ip directed-broadcast — interface
ip directed-broadcast [
access-list] no ip directed-broadcast
Enabled (disabled for IOS 12.0 and later)
By default, the router automatically translates directed broadcasts to physical broadcasts within your network. In other words, Layer 3 broadcasts to the IP broadcast address (10.10.1.255 for the subnet 10.10.1.0/24) are translated into Layer 2 broadcasts with an address appropriate for the interface (e.g.,
ff:ff:ff:ff:ff:ff for an Ethernet interface).
While this can be useful, an interface that is configured to the outside world could allow a potential hacker to flood your network by pinging the broadcast address on your interface. It is recommended that
directed-broadcast is disabled on your external interfaces to prevent this attack from occurring. Directed broadcast is also the primary mechanism used for the “smurf” attack. It is recommended that you disable directed broadcast on all your interfaces unless you have a very good reason to use it.
To disable directed broadcasts:
interface serial 0 no ip directed-broadcast