Forwarding UDP Broadcast on Cisco Routers

Rashmi Bhardwaj | Blog,Config & Troubleshoot,Protocol,Routing & Switching
Google ADs

Forwarding UDP Broadcast

In customer LAN environment multiple VLANs are configured across functions to provide better performance and stronger control. Having multiple VLANs also limits the broadcast traffic from one VLAN to traverse to other. However, some services and applications may require Broadcast traffic to traverse across VLANs like for eg DHCP Client sending DHCP Discover message to find the DHCP Server or for example clients using broadcasts to locate TFTP Server. Also that in a complex hierarchical network, clients might not reside on the same subnet as key servers.

FORWARDING UDP BROADCAST

Usually Cisco Layer 3 devices are configured to convert broadcast traffic into unicast while traversing across VLAN boundaries

To let a Router or Layer 3 device forward broadcast packet the command ip helper-address can be used. The broadcasts will be forwarded to the unicast address which is specified with the ip helper command.

Google ADs

Scenario Example

Below is an example scenario where ip helper-address will be leveraged to convert Broadcast traffic from one Vlan into Uncast traffic and send to other Vlan where destination Server resides –

ROUTER1(config-if)#ip helper-address 192.168.1.10
By default, the IP Helper address command forwards 8 UDP services/ports as below –

  • Time (Port number 37)
  • DNS on (Port number 53)
  • TACACS (Port number 49)
  • BOOTP DHCP Client (Port number 68)
  • BOOTP DHCP Server (Port number 67)
  • NetBIOS Name (Port number 137)
  • TFTP (Port number 69)
  • NetBIOS Datagram service (Port number 138)

We can prevent the router from forwarding traffic by using the ip forward-protocol to block any or all UDP ports:

ROUTER1(config)#no ip forward-protocol udp 37
ROUTER1(config)#no ip forward-protocol udp 49
ROUTER1(config)#no ip forward-protocol udp 137
ROUTER1(config)#no ip forward-protocol udp 138
Another way to forward specific UDP port traffic across Router/Layer 3 can be done via “ip forward-protocol udp [port number]” command. Below is an example where UDP service needs to be located on port 139, you can use the following command:
ROUTER1(config)#ip forward-protocol udp 139

ABOUT THE AUTHOR


Leave a Comment

Your email address will not be published. Required fields are marked *

Shopping Cart