Commands for managing symmetric authentication on NTP servers

Download PDF of this page

Beginning in ONTAP 9.5, Network Time Protocol (NTP) version 3 is supported. NTPv3 includes symmetric authentication using SHA-1 keys which increases network security.

To do this…​ Use this command…​

Configure an NTP server without symmetric authentication

cluster time-service ntp server create -server server_name

Configure an NTP server with symmetric authentication

cluster time-service ntp server create -server server_ip_address -key-id key_id

Enable symmetric authentication for an existing NTP server

An existing NTP server can be modified to enable authentication by adding the required key-id.

cluster time-service ntp server modify -server server_name -key-id key_id

Configure a shared NTP key

cluster time-service ntp key create -id shared_key_id -type shared_key_type -value shared_key_value

Note: Shared keys are referred to by an ID. The ID, its type, and value must be identical on both the node and the NTP server

Configure an NTP server with an unknown key ID

cluster time-service ntp server create -server server_name -key-id key_id

Configure a server with a key ID not configured on the NTP server.

cluster time-service ntp server create -server server_name -key-id key_id

Note: The key ID, type, and value must be identical to the key ID, type, and value configured on the NTP server.

Disable symmetric authentication

cluster time-service ntp server modify -server server_name -authentication disabled