Can't find what you need?


• Ask the Community
• Create a Case
Reset Search
 

 

Article

NTP Key is Visible after an upgrade on both the ERS 4800 and ERS 4900

« Go Back

Information

 
TitleNTP Key is Visible after an upgrade on both the ERS 4800 and ERS 4900
Symptoms
After an upgrade, the NTP keys were visible in both EDM and CLI.
 
ERS4926GTS-FA(config)#show run mod core 
! Embedded ASCII Configuration Generator Script 
! Model = Ethernet Routing Switch 4926GTS 
! Software version = v7.6.1.033 
! 
! Displaying only parameters different to default 
!================================================ 
enable 
configure terminal 
! 
! *** CORE (Phase 1) *** 
! 
ntp authentication-key 1 type sha1 "test" 
ntp authentication-key 2 type md5 "test" 
ntp server 1.1.1.1 enable auth-enable authentication-key 1 
ntp server 2.2.2.2 enable auth-enable authentication-key 2 
ntp 
terminal length 0 
tftp-server 134.141.178.179 
! 
! *** CORE (Phase 2) *** 
! 
ERS4926GTS-FA(config)#show ntp key 
Key Id Key Key Type 
---------------------------------------------------- 
1 test SHA1 
2 test MD5

 
Environment
  • ERS 4900
  • SW 7.6.x
 
  • ERS 4800
  • SW 5.12.x
Cause
The NTP keys will be in plain text when the switch is not running enhanced security mode (ESM).






 
Resolution
To “hide” the keys, enable enhanced security mode. This will require a reboot to the device.
 
ERS4926GTS-FA(config)#enhanced-secure-mode enable 
This operation requires a reboot and the switch/stack will be reset. 
Do you want to continue? (y/n) ? y 
Rebooting . . .

To verify
 
4926GTS(config)#show enhanced-secure-mode 
1970-01-01 00:16:57 GMT+00:00 

Enhanced Secure Mode: Enabled

 
Additional notes
4926GTS(config)#show run mod core 
1970-01-01 00:16:45 GMT+00:00 

! Embedded ASCII Configuration Generator Script 
! Model = Ethernet Routing Switch 4926GTS 
! Software version = v7.6.1.033 

! Displaying only parameters different to default 
!================================================ 
enable 
configure terminal 

! *** CORE (Phase 1) *** 

! ntp authentication-key 1 type md5 "********" 
terminal length 0 
cli timestamp enable 
no tftp-access 

! *** CORE (Phase 2) *** 

4926GTS(config)#show ntp key 
1970-01-01 00:16:50 GMT+00:00 

Key Id Key Key Type 
---------------------------------------------------- 
1 ******** MD5 


 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255