Hi,

You can think of using ip helper-address command under VLAN interface to acheive forwarding of broadcasts

eg. int VLAN2

ip address 10.1.1.1 255.255.255.0

ip helper-address 10.1.2.255

ip helper-address 10.1.3.255

you may have to use proper filtering/access list to allow broadcast only from the specified server.

HTH

Queston to Parameshwaram-

ip helper-address command is for directing the brodcast to a server which on other VLAN but here requirement is different ? User wanna have bradcast from a server in a VLAN to be reached to other VLANs also.

Question to Amit-

Can you please explain how ip directed brodcast command will broadcast traffic from that particular server to other VLANs, not all the broadcast ?

Hi,

Basically ip helper-address is used to forward udp broadcast (eg. DHCP BOOTP Packets) to Specific address mentioned in the command. The command syntax is

ip helper-address address

where address is Destination broadcast or host address to be used when forwarding UDP broadcasts. There can be more than one helper address per interface.

so if the address is ip broadcast address for a LAN segment, all machines in that segment will receive the particular broadcast information

Incase of DHCP, 255.255.255.255 is generated by Client and is forwarded to DHCP Server ( i.e. in helper-address command) as unicast packet. In the present scenario, 255.255.255.255 is generated by Server and is forwarded to respective different VLANs as ip broadcasts which configured in helper address.

HTH

regards

Param

Hi all,

The ip helper-address doesn't forward all broadcasts:

All of the following conditions must be met in order for a UDP or IP packet to be helpered by the ip helper-address command:

?The MAC address of the received frame must be all-ones broadcast address (ffff.ffff.ffff).

?The IP destination address must be one of the following: all-ones broadcast (255.255.255.255), subnet broadcast for the receiving interface; or major-net broadcast for the receiving interface if the no ip classless command is also configured.

?The IP time-to-live (TTL) value must be at least 2.

?The IP protocol must be UDP (17).

?The UDP destination port must be for TFTP, Domain Name System (DNS), Time, NetBIOS, ND, BOOTP or DHCP packet, or a UDP port specified by the ip forward-protocol udp global configuration command.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r/iprprt1/1rdipadr.htm#wp1018606

If these are the protocols that you wish to pass between VLANs then fine, if not try to define your protocol via the "ip forward-protocol" command.

HTH, please rate if it does,

Mohammed Mahmoud.

Guys,

please correct me if i'm wrong; the helper-address handles the problem from a reverse point of view; i.e. if i plug in a dhcp client, it will bcst a dhcp request, which gets directed by the helper-address to a specific host. in my case, the server itself is sending bcsts to, say, 500 machines.

so i configured ip forward-protocol to enable wake on lan pkts {which use UDP port 3674 in my case} and applied ip directed-broacast on vlan 1 {where my server is}. this did not solve the problem.

what do you think?

Hi there,

IP helper should solve broadcast issues either ways. Have you tried it like this:

"ip helper-address 255.255.255.255"

HTH,

Mohammed Mahmoud.

Please see how, ip directed-broadcast works.

http://www.cisco.com/warp/public/707/21.html#controlling_directed_bcasts

-amit singh

Hi Amit,

An IP directed broadcast is a datagram which is sent to the broadcast address of a subnet to which the sending machine is not directly attached, do u think that this apply to this case ?

BR,

Mohammed Mahmoud.

Guys,

i added ip forward-protocol udp 3674, used by wkae on pkts. I then added an inbound acl to vlan1 {where the server is located}, with src = server ip, dst = any, prot = udp port 3674; as i send wake on pkts from the server, i see hits on the acl entry.

i then applied the same acl, in the inbound and outbound directions of the subnet where the test machine is located. It did not record any hits.

Obviously, wake on pkts are reaching VLAN1, but not going through the destination subnet VLAN111.

any ideas? is it smtg on the vlan config level?

Hi

Did you configure ip helper-address under VLAN interface ?

can you post the config ?

Regards

Param

Hi again,

no i did not set ip helper-address. i have the following config under vlan 1:

int vlan1

ip address 172.16.16.200 255.255.192.0

ip access-group SUS1 in

ip access-group SUS1 out

no ip redirects

ip directed-broadcast 101

no ip proxy-arp

interface Vlan111

ip address 172.16.111.1 255.255.255.0

ip access-group NACHI in

ip access-group NACHI out

ip helper-address 172.16.16.45

ip helper-address 172.16.16.47

no ip redirects

ip directed-broadcast 101

no ip proxy-arp

ip access-list extended NACHI

deny udp any any eq tftp

deny tcp any any eq 707

permit ip any any

ip access-list extended SUS1

deny udp any any eq tftp

deny tcp any any eq 707

deny ip host 172.16.16.8 172.19.0.0 0.0.255.255

deny ip host 172.16.16.8 192.168.0.0 0.0.255.255

deny tcp host 172.16.16.41 172.19.0.0 0.0.255.255 eq www

deny tcp host 172.16.16.41 192.168.0.0 0.0.255.255 eq www

deny tcp 192.168.0.0 0.0.255.255 172.16.16.0 0.0.0.255 eq 3389

deny tcp 172.19.0.0 0.0.255.255 172.16.16.0 0.0.0.255 eq 3389

permit udp host 172.16.16.220 any eq 3674

permit ip any any

access-list 101 permit udp host 172.16.16.47 any eq echo

access-list 101 permit udp host 172.16.16.46 any eq echo

access-list 101 permit udp host 172.16.16.45 any eq echo

access-list 101 permit udp host 172.16.16.220 any eq 3674

access-list 101 permit udp host 172.16.16.220 any

.45 & .47 are my dhcp servers.

does this help?

thanks.

Is your

ip access-group NACHI in

ip access-group NACHI out blocking this ?