Hi. I'm trying to configure directed broadcast to allow WoL to work over the routed network - with security so it's only allowing packets from the WoL server to pass. On Comware 7, you can't add the ACL prefix to the end of "ip forward-broadcast" comand like you can in comware 5.
As an alternative solution, I can add an ACL to the interface to block subnet broadcasts from hosts except for the WoL server. Example (wol server = 10.10.10.10):
acl number 3001 name ACL-BLOCK_DIRECTED_BRDCST
rule 0 permit udp source 10.10.10.10 0 destination 10.0.0.255 0 destination-port eq 9
rule 5 deny ip destination 10.0.0.255 0
rule 10 permit ip
interface Vlan-interface100
ip address 10.0.0.1 255.255.255.0
ip forward-broadcast
packet-filter 3001 outbound
The issue with this is that i think that the deny statement will also block the routers own broadcasts to the 10.0.0.0/24 network. I don't have a lab so is this true? Is there a solution where I can only allow the WoL server to send broadcasts to this subnet? Thanks.
#ACLs