Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

EX/QFX] How to configure NTP service on EX Switches with authentication

0

0

Article ID: KB16275 KB Last Updated: 24 Aug 2020Version: 2.0
Summary:

This article provides an example of a basic NTP configuration and also an example of configuring NTP on EX/QFX switches with authentication from an NTP server.

 

Solution:
 

Basic NTP Client Configuration on EX Switches

EX switches are capable of acting as a client to some services such as Network Time Protocol (NTP), and can be configured to fetch system time from the NTP servers that are connected in the network.

The configuration statement used to set the EX switch as a client to the external NTP server is given as follows:

user@switch# set system ntp server 172.17.27.46

user@switch# show system ntp
server 172.17.27.46

The following commands can be used to verify NTP status and association with the external NTP server:

user@switch> show ntp status
status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg,
version="ntpd 4.2.0-a Thu Feb 14 03:06:23 UTC 2008 (1)",
processor="i386",  leap=00, stratum=2,
precision=-20, rootdelay=170.961, rootdispersion=21.583, peer=46724,
refid=172.17.27.46,
reftime=cbc2b0d7.b5d026c0 Wed, Apr 30 2008 10:48:23.710, poll=6,
clock=cbc2b0ef.b402b32b Wed, Apr 30 2008 10:48:47.703, state=4,
offset=18.736, frequency=58.615, jitter=1.425, stability=0.080

user@switch> show ntp associations no-resolve
remote refid st t when poll reach delay offset jitter
==============================================================================
*172.17.27.46 .GPS. 1 u 47 64 17 170.125 0.934 1.228
 

Configuring NTP with Authentication

The switch works as a client and synchronizes its time from an NTP server. But there are NTP servers, which require client/server authentication before synchronizing the local system.

This is an example configuration of NTP on EX/QFX switches when the NTP server requires client/server authentication.

Topology

​​NTP Server--------EX/QFX-Switch-1 -----------Switch-2
(129.6.15.12)

In this topology, the EX/QFX Switch-1 will get authenticated from the NTP Server before it synchronizes its local clock. Switch-2 is a LAN switch which will synchronize its local clock with Switch-1 as an NTP client.

Switch-1 Configuration

  1. Configure the trusted-key.

set system ntp trusted-key <key number>
  1. Configure the external NTP server address.

set system ntp server <server address> 

Example: set system ntp server 129.6.15.12 

  1. Configure the trusted key and define the key number.

Example:set system ntp trusted-key 11196

If the remote system has authentication enabled, then it is must to specify the key number for synchronizing the local system.

  1. Configure the authentication key along with the authentication type and map the trusted key.

set system ntp authentication-key <key-number> value <password>
set system ntp authentication-key 11196 value 2b3f6c939cFD7E
set system ntp authentication-key 11196 type md5

Note: Only MD5 hashing is supported on Juniper EX switches.

Validation

user@host> show ntp associations
 remote     refid        st t when poll reach   delay   offset    disp
============================================================================
 
*129.6.15.12    2 u   43   64  377     1.86    0.319    0.08

Note: * denotes the server, which is synchronizing with the switch.

 

Modification History:

2020-08-24: Modified article to include information about configuring NTP with authentication; checked article for accuracy

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search