Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1839
Views
5
Helpful
6
Replies

ip directed broadcast

Go to solution
avilt
Level 3
Level 3

‎02-25-2012 09:23 PM - edited ‎03-07-2019 05:11 AM

My management vlan on a L2 switch is 172.16.0.0/24.

I have added the  command "no ip directed broadcast" on the vlan interface.

But when I ping from a client PC to the broadcast address 172.16.0.255 the switch responds to this address.  How can I disable this?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Kevin Dorrell
Level 10
Level 10
In response to avilt

‎02-26-2012 03:05 AM

ip access-list extended no-dbc-ping  

  deny icmp any host 172.16.0.255 echo

  permit ip any any

interface F0/0

  ip access-group no-dbc-ping in

Unfortunately you cannot do this as the corresponding outgoing ACL because outgoing ACLs do not affect packets generated by the router itself.

Kevin Dorrell

Luxembourg

View solution in original post

0 Helpful

Go to solution
rsimoni
Cisco Employee
Cisco Employee
In response to Kevin Dorrell

‎02-26-2012 05:30 AM

Kevin is right.

Anyway, as I wrote already, if you don't want your switch to reply to directed brodcasts you need to prevent them from entering to the management subnet at all... and how you do that? By configuring 'no ip directed broadcast' on the last L3 device routing traffic into 172.16.0.0/24 subnet.

On the contrary any device will reply to local broadcasts as they are forced to do so.

Riccardo

View solution in original post

0 Helpful
6 Replies 6

Go to solution
rsimoni
Cisco Employee
Cisco Employee

‎02-26-2012 12:03 AM

Hi,

you need the command on the last L3 device routing traffic into 172.16.0.0/24 subnet.

The command prevents a router from sending traffic to directed brodcast address not a device from replying to it.

Riccardo

Go to solution
avilt
Level 3
Level 3
In response to rsimoni

‎02-26-2012 01:31 AM

How can I prevent the end device from responding to the broadcast address?

0 Helpful

Go to solution
Kevin Dorrell
Level 10
Level 10
In response to avilt

‎02-26-2012 03:05 AM

ip access-list extended no-dbc-ping  

  deny icmp any host 172.16.0.255 echo

  permit ip any any

interface F0/0

  ip access-group no-dbc-ping in

Unfortunately you cannot do this as the corresponding outgoing ACL because outgoing ACLs do not affect packets generated by the router itself.

Kevin Dorrell

Luxembourg

0 Helpful

Go to solution
rsimoni
Cisco Employee
Cisco Employee
In response to Kevin Dorrell

‎02-26-2012 05:30 AM

Kevin is right.

Anyway, as I wrote already, if you don't want your switch to reply to directed brodcasts you need to prevent them from entering to the management subnet at all... and how you do that? By configuring 'no ip directed broadcast' on the last L3 device routing traffic into 172.16.0.0/24 subnet.

On the contrary any device will reply to local broadcasts as they are forced to do so.

Riccardo

0 Helpful

Go to solution
avilt
Level 3
Level 3
In response to rsimoni

‎02-28-2012 05:43 AM

So with this command the L3 device will not forward/move the traffic to the broadcast address from a remote system to its directly connected subnet right?

So if I have a L3 device, is it advisable to put this command on all vlan interfaces?

0 Helpful

Go to solution
rsimoni
Cisco Employee
Cisco Employee
In response to avilt

‎02-28-2012 06:04 AM

yes and yes (unless you need local brodcasts of course)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card