- #REMOTE WAKE UP ON VLANS UPDATE#
- #REMOTE WAKE UP ON VLANS FULL#
- #REMOTE WAKE UP ON VLANS PC#
- #REMOTE WAKE UP ON VLANS MAC#
#REMOTE WAKE UP ON VLANS MAC#
This same event will clear whatever MAC was on the port from the switch.
#REMOTE WAKE UP ON VLANS PC#
Yes, when the PC goes to sleep, the port will deauth when the NIC changes to 10/half, for power saving.
#REMOTE WAKE UP ON VLANS UPDATE#
The engineer I worked with said he would request documentation update to mention it.Īaa port-access 1/1 controlled-direction in Note: The need for admin-edge in conjunction with “ controlled-direction in”, if STP is enabled, is not in the command reference documentation. If a loop is created, one of the ports will begin blocking, protecting the network.
#REMOTE WAKE UP ON VLANS FULL#
If you are concerned about STP protection, when STP is detected on a admin-edge port, it will fail back to full STP mode, while connected. It allows the port for begin forwarding a few seconds more quickly. In reality STP admin-edge is a good thing. When everything is set correctly, on an unauthenticated port you should see in the log this succession of events:Ġ0435 ports: port 16 is Blocked by STP <- STP kicks in after AAA, therefore trumping it.Ġ0076 ports: port 16 is now on-line <- Admin Edge allowing the port to forward (config)# spanning-tree 1/1 admin-edge-port What I discovered, and shared with support, is for a port to be allowed to forward, when blocked by AAA, the port must be set to STP admin-edge.
Here is the part that is not in the ArubaOS-Switch Guide, if you are running spanning-tree, it takes precidence and will block traffic despite the “ controlled-direction in” command. When the WoL packet is sent from the WoL server to 10.0.1.255, the core SVI 50 will route the packet out to SVI 1, thanks to the ip directed-broadcast command. When the device goes to sleep, the port is de-authorized, the Ethernet port is change to the default untagged VLAN 1, serviced by the core routing device with a SVI of 10.0.1.1. SVI- Service Virtual Interface (Fancy talk for a Layer-3 VLAN)
When a device is authorized, it is put in VLAN 100 services by the core routing device with a SVI of 10.0.100.1. The interface untagged must a VLAN serviced by a routing instance. This feature is notorious for being exploited for LAN DOS attacks, therefore I highly recommend setting the optional access list, to only allow WoL from a trusted source. Note: ip directed-broadcast globally activates broadcast forwarding/routing between all VLANs. For Layer-3 Distribution and Access switches, it will do nothing. IP directed-broadcast is only required on the switch performing Layer-3 routing. This allows traffic from the switch to egress the port, so the sleeping computer NIC may process packets. aaa port-access 1/1 controlled-direction in
On the switch, you will need to configure the port for controlled-direction in (Window) Enable Allow this device to wake the computer under the Ethernet Connection Properties, Power Management tab.Īruba AOS aka HPE Proview/Provision switching running version 16.x or newer (I can't confirm WoL on older versions) Some Requirements (just stating the obvious) I will attempt to summarized all that has been said, and needs and some added things done to get WoL working. When I first began working on WoL, I read this post thread, much like many will read as time goes on, and yet I still could not get WoL to work, but eventually I did.
0 kommentar(er)
