Extreme Networks

x34743 · ‎01-10-2024

Hello everyone,

I have a question about wake on lan. In XOS it was policy based. e.g.

entry one {
        if match all {
                source-address 192.168.1.2/32;
                if match any {
                        destination-port 9 ;
                        destination-port 7 ;
                }
} then {
        vlan VLAN30 ;
}
}

I saw the VOSS example: https://extreme-networks.my.site.com/ExtrArticleDetail?an=000111158 but can I also filter for a specific source address?

Thank you

Many greetings Alexander

Brent_Addis · ‎01-29-2024

Ah. Sorry, my mistake. Hadn't had any coffee 😂

Try this:

1. Define an ACL for WoL Filtering:

Create an ACL that permits WoL packets from a specific source IP address and denies others.

acl create "WoL_Filter"

2. Configure ACL Rules:

Configure rules within the ACL to explicitly permit WoL packets from the specific source IP address and deny the rest. Remember, WoL packets usually use UDP and target port 7 or 9.

Example:

# Permit WoL packets from a specific source IP
acl rule-create "WoL_Filter" seq 10 action permit protocol udp src-ip <Specific_Source_IP>/32 src-port 0-65535 dst-ip <Broadcast_Address> dst-port 7-9
# Deny other WoL packets (if necessary)
acl rule-create "WoL_Filter" seq 20 action deny protocol udp src-ip any src-port 0-65535 dst-ip <Broadcast_Address> dst-port 7-9

3. Apply the ACL to the Relevant VLAN or Interface:

Apply the ACL to the interface or VLAN where you want to filter the WoL packets.

interface vlan <VLAN_ID>
ip access-group "WoL_Filter" in

4. Validate the Configuration:

After applying the ACL, ensure that WoL functionality is working as expected. Verify that only WoL packets from the specified source are allowed and that all other WoL packets are blocked.

-----
-Brent Addis / Extreme Black Belt #491

New to Extreme? Check out the Welcome series here - https://training.extremenetworks.com/welcome-series-1
Want to join the official Extreme learners discord? Let me know!

View solution in original post

Brent_Addis · ‎01-28-2024

Yeah. You can.

1. Define an ACL for WoL Filtering:

Create an ACL that permits WoL packets from a specific source IP address and denies others.

create access-list "WoL_Filter"

2. Configure ACL Rules:

Configure rules within the ACL to explicitly permit WoL packets from the specific source IP address and deny the rest. WoL packets usually use UDP and target port 7 or 9.

Example:

# Permit WoL packets from a specific source IP
entry 10 {
    action permit
    from ip 
    source-ip <Specific_Source_IP>/32
    destination-port 7 9
    protocol udp
}
# Implicit deny at the end (default behavior)

3. Apply the ACL to the Relevant Interface or VLAN:

Apply the ACL to the interface or VLAN where you want to filter the WoL packets.

For an interface:

configure interface <interface_name> ip access-group "WoL_Filter" in

For a VLAN:

configure vlan <vlan_name> ip access-group "WoL_Filter" in

4. Validate the Configuration:

After applying the ACL, ensure that WoL functionality is working as expected. Verify that only WoL packets from the specified source are allowed and that all other WoL packets are blocked.

5. Monitoring and Logging (Optional):

Consider enabling logging for the ACL to monitor the packets being permitted or denied. This can help in troubleshooting and ensuring that the ACL is working as intended.

configure log filter "WoL_Filter" add entry 10

-----
-Brent Addis / Extreme Black Belt #491

New to Extreme? Check out the Welcome series here - https://training.extremenetworks.com/welcome-series-1
Want to join the official Extreme learners discord? Let me know!

x34743 · ‎01-29-2024

Hi Brent,

thank you very much for your answer. But your solution is also for XOS? However, I am looking to implement this solution in VOSS. For Voss I only found the example from Extreme, where you have to allow the entire VLAN and cannot limit it to a source address.

Brent_Addis · ‎01-29-2024

Ah. Sorry, my mistake. Hadn't had any coffee 😂

Try this:

1. Define an ACL for WoL Filtering:

Create an ACL that permits WoL packets from a specific source IP address and denies others.

acl create "WoL_Filter"

2. Configure ACL Rules:

Configure rules within the ACL to explicitly permit WoL packets from the specific source IP address and deny the rest. Remember, WoL packets usually use UDP and target port 7 or 9.

Example:

# Permit WoL packets from a specific source IP
acl rule-create "WoL_Filter" seq 10 action permit protocol udp src-ip <Specific_Source_IP>/32 src-port 0-65535 dst-ip <Broadcast_Address> dst-port 7-9
# Deny other WoL packets (if necessary)
acl rule-create "WoL_Filter" seq 20 action deny protocol udp src-ip any src-port 0-65535 dst-ip <Broadcast_Address> dst-port 7-9

3. Apply the ACL to the Relevant VLAN or Interface:

Apply the ACL to the interface or VLAN where you want to filter the WoL packets.

interface vlan <VLAN_ID>
ip access-group "WoL_Filter" in

4. Validate the Configuration:

After applying the ACL, ensure that WoL functionality is working as expected. Verify that only WoL packets from the specified source are allowed and that all other WoL packets are blocked.

-----
-Brent Addis / Extreme Black Belt #491

New to Extreme? Check out the Welcome series here - https://training.extremenetworks.com/welcome-series-1
Want to join the official Extreme learners discord? Let me know!

Extreme Networks

Wake on LAN

Wake on LAN

1. Define an ACL for WoL Filtering:

2. Configure ACL Rules:

3. Apply the ACL to the Relevant VLAN or Interface:

4. Validate the Configuration:

1. Define an ACL for WoL Filtering:

2. Configure ACL Rules:

3. Apply the ACL to the Relevant Interface or VLAN:

4. Validate the Configuration:

5. Monitoring and Logging (Optional):

1. Define an ACL for WoL Filtering:

2. Configure ACL Rules:

3. Apply the ACL to the Relevant VLAN or Interface:

4. Validate the Configuration: