Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Blocking bootp

This thread has been viewed 0 times

  • 1.  Blocking bootp

    Posted Feb 06, 2017 01:58 PM

    We are looking at blocking bootp using a service acl then assigning to the authenicated and guest user roles.  When creating the policy under Security/Access Control/polices I used session as the policy type I see svc-dhcp udp67-68 and svc-bootp udp 67-69.  I choose svc-bootp in order to block bootp.  Is this correct/recommended way to block bootp and how does the controller differentiate DHCP from bootp?  Does this affect DHCP in any way?

     

     

     

     

     



  • 2.  RE: Blocking bootp
    Best Answer

    EMPLOYEE
    Posted Feb 06, 2017 04:42 PM

    I don't know what the difference is, but the logon-control ACL uses:

     

    user    any                      udp 68                 deny

     

    Which works in most situations to prevent clients from answering to DHCP requests.  It might work for bootp.  You should try it.