I will try and make this easy to understand but it will get a bit long, however I don't want to leave anything out.
I am troubleshooting a WOL issue for a customer.
They have a core, distribution layer, and access layer.
Links between core and distribution are layer 3, links between distribution and access layer are also layer 3.
6500's are the core, 3850's distribution and 3650's are access layer.
The WOL server is in VLAN 4, 10.40.5.202/22 on the 6500's.
The Client is in VLAN 110, 10.40.110.0/24 on the 3650's.
On VLAN 4 on the 6500's I have configured the broadcast address of VLAN 110 as an ip helper 10.40.110.255
On the 3650's I have configured ip forward protocol udp discard
On the 3650's I have configured access-list 100 permit udp host 10.40.5.202 any eq discard
On the 3650's I have configured VLAN 110 with ip directed broadcast 100
There is a host connected to the 3650's in VLAN 110 with the IP address 10.40.110.50
When WOL packets are sent from the WOL server wireshark shows the packet leave the server as source 10.40.5.202 and destination of 10.40.110.50.
With a mirror port on the 3650's and wireshark monitoring the port of the host in VLAN 110 I can see a WOL packet with the source of 10.40.5.202 and destination of 255.255.255.255. The ethernet src is from the switches VLAN interface the dst is FF:FF:FF:FF:FF:FF. The packet also contains Magic packet for the real mac address of the host.
I always see the ACL on the switch got up according to how many packets are sent from the WOL server, however with a WOL packet sniffer on the host it doesn't always see the packets.
From a network perspective it all looks to be fine, anyone have any suggestions?
I am not really sure what you are troubleshooting - is your WOL working and do you want to know why the sniffer on the host misses packets ?
Either way, make sure that on the 6500s, you have 'ip forward-protocol udp' configured for the port WOL is using...
The problem is that the PC's aren't waking up. It seems to be very hit and miss, more often miss.
The fact that we are seeing the packet on the switch to me says from a network perspective everything is correct. Would this be a safe assumption?
I think your setup is by the book. Can you tell if there is a difference between PCs that are working and PCs that are not working with regard to power supply, motherboard, OS, NIC, or BIOS, or is the behavior completely random ?
What is the configuration of the switchports ? 'Spanning-tree portfast' should be enabled on the access ports, make sure it is...
The switch ports are configured as Trunks, but I do have spanning-tree portfast trunk enabled.
I have also tested on other switch ports that are just access ports, no difference.
Thanks for the reply.
There are a few things that I noticed in the original post:
- there is no mention of ip forward protocol for discard on the core. You need to specify this on the device where the broadcasts are generated.
- it says that ip forward protocol for discard is configured on the access switch. You do not need it on those switches. It does no harm to have it, but it does no good. Where it is needed is where the broadcasts are generated and no need for it where the broadcasts are forwarded to.
- it says that the packet was sent with destination of 10.40.110.50. In that case it is not a broadcast and does not need ip helper address.
- but the original post does say that it sees some packets on the access switch which are forwarded broadcasts. So is the WoL server doing some unicasts and some broadcasts?
I am not sure why things would be hit and miss. Perhaps there are some inconsistencies in configuration and some subnets work while others do not? Perhaps there are some spanning tree issues that impact forwarding of some packets? Perhaps as Georg has suggested there are some differences in hosts that react differently?
Hi Rick, thanks for the post.
I just checked the 6500's and they do have the ip forward-protocol udp discard configured on them, I missed putting it in my initial post.
In regards to the packet flow this is what I have seen.
From the WOL server (SCCM 10.40.5.202) I am running wireshark and I see a WOL packet destined for the actual address of the client (10.40.110.50).
On the access switch I see the packet arrive as a broadcast the source of 10.40.5.202 and destination of 255.255.255.255. I am using wireshark on another laptop with a monitor session mirroring the port of the client (10.40.5.202).
Thanks for the additional information. It is good to know that the ip forward protocol is configured on the core and that you missed putting it into the original post.That is an important part of getting this to work.
It is interesting that from the server wireshark does see a packet with host specific destination address. That packet should be forwarded to the destination host without needing any of the functionality of ip helper address or ip directed broadcast. If you are seeing broadcast packets arrive at the access switch then there must be additional packets generated from the server.
What you have described here should work (consistently). If the results that you observe are hit and miss then we need to look further for what is going on.
just a thought: I think the default port for WOL in SCCM is port 9, is that actually the port you see in Wireshark as well ? Or is it a different port ?