Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
574
Views
0
Helpful
3
Replies

no ip forward-protocol command

rayray221
Level 1
Level 1

‎12-10-2003 10:05 AM - edited ‎03-02-2019 12:15 PM

I have 14 vlans with routing enabled between them. I also have two dhcp/dns servers in my "server" vlan. I currently have the ip helper command in my config for both servers and was wondering the impact of the no ip forward-protocal command. How would I disable all forwarding except the DHCP udp packets? Do I need any of the other packets forwarded? I use a WINS server with hybrid connections from my clients, DNS if I'm not mistaken is a unicast, and the other protocols seem irrelevant. I guess I'm a little confused about the ip helper and ip forward-protocol to start. Can someone please explain the benefits, if any, of having these packets forwarded to my DHCP/DNS server? Is it standard to block the other packets? Do I gain anything? Any documentation that specifically talks about the use of the commands would be helpful.

Thanks

Ray

Labels:
0 Helpful
3 Replies 3

prafuljaded
Level 3
Level 3

‎12-10-2003 11:18 AM

Once you define ip helper-address, ip udp forward-protocol is enabled and default ports as given in the doc are enabled. You can use the "no ip forward-protocol udp 37" for example if you u want to deny Time Server. If you want to allow any other ports in addition to these, u need to specify it specifically.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/rbook/rip.htm#xtocid2857336

0 Helpful

rayray221
Level 1
Level 1
In response to prafuljaded

‎12-10-2003 12:05 PM

I appreciate the responds but I don't think you answered my question completely. It what scenarios would I need to forward DNS, NetBIOS, Time protocol? I obviously need to forward the DHCP packets, but why would I ever need to send other broadcasted packets to my DHCP/DNS server if it can't do anyting with thoses packets. And do I need to forward DNS broadcasts if my users recieve the IP's of DNS servers from DHCP. Is DNS not a unicast.

Sorry if this sounds redundant.

Ray

0 Helpful

prafuljaded
Level 3
Level 3
In response to rayray221

‎12-10-2003 03:48 PM

There may be scenarios wherein there are multiple servers like DHCP,TFTP,DNS servers in a differnet vlan, subnet when the router converts UDP broadcasts into directed broadcasts by specifying multiple ip helper commands.

I am not sure about how exactly DNS/DHCP works in your scenario. You can try blocking these and see if it works fine.

0 Helpful
Customers Also Viewed These Support Documents