Broadcasting between VLANS

kristianbrownkristianbrown Member Posts: 20 ■□□□□□□□□□
Hi everyone. Lately I've had a weird issue i want to solve..

My equipment:
24 Zyxel unmanaged 24port 10/100 switches.
3 distro Cisco3750ME switches
1 Core 6509 with sp720 cards.

All the Zyxel switches is connected to 1 port / 1 vlan each on the distro switches with /25 subnet residing on each vlan.

Now, the problem here is that i want broadcast messages from a computer on one of the vlans to reach the computers on the other vlans also, not just the vlan the computer is connected to. However, I do not want all broadcasts to reach the other computers on the other vlans, but filter them, preferably by udp/tcp port values and denying all other broadcasts that do not match my prefered port values.

Lets say im connected to a Zyxel switch on vlan 102, and im starting up a game that find hosts on the LAN segment by using broadcast packets with udp 6112. I want these broadcasts to go through to the other vlans also..

Not sure if i explained this correct. But is there a solution available that can actually do this? And better, is there any possibility of filtering what broadcast packets should be broadcasted to the other vlans?

Regards
Kristian

Comments

  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    This should work in theory:
    Use the "ip-helper" command in global config mode to specify the remote destination ip addresses you want to forward broadcasts to.Create an extended access-list on the 3750 to only allow traffic to certain ports.

    The access-list will look something like this, allow udp ports 6112 in both directions, block any ip traffic with a broadcast destination address, allow all other ip traffic.

    ip access-list extended AllowPort6112
    permit udp any any eq 6112
    permit udp any eq 6112 any
    deny ip any x.x.x.255 0.0.0.0
    permit ip any any
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
  • kristianbrownkristianbrown Member Posts: 20 ■□□□□□□□□□
    EdTheLad wrote: »
    This should work in theory:
    Use the "ip-helper" command in global config mode to specify the remote destination ip addresses you want to forward broadcasts to.Create an extended access-list on the 3750 to only allow traffic to certain ports.

    The access-list will look something like this, allow udp ports 6112 in both directions, block any ip traffic with a broadcast destination address, allow all other ip traffic.

    ip access-list extended AllowPort6112
    permit udp any any eq 6112
    permit udp any eq 6112 any
    deny ip any x.x.x.255 0.0.0.0
    permit ip any any

    Ok. Figured we could use the ip helper command for something like this.
    BUT, we can have max 4 ip helper adresses on a Cisco, i think..
    And i guess you meant the ip helper address under the vlan interfaces right?

    In this setup we have about 800 computers, on about 30 different vlans. We want all computers to be able to broadcast to each other, between vlans, but limited to specific port numbers.. Was this any more clear?

    Thanks in advance!

    Kristian
  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    Yes, under the vlan interface.I'm not sure on how many helper addresses are supported, but more than 4 are configurable on my 3660.So if 29 helper addresses are supported per vlan interface you should be golden.

    You wont need the access-list either, just allow the port using the command.
    "ip forward-protocol udp 6112"
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
  • kristianbrownkristianbrown Member Posts: 20 ■□□□□□□□□□
    Ahh great! I will try this on saturday and post the results here. Also, someone mentioned I could use the "ip multicast helper-map" command for achieving the same result. But I havent been doing much multicasting configuration before, so the first solution seems better.

    Regards.

    Kristian
  • kristianbrownkristianbrown Member Posts: 20 ■□□□□□□□□□
    Hmm, thinking one thing here..

    interface vlan 10
    ip helper-address 255.255.255.255
    ip directed-broadcast

    If i use this on all vlan interfaces, will this work? Instead of typing in the GW ip on every single vlan interface..
  • kryollakryolla Member Posts: 785
    Hmm, thinking one thing here..

    interface vlan 10
    ip helper-address 255.255.255.255
    ip directed-broadcast

    If i use this on all vlan interfaces, will this work? Instead of typing in the GW ip on every single vlan interface..

    I think you best bet might be multicast helper command to convert the broadcast to multicast and the other vlans DR can join that group then covert it back to broadcast i.e 255.255.255.255 or directed broadcast 172.16.15.255. So multiple vlans can join the same group. Check out Cisco config guide and how to do this, its not that difficult.

    IP helper-address command is suppose to convert the broadcast to unicast and then it is up to the routing table to get it to the final destination but with 255.255.255.255 how is the router going to know what vlans want it. Plus if you put in a unicast address it wont get converted back to broadcast only the router with the helper command once it receives a reply from the DHCP server will it convert it back to broadcast and put it on the originating segment.
    Studying for CCIE and drinking Home Brew
  • BennyLavaBennyLava Member Posts: 60 ■■□□□□□□□□
    I think it should work if you use the subnet broadcast address as the ip helper-address and enable ip directed-broadcast on the exit interfaces. For example if vlan 10 was 192.168.10.0/25 and vlan 20 was 192.168.20.0/25 and you wanted a broadcast forwarded from vlan 10 to 20 it would be something like:

    interface vlan 10
    ip helper-address 192.168.20.127

    interface vlan 20
    ip directed-broadcast <ACL>

    You can use an ACL with ip directed-broadcast so you could filter which types of broadcasts are sent into each vlan. You would also need ip forward-protocol like Ed mentioned.
  • kryollakryolla Member Posts: 785
    In this setup we have about 800 computers, on about 30 different vlans

    That is a lot of helper addresses
    Studying for CCIE and drinking Home Brew
  • kristianbrownkristianbrown Member Posts: 20 ■□□□□□□□□□
    kryolla wrote: »
    That is a lot of helper addresses

    Yeah, thats a big dirty configuration. So im trying to avoid it. Trying pim next.
  • robertlrobertl Member Posts: 2 ■□□□□□□□□□
    Can any one explain the difference between "ip helper-address" and "ip helper-address global"?
  • kryollakryolla Member Posts: 785
    robertl wrote: »
    Can any one explain the difference between "ip helper-address" and "ip helper-address global"?

    I think it has to do with the vrf and the global routing table. For example if you put that command on a VRF interface whatever IP address is on the helper command will be in the global routing table instead of the VRF routing table.
    Studying for CCIE and drinking Home Brew
Sign In or Register to comment.