Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
578
Views
0
Helpful
6
Replies

3750x switch - what version of code was dhcp/bootp service disabled by default

Charley Morgan
Level 1
Level 1

‎02-08-2018 06:53 AM - edited ‎03-08-2019 01:46 PM

We had an audit performed where the auditing company used a config parser on a switch config. It was a Cisco 3750-X switch. The config parser flagged the switch saying it had the DHCP service running based on the fact that it did not have the command 'no service dhcp' in the config. However, with that audit we turned in a 'show ip socket' command which showed the service was not actively running on the switch.

 

I have checked and the service is off be default on 3850 switches but I want to know if newer revisions of code for the 3750-X had the service off by default as well. I am running numerous other 3750X switches with older code and the service is running unless you manually turn it off but the switch in question is updated quarterly if code is available so it is running newer firmware.

 

Thanks for any input on this.

 

Charley

Labels:
0 Helpful
6 Replies 6

burleyman
Level 8
Level 8

‎02-08-2018 11:21 AM

DHCP is enabled in Cisco IOS software, requires configuration. The important part is the switch responds to DHCP requests only if it is configured as a DHCP server. If it is not configured it does nothing.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swdhcp82.html?bookSearch=true#74178

Look under "Default DHCP Configuration" section.

 

Mike

0 Helpful

Charley Morgan
Level 1
Level 1
In response to burleyman

‎02-08-2018 11:31 AM

I completely understand that is has to be configured to work but by default in older switches port 67 is an active running service.  Even on my older 3750x switches if you run a 'show ip socket' that port is running.  Because of standards we have to abide by we have to justify every running port on that network, whether it is on a server or switch.  If we can't justify a use it has to be turn off if it can be.  If it can't be turned off we have to document why and show proof.

 

That is why I was asking.  The latest code for the 3750x switches seems to have that service off by default but the older versions do not.  Just trying to find any documentation to show when that was changed to default off.

 

Thanks,

 

Charley

0 Helpful

burleyman
Level 8
Level 8
In response to Charley Morgan

‎02-08-2018 11:47 AM

I was checking to see if I could find anything on it but no luck. You could try reaching out to Cisco and see what they recommend. I do know on some audits like that if I could produce documentation on something being on but not able to be used it sometimes allowed the audit to pass, but it depends on the score of the issue.

 

Mike

0 Helpful

burleyman
Level 8
Level 8
In response to burleyman

‎02-08-2018 11:49 AM

Another thing that might help is updating them to the latest code so they at least can see that you are current.

 

Mike

0 Helpful

Charley Morgan
Level 1
Level 1
In response to burleyman

‎02-08-2018 12:34 PM

I have a case open with Cisco now asking that very question.  I am waiting on their response.

 

We are also required by the same standards to stay up to date.  We have to check once a month and if new recommended code exists we have to upgrade or write documentation detailing why we can't upgrade.

 

Thanks again for any assistance,

 

Charley

0 Helpful

burleyman
Level 8
Level 8
In response to Charley Morgan

‎02-08-2018 12:37 PM

Post here what you find....curious.

 

Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card