contain the correct key
sent from the authentication enabled switch will not be readable unless the receiving
entity possesses the correct key
Key files are created by a system administrator independent of the
placed in the switch memory. An example of a key file is show below:
In a key file, the first token is the key number
is the key itself. (The text following a "#" is not counted as part of the key, and is used
merely for description.) There are 4 key formats:
For information on activating authentication, specifying the location of a key file, and config-
uring key s for switches, see the following sections:
ID
• Configuring an NTP Client on page 12-6
• Configuring a New Peer Association on page 12-12
• Configuring a New Server on page 12-13
• Configuring a Broadcast Time Service on page 12-13
Page 12-4
or MD5 encryption authentication to prevent outside influ-
DES
switch, any
NTP
in the message packet to use in decryption. Likewise, any message
ID
.
ID
ID
Indicates a key written as a hex number, in
DES
format with the high order bit of each octet being the odd
parity bit.
Indicates an MD5 key written as a 1 to 31 character
with each character standing for a key octet.
Indicates a key written as a 1 to 8 character string in 7-bit
DES
format, where each character stands for a key octet string.
ASCII
Indicates a key written as a hex number in the
DES
dard format, with the low order bit of each octet being the odd
parity bit.
message sent to the switch must
NTP
protocol, and then
NTP
, the second is the key format, and the third
NTP
standard
NTP
string
ASCII
stan-
DES