Re: [CentOS] ether-wake

[R C]

when I found out that ether-wake only did raw ether packets, I notoced 
there's also a wol in the distro,  that broadcasts wake up packets using 
udp, that I can redirect on cisco equipment.  It's working now.



thanks,


Ron



On 5/18/20 9:45 AM, Simon Matter via CentOS wrote:

Actually you are not correct.


1st: I didn't quote the wikipedia article,  someone sent that as an
answer to my previous post.

     (similar mindset probably, as in your response)

2: You are wrong,  broadcast packets, like for example DHCP, and also
WOL (if UDP), can be routed, by

the means of ip helper addresses and directed broadcasts on Cisco
equipment


Also, you like others seem to have a very hard time understanding what
is wriiten/asked.  I asked "What port number does

ether-wake us",  ether-wake being part of Centos So what I am looking
for is a number,  like 9, 37 or something in case it is

Part of the problem is that there is no THE WOL package as there are
different forms of WOL and their packages.

One way is using UDP port 9 as you said. I was using the script below to
do so (using socat) but I can tell you that this method doesn't work for
all devices.

#!/bin/bash

HWADDR="$1"
DEST_IP="255.255.255.255"
DEST_PORT="9"

# The magic packet is a broadcast frame containing anywhere within its
payload
# 6 bytes of all ones (FF FF FF FF FF FF in hexadecimal), followed by sixteen
# repetitions of the target computer's 48-bit MAC address.
MAGIC="\xFF\xFF\xFF\xFF\xFF\xFF"
for ((CNT=0; CNT < 16; CNT++)); do
   MAGIC="${MAGIC}\x${HWADDR//:/\x}"
done

echo -en "$MAGIC" | socat -T1 -u STDIO \
   UDP-DATAGRAM:${DEST_IP}:${DEST_PORT},broadcast

Kind regards,
Simon

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ether-wake

[Phoenix, Merka]

>> -Original Message-
>> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Rich Greenwood
>> Sent: Monday, 18 May, 2020 08:34
>> To: centos@centos.org
>> Subject: Re: [CentOS] ether-wake
>>
>> Some switch hardware can generate the packets directly, negating the need
>> for a box on every VLAN.  Meraki hardware can do it, but you have to go
>> through the dashboard so automating it isn't currently possible.
>>
>> Here is some documentation on forwarding WoL on catalyst 3750 switches from
>> Cisco:
>> https :// www. cisco. com 
>> /c/en/us/support/docs/switches/catalyst/3750/series/switches_91672/catl3/wol/vlans.html
>>
>>
>>
>> -- 
>> Rich Greenwood
>> Network Engineer
>> Shasta County Office of Education
>>

And from the other major network player(s) :-) a post from our HPE Aruba 
"Airheads" forum regarding how to enable the IP directed broadcast feature for 
wake-on-LAN (WoL). Visit the URL to see the formatted version of this forum 
post.
(Note: because anti-malware feature in e-mail sometimes mangles the URL, the 
URL is separated by spaces to keep it as text)


Cheers!
Simba
networking

Source URL: https:// community. arubanetworks. com 
/t5/Security/Magic-Packets-WOL/td-p/426307/page/2

devocite
Occasional Contributor I
devocite
Re: Magic Packets/WOL

‎01-31-2019 11:31 AM - edited ‎01-31-2019 11:33 AM

When I first began working on WoL, I read this post thread, much like many will 
read as time goes on, and yet I still could not get WoL to work, but eventually 
I did.

 

I will attempt to summarized all that has been said, and needs and some added 
things done to get WoL working.

Some Requirements (just stating the obvious)

Configure WoL in your computer's BIOS.

(Window) Enable Allow this device to wake the computer under the Ethernet 
Connection Properties, Power Management tab.

Aruba AOS aka HPE Proview/Provision switching running version 16.x or newer 
(I can't confirm WoL on older versions)

On the switch, you will need to configure the port for controlled-direction in

i.e. aaa port-access 1/1 controlled-direction in

This allows traffic from the switch to egress the port, so the sleeping 
computer NIC may process packets.

IP directed-broadcast is only required on the switch performing Layer-3 
routing. For Layer-3 Distribution and Access switches, it will do nothing.

 

Note: ip directed-broadcast globally activates broadcast forwarding/routing 
between all VLANs. This feature is notorious for being exploited for LAN DOS 
attacks, therefore I highly recommend setting the optional access list, to only 
allow WoL from a trusted source.

The interface untagged must a VLAN serviced by a routing instance.

 

For example:

When a device is authorized, it is put in VLAN 100 services by the core routing 
device with a SVI of 10.0.100.1.

SVI- Service Virtual Interface (Fancy talk for a Layer-3 VLAN)

 

When the device goes to sleep, the port is de-authorized, the Ethernet port is 
change to the default untagged VLAN 1, serviced by the core routing device with 
a SVI of 10.0.1.1.

 

The WoL server is at 10.0.50.100 in VLAN 50 with a SVI of 10.0.50.1.

 

When the WoL packet is sent from the WoL server to 10.0.1.255, the core SVI 50 
will route the packet out to SVI 1, thanks to the ip directed-broadcast command.

 

Here is the part that is not in the ArubaOS-Switch Guide, if you are running 
spanning-tree, it takes precidence and will block traffic despite the 
“controlled-direction in” command.

 

What I discovered, and shared with support, is for a port to be allowed to 
forward, when blocked by AAA, the port must be set to STP admin-edge.

i.e. (config)# spanning-tree 1/1 admin-edge-port

 

When everything is set correctly, on an unauthenticated port you should see in 
the log this succession of events:

00076 ports: port 16 is now on-line
00077 ports: port 16 is now off-line
00435 ports: port 16 is Blocked by AAA
00435 ports: port 16 is Blocked by STP <- STP kicks in after AAA, therefore 
trumping it.
00076 ports: port 16 is now on-line <- Admin Edge allowing the port to forward

 

In reality STP admin-edge is a good thing. It allows the port for begin 
forwarding a few seconds more quickly.

If you are concerned about STP protection, when STP is detected on a admin-edge 
port, it will fail back to full STP mode, while connected.

If a loop is created, one of the ports will begin blocking, protecting the 
network.

Note: The need for admin-edge in conjunction with “controlled-direction in”, if 
STP is enabled, is not in the command reference documentation. The engineer I 
worked with said he would request documentation update to mention it.

 

And for the example config:

## Core Switch ##

ip directed-broadcast
ip routing
VLAN 1 ip address 10.0.1.1/24
VLAN 50 ip address 10.0.50.1/24
VLAN 100 ip address 10.

Re: [CentOS] ether-wake

[Simon Matter via CentOS]

> Actually you are not correct.
>
>
> 1st: I didn't quote the wikipedia article,  someone sent that as an
> answer to my previous post.
>
>     (similar mindset probably, as in your response)
>
> 2: You are wrong,  broadcast packets, like for example DHCP, and also
> WOL (if UDP), can be routed, by
>
> the means of ip helper addresses and directed broadcasts on Cisco
> equipment
>
>
> Also, you like others seem to have a very hard time understanding what
> is wriiten/asked.  I asked "What port number does
>
> ether-wake us",  ether-wake being part of Centos So what I am looking
> for is a number,  like 9, 37 or something in case it is

Part of the problem is that there is no THE WOL package as there are
different forms of WOL and their packages.

One way is using UDP port 9 as you said. I was using the script below to
do so (using socat) but I can tell you that this method doesn't work for
all devices.

#!/bin/bash

HWADDR="$1"
DEST_IP="255.255.255.255"
DEST_PORT="9"

# The magic packet is a broadcast frame containing anywhere within its
payload
# 6 bytes of all ones (FF FF FF FF FF FF in hexadecimal), followed by sixteen
# repetitions of the target computer's 48-bit MAC address.
MAGIC="\xFF\xFF\xFF\xFF\xFF\xFF"
for ((CNT=0; CNT < 16; CNT++)); do
  MAGIC="${MAGIC}\x${HWADDR//:/\x}"
done

echo -en "$MAGIC" | socat -T1 -u STDIO \
  UDP-DATAGRAM:${DEST_IP}:${DEST_PORT},broadcast

Kind regards,
Simon

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ether-wake

[R C]

yeah I am wondering if that isn't the easiest route to go though if 
there already is


one. I am waiting for an answer from Cisco. Cisco switches and routers 
can forward wol


packets sent over udp. But etherwake doesn't do that apparently.

So if I want to wake up machines from a central location, I either need 
to use something


else then ether-wake, or  don't do it from a central location it looks like.


thanks,


Ron

On 5/18/20 9:33 AM, Rich Greenwood wrote:

Some switch hardware can generate the packets directly, negating the need
for a box on every VLAN.  Meraki hardware can do it, but you have to go
through the dashboard so automating it isn't currently possible.

Here is some documentation on forwarding WoL on catalyst 3750 switches from
Cisco:
https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/91672-catl3-wol-vlans.html




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ether-wake

[Rich Greenwood]

Some switch hardware can generate the packets directly, negating the need
for a box on every VLAN.  Meraki hardware can do it, but you have to go
through the dashboard so automating it isn't currently possible.

Here is some documentation on forwarding WoL on catalyst 3750 switches from
Cisco:
https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/91672-catl3-wol-vlans.html



-- 
Rich Greenwood
Network Engineer
Shasta County Office of Education
530-225-0161
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ether-wake

[Pete Biggs]

> actually using UDP. What I am NOT looking for is some patronizing answer 
> disconnected from the question.
> 
> 
> I really wonder why you feel the need to go out on a branch to start 
> lecturing and quoting answers that are not asked for.
> 
> 
> If you don't know the answer, simply don't reply. No one benefits, by 
> you sending email here that doesn't
> 
> have much of anything to do with the topic.

Oh, well. You try and be helpful, get abuse back. 

That's life I suppose. 

P.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ether-wake

[R C]

thank you,  that was the/an answer I was looking for.


On 5/18/20 7:51 AM, Jonathan Billings wrote:

On Sun, May 17, 2020 at 07:46:00PM -0600, R C wrote:

what port does ether-wake use?  (I believe it is port 9? but not sure).

The 'ether-wake' command in net-tools doesn't use a port at all.  It's
just a raw packet of EtherType 0x0842 as the so-called "Magic Packet"


For example, if you were to run:

(assuming interface name 'eth0')
# tcpdump -i eth0 ether proto 0x0842

You'd see the ether-wake command's packet.  If you strace the process,
you'll see the socket is created as
socket(AF_PACKET, SOCK_RAW, htons(0)).


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ether-wake

[Jonathan Billings]

On Sun, May 17, 2020 at 07:46:00PM -0600, R C wrote:
> what port does ether-wake use?  (I believe it is port 9? but not sure).

The 'ether-wake' command in net-tools doesn't use a port at all.  It's
just a raw packet of EtherType 0x0842 as the so-called "Magic Packet"


For example, if you were to run:

(assuming interface name 'eth0')
# tcpdump -i eth0 ether proto 0x0842

You'd see the ether-wake command's packet.  If you strace the process,
you'll see the socket is created as
socket(AF_PACKET, SOCK_RAW, htons(0)).

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ether-wake

[R C]

Actually you are not correct.


1st: I didn't quote the wikipedia article,  someone sent that as an 
answer to my previous post.


   (similar mindset probably, as in your response)

2: You are wrong,  broadcast packets, like for example DHCP, and also 
WOL (if UDP), can be routed, by


the means of ip helper addresses and directed broadcasts on Cisco equipment


Also, you like others seem to have a very hard time understanding what 
is wriiten/asked.  I asked "What port number does


ether-wake us",  ether-wake being part of Centos So what I am looking 
for is a number,  like 9, 37 or something in case it is


actually using UDP. What I am NOT looking for is some patronizing answer 
disconnected from the question.



I really wonder why you feel the need to go out on a branch to start 
lecturing and quoting answers that are not asked for.



If you don't know the answer, simply don't reply. No one benefits, by 
you sending email here that doesn't


have much of anything to do with the topic.


Ron



On 5/18/20 2:59 AM, Pete Biggs wrote:

On Sun, 2020-05-17 at 20:25 -0600, R C wrote:

Ok,  I get that, found it before;  "typically sent as a UDP datagram to
port 0, 7 or 9, or directly over Ethernet as EtherType 0x0842"


The keyword being 'typically',   but what is it that ether-wake actually
uses/does?  (I need to forward a WOL packet to a different

vlan on some Cisco hardware, between two Centos machines).


WoL packets are not routeable/forwardable. They are Layer 2 broadcast
packets that contain the MAC address of the machine that needs to be
woken up. But since you quoted the Wikipedia article on WoL you would
know that and it specifically says what the magic packet is and does.

The format of the packet is unimportant, all that happens is that the
ethernet *card* receives the packet, sees that it's a magic WoL packet
for that card and turns on the hardware "wakeup" line to the machine.

The packets need to be sent on the same network as the target computer
- we did it a while ago for a very large complex network and it needed
a box behind every single router that could be commanded to send out
the WoL packet for a specific MAC address. We eventually abandoned it.

P.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ether-wake

[Pete Biggs]

On Sun, 2020-05-17 at 20:25 -0600, R C wrote:
> Ok,  I get that, found it before;  "typically sent as a UDP datagram to 
> port 0, 7 or 9, or directly over Ethernet as EtherType 0x0842"
> 
> 
> The keyword being 'typically',   but what is it that ether-wake actually 
> uses/does?  (I need to forward a WOL packet to a different
> 
> vlan on some Cisco hardware, between two Centos machines).
> 

WoL packets are not routeable/forwardable. They are Layer 2 broadcast
packets that contain the MAC address of the machine that needs to be
woken up. But since you quoted the Wikipedia article on WoL you would
know that and it specifically says what the magic packet is and does.

The format of the packet is unimportant, all that happens is that the
ethernet *card* receives the packet, sees that it's a magic WoL packet
for that card and turns on the hardware "wakeup" line to the machine. 

The packets need to be sent on the same network as the target computer
- we did it a while ago for a very large complex network and it needed
a box behind every single router that could be commanded to send out
the WoL packet for a specific MAC address. We eventually abandoned it.

P.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ether-wake

[R C]

Ok,  I get that, found it before;  "typically sent as a UDP datagram to 
port 0, 7 or 9, or directly over Ethernet as EtherType 0x0842"



The keyword being 'typically',   but what is it that ether-wake actually 
uses/does?  (I need to forward a WOL packet to a different


vlan on some Cisco hardware, between two Centos machines).


Ron


On 5/17/20 8:14 PM, John Pierce wrote:

The WoL magic packet is only scanned for the string above, and not actually
parsed by a full protocol stack, it could be sent as any network- and
transport-layer protocol, although it is typically sent as a UDP
 datagram
 to port
 0,]
 7 or 9, or
directly over Ethernet as EtherType
 0x0842

- from Wikipedia

On Sun, May 17, 2020, 6:46 PM R C  wrote:


Hello,


what port does ether-wake use?  (I believe it is port 9? but not sure).


Ron

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ether-wake

[John Pierce]

The WoL magic packet is only scanned for the string above, and not actually
parsed by a full protocol stack, it could be sent as any network- and
transport-layer protocol, although it is typically sent as a UDP
 datagram
 to port
 0,]
 7 or 9, or
directly over Ethernet as EtherType
 0x0842

- from Wikipedia

On Sun, May 17, 2020, 6:46 PM R C  wrote:

> Hello,
>
>
> what port does ether-wake use?  (I believe it is port 9? but not sure).
>
>
> Ron
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos