Configuring ip performance optimization, Configuration procedure, Configuration example – H3C Technologies H3C SecPath F1000-E User Manual

Page 26: Network requirements

Advertising
background image

15

Configuring IP performance optimization

Enabling forwarding of directed broadcasts

destined for the directly connected network

Directed broadcast packets are broadcast on a specific network. In the destination IP address of a
directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.

If a device is allowed to forward directed broadcasts destined for the directly connected network,

hackers might mount attacks to the network. However, you can enable the feature when using the

following functions:

UDP helper—Converts broadcasts to unicasts and forward them to a specified server.

Wake on LAN—Forwards directed broadcasts to a host on the remote network.

Configuration procedure

To enable the firewall to forward directed broadcasts:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type interface-number N/A

3.

Enable the interface to

forward directed broadcasts. ip forward-broadcast [ acl acl-number ]

Disabled by default

NOTE:

If an ACL is referenced in the ip forward-broadcast command, only packets permitted by the ACL can
be forwarded.

If you repeatedly execute the ip forward-broadcast command on an interface, only the last executed
command takes effect. If the command executed last does not include the acl

acl-number, the ACL

configured previously will be removed.

Configuration example

Network requirements

As shown in

Figure 10

, the host's interface and GigabitEthernet 0/1 of SecPath are on the same network

segment (1.1.1.0/24). Interface GigabitEthernet 0/2 of SecPath and interface GigabitEthernet 0/2 of the

router are on another network segment (2.2.2.0/24). The default gateway of the host is GigabitEthernet
0/1 (IP address 1.1.1.2/24) of SecPath. Configure a static route to the host on the router.
Configure the router to receive directed broadcasts from the host to IP address 2.2.2.255.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals