I have 14 vlans with routing enabled between them. I also have two dhcp/dns servers in my "server" vlan. I currently have the ip helper command in my config for both servers and was wondering the impact of the no ip forward-protocal command. How would I disable all forwarding except the DHCP udp packets? Do I need any of the other packets forwarded? I use a WINS server with hybrid connections from my clients, DNS if I'm not mistaken is a unicast, and the other protocols seem irrelevant. I guess I'm a little confused about the ip helper and ip forward-protocol to start. Can someone please explain the benefits, if any, of having these packets forwarded to my DHCP/DNS server? Is it standard to block the other packets? Do I gain anything? Any documentation that specifically talks about the use of the commands would be helpful.
Once you define ip helper-address, ip udp forward-protocol is enabled and default ports as given in the doc are enabled. You can use the "no ip forward-protocol udp 37" for example if you u want to deny Time Server. If you want to allow any other ports in addition to these, u need to specify it specifically.
I appreciate the responds but I don't think you answered my question completely. It what scenarios would I need to forward DNS, NetBIOS, Time protocol? I obviously need to forward the DHCP packets, but why would I ever need to send other broadcasted packets to my DHCP/DNS server if it can't do anyting with thoses packets. And do I need to forward DNS broadcasts if my users recieve the IP's of DNS servers from DHCP. Is DNS not a unicast.
There may be scenarios wherein there are multiple servers like DHCP,TFTP,DNS servers in a differnet vlan, subnet when the router converts UDP broadcasts into directed broadcasts by specifying multiple ip helper commands.
I am not sure about how exactly DNS/DHCP works in your scenario. You can try blocking these and see if it works fine.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...