Client not sending DHCPREQUEST after offer.

Glenn Satchell glenn.satchell at uniq.com.au
Thu Apr 3 03:38:10 UTC 2014 

For some older HP PXE clients I had to turn off multicast tftp in the dhcp
server before PXE boot would work. Maybe your tftp client is looking for
some particular option(s) to be set? Here is the config to disable it:

# Option definitions for PXE
#option space PXE;
option space PXE code width 1 length width 1 hash size 3;
option PXE.mtftp-ip code 1 = ip-address;

class "PXE" {
  match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
  next-server tftp.example.com;
  filename "pxegrub.I86PC.Solaris_10-1";
  # 10 minutes should be long enough for PXE
  max-lease-time 600;

  # don't use multicast tftp option
  vendor-option-space PXE;
  option PXE.mtftp-ip 0.0.0.0;
}

regards,
-glenn

On Thu, April 3, 2014 7:11 am, ritul guru (riguru) wrote:
> Thanks Joseph,
> I tried disabling IP source guard on 2 interfaces which I am using, but
> still facing the same problem.
>
> As uefi pxe boot uses uefi network stack, I tried configuring IP(dhcp)
> through uefi shell of the client, but it didn't configure and I see same
> issue on pxe server side that is DHCPDISCOVER and DHCPOFFER keeps on
> lopping until pxeserver times out.
>
>
>
> Regards,
> Ritul
>
> From: dhcp-users-bounces+riguru=cisco.com at lists.isc.org
> [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] On Behalf Of
> Joseph Bernard
> Sent: Wednesday, April 02, 2014 7:23 PM
> To: Users of ISC DHCP
> Subject: Re: Client not sending DHCPREQUEST after offer.
>
> The issue with IP Source Guard is with older code on IOS switches.  The
> Nexus doesn't have the same issue that I know of.  I would also suggest
> using Wireshark as it has been instrumental in troubleshooting my issues
> with PXE booting in the past.  I have an interesting setup where I use
> VMware Fusion and USB ethernet adapters and give each VM its own real NIC.
>  This should also work with VMware Workstation and possibly Player.  It
> allows me to watch the traffic without having to install Wireshark on the
> guest VM or have to make a span session on the switch.
>
> Thanks,
> Joseph B.
>
> On Apr 2, 2014, at 9:32 AM, Jim Glassford
> <jmglass at iup.edu<mailto:jmglass at iup.edu>>
>  wrote:
>
>
> Hi Ritual,
>
> It would have to be enabled, by default, IP Source Guard is disabled on
> all interfaces.
> Would have in the running-config on interface setup:  'ip verify source
> dhcp-snooping'
> Check your logs on the n5k, see if any logs for dhcp-snooping blocks if it
> is enabled. Not sure it is logged, we do not use on our n5k, only have
> three in controlled data center so not that much experience.
>
> ~IP Source Guard
> <http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_security_config_gd_rel_503_n1_1_chapter10.html#con_1097286><http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_security_config_gd_rel_503_n1_1_chapter10.html#con_1097286>
>
> ~dhcp snooping;
> <http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_security_config_gd_rel_503_n1_1_chapter8.html><http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_security_config_gd_rel_503_n1_1_chapter8.html>
>
> Not that related, (shows the dhcp-snooping/ip source guard is good to
> check), had HP switches that broke PXE booting due to firmware problems
> years ago. To work around disabled dhcp-snooping on HP switches until
> firmware fix released on HP model with the problem. Also if separate PXE
> server on a different port than the dhcp server, have to allow both the
> dhcp server port and PXE server port as trusted. Only matters if using
> dhcp-snooping and have two servers on different ports.
>
> Might be best to Wireshark sniff the wire on each side to see where the
> break down is occurring after checking above.
>
> best!
> jim
>
>
>
>
> On 4/2/2014 5:55 AM, ritul guru (riguru) wrote:
> How can I check if IP source guard is enabled for a port on switch?
>
> From:
> dhcp-users-bounces+riguru=cisco.com at lists.isc.org<mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org>
> [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] On Behalf Of
> ritul guru (riguru)
> Sent: Wednesday, April 02, 2014 2:31 PM
> To: Users of ISC DHCP
> Subject: RE: Client not sending DHCPREQUEST after offer.
>
> I am not sure, but I am able to do legacy boot on same client port (switch
> N5k).
> So this should not be a concern.
>
>
> Regards,
> Ritul
>
> From:
> dhcp-users-bounces+riguru=cisco.com at lists.isc.org<mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org>
> [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] On Behalf Of
> Joseph Bernard
> Sent: Sunday, March 30, 2014 4:55 AM
> To: Users of ISC DHCP
> Subject: Re: Client not sending DHCPREQUEST after offer.
>
> Is the client on a port using IP Source Guard by any chance?
>
> Thanks,
> Joseph B.
>
> On Mar 29, 2014, at 3:26 PM, "ritul guru (riguru)"
> <riguru at cisco.com<mailto:riguru at cisco.com>>
>  wrote:
>
> Hi,
> I am facing similar problem while trying to boot to uefi rhel6.5 OS
> through uefi pxe boot.
>
> Pxe client sends DHCPDISCOVER and server is reverting with DHCPOFFER, but
> this keeps on happening, client is not sending DHCPREQUEST further.
>
> <image001.png>
>
> I tried dumping pxe server on eth2, it looks like pxe client DHCPREQUEST
> is not reaching the server. What could be the problem?
>
> <image002.png>
>
>
>
>
> Regards,
> Ritul
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
>
>
>
> _______________________________________________
>
> dhcp-users mailing list
>
> dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
>
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list