C3560 help

bjenkins6553 · ‎04-09-2012

Our configuration consists of a server and many devices that communicate with the server. The server can push files to the devices and collect data from the devices. The server issues a UDP discovery request in order to find all of the devices connected to it locally. After the devices are "discovered", the devices can be "registered" to that server so that all future data collection will be by that server. The problem we're having now is that a customer has devices in two plants, but only one server. The plant with the server is blocking UDP requests from leaving the plant, therefore the devices in the second plant are not detected by the server. It's possible to manually set the registered server on each device. Our customer is reporting that the devices can ping the server and that the server can

ping the devices. However, they are not able to collect data from the devices. I know this is awfully vague, but I don't know enough to knwo what questions to ask. Is it possible for the devices in the second plant to communicate with the server? Is there a port that must be opened for this to work? From what I understand they have a C3560 separating the two plants.

Reza Sharifi · ‎04-09-2012

There could be an access control list (ACL) blocking UDP ports from leaving the site. Check the switch to make sure there are no ACLs, or if there are any, they are not blocking the specific ports you need. By default, switches don't block anything.

acampbell · ‎04-10-2012

Hi,

If the remote site is layer 3 seperated then may be adding an ip helper to the remote sites IP broadcast address will forward the UDP discoveries.

Say server site in 10.0.100.0/24

Say remote site is 10.0.200.0/24

Server site

!

int vlan 100

ip add 10.0.100.254

ip helper-address 10.0.200.255

!

Regards

Alex

Regards, Alex. Please rate useful posts.

bjenkins6553 · ‎04-10-2012

Our customer is telling us they cannot, by law, allow UDP packets out of the building. They are in India. I don't think they can be flexible on this point. They must have another piece of equipment that is blocking UDP.

If the devices know the address of the registered server (this address can be set manually), is there any reason why a device could not send data to the server, even though the server cannot send a UDP discovery request to find the device?

bjenkins6553 · ‎04-10-2012

Alex, This IP helper looks like it's what we need, only in reverse. From what I understand, a DHCP request from a client can utilize the IP helper to contact the server. Is the reverse also true? Can a server utilize an IP helper to contact many clients?

acampbell · ‎04-10-2012

Hi Brent,

Ip Helper is used to forward UDP. (Including DHCP bootp etc)

To forward from a server to many remote devices which are on the same subnets you can make the

target address the subnet broacast ip address.

Like I posted earlier

Say server site in 10.0.100.0/24

connected via IP network to

Say remote site is 10.0.200.0/24

So at the server Server site

!

int vlan 100

ip add 10.0.100.254

ip helper-address 10.0.200.255

!

This will forward UDP requests from any device on subnet 10.0.100.0

to all devices on remote subnet 10.0.200.0

This command can bre used in conjunction with " ip forward-protocol" where you can allow or disallow certain UDP services like bootp,dns,tftp etc.

Have a wee look athis link link which shows the IP services commands

http://www.cisco.com/en/US/docs/ios/12_3t/ip_addr/command/reference/ip1_i1gt.html

I guess your issue is will you be allowed to use this method

Regards

Alex

Regards, Alex. Please rate useful posts.