Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1848
Views
14
Helpful
8
Replies

Is it possible to play multiplayer games across different Vlans?

Go to solution
Abdullah Net
Level 1
Level 1

‎08-13-2013 02:47 AM - edited ‎03-07-2019 02:53 PM

Hello there,

Before i got into cisco world, i used to play a game called "Zero hour" with my brother using normal linksys router while we are in different rooms and it worked fine for a couple of years.

Now everything in my house runs with cisco equipments. I have 3560G as my main switch and i put my brother into VLAN 20 and myself into VLAN 40. I applied some ACLs to separate traffic from VLAN 20 and 40 as a security measure. We both can access the internet just fine.

According to some researches i did, "Zero hour" uses udp broadcast on port 8086 for detecting other LAN multiplayers and i know that the idea of vlans is to separate and kill boardcasts. So, is is possible to play the game with my brother without having to remove the ACLs and without enabling "ip routing" between vlans?

Simplified Configuration Sample

-----------------------------------------------

!

hostname SW-3560G-POE

!

interface FastEthernet0/5

description Jason (my brother)

power inline never

switchport access vlan 20

switchport mode access

spanning-tree portfast

!

interface FastEthernet0/12

description ME

power inline never

switchport access vlan 40

switchport mode access

spanning-tree portfast

!

interface Vlan20

ip address 192.168.20.1 255.255.255.0

ip access-group 120 in

!

interface Vlan40

ip address 192.168.40.1 255.255.255.0

ip access-group 140 in

!

access-list 120 permit ip 192.168.20.0 0.0.0.255 192.168.20.0 0.0.0.255

access-list 120 deny ip 192.168.20.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 120 permit ip any any

!

access-list 140 permit ip 192.168.40.0 0.0.0.255 192.168.40.0 0.0.0.255

access-list 140 deny ip 192.168.40.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 140 permit ip any any

!

Your help is appreciated

Thanks in advance

Abdul,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎08-13-2013 03:03 AM

Hi,

you could try using ip helper-address:

on your vlan interfaces: ip helper-address x.x.x.x  where x.x.x.x is the other  IP address in the other VLAN.

in global config:

ip forward-protocol udp 8086

You'll have to modify the ACLs accordingly to  permit this unicast traffic between the VLANs

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎08-13-2013 03:03 AM

Hi,

you could try using ip helper-address:

on your vlan interfaces: ip helper-address x.x.x.x  where x.x.x.x is the other  IP address in the other VLAN.

in global config:

ip forward-protocol udp 8086

You'll have to modify the ACLs accordingly to  permit this unicast traffic between the VLANs

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Abdullah Net
Level 1
Level 1
In response to cadet alain

‎08-13-2013 03:07 AM

Alain,

"You'll have to modify the ACLs accordingly to  permit this unicast traffic between the VLANs"

Care to mention an example of such modification?

Abdul,

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Abdullah Net

‎08-13-2013 03:48 AM

Hi Abdul,

of course:

ip access-list extended 120

10 permit udp 192.168.20.0 0.0.0.255 192.168.40.0 0.0.0.255 eq 8086

ip access-list extended 140

10 permit udp 192.168.40.0 0.0.0.255 192.168.20.0 0.0.0.255 eq 8086

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Go to solution
Abdullah Net
Level 1
Level 1
In response to cadet alain

‎08-13-2013 09:57 PM

Alain,

It worked

Thanks,

0 Helpful

Go to solution
Abdullah Net
Level 1
Level 1
In response to cadet alain

‎08-14-2013 11:02 PM

Alain,

Do i also need to add "ip directed-broadcast" to my vlan interfaces?

I don't really understand what does this command actually do.

Abdul,

0 Helpful

Go to solution
devils_advocate
Level 7
Level 7
In response to Abdullah Net

‎08-15-2013 01:32 AM

The command allows directed broadcasts, i.e broadcasts directed at the Subnet Broadcast address of that SVI.

If its working fine  then I would not add the command above.

As its your home network there is little risk but in a production network you would not enable directed broadcast without careful planning and safeguards such as ACL's.

Cheers

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Abdullah Net

‎08-15-2013 02:44 AM

Hi,

You would need this command if you were specifying the broadcast address in your ip helper-address command but I rather suggested using the unicast address of the other player on the other VLANso you don't need this.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Go to solution
Abdullah Net
Level 1
Level 1
In response to cadet alain

‎08-15-2013 02:49 AM

Alain,

This is exactly what i am going to try out.

Thanks for confirming my point.

Abdul,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card