Ntp Auth

This scenario shows how to configure NTP client/server authentication.

Test NTP Service With Client Authentication Only

Description

DUT0 is configured to use NTP authentication. An NTP server is configured without auth. Optaining the time should fail due to crypto failure.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.100.0.50/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX194SKhyQ0U4q+jDl5tSnGuZDxUWExQG0FU=

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.100.0.100/24
set protocols static route 0.0.0.0/0 next-hop 10.100.0.50
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp master prefer
set system ntp master stratum 3

Step 3: Run the command set date 2026-05-18 12:00:00 on DUT0 and expect no output.

Step 4: Run the command set date ntp 10.100.0.100 key 1 on DUT0 and check whether the output contains the following tokens:

no eligible servers

Test NTP Service With Client And Server Authentication

Description

NTP client and NTP server are configured to use the same authentication key. Optaining time information should succeed.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.100.0.50/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+608SKuFn0F4b/xaIORMRRZfJBdifCqps=

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.100.0.100/24
set protocols static route 0.0.0.0/0 next-hop 10.100.0.50
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX19B+BpJ53s1ENbD0cEBoaquZgeGoIBPHds=
set system ntp master prefer
set system ntp master stratum 3
set system ntp trusted-key 1

Step 3: Run the command set date 2026-05-18 12:00:00 on DUT0 and expect no output.

Step 4: Run the command set date ntp 10.100.0.100 key 1 on DUT0 and expect the following output:

Step 5: Run the command show date on DUT0 and check whether the output does not contain the following tokens:

Mon

Test NTP Service With Wrong Authentication

Description

NTP client and NTP server are configured to use different authentication key. Optaining time information should fail.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.100.0.50/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX19cI6b/wK/cJoMMO4WMxCtMdJ1+nnpZmZQ=

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.100.0.100/24
set protocols static route 0.0.0.0/0 next-hop 10.100.0.50
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/KO8MEHYy+LbuJN92F/Dqa9/TB59rdPQY=
set system ntp master prefer
set system ntp master stratum 3
set system ntp trusted-key 1

Step 3: Run the command set date 2026-05-18 12:00:00 on DUT0 and expect no output.

Step 4: Run the command set date ntp 10.100.0.100 key 1 on DUT0 and check whether the output contains the following tokens:

no eligible servers