cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10798
Views
10
Helpful
3
Replies

Disabling bootp on 3750

josephp
Level 1
Level 1

Hi Folks,

We are doing a security audit and want to disable un used services, there was an old command to disable bootp "no ip bootp server". Is bootp enabled on 3750 by default, is "ip dhcp bootp ignore" will disable the clients connected to the 3750 from getting an ip address from the dhcp server?

Thank you in advanced,

JP

3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

Hi JP,

The people that are doing the security audit may be looking at older documents.   I do not see that command on 3750 switches neither in global or under interfaces.  Bootp is not enable by default.  You have to enable it under the interface with command "ip helper address"

Switch(config-if)#ip helper-address ?
  A.B.C.D  IP destination address
  global   Helper-address is global
  vrf      VRF name for helper-address (if different from interface VRF)

Switch(config-if)#ip helper-address

HTH

Reza

vragotha
Level 3
Level 3

bootp is enabled by default. DHCP and bootp share the same UDP port 67, so if you block that port, you will be blocking DHCP as well.

If you want to disable both, you can configure 'no service dhcp'

I concur with what Vijay has said...

But just to add to that...

DHCP uses udp port 67 and 68.

In a typical scenario.

When a system starts up on a network it must first request an IP address (assume it is not using a static IP address), and it does this by broadcasting a request to the DHCP server:

UDP 0.0.0.0:68 -> 255.255.255.255:67

The DHCP server then responds with something like:

UDP 192.168.1.1:67 -> 255.255.255.255:68

Another note,

Regarding running 'no service dhcp'

This would make the entire device incapable of handling DHCP. This also means that the router cannot act as a relay agent to forward DHCP requests to say a windows server.


Client ------- 3750 ------- DHCP Server.

If the above is the sceanrio, to make the DHCP server give ip addresses to the client - we would configrue ip helper-address.

But if you do a 'no service dhcp' you cannot forward DHCP 'through' the 3750 towards the DHCP Server.

Just wanted to round that up.

Review Cisco Networking for a $25 gift card