I'm trying to implement a WOL solution on a pair of Nexus 7ks. I have read through documentation and multiple posts and am still having trouble with it. The basic design is that I have a WOL server on vlan 10 with an address of 10.10.10.57 trying to wake up a computer on vlan 30 with an ip of 10.10.30.65.
On the Nexus I have an access list that is defined as such,
ip access-list WOL
permit udp host 10.10.10.57 any eq 9
Then on the vlan 30 interface I have an ip directed broadcast with the access list applied to it.
int vlan 30
ip directed broadcast WOL
I understand that on a catalyst switch there would be a ip helper-address on the vlan interface of the WOL server, but there is no ip helper address on the WOL server. I am using the Solarwinds WOL freeware tool and the AquilaWOL tool that is available on Sourceforge. Any help would be appreciated. Thank you!
... View more
I can ping both the vlan and the endpoint from the ISE. As far as allowing ISE to speak snmp and RADIUS to the NAD, I have enabled it on the NAD config inside the ISE. I have also double checked the snmp and radius shared passwords. I have gotten MAB authentication to work but I am still getting the same error for dot1x authentication. Here are some of the configs on the switch. aaa new-model aaa authentication dot1x default group radius aaa authentication dot1x defualt group radius aaa authentication dot1x group group radius aaa authorization network default group radius aaa accounting dot1x default start-stop group radius aaa server radius dynamic-author aaa session-id common ip radius source-interface TenGigabitEthernet1/0/1 radius-server attribute 6 on-for-login-auth radius-server attribute 6 support-multiple radius-server attribute 8 include-in-access-req radius-server attribute 25 access-request include radius-server dead-criteria time 5 tries 3 radius-server host 10.10.10.47 auth-port 1812 acct-port 1813 test username test key 7 097940581F5412162B464D radius-server vsa send accounting radius-server vsa send authentication dot1x system-auth-control authentication order dot1x mab authentication priority dot1x mab dot1x pae authenticator dot1x timeout tx-period 10
... View more
When authenticating using 802.1x and MAB, I recieve an authentication failure with the error 11007(Could not locate Network Device or AAA Client). The root cause that ISE spits back at me is "Could not find the network device or the AAA Client while accessing NAS by IP during authentication." I did pretty much everything by the book except instead of using a loopback interface I used a vlan with a defined ip address. Could this be causing the problem? Here is the config of the port that I'm testing on: interface GigabitEthernet1/0/9 switchport access vlan 9 switchport mode access switchport voice vlan 8 ip access-group ACL-ALLOW in srr-queue bandwidth share 1 30 35 5 queue-set 2 priority-queue out authentication event fail action next-method authentication event server dead action reinitialize vlan 4 authentication event server dead action authorize voice authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication violation restrict mab mls qos trust device cisco-phone mls qos trust cos dot1x pae authenticator dot1x timeout tx-period 10 auto qos voip cisco-phone spanning-tree portfast service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY end
... View more