Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

dot1x + wake on lan

hi,

i found some datasheet about dot1x and WOL, but no ones gave me satisfaction this day.

I try to have the WOL with dot1x, but is it possible ?

i have switch  2960X (SW version :15.0(2)EX4) )

the initial port's configuration below (for dot1x of course) :

authentication port-control auto

authentication violation protect

dot1x pae authenticator

with the value "authentication port-control auto" the magic packet cannot access to the computer. When i remove the value, the compoter boot correctly but, i dont have any authentication, the port keeps the old authentication and i dont see my computer on the ACS when he reboots. (i see the computer for each reboots on ACS).

but, i can log on the network domain, i have an IP, but i dont know if the computer is legit or not

i want to see the computer's registration with "sh authenti session int xxxx"

without the value "port control auto" i just see :

MAC Address:  Unknown

IP Address:  Unknown

Status:  Authz Success

and with the value :

MAC Address:  b4b5.2fae.xxxx

IP Address:  10.45.66.54

User-Name:  ps01826

so, how do I do ? is it possible or not ?

thank for the reply

2 REPLIES
New Member
New Member

dot1x + wake on lan

i found the answer this morning :

"IEEE 802.1X Authentication with Wake on LAN

The IEEE 802.1X authentication with wake on LAN (WoL) feature allows dormant PCs to be powered when the switch receives a specific Ethernet frame, known as the “magic packet.” You can use this feature in environments where administrators need to connect to systems that have been powered off.

When a host that uses WoL is attached through an 802.1X port and the host powers off, the 802.1X port becomes unauthorized. The port can only receive and send EAPOL packets, and WoL magic packets cannot reach the host. When the PC is powered off, it is not authorized, and the switch port is not opened.

When the switch uses 802.1X authentication with WoL, the switch forwards traffic to unauthorized 802.1x ports, including magic packets. While the port is unauthorized, the switch continues to block ingress traffic other than EAPOL packets. The host can receive packets but cannot send packets to other devices in the network."

describes exactly the problem i have, and i cant fix it because if i remove the "authentication port-control auto" the computer does not authenticate anymore :/

290
Views
0
Helpful
2
Replies
CreatePlease to create content