Disable udp on ports 137 and 138 on cisco 1700

Hi all. I've have a problem with workstations thinking they are the masterbrowser for my Windows 2000 domain. This is happening because I'm using ip helper addresses to broadcast dhcp requests on the router that connects another network on the same subnet . As a result, netbios udp broadcasts on ports 137 and 138 are also being forwarded, causing the master browser issue. What is the command to disable udp or broadcast forwarding on specific ports?
bluespringsitAsked:
Who is Participating?
 
lrmooreConnect With a Mentor Commented:
The ip helper-address interface commands opens up those udp ports. You can close them back down easily enough without an access-list

router(config)#no ip forward-protocol udp 137
router(config)#no ip forward-protocol udp 138

0
 
Netman66Commented:
Instead of using a helper address why not use a DHCP Relay agent on the subnet without the DHCP server?

This would be a better option - stops broadcast storms.

0
 
parkerigCommented:
this is a real simple example I am giving so modify it as you see fit.

on cisco router
create an access list like

deny udp 137
deny udp 138
permit all

apply this access list to the ethernet port ( or whichever port connects lan / wan)

Cheers
Ian
0
 
Netman66Commented:
lrmoore,

Perfect!

I still think a relay agent would work too, but your answer is simpler.

0
 
bluespringsitAuthor Commented:
Perfect, thank you lrmoore and everyone else. I went with the no ip forward commands instead of a relay agent. Theres only two computers on this other segment. Thanks again!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.