From: asadovnikov (asadovnikov@comcast.net)
Date: Thu Jun 14 2007 - 03:11:31 ART
Piotr,
There is a need to configure "ip forward-protocol udp" command.
As Cisco documentation describes there are couple methods to get broadcast
packets beyond the segment:
- ip helper
- UDP flooding
but each of this methods describes how to forward broadcast frames. Hovewer
before any forwarding it needs to be enabled with "ip forward-protocol udp"
command.
The are couple additional points as it comes to configuration of actual
commands:
1. Deciding what protocols need to be forwarded
---------------------------------------------------------------------
The question asks for "TFTP, DNS, BOOTP and Time"
First two are very simple
tftp Trivial File Transfer Protocol (69)
domain Domain Name Service (DNS, 53)
"BOOTP" packets can be BOOTPS (client --> server) and BOOTPC (server
--> client), it is usually important to forward BOOTPS as normal adoption
would support client requesting
IP address via broadcast while return packet would not be broadcast.
Since the question is for UDP flooding which is not the usual implementation
I would lean toward saying that
forwarding both would be a good idea, although forwarding BOOTPS only
would also meet the requirement in my mind. So you would use one or both of
bootpc Bootstrap Protocol (BOOTP) client (68)
bootps Bootstrap Protocol (BOOTP) server (67)
"Time" can potentially be interpreted as "time (37)" or "ntp (123)".
Although NTP is widely used protocol and time is not really used much, the
reference in text of the task fits
with "time (37)" lot better then it does with ntp.
time Time (37)
So our final list is:
domain (53), bootpc (68), bootps (67), tftp (69), time (37)
2. IOS defaults
---------------------------------------------------------------------
IOS has a number of UDP port forwarded by default. Here is fragment
from documentation
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = =
If a helper address is specified and UDP forwarding is enabled,
broadcast packets destined to the following port numbers are forwarded by
default:
. Trivial File Transfer Protocol (TFTP) (port 69)
. Domain Naming System (port 53)
. Time service (port 37)
. NetBIOS Name Server (port 137)
. NetBIOS Datagram Server (port 138)
. Boot Protocol (BOOTP) client and server packets (ports 67 and
68)
. TACACS service (port 49)
. IEN-116 Name Service (port 42)
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = =
Adding default command will not be reflected in the configuration, only
"no" form of default command would:
R1(config)#ip forward-protocol udp domain
R1(config)#do show run | i forward-protocol
R1(config)#no ip forward-protocol udp domain
R1(config)#do show run | i forward-protocol
<< nothing shows here
no ip forward-protocol udp domain
R1(config)#
<< "no" form shows
As you compare the list of what we want to forward with the list of
defaults you can see that all of the protocols are on default list, hence it
seems that adding any additional
commands are not needed (as illustrated above the 'default' port
commands are already there).
There is an additional catch with it. Sometimes what documentation
says is default is actually not a default. It is a rare event, but for
forward-protocol commands it is like that.
I have performed quick test on the routers (12.3 and 12.4) and 3550s
(12.2.25SED) and it appears that BOOTPC is not a default on the routers and
both BOOTPS and BOOTPC
are not the default on the switch.
Best recommendation I can give for this is to paste the commands for
the list we have defined in the step 1 above onto actual equipment. This
way whatever is not default on
the IOS build you are working with will show up in the configurations.
I hope that the above explanation was helpful, please let me know if I did
not answer the question completely.
P.S. The DoIT answer key has clear description of the fact that you need
"ip forward-protocol udp" command, but not in as much details as above. I
will get it expanded as well as update configs on SHOWiT with the commands
which described above.
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Piotr Semenczuk
> Sent: Wednesday, June 13, 2007 12:38 PM
> To: ccielab@groupstudy.com
> Subject: UDP broadcast flooding - DOIT Lab8.16
>
> Hi Group!
>
> There is only one small question:
>
> Cisco doc says: "Regardless of whether you implement IP helper
> addressing or UDP flooding, you must use the ip forward-protocol udp
> global configuration command to enable the UDP forwarding. By default,
> the command enables forwarding the protocols: TFTP, DNS, NTP, NetBIOS
> Name Server, NetBIOS Datagram Server, BOOTP and TACACS. To enable
> forwarding for other ports, you must specify them as arguments to the
> ip forward-protocol udp command."
>
> ...and then: "The key commands for enabling UDP flooding are as follows:
>
> bridge group protocol protocol
> ip forward-protocol spanning tree
> bridge-group group input-type-list access-list-number"
>
> DOIT Lab 8.16 AK configs include only "ip forward-prot spann" command.
> There is no "ip forward-protocol udp" command on any router/switch
> config participating in the broadcast flooding domain.
>
> So do I have to configure the ip forward-protocol udp command, if
> there is a need to run UDP broadcast propagation using UDP Flooding
> feature and/or IP Helper Addressing?
>
> Best Regards
> peter_s
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:49 ART