8 Replies Latest reply: Aug 19, 2010 9:05 AM by jimmueller RSS

    Wake on LAN across Subnet without open routing of Magic packet

    mcmullina Rookie

      Does anyone have any great advice on how this might be done?

       

      I would like to see an enhancement request to allow a right click option to generate WOL packet from the core or a subnet rep.  Our network admins don't want to open up this traffic accross the entire network but would agree to allow these options.  Currently the WOL packet eminates from the workstation that has the remote console installed.

       

      Is there a best practice doc that gives tips on scripting a WOL, followed by a security scan with remidiation then a shut down on completion?

       

      Thanks for any tips!

        • 1. Re: Wake on LAN across Subnet without open routing of Magic packet
          EMiranda Expert

          we used marxtar wake on wan for what you are asking for and it worked great.  However, if you are on 9.0 there hasn't been an upgrade so we are back to the same situation you are in.

           

          http://www.marxtar.com/products/WakeOnWAN/LANDesk-Wake-On-WAN.htm

          • 2. Re: Wake on LAN across Subnet without open routing of Magic packet
            Employee

            If you just want to wake it up, something I've done in the past when I was an SE is to send a dummy text file as a Targeted Multicast job that has the option for allowing the subnet rep to wake up turned on.

            • 3. Re: Wake on LAN across Subnet without open routing of Magic packet
              Mach6 Employee

              I highly recommend Mike's approach.  One thing to take into account is that if the device was off to start the task it will turn off again after the task completes.  This can be changed by creating and setting the following DWORD registry value on the Core:

               

              HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Intel Scheduler\Parameters\WOLLeavesAwake

               

              A value of 0 means after the task shutdown any machines that were woken up, 1 means to leave them on after wakeup.

               

              Thanks!

              • 4. Re: Wake on LAN across Subnet without open routing of Magic packet
                mcmullina Rookie

                So here is the solution.  Intel changed their drivers and added a Power Managment Tab that controls WOL on the nic, in addition to the bios settings you normally configure.  I contacted them to see if they had a tool to preconfigure their driver to set the option to "Wake on Magic Packet from power off state" to enabled.   They did not, nor would they tell me what registry key was being changed.  I used the Landesk packet builder to scan the registry change and found the setting:

                BEGINREGISTRY
                KEY:new,"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008"
                VALUE:reg_sz,replace,"EnablePME","1"
                ENDREGISTRY

                 

                So at least we have the option to build a quick reg key or LANDesk packet to set this.

                IntelNicProperties.jpg

                • 5. Re: anyone have something to share for WOL?
                  AspenSkier Specialist

                  I'm in the boat with everyone else living on multiple subnets.

                   

                  -I need to do this WOL work around and I'm wondering if anyone has anything that they can export and post here to get me started?

                   

                  I get the process that is described; makes sense to me.  I'm just looking for a jump start (read I'm lazy or overscheduled)

                   

                  thanks

                  • 6. Re: anyone have something to share for WOL?
                    Apprentice

                    As a network admin who also has the LANDesk feather in my cap, I finally decided to add an access list (ACL) to only allow directed broadcasts from our LANDesk server, all others are denied. Because I'm using Win7-64 and the LD9 remote console isn't supported, I run everything from the core and so far, so good. I don't think anyone else in our group uses the 32-bit console.

                     

                    If there was a small number of workstations, you could add their IP's (static or reserved DHCP) to the ACL, or perhaps place these management clients into their own subnet and only allow the core & that small subnet to the ACL, etc.

                    • 7. Re: anyone have something to share for WOL?
                      AspenSkier Specialist

                      What kind of network hardware are you running?  I'd like to pull a similar arrangement here in my environment but I'll have a hard time selling the idea to my network admin.  Did you have to update the configs on every one of your switches?  How much work did you incur for this change?

                      • 8. Re: anyone have something to share for WOL?
                        Apprentice

                        All of our routing hardware is Cisco. We have a C3750 as our backbone switch, which contains vlans for all the subnets in our headquarters. We also have a C3825 router which handles the GRE over IPSec tunnels to our ~160 remote offices. I needed to add the config to the core switch,  the tunnel interfaces on our C3825 and all the remote office routers. Took a couple of dedicated hours in a single day for one person.

                         

                        Core server: 192.168.0.84

                        LANDesk default Magic packet port: UDP/0

                         

                        This was the config for the C3750:

                        conf t
                        int vl2
                        no ip redirects
                        ip directed-broadcast 20
                        int vl3
                        no ip redirects
                        ip directed-broadcast 20
                        int vl6
                        no ip redirects
                        ip directed-broadcast 20
                        int vl10
                        no ip redirects
                        ip directed-broadcast 20
                        ip forward-protocol udp 0
                        access-list 20 permit 192.168.0.84
                        wr


                        This was the config for the C3825; I needed to add this syntax for each of the ~160 tunnels (tunnel 9999 is listed below):

                        conf t
                        int tu9999
                        no ip redirects
                        ip directed-broadcast 20
                        access-list 20 permit 192.168.0.84
                        wr

                         

                        This was the config for the remote C1711/C1811's:

                        conf t
                        int vl1
                        no ip redirects
                        ip directed-broadcast 20
                        ip access-list standard 20
                        permit 192.168.0.84
                        end
                        wr