Re: broadcast forwarding

From: Hansang Bae (hbae@xxxxxxxxxx)
Date: Wed May 29 2002 - 21:36:05 GMT-3

• Next message: Zamfir, Mihail: "RE: CCIE lab attempt today"
• Previous message: Nick Shah: "Re: How to get back to PC telnet session"
• Maybe in reply to: Ty Bindrup: "broadcast forwarding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
At 03:33 PM 5/29/2002 -0600, Ty Bindrup wrote:
>[SNIP: Allow bootp to work for everyone. Want to limit the number of PCs that
 can connect to a server using broadcast packets]
>How do I controll which broadcasts may reach the app server and still
>allow DHCP relay to work? I'm familiar with using the "ip
>helper-address" in conjuction with the "ip forward-protocol" statement".
> However, I don't see how I can be more granular with broadcast
>control.

You need to use policy-based routing. Create an ACL that hits the server's IP
and UDP/TCP port and one that matches the users you want to permit.

Create a route-map that matches the above users and set the next hop to the pro
per interface. Then the rest of the users will fall into a catch all route-map
 which sets the next-hop interface to NULL0.

Older IOSes will not allow you to set the next-hop to NUL0. In that case, set
the next hop to go to a loopback. The loopback will have an ACL that denies ev
erything (affectively blackholing) every one.

hsb

• Next message: Zamfir, Mihail: "RE: CCIE lab attempt today"
• Previous message: Nick Shah: "Re: How to get back to PC telnet session"
• Maybe in reply to: Ty Bindrup: "broadcast forwarding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:11 GMT-3