PXE Boot Requests Fail across VLAN's

Neil Kirkland · ‎03-07-2014

Architecture : 3 x 3560 switches, ipservicesk9 image, linked by fibre trunks running EIGRP ...

Normal DHCP works - 4 VLANS, 1 uses fixed IP - the Server VLAN, 4 use DHCP.

Normal DHCP from VLans 3 to 5 works, I've configured in two ways, in both cases I can get DHCP to work correctly.

DHCP in IOS with DNS on MS Server (2008 R2)
DHCP and DNS on MS Server (2008 R2)

DNS server is 10.10.2.253, PXE Server is 10.10.2.251, these are my helper-address's ....

So all VLAN's can get an IP address from a server in the same VLAN as the PXE boot server - BUT - try PXE booting anything and it fails - the switches will not pass / forward the PXE boot 'DHCP discover' packets no matter what. I know the problems in the routing side of the switch, a packet trace proves it, I've done a packet trace in a flat network (the server VLAN) in which PXE boot works fine (so I know for sure my PXE server is OK), trying from another VLAN on the SAME switch (done as a test to eliminate the trunks) and all the initial PXE device 'DHCP discover' fails - the 'DHCP Discover' packets initiated under PXE boot are not routed or forwarded, they can be seen on the non server VLAN but they never appear in the server VLAN, hence not received and so the PXE boot process never starts.

I know I've asked this before but it went nowhere, why the hell would normal DHCP work and PXE boot not ?????????

It's getting frustrating - seriously so, I'm getting to the point where something is going to get launched ...

Being able to learn something is not the same thing as being able to do it for real. The only thing that exams prove is your memory.

acampbell · ‎03-07-2014

Neil,

Under normal dhcp operation the client sends its discover from port number 68 (bootpc) to port 67 (bootps)

However when you use PXE the destination (server) port uses 4011

Please see this from M/Soft

http://support.microsoft.com/kb/257579

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

Peter Koltl · ‎03-08-2014

PXE boot requires a special DHCP option. Please check on DHCP server if it's configured for that client pool.

Neil Kirkland · ‎03-09-2014

OK apologies if some frustration shows here.

This is NOT a server issue. Normal DHCP etc work 100%, the PXE server works providing the PXE client is in the same VLAN. PXE is used only for loading firmware it is not part of a 'normal' boot process and is instigated from the PXE server by sending a special message.

I have proved categorically using packet trace in a PXE client vlan and in the PXE server vlan that the PXE Clients DHCP discover message never reaches the vlan containing the PXE server.

These PXE clients when loaded run a Microsoft Embedded OS - once booted they can get a DHCP address from a DHCP server in the same VLAN as the PXE server, the PXE server will not respond to packets that do not have option 60 set in a specific manner.

This is 100% a routing issue, the switch 'router' is silently dropping the DHCP Discover packets that have option 60 set for "PXE Client". I can't even see any messages that a packet is dropped using debug on the routed port, the packet is never received by the 'trunk' - it never seems to escape the originating VLAN - but I KNOW that it was generated - I can see it in the trace.

I'm suffering CLI overload right now - it's driving me crazy - so it has ot be something simple.

ip helper-address's are correctly set, this by Cisco's own documentation automatically forwards ports 67, 68 and 69 - and for the most part it does - until it sees my packets with option 60 set to PXE client - then it drops them - doesn't tell you that it has, or why.

Tried all kinds of monitoring and debug but got nowhere.

If I knew why I'm sure the fix wouldn't be far behind.

Being able to learn something is not the same thing as being able to do it for real. The only thing that exams prove is your memory.

acampbell · ‎03-09-2014

Hi,

Can you try adding this command to the global config on the layer 3 switch/router

!

ip forwarding-protocol udp 4011

!

I assume you have the correct ip helper-address on the svi or layer 3 interface

Hope this helps

Regards, Alex. Please rate useful posts.

acampbell · ‎04-28-2014

Neil,

Just interested to find out if this issue got resolved.

Regards

Alex

Regards, Alex. Please rate useful posts.

Elton Babcock · ‎04-28-2014

I recently ran into something similar. I was using a 2960-S switch and was using had spanning tree is rapid spanning tree mode. Once I switched it back to regular old PVST everything just started to work. Never had enough time to figure out really why this was happening.

malshara · ‎07-30-2015

Hi ,

how are you ? I am just interested since I faced the same issue and I need to know if you figured out the issue ?

Regards

Peter Koltl · ‎08-20-2015

Can you see the DHCPDiscover in

debug ip dhcp server packet

?

ahmed.morsy · ‎10-18-2015

Hello All,

I got it worked as follow :

I'm running my DHCP service on the L3 Switch 3650 for All vlans ,
My WDS server (Win server 2012 R2) in servers VLAN with ip address 192.168.12.200 , So I Configured My Switch as Following

Under DHCP which the Client belong to :

Config )# ip dhcp pool 100
Config-dhcp) # network 10.0.100.0 255.255.255.0
Config-dhcp) # default-router 10.0.100.1
Config-dhcp) # dns-server 8.8.8.8 8.8.4.4
Config-dhcp) # option 60 ascii PXEClient

And then Under the vlan for the client configured the IP helper address

Config )# int vlan 100

(config-if)# ip helper-address 192.168.12.200

After that i tried the PXE boot on a machine in vlan 100 and every thing worked fine

Thanks,

Best Regards ,

ahmed.morsy · ‎10-18-2015

Hello All,

I got it worked as follow :

I'm running my DHCP service on the L3 Switch 3650 for All vlans ,
My WDS server (Win server 2012 R2) in servers VLAN with ip address 192.168.12.200 , So I Configured My Switch as Following

Under DHCP which the Client belong to :

Config )# ip dhcp pool 100
Config-dhcp) # network 10.0.100.0 255.255.255.0
Config-dhcp) # default-router 10.0.100.1
Config-dhcp) # dns-server 8.8.8.8 8.8.4.4
Config-dhcp) # option 60 ascii PXEClient

And then Under the vlan for the client configured the IP helper address

Config )# int vlan 100

(config-if)# ip helper-address 192.168.12.200

After that i tried the PXE boot on a machine in vlan 100 and every thing worked fine

Thanks,

Best Regards ,

attilahorvathbru · ‎01-29-2016

Hi All,

I have a working WDS run on VLAN30 and the PXE client on Vlan 10. The L3 switch is c3750 (ios: advipservicesk9-mz.122-25.SEE2) and the client connected to C2950G. I experienced the same problem as n-kirkland wrote 2 years ago.

I tried the above working configuration from Ahmed on my environment. It is failed . The 'option 60 ascii PXEClient' config mix up my problem. Although the client get DHCP from the L3 switch it generate errormessage.

PXE-E55: proxyDHCP did not reply to request on port 4011.

I removed the option. I use only the ip helper to forward DHCP PXE request to the WDS. The DHCP server debug shows DHCPDISCOVER, DHCPOFFER, BOOTREPLY repeatedly until the client fail.

ip dhcp pool VLAN10
   network 172.16.10.0 255.255.255.0
   default-router 172.16.10.1
   domain-name test.dom
   dns-server 172.16.30.100 172.16.30.103

interface Vlan10
ip address 172.16.10.1 255.255.255.0
ip helper-address 172.16.30.101

interface Vlan30

ip address 172.16.30.1 255.255.255.0

So, I put the client and the server to the same vlan everything works.

what is behind this? It should work between different vlans.

Thanks,

Best regards,

mhaas · ‎08-02-2017

The solution to this problem is to think of the PXE server as a DHCP server. All I had to do was add the command:

ip helper-address Address of PXE

After adding this to my 4500x core switch's vlan interface configuration the SCCM imaging started working.