Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Wake on LAN - ip directed broadcast

We're looking at deploying a Wake-on-LAN solution for software distribution. The first alternative to distribute the 'magic packet' is enabling 'ip directed-broadcast' in each router, which presents a security risk (man in the middle attack, ARP table poisoning), the second alternative is to extend ARP aging time in the routers which presents the same security risk.

My question is, how can be this security risk reduced or minimized (options I've heard of: 'dynamic ARP inspection' in the switches, ACL on the router associated with the ip directed-broadcast command allowing only software distribution servers to convert directed-broadcast packets into unicast packets). I have a concern extending ARP aging time and its impact with current or future application.

I'll appreciated any comment. Thanks.

CreatePlease login to create content