Cisco Systems OL-16066-01 appendix Acl, Display an Object Selectors, page F-593

Advanced Interface Settings Page

Table K-13

Advanced Interface Settings Dialog Box (Continued)

Enable Directed

When selected, directed broadcast packets are “exploded” as a link-layer

Broadcasts

broadcast when this interface is directly connected to the destination subnet.

When deselected, directed broadcast packets that are intended for the subnet

to which this interface is directly connected are dropped rather than being

broadcast. This is the default.

An IP directed broadcast is an IP packet whose destination address is a valid

broadcast address on a different subnet from the node on which it originated.

In such cases, the packet is forwarded as if it was a unicast packet until it

reaches its destination subnet.

This option affects only the final transmission of the directed broadcast on

its destination subnet; it does not affect the transit unicast routing of IP

directed broadcasts.

Note Because directed broadcasts, and particularly ICMP directed

broadcasts, have been abused by malicious persons, we recommend

deselecting this option on interfaces where directed broadcasts are

not needed.

ACL

Applies only when directed broadcasts are enabled.

The standard access list that determines which directed broadcasts are

permitted to be broadcast on the destination subnet. All other directed

broadcasts destined for the subnet to which this interface is directly

connected are dropped. Enter the name of an ACL object, or click Select to

display an Object Selectors, page F-593.

If the standard ACL you want is not listed, click the Create button in the

selector to display the Add and Edit Standard Access List Pages, page F-42.

From here you can create an ACL object.

Note To prevent misuse by malicious persons, we recommend using ACLs

to restrict the use of directed broadcasts.

User Guide for Cisco Security Manager 3.2

OL-16066-01

K-33