Directed Broadcasts and IOS

I’ve been reading about directed broadcasts recently. According to RFC2644, directed broadcasts should not be forwarded by routers to the end hosts on the destination subnet. It wasn’t very clear if routers should drop directed broadcasts. If so, should these be dropped by intermediate router, or the one at the final destination? So, I decided to build a small lab and capture few packets.

To remind you…

Directed Broadcasts are packets sent to a broadcast address of a specific subnet, aka subnet’s last IP address, e.g. (subnet, or (subnet Previously, routers were forwarding directed broadcasts to all hosts on the destination network! It soon became obvious that it was a great security threat.

Here’s the topology I used

So, we know, router’s default behavior is “no ip directed-broadcast”. However, when I tried to ping from Host-01, I’ve got ICMP replies back. Why is that?

I decided to repeat my experiment, but this time with Wireshark capturing frames on Host-02’s Gi0/0 and R03’s Gi0/1 interfaces. I noticed that Host-02 hasn’t received any ICMP packets at all, but R03 has got ICMP Echo Request and replied:

Apparently, directed broadcasts are forwarded up to the router, which is directly connected to the destination network. But not to the final network itself, instead router replies on behalf of the whole network.

To change default behavior, I have applied “ip directed-broadcast” to R03’s Gi0/0 interface. This has instructed router to forward directed broadcast packets to all hosts on that network. New capture on R03’s Gi0/1 interface had one additional ICMP packet from Host-02.

Interestingly enough, ICMP Echo Request packet, captured on Host-02’s interface, had destination IP address replaced with local net broadcast address (

The following conclusion can be made. By default, routers forward directed broadcasts up to the final router, which then drops broadcast packets and responds on behalf of the whole network. Once directed broadcasts are enabled on the interface, router begins to forward broadcasts to all hosts connected to the destination network using local net broadcast address (

I hope you’ll find this useful.

Update 27/02/2017: Forgot to mention when directed broadcasts might be handy. You may want to enable directed broadcasts to support Wake on LAN capabilities. To wake hosts on a remote subnet, you will have to enable directed broadcasts on the interface pointing to that subnet. However, remember to restrict broadcast packets to a range of defined source IP addresses or networks. That is, make sure you don’t allow anyone in the network to send a directed broadcast to the network of interest.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.