Ntp Auth
This scenario shows how to configure NTP client/server authentication.
Test NTP Service With Client Authentication Only
Description
DUT0 is configured to use NTP authentication. An NTP server is configured without auth. Optaining the time should fail due to crypto failure.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.100.0.50/24 set system ntp authentication-key 1 md5 unencryptedKey
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.100.0.100/24 set protocols static route 0.0.0.0/0 next-hop 10.100.0.50 set system ntp master prefer set system ntp master stratum 3
Step 3: Run command set date 2024-04-22 12:00:00 at DUT0 and expect this output:
Step 4: Run command set date ntp 10.100.0.100 key 1 at DUT0 and check if output contains the following tokens:
Crypto NAKShow output
sntp 4.2.8p12@1.3728-o (1) Crypto NAK = 0x00000000 from 10.100.0.100 CLI Error: Command error
Test NTP Service With Client And Server Authentication
Description
NTP client and NTP server are configured to use the same authentication key. Optaining time information should succeed.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.100.0.50/24 set system ntp authentication-key 1 md5 unencryptedKey
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.100.0.100/24 set protocols static route 0.0.0.0/0 next-hop 10.100.0.50 set system ntp master prefer set system ntp master stratum 3 set system ntp authentication-key 1 md5 unencryptedKey set system ntp trusted-key 1
Step 3: Run command set date 2024-04-22 12:00:00 at DUT0 and expect this output:
Step 4: Run command set date ntp 10.100.0.100 key 1 at DUT0 and expect this output:
Show output
sntp 4.2.8p12@1.3728-o (1) 2024-04-22 12:00:01.171916 (+0000) +105705.648781 +/- 70478.380030 10.100.0.100 s4 no-leap
Step 5: Run command show date at DUT0 and check if output does not contain the following tokens:
MonShow output
Tue Apr 23 17:21:47 UTC 2024
Test NTP Service With Wrong Authentication
Description
NTP client and NTP server are configured to use different authentication key. Optaining time information should fail.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.100.0.50/24 set system ntp authentication-key 1 md5 wrongKey
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.100.0.100/24 set protocols static route 0.0.0.0/0 next-hop 10.100.0.50 set system ntp master prefer set system ntp master stratum 3 set system ntp authentication-key 1 md5 unencryptedKey set system ntp trusted-key 1
Step 3: Run command set date 2024-04-22 12:00:00 at DUT0 and expect this output:
Step 4: Run command set date ntp 10.100.0.100 key 1 at DUT0 and check if output contains the following tokens:
Crypto NAKShow output
sntp 4.2.8p12@1.3728-o (1) Crypto NAK = 0x00000000 from 10.100.0.100 CLI Error: Command error