Ntp Auth

This scenario shows how to configure NTP client/server authentication.

Test NTP Service With Client Authentication Only

Description

DUT0 is configured to use NTP authentication. An NTP server is configured without auth. Optaining the time should fail due to crypto failure.

Scenario

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.100.0.50/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX19D3uMxhWHgEOJwT9mFUDYcRy5qsUR3YLk=

Step 2: Set the following configuration in DUT1:

set interfaces ethernet eth0 address 10.100.0.100/24
set protocols static route 0.0.0.0/0 next-hop 10.100.0.50
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp master prefer
set system ntp master stratum 3

Step 3: Run command set date 2024-07-16 12:00:00 at DUT0 and expect this output: Step 4: Run command set date ntp 10.100.0.100 key 1 at DUT0 and check if output contains the following tokens:

no eligible servers

Test NTP Service With Client And Server Authentication

Description

NTP client and NTP server are configured to use the same authentication key. Optaining time information should succeed.

Scenario

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.100.0.50/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+/Tp+QcVpWUQheR7qT4UMzb1JtXXozCP4=

Step 2: Set the following configuration in DUT1:

set interfaces ethernet eth0 address 10.100.0.100/24
set protocols static route 0.0.0.0/0 next-hop 10.100.0.50
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX19A5FntE21b4iN/iVzNlwJVdRkK6xhGf1s=
set system ntp master prefer
set system ntp master stratum 3
set system ntp trusted-key 1

Step 3: Run command set date 2024-07-16 12:00:00 at DUT0 and expect this output: Step 4: Run command set date ntp 10.100.0.100 key 1 at DUT0 and expect this output:

Step 5: Run command show date at DUT0 and check if output does not contain the following tokens:

Tue

Test NTP Service With Wrong Authentication

Description

NTP client and NTP server are configured to use different authentication key. Optaining time information should fail.

Scenario

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.100.0.50/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+d0d5JLhwQxlFNHzCcz4014ql8bpRGYBU=

Step 2: Set the following configuration in DUT1:

set interfaces ethernet eth0 address 10.100.0.100/24
set protocols static route 0.0.0.0/0 next-hop 10.100.0.50
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+PYjzydgUl3Ay2OyT70w/ZH4LRwOmDxHk=
set system ntp master prefer
set system ntp master stratum 3
set system ntp trusted-key 1

Step 3: Run command set date 2024-07-16 12:00:00 at DUT0 and expect this output: Step 4: Run command set date ntp 10.100.0.100 key 1 at DUT0 and check if output contains the following tokens:

no eligible servers