cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4588
Views
4
Helpful
15
Replies

How do Cisco SNMP agents respond to a broadcast request?

rsgamage1
Level 3
Level 3

Hi,


Can Cisco switches/routers be discovered by any SNMP NMS on their broadcast IP addresses?

Came across an external link saying that they drop SNMP requests on subnet broadcast addresses.

Q:2.60.12

http://www.snmp.com/FAQs/snmp-faq-part2.txt

What is the typical behavior?

Thanks.

1 Accepted Solution

Accepted Solutions

A need for it?  You mean a use for it?  I think some people like to use it for SNMP discoveries (i.e. finding new SNMP hosts/devices on their network).  However, as I said, many network management systems do not support broadcast addresses (e.g. CiscoWorks no longer supports them, and hasn't since ~ 1998).

View solution in original post

15 Replies 15

Joe Clarke
Cisco Employee
Cisco Employee

The typical behavior is to drop SNMP requests to broadcast addresses.  Most SNMP managers could not handle such responses (i.e. those from multiple devices at the same time) anyway.

NMS would receive multiple responses only if "ip directed broadcast" is ON, The question here is when this feature is OFF(default behavior) should a switch/router respond to SNMP queries coming onto its subnet broadcast IP?

In this case, the behavior could be a bit erratic (see CSCsr09033).  Basically, some IOS devices will respond to broadcasts, but include the source address as the directed broadcast IP (e.g. 10.1.1.255).  Others will not.  However, once this bug is fixed in a given platform, the behavior will be consistent in that the device will respond to the broadcast, and pick a resonable source IP address.

Eventually the behavior is aganst the statement made on http://www.snmp.com/FAQs/snmp-faq-part2.txt;isn't it?

i.e. Cisco routers respond to SNMP requests on subnet broadcast addresses.

Is there any application/network specifc requirement to do so?

Is there a specific need for the router to respond to SNMP queries on the broadcast address ?

A need for it?  You mean a use for it?  I think some people like to use it for SNMP discoveries (i.e. finding new SNMP hosts/devices on their network).  However, as I said, many network management systems do not support broadcast addresses (e.g. CiscoWorks no longer supports them, and hasn't since ~ 1998).

Thanks for your response. Still not clear yet why would a router need to respond to snmp queries on its broadcast address especially when ip directed  broadcast is OFF. Of course different NMS behave differently and as you have mentioned most of them do not support broadcast addresses.

The RFC leaves this detail up to the specific implementation.  Some vendors may want to respond to broadcast request to facilitate multi-device management with fewer request packets.

>>The RFC leaves this detail up to the specific implementation

Could you specify in which RFC exactly?

Thanks a lot for your thoughts already.

The SNMP RFC is 1157.  The RFC does not explicitly say how broadcast requests should be handled, so this implementation van vary from vendor to vendor.

Yes, but RFC 2644 does say that subnet
broadcasts must not be received and/or forwarded if the directed-broadcast feature is OFF which is the default behavior; Therefore hosts must not respond to broadcast requests irrespective of the application protocol in question.

Thanks a lot for your thoughts

See http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp1081245 .  The "no ip directed-broadcast" command prevents a router from exploding directed broadcasts on the interface directly connected to the subnet in question.  It doesn't affect whether or not the router will process an incoming broadcast.  For example, if I am connected to a device, and I send a subnet broadcast ping (e.g. 10.1.1.255), the device will respond even if "no ip directed-broadcast" is configured.

Surely, however it's not what RFC(2644) says. I've also tested this in lab to verify what was mentioned in that link. So it deviates from the standard,right?

The RFC states that if an option exists to allow for receipt of directed broadcasts, then that option should be disabled by default.  I do not believe IOS has such an option.  It only has the option to disable FORWARDING of directed broadcasts, and that is disabled by default.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco