Wake on LAN to different VLAN's
-
Do i need static IP's on the boxes i want to wake?
No.
Does the 192.168.2.254 imply the gateway or the IP of the box?
Neither. Think of it as a software Ethernet broadcast agent. Anything sent to those IP addresses becomes an Ethernet broadcast (mac address ff:ff:ff:ff:ff:ff)
With this ARP static table does that mean that the WOL package on VLAN5 is automatically forwarded to VLAN2 (or whatever you say it will be?)
No. An ARP table entry, that maps IP to MAC, is typically maintained for each machine that is connected to the network and on. Once the machine is disconnected from the network, such as by being turned off or in standby mode, the ARP table entry for that machine will expire very shortly. Minute or so is not uncommon. The static ARP entry keeps the IP to MAC association even when the machine is off or in stand-by mode waiting for WoL Magic Packet.
The special static ARP addresses assigned in each of the VLAN's I mentioned earlier are what should get the WoL Magic Packet to its respective VLAN. Think of them as broadcast agents for their respective subnet. Any thing sent to those IP addresses is then sent to MAC ff:ff:ff:ff:ff:ff within that Ethernet segment. Which is an Ethernet broadcast.
-
When trying to use the pfSense Wake on LAN utility, is the correct interface and MAC address specified for the target machine. The interface setting must be the one for the network that the target system is on.
I would suggest focusing on getting it to work with the pfSense WegGUI utility first. Then once that is working return to getting your external utility working.
-
I've created a brige between the 2 VLAN's and now the package is forwarded and it works fine! :)
Sigh… no, that is certainly not a solution.
Can you tell me why this is not a solution?
Thanks!
-
Do i need static IP's on the boxes i want to wake?
No.
Does the 192.168.2.254 imply the gateway or the IP of the box?
Neither. Think of it as a software Ethernet broadcast agent. Anything sent to those IP addresses becomes an Ethernet broadcast (mac address ff:ff:ff:ff:ff:ff)
With this ARP static table does that mean that the WOL package on VLAN5 is automatically forwarded to VLAN2 (or whatever you say it will be?)
No. An ARP table entry, that maps IP to MAC, is typically maintained for each machine that is connected to the network and on. Once the machine is disconnected from the network, such as by being turned off or in standby mode, the ARP table entry for that machine will expire very shortly. Minute or so is not uncommon. The static ARP entry keeps the IP to MAC association even when the machine is off or in stand-by mode waiting for WoL Magic Packet.
The special static ARP addresses assigned in each of the VLAN's I mentioned earlier are what should get the WoL Magic Packet to its respective VLAN. Think of them as broadcast agents for their respective subnet. Any thing sent to those IP addresses is then sent to MAC ff:ff:ff:ff:ff:ff within that Ethernet segment. Which is an Ethernet broadcast.
I had Wireshark running in my different VLAN's and each VLAN receives an broadcast package in that VLAN with the WOL utility in pfSense when using the correct VLAN. I also tried to use static mappings, tried the commands from the command line : arp -s 192.168.2.254 ff:ff:ff:ff:ff:ff (and all other subnets) but when the package is coming in into VLAN5 it doesnt forward itself to the other subnets, so i'm lost here… :( Also not sure why i cant use bridgeing between VLANS that are internal and for my use only...
-
Also not sure why i cant use bridgeing between VLANS that are internal and for my use only…
You can. Considering the entire purpose of VLANs is to separate traffic, you render the VLANs just utterly pointless. Just stick both segments on the same VLAN and be done with it.
-
I had Wireshark running in my different VLAN's and each VLAN receives an broadcast package in that VLAN with the WOL utility in pfSense when using the correct VLAN. I also tried to use static mappings, tried the commands from the command line : arp -s 192.168.2.254 ff:ff:ff:ff:ff:ff (and all other subnets) but when the package is coming in into VLAN5 it doesnt forward itself to the other subnets, so i'm lost here… :( Also not sure why i cant use bridgeing between VLANS that are internal and for my use only...
What is output of command : arp -a 192.168.2.254
It should be assigned to the VLAN2 interface. Not the physical interface.From VLAN5, to what address are you sending the WoL Magic Packet?
Should be sending the WoL Magic Packet to 192.168.2.254Re: bridge as solution. What doktormotor said.
-
Bridging VLANs is like unencrypted IPsec tunnels… :-D
-
I had Wireshark running in my different VLAN's and each VLAN receives an broadcast package in that VLAN with the WOL utility in pfSense when using the correct VLAN. I also tried to use static mappings, tried the commands from the command line : arp -s 192.168.2.254 ff:ff:ff:ff:ff:ff (and all other subnets) but when the package is coming in into VLAN5 it doesnt forward itself to the other subnets, so i'm lost here… :( Also not sure why i cant use bridgeing between VLANS that are internal and for my use only...
What is output of command : arp -a 192.168.2.254
It should be assigned to the VLAN2 interface. Not the physical interface.From VLAN5, to what address are you sending the WoL Magic Packet?
Should be sending the WoL Magic Packet to 192.168.2.254Re: bridge as solution. What doktormotor said.
Okay, i understand the part about the bridge, but i'm only learning as i'm new with setting up VLANs. I'm an IT manager and want to understand these things when people ask me about it :) also it's simple internal LAN only so doesnt matter in this particular case if brigde is unsafe, but i rather not use the bridge and do this the proper way
So what i tried is i placed it in the ARP table via the GUI on the DHCP server (on VLAN2) or should i place it in VLAN5 (the static ARP of 192.168.2.254 - ff:ff:ff:ff:ff:ff) on the DHCP server because it's now on VLAN2.
When i issue the command ARP -a 192.168.2.254 it gives:
[2.2-RELEASE][root@pfsense]/root: arp -a 192.168.2.254 usage: arp [-n] [-i interface] hostname arp [-n] [-i interface] -a arp -d hostname [pub] arp -d [-i interface] -a arp -s hostname ether_addr [temp] [reject | blackhole] [pub [only]] arp -S hostname ether_addr [temp] [reject | blackhole] [pub [only]] arp -f filename [2.2-RELEASE][root@pfsense]/root:
When i check arp -a
amongst the lines below line is also there.
? (192.168.2.254) at ff:ff:ff:ff:ff:ff on em2_vlan2 permanent [vlan]
and when i check the ARP table in the GUI it's also in there.
I'm sending the WOL package to the MAC address of the box i want to wakeup, not on ff:ff:ff:ff:ff:ff or IP, but WOL is not connected to IP right? It's MAC based only?
-
When i check arp -a
amongst the lines below line is also there.
? (192.168.2.254) at ff:ff:ff:ff:ff:ff on em2_vlan2 permanent [vlan]
and when i check the ARP table in the GUI it's also in there.
Okay ARP entry looks good on VLAN2. Sorry about the bad arp -a hostname syntax. I must have gotten confused with Linux.
I'm sending the WOL package to the MAC address of the box i want to wakeup, not on ff:ff:ff:ff:ff:ff or IP, but WOL is not connected to IP right? It's MAC based only?
This is where the problem appears to be. Because WoL Magic Packet is MAC based (layer 2, Ethernet) it cannot be routed from VLAN5 to VLAN2. However this is the purpose of the special static ARP entry. If you send the WoL Magic Packet to that special IP address it should be routed to that VLAN and since that IP addresses' MAC address is all f's it ends up being put out on to that subnet as an Ethernet broadcast. Clear as mud?
So. Provide the MAC address of the machine that is to be awakened to the tool, but tell the tool to send it to the special IP address (192.168.2.254).
-
I'm an IT manager and want to understand these things when people ask me about it
Wikipedia has some good WoL info. Probably some good VLAN info. too.
http://en.wikipedia.org/wiki/Wake-on-LAN -
When i check arp -a
amongst the lines below line is also there.
? (192.168.2.254) at ff:ff:ff:ff:ff:ff on em2_vlan2 permanent [vlan]
and when i check the ARP table in the GUI it's also in there.
Okay ARP entry looks good on VLAN2. Sorry about the bad arp -a hostname syntax. I must have gotten confused with Linux.
I'm sending the WOL package to the MAC address of the box i want to wakeup, not on ff:ff:ff:ff:ff:ff or IP, but WOL is not connected to IP right? It's MAC based only?
This is where the problem appears to be. Because WoL Magic Packet is MAC based (layer 2, Ethernet) it cannot be routed from VLAN5 to VLAN2. However this is the purpose of the special static ARP entry. If you send the WoL Magic Packet to that special IP address it should be routed to that VLAN and since that IP addresses' MAC address is all f's it ends up being put out on to that subnet as an Ethernet broadcast. Clear as mud?
So. Provide the MAC address of the machine that is to be awakened to the tool, but tell the tool to send it to the special IP address (192.168.2.254).
Ah it's starting to make sense to me now :)
Because it's been sent to that special IP it will go to the ff:ff:ff:ff:ff:ff and therefore it will be broadcasted to the correct subnet right? The tool i'm using is only using MAC's and i cannot put in an IP in on that remote control. But see below screenshot. In this case i need to send it to subnet 192.168.2.255 or 192.168.2.254.
This weekend i'm loaded with other obligations, i will test out asap. Thanks for the dummy explaination :)
-
Because it's been sent to that special IP it will go to the ff:ff:ff:ff:ff:ff and therefore it will be broadcasted to the correct subnet right?
Correct.
As for sending to x.x.x.255 rather than x.x.x.254. That may or may not work. Depends on if pfSense will route an IP broadcast between local subnets. The reason I use x.x.x.254 is that it can be NAT port forwarded through the firewall from external internet sources. Where as x.x.x.255 cannot. At least not in in previous versions of pfSense.