02-24-2014 06:54 AM - edited 03-10-2019 09:26 PM
hi,
i found some datasheet about dot1x and WOL, but no ones gave me satisfaction this day.
I try to have the WOL with dot1x, but is it possible ?
i have switch 2960X (SW version :15.0(2)EX4) )
the initial port's configuration below (for dot1x of course) :
authentication port-control auto
authentication violation protect
dot1x pae authenticator
with the value "authentication port-control auto" the magic packet cannot access to the computer. When i remove the value, the compoter boot correctly but, i dont have any authentication, the port keeps the old authentication and i dont see my computer on the ACS when he reboots. (i see the computer for each reboots on ACS).
but, i can log on the network domain, i have an IP, but i dont know if the computer is legit or not
i want to see the computer's registration with "sh authenti session int xxxx"
without the value "port control auto" i just see :
MAC Address: Unknown
IP Address: Unknown
Status: Authz Success
and with the value :
MAC Address: b4b5.2fae.xxxx
IP Address: 10.45.66.54
User-Name: ps01826
so, how do I do ? is it possible or not ?
thank for the reply
02-25-2014 04:19 AM
This ducument describes it very good.
02-25-2014 04:57 AM
i found the answer this morning :
"IEEE 802.1X Authentication with Wake on LAN
The IEEE 802.1X authentication with wake on LAN (WoL) feature allows dormant PCs to be powered when the switch receives a specific Ethernet frame, known as the “magic packet.” You can use this feature in environments where administrators need to connect to systems that have been powered off.
When a host that uses WoL is attached through an 802.1X port and the host powers off, the 802.1X port becomes unauthorized. The port can only receive and send EAPOL packets, and WoL magic packets cannot reach the host. When the PC is powered off, it is not authorized, and the switch port is not opened.
When the switch uses 802.1X authentication with WoL, the switch forwards traffic to unauthorized 802.1x ports, including magic packets. While the port is unauthorized, the switch continues to block ingress traffic other than EAPOL packets. The host can receive packets but cannot send packets to other devices in the network."
describes exactly the problem i have, and i cant fix it because if i remove the "authentication port-control auto" the computer does not authenticate anymore :/
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide