ip forward-broadcast
Use ip forward-broadcast to enable an interface to forward directed broadcast packets destined for the directly connected network.
Use undo ip forward-broadcast to disable an interface from forwarding directed broadcast packets destined for the directly connected network.
Syntax
ip forward-broadcast [ acl acl-number ]
undo ip forward-broadcast
Default
An interface cannot forward directed broadcasts destined for the directly connected network.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
acl acl-number: Specifies an ACL by its number. The interface forwards only the directed broadcasts permitted by the ACL. The value range for basic ACLs is 2000 to 2999. The value range for advanced ACLs is 3000 to 3999.
Usage guidelines
A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.
If an interface is allowed to forward directed broadcasts destined for the directly connected network, hackers can exploit this vulnerability to attack the target network. In some scenarios, however, an interface must send such directed broadcast packets to support UDP helper and Wake on LAN.
The command enables the interface to forward directed broadcast packets that are destined for the directly connected network and are received from another subnet to support Wake on LAN. Wake on LAN sends the directed broadcasts to wake up the hosts on the target network.
Examples
# Enable VLAN-interface 2 to forward directed broadcast packets destined for the directly connected network.
<Sysname> system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] ip forward-broadcast