Wake on lan (WOL) combined with port-based authentication

Userlevel 2

If a machine is in standby mode (listening to WoL packets), there is no session active because no traffic is being emitted by that host. Or are they, that actually a good question...

If not, in case the port/MAC is unauthorized, how do I make WoL work? Will the switch still forward WoL packets nevertheless? In what VLAN would that be in case I would be using VLAN authorization (meaning no VLAN would be set without a session active)? Would I need to set a special static "WoL-VLAN"?

Any thoughts?


3 replies

Userlevel 7
Hi jeronimo,

for EXOS, see How to configure Wake on Lan (WOL) to work with Netlogin & Policy. For EOS, see How to send directed-broadcast to None-Authenticated VLAN user Wake on LAN.

The basic idea is to have some egress VLAN active the port to send the WoL frames, and then move the WoL frames into that VLAN.

Userlevel 2
Yeah I figured so much.... Thanks.

Note to others finding this: If you use VLAN auth you may need the latest release (for B5 e.g. to date 6-81-08-0005) because of: "19671 Corrected a potential user VLAN assignment error when an authenticated VLAN assignment is removed" (I have not tested this, however I had a VLAN assigned on egress flagged with "etSysPolicyProfile" that could no longer be removed...)
Userlevel 2
Oh, this is going to be pain. You'll need your software deployment / patch mgmt to use a different IP address for WoL (if WoL traffic is routed) than the actual IP address of the end devices...