index_115
UNCLASSIFIED
Implementing Security on Cisco Routers
Version 1.0g
UNCLASSIFIED
115
the scope of this guide; the description below shows how to set up authentication for
an Cisco router so that it can use a designated NTP server that uses authentication.
South# config t
Enter configuration commands, one per line. End with CNTL/Z.
South(config)# ntp authenticate
South(config)# ntp authentication-key 1 md5 router
South(config)# ntp trusted-key 1
South(config)# ntp server 14.2.9.250 key 1 source ethernet 0/0
South(config)# exit
Configuration Sample
The configuration command listing below shows the configuration commands for a
router with console logging, buffered logging, syslog logging, and authenticated
network time synchronization. The host receiving the log messages is 14.2.9.6, and
the time server is 14.2.9.250. This sample is formatted as it would appear in a
configuration text file stored on a host for download to the router South.
! turn on timestamps for log entries
service timestamps log datetime msec localtime show-timezone
! setting logging levels and syslog parameters
logging console notifications
logging monitor debug
logging buffered 16000 informational
logging facility local6
logging source-interface Ethernet 0/1
logging 14.2.9.6
logging on
! a tiny access list to permit access only for Central
access-list 21 permit 14.2.9.250
access-list 21 deny any
! designate Central as our sole NTP server with authentication
ntp authentication-key 1 md5 071D2E595A0C0B 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17180154
ntp access-group peer 21
ntp server 14.2.9.250 key 1 source Ethernet0/0
4.5.3. Security for the Simple Network Management Protocol (SNMP)
Overview
The Simple Network Management Protocol (SNMP) supports a connection between
two entities that communicate with each other: the manager and the managed entity,
the agent. In the case of Cisco routers, the router is always the agent. A software
application on a PC or workstation normally acts as the manager. A good source for a