Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1759
Views
0
Helpful
2
Replies

dot1x + wake on lan

SOGECAP
Level 1
Level 1

‎02-24-2014 06:54 AM - edited ‎03-10-2019 09:26 PM

hi,

i found some datasheet about dot1x and WOL, but no ones gave me satisfaction this day.

I try to have the WOL with dot1x, but is it possible ?

i have switch  2960X (SW version :15.0(2)EX4) )

the initial port's configuration below (for dot1x of course) :

authentication port-control auto

authentication violation protect

dot1x pae authenticator

with the value "authentication port-control auto" the magic packet cannot access to the computer. When i remove the value, the compoter boot correctly but, i dont have any authentication, the port keeps the old authentication and i dont see my computer on the ACS when he reboots. (i see the computer for each reboots on ACS).

but, i can log on the network domain, i have an IP, but i dont know if the computer is legit or not

i want to see the computer's registration with "sh authenti session int xxxx"

without the value "port control auto" i just see :

MAC Address:  Unknown

IP Address:  Unknown

Status:  Authz Success

and with the value :

MAC Address:  b4b5.2fae.xxxx

IP Address:  10.45.66.54

User-Name:  ps01826

so, how do I do ? is it possible or not ?

thank for the reply

Labels:
0 Helpful
2 Replies 2

SOGECAP
Level 1
Level 1
In response to hdussa

‎02-25-2014 04:57 AM

i found the answer this morning :

"IEEE 802.1X Authentication with Wake on LAN

The IEEE 802.1X authentication with wake on LAN (WoL) feature allows dormant PCs to be powered when the switch receives a specific Ethernet frame, known as the “magic packet.” You can use this feature in environments where administrators need to connect to systems that have been powered off.

When a host that uses WoL is attached through an 802.1X port and the host powers off, the 802.1X port becomes unauthorized. The port can only receive and send EAPOL packets, and WoL magic packets cannot reach the host. When the PC is powered off, it is not authorized, and the switch port is not opened.

When the switch uses 802.1X authentication with WoL, the switch forwards traffic to unauthorized 802.1x ports, including magic packets. While the port is unauthorized, the switch continues to block ingress traffic other than EAPOL packets. The host can receive packets but cannot send packets to other devices in the network."

describes exactly the problem i have, and i cant fix it because if i remove the "authentication port-control auto" the computer does not authenticate anymore :/

0 Helpful
Customers Also Viewed These Support Documents