cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

136
Views
0
Helpful
3
Replies
Highlighted

UDP broadcast packet forwarding WAN to vlan with ISR4431

Hello all,

 

For an internal network, I need to be able to bring in UDP broadcast packets from one network into another network.

The network where the UDP broadcast packets originate is ip source: 172.16.1.1 with a destination of 172.16.255.255; port 4002 on that network.

 

I am bringing this into an ISR4431 WAN port, from there, into a vlan.

 

The WAN port has an ip address of 172.16.1.26, 255.255.255.0.

 

The vlan is setup as vlan 100 with an ip address of 10.1.1.190.  There are multiple devices on the vlan in which a few of the devices need to access these packets.

 

The ip routing command has been turned on in the ISR4431.  However, I do not have a default ip route, as of this moment. 

 

My current understanding of UDP broadcast forwarding techniques is that the incoming interface GigabitEthernet0/0/0 needs to have the ip helper-address for the destination subnet, 10.1.1.255.  Also, vlan 100 needs the ip directed-broadcast 104, with 104 being my access-list with port number 4002.

 

This does not seem to work.  Any ideas?  Any advice or recommendations are appreciated!

 

Here is my configuration:

 

ip routing

 

interface GigabitEthernet0/0/0

 ip address 172.16.1.26 255.255.255.0

 ip helper-address 10.1.1.255

 no shutdown

 

access-list 104 permit udp 172.16.0.0 0.0.255.255 eq 4002 10.1.1.0 0.0.0.255 eq 4002

 

interface Vlan100

 ip address 10.1.1.190 255.255.255.0

 ip directed-broadcast 104

 no shutdown

Everyone's tags (2)
3 REPLIES 3
VIP Mentor

Re: UDP broadcast packet forwarding WAN to vlan with ISR4431

Hello,

 

in any case, you need to globally configure:

 

ip forward-protocol udp

 

Then, on the WAN interface you need:

 

ip helper-address 172.16.255.255

 

and

 

ip directed-broadcast

 

Not sure what you need on the Vlan 100 interface, I think at the very least the ip directed-broadcast command as well...

VIP Advisor

Re: UDP broadcast packet forwarding WAN to vlan with ISR4431

Hello
For vlan 100 to reply to broadcast you'll need to enable that svi it to forward broadcast into its subnet, 
interface vlan 100
ip directed broadcast

Then as long as you have routing in place between the source and destination you should be able scan the vlan 100 subnet via its broadcast address and any host on that subnet should be able to reply.

example:
ping 10.1.1.190.255



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Hall of Fame Master

Re: UDP broadcast packet forwarding WAN to vlan with ISR4431

There are several things in the verbal description of this post that confuse me. It describes the network that sources the broadcast packets as 172.16.1.1 with destination of 172.16.255.255 which certainly suggests a net mask of 255.255.0.0. And it is not clear whether this network is on the same router or a different router from the network that is the destination. 

 

The post then describes an ISR with this address on its WAN 172.16.1.26, 255.255.255.0. That certainly overlaps with the network address given as the original source.

 

The partial config given is more consistent and easier to understand. So my response will focus on that part of the post. One thing thing that we need to bear in mind is that by default IP broadcast packets are intended to be local (the source and the destination are in the same subnet). So by default routers do not forward broadcasts from one subnet to a different subnet. But sometimes we want the broadcast to be forwarded to a different subnet. And the ip helper-address command is used to enable this. ip helper-address identifies a remote network/subnet to which a broadcast will be forwarded. So ip helper-address is configured on the router interface where the broadcasts are originated. This config does this on Gig0/0/0. If the helper address specifies the destination address as a broadcast address then on the router interface where the destination is located it must configure ip directed-broadcast to enable the receipt and forwarding of a directed broadcast. This config does this on vlan 100.

 

Those parts of the config are correct. But it is not working because of one factor which must be addressed. By default helper-address forwards broadcasts for certain protocols but not for all protocols. And udp 4002 is not one of those protocols that is helpered by default. So the configuration must include the ip forward-protocol udp 4002 command. See this link for additional details

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/command/iap-cr-book/iap-i1.html#wp1776761080

 

HTH

 

Rick

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards