Re: 3550 bootp service

From: Paul Cosgrove (paul.cosgrove@heanet.ie)
Date: Thu Jan 10 2008 - 21:22:27 ARST

• Next message: Darby Weaver: "Re: 3550 bootp service"
• Previous message: uyota oyearone: "RE: CCIE #19769"
• Maybe in reply to: George Goglidze: "3550 bootp service"
• Next in thread: Darby Weaver: "Re: 3550 bootp service"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Oops, meant "ip address dhcp" (its late).

Paul Cosgrove wrote:
> Hi Darby,
>
> Sorry, I misunderstood. Was assuming you had an IP on the switch already.
>
> What you are seeing is the normal DHCP based auto configuration process.
> Switches use DHCP to try to obtain an address if the configuration file
> is deleted or they have no IP address.
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swipaddr.html#wp1036156
>
>
> With an IP on the switch, if you then enable "ip dhcp client" on another
> svi, before removing that command (or deleting the svi), you will find
> that port 68 still remains open in show ip sockets.
>
> Paul.
>
>
> Darby Weaver wrote:
>> Not yet it hasn't.
>>
>> Still got it. Wiped everything but the default
>> directory where the tar originally dropped it.
>>
>> Hmmm...
>>
>> This is like the third reboot.
>>
>> Just left one of my 3750's and it has neither 67 nor
>> 68 but it does have routing enabled and it is does
>> have an IP Address assigned...
>>
>> Ahah!
>>
>> Hmmm...
>>
>> Well Paul it worked like this:
>>
>> While I had a blank configuration on m switch or one
>> with no layer 3 addressing yet... I was a DHCP
>> client.
>>
>> As soon as I enabled IP routing and assigned an IP
>> Address, followed by a reboot:
>>
>> I finally got only port 67
>>
>> And then I issued the command "no service dhcp" to
>> kill port 67
>>
>> Whew!!!
>>
>> Try it.
>>
>> But I promise, and I saved the session... just in case
>> that ip address dhcp was never used.
>>
>>
>> But as you wisely stated - "other conditions".
>>
>> No service dhcp should kill port 67.
>>
>>
>>
>>
>>
>>
>>
>>
>> --- Paul Cosgrove <paul.cosgrove@heanet.ie> wrote:
>>
>>> If you set an interface to learn its IP from DHCP
>>> and you then remove the "ip address dhcp" command, manually set an IP or
>>> delete that SVI, the switch continues to listen on port 68.
>>>
>>> The same happens on both 3550s and 3560s, and there
>>> may be other triggers which cause similar behaviour.
>>>
>>> A reload will fix it, though perhaps there may be a
>>> better solution.
>>>
>>> Paul.
>>>
>>> Darby Weaver wrote:
>>>> I do agree about no ip bootp (tried it myself -
>>> before
>>>> I just looked it up).
>>>>
>>>> Here's the 3550:
>>>>
>>>>
>>>> RACK3R10(config)#do sh ver
>>>> Cisco IOS Software, C3550 Software
>>>> (C3550-IPSERVICESK9-M), Version 12.2(25)SEE2,
>>> RELEASE
>>>> SOFTWARE (fc1)
>>>> Copyright (c) 1986-2006 by Cisco Systems, Inc.
>>>> Compiled Fri 28-Jul-06 12:20 by yenanh
>>>> Image text-base: 0x00003000, data-base: 0x00DC0AC4
>>>>
>>>> ROM: Bootstrap program is C3550 boot loader
>>>>
>>>> RACK3R10 uptime is 16 weeks, 2 days, 1 minute
>>>> System returned to ROM by power-on
>>>> System image file is
>>>> "flash:c3550-ipservicesk9-mz.122-25.SEE2.bin"
>>>>
>>>> RACK3R10#sh ip sockets
>>>> Proto Remote Port Local Port
>>> In
>>>> Out Stat TTY OutputIF
>>>> 17 --listen-- 3.3.10.10 68
>>> 0
>>>> 0 1 0 17 --listen-- 3.3.10.10 1975
>>> 0
>>>> 0 11 0 17 0.0.0.0 0 3.3.10.10 2228
>>> 0
>>>> 0 211 0 17 0.0.0.0 0 3.3.10.10 67
>>> 0
>>>> 0 2211 0 RACK3R10#conf t
>>>> Enter configuration commands, one per line. End
>>> with
>>>> CNTL/Z.
>>>> RACK3R10(config)#no service dhcp
>>>> RACK3R10(config)#do sh ip sockets
>>>> Proto Remote Port Local Port
>>> In
>>>> Out Stat TTY OutputIF
>>>> 17 --listen-- 3.3.10.10 68
>>> 0
>>>> 0 1 0 17 --listen-- 3.3.10.10 1975
>>> 0
>>>> 0 11 0 17 0.0.0.0 0 3.3.10.10 2228
>>> 0
>>>> 0 211 0
>>>> Funny port 68 will not go way now... on the 3550
>>>>
>>>>
>>>> Here's the 3560:
>>>>
>>>>
>>>> RACK3R7(config)#do sh ip soc
>>>> Proto Remote Port Local Port
>>> In
>>>> Out Stat TTY OutputIF
>>>> 17 --listen-- 3.3.7.7 1975
>>> 0
>>>> 0 11 0 17 0.0.0.0 0 3.3.7.7 2228
>>> 0
>>>> 0 211 0 17 0.0.0.0 0 3.3.7.7 67
>>> 0
>>>> 0 2211 0 RACK3R7(config)#no service dhcp
>>>> RACK3R7(config)#do sh ip soc Proto Remote Port
>>>> Local Port
>>> In
>>>> Out Stat TTY OutputIF
>>>> 17 --listen-- 3.3.7.7 1975
>>> 0
>>>> 0 11 0 17 0.0.0.0 0 3.3.7.7 2228
>>> 0
>>>> 0 211 0
>>>> Here's my other 3560:
>>>>
>>>> RACK3R8(config)#no service udp-small-servers RACK3R8(config)#do sh
>>>> ip sock
>>>> Proto Remote Port Local Port
>>> In
>>>> Out Stat TTY OutputIF
>>>> 17 --listen-- 3.3.8.8 1975
>>> 0
>>>> 0 11 0 17 0.0.0.0 0 3.3.8.8 2228
>>> 0
>>>> 0 211 0 17 0.0.0.0 0 3.3.8.8 67
>>> 0
>>>> 0 2211 0 RACK3R8(config)# service udp-small-servers
>>>> RACK3R8(config)#no service dhcp
>>>> RACK3R8(config)#do sh ip sock
>>>> Proto Remote Port Local Port
>>> In
>>>> Out Stat TTY OutputIF
>>>> 17 --listen-- 3.3.8.8 1975
>>> 0
>>>> 0 11 0 17 0.0.0.0 0 3.3.8.8 2228
>>> 0
>>>> 0 211 0
>>>> --- George Goglidze <goglidze@gmail.com> wrote:
>>>>
>>>>> Hi There,
>>>>>
>>>>> So is it not possible to disable BOOTP service on
>>> a
>>>>> switch ?????
>>>>>
>>>>> I guess it is impssible to do it, as there is no
>>>>> command "no ip bootp
>>>>> server",
>>>>> neither "no ip service dhcp".
>>>>>
>>>>> by the way, I've tried to disable bootp service
>>> on
>>>>> one router too,
>>>>> on dynamips, 3725,
>>>>> I did
>>>>> "no ip bootp service"
>>>>> but I still have port 67 open as we can see on
>>>>> following output:
>>>>>
>>>>> R1#sh ip sockets
>>>>> Proto Remote Port Local Port
>>> In
>>>>> Out Stat TTY OutputIF
>>>>> 17 --listen-- 1.1.1.1 2887
>>> 0
>>>>> 0 11 0
>>>>> 17 0.0.0.0 0 1.1.1.1 67
>>> 0
>>>>> 0 2211 0
>>>>>
>>>>>
>>>>> To Darby: I do not have DHCP service running on
>>> the
>>>>> router, so I don't have
>>>>> to
>>>>> disable DHCP, as it listens on port 67 as well.
>>>>> by the way I think we disable it with command "ip
>>>>> dhcp bootp ignore",
>>>>> but as I understand it, it listens only when you
>>>>> enable dhcp service on the
>>>>> router.
>>>>>
>>>>> anyway I did introduce both commands:
>>>>> "ip dhcp bootp ignore"
>>>>> and
>>>>> "no ip bootp server"
>>>>> on 3725 router (dynamips) , and the output of
>>> show
>>>>> ip sockets is the same.
>>>>> port 67 is still open.
>>>>>
>>>>> So, how do I really disable that ports, or does
>>> the
>>>>> show ip sockets output
>>>>> lie to me?
>>>>>
>>>>> Thanks,
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Jan 9, 2008 1:25 PM, Darby Weaver
>>>>> <darbyweaver@yahoo.com> wrote:
>>>>>
>>>>>> Have you considered:
>>>>>>
>>>>>> no ip bootp server
>>>>>>
>>>>>> Bootstrap Protocol (BOOTP) services: To disable
>>>>> BOOTP
>>>>>> services, use the no ip bootp server command in
>>>>> IOS
>>>>>> global configuration mode. Using the no ip bootp
>>>>>> server command by itself will not stop the
>>> router
>>>>> from
>>>>>> listening on UDP port 67 because this
>>> "well-known"
>>>>>> port is also used by DHCP, which is described
>>>>> later in
>>>>>> this list. This command is widely available
>>> within
>>>>>> IOS.
>>>>>>
>>>>>> So....
>>>>>>
>>>>>> no ip service dhcp might be needed as well.
>>>>>>
>>>>>> My rack is off at the moment...
>>>>>>
>>>>>> That should do it.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --- George Goglidze <goglidze@gmail.com> wrote:
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> Hi can I disable bootp service on a 3550
>>> switch?
>>>>>>> SW1#sh ip sockets
>>>>>>> Proto Remote Port Local Port
>>>>> In
>>>>>>> Out Stat TTY OutputIF
>>>>>>> 17 --listen-- --any-- 1975
>>>>> 0
>>>>>>> 0 11 0
>>>>>>> 17 0.0.0.0 0 1.1.1.1 2228
>>>>> 0
>>>>>>> 0 211 0
>>>>>>> 17 0.0.0.0 0 1.1.1.1 67
>>>>> 0
>>>>>>> 0 2211 0
>>>>>>>
>>>>>>>
>>>>>>> it shows that it's active.
>>>>>>> but I have no command "no ip bootp service"
>>>>>>> available.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>>
>> _______________________________________________________________________
>>>>>>> Subscription information may be found at:
>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>
>>> --
>>> Paul Cosgrove
>>> HEAnet Limited, Ireland's Education and Research
>>> Network
>>> 1st Floor, 5 George's Dock, IFSC, Dublin 1
>>> Registered in Ireland, no 275301
>>> tel: +353-1-660 9040 fax: +353-1-660 3666
>>> web: http://www.heanet.ie/
>>>
>>
>>
>>
>>
>
>

-- 
Paul Cosgrove
HEAnet Limited, Ireland's Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin 1
Registered in Ireland, no 275301
tel: +353-1-660 9040  fax: +353-1-660 3666
web: http://www.heanet.ie/

• Next message: Darby Weaver: "Re: 3550 bootp service"
• Previous message: uyota oyearone: "RE: CCIE #19769"
• Maybe in reply to: George Goglidze: "3550 bootp service"
• Next in thread: Darby Weaver: "Re: 3550 bootp service"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST