Tag Archives: switch

Wake-On-LAN

To route broadcast traffic from the SCCM server over different vlans, an access list must be set on the core switch (where the routing takes place). You can do this with the extended access list below. Give the access list a recognizable name and then set an entry per SCCM server. 

  1. Configure Access-list
    With the access list you indicate that the SCCM servers are allowed to send a broadcast
    In place of the xx you enter the IP address of your own SCCM server
ip access-list extended "<naam acl>"
     10 permit ip xx.xx.xx.xx 0.0.0.0 0.0.0.0 255.255.255.255


ip directed-broadcast access-group "<naam acl>"



If the customer uses 802.1x, the switch port must also be configured to allow WOL traffic on 802.1x ports. This is closed by default.
But with the command below you set that this is allowed through

aaa port-access <port-list> controlled-direction in

Finally, you also have to set the firewall to allow broadcast traffic. This is blocked by default on a CheckPoint firewall. But you can configure it through the Gaia interface or via clish. You can do this for

3. Configure ip-broadcast helper on the firewall 3

Via the Gaia WebGui you can set this up by choosing the interface that your customer vlans are behind. With UDP Port you choose 9 and as relay the ip address of the vlan interface.