Showing results for 
Search instead for 
Did you mean: 


UDP broadcast packet forwarding WAN to vlan with ISR4431

Hello all,


For an internal network, I need to be able to bring in UDP broadcast packets from one network into another network.

The network where the UDP broadcast packets originate is ip source: with a destination of; port 4002 on that network.


I am bringing this into an ISR4431 WAN port, from there, into a vlan.


The WAN port has an ip address of,


The vlan is setup as vlan 100 with an ip address of  There are multiple devices on the vlan in which a few of the devices need to access these packets.


The ip routing command has been turned on in the ISR4431.  However, I do not have a default ip route, as of this moment. 


My current understanding of UDP broadcast forwarding techniques is that the incoming interface GigabitEthernet0/0/0 needs to have the ip helper-address for the destination subnet,  Also, vlan 100 needs the ip directed-broadcast 104, with 104 being my access-list with port number 4002.


This does not seem to work.  Any ideas?  Any advice or recommendations are appreciated!


Here is my configuration:


ip routing


interface GigabitEthernet0/0/0

 ip address

 ip helper-address

 no shutdown


access-list 104 permit udp eq 4002 eq 4002


interface Vlan100

 ip address

 ip directed-broadcast 104

 no shutdown

Everyone's tags (2)
VIP Mentor

Re: UDP broadcast packet forwarding WAN to vlan with ISR4431



in any case, you need to globally configure:


ip forward-protocol udp


Then, on the WAN interface you need:


ip helper-address




ip directed-broadcast


Not sure what you need on the Vlan 100 interface, I think at the very least the ip directed-broadcast command as well...

VIP Advisor

Re: UDP broadcast packet forwarding WAN to vlan with ISR4431

For vlan 100 to reply to broadcast you'll need to enable that svi it to forward broadcast into its subnet, 
interface vlan 100
ip directed broadcast

Then as long as you have routing in place between the source and destination you should be able scan the vlan 100 subnet via its broadcast address and any host on that subnet should be able to reply.


kind regards

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Hall of Fame Master

Re: UDP broadcast packet forwarding WAN to vlan with ISR4431

There are several things in the verbal description of this post that confuse me. It describes the network that sources the broadcast packets as with destination of which certainly suggests a net mask of And it is not clear whether this network is on the same router or a different router from the network that is the destination. 


The post then describes an ISR with this address on its WAN, That certainly overlaps with the network address given as the original source.


The partial config given is more consistent and easier to understand. So my response will focus on that part of the post. One thing thing that we need to bear in mind is that by default IP broadcast packets are intended to be local (the source and the destination are in the same subnet). So by default routers do not forward broadcasts from one subnet to a different subnet. But sometimes we want the broadcast to be forwarded to a different subnet. And the ip helper-address command is used to enable this. ip helper-address identifies a remote network/subnet to which a broadcast will be forwarded. So ip helper-address is configured on the router interface where the broadcasts are originated. This config does this on Gig0/0/0. If the helper address specifies the destination address as a broadcast address then on the router interface where the destination is located it must configure ip directed-broadcast to enable the receipt and forwarding of a directed broadcast. This config does this on vlan 100.


Those parts of the config are correct. But it is not working because of one factor which must be addressed. By default helper-address forwards broadcasts for certain protocols but not for all protocols. And udp 4002 is not one of those protocols that is helpered by default. So the configuration must include the ip forward-protocol udp 4002 command. See this link for additional details





CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards