we're trying to implement 802.1x in our environment. But we can't get Wake on Lan to work when it's active. Actually it does what it should, block the port when not authorized. But with this way WOL can't work. After a bit of research we stumbled upon a command used in Cisco devices called "authentication control-direction in" which should do the trick. Is there any equivalent or another way of making this work?
I have looked high and low through the commands available on the N series and could not find any command that would do the same as the Cisco command. I am not aware of a workaround to get this kind of setup working.
We were evaluating Dell N2000 switches for our whole access network (~20000 users).
But we haven't found any way of getting WakeOnLan (WoL) to work together with Dot1x and/or MAB in Dell N2000-switches. WoL is crucial in our environment and this kind of setup is no problem to do in Cisco access-switches (which we currently use).
My question is if it is still not possible to setup WoL with Dot1x/MAB on Dell N2000-series? Or if it's planned in near future?
Do you have any update in this case?
That feature like Cisco have, "authentication control-direction" is very important. And that is not a option that only Cisco OS have, the others OS, HP for example have this option too.
WOL is very crucial to administrate the clients remotely. We've lived recently a big problem to update our clients that were turned off. An critical security update, that on this cenario we've had needed to go on each clients to wake on them. Only because Dell OS6 doesn't work with WOL and 802.1x together.
But I believe that is not a big request, because is common in other vendors and WOL is an old feature and we can't loss him when we've deploy 802.1x.
Please, help us.
Nah, they don't have it. Still. For enterprisey switches that's a little hard to understand given all the other (major) players have had this for ages. And you actually need it for example if during off-business hours you want to do OS patching and stuff, in case somebody actually knows what patching is ;-)
The only thing you might be able to do is use the guest VLAN together with 802.1x. (No guest VLAN when using MAB.) That however means using a different broadcast address than the devices to be woken up would usually have. (Since the guest VLAN cannot and should not be the actual data VLAN.)