This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Can Wake On LAN work without broadcasts?

We would like to implement Wake On LAN in our organization, but our network infrastructure team refuses to allow broadcast packets past our routers.

We have a computer inventory system that keeps a current record of each PC's IP address. Can your Wake On LAN tool be configured to send a "magic packet" to a specific IP address instead of a broadcast?
  • Yes it can, but it probably won't work.

    Maybe you could ask the infrastructure team to allow "directed broadcasts"? Normally these are allowed, but some infrastructure people have started turning them off to prevent a DOS attacks by spoofing a broadcast ping. Directed broadcasts are a problem on the Internet, but on an inside network it is normally not a problem because you can brutally de-hire people for DOSing your own company network.

    For example, if you had a 10.1.0.0/255.255.255.0 network, you would send a WOL packet to the 10.1.0.255 address. Only the last router along the path knows this is a broadcast packet to the subnet. All the other routers just forward the packet along as the routing table tells them too. This is what the WOL utility tries to do by sending the packet to a range of possbile broadcast addresses for a given IP address on the subnet.

    For a Cisco router (not saying that you have Cisco, but it might be a safe guess) the syntax for directed broadcast is

    Interface Ethernet0/0 <-or whatever interface you have
    ip directed-broadcast

    This then allows you to send a "directed broadcast" packet out this interface which would let your WOL work! Your infrastructure people may be thinking your are wanting a "ip helper-address" which forwards all broadasts on a segment to a specific IP address (like a DHCP server), which is not what you are needing.



    OK, so why do you have to use a broadcast? The problem is the ARP in the router table and the MAC forwarding table in your switch. IP address have to be mapped at some point to the MAC address of the network card. This happens auto-magically by a protocol called ARP. When a router needs to send a packet to a specific IP address, and it does not know the MAC of the network card, it first sends out a broadcast ARP packet asking "Who does this IP belong to?". The PC responds back with his IP and MAC. The router then caches the information so does not have to constantly send out ARP packets.

    Now, turn off the PC. Time goes by. The ARP cache entry in the router is discarded because it is not being used any more.

    In your PC that your are trying to turn on OS is gone and the network card does not know what it's IP address is any more. The NIC cannot respond to the router's ARP request. No ARP response, the WOL packet is dropped at the router so the NIC never receives the WOL request. Catch 22. The solution is to send the WOL packet to the IP broadcast address for the subnet. The router then skips the ARP request step and just sends out the WOL to the MAC broadcast addresss of FF:FF:FF:FF:FF:FF. Which all devices on the network receive.


    OK, so you cannot find your screwdriver and decide to get a REALLY BIG HAMMER put static ARP entry in your router. That will fix it! Well maybe not.

    The next hurdle is the layer 2 switch between the router and the PC. As the router and the PC talk, the L2 switch builds up a MAC forwarding database so it know which MAC address is connected to which switch port.

    Turn off the PC.

    Now the switch will, just like the router, begin to timeout MAC forwarding entries. So now the WOL packet (because of a static ARP entry) comes out of the router. Reaches the L2 switch, and there is no entry in the MAC Forwarding Database to say which port gets this packet. One of three things can happen at this point, and it is vendor dependent. Some switch will forward the packet to a default port, some will sent the packet to all ports, and some will just drop the packet. Again the solution is to send the packet to the broadcast MAC address of FF:FF:FF:FF:FF:FF. All switches will agree that this must be sent to all ports.

    Good luck on your next conversation with your infrstucture guys














    BK
    Nobody Special