Wake on Lan over different subnets

[gus]

Hi all,

I have a problem, I need to implement wake on lan across diferent subnets.
I have 8600 cluster ver 5.1.5 and 5520 on the edge.

Is this possible with Nortel?

I found a Cisco example, but we donīt have directed-broadcast with ACL


L3(config)#access-list 101 permit udp host 172.16.3.2 any eq 7

!--- This accepts directed broadcasts only from PC 4.

L3(config)#ip forward-protocol udp 7

!--- Specifies the protocol and port to be forwarded.
!--- Capture the WOL packet with any network sniffer to determine the UDP port
!--- to use in this command. The port number varies with the WOL utility used.

L3(config-if)#interface vlan 2
L3(config-if)#ip address 172.16.2.1 255.255.255.0
L3(config-if)#ip helper-address 172.16.3.2

!--- Enables BOOTP broadcast forwarding to the DHCP server.

L3(config-if)#ip directed-broadcast 101

!--- Enables the translation of a directed broadcast to physical broadcasts.

L3(config-if)#interface vlan 3
L3(config-if)#ip address 172.16.3.1 255.255.255.0
L3(config-if)#ip helper-address 172.16.2.255
L3(config-if)#ip helper-address 172.16.4.255

!-- Enables forwarding of WoL packets to clients.
!-- Works in conjunction with the ip forward-protocol command.
L3(config-if)#interface vlan 4
L3(config-if)#ip address 172.16.4.1 255.255.255.0
L3(config-if)#ip helper-address 172.16.3.2

!--- Enables BOOTP broadcast forwarding to the DHCP server.

L3(config-if)#ip directed-broadcast 101

!--- Enables the translation of a directed broadcast to physical broadcasts.




thanks

Gus

[Michael McNamara]

You need to enable directed broadcast (per VLAN) on the ERS 8600...

http://blog.michaelfmcnamara.com/2009/02/wake-on-lan-and-directed-broadcast/

Good Luck!

[gus]

Hi Michael, thanks for your reply.

Our network has over 100 vlans and 4000 users.
Is there risk to enable Direct-broadcast?
I do not know how it works. I guess this should make a broadcast to all vlans is this so?

And about UDP Forwarding I do not know how it works, either.

thanks again

[Michael McNamara]

There's definitely a risk that someone could abuse it, but that's the case with almost anything these days.

You don't need any UDP forwarding. The management server should start by sending a Unicast packet to the last known IP address of the client. If the ARP table entry has aged out the router should flood that packet to all hosts in the VLAN. If that fails the management server should send a UDP broadcast to the network where that client was last connected (example, IP address is 192.168.10.35/24 - broadcast would go to 192.168.10.255). It's that UDP directed broadcast that will be automatically dropped by the switch until enabled.

You can research SMURF attacks to learn all about the issues around allowing directed broadcast attacks.

Good Luck!

[Pollay]

I've also had success using matcodes mc-wol remote wake on lan program that allows you to route the wol packet to the broadcast address for the subnet your target pc is on.

[gus]

Thanks

Gus

[Artur Gmaj]

Hi,
I managed to wol my host via Internet. All You have to do is to make static arp entry pointing to machine You want to wake up. This should be made on the router connected to vlan including regarded host. Then You can send unicast wol packet.

Cheers,

Artur

[yogo]

Hi,

anyone knows where to enable directed broadcast on an ERS8300? Can't find the command, either on CLI nor the documentation. The 8600 command "config vlan xx ip directed-broadcast enable" doesn't exist.

thx 4 help

[Michael McNamara]

What version of software are you running?

[yogo]

The ERS8300 has software version 4.2.3.4 and is running with an advanced license.