Wake on lan (WOL) combined with port-based authentication

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hey,

If a machine is in standby mode (listening to WoL packets), there is no session active because no traffic is being emitted by that host. Or are they, that actually a good question...

If not, in case the port/MAC is unauthorized, how do I make WoL work? Will the switch still forward WoL packets nevertheless? In what VLAN would that be in case I would be using VLAN authorization (meaning no VLAN would be set without a session active)? Would I need to set a special static "WoL-VLAN"?

Any thoughts?

Thanks.
Photo of jeronimo

jeronimo

  • 1,428 Points 1k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,792 Points 10k badge 2x thumb
Hi jeronimo,

for EXOS, seeĀ How to configure Wake on Lan (WOL) to work with Netlogin & Policy. For EOS, seeĀ How to send directed-broadcast to None-Authenticated VLAN user Wake on LAN.

The basic idea is to have some egress VLAN active the port to send the WoL frames, and then move the WoL frames into that VLAN.

Erik
Photo of jeronimo

jeronimo

  • 1,428 Points 1k badge 2x thumb
Yeah I figured so much.... Thanks.

Note to others finding this: If you use VLAN auth you may need the latest release (for B5 e.g. to date 6-81-08-0005) because of: "19671 Corrected a potential user VLAN assignment error when an authenticated VLAN assignment is removed" (I have not tested this, however I had a VLAN assigned on egress flagged with "etSysPolicyProfile" that could no longer be removed...)
Photo of jeronimo

jeronimo

  • 1,428 Points 1k badge 2x thumb
Oh, this is going to be pain. You'll need your software deployment / patch mgmt to use a different IP address for WoL (if WoL traffic is routed) than the actual IP address of the end devices...