当在接口使用ip helper-address命令,路由器会前传接收到的UDP广播报文到指定服务器地址

Lab_B(config)#interface f0/0
Lab_B(config-if)#ip helper-address 192.168.254.251

下表列出了前传的数据包类型

Port or Protocol Meaning On by Default <0–65535> Port number (create your own) biff Biff (mail notification, comsat, 512) bootpc Bootstrap Protocol (BOOTP) client (68) X bootps Bootstrap Protocol (BOOTP) server (67) X discard Discard (9) dnsix DNSIX security protocol auditing (195) domain Domain Name Service (DNS) (53) X echo Echo (7) isakmp Internet Security Association and Key ManagementProtocol (ISAKMP) (500) mobile-ip Mobile IP registration (434) nameserver IEN116 name service (obsolete, 42) netbios-dgm NetBios datagram service (138) X netbios-ns NetBios name service (137) X netbios-ss NetBios session service (139) ntp Network Time Protocol (NTP) (123) pim-auto-rp PIM Auto-RP (496) rip Routing Information Protocol (RIP) (router, in.routed, 520)

这些默认的前传类型,可以通过下面的命令关闭,只开启bootps UDP 67,来提高路由器的安全性

Lab_B(config)#no ip forward-protocol udp 69
Lab_B(config)#no ip forward-protocol udp 53
Lab_B(config)#no ip forward-protocol udp 37
Lab_B(config)#no ip forward-protocol udp 137
Lab_B(config)#no ip forward-protocol udp 138
Lab_B(config)#no ip forward-protocol udp 68
Lab_B(config)#no ip forward-protocol udp 49