CCIE Lab分解实验练习(Plannet_Practice_Labs)_.Vol_2(10)

ccie,java,安全,教程,文集,资料,工具书

zone PST -8 clock summer-time PDT recurring
ntp source Loopback0 ntp master Study Guide From
IT认证部落 CCIE-LAB
1. Use authentication. 2. CK13 and CK8 should use CK6 as their server. The authentication on NTP is a little different from most other things. The Master is not the one doing the authenticating. The Client is going to authenticate the Master. We are going to have CK8 and CK13 use CK6 as their Master. To accomplish this, we are going to add one line, the authentication key, to the Master. All of the other configuration will go on the Clients.
CK6: ntp authentication-key 1 md5 cisco CK8:
service timestamps debug datetime service timestamps log datetime
clock timezone PST -8 clock summer-time PDT recurring
ntp authentication-key 1 md5 cisco
ntp authenticate
ntp trusted-key 1
ntp server 140.4.6.6 key 1
CK13:
service timestamps debug datetime service timestamps log datetime
clock timezone PST -8 clock summer-time PDT recurring ntp authentication-key 1 md5 cisco
Study Guide From
IT认证部落 CCIE-LAB
ntp authenticate
ntp trusted-key 1
ntp server 140.4.6.6 key 1 To verify that the authentication is working, issue the show ntp associations detail command on one of the Clients.
CK8#show ntp assoc detail
140.4.6.6 configured, authenticated, our_master, sane, valid, stratum 8 ref ID 127.127.7.1, time C4A95E79.12A7C079 (14:28:25.072 PDT Wed Jul 21 2004) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 0.00 msec, root disp 0.03, reach 377, sync dist 18.661 delay 35.11 msec, offset 2.4039 msec, dispersion 1.08 precision 2**19, version 3 org time C4A95EA7.628B4D20 (14:29:11.384 PDT Wed Jul 21 2004) rcv time C4A95EA7.666CB9C4 (14:29:11.400 PDT Wed Jul 21 2004) xmt time C4A95EA7.5D364C4D (14:29:11.364 PDT Wed Jul 21 2004) filtdelay = 35.11 35.19 35.29 36.03 35.14 34.87 34.88 35.17 filtoffset = 2.40 1.94 1.08 0.79 0.27 0.20 0.26 0.23 filterror = 0.02 0.99 1.97 2.94 2.96 2.98 2.99 3.01
If you do not see the keyword "authenticated" in the first line of the output, authentication is not working. You will still receive the time from the NTP master; however, it will not stop a rogue Master from sending the wrong time.
10. IOS Features STEP 1 (2 Points)
Study Guide From
IT认证部落 CCIE-LAB
1. Configure CK5 so that each Telnet keystroke is not sent as a separate packet. Make sure that the router accumulates the keystrokes until an acknowledgement is received for the previous packet. By default, each keystroke in a Telnet session is sent as an individual packet. This can cause a "small packet" problem by using more bandwidth than needed. John Nagle came up
with an algorithm that will send the first keystroke as an individual packet, but will buffer the following keystrokes until an acknowledgment