For an internal network, I need to be able to bring in UDP broadcast packets from one network into another network.
The network where the UDP broadcast packets originate is ip source: 172.16.1.1 with a destination of 172.16.255.255; port 4002 on that network.
I am bringing this into an ISR4431 WAN port, from there, into a vlan.
The WAN port has an ip address of 172.16.1.26, 255.255.255.0.
The vlan is setup as vlan 100 with an ip address of 10.1.1.190. There are multiple devices on the vlan in which a few of the devices need to access these packets.
The ip routing command has been turned on in the ISR4431. However, I do not have a default ip route, as of this moment.
My current understanding of UDP broadcast forwarding techniques is that the incoming interface GigabitEthernet0/0/0 needs to have the ip helper-address for the destination subnet, 10.1.1.255. Also, vlan 100 needs the ip directed-broadcast 104, with 104 being my access-list with port number 4002.
This does not seem to work. Any ideas? Any advice or recommendations are appreciated!
Here is my configuration:
ip address 172.16.1.26 255.255.255.0
ip helper-address 10.1.1.255
access-list 104 permit udp 172.16.0.0 0.0.255.255 eq 4002 10.1.1.0 0.0.0.255 eq 4002
ip address 10.1.1.190 255.255.255.0
ip directed-broadcast 104
in any case, you need to globally configure:
ip forward-protocol udp
Then, on the WAN interface you need:
ip helper-address 172.16.255.255
Not sure what you need on the Vlan 100 interface, I think at the very least the ip directed-broadcast command as well...
For vlan 100 to reply to broadcast you'll need to enable that svi it to forward broadcast into its subnet,
interface vlan 100
ip directed broadcast
Then as long as you have routing in place between the source and destination you should be able scan the vlan 100 subnet via its broadcast address and any host on that subnet should be able to reply.
There are several things in the verbal description of this post that confuse me. It describes the network that sources the broadcast packets as 172.16.1.1 with destination of 172.16.255.255 which certainly suggests a net mask of 255.255.0.0. And it is not clear whether this network is on the same router or a different router from the network that is the destination.
The post then describes an ISR with this address on its WAN 172.16.1.26, 255.255.255.0. That certainly overlaps with the network address given as the original source.
The partial config given is more consistent and easier to understand. So my response will focus on that part of the post. One thing thing that we need to bear in mind is that by default IP broadcast packets are intended to be local (the source and the destination are in the same subnet). So by default routers do not forward broadcasts from one subnet to a different subnet. But sometimes we want the broadcast to be forwarded to a different subnet. And the ip helper-address command is used to enable this. ip helper-address identifies a remote network/subnet to which a broadcast will be forwarded. So ip helper-address is configured on the router interface where the broadcasts are originated. This config does this on Gig0/0/0. If the helper address specifies the destination address as a broadcast address then on the router interface where the destination is located it must configure ip directed-broadcast to enable the receipt and forwarding of a directed broadcast. This config does this on vlan 100.
Those parts of the config are correct. But it is not working because of one factor which must be addressed. By default helper-address forwards broadcasts for certain protocols but not for all protocols. And udp 4002 is not one of those protocols that is helpered by default. So the configuration must include the ip forward-protocol udp 4002 command. See this link for additional details