I have a Cisco ASR1002 WAN router with multiple vrfs per department. Each vrf has a loopback interface on the router, which can be used as an NTP server for remote devices in the respective vrf/department.
Is there any way to configure NTP authentication on specific vrfs? I do not want to enable it globally as this would entail configuring all departments to use NTP authentication.
Thanks
J Mullan
Best Answer
The NTP server can't force clients to use authentication, and will gladly serve up NTP to clients not using authentication. The NTP client determines whether or not authentication is used. If the NTP client wants to use authentication, the NTP server must have the authentication key configured, else the NTP client will refuse to accept NTP from the server.
The reason for this is that it is only important to the NTP client that the NTP data are correct. By configuring NTP authentication on a router, you are configuring it to use authentication as an NTP client, not an NTP server.
If you wish NTP authentication be used on some NTP clients, you must configure the NTP key on the router that is the NTP server, but this will not, and cannot, require any NTP client to use NTP authentication.