Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4305
Views
0
Helpful
3
Replies

Wake up on Lan - Directed Broadcast and Subnetmask - dot1x

Go to solution
robertsinger
Level 1
Level 1

‎11-14-2012 09:07 AM - edited ‎03-07-2019 10:03 AM

Hello,

the topic is dealing with Wake up on LAN with directed Broadcasts for authenticated Access Ports via dot1x.

Please let me illustrate my question with the help of the following simplified Diagram.

Wake up LAN Server <-Layer 2 Link-> Router <-Layer 3 Link-> Router <Layer 2 Link> Access Switch <-Layer 2 Link-> Client

Scenario:

The Wake up on Lan Server needs to Wake up a Client over a routed Layer 3 Link. I use the CA Wake up on Lan Utility with the following Parameters

(Expample)

caf sendwol 0A:1B:2C:3D:4E:5F x.x.x.x 255.255.255.255

So, every Access Port ist authenticated, with the following Port Configuration:

switchport access vlan 14

switchport mode access

switchport voice vlan 3

authentication control-direction in

authentication host-mode multi-domain

authentication port-control auto

authentication periodic

mab

mls qos trust dscp

dot1x pae authenticator

dot1x timeout quiet-period 3

dot1x timeout tx-period 5

spanning-tree portfast

So Client is authenticated against a Cisco ACS Server , that assignes a VLAN to the L2 Switchport.

If a client is shut down, the switchport is reassigned to vlan 14. I need to wake up every client in the vlan 14. So i need a directed broadcast from the network, that is routable over the layer 3 link to the routing point in which the client resides. That is done with the directed broadcast.

My question is now, which subnetmask needs to be inserted to the vlan 14 ip interface. I my opinion a /32 mask is enough, because regardless of how many clients i need to wake up in this vlan, i only want to achieve, that the Magic Frame is broadcasted out to this network and every layer 2 access port, that is assigned to this network have to listen to it.

Like this:

Layer 3 Interface:

description *** Wake up on LAN***

ip address 10.0.98.1 255.255.255.255

ip directed-broadcast 101 // 101 Accesslist is permitting the WOL Server, nothing else.

I can also wake up several clients simultanousely, because regardless how many directed broadcasts with this subnetmask the clients wake up.

Because of the Magic Frame (16 x Mac Address of the host) over the Layer 2 broadcast.

Hope, my question is clear.

Best regards,

Robert

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to robertsinger

‎11-15-2012 02:51 PM

Robert

I suggest that you not try to think about the mask on the VLAN interface in terms of the directed broadcast. If correctly configured the directed broadcast will be forwarded to all stations within the subnet/vlan. I suggest that you should think about the mask on the VLAN interface in terms of how large the subnet is and how many devices will need to be in this subnet. For example a /28 mask will be fine if there are no more than 14 devices in the subnet (including the router).

If the server can send the WoL packet to the broadcast address of the subnet for VLAN 14 then the only thing that you need to do is to configure ip directed-broadcast (with its ACL) on the VLAN interface 14.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎11-14-2012 10:33 AM

Robert

There are parts of your post that I do not understand. But here are my answers based on what I think I do understand.

The subnet mask to use on the VLAN interface has nothing to do with the WoL broadcast and depends on how many IP addresses will be used in the subnet of that interface. If you assign a /32 mask to the interface then the interface will not forward IP packets to any device in that subnet.

I am not familiar with the CA Wake on LAN utility and do not know whether it can be configured to generate WoL packets for each remote subnet or whether it will send a local broadcast and you would need ip helpler-address configured for each remote subnet to forward the packet as a directed broadcast.

I am not clear how dot1x plays in this scenario. Your description indicates that clients that are authenticated are assigned to a VLAN other than 14. Would the WoL need to be forwarded to those VLANs or is it only to VLAN 14?

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
robertsinger
Level 1
Level 1
In response to Richard Burts

‎11-14-2012 02:08 PM

Hi Rick,

first of all thank you for your reply. Yes, clients are assigend to another vlan than vlan 14. The ACS puts the Accessport in a User Vlan, based on the configuration of the ACS.

That means, when a client boots up, it get assigned over dot1x a particular vlan, let's say Vlan 30.

Example

- Once a user logs in, the client starts sending EAP start messages. The EAP handshake starts and the client is put in the right VLAN.

- When the user logs off, the client sends an EAP logoff message and the supplicant is no longer connected to the VLAN the user was in.

After that, the switchport remains in the vlan, that the port is manually configured to:

switchport access vlan 14

So all Clients with Wol capable Network Cards remains in Vlan 14.

Now i know all clients that are "shut down" resides within that Vlan 14. Since the Wol Server is in another network segment, i have to send the WOL Magic Frame over L3 in that particular Vlan 14. The Question was about the network mask for that routed ip interface vlan 14.

During off work, on the highway back to home:-) i re-thinked about my question and after i read your answer i came to that conclusion, that a single /32 only reflects that ip interface and the wol frame never will broadcasted out of that interface...

So i think, a mask greater than /32 will do the job. Is that right ?

For Example a /28 Mask, since i have to ensure after the routet Wol Frame with

[IP Src Wol Server and IP Dst = Network Segment Vlan 14 Broadcast Address]

are broadcasted into that L3 Network Segment

Best Regards,

robert

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to robertsinger

‎11-15-2012 02:51 PM

Robert

I suggest that you not try to think about the mask on the VLAN interface in terms of the directed broadcast. If correctly configured the directed broadcast will be forwarded to all stations within the subnet/vlan. I suggest that you should think about the mask on the VLAN interface in terms of how large the subnet is and how many devices will need to be in this subnet. For example a /28 mask will be fine if there are no more than 14 devices in the subnet (including the router).

If the server can send the WoL packet to the broadcast address of the subnet for VLAN 14 then the only thing that you need to do is to configure ip directed-broadcast (with its ACL) on the VLAN interface 14.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card