Last week, my colleague Claudia and I have ported a HP ProVision configuration to HP Comware. Unexpectedly, it wasn’t routing or VLANs or OSPF that caused headaches, it was a Wake-on-LAN (WoL). Depending on the used tool, the magic packet (which wakes up the computer) is a broadcast (255.255.255.255) or a subnet-directed broadcast (e.g. 192.168.200.255). So it was important to know what tool the customer used.
This is how HP ProVision implements subnet-directed broadcasts:
ip address 192.168.200.254 255.255.255.0
ip forward-protocol udp 10.0.0.255 9
ip address 10.0.0.254 255.255.255.0
The first two commands are issued globally. The “ip forward-protocol” statement has to be entered in the source VLAN (from which the magic packets are sent). The “ip forward-protocol” statement includes the protocol (udp), the destination (the broadcast address of the subnet) and the udp port (WoL uses port 9). Pretty simple, right? But please note that this config works only for sunet-directed broadcasts. And it only works for WoL. If you need another port (e.g. udp port 7), you have to add an additional “ip forward-protocol” statement.
If you use HP Comware, the configuration differs in some points. You can enable the reception of subnet-directed broadcasts by entering “ip forward-broadcast” globally in the system-view. This is mandatory.
[HP] ip forward-broadcast
The next step is to tell the switch, to which destination it should forward subnet-directed broadcasts. This can be done by entering “ip forward-protocol” in the vlan-interface context.
[HP-Vlan-Interface99] ip forward-broadcast
The downside: All subnet-directed broadcasts will be forwarded, regardless of source, destination or protocol. To avoid this, you have to create a ACL and add this to the “ip forward-broadcast” statement. To create an ACL enter:
[HP]acl number 3001
[HP-acl-adv-3001] rule 10 permit udp source 192.168.200.0 0.0.0.255 destination 10.0.0.255 0 destination-port eq 9
[HP] interface Vlan-interface 99
[HP-vlan99] ip forward-broadcast acl 3001
You have to bound the ACL to the source VLAN interface. The subnet-directed broadcast will be forwarded to the VLAN interface which is directly connected to the destination subnet, or if there is no directly connected interface, to a router which knows the way to the destination. If you have applied packet filter ACLs to VLAN interfaces, make sure that your forwarded subnet-directed broadcasts aren’t filtered!
Feel free to follow him on Twitter and/ or leave a comment.
Latest posts by Patrick Terlisten (see all)
- Demystifying “Interfaces on which heartbeats are not seen” - March 10, 2018
- Azure PowerShell vs. Azure RM PowerShell - March 6, 2018
- Security: If it doesn’t hurt, you’re doing it wrong! - March 3, 2018