Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
368
Views
0
Helpful
2
Replies

Wake on LAN - IP directed-broadcast

gmayan
Level 1
Level 1

‎03-13-2006 12:03 PM - edited ‎03-09-2019 02:14 PM

I'm wondering what's the best way to mitigate having the "ip directed-broadcast" enable on the LAN interface in a multi-site private network.

We need to enable this to implement Wake On LAN, but want to minimize security threats as much as possible.

Regards.

Labels:
0 Helpful
2 Replies 2

s.jankowski
Level 4
Level 4

‎03-17-2006 01:25 PM

The ip directed-broadcast interface command controls the explosion of directed broadcasts when they reach their target subnets. The command affects only the final transmission of the directed broadcast on its ultimate destination subnet. It does not affect the transit unicast routing of IP directed broadcasts.

If directed broadcast is enabled for an interface, incoming IP packets whose addresses identify them as directed broadcasts intended for the subnet to which that interface is attached will be exploded as broadcasts on that subnet. If an access list has been configured with the ip directed-broadcast command, only directed broadcasts that are permitted by the access list in question will be forwarded; all other directed broadcasts destined for the interface subnet will be dropped.

0 Helpful

gmayan
Level 1
Level 1
In response to s.jankowski

‎03-20-2006 08:22 AM

Thanks for your response. Configuring an ACL is one option to minimize this threat, is that sufficient?.

The ACL can restrict by IP, protocol and port utilized by the magic packet.

Any other idea?. Thanks.

0 Helpful
Customers Also Viewed These Support Documents