Wired Intelligent Edge (Campus Switching and Routing)

ip forward-broadcast ACL



I have a HPE 5510 switch which is comware 7 based.

I need “ip forward-broadcast”. So this isn’t hard to configure but in comware 5 it was possible to add an ACL to the “ip forward-broadcast”.


Acl 3001

rule 10 permit udp source destination 0 destination-port eq 9


Comware 5: ip forward-broadcast acl 3001

Comware 7: ip forward-broadcast


So to have less broadcast forwarded how to add a acl to the “ip forward-broadcast”

Re: ip forward-broadcast ACL

Had the exact same question this morning:
You can just apply an acl to the interface with 'packet-filter 3001 outbound' (or inbound, depending of your network config).


Your ACL may be:


Acl 3001
  rule 10 permit udp source destination 0 destination-port eq 9
  rule 15 deny ip destination 0
rule 20 permit ip

Hope this can help someone avoiding loosing time…

Re: ip forward-broadcast ACL


I am having the same problem. about packet-filter solution, doesn't it block all unicast and multicast traffic too along with broadcast?


Re: ip forward-broadcast ACL

The rules I gave should let directed-broadcast work if coming from and to udp port 9 (wake-on-lan), blocking all other directed-broadcast from outside of the LAN (but not multicast, which is 224/4 if my memory doesn't fail here)


This is true with "packet-filter filter route" on the interface you apply acl on, it may block internal broadcast on LAN if "packet-filter filter all" (don't remember which one is the default one…)

Re: ip forward-broadcast ACL

try this solution based on UDP-Helper, this should work for WOL for Comware 7:



Configuration files #


udp-helper enable
udp-helper port 9 # maybe port 7 too and sometimes 12287 as well
vlan 1 # Deployment-Server
vlan 2 # Client Lan
interface Vlan-interface1
ip address
ip forward-broadcast
udp-helper server

interface Vlan-interface2

ip address





