10-10-2019 10:20 AM
Hello all,
For an internal network, I need to be able to bring in UDP broadcast packets from one network into another network.
The network where the UDP broadcast packets originate is ip source: 172.16.1.1 with a destination of 172.16.255.255; port 4002 on that network.
I am bringing this into an ISR4431 WAN port, from there, into a vlan.
The WAN port has an ip address of 172.16.1.26, 255.255.255.0.
The vlan is setup as vlan 100 with an ip address of 10.1.1.190. There are multiple devices on the vlan in which a few of the devices need to access these packets.
The ip routing command has been turned on in the ISR4431. However, I do not have a default ip route, as of this moment.
My current understanding of UDP broadcast forwarding techniques is that the incoming interface GigabitEthernet0/0/0 needs to have the ip helper-address for the destination subnet, 10.1.1.255. Also, vlan 100 needs the ip directed-broadcast 104, with 104 being my access-list with port number 4002.
This does not seem to work. Any ideas? Any advice or recommendations are appreciated!
Here is my configuration:
ip routing
interface GigabitEthernet0/0/0
ip address 172.16.1.26 255.255.255.0
ip helper-address 10.1.1.255
no shutdown
access-list 104 permit udp 172.16.0.0 0.0.255.255 eq 4002 10.1.1.0 0.0.0.255 eq 4002
interface Vlan100
ip address 10.1.1.190 255.255.255.0
ip directed-broadcast 104
no shutdown
10-10-2019 11:29 AM
Hello,
in any case, you need to globally configure:
ip forward-protocol udp
Then, on the WAN interface you need:
ip helper-address 172.16.255.255
and
ip directed-broadcast
Not sure what you need on the Vlan 100 interface, I think at the very least the ip directed-broadcast command as well...
10-10-2019 06:18 PM - edited 10-10-2019 06:20 PM
Hello
For vlan 100 to reply to broadcast you'll need to enable that svi it to forward broadcast into its subnet,
interface vlan 100
ip directed broadcast
Then as long as you have routing in place between the source and destination you should be able scan the vlan 100 subnet via its broadcast address and any host on that subnet should be able to reply.
example:
ping 10.1.1.190.255
10-12-2019 11:49 AM
There are several things in the verbal description of this post that confuse me. It describes the network that sources the broadcast packets as 172.16.1.1 with destination of 172.16.255.255 which certainly suggests a net mask of 255.255.0.0. And it is not clear whether this network is on the same router or a different router from the network that is the destination.
The post then describes an ISR with this address on its WAN 172.16.1.26, 255.255.255.0. That certainly overlaps with the network address given as the original source.
The partial config given is more consistent and easier to understand. So my response will focus on that part of the post. One thing thing that we need to bear in mind is that by default IP broadcast packets are intended to be local (the source and the destination are in the same subnet). So by default routers do not forward broadcasts from one subnet to a different subnet. But sometimes we want the broadcast to be forwarded to a different subnet. And the ip helper-address command is used to enable this. ip helper-address identifies a remote network/subnet to which a broadcast will be forwarded. So ip helper-address is configured on the router interface where the broadcasts are originated. This config does this on Gig0/0/0. If the helper address specifies the destination address as a broadcast address then on the router interface where the destination is located it must configure ip directed-broadcast to enable the receipt and forwarding of a directed broadcast. This config does this on vlan 100.
Those parts of the config are correct. But it is not working because of one factor which must be addressed. By default helper-address forwards broadcasts for certain protocols but not for all protocols. And udp 4002 is not one of those protocols that is helpered by default. So the configuration must include the ip forward-protocol udp 4002 command. See this link for additional details
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/command/iap-cr-book/iap-i1.html#wp1776761080
HTH
Rick
10-16-2019 09:02 AM
I am still not seeing my UDP broadcasts, IP src: 172.16.1.1, IP dst: 172.16.255.255, port 4002 on vlan 100.
Also, the device 172.16.1.1 does not have any gateway capability, meaning I cannot give it a gateway address. A computer on the 172.16.1.x network with a gateway of the vlan 100 IP address (10.1.1.190) does ping in both directions (i.e. 172.16.1.x subnet to the vlan 100 and vlan 100 to the 172.16.1.x subnet).
I do so see broadcasts on the GigabitEthernet0/0/0 interface when in run the "show interface GigabitEthernet0/0/0" command in the console. I do not see any broadcasts when I run the "show interface vlan 100" command for vlan 100 on the console.
Here is my current configuration:
interface GigabitEthernet0/0/0
ip address 172.16.1.26 255.255.255.0
ip helper-address 172.16.255.255
ip directed-broadcast
negotiation auto
no shutdown
interface Vlan100
ip address 10.1.1.190 255.255.255.0
ip directed-broadcast
ip forward-protocol udp 4002
Any and all responses are appreciated!
10-18-2019 10:44 AM
There are some things in your post that I still do not understand.
- If the original packet has destination address of 172.16.255.255 then why is the helper-address also pointing to 172.16.255.255?
- If the helper address points to 172.16.255.255 is there an entry in the routing table for that subnet? Where do you expect the broadcast to be forwarded?
- You say that you still do not see the broadcasts packets. Where are you looking for them?
- What role does vlan 100 play in this? I do not see anything that relates vlan 100 with the broadcast packets.
- If you want broadcast packets forwarded to vlan 100 then you need a helper address that points to that subnet.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide