Solved

Stopping IP croadcasts from reaching a device

Posted on 2002-06-20
5
305 Views
Last Modified: 2010-04-11
I am testing an IP device on our LAN and need to stop all IP broadcasts such as browser announcements from reaching that device. I did it by putting a router inbetween our LAN and the control network that this device is on and this worked fine. My question is: Are there any other ways of doing this without having to segment it with a router? I think that maybe a VLAN might be able to accomplish this using a Cisco Catalyst switch but I'm not positive. Could someone verify this for me and also suggest any other options or switch brands (If it is possible to do it with a switch at all) that might work? This device still needs to be accessible to all traffic specifically destined for it but the IP broadcasts should not reach it. Thanks!
0
Comment
Question by:GBP
5 Comments
 
LVL 8

Accepted Solution

by:
scraig84 earned 25 total points
Comment Utility
By implementing VLANs you still need a router to make this VLAN accessible to the other VLANs and segments.  VLANS are simply multiple segments within the confines of a single device or group of devices.  They give more flexibility than the traditional segmentation by a single device.

However, getting back to your question, the router (or corresponding segment it serves) is still the basic boundary of a broadcast domain.  So there is really not many options that you have aside from placing some type of filtering software on the machine itself that does not listen to anything but packets destined specifically for it.  However, this still causes packet processing :).
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 25 total points
Comment Utility
Agree with scraig84. Ethernet by design is comprised of both broadcast and collision domains. Setting up VLANs makes each broadcast domain smaller, but each VLAN is still considered a broadcast domain. A router is required to move packets between brodcast domains. If your goal is to have an application/server that cannot receive broadcasts then there are not many options other than using a router. That is the best way, but you could also use a layer 3 switch which is basically a very fast slimmmed down router with multiple ports.
One option would be Cisco's 3550 intelligent switches:
http://www.cisco.com/warp/public/cc/pd/si/casi/ca3550/prodlit/c355e_ds.htm

0
 

Expert Comment

by:boiledfrog
Comment Utility
Sorry if if this has been covered...

What kind of device?

If it's a PC running winXP Pro you can run the built in firewall - this can be set to ignore pretty much anything!
0
 
LVL 1

Expert Comment

by:Cbracker
Comment Utility
This may not work - I haven't tested it w/broadcast IP addresses, but if you are using Catalyst switch, have you tried putting an access list on the port blocking the broadcast IP?  
0
 

Expert Comment

by:CleanupPing
Comment Utility
GBP:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now