Solved: Re: ip helper-address - Defining what to forward

rileymartin · ‎03-01-2008

Hi,

I setup ip helper-address statements to forward DHCP requests to a central DHCP server which is working great however it is causing problems with Microsoft browser elections in the remote sites.

Is there some way to control what gets forwarded by the ip helper-address command so it only forwards DHCP and not any Microsoft related NetBT broadcasts? Thanks in advance for any help that can be provided.

Riley

Edison Ortiz · ‎03-01-2008

Riley,

I guess the logic behind this command is that you have to disable the default udp ports which are enabled when configuring ip helper-address.

The default udp ports are listed in the link I provided, there aren't many.

I was able to duplicate what you are seeing in my lab.

HTH,

__

Edison.

View solution in original post

Richard Burts · ‎03-01-2008

Riley

Your command is not showing up because that port is enabled by default. And in IOS show run typically does not display default values.

And your issue is not so much that you need to forward DHCP as much as it is that you do not want to forward the Windows packets. I would suggest that you configure this:

no ip forward-protocol udp 137

no ip forward-protocol udp 138

Give that a try and let us know if it fixes your problem.

HTH

Rick

HTH

Rick

View solution in original post

Edison Ortiz · ‎03-01-2008

The command you are looking for is ip forward-protocol

http://www.cisco.com/en/US/docs/ios/12_4/ip_addr/command/reference/adr_i1h.html#wp1205299

HTH,

__

Edison.

rileymartin · ‎03-01-2008

Thanks for the information.

I read the article and if I understand it correctly, I leave the ip helper-address on the interface connecting to the subnet with the PCs and I add the global command: 'ip forward-protocol udp 67' to limit the forwarded protocols to just DHCP. I looked up the RFC 2131 and it says the client sends to port 67 and the server responds to port 68 so I would think that I only need to specify port 67. Is that right?

I added the following command in global configuration mode and it doesn't show up when I do a show run....

ip forward-protocol udp 67

I tried adding it again and then doing a show run but it's still not there????

Riley

Edison Ortiz · ‎03-01-2008

Riley,

I guess the logic behind this command is that you have to disable the default udp ports which are enabled when configuring ip helper-address.

The default udp ports are listed in the link I provided, there aren't many.

I was able to duplicate what you are seeing in my lab.

HTH,

__

Edison.

Richard Burts · ‎03-01-2008

Riley

Your command is not showing up because that port is enabled by default. And in IOS show run typically does not display default values.

And your issue is not so much that you need to forward DHCP as much as it is that you do not want to forward the Windows packets. I would suggest that you configure this:

no ip forward-protocol udp 137

no ip forward-protocol udp 138

Give that a try and let us know if it fixes your problem.

HTH

Rick

HTH

Rick

rileymartin · ‎03-01-2008

Ediortiz, Rburts,

Thanks for your help, it's fixed. I disabled all default ports except 67 to reduce the forwarded broadcast traffic.

no ip forward-protocol udp tftp

no ip forward-protocol udp nameserver

no ip forward-protocol udp domain

no ip forward-protocol udp time

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

no ip forward-protocol udp tacacs

Richard Burts · ‎03-02-2008

Riley

I am glad that you got it worked out. And you have effectively reduced the amount of broadcast traffic. Thank you for using the rating system to indicate that your issue was resolved (and thanks for the rating). It makes the forum more useful when people can read about an issue and can know that they will read what successfully resolved the issue.

The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick