Re: IP directed-broadcast

From: Darrell Burnett (dburnett@click1.net)
Date: Wed Nov 12 2003 - 12:05:26 GMT-3

• Next message: Tony Schaffran: "RE: VOIP num-exp or translate ?"
• Previous message: George Kadeishvili: "workbook"
• Maybe in reply to: Varghese Thomas: "IP directed-broadcast"
• Next in thread: Varghese Thomas: "Re: IP directed-broadcast"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thomas,

1. When you ping are you pinging from 172.16.1.0?
2. What do your collision domains/broadcast domains look like?
        Are all interfaces plugged into the same hub/switch?
        If all interfaces are plugged into the same switch, are the respected
interfaces segregated into VLANs?
3. When you want directed-broadcasts contained, it is usually a good idea to
also issue "no ip redirects" (if all of your interfaces are in the same
collision domain this could be the issue for the 12.2.15T5 code), and also
issue the command "no ip proxy-arp". Resolve all host based forwarding issues
by assigning default gateways at the host, or use "ip helper-address"
command.
4. Chances are your 12.2.8T5(IP/FW/IDS PLUS IPSEC 3DES) code is also disabling
ip redirects by default.

Darrell
  ----- Original Message -----
  From: Varghese Thomas
  To: ccielab@groupstudy.com
  Sent: Tuesday, November 11, 2003 12:56 PM
  Subject: IP directed-broadcast

  Hello

  I have following setup with all interfaces disabled for ip direct-broadcast
  and routers are running 12.2.15T5

  --e0(172.16.1.0/24)-Router1-e1--(172.16.12.0/24)--
  e0-Router2---e1(172.16.2.0/24).

  When I ping from Router1 to either 172.16.2.0 or 172.16.2.255, Router2
  responds and vice-versa; when Router2 pings eihter 172.16.1.0 or
172.16.1.255,
  Router1 responds.

  I was told the following - If the destination network is directly attached
and
  ip forward directed-broadcasts is disabled then the router replies on
behalf
  of the subnet but does not forward the broadcast out onto the subnet.

  However I have another router running 12.2.8T5(IP/FW/IDS PLUS IPSEC 3DES)
  which does not respond to such broad-cast addresses.

  Which is normal behaviour? If it is not normal that router should respond
to
  such ping request, how can I block it without using specific ACLs?

  Thanks in advnace.

  Tx n RD

  _______________________________________________________________________
  Please help support GroupStudy by purchasing your study materials from:
  http://shop.groupstudy.com

  Subscription information may be found at:
  http://www.groupstudy.com/list/CCIELab.html

• Next message: Tony Schaffran: "RE: VOIP num-exp or translate ?"
• Previous message: George Kadeishvili: "workbook"
• Maybe in reply to: Varghese Thomas: "IP directed-broadcast"
• Next in thread: Varghese Thomas: "Re: IP directed-broadcast"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:11 GMT-3