Wired Intelligent Edge (Campus Switching and Routing)

Reply
Contributor I

ip forward-broadcast ACL

Hello,

 

I have a HPE 5510 switch which is comware 7 based.

I need “ip forward-broadcast”. So this isn’t hard to configure but in comware 5 it was possible to add an ACL to the “ip forward-broadcast”.

 

Acl 3001

rule 10 permit udp source 192.168.200.0 0.0.0.255 destination 10.0.0.255 0 destination-port eq 9

 

Comware 5: ip forward-broadcast acl 3001

Comware 7: ip forward-broadcast

 

So to have less broadcast forwarded how to add a acl to the “ip forward-broadcast”

----------------------------------------------------------------------------------------
Aruba ACCX #749, ACDX #793, ACMP, ACEAP | HPE Master AS

contact: thierry.lubbers@axez.nl
New Contributor

Re: ip forward-broadcast ACL

Had the exact same question this morning:
You can just apply an acl to the interface with 'packet-filter 3001 outbound' (or inbound, depending of your network config).

 

Your ACL may be:

 

Acl 3001
  rule 10 permit udp source 192.168.200.0 0.0.0.255 destination 10.0.0.255 0 destination-port eq 9
  rule 15 deny ip destination 10.0.0.255 0
rule 20 permit ip

Hope this can help someone avoiding loosing time…

New Contributor

Re: ip forward-broadcast ACL

 

I am having the same problem. about packet-filter solution, doesn't it block all unicast and multicast traffic too along with broadcast?

 

New Contributor

Re: ip forward-broadcast ACL

The rules I gave should let directed-broadcast work if coming from 192.168.200.0/24 and to udp port 9 (wake-on-lan), blocking all other directed-broadcast from outside of the LAN (but not multicast, which is 224/4 if my memory doesn't fail here)

 

This is true with "packet-filter filter route" on the interface you apply acl on, it may block internal broadcast on LAN if "packet-filter filter all" (don't remember which one is the default one…)

Aruba Employee

Re: ip forward-broadcast ACL

try this solution based on UDP-Helper, this should work for WOL for Comware 7:

 

 

Configuration files #

 

udp-helper enable
udp-helper port 9 # maybe port 7 too and sometimes 12287 as well
#
vlan 1 # Deployment-Server
#
vlan 2 # Client Lan
#
interface Vlan-interface1
ip address 10.110.1.1 255.255.0.0
ip forward-broadcast
udp-helper server 10.2.1.255
#

interface Vlan-interface2

ip address 10.2.1.2 255.255.0.0

 

---snipp---

 

Ralf

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: