topic Re: Wake on LAN in ExtremeSwitching (VSP/Fabric Engine)

Wake on LAN

x34743 — Wed, 10 Jan 2024 09:18:55 GMT

Hello everyone,

I have a question about wake on lan. In XOS it was policy based. e.g.

entry one { if match all { source-address 192.168.1.2/32; if match any { destination-port 9 ; destination-port 7 ; } } then { vlan VLAN30 ; } }

I saw the VOSS example: https://extreme-networks.my.site.com/ExtrArticleDetail?an=000111158 but can I also filter for a specific source address?

Thank you

Many greetings Alexander

Re: Wake on LAN

Brent_Addis — Sun, 28 Jan 2024 19:28:44 GMT

Yeah. You can.

1. Define an ACL for WoL Filtering:

Create an ACL that permits WoL packets from a specific source IP address and denies others.

create access-list "WoL_Filter"

2. Configure ACL Rules:

Configure rules within the ACL to explicitly permit WoL packets from the specific source IP address and deny the rest. WoL packets usually use UDP and target port 7 or 9.

Example:

# Permit WoL packets from a specific source IP
entry 10 {
    action permit
    from ip 
    source-ip <Specific_Source_IP>/32
    destination-port 7 9
    protocol udp
}
# Implicit deny at the end (default behavior)

3. Apply the ACL to the Relevant Interface or VLAN:

Apply the ACL to the interface or VLAN where you want to filter the WoL packets.

For an interface:

configure interface <interface_name> ip access-group "WoL_Filter" in

For a VLAN:

configure vlan <vlan_name> ip access-group "WoL_Filter" in

4. Validate the Configuration:

After applying the ACL, ensure that WoL functionality is working as expected. Verify that only WoL packets from the specified source are allowed and that all other WoL packets are blocked.

5. Monitoring and Logging (Optional):

Consider enabling logging for the ACL to monitor the packets being permitted or denied. This can help in troubleshooting and ensuring that the ACL is working as intended.

configure log filter "WoL_Filter" add entry 10

Re: Wake on LAN

x34743 — Mon, 29 Jan 2024 13:50:08 GMT

Hi Brent,

thank you very much for your answer. But your solution is also for XOS? However, I am looking to implement this solution in VOSS. For Voss I only found the example from Extreme, where you have to allow the entire VLAN and cannot limit it to a source address.

Re: Wake on LAN

Brent_Addis — Mon, 29 Jan 2024 18:55:15 GMT

Ah. Sorry, my mistake. Hadn't had any coffee 😂

Try this:

1. Define an ACL for WoL Filtering:

Create an ACL that permits WoL packets from a specific source IP address and denies others.

acl create "WoL_Filter"

2. Configure ACL Rules:

Configure rules within the ACL to explicitly permit WoL packets from the specific source IP address and deny the rest. Remember, WoL packets usually use UDP and target port 7 or 9.

Example:

# Permit WoL packets from a specific source IP
acl rule-create "WoL_Filter" seq 10 action permit protocol udp src-ip <Specific_Source_IP>/32 src-port 0-65535 dst-ip <Broadcast_Address> dst-port 7-9
# Deny other WoL packets (if necessary)
acl rule-create "WoL_Filter" seq 20 action deny protocol udp src-ip any src-port 0-65535 dst-ip <Broadcast_Address> dst-port 7-9

3. Apply the ACL to the Relevant VLAN or Interface:

Apply the ACL to the interface or VLAN where you want to filter the WoL packets.

interface vlan <VLAN_ID>
ip access-group "WoL_Filter" in

4. Validate the Configuration:

After applying the ACL, ensure that WoL functionality is working as expected. Verify that only WoL packets from the specified source are allowed and that all other WoL packets are blocked.