This is a quick one. Enabling IP Directed broadcasts to allow a server to communicate on specific ports to a subnet. This was done out of necessity and more or less not something you want to do....
• Here is what was constructed for a backup service:
First you need to create an ACL that permits the ports from the server(s) that the the hosts will be backing up to:
access-list 109 remark ** Allow backup servers to send directed broadcasts limited to a single port
!
access-list 109 permit udp host 172.16.192.111 any eq [port #]
access-list 109 permit udp host 172.16.192.112 any eq [port #]
access-list 109 permit udp host 172.16.192.113 any eq [port #]
• Next you need to make a statement on the interface (in this case it's a cat 6500 and it's the primary interface in an HSRP setup) to allows the communication through to the subnet:
interface Vlan100
description Some LAN Segment
ip address 172.16.105.11 255.255.250.0
ip helper-address [DHCP Server #1]
ip helper-address [DHCP Server #1]
no ip redirects
ip directed-broadcast 109 <----- this references the ACL 109
ip pim sparse-mode
ip cgmp
no ip mroute-cache
standby 1 ip 172.16.105.1
standby 1 priority 150
standby 1 preempt
!
• Thats all you need to do to poke a hole in a subnet and allow directed broadcasts.
About Me
- David Walsh
- I've been working with computers and networking gear for longer than I can remember. I have worked for fruit companies, search engines and more recently with state and local governments.
From the desk of
No comments:
Post a Comment