Directed broadcasts on an interface
Which command configures directed broadcasts on an interface?
A. ip int broadcast
B. ipv6 unicast routing
C. ip helper address
D. ip directed-broadcast
any idea
regards
Neo
The answer is D, but not so good practice to use this method.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_c/1cprt2/1cipadr.htm
bye
FCS
Please rate me if I helped.
Similar Messages
-
Command " no ip directed-broadcast" ?
I configured a router interface E0 with command"ip address x.x.x.x y.y.y.y" only, but when I "show run", i found there's an extra command under E0(see below) which is "no ip directed-broadcast". I can't remove this line, not sure what this line is doing.
interface Ethernet0
description : connect to O6LXC29OOBC01(switch)
ip address x.x.x.x y.y.y.y
no ip directed-broadcastWayne
Jon has provided a good discussion of ip directed-broadcast and the reasons why many people want to disable this. I would like to add a small supplement to his explanation about why it is in the config.
The command is added to the configuration by the IOS. As you comment you did not type it in but it is in the config automatically. A little background may help explain why IOS does automatically put this command into the config.
In earlier versions of IOS the default was to enable directed broadcasts (and in general people thought that it was a good feature). But as networks grew and as we faced more threats and network attacks people began to recognize the security weakness of directed-broadcast and began to want to turn it off. And at some point Cisco changed the default. Now the default is no ip directed-broadcast. And Cisco now automatically adds that to the configuration to be clear about what the behavior of the router will be.
Cisco has done this kind of thing for several commands where the default behavior has changed - to automatically insert into the config the command for the default that has changed (for example putting subnet-zero into the config).
If you want to remove the command no ip directed-broadcast from the configuration you can put ip directed-broadcast into the interface configuration and it will remove the no ip directed-broadcast. (of course it will insert the ip directed-broadcast under the interface configuration)
HTH
Rick -
Directed broadcast and unicast
Hi all ,
below is an excerpt from the link http://www.cisco.com/web/techdoc/dc/reference/cli/nxos/commands/l3/ip_directed-broadcast.html
A device that is not directly connected to its destination subnet forwards an IP directed broadcast in the same way it would forward unicast IP packets destined to a host on that subnet. When a directed broadcast packet reaches a device that is directly connected to its destination subnet, that packet is broadcast on the destination subnet. The destination address in the IP header of the packet is rewritten to the configured IP broadcast address for the subnet, and the packet is sent as a link-layer broadcast.
here is my question
When server on serverfarm switch sending a wol packet ( ip directed broadcast 10.0.7.255 ), it would forward like a unicast packet .
The unicast packet will be routed through the core to the distribution . So as i understand i don't need to do any configuration changes on the core .
The changes required only on distribution and serverfarm .
Please correct me i am wrong .
My configurations are below
Serverfarm
Interface vlan 10
Ip add 192.168.80.2 255.255.255.0
host
Distribution
Interface vlan 100
Ip add 10.0.7.2 255.255.255.0
Serverfarm switch
interface vlan 10
ip helper-address 10.0.7.255
Distribution switch
access-list 102 permit udp host 192.168.80.10 any eq 7
ip forward-protocol udp 7
interface vlan 100
ip directed broadcast 102Most tools to generate WoL Magic Packets send them as UDP datagrams and set the destination IP to the limited broadcast address 255.255.255.255, thus those Magic Packets are never routed (Scope = local subnet).
Thats why you need in this case the ip-helper command, which converts (local) UDP broadcasts of serveral well-known protocols (DHCP, TFTP, DNS, NetBIOS, TACACS) into unicasts and then forwards them to the helper address.
Since the portnumbers typically used by WoL tools (7, 9) are different from those used by the well-known protocols, you'd also need the 'ip forward-protocol udp <number>' command to make it work.
If I understand you correctly, your WoL tool allows you to set the destination IP to a directed broadcast IP. In this case you don't need any additional configuration because directed broadcast IPs are routable.
HTH
Rolf -
Hi friends ,
access-list 102 permit udp host 192.168.80.10 any eq 7
ip directed-broadcast 102
1 ) Why we do not need to specify a direction ( in or out ) when an access list associated with directed-broadcast ( ip directed-broadcast 102) command .
2) if there is an existing access-list as below ,
Interface vlan 100
Ip add 10.0.7.2 255.255.255.0
ip access-group testing out
ip directed-broadcast 102
Q. W hat is the processing order of the access-list
Q .Can club the access list ?
Q.if i cannot club the access list do i need to add the line (permit udp host 192.168.80.10 any eq 7 ) again in the access list 'testing '
ThanksHi Rick
" 1) you do not need to specify a direction when using an access list with directed broadcast because directed broadcast is, by definition, about incoming traffic. " .
(access-list 102 permit udp host 192.168.80.10 any eq 7)
Interface vlan 100
Ip add 10.0.7.2 255.255.255.0
ip access-group testing out
ip directed-broadcast 102
As per the above access list the source ip is (192.168.80.10) . If the direction is 'in' , the source will not match and the ACL will simply drop the traffic from 192.168.80.10 . To match the source ip, the ip must be one from the interface vlan subnet ( 10.0.7.0 /24).
Please correct me i am wrong
2 ) What is the difference between the below lines .
permit udp host 192.168.80.10 any eq 7
permit udp host 192.168.80.10 eq 7 any
Thank you -
I have a 2901K9 router at a remote location. Insite Interface = 10.10.10.1/24 Outside Interface = 20.20.20.1/24
I have set "no ip directed boradcast" on both interfaces. ( I think it's the default settings)
But still when I ping 20.20.20.255 I get a reply from 10.10.10.1
How can I disable this?I am aware of ip directed broadcast. My question is why is it not affective inspite of having the command at interface level?
I have a router at the remote location.
Inside Interface = 10.10.10.1/24 Outside Interface = 20.20.20.1/24
I have set "no ip directed boradcast" on both interfaces. ( I think it's the default settings in the latest IOS)
But still when I ping 20.20.20.255 from my location, I get a reply from 10.10.10.1 which is the inside interface of the remote router. -
Command precedence ip helper-address ip directed-broadcast
Of the two commands ip helper-address ip directed-broadcast, which takes precedence when a broadcast arrives?
Posted by WebUser Lance Macdonald from Cisco Support Community AppI think there is not really any precedence.
The usage guidelines of the ip helper-address command states:
The following conditions must be met for a UDP or IP packet to be able to use the ip helper-address command: The MAC address of the received frame must be all-ones broadcast address (ffff.ffff.ffff). The IP destination address must be one of the following: all-ones broadcast (255.255.255.255), subnet broadcast for the receiving interface (...)
That means that the ip helper has no effect when a directed broadcast is received from another subnet; it has to be a layer-2 broadcast from the local subnet.
If you enable directed broadcasts and send a UDP packet to the subnet's broadcast address as a layer-2 broadcast frame and UDP forwarding is enabled for the port I'd assume that
- an ip unicast packet is send to the configured helper
- an all-ones broadcast is send within the local subnet
Best regards
Rolf
Btw: Why did you post that in the Data Center - Application Networking section? -
Wake on LAN - ip directed broadcast
We're looking at deploying a Wake-on-LAN solution for software distribution. The first alternative to distribute the 'magic packet' is enabling 'ip directed-broadcast' in each router, which presents a security risk (man in the middle attack, ARP table poisoning), the second alternative is to extend ARP aging time in the routers which presents the same security risk.
My question is, how can be this security risk reduced or minimized (options I've heard of: 'dynamic ARP inspection' in the switches, ACL on the router associated with the ip directed-broadcast command allowing only software distribution servers to convert directed-broadcast packets into unicast packets). I have a concern extending ARP aging time and its impact with current or future application.
I'll appreciated any comment. Thanks.IP directed broadcasts are used in the popular "smurf" denial-of-service attack and derivatives thereof. An IP directed broadcast is a datagram that is sent to the broadcast address of a subnet to which the sending machine is not directly attached. The directed broadcast is routed through the network as a unicast packet until it arrives at the target subnet, where it is converted into a link-layer broadcast. Because of the nature of the IP addressing architecture, only the last router in the chain, the one that is connected directly to the target subnet, can conclusively identify a directed broadcast. Directed broadcasts are occasionally used for legitimate purposes, but such use is not common outside the financial services industry. In a "smurf" attack, the attacker sends Internet Control Message Protocol (ICMP) echo requests from a falsified source address to a directed broadcast address, causing all the hosts on the target subnet to send replies to the falsified source. By sending a continuous stream of such requests, the attacker can create a much larger stream of replies, which can completely inundate the host whose
address is being falsified. If a Cisco interface is configured with the no ip directed-broadcast command, directed broadcasts
that would otherwise expand into link-layer broadcasts at that interface are dropped instead.
If you are behind a firewall and are confident in your security policy, then I don't see this as being a problem. -
How to enable directed broadcast in an RVS4000
I have two plant automation networks lets say A/24 and B/24 without comm between them, and as per the menufacturers of the atutomation controllers, the routers between them have to be able to direct broadcast.
How to do it with a RVS4000?i know that for specifying attachment u should set it in header like this
res.setContentType("application/pdf");
res.setHeader("Content-Disposition","attachment;filename=7444.pdf;");
creating DSN on server from another pc i think that can be done only by using PC anywhere which should be installed on both server and client with this u may control the server from your local machine -
NetBIOS broadcast traffic not directed to all network interfaces
Hi folks,
Using a packet sniffer (WireShark), I've found that my Mac broadcasts NetBIOS Name Service (NBNS) traffic over my en1 (WiFi) interface but not over the ppp0 interface used for my Mac's PPTP VPN client connection. As I'm experimenting with enabling Windows computer names over a PPTP VPN from my Mac I was wondering... how can I configure my Mac to direct NBNS traffic over the ppp0 interface?
Thanks,
ShaunIGMP snooping may be enabled by default on the 6509. Disabling it may solve your problem.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/snooigmp.htm#wp1020466 -
Using the FCB1010 direct, or through an Interface
Hi,
I am wish to use my Mac to create the effects I wish to use for my playing (guitar) with Logic and Mainstage. I will need a foot controller, so I am considering the FCB 1010 (as many have). I will also be purchasing an interface which will allow me to record, and sing. I have a couple of questions:
1 - is it better to plug the FCB1010 directly into the computer when using it with mainstage, or can I use the MIDI IN/OUTs on the interface?
2 - would I be better of sending the output of the interface to my aplifiers, or powered monitors?
3 - if I had a mc + the pedal baord plugged into the interface (assume the answer to 1 allows me to do this), will the output of both go to the lineouts of my interface (say a presonus for example...)
4 - if the answer to 3 is yes: would I be better with a Firewire or would a USB interface be ok (I understand that firewire is always better for latency, but if I could use a USB with satisfactory results... that may be ok)Hi RLRL,
1 - you can only connect FCB1010 by MIDI IN/OU not USB (directly). But it´s very easy. Any hardware with MIDI IN/OUT can be connected to the FCB1010.
2- Depending on what you want to do. Please be more specific (use a guitar amp, use monitors in studio)
3 - In Mainstage/Logic you can configure and route any input to any output of your audio interface. So yes
4 - The answer is: firewire BUT there´s no diference if you just use a few tracks in/out USB is most capable, but use firewire, and if you do that you can still leave a free USB slot for others things
Hope i´ve helped you.
Bruno Filipe -
EzVPN sometimes ping only in one direction or only one interface
Guys, I have lots of 857's routers in the field with mostly the latest OS - 12.4(15)T17 making ezVPN connections to a 2951 with 15.1(4)M5.
All the 857's have lookback and vlan interfaces similar to :
interface Loopback0
ip address 50.43.8.1 255.255.255.255
ip tcp adjust-mss 1452
end
interface Vlan1
ip address 40.43.8.1 255.255.255.128
ip tcp adjust-mss 1452
crypto ipsec client ezvpn SMS_VPN inside
end
This is my Dialer interface :
interface Dialer0
ip ddns update hostname my_custom_host_name
ip ddns update SMS_DynDNS
ip address negotiated
ip access-group 102 in
ip access-group 101 out
ip mtu 1492
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
ppp authentication chap pap callin
ppp chap hostname my_hostname
ppp chap password 0 my_password
ppp pap sent-username my_hostname password 0 my_password
ppp ipcp dns request accept
crypto ipsec client ezvpn SMS_VPN
And their crypto's are defined as :
crypto ipsec client ezvpn SMS_VPN
connect auto
group HW_Client key my_client_key
mode network-extension
peer my_peer_ip
acl 100
username my_username password my_password
xauth userid mode local
Now lately for some or other reason we have instances where I can ping either the VLAN or the LOOPBACK interface, but not both. Or I have instances where the 2951 can ping all the interfaces on the 857, but the 857 can not ping the 2951. Or I have instances where the 2951 can not ping the 857, but the 857 can ping the 2951.
The way I have been fixing this is either to add crypto ipsec client ezvpn SMS_VPN inside to the loopback interface, or if it is there already to remove it. This usually works for a few days, but then suddenly I have to reverse this again. If that does not work then I usually do lots of clear crypt sess and/or clear crypt ipsec client ezvpn on the 857, or clear crypt sess remote 857_ip_address from the 2951 and then suddenly it starts working again.
Surely there must be something wrong, but I just can not figure out what. Any ideas ?!Bump ... Anyone please ...
-
Direct methods access of interfaced object
Hi, gurus!
My situation like this:
IHost.as:
Code:
public interface IHost {
function doSomething() : void;
Host.as:
Code:
import IHost;
public class Host implements IHost {
public function doSomething() : void { trace("doSomething"); }
public function doAnotherThing() : void { trace("doAnotherThing"); }
public function loadChild() : void {
var loader : Loader = new Loader();
with (loader.contentLoaderInfo) {
addEventListener(SecurityErrorEvent.SECURITY_ERROR, onChild);
addEventListener(IOErrorEvent.IO_ERROR, onChild);
addEventListener(Event.COMPLETE, onChild);
var context : LoaderContext = new LoaderContext();
context.applicationDomain = ApplicationDomain.currentDomain;
context.securityDomain = SecurityDomain.currentDomain;
loader.load(new URLRequest("Child.swf"), context);
public function onChild(event : Event) : void {
event.target.content.testIt(this);
Child.as:
Code:
import IHost;
public class Child extends Sprite {
public function testIt(host : IHost) : void {
// call method 1
host.doSomething(); // It works...
// call method 2
Object(host).doAnotherThing(); // It also works!!!
And the question is - how I can allow "call method 1", but deny "call method 2" from loaded objects? I cant declare doAnotherThing method as private - i need it in other chasses (not loaded) to be public...just what are you asking?
if you pass a host instance (and the testIt() method in the Child class should be passed a Host instance not an IHost instance), all the public methods of the Host class will be available to that instance.
i'm not sure what role casting that instance as an object is supposed to have. -
Having an issue adding network to eigrp
I'm doing a class project using a network simulator and am asked to: Design and implement an network for company RoutersCourseMatters. The names of the department names at this company are Faculty, Staff, and Students. For security reasons, each department must be isolated from each other's broadcast domain on the network. The Faculty have 50 end devices that need to be connected to the network. Staff has 26 end devices and the Students have 100 end devices. The network spaced provided by the ISP is 192.168.0.0/24. The dynamic protocol used for this network must be for Cisco-only equipment. Test each department network with just one end device and ensure full connectivity across the entire network
So we have our network topology setup for the class project(see picture attached). We are using one router for faculty+staff. Faculty has ip/mask of 192.168.0.1/26 and staff is: 192.168.0.65/27. we have a seperate router for students which the IP subnet for students is 192.168.0.150/25. The routers are directly connected and are using ips 192.168.0.98/29 & 192.168.0.100/29 so since the two routers are directly connected on the same subnet they have no issue pinging each other. The problem is pinging hosts from a subnet to hosts on a different subnet. When I try and add ANY 192.168.0.* subnet to eigrp it instead adds 192.168.16.* network. For instance on the faculty/student router if i do a 'router eigrp 1' command followed by 'network 192.168.0.0 0.0.0.63' it shows network 192.168.16.0 has been added to eigrp under show run. here is show run command:
faculty/staff Con0 is now available
Press RETURN to get started!
faculty/staff>en
faculty/staff#show run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname faculty/staff
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
description blank
ip address 192.168.0.65 255.255.255.224
no ip directed-broadcast
interface FastEthernet0/1
description link to switch
ip address 192.168.0.1 255.255.255.192
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.20.2 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.98 255.255.255.248
no ip directed-broadcast
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.16.0
network 192.168.20.0
no auto-summary
ip classless
no ip http server
no ip http secure-server
control-plane
line con 0
line aux 0
line vty 0 4
login
line vty 5 1180
login
scheduler allocate 20000 1000
end
faculty/staff#config t
Enter configuration commands, one per line. End with CNTL/Z
faculty/staff(config)#router eigrp 1
faculty/staff(config-router)#network 192.168.0.0 0.0.0.63
faculty/staff(config-router)#exit
faculty/staff(config)#exit
faculty/staff#show run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname faculty/staff
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
description blank
ip address 192.168.0.65 255.255.255.224
no ip directed-broadcast
interface FastEthernet0/1
description link to switch
ip address 192.168.0.1 255.255.255.192
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.20.2 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.98 255.255.255.248
no ip directed-broadcast
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.16.0
network 192.168.20.0
no auto-summary
ip classless
no ip http server
no ip http secure-server
--More--
project.jpg
Reply Reply to Main Discussion
Cody Robinson
Cody Robinson
2:36pm
Here is 'show ip eigrp topology' on staff/faculty router:
faculty/staff Con0 is now available
Press RETURN to get started!
faculty/staff>en
faculty/staff#show ip interface
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.0.65/27
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
FastEthernet0/1 is up, line protocol is up
Internet address is 192.168.0.1/26
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Serial0/0/0 is down, line protocol is down
Internet address is 192.168.20.2/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Serial0/0/1 is administratively down, line protocol is down
Internet protocol processing disabled
Serial0/1/0 is administratively down, line protocol is down
Internet protocol processing disabled
Serial0/1/1 is up, line protocol is up
Internet address is 192.168.0.98/29
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
faculty/staff#show ip eigrp ?
<1-65535> Autonomous System
accounting IP-EIGRP Accounting
interfaces IP-EIGRP interfaces
neighbors IP-EIGRP neighbors
topology IP-EIGRP Topology Table
traffic IP-EIGRP Traffic Statistics
vrf Select a VPN Routing/Forwarding instance
faculty/staff#show ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(192.168.20.2)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 192.168.0.0/26, 1 successors, FD is 2172416
via Connected, FastEthernet0/1
P 192.168.0.64/27, 1 successors, FD is 2172416
via Connected, FastEthernet0/0
P 192.168.0.96/29, 1 successors, FD is 2172416
via Connected, Serial0/1/1
faculty/staff#
Cody Robinson
Cody Robinson
2:37pm
Here is show run on students router:
Students Con0 is now available
Press RETURN to get started!
Students>sh run
^
% Invalid input detected at '^' marker.
Students>en
Students#sh run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Students
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
no ip address
no ip directed-broadcast
shutdown
interface FastEthernet0/1
description link to switch
ip address 192.168.0.150 255.255.255.128
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.10.1 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.100 255.255.255.248
no ip directed-broadcast
clockrate 2000000
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.10.0
ip classless
no ip http server
no ip http secure-server
control-plane
line con 0
line aux 0
line vty 0 4
login
line vty 5 1180
login
scheduler allocate 20000 1000
end
Students#Hello lolwar,
From your setup and description you provided I see some mismatch in IP subneting you calculated.
For instance in your diagram you have networks 192.168.0.0/26 (FACULTY), 192.168.0.64/27 (STAFF), 192.168.0.96/29 (point-to-point link between routers) and 192.168.0.128/25 (STUDENTS).
First, you're wasting IP addresses, because you have unused space between point-to-point link and STUDENTS subnet. It's a good practice, when calculating subnets first calculate the biggest, subnet, then smaller one until the smallest one (usually some point-to-point cross-connects). For more about this see this guide.
Now, the issue I see as the most important is, that you have in your diagram networks as I mentioned above, but into your EIGRP process you're adding completely different subnets (192.168.16.x, 192.168.20.x,...).
I entered following:
STUDENT ROUTER =------------>
router eigrp 1
network 192.168.0.96 0.0.0.7
network 192.168.0.128 0.0.0.127
FACULTY/STAFF ROUTER =------------->
router eigrp 1
network 192.168.0.0 0.0.0.63
network 192.168.0.64 0.0.0.31
network 192.168.0.96 0.0.0.7
And all works just fine, computer's are able to ping each other. Also although it's not necessary, it's good to includes network wildcard mask into the "network" command under EIGRP (or OSPF) configuration.
I hope this will help you (please rate if this is the case. Thanks.) -
UDP broadcast over multinetted VLAN
We're having an issue with UDP broadcast over a VLAN that has three IP's configured on it. This is on a Cat 6509.
interface Vlan11
description ZZZZ
ip address 10.10.249.1 255.255.255.0 secondary
ip address 10.10.250.1 255.255.255.0 secondary
ip address 192.168.101.1 255.255.255.0
no ip redirects
ip pim sparse-mode
The device broadcasting is 192.168.101.34.
We've added the global config:
ip forward-protocol udp 4444
And we've tried interface commands like:
ip helper-address 192.168.101.34
and
ip directed broadcast
Nothing seems to help, though. Are there any inherit limitations due to the multinet? Devices on the 192.168.101.0/24 subnet receive the broadcast fine. Devices on the other two subnets do not. Basic routing between all subnets is fine.
Thanks,
JoeHi John,
If you're running 2008R2 DHCP, you can fix the DHCP issue that you're having by configuring a DHCP super scope on the DHCP server. We ran into that problem too and managed to get DHCP working on all three subnets. I know it works on 2008R2 but not sure on other versions.
We're mandated to get off the 192.168.101.0 subnet; so, if we can't get it working this way we may need to do a complete cutover including re-IP-ing all devices involved in this dilemma. It's more complicated than I'm stating as this is basically a troubleshooting step to see why it broke. There's an application server involved, an audio streaming server, and some Barix devices. We're attempting to get all the workstations cutover first when we ran into this issue.
Thank you,
Joe -
Getting Broadcast traffic from one 3745 to another
The topology is simple. Three 3550 switches as the backbone tied together using spanning-tree layer 2 wire speed switching. Very simple stuff there. Introduce 3745 access routers, one attached to each 3550, each loaded with 16port ESW, 1 GigE GBic card, and a 8A/S card.
The problem is we have systems that blow out broadcast traffic that needs to traverse accross all 16-ESWs. We have tried all manor of things but we can not get broadcast traffic to traverse the 1GE port. We can see packets hitting the interface but they are simply getting dropped on the floor.
I can go into more detail if needed but we think we're missing a painfully simple detail. Perhaps something to do with L3 and L2? Perhaps something to do with bridge groups or vlans or helper protocols?
Any wisdom to help us out would be greatly appreciated!Dwayne
As you probably already know, the helper-address is configured on the interface that receives the broadcast to be forwarded. So if the broadcast source is in a 16ESW then I would expect the helper address to be configured on whatever interface (probably virtual) repersents the layer 3 interface for those layer 2 ports.
The function of helper address is that it takes a broadcast packet and forwards to some destination address. The general assumption is that the destination address will be unicast. The destination address can be a subnet broadcast (directed broadcast) and I assume that this is what you are trying to do. Is this correct? If so then be sure that you have ip directed-broadcast enabled on the interface where the destination subnet is located.
Another potential issue is identification of broadcast packets to be forwarded. Helper address is not intended to forward ALL broadcasts. There is a group of protocols that are enabled by default (DHCP, TFTP, etc). If the broadcast packets that you want to forward are not one of these default protocols then you need to use the ip forward-protocol udp command which would be configured on the interface receiving the initial broadcast (the same interface as the helper-address).
You probably have these already. But I can not find a good description of what is configured where and thought that a review of these principles might be helpful.
It probably would be quite helpful to post configs of at least one 3745 and also its associated 3550. If you do not want to post these on the forum please feel free to EMail them to me. My EMail address is available from my forum profile.
HTH
Rick
Maybe you are looking for
-
Hi Is possible put more than a hint in Select ? How can I do ?
-
My battery health went from 88% to 77% in less than ONE DAY!!!
my battery health is decreasing and so is my usage time .. help!
-
Itunes install wizard launching when not needed.
Hello, I have the latest version of Itunes successfully loaded on my windows XP laptop. I recently needed to use the USB port that I keep my IPOD plugged into for a USB thumb drive. Now when I connect my IPOD to my laptop the install wizard pops up.
-
Just received my brand new Macbook Pro and got it set up easily. I'm sure this is probably a settings issue but I'm noticing that the screen (desktop) keeps "dimming" in and out. Any suggestions? Thx.
-
Unable to use .(propertyNameHere) all the sudden
So there I am testing a script using a typical $service = get-service followed by $service.name and nothing. I get confused and hit $service and there is everything. I try a few different commands and get the same result. For some reason I cannot