04-22-2007 10:27 PM - edited 03-05-2019 03:36 PM
Hi all,
Our sys admin is using a Sw delivery pkg; the pkg works by sending wake on lan packets using broadcast before delivering the pkgs; naturally, these broadcast pkts are not reaching other vlans. What can i do to make them do this?
thank you.
Solved! Go to Solution.
04-23-2007 06:51 AM
Mohamad
Yes it is a combination of the 3 commands and of knowing which command needs to go on which interface.
I am glad that we were able to help you solve your problem. Thanks for the rating.
HTH
Rick
04-22-2007 10:34 PM
Make you server nic card to participate on all VLAN by making it trunk interface. Not all NIC card supports trunking you need to buy special kind of NIC card for this.
Once your server is in all VLAN it will broadcast to all VLAN.
I hope it should work this way.
04-22-2007 11:02 PM
Hi,
You can think of using ip helper-address command under VLAN interface to acheive forwarding of broadcasts
eg. int VLAN2
ip address 10.1.1.1 255.255.255.0
ip helper-address 10.1.2.255
ip helper-address 10.1.3.255
you may have to use proper filtering/access list to allow broadcast only from the specified server.
HTH
04-22-2007 10:49 PM
Try enabling " ip directed-broadcast" under the vlan interface .
HTH,
-amit singh
04-22-2007 11:22 PM
Queston to Parameshwaram-
ip helper-address command is for directing the brodcast to a server which on other VLAN but here requirement is different ? User wanna have bradcast from a server in a VLAN to be reached to other VLANs also.
Question to Amit-
Can you please explain how ip directed brodcast command will broadcast traffic from that particular server to other VLANs, not all the broadcast ?
04-22-2007 11:39 PM
Hi,
Basically ip helper-address is used to forward udp broadcast (eg. DHCP BOOTP Packets) to Specific address mentioned in the command. The command syntax is
ip helper-address address
where address is Destination broadcast or host address to be used when forwarding UDP broadcasts. There can be more than one helper address per interface.
so if the address is ip broadcast address for a LAN segment, all machines in that segment will receive the particular broadcast information
Incase of DHCP, 255.255.255.255 is generated by Client and is forwarded to DHCP Server ( i.e. in helper-address command) as unicast packet. In the present scenario, 255.255.255.255 is generated by Server and is forwarded to respective different VLANs as ip broadcasts which configured in helper address.
HTH
regards
Param
04-23-2007 12:05 AM
Hi all,
The ip helper-address doesn't forward all broadcasts:
All of the following conditions must be met in order for a UDP or IP packet to be helpered by the ip helper-address command:
?The MAC address of the received frame must be all-ones broadcast address (ffff.ffff.ffff).
?The IP destination address must be one of the following: all-ones broadcast (255.255.255.255), subnet broadcast for the receiving interface; or major-net broadcast for the receiving interface if the no ip classless command is also configured.
?The IP time-to-live (TTL) value must be at least 2.
?The IP protocol must be UDP (17).
?The UDP destination port must be for TFTP, Domain Name System (DNS), Time, NetBIOS, ND, BOOTP or DHCP packet, or a UDP port specified by the ip forward-protocol udp global configuration command.
If these are the protocols that you wish to pass between VLANs then fine, if not try to define your protocol via the "ip forward-protocol" command.
HTH, please rate if it does,
Mohammed Mahmoud.
04-23-2007 12:48 AM
Guys,
please correct me if i'm wrong; the helper-address handles the problem from a reverse point of view; i.e. if i plug in a dhcp client, it will bcst a dhcp request, which gets directed by the helper-address to a specific host. in my case, the server itself is sending bcsts to, say, 500 machines.
so i configured ip forward-protocol to enable wake on lan pkts {which use UDP port 3674 in my case} and applied ip directed-broacast on vlan 1 {where my server is}. this did not solve the problem.
what do you think?
04-23-2007 01:12 AM
Hi there,
IP helper should solve broadcast issues either ways. Have you tried it like this:
"ip helper-address 255.255.255.255"
HTH,
Mohammed Mahmoud.
04-23-2007 12:27 AM
Please see how, ip directed-broadcast works.
http://www.cisco.com/warp/public/707/21.html#controlling_directed_bcasts
-amit singh
04-23-2007 12:44 AM
Hi Amit,
An IP directed broadcast is a datagram which is sent to the broadcast address of a subnet to which the sending machine is not directly attached, do u think that this apply to this case ?
BR,
Mohammed Mahmoud.
04-23-2007 02:20 AM
Guys,
i added ip forward-protocol udp 3674, used by wkae on pkts. I then added an inbound acl to vlan1 {where the server is located}, with src = server ip, dst = any, prot = udp port 3674; as i send wake on pkts from the server, i see hits on the acl entry.
i then applied the same acl, in the inbound and outbound directions of the subnet where the test machine is located. It did not record any hits.
Obviously, wake on pkts are reaching VLAN1, but not going through the destination subnet VLAN111.
any ideas? is it smtg on the vlan config level?
04-23-2007 02:51 AM
Hi
Did you configure ip helper-address under VLAN interface ?
can you post the config ?
Regards
Param
04-23-2007 03:27 AM
Hi again,
no i did not set ip helper-address. i have the following config under vlan 1:
int vlan1
ip address 172.16.16.200 255.255.192.0
ip access-group SUS1 in
ip access-group SUS1 out
no ip redirects
ip directed-broadcast 101
no ip proxy-arp
interface Vlan111
ip address 172.16.111.1 255.255.255.0
ip access-group NACHI in
ip access-group NACHI out
ip helper-address 172.16.16.45
ip helper-address 172.16.16.47
no ip redirects
ip directed-broadcast 101
no ip proxy-arp
ip access-list extended NACHI
deny udp any any eq tftp
deny tcp any any eq 707
permit ip any any
ip access-list extended SUS1
deny udp any any eq tftp
deny tcp any any eq 707
deny ip host 172.16.16.8 172.19.0.0 0.0.255.255
deny ip host 172.16.16.8 192.168.0.0 0.0.255.255
deny tcp host 172.16.16.41 172.19.0.0 0.0.255.255 eq www
deny tcp host 172.16.16.41 192.168.0.0 0.0.255.255 eq www
deny tcp 192.168.0.0 0.0.255.255 172.16.16.0 0.0.0.255 eq 3389
deny tcp 172.19.0.0 0.0.255.255 172.16.16.0 0.0.0.255 eq 3389
permit udp host 172.16.16.220 any eq 3674
permit ip any any
access-list 101 permit udp host 172.16.16.47 any eq echo
access-list 101 permit udp host 172.16.16.46 any eq echo
access-list 101 permit udp host 172.16.16.45 any eq echo
access-list 101 permit udp host 172.16.16.220 any eq 3674
access-list 101 permit udp host 172.16.16.220 any
.45 & .47 are my dhcp servers.
does this help?
thanks.
04-23-2007 04:48 AM
Is your
ip access-group NACHI in
ip access-group NACHI out blocking this ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide