Security

Hello (newbie here)

I hope you are all doing well. I have a strange problem I need to resolve. We recently moved to 802.1x authentication instead of relying on our nac to respond to snmp traps and close a port. Everything went really smoothly, even though we are using some "old" J9298A's. The only thing I can't really solve is that we can't wake up our devices anymore, because after they shut down the port changes back to the guest vlan, which is only available locally on the switch. I know there is a setting to allow packets to egress by setting the control direction on unauthenticated ports, but I want to avoid this. This is because, on the one hand, the software that starts the WOL sends the packets to the last known IP and, on the other hand, I really want to keep the guest vlan bound only to the edge switch. We've also set the logoff time for our printers to solve their inactivity problem. I was hoping to do the same for our thin clients and Windows computers, but the sad thing is that both types of device disconnect their LAN port for 2 seconds when they shut down, and that is enough to close the session for the switch.

I'm really grateful for any help as I'm running out of ideas

Thanks in advance!

Use a MAC auth to put the devices into a restricted VLAN that allows the WoL packet but little or nothing else?

Hello (newbie here)

I hope you are all doing well. I have a strange problem I need to resolve. We recently moved to 802.1x authentication instead of relying on our nac to respond to snmp traps and close a port. Everything went really smoothly, even though we are using some "old" J9298A's. The only thing I can't really solve is that we can't wake up our devices anymore, because after they shut down the port changes back to the guest vlan, which is only available locally on the switch. I know there is a setting to allow packets to egress by setting the control direction on unauthenticated ports, but I want to avoid this. This is because, on the one hand, the software that starts the WOL sends the packets to the last known IP and, on the other hand, I really want to keep the guest vlan bound only to the edge switch. We've also set the logoff time for our printers to solve their inactivity problem. I was hoping to do the same for our thin clients and Windows computers, but the sad thing is that both types of device disconnect their LAN port for 2 seconds when they shut down, and that is enough to close the session for the switch.

I'm really grateful for any help as I'm running out of ideas

Thanks in advance!

Hello (newbie here)

I hope you are all doing well. I have a strange problem I need to resolve. We recently moved to 802.1x authentication instead of relying on our nac to respond to snmp traps and close a port. Everything went really smoothly, even though we are using some "old" J9298A's. The only thing I can't really solve is that we can't wake up our devices anymore, because after they shut down the port changes back to the guest vlan, which is only available locally on the switch. I know there is a setting to allow packets to egress by setting the control direction on unauthenticated ports, but I want to avoid this. This is because, on the one hand, the software that starts the WOL sends the packets to the last known IP and, on the other hand, I really want to keep the guest vlan bound only to the edge switch. We've also set the logoff time for our printers to solve their inactivity problem. I was hoping to do the same for our thin clients and Windows computers, but the sad thing is that both types of device disconnect their LAN port for 2 seconds when they shut down, and that is enough to close the session for the switch.

I'm really grateful for any help as I'm running out of ideas

Thanks in advance!

When you have  your PC set on restricted VLAN (or Guest VLAN) are you allowing the WOL Port to be Permitted on ACLs?
It usually uses UDP ports 7 and 9, but you can verify it with Wireshark?

Hello (newbie here)

I hope you are all doing well. I have a strange problem I need to resolve. We recently moved to 802.1x authentication instead of relying on our nac to respond to snmp traps and close a port. Everything went really smoothly, even though we are using some "old" J9298A's. The only thing I can't really solve is that we can't wake up our devices anymore, because after they shut down the port changes back to the guest vlan, which is only available locally on the switch. I know there is a setting to allow packets to egress by setting the control direction on unauthenticated ports, but I want to avoid this. This is because, on the one hand, the software that starts the WOL sends the packets to the last known IP and, on the other hand, I really want to keep the guest vlan bound only to the edge switch. We've also set the logoff time for our printers to solve their inactivity problem. I was hoping to do the same for our thin clients and Windows computers, but the sad thing is that both types of device disconnect their LAN port for 2 seconds when they shut down, and that is enough to close the session for the switch.

I'm really grateful for any help as I'm running out of ideas

Thanks in advance!