Requirements to enable SNTP client authentication

You must configure all of the the following items to enable SNTP client authentication on the switch.

SNTP client Authentication Support Requirements

  • Timesync mode must be SNTP. Use the timesync sntp command. SNTP is disabled by default.

  • SNTP must be in unicast or broadcast mode.

  • The MD5 authentication mode must be selected.

  • An SNTP authentication key-identifier (key-id) must be configured on the switch and a value (key-value) must be provided for the authentication key. A maximum of 8 sets of key-id and key-value can be configured on the switch.

  • Among the keys that have been configured, one key or a set of keys must be configured as trusted. Only trusted keys will be used for SNTP authentication.

  • If the SNTP server requires authentication, one of the trusted keys has to be associated with the SNTP server.

  • SNTP client authentication must be enabled on the switch. If client authentication is disabled, packets are processed without authentication. All of the above steps are necessary to enable authentication on the client.

SNTP server authentication support

The following must be performed on the SNTP server:

  • The same authentication key-identifier, trusted key, authentication mode and key-value that were configured on the SNTP client must also be configured on the SNTP server.

  • SNTP server authentication must be enabled on the server. If any of the parameters on the server are changed, the parameters have to be changed on all the SNTP clients in the network as well. The authentication check will fail on the clients otherwise, and the SNTP packets will be dropped.

NOTE:

SNTP server is not supported on HPE products.

IMPORTANT:

If any of the parameters on the server are changed, the parameters have to be changed on all the SNTP clients in the network as well. The authentication check fails on the clients otherwise, and the SNTP packets are dropped.