pfreestun
Posts: 32
Score: 1
Joined: 5/9/2006
Status: offline
|
Info lifted from CISCO:-
Ports must be set to unidirectional for WOL to work with 802.1x. (dot1x control-direction command)
Q.Does 802.1x work when Wake on LAN (WoL) is used to turn on computers remotely or to install applications and patches?
A.Cisco IBNS supports WoL functionality through the 802.1x with Wake On LAN feature, which lets you perform automated tasks, such as overnight software upgrades or system backups.
The 802.1x specification supports WoL with the definition of unidirectional controlled ports, which can be configured to only allow outbound frames to be transmitted in the pre-authenticated state. You can send a WoL magic packet to a host connected to a unidirectional controlled port in the sleep standby (S2) state to wake it to a normal operational state.
If the supplicant on the workstation is configured to automatically authenticate when prompted, it can then authenticate to the switch port. If the authentication is successful, the switch applies any policies received from the RADIUS server and puts the port into a normal forwarding state.
Q.Will 802.1x work if I use Preboot Execution Environment (PXE) to boot images?
A.For PXE, 802.1x needs to happen when the initial PXE DHCPDISCOVER packets are processed. Intel has already addressed this through the use of their Extensible Firmware Interface (EFI); specifically with EFI network boot clients.
Cisco provides WoL support on the authenticator with the 802.1x with Wake on LAN feature.
Using IEEE 802.1x with Wake-on-LAN
The IEEE 802.1x wake-on-LAN (WoL) feature allows dormant PCs to be powered when the switch receives a specific Ethernet frame, known as the magic packet. You can use this feature in environments where administrators need to connect to systems that have been powered down.
When hosts that use WoL are attached through IEEE 802.1x ports and the host powers down, the IEEE 802.1x port becomes unauthorized. In this state, the port can only receive and send EAPOL packets, and WoL magic packets cannot reach the host. When the PC is powered down, it is not authenticated, and the switch port is not opened.
When the switch uses IEEE 802.1x with WoL, the switch sends packets to unauthorized IEEE 802.1x ports. This feature is also known as the unidirectional controlled port in the IEEE 802.1x specification.
Unidirectional State
When you configure a port as unidirectional by using the dot1x control-direction in interface configuration command, the port changes to the spanning-tree forwarding state.
When WoL is enabled, the connected host is in the sleeping mode or power-down state. The host does not exchange traffic with other devices in the network. If the host connected to the unidirectional port that cannot send traffic to the network, the host can only receive traffic from other devices in the network. If the unidirectional port receives incoming traffic, the port returns to the default bidirectional state, and the port changes to the spanning-tree blocking state. When the port changes to the initialize state, no traffic other than EAPOL packet is allowed. When the port returns to the bidirectional state, the switch starts a 5-minute timer. If the port is not authenticated before the timer expires, the port becomes a unidirectional port.
Sorry I cannot offer much more assistance but at the end of the day the idea of the segregated VLAN is to isolate the machines from the normal network so we are behind the 8 ball.
|
Printable Version
802.1x and SCCM WakeonLan or SMSWakeup?? - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread