Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ip directed broadcast

is there a access list for ip directed broadcast? we need to enable WOL and PXE and need this but need to use access list accoring to security any thoughts?

New Member

Re: ip directed broadcast

No "standard" access-list exists for directed broadcasts because it depends on the addressing scheme in your network.

I'm not sure if you need directed broadcast for the new applications or if you need to block directed broadcast all together..??

In any case, you might want to take a look at the use of an ACL associated to the 'ip directed-broadcast' command.


New Member

Re: ip directed broadcast

ok...this is for Altiris deployment server, which uses WOL and PXE, but WOL and PXE wont cross subnets, im new by the way, and from what i understand using Ip directed broadcast can be dangerous for smurf attacks, not sure if true but,

New Member

Re: ip directed broadcast

Never tried but below logically should work.

Let us assume your network is, therefore directed broadcst ip address becomes So by enabling "ip directed broadcast" in interface confiugration mode in addition you configure Extended ACL as below.

I assume 101 as extended ACL number applied to the interface.

access-list 101 permit ip host


New Member

Re: ip directed broadcast

i think i didnt really tell you all what i wanted, i just want WOL port 402 and PXE port 4011 to be Ip directed broadcasr, sorry i didnt specify

New Member

Re: ip directed broadcast


I had got a similar reflexion :

Here are my answer :

You will find a very good documentation here :

And from different forum on cisco :

ip directed-broadcast and wake on lan :

Router Configuration for Wake On Lan :

prkrishn - CISCO SYSTEMS

"I cannot think of any other way to make Wake on LAN work. I have seen lot of customers implement it using "ip directed-broadcasts"

ahoejmark - Network System Engineer, NetDesign A/S, CCIE

"Some of my customers are actually putting a 'WOL proxy' on each and every VLAN to get WOL... "


"enabling directed broadcasts you enable your network to the smurf attack! "


"I believe WOL requires directed broadcasts enabled on router interfaces which probably isn't a good thing."

Exemple of implementaion of directed broadcast on 4506 with sup IV :

-> access-list 15 permit @IP_Server_WOL

-> int vlan XX

-> ip directed-broadcast 15

It works very good and the customer is happy.

Best regards.

New Member

Re: ip directed broadcast

this is the thing very simple:

L3(config)#access-list 101 permit udp host any eq 7
where is the IP address of the PXE, WoL server

ip forward-protocol udp 7 
where UDP port 7 is the one you use, it canh also be 9, 69, 4011....

L3(config-if)#interface vlan 2
L3(config-if)#ip address
L3(config-if)#ip helper-address
if you want to route the WoL magic packets or the PXE bootp packets

L3(config-if)#ip directed-broadcast 101
where 101 is the ACL number

Now the thing is that there are several bugs that may no have this to work, however with this configuration and having the correct ports you should be able to do it.

Reminder: ip directed BD is a global command i believe.

CreatePlease to create content