cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2831
Views
0
Helpful
7
Replies

WOL over WAN

whanson
Level 2
Level 2

  I am trying to get WOL working over a WAN connection. I have it working within the subnets on the LAN so I know it works. Cisco TAC is telling me I need proxies to make it work across a WAN but I'm not sure why. If I have a helper address for the subnet address that is on the other side of the WAN and I am forwarding the directed broadcasts, Does the helper address make the broadcast and directed packet with a source of the WOL server and a destination of the subnet broadcast address which should be routable.

thx                

1 Accepted Solution

Accepted Solutions

I see what the problem is. At site B if the mask is 255.255.252.0 then the broadcast address would be 10.230.3.255 and not 10.230.1.255. Change the helper address and it should work.

You do not need these statements at site B

ip helper-address 10.230.0.109

ip forward-protocol udp discard

They are not hurting anything but they are not really doing any good either. So I suggest removing them.

HTH

Rick

HTH

Rick

View solution in original post

7 Replies 7

Richard Burts
Hall of Fame
Hall of Fame

What port is your WOL server using? Is it one of the ports forwarded by helper address using default behavior? Perhaps you need to configure ip forward-protocol?

Perhaps we could give better answers if you would post what you have configured?

HTH

Rick

HTH

Rick

rfalconer.sffcu
Level 3
Level 3

On the L3 interface of the WoL server, you'll need to permit ip directed broadcast. Since ip directed broadcasts can be used in attacks, it's disabled by default.

When you enable ip directed broadcast, make sure to secure it with an ACL that permits only the WoL server to broadcast on the specific port that the server is using, often udp/9.

access-list 100 permit udp eq 9

Actually the ip directed-broadcast command does not go on the L3 interface of the server but goes on the L3 interface where the clients are and to which the directed broadcast will be delived. It is the delivery of the directed broadcast to the destination subnet that is disabled by default and not the forwarding of the directed broadcast through a network.

I agree that protecting the network by using an access list with directed broadcast is a good practice.

HTH

Rick

HTH

Rick

whanson
Level 2
Level 2

Here is the relevant info

2 sites

site A has the WOL server

vlan 10 has PC that need to be woken up

interface Vlan10
ip address 10.110.0.20 255.255.254.0
  ip directed-broadcast 100

Vlan 5 has the wol server 10.100.0.82
interface Vlan5
ip address 10.100.0.20 255.255.252.0
ip helper-address 10.110.1.255
  ip helper-address 10.230.1.255

this is the port that is being used by the WOL server
ip forward-protocol udp discard


access-list 100 permit udp host 10.100.0.82 any eq discard

This is the point to point vlan to  site b

interface Vlan300
bandwidth 50000
ip address 10.253.253.1 255.255.255.252

WOL works between vlan 5 and vlan 10  but not to site b. I have added  ip directed to all interfaces but that makes no sense since I only want it routed to site b. Cisco says this can only be done wiht WOL proxies but I keep thinking if  the source is the server and the destination is converted to the broadcast address not sure why it is not routable to site b

site b

WOL PCs


interface Vlan10
ip address 10.230.0.5 255.255.252.0
ip helper-address 10.230.0.109
  ip directed-broadcast 100

point to point interface to site a

interface Vlan300
bandwidth 50000
ip address 10.253.253.2 255.255.255.252
  delay 1000

access-list 100 permit udp host 10.100.0.82 any eq discard

ip forward-protocol udp discard

I see what the problem is. At site B if the mask is 255.255.252.0 then the broadcast address would be 10.230.3.255 and not 10.230.1.255. Change the helper address and it should work.

You do not need these statements at site B

ip helper-address 10.230.0.109

ip forward-protocol udp discard

They are not hurting anything but they are not really doing any good either. So I suggest removing them.

HTH

Rick

HTH

Rick

What a Nitwit I am. I have been staring at this for a week and arguing with the TAC. Thank you very much. Of course that fixed it

I am glad that I was able to identify the problem. Sometimes a fresh pair of eyes looking at the problem is a very good thing, especially when the problem is a small detail like that. Thank you for using the rating system to mark this question as answered.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco