From: Paul Cosgrove (paul.cosgrove@heanet.ie)
Date: Thu Jan 10 2008 - 16:46:45 ARST
If you set an interface to learn its IP from DHCP and you then remove
the "ip address dhcp" command, manually set an IP or delete that SVI,
the switch continues to listen on port 68.
The same happens on both 3550s and 3560s, and there may be other
triggers which cause similar behaviour.
A reload will fix it, though perhaps there may be a better solution.
Paul.
Darby Weaver wrote:
> I do agree about no ip bootp (tried it myself - before
> I just looked it up).
>
> Here's the 3550:
>
>
> RACK3R10(config)#do sh ver
> Cisco IOS Software, C3550 Software
> (C3550-IPSERVICESK9-M), Version 12.2(25)SEE2, RELEASE
> SOFTWARE (fc1)
> Copyright (c) 1986-2006 by Cisco Systems, Inc.
> Compiled Fri 28-Jul-06 12:20 by yenanh
> Image text-base: 0x00003000, data-base: 0x00DC0AC4
>
> ROM: Bootstrap program is C3550 boot loader
>
> RACK3R10 uptime is 16 weeks, 2 days, 1 minute
> System returned to ROM by power-on
> System image file is
> "flash:c3550-ipservicesk9-mz.122-25.SEE2.bin"
>
> RACK3R10#sh ip sockets
> Proto Remote Port Local Port In
> Out Stat TTY OutputIF
> 17 --listen-- 3.3.10.10 68 0
> 0 1 0
> 17 --listen-- 3.3.10.10 1975 0
> 0 11 0
> 17 0.0.0.0 0 3.3.10.10 2228 0
> 0 211 0
> 17 0.0.0.0 0 3.3.10.10 67 0
> 0 2211 0
> RACK3R10#conf t
> Enter configuration commands, one per line. End with
> CNTL/Z.
> RACK3R10(config)#no service dhcp
> RACK3R10(config)#do sh ip sockets
> Proto Remote Port Local Port In
> Out Stat TTY OutputIF
> 17 --listen-- 3.3.10.10 68 0
> 0 1 0
> 17 --listen-- 3.3.10.10 1975 0
> 0 11 0
> 17 0.0.0.0 0 3.3.10.10 2228 0
> 0 211 0
>
> Funny port 68 will not go way now... on the 3550
>
>
> Here's the 3560:
>
>
> RACK3R7(config)#do sh ip soc
> Proto Remote Port Local Port In
> Out Stat TTY OutputIF
> 17 --listen-- 3.3.7.7 1975 0
> 0 11 0
> 17 0.0.0.0 0 3.3.7.7 2228 0
> 0 211 0
> 17 0.0.0.0 0 3.3.7.7 67 0
> 0 2211 0
> RACK3R7(config)#no service dhcp
> RACK3R7(config)#do sh ip soc
> Proto Remote Port Local Port In
> Out Stat TTY OutputIF
> 17 --listen-- 3.3.7.7 1975 0
> 0 11 0
> 17 0.0.0.0 0 3.3.7.7 2228 0
> 0 211 0
>
> Here's my other 3560:
>
> RACK3R8(config)#no service udp-small-servers
> RACK3R8(config)#do sh ip sock
> Proto Remote Port Local Port In
> Out Stat TTY OutputIF
> 17 --listen-- 3.3.8.8 1975 0
> 0 11 0
> 17 0.0.0.0 0 3.3.8.8 2228 0
> 0 211 0
> 17 0.0.0.0 0 3.3.8.8 67 0
> 0 2211 0
> RACK3R8(config)# service udp-small-servers
> RACK3R8(config)#no service dhcp
> RACK3R8(config)#do sh ip sock
> Proto Remote Port Local Port In
> Out Stat TTY OutputIF
> 17 --listen-- 3.3.8.8 1975 0
> 0 11 0
> 17 0.0.0.0 0 3.3.8.8 2228 0
> 0 211 0
>
> --- George Goglidze <goglidze@gmail.com> wrote:
>
>> Hi There,
>>
>> So is it not possible to disable BOOTP service on a
>> switch ?????
>>
>> I guess it is impssible to do it, as there is no
>> command "no ip bootp
>> server",
>> neither "no ip service dhcp".
>>
>> by the way, I've tried to disable bootp service on
>> one router too,
>> on dynamips, 3725,
>> I did
>> "no ip bootp service"
>> but I still have port 67 open as we can see on
>> following output:
>>
>> R1#sh ip sockets
>> Proto Remote Port Local Port In
>> Out Stat TTY OutputIF
>> 17 --listen-- 1.1.1.1 2887 0
>> 0 11 0
>> 17 0.0.0.0 0 1.1.1.1 67 0
>> 0 2211 0
>>
>>
>> To Darby: I do not have DHCP service running on the
>> router, so I don't have
>> to
>> disable DHCP, as it listens on port 67 as well.
>> by the way I think we disable it with command "ip
>> dhcp bootp ignore",
>> but as I understand it, it listens only when you
>> enable dhcp service on the
>> router.
>>
>> anyway I did introduce both commands:
>> "ip dhcp bootp ignore"
>> and
>> "no ip bootp server"
>> on 3725 router (dynamips) , and the output of show
>> ip sockets is the same.
>> port 67 is still open.
>>
>> So, how do I really disable that ports, or does the
>> show ip sockets output
>> lie to me?
>>
>> Thanks,
>>
>>
>>
>>
>>
>>
>> On Jan 9, 2008 1:25 PM, Darby Weaver
>> <darbyweaver@yahoo.com> wrote:
>>
>>> Have you considered:
>>>
>>> no ip bootp server
>>>
>>> Bootstrap Protocol (BOOTP) services: To disable
>> BOOTP
>>> services, use the no ip bootp server command in
>> IOS
>>> global configuration mode. Using the no ip bootp
>>> server command by itself will not stop the router
>> from
>>> listening on UDP port 67 because this "well-known"
>>> port is also used by DHCP, which is described
>> later in
>>> this list. This command is widely available within
>>> IOS.
>>>
>>> So....
>>>
>>> no ip service dhcp might be needed as well.
>>>
>>> My rack is off at the moment...
>>>
>>> That should do it.
>>>
>>>
>>>
>>>
>>>
>>>
>>> --- George Goglidze <goglidze@gmail.com> wrote:
>>>
>>>> Hi all,
>>>>
>>>> Hi can I disable bootp service on a 3550 switch?
>>>>
>>>> SW1#sh ip sockets
>>>> Proto Remote Port Local Port
>> In
>>>> Out Stat TTY OutputIF
>>>> 17 --listen-- --any-- 1975
>> 0
>>>> 0 11 0
>>>> 17 0.0.0.0 0 1.1.1.1 2228
>> 0
>>>> 0 211 0
>>>> 17 0.0.0.0 0 1.1.1.1 67
>> 0
>>>> 0 2211 0
>>>>
>>>>
>>>> it shows that it's active.
>>>> but I have no command "no ip bootp service"
>>>> available.
>>>>
>>>> Thanks,
>>>>
>>>>
> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>
> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Paul Cosgrove HEAnet Limited, Ireland's Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin 1 Registered in Ireland, no 275301 tel: +353-1-660 9040 fax: +353-1-660 3666 web: http://www.heanet.ie/
This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST