Re: Wake on LAN Broadcasts

Communications · ‎09-20-2005

Hi,

I would like to enable WOL broadcasts at remote sites. The application is broadcasting 255.255.255.255 on UDP port 5000. I tried using IP Directed- Broadcast and tried appliying an access-list however the 4500 seems to allow the broadcast to propogate (ver 12.1) even if I apply no IP directed-broadcast on the destination ethernet port.

Which is the best way of allowing this broadcast to be enabled throughtout the network with restrictions on 4500 range and routers.

Kevin Dorrell · ‎09-20-2005

There are two parts to this problem - one is to get the local (V)LAN (the one with the application on it) to forward the broadcasts to the remote (V)LAN (the one with the clients on it) - and the second is to persuade the remote (V)LAN to broadcasts these forwarded packets.

The first is done with a command on the application LAN: ip helper-address a.b.c.d, where a.b.c.d is the subnet broadcast address of the client LAN. This will forward the broadcast to the remote LAN where tha clients are.

The second is done on the client LAN: ip directed-broadcast. This allows the router to convert the forwarded broadcast into a layer-2 broadcast. You can do it without an access list initially, and it should work. But it is dangerous, because anyone could send a directed broadcast to your client LAN and do things you don't want them to do. So once it is working, it is as well to tighten up the directed-broadcast with an access list so that only the DoS application can do it.

I forget the details of the WoL packet, but it think the "magic" part of it is that it contains the MAC address of the target machine 16 times in a row. I think in my case that it was an ICMP, but I'm not 100% sure of that from memory. But if your application is using UDP/5000 you might have to do a forward-protocol command on the application LAN side to include it in the list of protocols forwarded to the ip helper-address.

Does this help?

Kevin Dorrell

Luxembourg

Communications · ‎09-21-2005

Kevin

Thanks for responding I am not clear why/how this is working, We do use ip helper address (mainly for DHCP) however I was under the impression that if you wanted to forward anything other than the stamdard helper address list you had to specifcally forward the protocol as you suggested.

Currently there is an IP helper address of a specific server with no extra protocols being specified on the source eth Port.

The 4500 is running version 12.1 code the destination eth port has the no ip directed-broadcast statement applied yet the WOL broadcast packet wakes up a PC on a different VLAN/IP subnet?

Communications · ‎03-02-2006

Thanks Kevin,

Sorry it's bee a while but I have finally had a chance to revisit this issue.

I have applied your suggestins and had to use forward-protocol statement and all works ok for a single subnet I also applied an access list to restrict the host, however I would like to be able send wake up packets to multiple subnets, I tried using ip-helper address 140.1.255.255 (all subnets /24) but the packet does not get forwarded.

Any suggestions to make this part work?

Thanks Mike

G Money · ‎03-02-2006

Below is how I have it configured on my network with the WoL packet going to many different subnets at different locations from a central server and it works fine.

Define an ACL with a WoL server source IP address and WoL port number:

access-list 101 permit udp host 1.1.1.1 any eq 5000

Apply the ip directed-broadcast command to ALL transit, VLAN and Ethernet interfaces that have WoL host on it:

ip directed-broadcast 101

Communications · ‎03-03-2006

Hi George,

Thanks for responding

we have ip helper addresses for DHCP etc but if I don't apply a helper address e.g 140.1.x.255 for the broadcast address of a segment the broadcast does not get forwarded. Our environment is similar to yours in that we need to use WOL from paricular hosts to multiple subnets.

Thanks