Skip navigation
Login   |   Register
Cisco Learning Home > CCDA Study Group > Discussions
45155 Views 5 Replies Latest reply: Jan 25, 2011 8:24 AM by ericleahy - CCNP, CCDP, CCNA SEC RSS

Currently Being Moderated

IP directed-broadcast command?

Jan 25, 2011 1:06 AM

ericleahy - CCNP, CCDP, CCNA SEC 206 posts since
Jan 8, 2010

Hey all,

 

Just need a little clarity on the interface command "ip directed-broadcast" command. Am I right in thinking that when this command is enabled on a router interface, it will accept an IP broadcast packet and forward it out another interface in a layer 2 broadcast frame??

 

Just a little mixed up on this one, thanks guys

 

Regards

Eric

  • Addy 106 posts since
    Oct 21, 2009

    Hi Eric,

     

    Directed broadcast, as opposed to all 1s broadcast (255.255.255.255)  or link local broadcast, is a broadcast directed to a specific subnet only. For instance a broadcast sent to the IP address 192.168.0.255/24 is a broadcast to that particular subnet 192.168.0.0/24. Since it can be exploited for Smurf attacks (DoS), ip directed broadcast is disabled by default in the 12.x IOS versions.

     

    There're some applications such as WoL, backups or other management tasks, for which directed broadcasts are enabled, but with an ACL defining the source & destination of the directed broadcast.

     

    If you're part of say 10.0.0.0/24 subnet & an upstream router had 192.168.0.0/24 subnet attached to it, you'll send a directed broadcast to the address 192.168.0.255/24 & the router will relay it to the destination subnet. The packets will be routed like any other packets until it hits the destination router, which will send the broadcast from the interface which has the destination network directly attached to it.

     

    hth

    Join this discussion now: Login / Register
  • Eric, makes sense to me.  Packets get wrapped with a layer 2 header when sent out on L2 media regardless.  In this case they mean it's wrapped and sent with a destination MAC of all-hosts. 

    Join this discussion now: Login / Register
  • Jared 5,547 posts since
    Jul 27, 2008

    Hi Eric,

     

    I think that description is pretty accurate though.  I ran into IP directed broadcast a few years back when we wanted to start sending Wake On Lan packets across subnets.  A wake on lan packet is really just a layer 2 broadcast to tell the machines to power up.  Well, because it is a layer 2 broadcast, you have to be in the same subnet as the machine that you want to wake up.

     

    Well, with an IP directed broadcast, I can encapsulate that layer 2 broadcast into a layer 3 packet, send it to the intended IP subnets and then when it reaches its destination, the router will stip the IP information and reveal the broadcast Layer 2 frame.

     

    For all of the security issues there are with IP directed broadcast, there are good things too.  So, what I do is I enable IP directed broadcast, but protect it with an ACL so that only certain machines can send the IP directed broadcast.

    Join this discussion now: Login / Register

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)