Hi all. The corp that I work for have a process where all our configurations are analysed against a Cisco benchmark and any security issues are recorded & logged for us to deal with, with the solution given to us. One such security hole that is highlighted to be plugged is that bootp is not disabled, and the solution given to us in this case being listed as 'no ip bootp server'.
I understand that from a certain IOS revision the configuration command had changed from:
>no ip bootp server
>ip dhcp bootp ignore
But on some switches we have (for example 2950's with c2950-i6q4l2-mz.121-22.EA13 IOS) neither option seems to be available to enter against either the general config or an uplink interface. This I don't understand as the security vulnerability logged is as mentioned based upon a Cisco benchmarking process - but as the IOS revision does not permit remediation so far as I can see by way of entering a diabling config line why is it being logged as a security hole to be plugged? Was bootp disabling an afterthought on some IOS, or am I missing something?