Configuring ip performance optimization, Configuration procedure, Configuration example – H3C Technologies H3C SecPath F1000-E User Manual
Page 26: Network requirements
15
Configuring IP performance optimization
Enabling forwarding of directed broadcasts
destined for the directly connected network
Directed broadcast packets are broadcast on a specific network. In the destination IP address of a
directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.
If a device is allowed to forward directed broadcasts destined for the directly connected network,
hackers might mount attacks to the network. However, you can enable the feature when using the
following functions:
•
UDP helper—Converts broadcasts to unicasts and forward them to a specified server.
•
Wake on LAN—Forwards directed broadcasts to a host on the remote network.
Configuration procedure
To enable the firewall to forward directed broadcasts:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter interface view.
interface interface-type interface-number N/A
3.
Enable the interface to
forward directed broadcasts. ip forward-broadcast [ acl acl-number ]
Disabled by default
NOTE:
•
If an ACL is referenced in the ip forward-broadcast command, only packets permitted by the ACL can
be forwarded.
•
If you repeatedly execute the ip forward-broadcast command on an interface, only the last executed
command takes effect. If the command executed last does not include the acl
acl-number, the ACL
configured previously will be removed.
Configuration example
Network requirements
As shown in
, the host's interface and GigabitEthernet 0/1 of SecPath are on the same network
segment (1.1.1.0/24). Interface GigabitEthernet 0/2 of SecPath and interface GigabitEthernet 0/2 of the
router are on another network segment (2.2.2.0/24). The default gateway of the host is GigabitEthernet
0/1 (IP address 1.1.1.2/24) of SecPath. Configure a static route to the host on the router.
Configure the router to receive directed broadcasts from the host to IP address 2.2.2.255.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS