Guest

Preview Tool

Cisco Bug: CSCvu33212 - PI: NTP will not authenticate with open source NTP servers using cmac-aes-128

Last Modified

Aug 29, 2020

Products (9)

  • Cisco IOS
  • Cisco 4221 Integrated Services Router
  • Cisco 4431 Integrated Services Router
  • Cisco 4321 Integrated Services Router
  • Cisco 4331 Integrated Services Router
  • Cisco 4351 Integrated Services Router
  • Cisco 4461 Integrated Services Router
  • Cisco Cloud Services Router 1000V
  • Cisco 4451-X Integrated Services Router

Known Affected Releases

17.1.1 17.4.1

Description (partial)

Symptom:
The router will fail to sync and take time from an NTP server (any linux box).

The available cmac-aes-128 option in IOS-NTP is not working if peer is using open source NTP.

Specifically we are using this version of ntpd on the linux box;
root@ntp:/# ntpd --version
ntpd 4.2.8p12@1.3728-o (1)

Conditions:
The router is configured to authenticate to the server via symmetric key using an algorithm of cmac-aes-128
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.