Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Disable UDP 68 BOOTPc

Anyone know of a way to disable UDP/68/BOOTPc on a catalyst switch? I was able to turn off UDP/67/BOOTPs. Just wondering if I can do the same with UDP/68.

Using a 356G-24-TS running IOS 12.2(50)SE3 code.

OUTPUT FROM SWITCH

switch#sh ip sock

Proto    Remote      Port      Local       Port  In Out Stat TTY OutputIF

17   --listen--          192.168.1.1       68   0   0    1   0

17 0.0.0.0             0 192.168.1.1     2228   0   0  211   0

17   --listen--          192.168.1.1      161   0   0 1001   0

17   --listen--          192.168.1.1      162   0   0 1011   0

17   --listen--          192.168.1.1    56874   0   0 1011   0

17   --listen--          --any--           161   0   0 20001   0

17   --listen--          --any--           162   0   0 20011   0

17   --listen--          --any--         52946   0   0 20001   0

17   --listen--          192.168.1.1      123   0   0    1   0

17 192.168.1.2      514 192.168.1.1    57436   0   0 400211   0

switch#

"flash:/c3560-ipbasek9-mz.122-50.SE3.bin"

WS-C3560G-24TS-S

Thanks in advance

Everyone's tags (7)
1 ACCEPTED SOLUTION

Accepted Solutions

Disable UDP 68 BOOTPc

Hey,

take a look to this website:

http://www.cisco-faq.com/163/forward_udp_broadcas.html

It will give you the idea of why you do not need to further block udp 68 on your test switch.

mark the thread as "answered" if you like.

Take Care

Alessio

4 REPLIES

Re: Disable UDP 68 BOOTPc

http://www.nsa.gov/ia/_files/switches/switch-guide-version1_01.pdf

Page 16-17

Just you are there, read all of it. Everybody should be implementing this recommendation .

No ip forward udp 68

Is the short answer

Take care

Alessio

Have a good reading

Alessio

Sent from Cisco Technical Support iPad App

New Member

Disable UDP 68 BOOTPc

Hi Alessio

Thanks for the reply and the great link. Unfortuately the command didn't take.

switch(config)#no ip forward-protocol udp bootpc
UDP port 68 not found to delete

switch#sh ip sock

Proto    Remote      Port      Local       Port  In Out Stat TTY OutputIF

17   --listen--          192.168.1.1       68   0   0    1   0

17 0.0.0.0             0 192.168.1.1     2228   0   0  211   0

17   --listen--          192.168.1.1      161   0   0 1001   0

17   --listen--          192.168.1.1      162   0   0 1011   0

17   --listen--          192.168.1.1    56874   0   0 1011   0

17   --listen--          --any--           161   0   0 20001   0

17   --listen--          --any--           162   0   0 20011   0

17   --listen--          --any--         52946   0   0 20001   0

17   --listen--          192.168.1.1      123   0   0    1   0

17 192.168.1.2      514 192.168.1.1    57436   0   0 400211   0

switch#

Also, I don't know if it makes any difference or not, but this is a standalone test switch with no connections to anything else.

Thanks

Disable UDP 68 BOOTPc

Hey,

take a look to this website:

http://www.cisco-faq.com/163/forward_udp_broadcas.html

It will give you the idea of why you do not need to further block udp 68 on your test switch.

mark the thread as "answered" if you like.

Take Care

Alessio

Purple

Disable UDP 68 BOOTPc

Hi alessio,

Can you explain how it can be listening on a client port? If i'm not mistaken devices only listen on server ports?

Regards.

Alain

Don't forget to rate helpful posts.
3549
Views
2
Helpful
4
Replies