ip forward-broadcast

Use ip forward-broadcast to enable an interface to receive and forward directed broadcast packets destined for the directly connected network.

Use undo ip forward-broadcast to disable an interface from receiving and forwarding directed broadcast packets destined for the directly connected network.

Syntax

ip forward-broadcast

undo ip forward-broadcast

Default

An interface cannot receive or forward directed broadcasts destined for the directly connected network.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.

If an interface is allowed to forward directed broadcasts destined for the directly connected network, hackers can exploit this vulnerability to attack the target network. In some scenarios, however, an interface must receive and send such directed broadcast packets to support UDP helper.

This command enables an interface to accept directed broadcast packets that are destined for and received from the directly connected network to support UDP helper. UDP helper converts the directed broadcasts to unicasts and forwards them to a specific server.

The command also enables the interface to forward directed broadcast packets that are destined for the directly connected network and are received from another subnet to support Wake on LAN. Wake on LAN sends the directed broadcasts to wake up the hosts on the target network.

Examples

# Enable VLAN-interface 2 to receive and forward directed broadcast packets destined for the directly connected network.

<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ip forward-broadcast