已解决: 禁止255.255.255.255本地广播

fitwate · ‎11-18-2014

本帖最后由 fitwate 于 2014-11-19 12:13 编辑
设备型号如下
WS-C3750X-24 12.2(55)SE5 C3750E-UNIVERSALK9-M
配置两个vlan vlan10 和vlan20
interface Vlan10
ip address 192.168.10.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan20
ip address 192.168.20.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
个人理解 255.255.255.255 只会在同一个vlan能转发，不会转发到其他vlan，我已经关闭proxy-arp
现在出现一个情况在vlan10 一台服务器发送udp 255.255.255.255 广播，能收到vlan20主机的回复，不知道还需要关闭什么？
如何设置才能让udp 255.255.255.255 广播在同一个vlan 转发
现在初步解决是在vlan接口上面做访问控制列表禁止udp any any

martinchow · ‎11-18-2014

Hello,
1, Router does not forward the broadcast packets (255.255.255.255) default, but if you enable some features like "dhcp reply", it will encapsulate this broadcast into an unicast packet and sends out.
2, Router does not forward ip directed broadcast packets (192.168.0.255/24), but you can add/remove command "ip directed broadcast" to enable/disable ip directed broadcast packets.
3, "proxy-arp" is not related to this issue and i didn't see any other features may forward this full 255 broadcast packets.
4, how do you confirm this full 255 broadcast are forwarded to another broadcast domain? have you done any packet capture in the server side to confirm the source ip address of reply packets?
link for your reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/12-4/iap-12-4-book/iap-bph.html#GUID-450745FD-8543-44BF-985C-2D0F83D40F0C
Hope this helps.
martin

在原帖中查看解决方案

martinchow · ‎11-18-2014

Hello,
1, Router does not forward the broadcast packets (255.255.255.255) default, but if you enable some features like "dhcp reply", it will encapsulate this broadcast into an unicast packet and sends out.
2, Router does not forward ip directed broadcast packets (192.168.0.255/24), but you can add/remove command "ip directed broadcast" to enable/disable ip directed broadcast packets.
3, "proxy-arp" is not related to this issue and i didn't see any other features may forward this full 255 broadcast packets.
4, how do you confirm this full 255 broadcast are forwarded to another broadcast domain? have you done any packet capture in the server side to confirm the source ip address of reply packets?
link for your reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/12-4/iap-12-4-book/iap-bph.html#GUID-450745FD-8543-44BF-985C-2D0F83D40F0C
Hope this helps.
martin

fitwate · ‎12-21-2014

martinchow 发表于 2014-11-21 23:15
Hello,
1, Router does not forward the broadcast packets (255.255.255.255) default, but if you ena ...

Thanks，前三条确认没有，该关闭的都关闭了，第四条我要看看了