Re: 3550 bootp service

From: Darby Weaver (darbyweaver@yahoo.com)
Date: Thu Jan 10 2008 - 01:44:32 ARST

• Next message: Mohammad Saeed: "CCIE #19769"
• Previous message: Huan Pham: "RE: Need Explanation on WRED"
• Maybe in reply to: George Goglidze: "3550 bootp service"
• Next in thread: George Goglidze: "Re: 3550 bootp service"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I do agree about no ip bootp (tried it myself - before
I just looked it up).

Here's the 3550:

RACK3R10(config)#do sh ver
Cisco IOS Software, C3550 Software
(C3550-IPSERVICESK9-M), Version 12.2(25)SEE2, RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 28-Jul-06 12:20 by yenanh
Image text-base: 0x00003000, data-base: 0x00DC0AC4

ROM: Bootstrap program is C3550 boot loader

RACK3R10 uptime is 16 weeks, 2 days, 1 minute
System returned to ROM by power-on
System image file is
"flash:c3550-ipservicesk9-mz.122-25.SEE2.bin"

RACK3R10#sh ip sockets
Proto Remote Port Local Port In
Out Stat TTY OutputIF
 17 --listen-- 3.3.10.10 68 0
0 1 0
 17 --listen-- 3.3.10.10 1975 0
0 11 0
 17 0.0.0.0 0 3.3.10.10 2228 0
0 211 0
 17 0.0.0.0 0 3.3.10.10 67 0
0 2211 0
RACK3R10#conf t
Enter configuration commands, one per line. End with
CNTL/Z.
RACK3R10(config)#no service dhcp
RACK3R10(config)#do sh ip sockets
Proto Remote Port Local Port In
Out Stat TTY OutputIF
 17 --listen-- 3.3.10.10 68 0
0 1 0
 17 --listen-- 3.3.10.10 1975 0
0 11 0
 17 0.0.0.0 0 3.3.10.10 2228 0
0 211 0

Funny port 68 will not go way now... on the 3550

Here's the 3560:

RACK3R7(config)#do sh ip soc
Proto Remote Port Local Port In
Out Stat TTY OutputIF
 17 --listen-- 3.3.7.7 1975 0
0 11 0
 17 0.0.0.0 0 3.3.7.7 2228 0
0 211 0
 17 0.0.0.0 0 3.3.7.7 67 0
0 2211 0
RACK3R7(config)#no service dhcp
RACK3R7(config)#do sh ip soc
Proto Remote Port Local Port In
Out Stat TTY OutputIF
 17 --listen-- 3.3.7.7 1975 0
0 11 0
 17 0.0.0.0 0 3.3.7.7 2228 0
0 211 0

Here's my other 3560:

RACK3R8(config)#no service udp-small-servers
RACK3R8(config)#do sh ip sock
Proto Remote Port Local Port In
Out Stat TTY OutputIF
 17 --listen-- 3.3.8.8 1975 0
0 11 0
 17 0.0.0.0 0 3.3.8.8 2228 0
0 211 0
 17 0.0.0.0 0 3.3.8.8 67 0
0 2211 0
RACK3R8(config)# service udp-small-servers
RACK3R8(config)#no service dhcp
RACK3R8(config)#do sh ip sock
Proto Remote Port Local Port In
Out Stat TTY OutputIF
 17 --listen-- 3.3.8.8 1975 0
0 11 0
 17 0.0.0.0 0 3.3.8.8 2228 0
0 211 0

--- George Goglidze <goglidze@gmail.com> wrote:

> Hi There,
>
> So is it not possible to disable BOOTP service on a
> switch ?????
>
> I guess it is impssible to do it, as there is no
> command "no ip bootp
> server",
> neither "no ip service dhcp".
>
> by the way, I've tried to disable bootp service on
> one router too,
> on dynamips, 3725,
> I did
> "no ip bootp service"
> but I still have port 67 open as we can see on
> following output:
>
> R1#sh ip sockets
> Proto Remote Port Local Port In
> Out Stat TTY OutputIF
> 17 --listen-- 1.1.1.1 2887 0
> 0 11 0
> 17 0.0.0.0 0 1.1.1.1 67 0
> 0 2211 0
>
>
> To Darby: I do not have DHCP service running on the
> router, so I don't have
> to
> disable DHCP, as it listens on port 67 as well.
> by the way I think we disable it with command "ip
> dhcp bootp ignore",
> but as I understand it, it listens only when you
> enable dhcp service on the
> router.
>
> anyway I did introduce both commands:
> "ip dhcp bootp ignore"
> and
> "no ip bootp server"
> on 3725 router (dynamips) , and the output of show
> ip sockets is the same.
> port 67 is still open.
>
> So, how do I really disable that ports, or does the
> show ip sockets output
> lie to me?
>
> Thanks,
>
>
>
>
>
>
> On Jan 9, 2008 1:25 PM, Darby Weaver
> <darbyweaver@yahoo.com> wrote:
>
> > Have you considered:
> >
> > no ip bootp server
> >
> > Bootstrap Protocol (BOOTP) services: To disable
> BOOTP
> > services, use the no ip bootp server command in
> IOS
> > global configuration mode. Using the no ip bootp
> > server command by itself will not stop the router
> from
> > listening on UDP port 67 because this "well-known"
> > port is also used by DHCP, which is described
> later in
> > this list. This command is widely available within
> > IOS.
> >
> > So....
> >
> > no ip service dhcp might be needed as well.
> >
> > My rack is off at the moment...
> >
> > That should do it.
> >
> >
> >
> >
> >
> >
> > --- George Goglidze <goglidze@gmail.com> wrote:
> >
> > > Hi all,
> > >
> > > Hi can I disable bootp service on a 3550 switch?
> > >
> > > SW1#sh ip sockets
> > > Proto Remote Port Local Port
> In
> > > Out Stat TTY OutputIF
> > > 17 --listen-- --any-- 1975
> 0
> > > 0 11 0
> > > 17 0.0.0.0 0 1.1.1.1 2228
> 0
> > > 0 211 0
> > > 17 0.0.0.0 0 1.1.1.1 67
> 0
> > > 0 2211 0
> > >
> > >
> > > it shows that it's active.
> > > but I have no command "no ip bootp service"
> > > available.
> > >
> > > Thanks,
> > >
> > >
> >
>

• Next message: Mohammad Saeed: "CCIE #19769"
• Previous message: Huan Pham: "RE: Need Explanation on WRED"
• Maybe in reply to: George Goglidze: "3550 bootp service"
• Next in thread: George Goglidze: "Re: 3550 bootp service"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST