Solved: Re: UDP broadcast issue (port 138) c3750

kurtdeneef · ‎05-24-2005

Hello,

I have a c3750 gigabit switch with IOS version 12.2(20)SE4 running on it.

i configured 4 VLANS on it with an ip-helper address. If i try to do the "net send" command to the whole domain from a pc in Vlan 1,it doesn't reach the other Vlan's...when i do a sniff, i can see there is a broadcast to the DHCP address 172.21.63.255 (source and destination port is 138 - Netbios datagram).

The ip-helper command takes care of automaticaly forwarding UDP netbios datagram (port 138) by the router...why doesn't it reach the other vlans then?

I could "add ip forward UDP 138" but i guess this will change nothing...

part of the config:

!

interface Vlan1

ip address 172.21.0.254 255.255.192.0

ip helper-address 172.21.127.255

!

interface Vlan2

ip address 172.21.64.1 255.255.192.0

ip helper-address 172.21.63.255

!

interface Vlan4

ip address 172.21.128.1 255.255.192.0

ip helper-address 172.21.63.255

!

interface Vlan5

ip address 172.21.192.1 255.255.192.0

ip helper-address 172.21.63.255

!

interface Vlan6

ip address 192.168.10.1 255.255.255.0

!

Anyone who can help?

Richard Burts · ‎05-24-2005

Actually there are two possibilities in using the ip helper-address. The more usual way to configure helper-address is as Milan has noted and use a unicast destination address. The other way is to put a subnet broadcast address as the destination. Both of these are legitimate ways to configure the helper-address.

There is one other dependency in using the subnet broadcast as the destination address and I believe this is what is causing the difficulty in the original post. What we are creating when we use the subnet broadcast as destination is a directed broadcast. In traditional IOS directed broadcast was enabled by default and a subnet broadcast destination worked. A while back Cisco changed the default (primarily to reflect security concerns about the potential impact of directed broadcast) and directed broadcast is now off by default. So if the configuration wants to use a subnet broadcast destination address, then the interface(s) where the servers are will need to include the configuration command:

ip directed-broadcast.

HTH

Rick

HTH

Rick

View solution in original post

aashish.c · ‎05-24-2005

Hi,

AFAIK "IP forward udp" command is not available on 3750. But you need to enable UDP flooding by some emans here. Read this good URL abt it, it will help you in understanding this better :

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs006.htm

regards

aashish C

milan.kulik · ‎05-24-2005

Hi,

AFAIK, the ip address configured in

ip helper-address a.b.c.d

should be a unicast (host) address.

The sense of this command is to transport broadcast requirements from one VLAN to a responding server placed in other VLAN.

Example:

Let's say you've got your DHCP server in VLAN2 with IP address 172.21.64.2/26.

If you need this DHCP server to provide IP addresses for PCs in VLAN1, you configure

interface Vlan1

ip address 172.21.0.254 255.255.192.0

ip helper-address 172.21.64.2

Your 3750 then takes the broadcast DHCP requirements from VLAN1 and sends them (encapsulated to unicast frames) to the server 172.21.64.2 (which has to be configured properly to provide IP addresses for VLAN1, too).

See

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12225sea/3750scg/swipaddr.htm#wp1042927

HTH,

Milan

kurtdeneef · ‎05-24-2005

Thanks for this feedback guys...but concrete...what can i do now...verifying if the dhcp in vlan 2 is properly configured?

is there a missing command in my config?

Kurt

Richard Burts · ‎05-24-2005

Actually there are two possibilities in using the ip helper-address. The more usual way to configure helper-address is as Milan has noted and use a unicast destination address. The other way is to put a subnet broadcast address as the destination. Both of these are legitimate ways to configure the helper-address.

There is one other dependency in using the subnet broadcast as the destination address and I believe this is what is causing the difficulty in the original post. What we are creating when we use the subnet broadcast as destination is a directed broadcast. In traditional IOS directed broadcast was enabled by default and a subnet broadcast destination worked. A while back Cisco changed the default (primarily to reflect security concerns about the potential impact of directed broadcast) and directed broadcast is now off by default. So if the configuration wants to use a subnet broadcast destination address, then the interface(s) where the servers are will need to include the configuration command:

ip directed-broadcast.

HTH

Rick

HTH

Rick

kurtdeneef · ‎05-25-2005

hmm,indeed...i will try that...but adding this command,is it on Vlan level (with the ip-helper command) or really the physical interface of where the servers are on?

I can't test it myself because i don't have the 3750.

And if it's at Vlan level,in my case it's only necessary on Vlan 1 and 2.Is this correct?

Thanks in advance for one more reply ;-)

Kurt

Richard Burts · ‎05-25-2005

Kurt

The ip directed-broadcast is needed on the destination interface not on the interface where the helper address is configured. So in your particular case where you have configured:

ip helper-address 172.21.63.255

the directed-broadcast would go on the interface where the 172.21.63.x address is configured.

HTH

Rick

HTH

Rick

8mchmelik · ‎07-26-2005

I had similar problem. Rick has noted very usefull advice. Now it works ! Warning: Don't use ip broadcast-address on same interfae as me :-( because it doesn't work together.

It is good practise to specify what kind of broadcast you want to allow. Let me summarize final configuration :

interface Vlan1

ip address 192.168.0.1 255.255.254.0

ip helper-address 192.168.2.255

!

interface Vlan2

ip address 192.168.2.1 255.255.255.0

ip directed-broadcast 138

!

access-list 138 remark Allow NET SEND messages

access-list 138 permit udp any eq netbios-dgm any eq netbios-dgm

this allow net send only from Vlan1 to Vlan2

Martin.