2940 and Wake On Lan

Unanswered Question
Dec 3rd, 2007

Is there a way to get Wake On Lan to work on end devices connected to a 2940 without 802.1x and port security?

2940 runs a basic Layer 2 access switch configuration.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Hi, WOL magic packets need 802.1x feature to receive the magic packet required to wake the computer. Without 802.1x the port powers down and becomes unauthorized and will only except EAPOL packets. You want your ports in a Bidirectional state to receive magic packets from WOL. To answer your question I don't know of any way to get WOL without 802.1x. Have a look at the document from the link below for a better description of the 802.1x

http://www.cisco.com/en/US/docs/switches/lan/catalyst2940/software/release/12.1_22_ea5/configuration/guide/sw8021x.html#wp1144307

kris55s Tue, 12/04/2007 - 06:49

Thanks.

WOL is working on end devices that are attached to switches other than a 2940 (4506, 3550 etc.) The only configuration I did to allow those packets was the ip directed broadcast and an access list allowing from the specific host (WOL server) and the udp port needed etc on the Distribution switch. Those commands I found in a Cisco document- Catalyst Layer 3 Switch for Wake-On_Lan support across VLANS configuration example. The configuration in the tech document was very basic and did not mention 802.1x. Those switches do not have 802.1x configured either and wake-on-lan worked.

Also the image we are running on the 2940's is release 12.1-22.EA10

Hi, I do believe your other switches that the WOL is working for you on is because they are layer 3 compatible switches and by configuring your access list to allow WOL packets. Sounds like I could have been worng about the 802.1x but you can confrim the layer 3 switches are not using 802.1x with the show dotx interface command. if I remember correctly the 2940 has no layer 3 capibilities. Will be interested to know if you get this working without 802.1x.

HTH

kris55s Wed, 12/05/2007 - 05:30

I did a show dot1x on various interfaces on our 4507 distribution switch and it says "Dot1x not configured".

I also did just a show dot1x and got this:

Sysauthcontrol = Disabled

Supplicant Allowed In Guest Vlan = Disabled

Dot1x Protocol Version = 1

Dot1x Oper Controlled Directions = Both

Dot1x Admin Controlled Directions = Both

I checked one of the 4506 access switches that it working on for end devices and received the same info for dot1x as the 4507 distribution switch.

The only thing that I can think of at this point is, in the document that I listed above, it stated that the access switch to be configured as a vtp client. The 2940 can not run as a client on our network because it only can handle I think around 8 vlans, and we have 40 active vlans. It is configured in transparent mode and the vlan in question is manually added to the 2940 vlan database. The interface vlan information (ip helper etc) for the access ports still is propagated from the distribution switch and I have the "ip directed-broadcast 101" configured on that vlan on the dist switch for the access-list allowing the WOL packets from that the WOL server. The same vlan is also on access ports on the 4506 which is working.

So, basically, going by the document on Cisco, this is what I have configured-

4507distribution#access-list 101 permite udp host xxx.xx.xx.xxx any eq 40000

4507distribution#ip forward-protocol udp 40000

4507distribution#int vlan 102

4507distribution#ip address xxx.xx.xx.xxx

4507distribution#ip helper

4507distribution#ip directed-broadcast 101

4506 access is just normal vtp mode client, and the switchport mode access vlan 102 on access ports (2940 is configured the same except it runs in vtp transparent with 102 manually added to vlan database). Just to note, the 2940 is actually connected to the 4506 access switch.

Any suggestions based on this?

I appreciate being able to pick your brain on this.

kris55s Thu, 10/23/2008 - 10:02

We had not worked on this in awhile and it was just resurrected.

We were able to get this to work across our LAN without 802.1x by configuring an ip helper-address on the vlan that our WOL server resides. The ip helper-address is the broadcast address of the vlans that the end devices reside on.

Actions

This Discussion