03-13-2006 12:03 PM - edited 03-09-2019 02:14 PM
I'm wondering what's the best way to mitigate having the "ip directed-broadcast" enable on the LAN interface in a multi-site private network.
We need to enable this to implement Wake On LAN, but want to minimize security threats as much as possible.
Regards.
03-17-2006 01:25 PM
The ip directed-broadcast interface command controls the explosion of directed broadcasts when they reach their target subnets. The command affects only the final transmission of the directed broadcast on its ultimate destination subnet. It does not affect the transit unicast routing of IP directed broadcasts.
If directed broadcast is enabled for an interface, incoming IP packets whose addresses identify them as directed broadcasts intended for the subnet to which that interface is attached will be exploded as broadcasts on that subnet. If an access list has been configured with the ip directed-broadcast command, only directed broadcasts that are permitted by the access list in question will be forwarded; all other directed broadcasts destined for the interface subnet will be dropped.
03-20-2006 08:22 AM
Thanks for your response. Configuring an ACL is one option to minimize this threat, is that sufficient?.
The ACL can restrict by IP, protocol and port utilized by the magic packet.
Any other idea?. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide