Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8128
Views
2
Helpful
4
Replies

Disable UDP 68 BOOTPc

Go to solution
Khagler24
Level 1
Level 1

‎08-30-2012 01:39 PM - edited ‎03-07-2019 08:37 AM

Anyone know of a way to disable UDP/68/BOOTPc on a catalyst switch? I was able to turn off UDP/67/BOOTPs. Just wondering if I can do the same with UDP/68.

Using a 356G-24-TS running IOS 12.2(50)SE3 code.

OUTPUT FROM SWITCH

switch#sh ip sock

Proto    Remote      Port      Local       Port  In Out Stat TTY OutputIF

17   --listen--          192.168.1.1       68   0   0    1   0

17 0.0.0.0             0 192.168.1.1     2228   0   0  211   0

17   --listen--          192.168.1.1      161   0   0 1001   0

17   --listen--          192.168.1.1      162   0   0 1011   0

17   --listen--          192.168.1.1    56874   0   0 1011   0

17   --listen--          --any--           161   0   0 20001   0

17   --listen--          --any--           162   0   0 20011   0

17   --listen--          --any--         52946   0   0 20001   0

17   --listen--          192.168.1.1      123   0   0    1   0

17 192.168.1.2      514 192.168.1.1    57436   0   0 400211   0

switch#

"flash:/c3560-ipbasek9-mz.122-50.SE3.bin"

WS-C3560G-24TS-S

Thanks in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Alessio Andreoli
Level 5
Level 5
In response to Khagler24

‎08-31-2012 10:56 AM

Hey,

take a look to this website:

http://www.cisco-faq.com/163/forward_udp_broadcas.html

It will give you the idea of why you do not need to further block udp 68 on your test switch.

mark the thread as "answered" if you like.

Take Care

Alessio

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Alessio Andreoli
Level 5
Level 5

‎08-30-2012 02:32 PM

http://www.nsa.gov/ia/_files/switches/switch-guide-version1_01.pdf

Page 16-17

Just you are there, read all of it. Everybody should be implementing this recommendation .

No ip forward udp 68

Is the short answer

Take care

Alessio

Have a good reading

Alessio

Sent from Cisco Technical Support iPad App

Go to solution
Khagler24
Level 1
Level 1
In response to Alessio Andreoli

‎08-30-2012 02:53 PM

Hi Alessio

Thanks for the reply and the great link. Unfortuately the command didn't take.

switch(config)#no ip forward-protocol udp bootpc
UDP port 68 not found to delete

switch#sh ip sock

Proto    Remote      Port      Local       Port  In Out Stat TTY OutputIF

17   --listen--          192.168.1.1       68   0   0    1   0

17 0.0.0.0             0 192.168.1.1     2228   0   0  211   0

17   --listen--          192.168.1.1      161   0   0 1001   0

17   --listen--          192.168.1.1      162   0   0 1011   0

17   --listen--          192.168.1.1    56874   0   0 1011   0

17   --listen--          --any--           161   0   0 20001   0

17   --listen--          --any--           162   0   0 20011   0

17   --listen--          --any--         52946   0   0 20001   0

17   --listen--          192.168.1.1      123   0   0    1   0

17 192.168.1.2      514 192.168.1.1    57436   0   0 400211   0

switch#

Also, I don't know if it makes any difference or not, but this is a standalone test switch with no connections to anything else.

Thanks

0 Helpful

Go to solution
Alessio Andreoli
Level 5
Level 5
In response to Khagler24

‎08-31-2012 10:56 AM

Hey,

take a look to this website:

http://www.cisco-faq.com/163/forward_udp_broadcas.html

It will give you the idea of why you do not need to further block udp 68 on your test switch.

mark the thread as "answered" if you like.

Take Care

Alessio

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Alessio Andreoli

‎08-31-2012 12:03 PM

Hi alessio,

Can you explain how it can be listening on a client port? If i'm not mistaken devices only listen on server ports?

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card