In order to configure an IP access list to control directed broadcasts, complete one of these steps:
I have my WoL server set to 172.16.2.2 in network 172.16.2.0/24 (vlan 2).
I have my client station set to 172.16.3.2 in network 172.16.2.0/24 (vlan 3)
My WoL server uses port 144 (verified with wireshark). Entered the following commands to set up WoL:
interface Vlan2 ip address 172.16.2.1 255.255.255.0 ip helper-address 172.16.3.255!interface Vlan3 ip address 172.16.3.1 255.255.255.0 ip directed-broadcast 101
ip forward-protocol udp 144
access-list 101 permit udp host 172.16.2.2 any eq 144
My full access-list looks like this:
Extended IP access list 101 10 permit udp host 172.16.2.2 any eq 144 20 deny ip any any
When I wake the computer with the server. It works as expected. However, when I change my WoL server to 172.16.2.5 in order to simulate an unauthorized server doing the same thing, it also works and wakes the client.
Why is my extended access-list not stopping sources that are not 172.16.2.2?
Any help would be greatly appreciated! Thanks and Cheers!