Enable Broadcast on L3.

Unanswered Question
Aug 13th, 2007


We have diff. subnets on diff. vlans. The network also includes VoIP traffic. All the traffic is on different vlans and routes through a L3 switch.

Now that we have a server, that sends broadcast notifications to all the client PCs on different vlans. Due to broadcast notifications, they fail and are stopped at L3 switch.

I want to enable these broadcast notifications for all the clients in different vlans, but do not want to enable braodcasts completely on L3 switch.

I need help to - how to enable braadcast on a L3 switch.

And how can i only enable boardcast to be allowed only from a particular server only. This server is connected to the L3 Switch port?

Please suggest / guide.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
b.petronio Mon, 08/13/2007 - 07:28

Try to use the "ip helper-address x.x.x.x" in the interface vlan u want to pass the broadcast to x.x.x.x .

This x.x.x.x, is commonly used for dhcp server ip's, to pass broadcasts for dhcp server, in other networks's, but it could be anyother machine.

Hope that helps.

Bruno Petr?nio

farkascsgy Mon, 08/13/2007 - 07:44

ip direct-broadcast command can help you, you can use ACL to limit from which server broadcasts is allowed. This command is an VLAN subinterface command



Please rate me if I helped.

ciscokalpesh Tue, 08/14/2007 - 08:01


Thanks all for replies.

I want to allow network broadcast from one of the server in Vlan123.

I created a ext access list as below in my Core L3 switch.

#access-list 101 permit ip host any

and applied it to the vlan123 as

#int vlan 123

#ip directed-broadcast 101

This should allow all network broadcast from server (host to any clients (hosts on other vlan) ?

I could not test for long, but whatever shortly i did not notice any notifications on clients.

Is anything more required ? Please guide.



farkascsgy Tue, 08/14/2007 - 08:32

In your case I rather use standard access-list, it requires less CPU time, but anyway I think you are ready.



Please rate me if I helped.

ciscokalpesh Sat, 08/18/2007 - 04:19


I tried to use the "ip helper-address" and the "ip directed-broadcast" commands.

"ip helper-address" works, but i will have provide all the client addresses to be effective.

"ip directed-broadcast" works fine only with Standard ACL. Using Extended ACL does not work !!!

I want to allow broadcast from only particular server to only two of our subnets. If i use Standard ACL, this will allow braodcast from single source to all the subnets in my network, which is actually not required.

Can someone guide, Does extended ACL work with ip directed-broadcast command ?

Thanks in advance,


Richard Burts Sat, 08/18/2007 - 07:03


I think that there is a misunderstanding about the functionality of directed-broadcast command. It is not applied to the interface where the directed broadcast is originated but is applied on the interface where the broadcast is to be delivered. In current versions of IOS (and has been for a while) directed broadcasts are not enabled by default and if you want them you need to enable them.

If I understand your requirements correctly then the solution that you are looking for is a combination of ip helper-address on the interface where the server is connected and directed-broadcast on the interfaces of the subnets where you want the broadcasts propagated.

On the interface where the server is connected you should configure ip helper-address for each subnet where you want the broadcast sent and the address that you would put in the helper-address is the broadcast address of the destination subnet. So for example if you want the broadcast forwarded to subnet you would configure this: ip helper-address And on the interface where that subnet is connected you would configure directed-broadcast.



ciscokalpesh Sun, 08/19/2007 - 04:24

Hello Rick,

Thanks for your reply and clearing the misunderstanding.

You say to apply the ip helper-address on the int where the server is connected and directed-broadcast on the int of those subnets (receiving clients). Should it be like this - ?

For Server (to send notifications to clients)

#int vlan1001 (Server VLAN)

#ip helper-address (Clients Subnet)

For Clients (to receive)

#int vlan1002 (Clients VLAN)

#ip directed-broadcast

If these are correct, then the ip-helper address applied to the vlan1001 will allow all the server originated broadcasts in the vlan1001. I want to enable broadcast from only one particular server in vlan1001.

Also using extended ACL with the ip directed-broadcast should work now in this case ? Without any ACL it will receive all the broadcasts.

Please guide.



Richard Burts Sun, 08/19/2007 - 04:55


Your example of the syntax is correct.

I am not aware of any way to restrict (on the sending end) the forwarding by helper-address to packets from a particular host. It would be possible to use the access-list option on the directed-broadcast command to only forward packets from that particular server.

According to the documentation both standard and extended access lists should be supported in the directed-broadcast command. In your situation I do not see much advantage in using an extended access list. Control of the source address is provided by both standard and extended ACL. What an extended ACL can do that a standard ACL can not do include control of destination address (but in your case it can only be the subnet broadcast address), the protocol (but helper-address will only forward UDP), and port number (but port number can be controlled on the sending router using ip forward-protocol). So in your case it seems to me that standard ACL does exactly what you need.

In looking through the messages in this thread I think that one other point may need to be made. You have not specified what broadcasts you want to forward. There is a list of broadcast types which helper-address will forward by default. The command ip forward-protocol is used to control what broadcasts will be forwarded if the default list is not what is desired. So I suspect that you may need to use ip forward-protocol to specify what port number is in the broadcasts that you want to forward.




This Discussion