From: Paul Cosgrove (paul.cosgrove@heanet.ie)
Date: Thu Jan 10 2008 - 21:18:23 ARST
Hi Darby,
Sorry, I misunderstood. Was assuming you had an IP on the switch already.
What you are seeing is the normal DHCP based auto configuration process.
Switches use DHCP to try to obtain an address if the configuration
file is deleted or they have no IP address.
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swipaddr.html#wp1036156
With an IP on the switch, if you then enable "ip dhcp client" on another
svi, before removing that command (or deleting the svi), you will find
that port 68 still remains open in show ip sockets.
Paul.
Darby Weaver wrote:
> Not yet it hasn't.
>
> Still got it. Wiped everything but the default
> directory where the tar originally dropped it.
>
> Hmmm...
>
> This is like the third reboot.
>
> Just left one of my 3750's and it has neither 67 nor
> 68 but it does have routing enabled and it is does
> have an IP Address assigned...
>
> Ahah!
>
>
> Hmmm...
>
> Well Paul it worked like this:
>
> While I had a blank configuration on m switch or one
> with no layer 3 addressing yet... I was a DHCP
> client.
>
> As soon as I enabled IP routing and assigned an IP
> Address, followed by a reboot:
>
> I finally got only port 67
>
> And then I issued the command "no service dhcp" to
> kill port 67
>
> Whew!!!
>
> Try it.
>
> But I promise, and I saved the session... just in case
> that ip address dhcp was never used.
>
>
> But as you wisely stated - "other conditions".
>
> No service dhcp should kill port 67.
>
>
>
>
>
>
>
>
> --- Paul Cosgrove <paul.cosgrove@heanet.ie> wrote:
>
>> If you set an interface to learn its IP from DHCP
>> and you then remove
>> the "ip address dhcp" command, manually set an IP or
>> delete that SVI,
>> the switch continues to listen on port 68.
>>
>> The same happens on both 3550s and 3560s, and there
>> may be other
>> triggers which cause similar behaviour.
>>
>> A reload will fix it, though perhaps there may be a
>> better solution.
>>
>> Paul.
>>
>> Darby Weaver wrote:
>>> I do agree about no ip bootp (tried it myself -
>> before
>>> I just looked it up).
>>>
>>> Here's the 3550:
>>>
>>>
>>> RACK3R10(config)#do sh ver
>>> Cisco IOS Software, C3550 Software
>>> (C3550-IPSERVICESK9-M), Version 12.2(25)SEE2,
>> RELEASE
>>> SOFTWARE (fc1)
>>> Copyright (c) 1986-2006 by Cisco Systems, Inc.
>>> Compiled Fri 28-Jul-06 12:20 by yenanh
>>> Image text-base: 0x00003000, data-base: 0x00DC0AC4
>>>
>>> ROM: Bootstrap program is C3550 boot loader
>>>
>>> RACK3R10 uptime is 16 weeks, 2 days, 1 minute
>>> System returned to ROM by power-on
>>> System image file is
>>> "flash:c3550-ipservicesk9-mz.122-25.SEE2.bin"
>>>
>>> RACK3R10#sh ip sockets
>>> Proto Remote Port Local Port
>> In
>>> Out Stat TTY OutputIF
>>> 17 --listen-- 3.3.10.10 68
>> 0
>>> 0 1 0
>>> 17 --listen-- 3.3.10.10 1975
>> 0
>>> 0 11 0
>>> 17 0.0.0.0 0 3.3.10.10 2228
>> 0
>>> 0 211 0
>>> 17 0.0.0.0 0 3.3.10.10 67
>> 0
>>> 0 2211 0
>>> RACK3R10#conf t
>>> Enter configuration commands, one per line. End
>> with
>>> CNTL/Z.
>>> RACK3R10(config)#no service dhcp
>>> RACK3R10(config)#do sh ip sockets
>>> Proto Remote Port Local Port
>> In
>>> Out Stat TTY OutputIF
>>> 17 --listen-- 3.3.10.10 68
>> 0
>>> 0 1 0
>>> 17 --listen-- 3.3.10.10 1975
>> 0
>>> 0 11 0
>>> 17 0.0.0.0 0 3.3.10.10 2228
>> 0
>>> 0 211 0
>>>
>>> Funny port 68 will not go way now... on the 3550
>>>
>>>
>>> Here's the 3560:
>>>
>>>
>>> RACK3R7(config)#do sh ip soc
>>> Proto Remote Port Local Port
>> In
>>> Out Stat TTY OutputIF
>>> 17 --listen-- 3.3.7.7 1975
>> 0
>>> 0 11 0
>>> 17 0.0.0.0 0 3.3.7.7 2228
>> 0
>>> 0 211 0
>>> 17 0.0.0.0 0 3.3.7.7 67
>> 0
>>> 0 2211 0
>>> RACK3R7(config)#no service dhcp
>>> RACK3R7(config)#do sh ip soc
>>> Proto Remote Port Local Port
>> In
>>> Out Stat TTY OutputIF
>>> 17 --listen-- 3.3.7.7 1975
>> 0
>>> 0 11 0
>>> 17 0.0.0.0 0 3.3.7.7 2228
>> 0
>>> 0 211 0
>>>
>>> Here's my other 3560:
>>>
>>> RACK3R8(config)#no service udp-small-servers
>>> RACK3R8(config)#do sh ip sock
>>> Proto Remote Port Local Port
>> In
>>> Out Stat TTY OutputIF
>>> 17 --listen-- 3.3.8.8 1975
>> 0
>>> 0 11 0
>>> 17 0.0.0.0 0 3.3.8.8 2228
>> 0
>>> 0 211 0
>>> 17 0.0.0.0 0 3.3.8.8 67
>> 0
>>> 0 2211 0
>>> RACK3R8(config)# service udp-small-servers
>>> RACK3R8(config)#no service dhcp
>>> RACK3R8(config)#do sh ip sock
>>> Proto Remote Port Local Port
>> In
>>> Out Stat TTY OutputIF
>>> 17 --listen-- 3.3.8.8 1975
>> 0
>>> 0 11 0
>>> 17 0.0.0.0 0 3.3.8.8 2228
>> 0
>>> 0 211 0
>>>
>>> --- George Goglidze <goglidze@gmail.com> wrote:
>>>
>>>> Hi There,
>>>>
>>>> So is it not possible to disable BOOTP service on
>> a
>>>> switch ?????
>>>>
>>>> I guess it is impssible to do it, as there is no
>>>> command "no ip bootp
>>>> server",
>>>> neither "no ip service dhcp".
>>>>
>>>> by the way, I've tried to disable bootp service
>> on
>>>> one router too,
>>>> on dynamips, 3725,
>>>> I did
>>>> "no ip bootp service"
>>>> but I still have port 67 open as we can see on
>>>> following output:
>>>>
>>>> R1#sh ip sockets
>>>> Proto Remote Port Local Port
>> In
>>>> Out Stat TTY OutputIF
>>>> 17 --listen-- 1.1.1.1 2887
>> 0
>>>> 0 11 0
>>>> 17 0.0.0.0 0 1.1.1.1 67
>> 0
>>>> 0 2211 0
>>>>
>>>>
>>>> To Darby: I do not have DHCP service running on
>> the
>>>> router, so I don't have
>>>> to
>>>> disable DHCP, as it listens on port 67 as well.
>>>> by the way I think we disable it with command "ip
>>>> dhcp bootp ignore",
>>>> but as I understand it, it listens only when you
>>>> enable dhcp service on the
>>>> router.
>>>>
>>>> anyway I did introduce both commands:
>>>> "ip dhcp bootp ignore"
>>>> and
>>>> "no ip bootp server"
>>>> on 3725 router (dynamips) , and the output of
>> show
>>>> ip sockets is the same.
>>>> port 67 is still open.
>>>>
>>>> So, how do I really disable that ports, or does
>> the
>>>> show ip sockets output
>>>> lie to me?
>>>>
>>>> Thanks,
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Jan 9, 2008 1:25 PM, Darby Weaver
>>>> <darbyweaver@yahoo.com> wrote:
>>>>
>>>>> Have you considered:
>>>>>
>>>>> no ip bootp server
>>>>>
>>>>> Bootstrap Protocol (BOOTP) services: To disable
>>>> BOOTP
>>>>> services, use the no ip bootp server command in
>>>> IOS
>>>>> global configuration mode. Using the no ip bootp
>>>>> server command by itself will not stop the
>> router
>>>> from
>>>>> listening on UDP port 67 because this
>> "well-known"
>>>>> port is also used by DHCP, which is described
>>>> later in
>>>>> this list. This command is widely available
>> within
>>>>> IOS.
>>>>>
>>>>> So....
>>>>>
>>>>> no ip service dhcp might be needed as well.
>>>>>
>>>>> My rack is off at the moment...
>>>>>
>>>>> That should do it.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --- George Goglidze <goglidze@gmail.com> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> Hi can I disable bootp service on a 3550
>> switch?
>>>>>> SW1#sh ip sockets
>>>>>> Proto Remote Port Local Port
>>>> In
>>>>>> Out Stat TTY OutputIF
>>>>>> 17 --listen-- --any-- 1975
>>>> 0
>>>>>> 0 11 0
>>>>>> 17 0.0.0.0 0 1.1.1.1 2228
>>>> 0
>>>>>> 0 211 0
>>>>>> 17 0.0.0.0 0 1.1.1.1 67
>>>> 0
>>>>>> 0 2211 0
>>>>>>
>>>>>>
>>>>>> it shows that it's active.
>>>>>> but I have no command "no ip bootp service"
>>>>>> available.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>>
> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>
> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>
>> --
>> Paul Cosgrove
>> HEAnet Limited, Ireland's Education and Research
>> Network
>> 1st Floor, 5 George's Dock, IFSC, Dublin 1
>> Registered in Ireland, no 275301
>> tel: +353-1-660 9040 fax: +353-1-660 3666
>> web: http://www.heanet.ie/
>>
>
>
>
>
-- Paul Cosgrove HEAnet Limited, Ireland's Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin 1 Registered in Ireland, no 275301 tel: +353-1-660 9040 fax: +353-1-660 3666 web: http://www.heanet.ie/
This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST