Use ip helper-address with the no ip forward-protocol
November 7th, 2008
1 comment
The ip helper-address command on a router is a fairly used command in multilayer switched networks. When you enable this command on a router interface (for instance, a SVI on a multilayer switch), the following broadcasts are forwarded by default;
- TFTP – port 69
- Domain Name System (DNS) – port 53
- Time service – port 37
- NetBIOS Name Server – port 137
- NetBIOS Datagram Server – port 138
- Bootstrap Protocol (BOOTP) – port 67
- TACACS – port 49
You can disable the services that you don’t need. Disable this with the following command;
router(config)# no ip forward-protocol udp 69