From: Darby Weaver (darbyweaver@yahoo.com)
Date: Thu Jan 10 2008 - 20:36:11 ARST
Not yet it hasn't.
Still got it. Wiped everything but the default
directory where the tar originally dropped it.
Hmmm...
This is like the third reboot.
Just left one of my 3750's and it has neither 67 nor
68 but it does have routing enabled and it is does
have an IP Address assigned...
Ahah!
Hmmm...
Well Paul it worked like this:
While I had a blank configuration on m switch or one
with no layer 3 addressing yet... I was a DHCP
client.
As soon as I enabled IP routing and assigned an IP
Address, followed by a reboot:
I finally got only port 67
And then I issued the command "no service dhcp" to
kill port 67
Whew!!!
Try it.
But I promise, and I saved the session... just in case
that ip address dhcp was never used.
But as you wisely stated - "other conditions".
No service dhcp should kill port 67.
--- Paul Cosgrove <paul.cosgrove@heanet.ie> wrote:
> If you set an interface to learn its IP from DHCP
> and you then remove
> the "ip address dhcp" command, manually set an IP or
> delete that SVI,
> the switch continues to listen on port 68.
>
> The same happens on both 3550s and 3560s, and there
> may be other
> triggers which cause similar behaviour.
>
> A reload will fix it, though perhaps there may be a
> better solution.
>
> Paul.
>
> Darby Weaver wrote:
> > I do agree about no ip bootp (tried it myself -
> before
> > I just looked it up).
> >
> > Here's the 3550:
> >
> >
> > RACK3R10(config)#do sh ver
> > Cisco IOS Software, C3550 Software
> > (C3550-IPSERVICESK9-M), Version 12.2(25)SEE2,
> RELEASE
> > SOFTWARE (fc1)
> > Copyright (c) 1986-2006 by Cisco Systems, Inc.
> > Compiled Fri 28-Jul-06 12:20 by yenanh
> > Image text-base: 0x00003000, data-base: 0x00DC0AC4
> >
> > ROM: Bootstrap program is C3550 boot loader
> >
> > RACK3R10 uptime is 16 weeks, 2 days, 1 minute
> > System returned to ROM by power-on
> > System image file is
> > "flash:c3550-ipservicesk9-mz.122-25.SEE2.bin"
> >
> > RACK3R10#sh ip sockets
> > Proto Remote Port Local Port
> In
> > Out Stat TTY OutputIF
> > 17 --listen-- 3.3.10.10 68
> 0
> > 0 1 0
> > 17 --listen-- 3.3.10.10 1975
> 0
> > 0 11 0
> > 17 0.0.0.0 0 3.3.10.10 2228
> 0
> > 0 211 0
> > 17 0.0.0.0 0 3.3.10.10 67
> 0
> > 0 2211 0
> > RACK3R10#conf t
> > Enter configuration commands, one per line. End
> with
> > CNTL/Z.
> > RACK3R10(config)#no service dhcp
> > RACK3R10(config)#do sh ip sockets
> > Proto Remote Port Local Port
> In
> > Out Stat TTY OutputIF
> > 17 --listen-- 3.3.10.10 68
> 0
> > 0 1 0
> > 17 --listen-- 3.3.10.10 1975
> 0
> > 0 11 0
> > 17 0.0.0.0 0 3.3.10.10 2228
> 0
> > 0 211 0
> >
> > Funny port 68 will not go way now... on the 3550
> >
> >
> > Here's the 3560:
> >
> >
> > RACK3R7(config)#do sh ip soc
> > Proto Remote Port Local Port
> In
> > Out Stat TTY OutputIF
> > 17 --listen-- 3.3.7.7 1975
> 0
> > 0 11 0
> > 17 0.0.0.0 0 3.3.7.7 2228
> 0
> > 0 211 0
> > 17 0.0.0.0 0 3.3.7.7 67
> 0
> > 0 2211 0
> > RACK3R7(config)#no service dhcp
> > RACK3R7(config)#do sh ip soc
> > Proto Remote Port Local Port
> In
> > Out Stat TTY OutputIF
> > 17 --listen-- 3.3.7.7 1975
> 0
> > 0 11 0
> > 17 0.0.0.0 0 3.3.7.7 2228
> 0
> > 0 211 0
> >
> > Here's my other 3560:
> >
> > RACK3R8(config)#no service udp-small-servers
> > RACK3R8(config)#do sh ip sock
> > Proto Remote Port Local Port
> In
> > Out Stat TTY OutputIF
> > 17 --listen-- 3.3.8.8 1975
> 0
> > 0 11 0
> > 17 0.0.0.0 0 3.3.8.8 2228
> 0
> > 0 211 0
> > 17 0.0.0.0 0 3.3.8.8 67
> 0
> > 0 2211 0
> > RACK3R8(config)# service udp-small-servers
> > RACK3R8(config)#no service dhcp
> > RACK3R8(config)#do sh ip sock
> > Proto Remote Port Local Port
> In
> > Out Stat TTY OutputIF
> > 17 --listen-- 3.3.8.8 1975
> 0
> > 0 11 0
> > 17 0.0.0.0 0 3.3.8.8 2228
> 0
> > 0 211 0
> >
> > --- George Goglidze <goglidze@gmail.com> wrote:
> >
> >> Hi There,
> >>
> >> So is it not possible to disable BOOTP service on
> a
> >> switch ?????
> >>
> >> I guess it is impssible to do it, as there is no
> >> command "no ip bootp
> >> server",
> >> neither "no ip service dhcp".
> >>
> >> by the way, I've tried to disable bootp service
> on
> >> one router too,
> >> on dynamips, 3725,
> >> I did
> >> "no ip bootp service"
> >> but I still have port 67 open as we can see on
> >> following output:
> >>
> >> R1#sh ip sockets
> >> Proto Remote Port Local Port
> In
> >> Out Stat TTY OutputIF
> >> 17 --listen-- 1.1.1.1 2887
> 0
> >> 0 11 0
> >> 17 0.0.0.0 0 1.1.1.1 67
> 0
> >> 0 2211 0
> >>
> >>
> >> To Darby: I do not have DHCP service running on
> the
> >> router, so I don't have
> >> to
> >> disable DHCP, as it listens on port 67 as well.
> >> by the way I think we disable it with command "ip
> >> dhcp bootp ignore",
> >> but as I understand it, it listens only when you
> >> enable dhcp service on the
> >> router.
> >>
> >> anyway I did introduce both commands:
> >> "ip dhcp bootp ignore"
> >> and
> >> "no ip bootp server"
> >> on 3725 router (dynamips) , and the output of
> show
> >> ip sockets is the same.
> >> port 67 is still open.
> >>
> >> So, how do I really disable that ports, or does
> the
> >> show ip sockets output
> >> lie to me?
> >>
> >> Thanks,
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Jan 9, 2008 1:25 PM, Darby Weaver
> >> <darbyweaver@yahoo.com> wrote:
> >>
> >>> Have you considered:
> >>>
> >>> no ip bootp server
> >>>
> >>> Bootstrap Protocol (BOOTP) services: To disable
> >> BOOTP
> >>> services, use the no ip bootp server command in
> >> IOS
> >>> global configuration mode. Using the no ip bootp
> >>> server command by itself will not stop the
> router
> >> from
> >>> listening on UDP port 67 because this
> "well-known"
> >>> port is also used by DHCP, which is described
> >> later in
> >>> this list. This command is widely available
> within
> >>> IOS.
> >>>
> >>> So....
> >>>
> >>> no ip service dhcp might be needed as well.
> >>>
> >>> My rack is off at the moment...
> >>>
> >>> That should do it.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> --- George Goglidze <goglidze@gmail.com> wrote:
> >>>
> >>>> Hi all,
> >>>>
> >>>> Hi can I disable bootp service on a 3550
> switch?
> >>>>
> >>>> SW1#sh ip sockets
> >>>> Proto Remote Port Local Port
>
> >> In
> >>>> Out Stat TTY OutputIF
> >>>> 17 --listen-- --any-- 1975
>
> >> 0
> >>>> 0 11 0
> >>>> 17 0.0.0.0 0 1.1.1.1 2228
>
> >> 0
> >>>> 0 211 0
> >>>> 17 0.0.0.0 0 1.1.1.1 67
>
> >> 0
> >>>> 0 2211 0
> >>>>
> >>>>
> >>>> it shows that it's active.
> >>>> but I have no command "no ip bootp service"
> >>>> available.
> >>>>
> >>>> Thanks,
> >>>>
> >>>>
> >
>
This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST