Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

no ip forward-protocol

I know this is configured on the router, but it pertains to the local LAN....

If an IP helper address is specified and UDP forwarding is enabled on the router, broadcast packets to the following port numbers are forwarded by default:

Time Service port 37

TACACS port 49

Domain Name Services port 53

Trivial File Transfer Protocol port 69

DHCP (Bootp) port 67 and port 68

NETBIOS name server port 137

NETBIOS Datagram Server port 138

To help resolve issues of master browser elections, disabling IP forwarding to ports 137 and 138 can be a solution.

The following commands will disable the forwarding of packets to the respective IP ports:

no ip forward-protocol udp port 137

no ip forward-protocol udp port 138

To forward only DHCP requests, see the following example configuration

no ip forward-protocol udp tftp

no ip forward-protocol udp dns

no ip forward-protocol udp time

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

no ip forward-protocol udp tacacs

ip forward-protocol udp bootpc <- enabled by default


interface ethernet 0

ip helper-address

ip helper-address

My question is:

Will the above global configuration prevent windows browsing, domain authentication, dns resolutions from the clients, etc?


New Member

Re: no ip forward-protocol

Windows browsing and domain authentication can be accomplished by broadcast, but alternatively they can be accomplished by WINS servers or LMHOSTS files.

Therefore, preventing such broadcasts would not prevent all browsing or domain authentication across the router (if WINS or LMHOSTS have been implemented).

DNS resolutions from clients do not use the broadcast addresses, and so they would not be affected.


CreatePlease login to create content