From: Rahmlow, Howard F. (howard.rahmlow@xxxxxxxxxx)
Date: Mon Apr 30 2001 - 17:45:01 GMT-3
the real number is 8 they are, by port number
37, Time
49, TACACS
53, DNS
67, Bootp - Server
68, Bootp Client
69, TFTP
137, NetBIOS - Name service
138, NetBIOS - Datagram service
Howard
-----Original Message-----
From: Jeff K. [mailto:jeffbk@austin.rr.com]
Sent: Monday, April 30, 2001 4:04 PM
To: David Siwula; DuBell, Robert ITC J633CT1; ccielab@groupstudy.com
Subject: Re: BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE
By default the helper address will forward something like 7 broadcasts:
bootp, ntp, tacacs, tftp, netbios-ns, netbios-dgm, and dns (I think). The
helper-address is an interface command. If you want to use the
helper-address but not forward certain ports (like dhcp, but nothing else),
use the global config command 'no ip forward-protocol <protocol port#>'
command to keep those other ports from being forwarded. Or, conversely, add
ports to the helper-address forwarding list by using the previous command --
without the 'no,' of course. Also, remember, you can forward to hosts or
subnets and have more than one helper per interface (I forget the limit,
though).
-Jeff
----- Original Message -----
From: "David Siwula" <DSiwula@dctc.com>
To: "DuBell, Robert ITC J633CT1" <dubell@jfcom.mil>;
<ccielab@groupstudy.com>
Sent: Monday, April 30, 2001 2:42 PM
Subject: RE: BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE
> If I have ip helper-address configured on an interface, what kind
> unnecessary traffic will be forwarded? I was told that since I have
> this enabled I am overloading the network with a lot of uneccessary
> netbios/udp traffic.
> Thanks, Dave
>
> -----Original Message-----
> From: DuBell, Robert ITC J633CT1 [mailto:dubell@jfcom.mil]
> Sent: Monday, April 30, 2001 12:02 PM
> To: ccielab@groupstudy.com
> Subject: RE: BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE
>
>
> Got it ...thanks......Bob
>
> -----Original Message-----
> From: Jeff K. [mailto:jeffbk@austin.rr.com]
> Sent: Monday, April 30, 2001 2:31 PM
> To: DuBell, Robert ITC J633CT1; 'Tarun Pahuja'; ccielab@groupstudy.com
> Subject: Re: BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE
>
>
> Yes, that will do it, but remember that bootp will not be forwarded
> unless
> you have an ip helper-address configured on the interface. If you have
> the
> helper address, then you probably want to have it forwarded. If you
> don't,
> but you need the helper-address for other ports, use the 'no ip
> forward-protocol bootp' to remove it from the list of protocols that the
> helper-address forwards and it won't be an issue. I guess it's just
> different ways to reach the same goal. Seems like it would be less on
> the
> router to just not forward it at all.
>
> -Jeff
> ----- Original Message -----
> From: "DuBell, Robert ITC J633CT1" <dubell@jfcom.mil>
> To: "'Tarun Pahuja'" <tpahuja@hotmail.com>; <ccielab@groupstudy.com>
> Sent: Monday, April 30, 2001 1:15 PM
> Subject: BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE
>
>
> > Real life situation here. If I apply the following access list on a
> > interface, will it block bootp from being distrubuted throughout the
> > network. Or is there a better way to block bootp from specific
> interfaces
> > ??/...Thanks
> >
> > access-list 101 deny udp any any eq 67
> > access-list 101 deny udp any any eq 68
> > access-list 101 permit any
> >
> >
> >
> > ITC(SW) Robert L. DuBEll
> > Chief Network Engineer
> > dubell@jfcom.mil
> > commercial 757-836-6129
> > DSN - 836-6129
> >
> > -
> > **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:02 GMT-3