Client not sending DHCPREQUEST after offer.

ritul guru (riguru) riguru at cisco.com
Thu Apr 3 12:53:31 UTC 2014


I enabled the port-fast in switch for pxe server and client, but still it is not working. :(

-----Original Message-----
From: dhcp-users-bounces+riguru=cisco.com at lists.isc.org [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] On Behalf Of ritul guru (riguru)
Sent: Thursday, April 03, 2014 6:05 PM
To: Users of ISC DHCP
Subject: RE: Client not sending DHCPREQUEST after offer.

But it is not reached till tftp, it is stuck in getting ip through DHCP.
Joseph,
Could it be an issue with port-fast disable? But at the same time legacy pxe boot is working with same client, switch and server port!


Regards,
Ritul

-----Original Message-----
From: dhcp-users-bounces+riguru=cisco.com at lists.isc.org [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] On Behalf Of Glenn Satchell
Sent: Thursday, April 03, 2014 9:08 AM
To: Users of ISC DHCP
Subject: RE: Client not sending DHCPREQUEST after offer.

For some older HP PXE clients I had to turn off multicast tftp in the dhcp server before PXE boot would work. Maybe your tftp client is looking for some particular option(s) to be set? Here is the config to disable it:

# Option definitions for PXE
#option space PXE;
option space PXE code width 1 length width 1 hash size 3; option PXE.mtftp-ip code 1 = ip-address;

class "PXE" {
  match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
  next-server tftp.example.com;
  filename "pxegrub.I86PC.Solaris_10-1";
  # 10 minutes should be long enough for PXE
  max-lease-time 600;

  # don't use multicast tftp option
  vendor-option-space PXE;
  option PXE.mtftp-ip 0.0.0.0;
}

regards,
-glenn

On Thu, April 3, 2014 7:11 am, ritul guru (riguru) wrote:
> Thanks Joseph,
> I tried disabling IP source guard on 2 interfaces which I am using, 
> but still facing the same problem.
>
> As uefi pxe boot uses uefi network stack, I tried configuring IP(dhcp) 
> through uefi shell of the client, but it didn't configure and I see 
> same issue on pxe server side that is DHCPDISCOVER and DHCPOFFER keeps 
> on lopping until pxeserver times out.
>
>
>
> Regards,
> Ritul
>
> From: dhcp-users-bounces+riguru=cisco.com at lists.isc.org
> [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] On Behalf 
> Of Joseph Bernard
> Sent: Wednesday, April 02, 2014 7:23 PM
> To: Users of ISC DHCP
> Subject: Re: Client not sending DHCPREQUEST after offer.
>
> The issue with IP Source Guard is with older code on IOS switches.  
> The Nexus doesn't have the same issue that I know of.  I would also 
> suggest using Wireshark as it has been instrumental in troubleshooting 
> my issues with PXE booting in the past.  I have an interesting setup 
> where I use VMware Fusion and USB ethernet adapters and give each VM its own real NIC.
>  This should also work with VMware Workstation and possibly Player.  
> It allows me to watch the traffic without having to install Wireshark 
> on the guest VM or have to make a span session on the switch.
>
> Thanks,
> Joseph B.
>
> On Apr 2, 2014, at 9:32 AM, Jim Glassford 
> <jmglass at iup.edu<mailto:jmglass at iup.edu>>
>  wrote:
>
>
> Hi Ritual,
>
> It would have to be enabled, by default, IP Source Guard is disabled 
> on all interfaces.
> Would have in the running-config on interface setup:  'ip verify 
> source dhcp-snooping'
> Check your logs on the n5k, see if any logs for dhcp-snooping blocks 
> if it is enabled. Not sure it is logged, we do not use on our n5k, 
> only have three in controlled data center so not that much experience.
>
> ~IP Source Guard
> <http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw
> /security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n
> 5k_security_config_gd_rel_503_n1_1_chapter10.html#con_1097286><http://
> www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/securit
> y/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_secur
> ity_config_gd_rel_503_n1_1_chapter10.html#con_1097286>
>
> ~dhcp snooping;
> <http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw
> /security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n
> 5k_security_config_gd_rel_503_n1_1_chapter8.html><http://www.cisco.com
> /c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/503_n1_1/b_
> Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_security_config_gd
> _rel_503_n1_1_chapter8.html>
>
> Not that related, (shows the dhcp-snooping/ip source guard is good to 
> check), had HP switches that broke PXE booting due to firmware 
> problems years ago. To work around disabled dhcp-snooping on HP 
> switches until firmware fix released on HP model with the problem.
> Also if separate PXE server on a different port than the dhcp server, 
> have to allow both the dhcp server port and PXE server port as 
> trusted. Only matters if using dhcp-snooping and have two servers on different ports.
>
> Might be best to Wireshark sniff the wire on each side to see where 
> the break down is occurring after checking above.
>
> best!
> jim
>
>
>
>
> On 4/2/2014 5:55 AM, ritul guru (riguru) wrote:
> How can I check if IP source guard is enabled for a port on switch?
>
> From:
> dhcp-users-bounces+riguru=cisco.com at lists.isc.org<mailto:dhcp-users-bo
> dhcp-users-bounces+unces+riguru=cisco.com at lists.isc.org>
> [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] On Behalf 
> Of ritul guru (riguru)
> Sent: Wednesday, April 02, 2014 2:31 PM
> To: Users of ISC DHCP
> Subject: RE: Client not sending DHCPREQUEST after offer.
>
> I am not sure, but I am able to do legacy boot on same client port 
> (switch N5k).
> So this should not be a concern.
>
>
> Regards,
> Ritul
>
> From:
> dhcp-users-bounces+riguru=cisco.com at lists.isc.org<mailto:dhcp-users-bo
> dhcp-users-bounces+unces+riguru=cisco.com at lists.isc.org>
> [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] On Behalf 
> Of Joseph Bernard
> Sent: Sunday, March 30, 2014 4:55 AM
> To: Users of ISC DHCP
> Subject: Re: Client not sending DHCPREQUEST after offer.
>
> Is the client on a port using IP Source Guard by any chance?
>
> Thanks,
> Joseph B.
>
> On Mar 29, 2014, at 3:26 PM, "ritul guru (riguru)"
> <riguru at cisco.com<mailto:riguru at cisco.com>>
>  wrote:
>
> Hi,
> I am facing similar problem while trying to boot to uefi rhel6.5 OS 
> through uefi pxe boot.
>
> Pxe client sends DHCPDISCOVER and server is reverting with DHCPOFFER, 
> but this keeps on happening, client is not sending DHCPREQUEST further.
>
> <image001.png>
>
> I tried dumping pxe server on eth2, it looks like pxe client 
> DHCPREQUEST is not reaching the server. What could be the problem?
>
> <image002.png>
>
>
>
>
> Regards,
> Ritul
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
>
>
>
> _______________________________________________
>
> dhcp-users mailing list
>
> dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
>
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users


More information about the dhcp-users mailing list