Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is there a way to make a router ignore directed broadcasts?

"no ip directed-broadcast" set.

May there is a way to stop router answer on requests to broadcast address?

Net subnetted with 6 subnets so 12 extra access-list rules not seems a

good idea.

11 REPLIES
Bronze

Re: Is there a way to make a router ignore directed broadcasts?

Hi

The default behavior of a router ist to drop directed broadcast unless you

use one of the following commands:

ip helper-address x.x.x.x

ip forward protocol {udp [port] | nd | sdns}

ip directed-broadcast

So i do not quite understand the question?

See the config guide:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt1/1cdipadr.htm#1002098

Hope that helps

Roger

New Member

Re: Is there a way to make a router ignore directed broadcasts?

I still got icmp echo replys from router when send request to

directed-broadcast address ( both to [subnet | 0] and [subnet | -1].

It's not forwarded. It's just handled as if destination ip was the router.

Bronze

Re: Is there a way to make a router ignore directed broadcasts?

Hi

What icmp type/code do you get?

Regards

Roger

New Member

Re: Is there a way to make a router ignore directed broadcasts?

8/0 sent 0/0 received.

cisco.com seem have same situation.

try ping 198.133.219.0 or 198.133.219.255

Bronze

Re: Is there a way to make a router ignore directed broadcasts?

It depends what subnetmask there is in place. but i do not

get you point.....if you ping the broadcast addrees basically all station in the subnet should answer that. If you ping the network address nobody should answer it and that's normal behavior.

I think there is also a command on the switch which will help you to overgo that.

Regards

Roger

New Member

Re: Is there a way to make a router ignore directed broadcasts?

Here is a quote from rfc2644 (bcp34):

Directed Broadcast - a broadcast directed to the specified network

prefix. It MUST NOT be used as a source address. A router MAY

originate Network Directed Broadcast packets. A router MAY have a

configuration option to allow it to receive directed broadcast

packets, however this option MUST be disabled by default, and thus

the router MUST NOT receive Network Directed Broadcast packets

unless specifically configured by the end user.

so it is NOT normal behavior.

And I also hope there is a command which changes this behavior.

But could anyone help me find it?

Bronze

Re: Is there a way to make a router ignore directed broadcasts?

Sorry mixed up some points in the last posting. In my posting above i meant broadcast to all host on the same subnet....but you are talking about the directed ones.

Directed broadcasts will be tropped by the router, because as in the config guide stated "no ip directed-broadcast" command is on by default . I posted the link to the config guide in an earlier posting. The router will issue an icmp packet which states that the net is not

reachable...i do not think you can turn that off. I think you wanted to turn this icmp message off am i correct.

Regards

Roger

New Member

Re: Is there a way to make a router ignore directed broadcasts?

Yes, "no ip directed-broadcast" is on by default but is only disables translation directed-broadcast to Layer2 broadcast(s) and do nothing with

router's replys. Router will issue net-unreach only if interface associated with network is down. Still it seams the problem only with icmp traffic as no

tcp-rst/icmp-portunreach response sent to tcp/udp requests.

Bronze

Re: Is there a way to make a router ignore directed broadcasts?

Hi

An add on to my last posting....You can turn of the sending of icmp unreachable messages with the following command on the interface level:

no ip unreachables

Regards

Roger

Bronze

Re: Is there a way to make a router ignore directed broadcasts?

I think what's being referred to here is the tendency of Cisco devices (the ones I've worked with, anyway) to answer pings destined towards network and broadcast addresses to which the Cisco device is directly attached. To me, this behavior is undesirable because it makes it easy for someone with bad intentions to ping sweep the network and get a very good idea of the subnetting structure.

I'm not aware of a knob to toggle this behavior -- anyone else know of one? What I've had to do on our external devices is add lines to the access lists to block packets destined towards these addresses.

Silver

Re: Is there a way to make a router ignore directed broadcasts?

I think you are referring to arp-proxy, a situation in which the router responds to an arp request because it has knowledge of the destined network. This feature is enable by default on cisco interfaces. Try to disable it by using

no ip proxy-arp,

and see whether it solves your problem.

Another option might be to change the broadcast address of the router, but I am not sure what impact this will have on the operation and connectivity of the interface.

Regards

162
Views
0
Helpful
11
Replies
CreatePlease login to create content