Wake-On-LAN config on Summit X460

  • 0
  • 1
  • Question
  • Updated 4 years ago
I'm looking for config guidance on Wake-on-LAN on a stack of Summit x460's. Here is the layout and requirements.

Layout
I have a server on one VLAN that is used to send WOL packets to workstations that reside on different VLAN's.
All VLAN's reside on this one Stack of X460's and the remote switches with the workstations collapse to this stack.

Requirements.
I would like to enable WOL. To do this i understand I have to enable IPforwarding of broadcasts per vlan by using the command enable ipforwading broadcast vlan "x".
I would like to be able to restrict the forwarding of broadcasts to a set of UDP ports. How do i go about doing this?
Secondly, i would like to restrict the broadcasts to the WOL server. 
So in short, enable directed broadcasts restricted to a set of UDP ports and restrict the source.

Thanks much  for your time,
Sky.
Photo of Andrew Hades

Andrew Hades

  • 110 Points 100 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Sumit Tokle

Sumit Tokle, Alum

  • 5,738 Points 5k badge 2x thumb
1) Put the server tagged in all vlans that have clients who need to receive the WoL packet (magic packet)

2) Configure a broadcast udp forwarding profile

UDP forwarding handles the directed forwarding of broadcast UDP packets. Configuring an udp profile on the switch allows you to configure your switch so that inbound broadcast UDP packets on a VLAN are forwarded to a particular destination IP address of VLAN.

Here is an example:

Create test policy(type the command "vi test.pol")

entry two {
if match all {
destination-port <PoRT_NUMBER> ; // port number which we have configured on Server
} then {
vlan "<vlan_name>" ;
}
}




server should be in each one of the vlan.


You simply need to get the broadcast packet out of the broadcast domain, so if you have a server in the server vlan sending WOL packets, you only need a policy on that switch to forwarded it across the L3 boundary into the routed vlan at that site, or each vlan that needs to hear it.


Policy files used for UDP forwarding are processed differently from standard policy files. Instead of terminating when an entry’s match clause becomes true, each entry in the policy file is processed and the corresponding action is taken for each true match clause. For example, if the following policy file is used as a UDP forwarding profile, any packets destined for UDP port 67 are sent to IP address 20.0.0.5 and flooded to VLAN to7: 

entry one
{ if match all

destination-port 67 ; 
}
then 

destination-ipaddress 20.0.0.5 ; 

}
entry two 
{
if match all
{
destination-port 67 ; 
}
then 

vlan "to7" ;
}


This profile needs to add to the originating router where the server is to see the broadcast and then send it on its way.
Photo of Andrew Hades

Andrew Hades

  • 110 Points 100 badge 2x thumb
I was looking at your response and had a question. The VLAN's i want to send UDP packets are associated to Ports 3 and 6. I have also tagged these ports with the Server VLAN.
After applying the UDP profile  and running a show udp-profile command i see that UDP port 16 and 1200 are forwarded to the defined VLAN in the policy file.

Does this also mean that any host can send UDP packets to this VLAN? Is there a way to restrict the UDP flooding to just the server that sends the udp packets? Can I use instead of "match all" Source address of the server? The commands below are what i entered:

entry one {if match all {
destination-port 16 ;
} then {
vlan TEST ;
}
}

entry two {
if match all {
destination-port 1200 ;
} then {
vlan TEST;
}
}

thanks,
V