Wake on lan (WOL) combined with port-based authentication
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-09-2017 03:41 PM
Hey,
If a machine is in standby mode (listening to WoL packets), there is no session active because no traffic is being emitted by that host. Or are they, that actually a good question...
If not, in case the port/MAC is unauthorized, how do I make WoL work? Will the switch still forward WoL packets nevertheless? In what VLAN would that be in case I would be using VLAN authorization (meaning no VLAN would be set without a session active)? Would I need to set a special static "WoL-VLAN"?
Any thoughts?
Thanks.
If a machine is in standby mode (listening to WoL packets), there is no session active because no traffic is being emitted by that host. Or are they, that actually a good question...
If not, in case the port/MAC is unauthorized, how do I make WoL work? Will the switch still forward WoL packets nevertheless? In what VLAN would that be in case I would be using VLAN authorization (meaning no VLAN would be set without a session active)? Would I need to set a special static "WoL-VLAN"?
Any thoughts?
Thanks.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-10-2017 09:28 AM
Oh, this is going to be pain. You'll need your software deployment / patch mgmt to use a different IP address for WoL (if WoL traffic is routed) than the actual IP address of the end devices...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-10-2017 07:07 AM
Yeah I figured so much.... Thanks.
Note to others finding this: If you use VLAN auth you may need the latest release (for B5 e.g. to date 6-81-08-0005) because of: "19671 Corrected a potential user VLAN assignment error when an authenticated VLAN assignment is removed" (I have not tested this, however I had a VLAN assigned on egress flagged with "etSysPolicyProfile" that could no longer be removed...)
Note to others finding this: If you use VLAN auth you may need the latest release (for B5 e.g. to date 6-81-08-0005) because of: "19671 Corrected a potential user VLAN assignment error when an authenticated VLAN assignment is removed" (I have not tested this, however I had a VLAN assigned on egress flagged with "etSysPolicyProfile" that could no longer be removed...)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-10-2017 06:35 AM
Hi jeronimo,
for EXOS, see How to configure Wake on Lan (WOL) to work with Netlogin & Policy. For EOS, see How to send directed-broadcast to None-Authenticated VLAN user Wake on LAN.
The basic idea is to have some egress VLAN active the port to send the WoL frames, and then move the WoL frames into that VLAN.
Erik
for EXOS, see How to configure Wake on Lan (WOL) to work with Netlogin & Policy. For EOS, see How to send directed-broadcast to None-Authenticated VLAN user Wake on LAN.
The basic idea is to have some egress VLAN active the port to send the WoL frames, and then move the WoL frames into that VLAN.
Erik
