Header Only - DO NOT REMOVE - Extreme Networks

Use of the IP Forward-Protocol commands on the SecureStack/G-Series


Userlevel 3
Article ID: 11980

Products
SecureStack C3, firmware 1.02.01.0004 and higher
SecureStack C2, firmware 5.02.01.0006 and higher
SecureStack B3, firmware 1.02.01.0004 and higher
G-Series, firmware 1.02.00.0043 and higher

Solution
By default, UDP forwarding as invoked by the 'ip helper-address' command (5720) is enabled for only Bootp/DHCP port 67 (it is not possible to specifically disable forwarding for port 67), but may as desired be further enabled for any combination of the following UDP ports:

  • Trivial File Transfer Protocol (TFTP) = port 69
  • Domain Naming System (DNS) = port 53
  • Time service: (SNTP/NTP) = port 37
  • NetBIOS Name Server = port 137
  • NetBIOS Datagram Server = port 138
  • TACACS service = port 49
  • EN-116 Name Service = port 42
  • Alternate Service Boot = port 4011
One additional service is supported with C3/B3/G firmware 6.03.01.0008+ and C2 firmware 5.02.07.0006+, per release notes:
12289 Wake-on-LAN UDP packets destined to ports 0, 7 and 9 are now forwarded when configured via the "ip forwarding-protocol udp" command.

This command globally adds forwarding of all of the above-stated services/ports on behalf of the 'ip helper-address' command. If any or all of these ports/protocols is already in effect, there is no error message. If this command is attempted in interface mode, error message "Incorrect input! Use 'ip forward-protocol udp [u]'" is generated.

    Global: C2(rw)->router(Config)#ip forward-protocol udp
These commands either globally or per-interface add forwarding of an additional service/port on behalf of the 'ip helper-address' command. If the port/protocol is already in effect, there is no error message. If support for the port/protocol is unavailable in the current firmware (only the above-stated protocols are supported, and port 67 is not optional), error message "The UDP port is not supported for relaying" is generated. Settings on the interface level override, where conflicting, global settings.

    Global: C2(rw)->router(Config)#ip forward-protocol udp <UDP_port> Per-interface: C2(rw)->router(Config)#interface vlan <VLAN_ID> C2(rw)->router(Config-if(Vlan <VLAN_ID>))#ip forward-protocol udp <UDP_port>
These commands either globally or per-interface remove forwarding of a service/port on behalf of the 'ip helper-address' command. If the port/protocol is not presently in effect, there is no error message. If support for the port/protocol is unavailable in the current firmware (only the above-stated protocols are supported, and port 67 is not optional), error message "The UDP port is not supported for relaying" is generated.

    Global: C2(rw)->router(Config)#no ip forward-protocol udp <UDP_port> Per-interface: C2(rw)->router(Config)#interface vlan <VLAN_ID> C2(rw)->router(Config-if(Vlan <VLAN_ID>))#no ip forward-protocol udp <UDP_port>
This command globally removes forwarding of all of the above-stated services/ports (except port 67) on behalf of the 'ip helper-address' command, restoring the default condition. If any or all of these ports/protocols is not presently in effect, there is no error message. If this command is attempted in interface mode, error message "Incorrect input! Use 'ip forward-protocol udp [u]'" is generated.

    Global: C2(rw)->router(Config)#no ip forward-protocol udp
When showing the results in the configuration, only the overrides to the default condition are displayed.

Here is an example management session which essentially demonstrates how to get into and out of router and interface modes, gives examples of global and interface-mode usage, and provides a view of the resulting global forward-protocol state:

C3(rw)->router
C3(rw)->router>enable
C3(rw)->router#config
Enter configuration commands:
C3(su)->router(Config)#ip forward-protocol udp
C3(su)->router(Config)#show running-config
ip forward-protocol udp 69
ip forward-protocol udp 53
ip forward-protocol udp 37
ip forward-protocol udp 137
ip forward-protocol udp 138
ip forward-protocol udp 49
ip forward-protocol udp 42
ip forward-protocol udp 4011
!
interface vlan 201
no shutdown
ip address 10.16.128.1 255.255.255.0
. . .
C3(rw)->router(Config)#interface vlan 201
C3(rw)->router(Config-if(Vlan 201))#ip forward-protocol udp
Incorrect input! Use 'ip forward-protocol udp [u]'
C3(rw)->router(Config-if(Vlan 201))#ip forward-protocol udp ?

[u] Destination UDP port

C3(rw)->router(Config-if(Vlan 201))#ip forward-protocol udp 69
C3(rw)->router(Config-if(Vlan 201))#no ip forward-protocol udp 69
C3(rw)->router(Config-if(Vlan 201))#exit
C3(su)->router(Config)#exit
C3(su)->router#exit
C3(su)->router>exit
C3(su)->show config router
This command shows non-default configurations only.
Use 'show config all' to show both default and non-default configurations.

begin
!
#***** NON-DEFAULT CONFIGURATION *****
!
!
#Router Configuration
router
enable
configure
ip forward-protocol udp 69
ip forward-protocol udp 53
ip forward-protocol udp 37
ip forward-protocol udp 137
ip forward-protocol udp 138
ip forward-protocol udp 49
ip forward-protocol udp 42
ip forward-protocol udp 4011
interface vlan 201
no shutdown
ip address 10.16.128.1 255.255.255.0
. . .
exit
exit
exit
exit
end

C3(su)->[/code]
For a discussion of the 'ip helper-address' command, please refer to 5720.
For additional information, please refer to the Configuration Guide or CLI Reference Guide relevant to your product and firmware version.

0 replies

Be the first to reply!

Reply