How do Cisco SNMP agents respond to a broadcast request?

Answered Question
Nov 20th, 2009

Hi,


Can Cisco switches/routers be discovered by any SNMP NMS on their broadcast IP addresses?

Came across an external link saying that they drop SNMP requests on subnet broadcast addresses.

Q:2.60.12

http://www.snmp.com/FAQs/snmp-faq-part2.txt

What is the typical behavior?

Thanks.

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 7 years 2 weeks ago

A need for it?  You mean a use for it?  I think some people like to use it for SNMP discoveries (i.e. finding new SNMP hosts/devices on their network).  However, as I said, many network management systems do not support broadcast addresses (e.g. CiscoWorks no longer supports them, and hasn't since ~ 1998).

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Joe Clarke Fri, 11/20/2009 - 17:44

The typical behavior is to drop SNMP requests to broadcast addresses.  Most SNMP managers could not handle such responses (i.e. those from multiple devices at the same time) anyway.

rsgamage1 Sat, 11/21/2009 - 01:51

NMS would receive multiple responses only if "ip directed broadcast" is ON, The question here is when this feature is OFF(default behavior) should a switch/router respond to SNMP queries coming onto its subnet broadcast IP?

Joe Clarke Sat, 11/21/2009 - 08:30

In this case, the behavior could be a bit erratic (see CSCsr09033).  Basically, some IOS devices will respond to broadcasts, but include the source address as the directed broadcast IP (e.g. 10.1.1.255).  Others will not.  However, once this bug is fixed in a given platform, the behavior will be consistent in that the device will respond to the broadcast, and pick a resonable source IP address.

rsgamage1 Sat, 11/21/2009 - 12:04

Is there a specific need for the router to respond to SNMP queries on the broadcast address ?

Correct Answer
Joe Clarke Sat, 11/21/2009 - 15:52

A need for it?  You mean a use for it?  I think some people like to use it for SNMP discoveries (i.e. finding new SNMP hosts/devices on their network).  However, as I said, many network management systems do not support broadcast addresses (e.g. CiscoWorks no longer supports them, and hasn't since ~ 1998).

rsgamage1 Wed, 11/25/2009 - 12:11

Thanks for your response. Still not clear yet why would a router need to respond to snmp queries on its broadcast address especially when ip directed  broadcast is OFF. Of course different NMS behave differently and as you have mentioned most of them do not support broadcast addresses.

Joe Clarke Wed, 11/25/2009 - 13:42

The RFC leaves this detail up to the specific implementation.  Some vendors may want to respond to broadcast request to facilitate multi-device management with fewer request packets.

rsgamage1 Sat, 11/28/2009 - 05:05

>>The RFC leaves this detail up to the specific implementation

Could you specify in which RFC exactly?

Thanks a lot for your thoughts already.

Joe Clarke Sat, 11/28/2009 - 09:00

The SNMP RFC is 1157.  The RFC does not explicitly say how broadcast requests should be handled, so this implementation van vary from vendor to vendor.

rsgamage1 Sat, 12/05/2009 - 11:57

Yes, but RFC 2644 does say that subnet
broadcasts must not be received and/or forwarded if the directed-broadcast feature is OFF which is the default behavior; Therefore hosts must not respond to broadcast requests irrespective of the application protocol in question.

Thanks a lot for your thoughts

Joe Clarke Sat, 12/05/2009 - 15:07

See http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp1081245 .  The "no ip directed-broadcast" command prevents a router from exploding directed broadcasts on the interface directly connected to the subnet in question.  It doesn't affect whether or not the router will process an incoming broadcast.  For example, if I am connected to a device, and I send a subnet broadcast ping (e.g. 10.1.1.255), the device will respond even if "no ip directed-broadcast" is configured.

rsgamage1 Sat, 12/05/2009 - 16:31

Surely, however it's not what RFC(2644) says. I've also tested this in lab to verify what was mentioned in that link. So it deviates from the standard,right?

Joe Clarke Sat, 12/05/2009 - 16:41

The RFC states that if an option exists to allow for receipt of directed broadcasts, then that option should be disabled by default.  I do not believe IOS has such an option.  It only has the option to disable FORWARDING of directed broadcasts, and that is disabled by default.

rsgamage1 Sat, 12/05/2009 - 23:46

I wonder why  RECV and FWD need to be treated separately however you explanation makes sense when it comes to IOS implementation.

Actions

This Discussion