I have two Cisco switches that are sending out DHCP BootRequests and they're hitting my firewall about once a minute or so. What is it trying to do? How can I stop it?
Asked
Active
Viewed 393 times
2 Answers
1
BOOTREQUEST is part of the BOOTP protocol that most DHCP servers also support. Devices using BOOTP send a BOOTREQUEST. The BOOTP server will reply with the creatively named BOOTREPLY. This does answer what the device is trying to do, it's attempting to get an IP address by way of a pre-DHCP protocol.
Bootp, unlike dhcp, requires a 1:1 association between MAC address and IP address. The log message you see is generated when the DHCP server doesn't have such a thing, or doesn't have available scope on that particular subnet.
Noisy, but harmless.
Stopping it required identifying what device belongs to that particular MAC address and figuring out if you can convince it to not use bootp.
sysadmin1138
- 131,083
- 18
- 173
- 296
-
awesome, the 'Noisy, but harmless' comment is the best thing I've heard all day :) – blsub6 Oct 21 '10 at 23:11
0
Have you verified that the source MAC address is from the Cisco switches?
Do the switches have static ip addresses or are they configured to get their ip information via DHCP?
joeqwerty
- 108,377
- 6
- 80
- 171