Manualshelf

HP VPN Firewall Appliances System Management and Maintenance Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
15
Optimizing IP performance
Optimization IP performance can be configured only at the CLI.
This chapter describes multiple features for IP performance optimization.
Enabling receiving and forwarding of directed
broadcasts to a directly connected network
A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address
of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all
ones.
If a device is allowed to forward directed broadcasts to a directly connected network, hackers can
exploit this vulnerability to attack the target network. However, this feature must be enabled for the wake
on LAN function to forward directed broadcasts for waking up a specific host.
Enabling receiving of directed broadcasts to a directly
connected network
If a device does not support this feature, the device can receive directed broadcasts by default.
If a device is enabled to receive directed broadcasts, the device determines whether to forward them
according to the configuration on the outgoing interface.
A device that has been disabled from receiving directed broadcasts can still receive broadcast packets
destined for specific UDP ports, which, for example, are configured to be forwarded by UDP helper.
To enable the device to receive directed broadcasts:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the device to receive
directed broadcasts.
ip forward-broadcast Disabled by default.
Enabling forwarding of directed broadcasts to a directly
connected network
When you enable the device to forward directed broadcasts, follow these guidelines:
If an ACL is referenced in the ip forward-broadcast command, only packets permitted by the ACL
can be forwarded.
If you repeatedly execute the ip forward-broadcast command on an interface, only the last
executed command takes effect. If the command executed last does not include acl acl-number, the
ACL configured previously is removed.