4-28
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Chapter 4 Initial Configuration Tasks
Configuring Time
Configuring a Cisco Router to be an NTP Server
The sensor requires an authenticated connection with an NTP server if it is going to use the NTP server
as its time source. The sensor supports only the MD5 hash algorithm for key encryption. Use the
following procedure to activate a Cisco router to act as an NTP server and use its internal clock as the
time source.
Note
Remember the NTP server’s key ID and key values. You will need them along with the NTP server’s IP
address when you configure the sensor to use the NTP server as its time source. For the procedure, see
Configuring the Sensor to Use an NTP Time Source, page 4-29
.
To set up a Cisco router to act as an NTP server, follow these steps:
Step 1
Log in to the router.
Step 2
Enter configuration mode:
router#
configure terminal
Step 3
Create the key ID and key value:
router(config)#
ntp authentication-key
key_ID
md5
key_value
The key ID can be a number between 1 and 65535. The key value is text (numeric or character). It is
encrypted later.
Example:
router(config)#
ntp authentication-key 100 md5 attack
Note
The sensor only supports MD5 keys.
Note
Keys may already exist on the router. Use the
show running configuration
command to check
for other keys. You can use those values for the trusted key in Step 4.
Step 4
Designate the key you just created in Step 3 as the trusted key (or use an existing key):
router(config)#
ntp trusted-key
key_ID
The trusted key ID is the same number as the key ID in Step 3.
Example:
router(config)#
ntp trusted-key 100
Step 5
Specify the interface on the router that the sensor will communicate with:
router(config)#
ntp source
interface_name
Example:
router(config)#
ntp source FastEthernet 1/0
Step 6
Specify the NTP master stratum number to be assigned to the sensor:
router(config)#
ntp master
stratum_number
Example:
router(config)#
ntp master 6