Re: BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE

From: Jeff K. (jeffbk@xxxxxxxxxxxxx)
Date: Mon Apr 30 2001 - 17:29:02 GMT-3

• Next message: Chuck Larrieu: "RE: Error on page 387 of BRS 4CCIEs Version 2"
• Previous message: Niall El-Assaad: "Error on page 387 of BRS 4CCIEs Version 2"
• Maybe in reply to: DuBell, Robert ITC J633CT1: "BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE"
• Next in thread: Andy Singh: "RE: BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Depends on your network topology. For example, if you are running switched
Ethernet, then the switch will consult it's CAM table and forward that
unicast packet to that single server. But, if you are running off hubs,
remember that every host will get that frame, look at the MAC address and
either keep or drop it.
----- Original Message -----
From: "David Siwula" <DSiwula@dctc.com>
To: "Jeff K." <jeffbk@austin.rr.com>; "DuBell, Robert ITC J633CT1"
<dubell@jfcom.mil>; <ccielab@groupstudy.com>
Sent: Monday, April 30, 2001 3:25 PM
Subject: RE: BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE

With the ip helper you specify a particular address. In this case it is
for dhcp and has the address for the dhcp server. Wouldn't it just bog
down that particular server and not the network. As it is taking the
udp broadcasts and turning them into unicasts to the server.
Thanks, Dave

-----Original Message-----
From: Jeff K. [mailto:jeffbk@austin.rr.com]
Sent: Monday, April 30, 2001 1:04 PM
To: David Siwula; DuBell, Robert ITC J633CT1; ccielab@groupstudy.com
Subject: Re: BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE

By default the helper address will forward something like 7 broadcasts:
bootp, ntp, tacacs, tftp, netbios-ns, netbios-dgm, and dns (I think).
The
helper-address is an interface command. If you want to use the
helper-address but not forward certain ports (like dhcp, but nothing
else),
use the global config command 'no ip forward-protocol <protocol port#>'
command to keep those other ports from being forwarded. Or, conversely,
add
ports to the helper-address forwarding list by using the previous
command --
without the 'no,' of course. Also, remember, you can forward to hosts
or
subnets and have more than one helper per interface (I forget the limit,
though).

-Jeff
----- Original Message -----
From: "David Siwula" <DSiwula@dctc.com>
To: "DuBell, Robert ITC J633CT1" <dubell@jfcom.mil>;
<ccielab@groupstudy.com>
Sent: Monday, April 30, 2001 2:42 PM
Subject: RE: BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE

> If I have ip helper-address configured on an interface, what kind
> unnecessary traffic will be forwarded? I was told that since I have
> this enabled I am overloading the network with a lot of uneccessary
> netbios/udp traffic.
> Thanks, Dave
>
> -----Original Message-----
> From: DuBell, Robert ITC J633CT1 [mailto:dubell@jfcom.mil]
> Sent: Monday, April 30, 2001 12:02 PM
> To: ccielab@groupstudy.com
> Subject: RE: BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE
>
>
> Got it ...thanks......Bob
>
> -----Original Message-----
> From: Jeff K. [mailto:jeffbk@austin.rr.com]
> Sent: Monday, April 30, 2001 2:31 PM
> To: DuBell, Robert ITC J633CT1; 'Tarun Pahuja'; ccielab@groupstudy.com
> Subject: Re: BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE
>
>
> Yes, that will do it, but remember that bootp will not be forwarded
> unless
> you have an ip helper-address configured on the interface. If you
have
> the
> helper address, then you probably want to have it forwarded. If you
> don't,
> but you need the helper-address for other ports, use the 'no ip
> forward-protocol bootp' to remove it from the list of protocols that
the
> helper-address forwards and it won't be an issue. I guess it's just
> different ways to reach the same goal. Seems like it would be less on
> the
> router to just not forward it at all.
>
> -Jeff
> ----- Original Message -----
> From: "DuBell, Robert ITC J633CT1" <dubell@jfcom.mil>
> To: "'Tarun Pahuja'" <tpahuja@hotmail.com>; <ccielab@groupstudy.com>
> Sent: Monday, April 30, 2001 1:15 PM
> Subject: BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE
>
>
> > Real life situation here. If I apply the following access list on a
> > interface, will it block bootp from being distrubuted throughout the
> > network. Or is there a better way to block bootp from specific
> interfaces
> > ??/...Thanks
> >
> > access-list 101 deny udp any any eq 67
> > access-list 101 deny udp any any eq 68
> > access-list 101 permit any
> >
> >
> >
> > ITC(SW) Robert L. DuBEll
> > Chief Network Engineer
> > dubell@jfcom.mil
> > commercial 757-836-6129
> > DSN - 836-6129
> >
> > -
> > **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Chuck Larrieu: "RE: Error on page 387 of BRS 4CCIEs Version 2"
• Previous message: Niall El-Assaad: "Error on page 387 of BRS 4CCIEs Version 2"
• Maybe in reply to: DuBell, Robert ITC J633CT1: "BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE"
• Next in thread: Andy Singh: "RE: BLOCKING BOOTP ON AN INDIVIDUAL INTERFACE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:02 GMT-3