Networking

Get IT Done: Enable directed broadcasts with Cisco's IP Helper Address feature

See how to use Ciscos IP Helper Address feature to allow DHCP broadcasts to cross the router while keeping other broadcasts isolated to the local segment

Traditionally, routers have been used to separate broadcast domains. Essentially, a router is placed between two segments to prevent broadcasts from being forwarded between them. This is generally a good design since it keeps local traffic localized and forwards only unicast traffic.

But, what if a client or application needs to broadcast traffic to a server on a different segment of the network? For example, what happens if you have DHCP clients on a network that is different than the DHCP server? Will the DHCP requests cross the router to get to the DHCP server? By default, the answer is “no.” Remember, DHCP requests are broadcast, and therefore blocked, by routers.

So, how do you allow DHCP broadcasts to cross the router and still keep other broadcasts isolated to the local segment? One solution is the implementation of Cisco’s IP Helper Address feature.

IP Helper Address
The IP Helper Address feature converts broadcast messages into directed-broadcast or unicast messages. By configuring an IP Helper Address, you instruct the router to convert the messages accordingly. By default, when the IP Helper Address feature is enabled, eight protocols are forwarded. These eight protocols and their associated ports are:
  • TFTP (port 69)
  • DNS (port 53)
  • Time (port 37)
  • TACACS (port 49)
  • BOOTP client (port 68)
  • BOOTP server (port 67)
  • NetBIOS name service (port 137)
  • NetBIOS datagram service (port 138)

When there is only one server located on a remote segment, the IP Helper Address is configured with the address of that server. Any broadcast traffic of the type listed above is forwarded to that server. If there are multiple servers located on a remote segment, the IP Helper Address is configured with the broadcast address for that segment. Broadcast traffic of the type listed above is sent in the form of a directed-broadcast to all of the servers on the segment.

For more granular control over the broadcast protocols and ports that are forwarded across the router, the IP Forward-Protocol feature can be used. It allows the network administrator to permit or deny broadcast traffic based on the UDP port numbers.

Whenever possible, keep local traffic local
The IP Helper Address and the IP Forward-Protocol features are valuable tools that can open up the network for broadcast traffic that needs to be forwarded, while blocking broadcasts that should remain local. For more information on managing IP traffic, check out CCIE Professional Development: Routing TCP/IP, Volume I.

Warren Heaton CCDA, CCNA, MCSE+I is the Cisco program manager for A Technological Advantage in Louisville, KY.

If you'd like to share your opinion, please post a comment at the bottom of this page or send the editor an e-mail.
0 comments

Editor's Picks