HPE Community
Comware Based
1753318 Members
6540 Online
108792 Solutions
New Discussion

WOL ACL on comware7

 
BWCtech
Member

‎08-20-2017 11:49 PM

‎08-20-2017 11:49 PM

WOL ACL on comware7

Hi.  I'm trying to configure directed broadcast to allow WoL to work over the routed network - with security so it's only allowing packets from the WoL server to pass.  On Comware 7, you can't add the ACL prefix to the end of "ip forward-broadcast" comand like you can in comware 5.

As an alternative solution, I can add an ACL to the interface to block subnet broadcasts from hosts except for the WoL server.  Example (wol server = 10.10.10.10):

acl number 3001 name ACL-BLOCK_DIRECTED_BRDCST
rule 0 permit udp source 10.10.10.10 0 destination 10.0.0.255 0 destination-port eq 9
rule 5 deny ip destination 10.0.0.255 0
rule 10 permit ip 

interface Vlan-interface100
ip address 10.0.0.1 255.255.255.0
ip forward-broadcast
packet-filter 3001 outbound

The issue with this is that i think that the deny statement will also block the routers own broadcasts to the 10.0.0.0/24 network.  I don't have a lab so is this true?  Is there a solution where I can only allow the WoL server to send broadcasts to this subnet?  Thanks.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.