Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1154
Views
0
Helpful
6
Replies

2821 forwarding udp broadcast

Nikola
Level 1
Level 1

‎08-01-2012 09:41 AM - edited ‎03-07-2019 08:06 AM

I have 2821 router configured with two subinterfaces. This router is connected on cisco 2960 switch. The trunk on 2960 is configured without any prunning of vlans. I noticed that udp broadcast traffic is being forwarded through my router on native vlan 1 (this interaface do not have ip address configured). Below is configuration:

Router:

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0.200

encapsulation dot1Q 200

ip address 10.1.1.1 255.255.255.248

no ip redirects

no ip proxy-arp

ip virtual-reassembly

shutdown

!

interface GigabitEthernet0/0.501

encapsulation dot1Q 501

ip address 192.168.15.1 255.255.255.252

ip access-group company-IN in

no ip redirects

no ip proxy-arp

ip nat outside

ip inspect company-FWALL out

ip virtual-reassembly

crypto map something

Switch:

interface FastEthernet0/13

switchport mode trunk

Does anybody have a clue what might be a problem? Why udp broadcast passes through int gi0/0?

Thanks in advance.

Labels:
0 Helpful
6 Replies 6

Peter Paluch
Cisco Employee
Cisco Employee

‎08-01-2012 02:22 PM

Hi Nikola,

The description of the problem is not entirely clear. Can you please answer the following questions in as much detail as possible?

  • How exactly do you know that the broadcasts are forwarded through your router? What was the tool and the process that allowed you to find out about this issue?
  • If the broadcasts are forwarded indeed, what is their source and destination IP address? Also, what is the UDP source and destination prot of these broadcasts?
  • In which VLAN do the broadcasts originate and into which VLAN are they forwarded?

Thank you!

Best regards,

Peter

0 Helpful

Nikola
Level 1
Level 1
In response to Peter Paluch

‎08-02-2012 12:00 AM

I do sniffing betwen 2960 switch and 2821 router with wireshark. Source address is 192.168.153.x/137,138,17500 ... (it is not just one port and one source ip address but all of them is from same vlan 1) and destination is 192.168.153.255/137,138,17500... This is public segment. Than I sniff packets on private (Lan) segment and find that these packets still exist. Interface gi0/0 is by default in native vlan1. I have access list configured on subinterfaces which deny these traffic. Packets are forwarded on int gi0/1 which is in vlan 2. I do not have ip directed broadcast turnd on on any interface. When I put command switcport trunk allowed on switch interface to the router everything is ok (I do not have udp broadcast traffic anymore). My question is why traffic on interface without ip address forward traffic.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Nikola

‎08-02-2012 03:20 AM

Nikola

I am not sure that I understand this post. Are you saying that packets sent on the trunk on VLAN 1 are being forwarded by the router to the other interface Gig0/1? I would not think that this would happen. In your original post you tell us that the switch was configured to trunk with no pruning of VLANs. So the native VLAN (VLAN 1) is included in the trunk. And frames in VLAN 1 would be sent over the tunk as untagged frames. I would expect to see these frames in Wireshark. The frames would be received by the router interface Gig0/0. Since the interface has no IP address I would not expect that the router would do anything with those frames on interface Gig0/0. Are you telling us that the router is forwarding them?

Any clarification would be appreciated.

HTH

Rick

HTH

Rick
0 Helpful

Nikola
Level 1
Level 1
In response to Richard Burts

‎08-02-2012 03:29 AM

Yes, the router forwarding them. I see this traffic on my interface gig0/1.2.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Nikola

‎08-02-2012 04:50 AM

Nikola

Thanks for the clarification. Your post has shown us information about interface Gig0/0 and VLANs 200 and 501 and the switch port FastEth0/13 to which they connect. But we do not have any information about router interface Gig0/1 or the switch port to which it connects. Perhaps you can post information about these?

HTH

Rick

HTH

Rick
0 Helpful

Nikola
Level 1
Level 1
In response to Richard Burts

‎08-02-2012 05:06 AM

The interface Gig 0/1 is connected on other switch. Below is configuration. I think that main point for troubleshooting is GiG 0/0.


Switch:

interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2
switchport mode trunk
spanning-tree portfast
end

Router:

interface GigabitEthernet0/1
no ip address
load-interval 30
duplex auto
speed auto
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 192.168.1.1 255.255.255.128

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card