Showing results for 
Search instead for 
Did you mean: 

UDP broadcast packet forwarding WAN to vlan with ISR4431

Hello all,


For an internal network, I need to be able to bring in UDP broadcast packets from one network into another network.

The network where the UDP broadcast packets originate is ip source: with a destination of; port 4002 on that network.


I am bringing this into an ISR4431 WAN port, from there, into a vlan.


The WAN port has an ip address of,


The vlan is setup as vlan 100 with an ip address of  There are multiple devices on the vlan in which a few of the devices need to access these packets.


The ip routing command has been turned on in the ISR4431.  However, I do not have a default ip route, as of this moment. 


My current understanding of UDP broadcast forwarding techniques is that the incoming interface GigabitEthernet0/0/0 needs to have the ip helper-address for the destination subnet,  Also, vlan 100 needs the ip directed-broadcast 104, with 104 being my access-list with port number 4002.


This does not seem to work.  Any ideas?  Any advice or recommendations are appreciated!


Here is my configuration:


ip routing


interface GigabitEthernet0/0/0

 ip address

 ip helper-address

 no shutdown


access-list 104 permit udp eq 4002 eq 4002


interface Vlan100

 ip address

 ip directed-broadcast 104

 no shutdown

Georg Pauwen
VIP Master



in any case, you need to globally configure:


ip forward-protocol udp


Then, on the WAN interface you need:


ip helper-address




ip directed-broadcast


Not sure what you need on the Vlan 100 interface, I think at the very least the ip directed-broadcast command as well...

paul driver
VIP Expert

For vlan 100 to reply to broadcast you'll need to enable that svi it to forward broadcast into its subnet, 
interface vlan 100
ip directed broadcast

Then as long as you have routing in place between the source and destination you should be able scan the vlan 100 subnet via its broadcast address and any host on that subnet should be able to reply.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Richard Burts
Hall of Fame Guru

There are several things in the verbal description of this post that confuse me. It describes the network that sources the broadcast packets as with destination of which certainly suggests a net mask of And it is not clear whether this network is on the same router or a different router from the network that is the destination. 


The post then describes an ISR with this address on its WAN, That certainly overlaps with the network address given as the original source.


The partial config given is more consistent and easier to understand. So my response will focus on that part of the post. One thing thing that we need to bear in mind is that by default IP broadcast packets are intended to be local (the source and the destination are in the same subnet). So by default routers do not forward broadcasts from one subnet to a different subnet. But sometimes we want the broadcast to be forwarded to a different subnet. And the ip helper-address command is used to enable this. ip helper-address identifies a remote network/subnet to which a broadcast will be forwarded. So ip helper-address is configured on the router interface where the broadcasts are originated. This config does this on Gig0/0/0. If the helper address specifies the destination address as a broadcast address then on the router interface where the destination is located it must configure ip directed-broadcast to enable the receipt and forwarding of a directed broadcast. This config does this on vlan 100.


Those parts of the config are correct. But it is not working because of one factor which must be addressed. By default helper-address forwards broadcasts for certain protocols but not for all protocols. And udp 4002 is not one of those protocols that is helpered by default. So the configuration must include the ip forward-protocol udp 4002 command. See this link for additional details








I am still not seeing my UDP broadcasts, IP src:, IP dst:, port 4002 on vlan 100.  


Also, the device does not have any gateway capability, meaning I cannot give it a gateway address.  A computer on the 172.16.1.x network with a gateway of the vlan 100 IP address ( does ping in both directions (i.e. 172.16.1.x subnet to the vlan 100 and vlan 100 to the 172.16.1.x subnet).


I do so see broadcasts on the GigabitEthernet0/0/0 interface when in run the "show interface GigabitEthernet0/0/0" command in the console.  I do not see any broadcasts when I run the "show interface vlan 100" command for vlan 100 on the console.


Here is my current configuration:


interface GigabitEthernet0/0/0
ip address
ip helper-address
ip directed-broadcast 
negotiation auto
no shutdown


interface Vlan100
ip address
ip directed-broadcast 


ip forward-protocol udp 4002


Any and all responses are appreciated!

There are some things in your post that I still do not understand.

- If the original packet has destination address of then why is the helper-address also pointing to

- If the helper address points to is there an entry in the routing table for that subnet? Where do you expect the broadcast to be forwarded?

- You say that you still do not see the broadcasts packets. Where are you looking for them?

- What role does vlan 100 play in this? I do not see anything that relates vlan 100 with the broadcast packets.

- If you want broadcast packets forwarded to vlan 100 then you need a helper address that points to that subnet.