0

I am trying to configure a Cisco Switch 2960-X with IOS V15.2 for WOL ( Wake on Lan)

I tried this tutorials but the command isnt working:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/san/command/ibns-xe-3se-5700-cr-book/san-xe-3se-5700-cr-book_chapter_00.html#wp3800310030

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/3850/sec-user-8021x-xe-3se-3850-book/sec-ieee-wake-lan-supp.pdf

enter image description here

My running configuration is:

version 15.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname 30200101-ass-L2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$fQ/w$3QTSpsOI0L49jsKF0t/Fq1
!
username admin secret 5 $1$ayRw$5.zcp5u8dW1hRqnc1Lhdy0
aaa new-model
!
!
aaa group server tacacs+ FIEGE-ACS
 server 10.64.193.14
 server 10.64.193.13
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
!
!
!
!
!
aaa session-id common
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
switch 1 provision ws-c2960x-24ps-l
!
!
!
!
!
!
no ip domain-lookup
ip domain-name ad-fiege.net
vtp mode transparent
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
vlan 10
 name Client
!
vlan 11
 name Client
!
vlan 12
 name Printer
!
vlan 14
 name Gebaeudenetz
!
vlan 90
 name WLAN_Fiege
!
vlan 91
 name WLAN_Guest
!
vlan 92
 name WLAN_Prod
!
vlan 99
 name WaaS
!
vlan 115
 name XLOG
!
vlan 150
 name Cisco-Voice
!
vlan 211
 name Server
!
vlan 215
 name Server_Mgmt
!
vlan 216
 name vSphere
!
vlan 510
 name XLOG_Office
!
vlan 550
 name NextTrust
!
vlan 551
 name Foster
!
vlan 590
 name XLOG_WLAN
!
vlan 592
 name XLOG_Prod
!
vlan 905
 name Heartbeat_Firewall
!
vlan 998
 name IT_App_Center
!
vlan 999
!
vlan 1000
 name Mgmt
!
vlan 1001
 name MDM
!
lldp run
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 no ip address
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan1000
 ip address 172.24.22.101 255.255.255.0
 no ip route-cache
!
ip default-gateway 172.24.22.1
!
no ip http server
ip http authentication aaa
ip http secure-server
ip ssh version 2
ip tacacs source-interface Vlan1000
!
!
snmp-server community f!3g3r3ad RO
snmp-server location DE;Hamburg;Amandus-Stubbe-Str. 10;2.OG;IT Operations;Server-Team
tacacs-server host 10.64.193.13 single-connection
tacacs-server host 10.64.193.14 single-connection
tacacs-server timeout 2
tacacs-server directed-request
tacacs-server key 7 11182D1F3D3F1C2A351A13691D3D3B
!
!
!
line con 0
line vty 5 15
!
ntp server 172.24.22.1
!
end

In the end hosts should be plugged in in one of the lan ports and can be woken up by another pc in another network

Somebody can help me?

Improve this question
2
  • What are you trying to do? Route a WoL packet from another subnet to the subnet with the host to be woken? If you're really using 802.1X for access security, please add the full (sanitized) running config to your question, using the editor's {} function. Otherwise, the linked description don't really apply and you're trying it way too complicated.
    – Zac67
    Commented Sep 7, 2022 at 13:06
  • did so hope you can help me
    – naseweis
    Commented Sep 7, 2022 at 13:22

2 Answers 2

Reset to default
2

If not configured for 802.1X, a switch does not need any special configuration to support WoL.

That is, unless it's being used as a L3 switch and is acting as default gateway into/for the given VLAN/Subnet; in that case, the L3 switch is the last routing hop the WoL Magic Packet has to cross, and it needs a few lines of config (see below).

The whole 'access session...' commands only come into play once you start a 802.1X configuration in IBNS config style. The config extract you showed has no config bits of 802.1X - so I would assume that there are none.

About WoL:

It's the last hop router, directly attached to the edge subnet (where the to-be-woken-up clients are) which needs special configuration.

In Cisco pseudo config, this looks somewhat like like this

#
# some basic security so not everyone can abuse
# the directed broadcast feature
# 

access-list 98 remark *** WoL Magic Packet senders ***
access-list 98 permit 192.168.100.10

#
# the egress interface into the edge Subnet/VLAN
# where the sleeping end systems are
#
# no config needed on the interface towards the WoL senders
#

interface XYZ 
 ip address 172.nn.nn.mm 255.255.255.0
 ip directed-broadcast 98

The above assumes that the WoL Magic Packet sender sends to the given subnet's broadcast address (in the example here: 172.nn.nn.255). Usually, the WoL sending host has a list of IP subnets (incl. subnet masks and/or given broadcast addresses) where it knows its clients to be.

No routing hop along the path will know that 172.nn.nn.255 happens to be a broadcast address somewhere else in the network, so they will treat and forward this packet as a simple unicast packet (any traffic policies, access lists or firewall policies permitting, of course).

Only the last hop router can determine if/that the packet's DstAddress is the broadcast address of one of its directly connected subnets. By virtue of 'ip directed broadcast', it will send out the packet with a L2 broadcast MAC address (ff:ff:ff:ff:ff:ff) into the local subnet.

Improve this answer
0

Your switch (software version) is too old. You need IOS-XE

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.