Directed broadcasts on an interface

Similar Messages

• Command " no ip directed-broadcast" ?

  I configured a router interface E0 with command"ip address x.x.x.x y.y.y.y" only, but when I "show run", i found there's an extra command under E0(see below) which is "no ip directed-broadcast". I can't remove this line, not sure what this line is doing.
  interface Ethernet0
  description : connect to O6LXC29OOBC01(switch)
  ip address x.x.x.x y.y.y.y
  no ip directed-broadcast

  Wayne
  Jon has provided a good discussion of ip directed-broadcast and the reasons why many people want to disable this. I would like to add a small supplement to his explanation about why it is in the config.
  The command is added to the configuration by the IOS. As you comment you did not type it in but it is in the config automatically. A little background may help explain why IOS does automatically put this command into the config.
  In earlier versions of IOS the default was to enable directed broadcasts (and in general people thought that it was a good feature). But as networks grew and as we faced more threats and network attacks people began to recognize the security weakness of directed-broadcast and began to want to turn it off. And at some point Cisco changed the default. Now the default is no ip directed-broadcast. And Cisco now automatically adds that to the configuration to be clear about what the behavior of the router will be.
  Cisco has done this kind of thing for several commands where the default behavior has changed - to automatically insert into the config the command for the default that has changed (for example putting subnet-zero into the config).
  If you want to remove the command no ip directed-broadcast from the configuration you can put ip directed-broadcast into the interface configuration and it will remove the no ip directed-broadcast. (of course it will insert the ip directed-broadcast under the interface configuration)
  HTH
  Rick

• Directed broadcast and unicast

  Hi all , 
  below is an excerpt from the link http://www.cisco.com/web/techdoc/dc/reference/cli/nxos/commands/l3/ip_directed-broadcast.html
  A device that is not directly connected to its destination subnet forwards an IP directed broadcast in the same way it would forward unicast IP packets destined to a host on that subnet. When a directed broadcast packet reaches a device that is directly connected to its destination subnet, that packet is broadcast on the destination subnet. The destination address in the IP header of the packet is rewritten to the configured IP broadcast address for the subnet, and the packet is sent as a link-layer broadcast.
  here is my question 
  When server on serverfarm switch sending a wol packet ( ip directed broadcast 10.0.7.255 ), it would forward like a unicast packet . 
  The unicast packet will be routed through the core to the distribution . So as i understand i don't need to do any configuration changes on the core .
  The  changes required only on distribution and serverfarm .
  Please correct me i am wrong . 
  My configurations are below 
  Serverfarm 
  Interface vlan 10
  Ip add 192.168.80.2 255.255.255.0
  host 
  Distribution
  Interface vlan 100
  Ip add 10.0.7.2 255.255.255.0
  Serverfarm switch
  interface vlan 10
  ip helper-address 10.0.7.255
  Distribution switch 
  access-list 102 permit udp host 192.168.80.10 any eq 7
  ip forward-protocol udp 7
  interface vlan 100 
  ip directed broadcast 102

  Most tools to generate WoL Magic Packets send them as UDP datagrams and set the destination IP to the limited broadcast address 255.255.255.255, thus those Magic Packets are never routed (Scope = local subnet).
  Thats why you need in this case the ip-helper command, which converts (local) UDP broadcasts of serveral well-known protocols (DHCP, TFTP, DNS, NetBIOS, TACACS) into unicasts and then forwards them to the helper address.
  Since the portnumbers typically used by WoL tools (7, 9) are different from those used by the well-known protocols, you'd also need the 'ip forward-protocol udp <number>' command to make it work.
  If I understand you correctly, your WoL tool allows you to set the destination IP to a directed broadcast IP. In this case you don't need any additional configuration because directed broadcast IPs are routable.
  HTH
  Rolf

• Ip directed-broadcast and acl

  Hi friends ,
  access-list 102 permit udp host 192.168.80.10 any eq 7
  ip directed-broadcast 102
  1 ) Why we do not need to specify a direction ( in or out )  when an access list associated with  directed-broadcast ( ip directed-broadcast 102) command .
  2) if there is  an existing  access-list as  below  ,
  Interface vlan 100
  Ip add 10.0.7.2 255.255.255.0
  ip access-group testing  out
  ip directed-broadcast 102
  Q. W hat is  the processing order of the access-list
  Q .Can club the access list ?
  Q.if  i cannot club the access list  do i need to  add  the line  (permit udp host 192.168.80.10 any eq 7 ) again  in the access list 'testing '
  Thanks

  Hi Rick 
  " 1) you do not need to specify a direction when using an access list with directed broadcast because directed broadcast is, by definition, about incoming traffic. " .
  (access-list 102 permit udp host 192.168.80.10 any eq 7)
  Interface vlan 100
  Ip add 10.0.7.2 255.255.255.0
  ip access-group testing  out
  ip directed-broadcast 102
   As per the above access list the source ip is  (192.168.80.10) .  If  the direction is 'in' , the source will not match and the ACL will simply  drop  the traffic from 192.168.80.10 .  To match the source ip, the ip  must be  one from the  interface vlan subnet ( 10.0.7.0 /24).
  Please correct me i am wrong 
  2 ) What is the difference between the below lines .
  permit udp host 192.168.80.10 any eq 7
  permit udp host 192.168.80.10 eq 7 any
  Thank you 

• IP Directed Broadcast

  I have a 2901K9 router at a remote location. Insite Interface = 10.10.10.1/24 Outside Interface = 20.20.20.1/24
  I have set "no ip directed boradcast" on both interfaces. ( I think it's the default settings)
  But still when I ping 20.20.20.255 I get a reply from 10.10.10.1
  How can I disable this?

  I am aware of ip directed broadcast. My question is why is it not affective inspite of having the command at interface level?
  I have a router at the remote location.
  Inside Interface = 10.10.10.1/24 Outside Interface = 20.20.20.1/24
  I have set "no ip directed boradcast" on both interfaces. ( I think it's the default settings in the latest IOS)
  But still when I ping 20.20.20.255 from my location, I get a reply from 10.10.10.1 which is the inside interface of the remote router.

• Command precedence ip helper-address ip directed-broadcast

  Of the two commands ip helper-address ip directed-broadcast, which takes precedence when a broadcast arrives?
  Posted by WebUser Lance Macdonald from Cisco Support Community App

  I think there is not really any precedence.
  The usage guidelines of the ip helper-address command states:
  The following conditions must be met for a UDP or IP packet to be able to use the ip helper-address command: The MAC address of the received frame must be all-ones broadcast address (ffff.ffff.ffff). The IP destination address must be one of the following: all-ones broadcast (255.255.255.255), subnet broadcast for the receiving interface (...)
  That means that the ip helper has no effect when a directed broadcast is received from another subnet; it has to be a layer-2 broadcast from the local subnet.
  If you enable directed broadcasts and send a UDP packet to the subnet's broadcast address as a layer-2 broadcast frame and UDP forwarding is enabled for the port I'd assume that
  - an ip unicast packet is send to the configured helper
  - an all-ones broadcast is send within the local subnet
  Best regards
  Rolf
  Btw: Why did you post that in the Data Center - Application Networking section?

• Wake on LAN - ip directed broadcast

  We're looking at deploying a Wake-on-LAN solution for software distribution. The first alternative to distribute the 'magic packet' is enabling 'ip directed-broadcast' in each router, which presents a security risk (man in the middle attack, ARP table poisoning), the second alternative is to extend ARP aging time in the routers which presents the same security risk.
  My question is, how can be this security risk reduced or minimized (options I've heard of: 'dynamic ARP inspection' in the switches, ACL on the router associated with the ip directed-broadcast command allowing only software distribution servers to convert directed-broadcast packets into unicast packets). I have a concern extending ARP aging time and its impact with current or future application.
  I'll appreciated any comment. Thanks.

  IP directed broadcasts are used in the popular "smurf" denial-of-service attack and derivatives thereof. An IP directed broadcast is a datagram that is sent to the broadcast address of a subnet to which the sending machine is not directly attached. The directed broadcast is routed through the network as a unicast packet until it arrives at the target subnet, where it is converted into a link-layer broadcast. Because of the nature of the IP addressing architecture, only the last router in the chain, the one that is connected directly to the target subnet, can conclusively identify a directed broadcast. Directed broadcasts are occasionally used for legitimate purposes, but such use is not common outside the financial services industry. In a "smurf" attack, the attacker sends Internet Control Message Protocol (ICMP) echo requests from a falsified source address to a directed broadcast address, causing all the hosts on the target subnet to send replies to the falsified source. By sending a continuous stream of such requests, the attacker can create a much larger stream of replies, which can completely inundate the host whose
  address is being falsified. If a Cisco interface is configured with the no ip directed-broadcast command, directed broadcasts
  that would otherwise expand into link-layer broadcasts at that interface are dropped instead.
  If you are behind a firewall and are confident in your security policy, then I don't see this as being a problem.

• How to enable directed broadcast in an RVS4000

  I have two plant automation networks lets say A/24 and B/24 without comm between them, and as per the menufacturers of the atutomation controllers, the routers between them have to be able to direct broadcast.
  How to do it with a RVS4000?

  i know that for specifying attachment u should set it in header like this
  res.setContentType("application/pdf");
       res.setHeader("Content-Disposition","attachment;filename=7444.pdf;");
  creating DSN on server from another pc i think that can be done only by using PC anywhere which should be installed on both server and client with this u may control the server from your local machine

• NetBIOS broadcast traffic not directed to all network interfaces

  Hi folks,
  Using a packet sniffer (WireShark), I've found that my Mac broadcasts NetBIOS Name Service (NBNS) traffic over my en1 (WiFi) interface but not over the ppp0 interface used for my Mac's PPTP VPN client connection. As I'm experimenting with enabling Windows computer names over a PPTP VPN from my Mac I was wondering... how can I configure my Mac to direct NBNS traffic over the ppp0 interface?
  Thanks,
  Shaun

  IGMP snooping may be enabled by default on the 6509. Disabling it may solve your problem.
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/snooigmp.htm#wp1020466

• Using the FCB1010 direct, or through an Interface

  Hi,
  I am wish to use my Mac to create the effects I wish to use for my playing (guitar) with Logic and Mainstage. I will need a foot controller, so I am considering the FCB 1010 (as many have). I will also be purchasing an interface which will allow me to record, and sing.  I have a couple of questions:
  1 - is it better to plug the FCB1010 directly into the computer when using it with mainstage, or can I use the MIDI IN/OUTs on the interface?
  2 - would I be better of sending the output of the interface to my aplifiers, or powered monitors?
  3 - if I had a mc + the pedal baord plugged into the interface (assume the answer to 1 allows me to do this), will the output of both go to the lineouts of my interface (say a presonus for example...)
  4 - if the answer to 3 is yes: would I be better with a Firewire or would a USB interface be ok (I understand that firewire is always better for latency, but if I could use a USB with satisfactory results... that may be ok)

  Hi RLRL,
  1 - you can only connect FCB1010 by MIDI IN/OU not USB (directly). But it´s very easy. Any hardware with MIDI IN/OUT can be connected to the FCB1010.
  2- Depending on what you want to do. Please be more specific (use a guitar amp, use monitors in studio)
  3 - In Mainstage/Logic you can configure and route any input to any output of your audio interface. So yes
  4 - The answer is: firewire BUT there´s no diference if you just use a few tracks in/out USB is most capable, but use firewire, and if you do that you can still leave a free USB slot for others things
  Hope i´ve helped you.
  Bruno Filipe

• EzVPN sometimes ping only in one direction or only one interface

  Guys, I have lots of 857's routers in the field with mostly the latest OS - 12.4(15)T17 making ezVPN connections to a 2951 with 15.1(4)M5.
  All the 857's have lookback and vlan interfaces similar to :
  interface Loopback0
  ip address 50.43.8.1 255.255.255.255
  ip tcp adjust-mss 1452
  end
  interface Vlan1
  ip address 40.43.8.1 255.255.255.128
  ip tcp adjust-mss 1452
  crypto ipsec client ezvpn SMS_VPN inside
  end
  This is my Dialer interface :
  interface Dialer0
  ip ddns update hostname my_custom_host_name
  ip ddns update SMS_DynDNS
  ip address negotiated
  ip access-group 102 in
  ip access-group 101 out
  ip mtu 1492
  ip virtual-reassembly
  encapsulation ppp
  dialer pool 1
  dialer idle-timeout 0
  dialer persistent
  ppp authentication chap pap callin
  ppp chap hostname my_hostname
  ppp chap password 0 my_password
  ppp pap sent-username my_hostname password 0 my_password
  ppp ipcp dns request accept
  crypto ipsec client ezvpn SMS_VPN
  And their crypto's are defined as :
  crypto ipsec client ezvpn SMS_VPN
  connect auto
  group HW_Client key my_client_key
  mode network-extension
  peer my_peer_ip
  acl 100
  username my_username password my_password
  xauth userid mode local
  Now lately for some or other reason we have instances where I can ping either the VLAN or the LOOPBACK interface, but not both. Or I have instances where the 2951 can ping all the interfaces on the 857, but the 857 can not ping the 2951. Or I have instances where the 2951 can not ping the 857, but the 857 can ping the 2951.
  The way I have been fixing this is either to add crypto ipsec client ezvpn SMS_VPN inside to the loopback interface, or if it is there already to remove it. This usually works for a few days, but then suddenly I have to reverse this again. If that does not work then I usually do lots of clear crypt sess and/or clear crypt ipsec client ezvpn on the 857, or clear crypt sess remote 857_ip_address from the 2951 and then suddenly it starts working again.
  Surely there must be something wrong, but I just can not figure out what. Any ideas ?!

  Bump ... Anyone please ...

• Direct methods access of interfaced object

  Hi, gurus!
  My situation like this:
  IHost.as:
  Code:
  public interface IHost {
      function doSomething() : void;
  Host.as:
  Code:
  import IHost;
  public class Host implements IHost {
      public function doSomething() : void { trace("doSomething"); }
      public function doAnotherThing() : void { trace("doAnotherThing"); }
      public function loadChild() : void {
          var loader : Loader = new Loader();
          with (loader.contentLoaderInfo) {
                  addEventListener(SecurityErrorEvent.SECURITY_ERROR, onChild);
                  addEventListener(IOErrorEvent.IO_ERROR, onChild);
                  addEventListener(Event.COMPLETE, onChild);
          var context : LoaderContext = new LoaderContext();
          context.applicationDomain = ApplicationDomain.currentDomain;
          context.securityDomain = SecurityDomain.currentDomain;
          loader.load(new URLRequest("Child.swf"), context);
      public function onChild(event : Event) : void {
          event.target.content.testIt(this);
  Child.as:
  Code:
  import IHost;
  public class Child extends Sprite {
      public function testIt(host : IHost) : void {
          // call method 1
          host.doSomething(); // It works...
          // call method 2
          Object(host).doAnotherThing(); // It also works!!!
  And the question is - how I can allow "call method 1", but deny "call method 2" from loaded objects? I cant declare doAnotherThing method as private - i need it in other chasses (not loaded) to be public...

  just what are you asking?
  if you pass a host instance (and the testIt() method in the Child class should be passed a Host instance not an IHost instance), all the public methods of the Host class will be available to that instance.
  i'm not sure what role casting that instance as an object is supposed to have.

• Having an issue adding network to eigrp

  I'm doing a class project using a network simulator and am asked to: Design and implement an network for company RoutersCourseMatters.  The names of the department names at this company are Faculty, Staff, and Students.  For security reasons, each department must be isolated from each other's broadcast domain on the network.  The Faculty have 50 end devices that need to be connected to the network.  Staff has 26 end devices and the Students have 100 end devices.  The network spaced provided by the ISP is 192.168.0.0/24.  The dynamic protocol used for this network must be for Cisco-only equipment.  Test each department network with just one end device and ensure full connectivity across the entire network
  So we have our network topology setup for the class project(see picture attached). We are using one router for faculty+staff. Faculty has ip/mask of 192.168.0.1/26 and staff is: 192.168.0.65/27. we have a seperate router for students which the IP subnet for students is 192.168.0.150/25. The routers are directly connected and are using ips 192.168.0.98/29 & 192.168.0.100/29 so since the two routers are directly connected on the same subnet they have no issue pinging each other. The problem is pinging hosts from a subnet to hosts on a different subnet. When I try and add ANY 192.168.0.* subnet to eigrp it instead adds 192.168.16.* network. For instance on the faculty/student router if i do a 'router eigrp 1' command followed by 'network 192.168.0.0 0.0.0.63' it shows network 192.168.16.0 has been added to eigrp under show run. here is show run command:
  faculty/staff Con0 is now available
  Press RETURN to get started!
  faculty/staff>en
  faculty/staff#show run
  Building configuration...
  Current configuration : 874 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname faculty/staff
  boot-start-marker
  boot-end-marker
  no aaa new-model
  ip cef
  ip subnet-zero
  interface FastEthernet0/0
    description blank
    ip address 192.168.0.65 255.255.255.224
    no ip directed-broadcast
  interface FastEthernet0/1
    description link to switch
    ip address 192.168.0.1 255.255.255.192
    no ip directed-broadcast
  interface Serial0/0/0
    ip address 192.168.20.2 255.255.255.0
    no ip directed-broadcast
    clockrate 2000000
  interface Serial0/0/1
    no ip address
    no ip directed-broadcast
    shutdown
    clockrate 2000000
  interface Serial0/1/0
    no ip address
    no ip directed-broadcast
    shutdown
    clockrate 2000000
  interface Serial0/1/1
    ip address 192.168.0.98 255.255.255.248
    no ip directed-broadcast
  router eigrp 1
   network 0.0.0.0
   network 192.168.1.1 0.0.0.0
   network 192.168.16.0
   network 192.168.20.0
   no auto-summary
  ip classless
  no ip http server
  no ip http secure-server
  control-plane
  line con 0
  line aux 0
  line vty 0 4
    login
  line vty 5 1180
    login
  scheduler allocate 20000 1000
  end
  faculty/staff#config t
  Enter configuration commands, one per line.  End with CNTL/Z
  faculty/staff(config)#router eigrp 1
  faculty/staff(config-router)#network 192.168.0.0 0.0.0.63
  faculty/staff(config-router)#exit
  faculty/staff(config)#exit
  faculty/staff#show run
  Building configuration...
  Current configuration : 874 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname faculty/staff
  boot-start-marker
  boot-end-marker
  no aaa new-model
  ip cef
  ip subnet-zero
  interface FastEthernet0/0
    description blank
    ip address 192.168.0.65 255.255.255.224
    no ip directed-broadcast
  interface FastEthernet0/1
    description link to switch
    ip address 192.168.0.1 255.255.255.192
    no ip directed-broadcast
  interface Serial0/0/0
    ip address 192.168.20.2 255.255.255.0
    no ip directed-broadcast
    clockrate 2000000
  interface Serial0/0/1
    no ip address
    no ip directed-broadcast
    shutdown
    clockrate 2000000
  interface Serial0/1/0
    no ip address
    no ip directed-broadcast
    shutdown
    clockrate 2000000
  interface Serial0/1/1
    ip address 192.168.0.98 255.255.255.248
    no ip directed-broadcast
  router eigrp 1
   network 0.0.0.0
   network 192.168.1.1 0.0.0.0
   network 192.168.16.0
   network 192.168.20.0
   no auto-summary
  ip classless
  no ip http server
  no ip http secure-server
  --More--
  project.jpg
  Reply Reply to Main Discussion
      Cody Robinson
      Cody Robinson
      2:36pm
  Here is 'show ip eigrp topology' on staff/faculty router:
  faculty/staff Con0 is now available
  Press RETURN to get started!
  faculty/staff>en
  faculty/staff#show ip interface
  FastEthernet0/0 is up, line protocol is up
    Internet address is 192.168.0.65/27
    Broadcast address is 255.255.255.255
    Address determined by setup command
    MTU is 1514 bytes
    Helper address is not set
    Directed broadcast forwarding is disabled
    Outgoing access list is not set
    Inbound access list is not set
    Proxy ARP is enabled
    Local Proxy ARP is disabled
    Security level is default
    Split horizon is disabled
    ICMP redirects are always sent
    ICMP unreachables are always sent
    ICMP mask replies are never sent
    IP fast switching is enabled
    IP fast switching on the same interface is enabled
    IP Flow switching is disabled
    IP CEF switching is enabled
    IP CEF Fast switching turbo vector
    IP multicast fast switching is enabled
    IP multicast distributed fast switching is disabled
    IP route-cache flags are Fast, CEF
    Router Discovery is disabled
    IP output packet accounting is disabled
    IP access violation accounting is disabled
    TCP/IP header compression is disabled
    RTP/IP header compression is disabled
    Policy routing is disabled
    Network address translation is disabled
    BGP Policy Mapping is disabled
    WCCP Redirect outbound is disabled
    WCCP Redirect inbound is disabled
    WCCP Redirect exclude is disabled
  FastEthernet0/1 is up, line protocol is up
    Internet address is 192.168.0.1/26
    Broadcast address is 255.255.255.255
    Address determined by setup command
    MTU is 1514 bytes
    Helper address is not set
    Directed broadcast forwarding is disabled
    Outgoing access list is not set
    Inbound access list is not set
    Proxy ARP is enabled
    Local Proxy ARP is disabled
    Security level is default
    Split horizon is disabled
    ICMP redirects are always sent
    ICMP unreachables are always sent
    ICMP mask replies are never sent
    IP fast switching is enabled
    IP fast switching on the same interface is enabled
    IP Flow switching is disabled
    IP CEF switching is enabled
    IP CEF Fast switching turbo vector
    IP multicast fast switching is enabled
    IP multicast distributed fast switching is disabled
    IP route-cache flags are Fast, CEF
    Router Discovery is disabled
    IP output packet accounting is disabled
    IP access violation accounting is disabled
    TCP/IP header compression is disabled
    RTP/IP header compression is disabled
    Policy routing is disabled
    Network address translation is disabled
    BGP Policy Mapping is disabled
    WCCP Redirect outbound is disabled
    WCCP Redirect inbound is disabled
    WCCP Redirect exclude is disabled
  Serial0/0/0 is down, line protocol is down
    Internet address is 192.168.20.2/24
    Broadcast address is 255.255.255.255
    Address determined by setup command
    MTU is 1514 bytes
    Helper address is not set
    Directed broadcast forwarding is disabled
    Outgoing access list is not set
    Inbound access list is not set
    Proxy ARP is enabled
    Local Proxy ARP is disabled
    Security level is default
    Split horizon is disabled
    ICMP redirects are always sent
    ICMP unreachables are always sent
    ICMP mask replies are never sent
    IP fast switching is enabled
    IP fast switching on the same interface is enabled
    IP Flow switching is disabled
    IP CEF switching is enabled
    IP CEF Fast switching turbo vector
    IP multicast fast switching is enabled
    IP multicast distributed fast switching is disabled
    IP route-cache flags are Fast, CEF
    Router Discovery is disabled
    IP output packet accounting is disabled
    IP access violation accounting is disabled
    TCP/IP header compression is disabled
    RTP/IP header compression is disabled
    Policy routing is disabled
    Network address translation is disabled
    BGP Policy Mapping is disabled
    WCCP Redirect outbound is disabled
    WCCP Redirect inbound is disabled
    WCCP Redirect exclude is disabled
  Serial0/0/1 is administratively down, line protocol is down
    Internet protocol processing disabled
  Serial0/1/0 is administratively down, line protocol is down
    Internet protocol processing disabled
  Serial0/1/1 is up, line protocol is up
    Internet address is 192.168.0.98/29
    Broadcast address is 255.255.255.255
    Address determined by setup command
    MTU is 1514 bytes
    Helper address is not set
    Directed broadcast forwarding is disabled
    Outgoing access list is not set
    Inbound access list is not set
    Proxy ARP is enabled
    Local Proxy ARP is disabled
    Security level is default
    Split horizon is disabled
    ICMP redirects are always sent
    ICMP unreachables are always sent
    ICMP mask replies are never sent
    IP fast switching is enabled
    IP fast switching on the same interface is enabled
    IP Flow switching is disabled
    IP CEF switching is enabled
    IP CEF Fast switching turbo vector
    IP multicast fast switching is enabled
    IP multicast distributed fast switching is disabled
    IP route-cache flags are Fast, CEF
    Router Discovery is disabled
    IP output packet accounting is disabled
    IP access violation accounting is disabled
    TCP/IP header compression is disabled
    RTP/IP header compression is disabled
    Policy routing is disabled
    Network address translation is disabled
    BGP Policy Mapping is disabled
    WCCP Redirect outbound is disabled
    WCCP Redirect inbound is disabled
    WCCP Redirect exclude is disabled
  faculty/staff#show ip eigrp ?
    <1-65535>   Autonomous System
    accounting  IP-EIGRP Accounting
    interfaces  IP-EIGRP interfaces
    neighbors   IP-EIGRP neighbors
    topology    IP-EIGRP Topology Table
    traffic     IP-EIGRP Traffic Statistics
    vrf         Select a VPN Routing/Forwarding instance
  faculty/staff#show ip eigrp topology
  IP-EIGRP Topology Table for AS(1)/ID(192.168.20.2)
  Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
         r - reply Status, s - sia Status
  P 192.168.0.0/26, 1 successors, FD is 2172416
           via Connected, FastEthernet0/1
  P 192.168.0.64/27, 1 successors, FD is 2172416
           via Connected, FastEthernet0/0
  P 192.168.0.96/29, 1 successors, FD is 2172416
           via Connected, Serial0/1/1
  faculty/staff#
      Cody Robinson
      Cody Robinson
      2:37pm
  Here is show run on students router:
  Students Con0 is now available
  Press RETURN to get started!
  Students>sh run
              ^
  % Invalid input detected at '^' marker.
  Students>en
  Students#sh run
  Building configuration...
  Current configuration : 874 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Students
  boot-start-marker
  boot-end-marker
  no aaa new-model
  ip cef
  ip subnet-zero
  interface FastEthernet0/0
    no ip address
    no ip directed-broadcast
    shutdown
  interface FastEthernet0/1
    description link to switch
    ip address 192.168.0.150 255.255.255.128
    no ip directed-broadcast
  interface Serial0/0/0
    ip address 192.168.10.1 255.255.255.0
    no ip directed-broadcast
    clockrate 2000000
  interface Serial0/0/1
    no ip address
    no ip directed-broadcast
    shutdown
    clockrate 2000000
  interface Serial0/1/0
    no ip address
    no ip directed-broadcast
    shutdown
    clockrate 2000000
  interface Serial0/1/1
    ip address 192.168.0.100 255.255.255.248
    no ip directed-broadcast
    clockrate 2000000
  router eigrp 1
   network 0.0.0.0
   network 192.168.1.1 0.0.0.0
   network 192.168.10.0
  ip classless
  no ip http server
  no ip http secure-server
  control-plane
  line con 0
  line aux 0
  line vty 0 4
    login
  line vty 5 1180
    login
  scheduler allocate 20000 1000
  end
  Students#

  Hello lolwar,
  From your setup and description you provided I see some mismatch in IP subneting you calculated.
  For instance in your diagram you have networks 192.168.0.0/26 (FACULTY), 192.168.0.64/27 (STAFF), 192.168.0.96/29 (point-to-point link between routers) and 192.168.0.128/25 (STUDENTS).
  First, you're wasting IP addresses, because you have unused space between point-to-point link and STUDENTS subnet. It's a good practice, when calculating subnets first calculate the biggest, subnet, then smaller one until the smallest one (usually some point-to-point cross-connects). For more about this see this guide.
  Now, the issue I see as the most important is, that you have in your diagram networks as I mentioned above, but into your EIGRP process you're adding completely different subnets (192.168.16.x, 192.168.20.x,...).
  I entered following:
  STUDENT ROUTER =------------>
  router eigrp 1
  network 192.168.0.96 0.0.0.7
  network 192.168.0.128 0.0.0.127
  FACULTY/STAFF ROUTER =------------->
  router eigrp 1
  network 192.168.0.0 0.0.0.63
  network 192.168.0.64 0.0.0.31
  network 192.168.0.96 0.0.0.7
  And all works just fine, computer's are able to ping each other. Also although it's not necessary, it's good to includes network wildcard mask into the "network" command under EIGRP (or OSPF) configuration.
  I hope this will help you (please rate if this is the case. Thanks.)

• UDP broadcast over multinetted VLAN

  We're having an issue with UDP broadcast over a VLAN that has three IP's configured on it.  This is on a Cat 6509.
  interface Vlan11
  description ZZZZ
  ip address 10.10.249.1 255.255.255.0 secondary
  ip address 10.10.250.1 255.255.255.0 secondary
  ip address 192.168.101.1 255.255.255.0
  no ip redirects
  ip pim sparse-mode
  The device broadcasting is 192.168.101.34.
  We've added the global config:
  ip forward-protocol udp 4444
  And we've tried interface commands like:
  ip helper-address 192.168.101.34
  and
  ip directed broadcast
  Nothing seems to help, though.  Are there any inherit limitations due to the multinet?  Devices on the 192.168.101.0/24 subnet receive the broadcast fine.  Devices on the other two subnets do not.  Basic routing between all subnets is fine.
  Thanks,
  Joe

  Hi John,
  If you're running 2008R2 DHCP, you can fix the DHCP issue that you're having by configuring a DHCP super scope on the DHCP server.  We ran into that problem too and managed to get DHCP working on all three subnets.  I know it works on 2008R2 but not sure on other versions.
  We're mandated to get off the 192.168.101.0 subnet; so, if we can't get it working this way we may need to do a complete cutover including re-IP-ing all devices involved in this dilemma.  It's more complicated than I'm stating as this is basically a troubleshooting step to see why it broke.  There's an application server involved, an audio streaming server, and some Barix devices.  We're attempting to get all the workstations cutover first when we ran into this issue.
  Thank you,
  Joe

• Getting Broadcast traffic from one 3745 to another

  The topology is simple. Three 3550 switches as the backbone tied together using spanning-tree layer 2 wire speed switching. Very simple stuff there. Introduce 3745 access routers, one attached to each 3550, each loaded with 16port ESW, 1 GigE GBic card, and a 8A/S card.
  The problem is we have systems that blow out broadcast traffic that needs to traverse accross all 16-ESWs. We have tried all manor of things but we can not get broadcast traffic to traverse the 1GE port. We can see packets hitting the interface but they are simply getting dropped on the floor.
  I can go into more detail if needed but we think we're missing a painfully simple detail. Perhaps something to do with L3 and L2? Perhaps something to do with bridge groups or vlans or helper protocols?
  Any wisdom to help us out would be greatly appreciated!

  Dwayne
  As you probably already know, the helper-address is configured on the interface that receives the broadcast to be forwarded. So if the broadcast source is in a 16ESW then I would expect the helper address to be configured on whatever interface (probably virtual) repersents the layer 3 interface for those layer 2 ports.
  The function of helper address is that it takes a broadcast packet and forwards to some destination address. The general assumption is that the destination address will be unicast. The destination address can be a subnet broadcast (directed broadcast) and I assume that this is what you are trying to do. Is this correct? If so then be sure that you have ip directed-broadcast enabled on the interface where the destination subnet is located.
  Another potential issue is identification of broadcast packets to be forwarded. Helper address is not intended to forward ALL broadcasts. There is a group of protocols that are enabled by default (DHCP, TFTP, etc). If the broadcast packets that you want to forward are not one of these default protocols then you need to use the ip forward-protocol udp command which would be configured on the interface receiving the initial broadcast (the same interface as the helper-address).
  You probably have these already. But I can not find a good description of what is configured where and thought that a review of these principles might be helpful.
  It probably would be quite helpful to post configs of at least one 3745 and also its associated 3550. If you do not want to post these on the forum please feel free to EMail them to me. My EMail address is available from my forum profile.
  HTH
  Rick