IP Directed Broadcast configuration example

The following are sample topology diagrams for an IP Directed Broadcast configuration. Figure 1 shows when the egress interface is an ROP, while figure 2 shows the diagram when the egress interface is an SVI.

ROP: IP Directed Broadcast
ROP: IP Directed Broadcast
SVI: IP Directed Broadcast
SVI: IP Directed Broadcast

Intermediate routers forward IP Directed Broadcast packets as Unicast. The IP directed broadcast packet is broadcast or flood in the target subnet (DA MAC: All 0xFFs) only after the last hop router.

Host A in subnet 192.168.3.0/24 wants to inject a IP Directed Broadcast (192.168.1.255) packet into Target Subnet 192.168.1.0/24. Router R1 forwards the IP Datagram with DIP 192.168.1.255 as a regular Unicast Datagram. Router R2 then floods the IP Datagram over egress ROP or SVI with Destination MAC as all 0xFFs.

At Ingress, Port Based ACLs (PACL) and VLAN Based ACLs (VACL) can be used be used to restrict/allow IP Directed Broadcast traffic. Existing Port based ACLs (PACL) can be used to allow or disallow certain IP Directed Broadcast Traffic.

An ACL can be configured using the access-list ip <ACL-NAME> command and then applied using the apply access-list ip <ACL-NAME> command as shown in the following output. 

switch(config)# access-list ip ipdbacl

switch(config)# interface 1/1/1
switch(config-if)# apply access-list ipdbacl
  in   Inbound (ingress) traffic
  out  Outbound (egress) traffic

switch(config-if)# int lag 10
switch(config-lag-if)# apply access-list ipdbacl
  in   Inbound (ingress) traffic
  out  Outbound (egress) traffic

The following is an example of the show running-config command on an ROP interface. 

switch(config)# interface 1/1/1
    no shutdown
    ip address 192.168.1.1/24
    ip directed-broadcast

The following is an example of the show running-config command on an SVI interface. 

switch(config)# vlan 10
interface vlan10
    no shutdown
    ip address 192.168.1.1/24
    ip directed-broadcast

The following is an example of the show running-config command on an L3LAG interface. 

switch(config)# interface lag 3
    no shutdown
    ip address 192.168.1.1/24
    ip directed-broadcast
NOTE:

Note: Currently egress ACL is supported only on ROP and LAG interfaces, and not on an SVI interface.