Cisco ip helper-address
当在接口使用ip helper-address命令,路由器会前传接收到的UDP广播报文到指定服务器地址http://www.net527.cn/uploads/allimg/100601/092H3OF-0.png
Lab_B(config)#interface f0/0
Lab_B(config-if)#ip helper-address 192.168.254.251
下表列出了前传的数据包类型
Port or ProtocolMeaning On by Default<0–65535>Port number (create your own) biffBiff (mail notification, comsat, 512) bootpcBootstrap Protocol (BOOTP) client (68) XbootpsBootstrap Protocol (BOOTP) server (67)XdiscardDiscard (9) dnsixDNSIX security protocol auditing (195) domainDomain Name Service (DNS) (53)XechoEcho (7) isakmpInternet Security Association and Key Management Protocol (ISAKMP) (500) mobile-ipMobile IP registration (434) nameserverIEN116 name service (obsolete, 42) netbios-dgmNetBios datagram service (138)Xnetbios-nsNetBios name service (137)Xnetbios-ssNetBios session service (139) ntpNetwork Time Protocol (NTP) (123) pim-auto-rpPIM Auto-RP (496) ripRouting Information Protocol (RIP) (router, in.routed, 520) 这些默认的前传类型,可以通过下面的命令关闭,只开启bootps UDP 67,来提高路由器的安全性
Lab_B(config)#no ip forward-protocol udp 69
Lab_B(config)#no ip forward-protocol udp 53
Lab_B(config)#no ip forward-protocol udp 37
Lab_B(config)#no ip forward-protocol udp 137
Lab_B(config)#no ip forward-protocol udp 138
Lab_B(config)#no ip forward-protocol udp 68
Lab_B(config)#no ip forward-protocol udp 49
页:
[1]