cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
4861
Views
2
Helpful
4
Replies
Beginner

Disable UDP 68 BOOTPc

Anyone know of a way to disable UDP/68/BOOTPc on a catalyst switch? I was able to turn off UDP/67/BOOTPs. Just wondering if I can do the same with UDP/68.

Using a 356G-24-TS running IOS 12.2(50)SE3 code.

OUTPUT FROM SWITCH

switch#sh ip sock

Proto    Remote      Port      Local       Port  In Out Stat TTY OutputIF

17   --listen--          192.168.1.1       68   0   0    1   0

17 0.0.0.0             0 192.168.1.1     2228   0   0  211   0

17   --listen--          192.168.1.1      161   0   0 1001   0

17   --listen--          192.168.1.1      162   0   0 1011   0

17   --listen--          192.168.1.1    56874   0   0 1011   0

17   --listen--          --any--           161   0   0 20001   0

17   --listen--          --any--           162   0   0 20011   0

17   --listen--          --any--         52946   0   0 20001   0

17   --listen--          192.168.1.1      123   0   0    1   0

17 192.168.1.2      514 192.168.1.1    57436   0   0 400211   0

switch#

"flash:/c3560-ipbasek9-mz.122-50.SE3.bin"

WS-C3560G-24TS-S

Thanks in advance

Everyone's tags (7)
1 ACCEPTED SOLUTION

Accepted Solutions
Contributor

Disable UDP 68 BOOTPc

Hey,

take a look to this website:

http://www.cisco-faq.com/163/forward_udp_broadcas.html

It will give you the idea of why you do not need to further block udp 68 on your test switch.

mark the thread as "answered" if you like.

Take Care

Alessio

4 REPLIES
Contributor

Re: Disable UDP 68 BOOTPc

http://www.nsa.gov/ia/_files/switches/switch-guide-version1_01.pdf

Page 16-17

Just you are there, read all of it. Everybody should be implementing this recommendation .

No ip forward udp 68

Is the short answer

Take care

Alessio

Have a good reading

Alessio

Sent from Cisco Technical Support iPad App

Beginner

Disable UDP 68 BOOTPc

Hi Alessio

Thanks for the reply and the great link. Unfortuately the command didn't take.

switch(config)#no ip forward-protocol udp bootpc
UDP port 68 not found to delete

switch#sh ip sock

Proto    Remote      Port      Local       Port  In Out Stat TTY OutputIF

17   --listen--          192.168.1.1       68   0   0    1   0

17 0.0.0.0             0 192.168.1.1     2228   0   0  211   0

17   --listen--          192.168.1.1      161   0   0 1001   0

17   --listen--          192.168.1.1      162   0   0 1011   0

17   --listen--          192.168.1.1    56874   0   0 1011   0

17   --listen--          --any--           161   0   0 20001   0

17   --listen--          --any--           162   0   0 20011   0

17   --listen--          --any--         52946   0   0 20001   0

17   --listen--          192.168.1.1      123   0   0    1   0

17 192.168.1.2      514 192.168.1.1    57436   0   0 400211   0

switch#

Also, I don't know if it makes any difference or not, but this is a standalone test switch with no connections to anything else.

Thanks

Contributor

Disable UDP 68 BOOTPc

Hey,

take a look to this website:

http://www.cisco-faq.com/163/forward_udp_broadcas.html

It will give you the idea of why you do not need to further block udp 68 on your test switch.

mark the thread as "answered" if you like.

Take Care

Alessio

Advisor

Disable UDP 68 BOOTPc

Hi alessio,

Can you explain how it can be listening on a client port? If i'm not mistaken devices only listen on server ports?

Regards.

Alain

Don't forget to rate helpful posts.
CreatePlease to create content
Ask the Expert- Webex Hybrid Services Solutions