Reset Search
 

 

Article

How to configure Wake on Lan (WOL) to work with Netlogin & Policy

« Go Back

Information

 
TitleHow to configure Wake on Lan (WOL) to work with Netlogin & Policy
Objective
How to send Wake On Lan (WoL) packets to a WoL capable device (i.e. Server or client workstation) which is turned off ,unauthenticated and placed in netlogin vlan
Environment
  • Summit
  • Black Diamond
  • EXOS ALL
Procedure
Method 1: Using a UDP Profile

UDP Profiles are supported on all license levels except L2 Edge
  •  Create a "dummy" VLAN, and place the ports that will receive the WoL packet into this VLAN as tagged members
create vlan <dummy> tag <tag>
configure vlan <dummy> ipaddress <ip/mask>
configure vlan <dummy> add ports <ports> tagged
  • Identify, the source VLAN of the WoL packet and create a policy file that takes that WoL packet from the source VLAN and places it into the "Dummy" VLAN
vi wake-on-lan.pol
entry wol {
 if match all {
  protocol udp ;
  destination-port <wol-port> ;
 }
 then {
  vlan <dummy> ;
 }
}
  • Apply this newly created Policy as a UDP profile on the source VLAN of the WoL packet
configure vlan <source-vlan> udp-profile <name>

Method 2: Using VLAN Translation
  • On devices with the L2 Edge license (i.e. Summit X150 and X430), VLAN translation can be configured to pass a WoL packet from a source VLAN and into a Member VLAN
  • The "Member VLAN" should be the unauthenticated Netlogin VLAN, and Broadcast traffic MUST be allowed to egress on the Netlogin VLAN
  • In the example configurations below <source-vlan> is where the WoL packet is coming from and <netlogin-vlan> is the configured Netlogin VLAN
configure vlan <source-vlan> vlan-translation add member-vlan <netlogin-vlan>
configure netlogin ports <port-range> allow egress-traffic broadcast
configure netlogin ports <port-range> mode mac-based-vlans
  • In the event of a reboot, the Netlogin VLAN cannot come up with any ports assigned to it otherwise it logs the following error:
  • ERROR: No ports should be assigned to the NetLogin VLAN.
  • The autoexec.xsf script should therefore be used to disable VLAN translation and reconfigure Netlogin
vi autoexec.xsf
  • Once in the autoexec.xsf the following commands can be added:
configure <source-vlan>  vlan-translation delete member-vlan <netlogin-vlan>
configure netlogin vlan <netlogin-vlan>
disable netlogin dot1x mac web-based
disable netlogin port <port-range> dot1x mac web-based

configure vlan <source-vlan> vlan-translation add member-vlan <netlogin-vlan>
enable netlogin dot1x mac web-based
enable netlogin port <port-range> dot1x mac web-based
configure netlogin ports <port-range> allow egress-traffic broadcast
configure netlogin ports <port-range> mode mac-based-vlans
  • It is important to use a mac-based VLAN for Netlogin, as port-based does not seem to work when the client is moved from the translation VLAN

Method 3: On devices with OnePolicy enabled
  • When OnePolicy is enabled, all unauthenticated ports belong to a VLAN that can be assigned an IP, a UDP profile similar to the one used in Method 1 above can be used 
  • WoL packets can therefore be switched into this VLAN without the need for any additional configuration
configure vlan <netlogin-vlan> ipaddress <ip/mask>
configure vlan <source-vlan> udp-profile <name>
  • Alternatively, VLAN translation can also be used without the need to allow egress broadcasts as that is enabled when policy is enabled
configure vlan <source-vlan> vlan-translation add member-vlan <netlogin-vlan>


 
Additional notes
For the translation vlan option it can be needed to disable netlogin on the ports and for mac/dot1x/web, then add the member vlan and enable netlogin again.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255