Wake on LAN across subnets with HP switches

As part of setting up SCCM I wanted to get all PCs to wake-on-LAN to enable truly zero touch deployment. I’m using mostly HP v1910/1920 edge switches with a HP 5406zl core switch. To send WoL packets while testing I’m using a tool from¬†http://magicpacket.free.fr/¬†(once all set up SCCM will be doing the wake on LAN packets).

Wake on LAN works by broadcasting a magic packet containing the MAC of the PC you want to wake. It’s a UDP packet usually going from port 7 to port 9. Broadcasts sent to 255.255.255.255 don’t traverse routers into other subnets so we instead have to use a subnet directed broadcast. This means sending to the subnet’s broadcast address instead (e.g. for 10.0.1.0/24 the subnet’s broadcast is 10.0.1.255).

Here we are assuming the SCCM server is 10.0.0.10/24, and clients are on 10.0.1.0/24 (VLAN 10) and 10.0.2.0/24 (VLAN 20)

First thing we need to do is on the core switch (the 5406). Log on to the console (I use ssh for this) and run the following:

ip access-list extended "wol-acl"
10 permit ip 10.0.0.10 0.0.0.0 0.0.0.0 255.255.255.255
exit

ip directed-broadcast access-group "wol-acl"

This enables directed broadcasts but only from the SCCM server, specified in the wol-acl access list.

Next, on the edge switches, we need to log on to the console and run the following to enable broadcast forwarding. Without this turned on, the switch won’t forward the broadcast packet to all ports.

_cmdline-mode on
(press Y, then enter the password)
system-view
ip forward-broadcast
save

Not sure why but the v1910 have an extremely limited CLI (pretty much all you can do is set the IP address) unless you enter cmdline-mode and put in the dev password. The password for the 1910 series is 512900, and for the 1920 is Jinhua1920unauthorized. The 1920s doesn’t have a command line (not sure how they thought it a suitable replacement for 1910 and 1920 as it’s absolutely rubbish). I’ve also noticed some of my 1910s and all the 1920s don’t have the “ip forward-broadcast” command so not sure how they will work.

Now all that’s left to do is go into the BIOS config on all your clients and enable wake on LAN! Hopefully you have a major brand of client where there is a windows EXE which can be scripted – I don’t so have to go and turn this on manually 400 times.