By default, IP directed broadcasts are dropped; they are not forwarded. Dropping IP-directed broadcasts makes routers less
susceptible to denial-of-service attacks.
You can enable forwarding of IP-directed broadcasts on an interface where the broadcast becomes a physical (MAC-layer) broadcast.
Only those protocols configured by using the ip forward-protocol global configuration command are forwarded.
You can specify an access list to control which broadcasts are forwarded. When an access list is specified, only those IP
packets permitted by the access list are eligible to be translated from directed broadcasts to physical broadcasts. For more
information on access lists, see the “Configuring ACLs" chapter in the Security Configuration Guide.
Note
|
The ip network-broadcast command must be configured at
the ingress interface before configuring the ip
directed-broadcast command at the egress interface. This
ensures that the IP-directed broadcasts work correctly and prevents an outage
from occurring after an upgrade.
|