11-12-2024 02:58 PM
Hello,
I have an isolated "island" network used for controlling machine equipment. The software uses directed broadcast packets to discover and solicit responses from hosts on other subnets. Because of the nature of the software and network, we enable the ip directed-broadcast option on each of the vLAN interfaces. As a relevant note, we have two Cisco 9300 setup in a VRRP configuration to allow some resiliency in the event of a router failure.
During project startup two years ago, directed broadcast packets worked as designed. However, during a recent project where several new hosts were added to the network, I noticed the directed broadcast packets were not being routed to the appropriate subnet. We don't make too many changes to the switches, so I'm trying to understand why it no longer works. This is a pretty uncomplicated feature on a pretty simply network, so I'm at a loss.
From a host on GigabitEthernet1/0/1 (vLAN 10, 192.168.10.1/24),
From a host on GigabitEthernet1/0/2 (vLAN 11, 192.168.11.1/24):
I am able to ping 192.168.10.255 and 192.168.11.255 directly from the router, and I receive responses from all of the hosts on each subnet.
When I ping 192.168.10.255 from GigabitEthernet1/0/2 (vLAN 11, 192.168.11.1/24) or 192.168.11.255 from GigabitEthernet1/0/1 (vLAN 11, 192.168.11.1/24), I receive a timeout.
Any ideas? It baffles me that is used to work, and it no longer works...are there any other options in the switch that would stop ip directed-broadcast from working as designed? We have no ACLs implemented.
Below is the configuration for the primary switch in the VRRP setup.
Cisco 9300, IOS: 17.06.05
Sample Interfaces:
interface GigabitEthernet1/0/1
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 11
switchport mode access
...
...
...
...
interface GigabitEthernet1/1/1
switchport trunk native vlan 256
switchport mode trunk
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
switchport trunk native vlan 256
switchport mode trunk
vLAN configuration
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
ip directed-broadcast
vrrp 10 address-family ipv4
priority 110
preempt delay minimum 30
address 192.168.10.1 primary
exit-vrrp
!
interface Vlan11
ip address 192.168.11.1 255.255.255.0
ip directed-broadcast
vrrp 11 address-family ipv4
priority 110
preempt delay minimum 30
address 192.168.11.1 primary
exit-vrrp
Solved! Go to Solution.
11-12-2024 03:28 PM
There is a known bug in IOS-XE that requires an additional command in order to directed-broacast to work
interface Vlan10
ip address 192.168.10.1 255.255.255.0
ip directed-broadcast
ip network-broadcast
11-12-2024 03:28 PM
There is a known bug in IOS-XE that requires an additional command in order to directed-broacast to work
interface Vlan10
ip address 192.168.10.1 255.255.255.0
ip directed-broadcast
ip network-broadcast
11-13-2024 06:21 AM
Hello @Flavio Miranda
+5 - for this little piece of a cisco gotcha !
11-13-2024 05:13 AM
Thank you. This fixed the issue. It took some digging, but I now see it in the documentation:
The ip network-broadcast command must be configured at the ingress interface before configuring the ip directed-broadcast command at the egress interface. This ensures that the IP-directed broadcasts work correctly and prevents an outage from occurring after an upgrade.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide