helper address config

joeblough · ‎03-14-2005

We have an installation of Cisco Clean Access system. We purchased this product believing that the Clean Access Agent would communicate with the Clean Access Server across a router. It relies on a UDP broadcast on port 8905 using the SWISS protocol.

(my Google searches have turned up nothing on the SWISS protocol)

Today we tested the system with a client on one subnet and the server on another. In retrospect I shouldn't be surprised, but the client did not detect the server.

I'm wondering if there is a work around using helper addresses. What I would need is for the broadcasts from the server to be broadcast on the remote subnets. A helper address of 192.168.1.255. for instance.

However, as I understand it, the default for helper address redirect is limited to a number of ports such as dhcp, ntp, etc.

Is there a way to direct udp broadcasts on port 8905 from one subnet to broadcast to limited number of subnets (not globally) on a router?

Thanks for any input.

Richard Burts · ‎03-15-2005

If I understand your requirements it is possible to do what you need with a couple of commands.

You are correct that ip helper-address has a default group of ports that it forwards. And you can add additional ports using the ip forward-protocol command. So you would want to configure ip forward-protocol udp 8905 on the router where the server broadcasts are received that you want to forward.

The other issue that will impact you is the fact that you appear to want to forward the server broadcasts as broadcasts to the remote subnets. This is a directed broadcast. Directed broadcasts are disabled by default (they are considered somewhat of a security concern). You can enable directed broadcasts using the command ip directed broadcast. This needs to be configured on each interface where there are client stations who want to receive the server broadcasts.

HTH

Rick

HTH

Rick