Feedback
ip accounting through ip sctp authenticate
ip directed-broadcast
To enable the translation of a directed broadcast to physical broadcasts, use the ip directed-broadcast interface configuration command. To disable this function, use the no form of this command.
ip directed-broadcast [ access-list-number | extended access-list-number ]
no ip directed-broadcast [ access-list-number | extended access-list-number ]
Command History
Release
Modification
10.0
This command was introduced.
12.0
The default behavior changed to directed broadcasts being dropped.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Cisco IOS XE 3.3SE
This command was implemented in Cisco IOS XE Release 3.3SE.
Usage Guidelines
An IP directed broadcast is an IP packet whose destination address is a valid broadcast address for some IP subnet, but which originates from a node that is not itself part of that destination subnet.
A router that is not directly connected to its destination subnet forwards an IP directed broadcast in the same way it would forward unicast IP packets destined to a host on that subnet. When a directed broadcast packet reaches a router that is directly connected to its destination subnet, that packet is “exploded” as a broadcast on the destination subnet. The destination address in the IP header of the packet is rewritten to the configured IP broadcast address for the subnet, and the packet is sent as a link-layer broadcast.
The ip directed-broadcast command controls the explosion of directed broadcasts when they reach their target subnets. The command affects only the final transmission of the directed broadcast on its ultimate destination subnet. It does not affect the transit unicast routing of IP directed broadcasts.
If directed broadcast is enabled for an interface, incoming IP packets whose addresses identify them as directed broadcasts intended for the subnet to which that interface is attached will be exploded as broadcasts on that subnet. If an access list has been configured with the ip directed-broadcast command, only directed broadcasts that are permitted by the access list in question will be forwarded; all other directed broadcasts destined for the interface subnet will be dropped.
If the no ip directed-broadcast command has been configured for an interface, directed broadcasts destined for the subnet to which that interface is attached will be dropped, rather than being broadcast.
Note
Because directed broadcasts, and particularly Internet Control Message Protocol (ICMP) directed broadcasts, have been abused by malicious persons, we recommend that security-conscious users disable the ip directed-broadcast command on any interface where directed broadcasts are not needed and that they use access lists to limit the number of exploded packets.
