O'Reilly logo

Cisco IOS in a Nutshell, 2nd Edition by James Boney

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Name

ip directed-broadcast — interface

Synopsis

ip directed-broadcast [access-list]
no ip directed-broadcast

Configures

Broadcast forwarding

Default

Enabled (disabled for IOS 12.0 and later)

Description

By default, the router automatically translates directed broadcasts to physical broadcasts within your network. In other words, Layer 3 broadcasts to the IP broadcast address (10.10.1.255 for the subnet 10.10.1.0/24) are translated into Layer 2 broadcasts with an address appropriate for the interface (e.g., ff:ff:ff:ff:ff:ff for an Ethernet interface).

While this can be useful, an interface that is configured to the outside world could allow a potential hacker to flood your network by pinging the broadcast address on your interface. It is recommended that directed-broadcast is disabled on your external interfaces to prevent this attack from occurring. Directed broadcast is also the primary mechanism used for the “smurf” attack. It is recommended that you disable directed broadcast on all your interfaces unless you have a very good reason to use it.

Example

To disable directed broadcasts:

interface serial 0
     no ip directed-broadcast

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required