From: Farrukh Haroon (farrukhharoon@gmail.com)
Date: Thu Jan 10 2008 - 16:08:32 ARST
Darby that is not there by default. I think you have
no switchport
ip address dhcp
on one of your ports....68 is the client port....
Regards
Farrukh
On Jan 10, 2008 6:44 AM, Darby Weaver <darbyweaver@yahoo.com> wrote:
> I do agree about no ip bootp (tried it myself - before
> I just looked it up).
>
> Here's the 3550:
>
>
> RACK3R10(config)#do sh ver
> Cisco IOS Software, C3550 Software
> (C3550-IPSERVICESK9-M), Version 12.2(25)SEE2, RELEASE
> SOFTWARE (fc1)
> Copyright (c) 1986-2006 by Cisco Systems, Inc.
> Compiled Fri 28-Jul-06 12:20 by yenanh
> Image text-base: 0x00003000, data-base: 0x00DC0AC4
>
> ROM: Bootstrap program is C3550 boot loader
>
> RACK3R10 uptime is 16 weeks, 2 days, 1 minute
> System returned to ROM by power-on
> System image file is
> "flash:c3550-ipservicesk9-mz.122-25.SEE2.bin"
>
> RACK3R10#sh ip sockets
> Proto    Remote      Port      Local       Port  In
> Out Stat TTY OutputIF
>  17   --listen--          3.3.10.10          68   0
> 0    1   0
>  17   --listen--          3.3.10.10        1975   0
> 0   11   0
>  17 0.0.0.0             0 3.3.10.10        2228   0
> 0  211   0
>  17 0.0.0.0             0 3.3.10.10          67   0
> 0 2211   0
> RACK3R10#conf t
> Enter configuration commands, one per line.  End with
> CNTL/Z.
> RACK3R10(config)#no service dhcp
> RACK3R10(config)#do sh ip sockets
> Proto    Remote      Port      Local       Port  In
> Out Stat TTY OutputIF
>  17   --listen--          3.3.10.10          68   0
> 0    1   0
>  17   --listen--          3.3.10.10        1975   0
> 0   11   0
>  17 0.0.0.0             0 3.3.10.10        2228   0
> 0  211   0
>
> Funny port 68 will not go way now...  on the 3550
>
>
> Here's the 3560:
>
>
> RACK3R7(config)#do sh ip soc
> Proto    Remote      Port      Local       Port  In
> Out Stat TTY OutputIF
>  17   --listen--          3.3.7.7          1975   0
> 0   11   0
>  17 0.0.0.0             0 3.3.7.7          2228   0
> 0  211   0
>  17 0.0.0.0             0 3.3.7.7            67   0
> 0 2211   0
> RACK3R7(config)#no service dhcp
> RACK3R7(config)#do sh ip soc
> Proto    Remote      Port      Local       Port  In
> Out Stat TTY OutputIF
>  17   --listen--          3.3.7.7          1975   0
> 0   11   0
>  17 0.0.0.0             0 3.3.7.7          2228   0
> 0  211   0
>
> Here's my other 3560:
>
> RACK3R8(config)#no service udp-small-servers
> RACK3R8(config)#do sh ip sock
> Proto    Remote      Port      Local       Port  In
> Out Stat TTY OutputIF
>  17   --listen--          3.3.8.8          1975   0
> 0   11   0
>  17 0.0.0.0             0 3.3.8.8          2228   0
> 0  211   0
>  17 0.0.0.0             0 3.3.8.8            67   0
> 0 2211   0
> RACK3R8(config)# service udp-small-servers
> RACK3R8(config)#no service dhcp
> RACK3R8(config)#do sh ip sock
> Proto    Remote      Port      Local       Port  In
> Out Stat TTY OutputIF
>  17   --listen--          3.3.8.8          1975   0
> 0   11   0
>  17 0.0.0.0             0 3.3.8.8          2228   0
> 0  211   0
>
> --- George Goglidze <goglidze@gmail.com> wrote:
>
> > Hi There,
> >
> > So is it not possible to disable BOOTP service on a
> > switch ?????
> >
> > I guess it is impssible to do it, as there is no
> > command "no ip bootp
> > server",
> > neither "no ip service dhcp".
> >
> > by the way,  I've tried to disable bootp service on
> > one router too,
> > on dynamips, 3725,
> > I did
> > "no ip bootp service"
> > but I still have port 67 open as we can see on
> > following output:
> >
> > R1#sh ip sockets
> > Proto    Remote      Port      Local       Port  In
> > Out Stat TTY OutputIF
> >  17   --listen--          1.1.1.1          2887   0
> >  0   11   0
> >  17 0.0.0.0             0 1.1.1.1            67   0
> >  0 2211   0
> >
> >
> > To Darby: I do not have DHCP service running on the
> > router, so I don't have
> > to
> > disable DHCP, as it listens on port 67 as well.
> > by the way I think we disable it with command "ip
> > dhcp bootp ignore",
> > but as I understand it, it listens only when you
> > enable dhcp service on the
> > router.
> >
> > anyway I did introduce both commands:
> > "ip dhcp bootp ignore"
> > and
> > "no ip bootp server"
> > on 3725 router (dynamips) , and the output of show
> > ip sockets is the same.
> > port 67 is still open.
> >
> > So, how do I really disable that ports, or does the
> > show ip sockets output
> > lie to me?
> >
> > Thanks,
> >
> >
> >
> >
> >
> >
> > On Jan 9, 2008 1:25 PM, Darby Weaver
> > <darbyweaver@yahoo.com> wrote:
> >
> > > Have you considered:
> > >
> > > no ip bootp server
> > >
> > > Bootstrap Protocol (BOOTP) services: To disable
> > BOOTP
> > > services, use the no ip bootp server command in
> > IOS
> > > global configuration mode. Using the no ip bootp
> > > server command by itself will not stop the router
> > from
> > > listening on UDP port 67 because this "well-known"
> > > port is also used by DHCP, which is described
> > later in
> > > this list. This command is widely available within
> > > IOS.
> > >
> > > So....
> > >
> > > no ip service dhcp might be needed as well.
> > >
> > > My rack is off at the moment...
> > >
> > > That should do it.
> > >
> > >
> > >
> > >
> > >
> > >
> > > --- George Goglidze <goglidze@gmail.com> wrote:
> > >
> > > > Hi all,
> > > >
> > > > Hi can I disable bootp service on a 3550 switch?
> > > >
> > > > SW1#sh ip sockets
> > > > Proto    Remote      Port      Local       Port
> > In
> > > > Out Stat TTY OutputIF
> > > >  17   --listen--          --any--          1975
> >  0
> > > >  0   11   0
> > > >  17 0.0.0.0             0 1.1.1.1          2228
> >  0
> > > >  0  211   0
> > > >  17 0.0.0.0             0 1.1.1.1            67
> >  0
> > > >  0 2211   0
> > > >
> > > >
> > > > it shows that it's active.
> > > > but I have no command "no ip bootp service"
> > > > available.
> > > >
> > > > Thanks,
> > > >
> > > >
> > >
> >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST