Wake-on-LAN or WoL is a clever way of turning on a computer or group of computers by sending a Broadcast Magic Frame over the LAN. The magic frame is send by a WoL Server which runs an application that generates the Magic frame. The computer can be woken up from sleeping, standby, hibernation and shutdown modes as long as the power cable is connected and some power is reserved for the network card to be partly on. The magic packet contains 6 bytes of ones followed by sixteen repetitions of the target computers's 48-bit MAC address. It is typically sent as a UDP datagram on port 1,7 or 9. A Magic packet can originate from the same LAN or over a VPN or even from internet if properly routed.
For WoL to work the computer should support Wake-on-LAN, which is implemented on the motherboard and hence usually set via the BIOS. Some Operating Systems can also control Wake-on-LAN behaviour. Lately laptops powered by the latest Intel chipset allow waking up the machine over wireless also, called Wake-on-Wireless LAN (WoWLAN).
If the WoL Server and the computer to be waken up are on the same LAN, i.e., in the same broadcast domain, no configuration is needed as the WoL Server will broadcast the Magic packet to all the devices in the LAN. If your computers are on a different VLAN from the one on which the WoL Server is sitting, then you need to use the ip helper-address command on the VLAN interface or the Server interface on the switch. The ip helper-address command lets the router interface know that it will be receiving a UDP broadcast from a directly connected client and that it should repackage it as either a directed broadcast to a specific subnet or a unicast to a specific machine.
int fa 1/0/48
description --- Connected to WoL Server ---
ip helper-address 10.10.255.255
switchport mode access
switchport access vlan 20
The ip helper-address helps in fowarding of UDP broadcasts. By default very few number of application ports (like DHCP, TACACS, etc.) are fowarded. Therefore you will need to use the ip forward-protocol global command to specify exactly which types of broadcast packets you would like to have forwarded.
ip forward-protocol udp 7
An ip directed-broadcast command should be applied to the VLAN interface that is expected to receive the directed broadcast from the WoL Server (assuming IP address: 10.11.1.254 for the below example). You should be cautious when ip directed-broadcast is applied on any interface because an incoming unicast packet with a broadcast destination address can explode as broadcast once it reaches the interface. For security concerns ip directed-broadcast command is usually adviced to be used with an access-list so that only the WoL server can send a directed broadcast to the VLAN, using otherwise could make your Cisco devices a target for Smurf and Denial of Service attacks, or maybe even inhibit Smurf attacks on to other networks.
access-list 10 permit 10.11.1.254
int vlan 30
description --- Connected to PCs ---
ip address 10.10.1.1 255.255.0.0
ip directed-broadcast 10
Some WoL Servers are smart enough to send directed broadcasts, then you only have to configure ip directed-broadcast on the VLAN connected to the target PC. Some WoL Servers can unicast magic packets to a specific layer 3 IP address, enabling to execute Wake-on-LAN from an external network like the Internet.
Also note that Cisco VMPS and WoL cannot work together on Cisco devices because unused ports according to Cisco VMPS does not belong to any VLAN as the PC is inactive and hence no Magic packets can reach the PC port.
No comments:
Post a Comment