From: George Goglidze (goglidze@gmail.com)
Date: Thu Jan 10 2008 - 11:27:47 ARST
Hi Darby,
Thanks a lot, yes I did disable port 67 with no service dhcp on my 3550 as
well.
But interestingly I do not have port 68 open,
which is anyway bootp client port...
so check if you have dhcp is client enabled on your device.
maybe you have somewhere on interface "ip address dhcp"
Regards,
On Jan 10, 2008 4:00 AM, Darby Weaver <darbyweaver@yahoo.com> wrote:
> Not quite there is another trick. Hold tight since
> this has gotten interesting and my rack is powered
> on...
>
> Let me see...
>
> I'm able to disable port 67 on both my 3560 and 3550
> using no service dhcp. However port 68 will not go
> away on the 3550. Version specific perhaps?
>
>
>
> Hmmm...
>
> Interesting to be sure.
>
>
>
>
> --- George Goglidze <goglidze@gmail.com> wrote:
>
> > Hi There,
> >
> > So is it not possible to disable BOOTP service on a
> > switch ?????
> >
> > I guess it is impssible to do it, as there is no
> > command "no ip bootp
> > server",
> > neither "no ip service dhcp".
> >
> > by the way, I've tried to disable bootp service on
> > one router too,
> > on dynamips, 3725,
> > I did
> > "no ip bootp service"
> > but I still have port 67 open as we can see on
> > following output:
> >
> > R1#sh ip sockets
> > Proto Remote Port Local Port In
> > Out Stat TTY OutputIF
> > 17 --listen-- 1.1.1.1 2887 0
> > 0 11 0
> > 17 0.0.0.0 0 1.1.1.1 67 0
> > 0 2211 0
> >
> >
> > To Darby: I do not have DHCP service running on the
> > router, so I don't have
> > to
> > disable DHCP, as it listens on port 67 as well.
> > by the way I think we disable it with command "ip
> > dhcp bootp ignore",
> > but as I understand it, it listens only when you
> > enable dhcp service on the
> > router.
> >
> > anyway I did introduce both commands:
> > "ip dhcp bootp ignore"
> > and
> > "no ip bootp server"
> > on 3725 router (dynamips) , and the output of show
> > ip sockets is the same.
> > port 67 is still open.
> >
> > So, how do I really disable that ports, or does the
> > show ip sockets output
> > lie to me?
> >
> > Thanks,
> >
> >
> >
> >
> >
> >
> > On Jan 9, 2008 1:25 PM, Darby Weaver
> > <darbyweaver@yahoo.com> wrote:
> >
> > > Have you considered:
> > >
> > > no ip bootp server
> > >
> > > Bootstrap Protocol (BOOTP) services: To disable
> > BOOTP
> > > services, use the no ip bootp server command in
> > IOS
> > > global configuration mode. Using the no ip bootp
> > > server command by itself will not stop the router
> > from
> > > listening on UDP port 67 because this "well-known"
> > > port is also used by DHCP, which is described
> > later in
> > > this list. This command is widely available within
> > > IOS.
> > >
> > > So....
> > >
> > > no ip service dhcp might be needed as well.
> > >
> > > My rack is off at the moment...
> > >
> > > That should do it.
> > >
> > >
> > >
> > >
> > >
> > >
> > > --- George Goglidze <goglidze@gmail.com> wrote:
> > >
> > > > Hi all,
> > > >
> > > > Hi can I disable bootp service on a 3550 switch?
> > > >
> > > > SW1#sh ip sockets
> > > > Proto Remote Port Local Port
> > In
> > > > Out Stat TTY OutputIF
> > > > 17 --listen-- --any-- 1975
> > 0
> > > > 0 11 0
> > > > 17 0.0.0.0 0 1.1.1.1 2228
> > 0
> > > > 0 211 0
> > > > 17 0.0.0.0 0 1.1.1.1 67
> > 0
> > > > 0 2211 0
> > > >
> > > >
> > > > it shows that it's active.
> > > > but I have no command "no ip bootp service"
> > > > available.
> > > >
> > > > Thanks,
> > > >
> > > >
> > >
> >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST