Summary of Wake-On-LAN Router Configuration options

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 12955 

Products
Matrix N-Series DFE
SecureStack C3, C2, B3
C5-Series, B5-Series
G-Series 

Goals
Explain Wake-On-LAN router configuration concepts that are relevant when the WoL user is on a different IP subnet from the PCs to be controlled. 

Discussion
Wake-on-LAN, also known as "Wake on LAN", "WakeUpOnLan", or "WoL", provides a means of allowing a Network Administrator to "wake" one or more PCs remotely, and is possible because of advanced motherboard and NIC functionality that is available from a number of vendors. 

A key component of providing WoL functionality in a routed network is the concept of Directed Broadcast (5503). For the purpose of this document, Directed Broadcast functionality is only applicable when routing a unicast packet destined to a non-direct subnet, and that packet's destination IP address ultimately turns out to match the broadcast address of the destination subnet (e.g. 10.20.1.255/24). If on the other hand there is only a single router involved or the packet remains unicast throughout, Directed Broadcast need not be enabled. 

The initial "magic packet" sent to begin the Wake-On-LAN process may be addressed in three slightly different ways: 
  • As an IP host unicast - with a destination IP address matching the IP address of the targeted host (e.g. 10.20.1.10/24) .
      Layer 3: The packet is unicast-forwarded through all router hops, then forwarded to the destination subnet. The destination IP address remains unchanged, throughout.
        Layer 2: At each router hop, the destination MAC address of the forwarded packet is the next-hop router's local interface MAC address for unicast forwarding to the next-hop router, or the target host's MAC address for unicast forwarding within the destination subnet.

      • As an IP subnet broadcast - with a destination IP address matching the broadcast address of the destination subnet (e.g. 10.20.1.255/24) .
          Need to: Enable Directed Broadcast functionality on the outbound interface of the last-hop router (5503).
            Layer 3: The packet is unicast-forwarded until the final router hop, and upon being allowed the directed broadcast is forwarded onto the destination subnet. The destination IP address remains unchanged, throughout. If Directed Broadcast is not enabled, then the packet is dropped.
              Layer 2: At each router hop, the destination MAC address of the forwarded packet is the next-hop router's local interface MAC address for unicast forwarding to the next-hop router, or FF-FF-FF-FF-FF-FF for directed broadcast forwarding to all nodes within the destination subnet.

            • As an IP network broadcast - with a destination IP address of 255.255.255.255.
                Need to: Define an IP Helper on the inbound interface of the first-hop router (6871, 11980). The IP Helper address would specify the subnet IP address (e.g. 10.20.1.255/24) which should receive the forwarded broadcast packet, and the Forward Protocols would be set up to include UDP port 9 (7 should also work).
                  Then, if there is more than one router between the source and destination networks, enable Directed Broadcast functionality on the outbound-to-users interface(s) of the last-hop router (5503). Keep in mind that if the packet is to be forwarded to all users everywhere, then in effect all routers with attached users are for this purpose acting as last-hop routers.
                    Layer 3, if there is only one router between the source and destination networks:
                      At the router hop, a copy of the packet is broadcast-forwarded onto the destination subnet(s) specified in the IP Helper(s) of the router's inbound interface. If there is no defined forwarding for the WoL UDP port, then the packet is dropped.
                        Layer 3, if there is more than one router between the source and destination networks:
                          At the first router hop, a copy of the packet is unicast-forwarded toward the destination subnet(s) specified in the IP Helper(s) of the router's inbound interface. If there is no defined forwarding for the WoL UDP port, then the packet is dropped.
                            At the intermediate router hops, the packet continues to be unicast-forwarded.
                              At the final router hop, upon being allowed the directed broadcast is forwarded onto the destination subnet. If Directed Broadcast is not enabled, then the packet is dropped.
                                Layer 2: At each router hop, the destination MAC address of the forwarded packet is FF-FF-FF-FF-FF-FF for broadcast forwarding to all nodes within the destination subnet, or the next-hop router's local interface MAC address for unicast forwarding to the next-hop router, or FF-FF-FF-FF-FF-FF for directed broadcast forwarding to all nodes within the destination subnet.

                              Subnet broadcasts provide the means for either deliberate or inadvertent abuse, with the potential of negatively impacting network performance and/or security. Careful consideration should be given when enabling them.
                              Photo of FAQ User

                              FAQ User, Official Rep

                              • 13,610 Points 10k badge 2x thumb

                              Posted 5 years ago

                              • 0
                              • 1

                              There are no replies.

                              This conversation is no longer open for comments or replies.