GS110TPv3: Wake On LAN (WOL) does not work, when 802.1x (MAC Authentication Bypass) is activated

Hello everybody,

I'm running a Netgear GS110TPv3 with SW version 7.0.6.2. If MAC address check ("802.1X" ~ MAB) is deactivated on an affected switch port, wake on lan is working.

If MAC address check is activated, a client can no longer be woken up.

1. Assumption: The Vlan ID is different when it is switched off than when it is switched on and authenticated.

If, for example, a notebook is switched on manually, the MAC address check also works via the RADIUS server. The client is assigned to Vlan 1 via dynamic Vlan assignment (default).

In unauthenticated state, the switch port is also in Vlan 1 (default config of Netgear = 0). As a result, both the switched off and the switched on device should be in Vlan 1. So there is nothing against being able to wake up the client.

However, it doesn't work.

Setup: Security - Port Authentication - 802.1X

Port-based authentication status: Enable

VLAN assignment mode: Enable

Dynamic VLAN creation mode: Enable

EAPPOL flood mode: Deactivate

Switchportconfig with deactivated MAC check:

Port control = Authorized

MAB = deactivate

Unauthenticated VLAN ID = 1

(Assigned Vlan ID via RADIUS = 1)

Result: WOL works

Switchportconfig with activated MAC check:

Port control = MAC-based

MAB = activate

Unauthenticated VLAN ID = 1

(Assigned Vlan ID via RADIUS = 1)

Result: WOL does NOT work. Why ?

2. Assumption: I would normally assume that frames from the switch to the client (outbound) are not blocked before authentication, but only the frames from the end device to be woken up in the direction of the switch (inbound).

I cannot find any setting/option on the switch port to differentiate between incoming or outgoing or incoming and outgoing frames.

Can the problem with this Netgear switch be solved at all? Do bigger business switches have more options?

Many thanks for your help.