I tried to use the "ip helper-address" and the "ip directed-broadcast" commands.
"ip helper-address" works, but i will have provide all the client addresses to be effective.
"ip directed-broadcast" works fine only with Standard ACL. Using Extended ACL does not work !!!
I want to allow broadcast from only particular server to only two of our subnets. If i use Standard ACL, this will allow braodcast from single source to all the subnets in my network, which is actually not required.
Can someone guide, Does extended ACL work with ip directed-broadcast command ?
I think that there is a misunderstanding about the functionality of directed-broadcast command. It is not applied to the interface where the directed broadcast is originated but is applied on the interface where the broadcast is to be delivered. In current versions of IOS (and has been for a while) directed broadcasts are not enabled by default and if you want them you need to enable them.
If I understand your requirements correctly then the solution that you are looking for is a combination of ip helper-address on the interface where the server is connected and directed-broadcast on the interfaces of the subnets where you want the broadcasts propagated.
On the interface where the server is connected you should configure ip helper-address for each subnet where you want the broadcast sent and the address that you would put in the helper-address is the broadcast address of the destination subnet. So for example if you want the broadcast forwarded to subnet 172.16.123.0/24 you would configure this: ip helper-address 172.16.123.255. And on the interface where that subnet is connected you would configure directed-broadcast.
If these are correct, then the ip-helper address applied to the vlan1001 will allow all the server originated broadcasts in the vlan1001. I want to enable broadcast from only one particular server in vlan1001.
Also using extended ACL with the ip directed-broadcast should work now in this case ? Without any ACL it will receive all the broadcasts.
I am not aware of any way to restrict (on the sending end) the forwarding by helper-address to packets from a particular host. It would be possible to use the access-list option on the directed-broadcast command to only forward packets from that particular server.
According to the documentation both standard and extended access lists should be supported in the directed-broadcast command. In your situation I do not see much advantage in using an extended access list. Control of the source address is provided by both standard and extended ACL. What an extended ACL can do that a standard ACL can not do include control of destination address (but in your case it can only be the subnet broadcast address), the protocol (but helper-address will only forward UDP), and port number (but port number can be controlled on the sending router using ip forward-protocol). So in your case it seems to me that standard ACL does exactly what you need.
In looking through the messages in this thread I think that one other point may need to be made. You have not specified what broadcasts you want to forward. There is a list of broadcast types which helper-address will forward by default. The command ip forward-protocol is used to control what broadcasts will be forwarded if the default list is not what is desired. So I suspect that you may need to use ip forward-protocol to specify what port number is in the broadcasts that you want to forward.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...