Name
ip directed-broadcast — interface
Synopsis
ip directed-broadcast [access-list]
no ip directed-broadcastConfigures
Broadcast forwarding
Default
Enabled (disabled for IOS 12.0 and later)
Description
By default, the router automatically translates directed broadcasts
to physical broadcasts within your network. In other words, Layer 3
broadcasts to the IP broadcast address (10.10.1.255 for the subnet
10.10.1.0/24) are translated into Layer 2 broadcasts with an address
appropriate for the interface (e.g.,
ff:ff:ff:ff:ff:ff for an Ethernet interface).
While this can be useful, an interface that is configured to the
outside world could allow a potential hacker to flood your network by
pinging the broadcast address on your interface. It is recommended
that directed-broadcast is disabled on your
external interfaces to prevent this attack from occurring. Directed
broadcast is also the primary mechanism used for the
“smurf” attack. It is recommended that you disable
directed broadcast on all your interfaces unless you have a very good
reason to use it.
Example
To disable directed broadcasts:
interface serial 0
no ip directed-broadcastBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access