cancel
Showing results for 
Search instead for 
Did you mean: 

Wake on LAN

Wake on LAN

x34743
New Contributor

Hello everyone,

I have a question about wake on lan. In XOS it was policy based. e.g.

 

entry one {
        if match all {
                source-address 192.168.1.2/32;
                if match any {
                        destination-port 9 ;
                        destination-port 7 ;
                }
} then {
        vlan VLAN30 ;
}
}

 

I saw the VOSS example: https://extreme-networks.my.site.com/ExtrArticleDetail?an=000111158 but can I also filter for a specific source address?

Thank you

Many greetings Alexander

 

1 ACCEPTED SOLUTION

Ah. Sorry, my mistake. Hadn't had any coffee 😂

Try this:

 

 

1. Define an ACL for WoL Filtering:

Create an ACL that permits WoL packets from a specific source IP address and denies others.

 

 

acl create "WoL_Filter"

2. Configure ACL Rules:

Configure rules within the ACL to explicitly permit WoL packets from the specific source IP address and deny the rest. Remember, WoL packets usually use UDP and target port 7 or 9.

Example:

 

 

# Permit WoL packets from a specific source IP
acl rule-create "WoL_Filter" seq 10 action permit protocol udp src-ip <Specific_Source_IP>/32 src-port 0-65535 dst-ip <Broadcast_Address> dst-port 7-9
# Deny other WoL packets (if necessary)
acl rule-create "WoL_Filter" seq 20 action deny protocol udp src-ip any src-port 0-65535 dst-ip <Broadcast_Address> dst-port 7-9

3. Apply the ACL to the Relevant VLAN or Interface:

Apply the ACL to the interface or VLAN where you want to filter the WoL packets.

 
interface vlan <VLAN_ID>
ip access-group "WoL_Filter" in

4. Validate the Configuration:

After applying the ACL, ensure that WoL functionality is working as expected. Verify that only WoL packets from the specified source are allowed and that all other WoL packets are blocked.

 

-----
-Brent Addis / Extreme Black Belt #491

New to Extreme? Check out the Welcome series here - https://training.extremenetworks.com/welcome-series-1
Want to join the official Extreme learners discord? Let me know!

View solution in original post

3 REPLIES 3

Brent_Addis
Contributor

Yeah. You can.

 

1. Define an ACL for WoL Filtering:

Create an ACL that permits WoL packets from a specific source IP address and denies others.

 

 

create access-list "WoL_Filter"

2. Configure ACL Rules:

Configure rules within the ACL to explicitly permit WoL packets from the specific source IP address and deny the rest. WoL packets usually use UDP and target port 7 or 9.

Example:

 

# Permit WoL packets from a specific source IP
entry 10 {
    action permit
    from ip 
    source-ip <Specific_Source_IP>/32
    destination-port 7 9
    protocol udp
}
# Implicit deny at the end (default behavior)

3. Apply the ACL to the Relevant Interface or VLAN:

Apply the ACL to the interface or VLAN where you want to filter the WoL packets.

For an interface:

 

 

configure interface <interface_name> ip access-group "WoL_Filter" in

For a VLAN:

 

configure vlan <vlan_name> ip access-group "WoL_Filter" in

4. Validate the Configuration:

After applying the ACL, ensure that WoL functionality is working as expected. Verify that only WoL packets from the specified source are allowed and that all other WoL packets are blocked.

5. Monitoring and Logging (Optional):

Consider enabling logging for the ACL to monitor the packets being permitted or denied. This can help in troubleshooting and ensuring that the ACL is working as intended.

 

 

configure log filter "WoL_Filter" add entry 10

 

 

 

 

-----
-Brent Addis / Extreme Black Belt #491

New to Extreme? Check out the Welcome series here - https://training.extremenetworks.com/welcome-series-1
Want to join the official Extreme learners discord? Let me know!

Hi Brent,

thank you very much for your answer. But your solution is also for XOS? However, I am looking to implement this solution in VOSS. For Voss I only found the example from Extreme, where you have to allow the entire VLAN and cannot limit it to a source address.

 

Ah. Sorry, my mistake. Hadn't had any coffee 😂

Try this:

 

 

1. Define an ACL for WoL Filtering:

Create an ACL that permits WoL packets from a specific source IP address and denies others.

 

 

acl create "WoL_Filter"

2. Configure ACL Rules:

Configure rules within the ACL to explicitly permit WoL packets from the specific source IP address and deny the rest. Remember, WoL packets usually use UDP and target port 7 or 9.

Example:

 

 

# Permit WoL packets from a specific source IP
acl rule-create "WoL_Filter" seq 10 action permit protocol udp src-ip <Specific_Source_IP>/32 src-port 0-65535 dst-ip <Broadcast_Address> dst-port 7-9
# Deny other WoL packets (if necessary)
acl rule-create "WoL_Filter" seq 20 action deny protocol udp src-ip any src-port 0-65535 dst-ip <Broadcast_Address> dst-port 7-9

3. Apply the ACL to the Relevant VLAN or Interface:

Apply the ACL to the interface or VLAN where you want to filter the WoL packets.

 
interface vlan <VLAN_ID>
ip access-group "WoL_Filter" in

4. Validate the Configuration:

After applying the ACL, ensure that WoL functionality is working as expected. Verify that only WoL packets from the specified source are allowed and that all other WoL packets are blocked.

 

-----
-Brent Addis / Extreme Black Belt #491

New to Extreme? Check out the Welcome series here - https://training.extremenetworks.com/welcome-series-1
Want to join the official Extreme learners discord? Let me know!
GTM-P2G8KFN