Client not sending DHCPREQUEST after offer.

Glenn Satchell glenn.satchell at uniq.com.au
Thu Apr 3 13:58:24 UTC 2014 

This affected the pxe client getting an ip address from the dhcp server.
Not saying it's your exact problem, but your dhcp client might be looking
for a specific option to be set in the response.

regards,
-glenn

On Thu, April 3, 2014 11:35 pm, ritul guru (riguru) wrote:
> But it is not reached till tftp, it is stuck in getting ip through DHCP.
> Joseph,
> Could it be an issue with port-fast disable? But at the same time legacy
> pxe boot is working with same client, switch and server port!
>
>
> Regards,
> Ritul
>
> -----Original Message-----
> From: dhcp-users-bounces+riguru=cisco.com at lists.isc.org
> [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] On Behalf Of
> Glenn Satchell
> Sent: Thursday, April 03, 2014 9:08 AM
> To: Users of ISC DHCP
> Subject: RE: Client not sending DHCPREQUEST after offer.
>
> For some older HP PXE clients I had to turn off multicast tftp in the dhcp
> server before PXE boot would work. Maybe your tftp client is looking for
> some particular option(s) to be set? Here is the config to disable it:
>
> # Option definitions for PXE
> #option space PXE;
> option space PXE code width 1 length width 1 hash size 3; option
> PXE.mtftp-ip code 1 = ip-address;
>
> class "PXE" {
>   match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
>   next-server tftp.example.com;
>   filename "pxegrub.I86PC.Solaris_10-1";
>   # 10 minutes should be long enough for PXE
>   max-lease-time 600;
>
>   # don't use multicast tftp option
>   vendor-option-space PXE;
>   option PXE.mtftp-ip 0.0.0.0;
> }
>
> regards,
> -glenn
>
> On Thu, April 3, 2014 7:11 am, ritul guru (riguru) wrote:
>> Thanks Joseph,
>> I tried disabling IP source guard on 2 interfaces which I am using,
>> but still facing the same problem.
>>
>> As uefi pxe boot uses uefi network stack, I tried configuring IP(dhcp)
>> through uefi shell of the client, but it didn't configure and I see
>> same issue on pxe server side that is DHCPDISCOVER and DHCPOFFER keeps
>> on lopping until pxeserver times out.
>>
>>
>>
>> Regards,
>> Ritul
>>
>> From: dhcp-users-bounces+riguru=cisco.com at lists.isc.org
>> [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] On Behalf
>> Of Joseph Bernard
>> Sent: Wednesday, April 02, 2014 7:23 PM
>> To: Users of ISC DHCP
>> Subject: Re: Client not sending DHCPREQUEST after offer.
>>
>> The issue with IP Source Guard is with older code on IOS switches.
>> The Nexus doesn't have the same issue that I know of.  I would also
>> suggest using Wireshark as it has been instrumental in troubleshooting
>> my issues with PXE booting in the past.  I have an interesting setup
>> where I use VMware Fusion and USB ethernet adapters and give each VM its
>> own real NIC.
>>  This should also work with VMware Workstation and possibly Player.
>> It allows me to watch the traffic without having to install Wireshark
>> on the guest VM or have to make a span session on the switch.
>>
>> Thanks,
>> Joseph B.
>>
>> On Apr 2, 2014, at 9:32 AM, Jim Glassford
>> <jmglass at iup.edu<mailto:jmglass at iup.edu>>
>>  wrote:
>>
>>
>> Hi Ritual,
>>
>> It would have to be enabled, by default, IP Source Guard is disabled
>> on all interfaces.
>> Would have in the running-config on interface setup:  'ip verify
>> source dhcp-snooping'
>> Check your logs on the n5k, see if any logs for dhcp-snooping blocks
>> if it is enabled. Not sure it is logged, we do not use on our n5k,
>> only have three in controlled data center so not that much experience.
>>
>> ~IP Source Guard
>> <http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw
>> /security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n
>> 5k_security_config_gd_rel_503_n1_1_chapter10.html#con_1097286><http://
>> www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/securit
>> y/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_secur
>> ity_config_gd_rel_503_n1_1_chapter10.html#con_1097286>
>>
>> ~dhcp snooping;
>> <http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw
>> /security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n
>> 5k_security_config_gd_rel_503_n1_1_chapter8.html><http://www.cisco.com
>> /c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/503_n1_1/b_
>> Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_security_config_gd
>> _rel_503_n1_1_chapter8.html>
>>
>> Not that related, (shows the dhcp-snooping/ip source guard is good to
>> check), had HP switches that broke PXE booting due to firmware
>> problems years ago. To work around disabled dhcp-snooping on HP
>> switches until firmware fix released on HP model with the problem.
>> Also if separate PXE server on a different port than the dhcp server,
>> have to allow both the dhcp server port and PXE server port as
>> trusted. Only matters if using dhcp-snooping and have two servers on
>> different ports.
>>
>> Might be best to Wireshark sniff the wire on each side to see where
>> the break down is occurring after checking above.
>>
>> best!
>> jim
>>
>>
>>
>>
>> On 4/2/2014 5:55 AM, ritul guru (riguru) wrote:
>> How can I check if IP source guard is enabled for a port on switch?
>>
>> From:
>> dhcp-users-bounces+riguru=cisco.com at lists.isc.org<mailto:dhcp-users-bo
>> dhcp-users-bounces+unces+riguru=cisco.com at lists.isc.org>
>> [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] On Behalf
>> Of ritul guru (riguru)
>> Sent: Wednesday, April 02, 2014 2:31 PM
>> To: Users of ISC DHCP
>> Subject: RE: Client not sending DHCPREQUEST after offer.
>>
>> I am not sure, but I am able to do legacy boot on same client port
>> (switch N5k).
>> So this should not be a concern.
>>
>>
>> Regards,
>> Ritul
>>
>> From:
>> dhcp-users-bounces+riguru=cisco.com at lists.isc.org<mailto:dhcp-users-bo
>> dhcp-users-bounces+unces+riguru=cisco.com at lists.isc.org>
>> [mailto:dhcp-users-bounces+riguru=cisco.com at lists.isc.org] On Behalf
>> Of Joseph Bernard
>> Sent: Sunday, March 30, 2014 4:55 AM
>> To: Users of ISC DHCP
>> Subject: Re: Client not sending DHCPREQUEST after offer.
>>
>> Is the client on a port using IP Source Guard by any chance?
>>
>> Thanks,
>> Joseph B.
>>
>> On Mar 29, 2014, at 3:26 PM, "ritul guru (riguru)"
>> <riguru at cisco.com<mailto:riguru at cisco.com>>
>>  wrote:
>>
>> Hi,
>> I am facing similar problem while trying to boot to uefi rhel6.5 OS
>> through uefi pxe boot.
>>
>> Pxe client sends DHCPDISCOVER and server is reverting with DHCPOFFER,
>> but this keeps on happening, client is not sending DHCPREQUEST further.
>>
>> <image001.png>
>>
>> I tried dumping pxe server on eth2, it looks like pxe client
>> DHCPREQUEST is not reaching the server. What could be the problem?
>>
>> <image002.png>
>>
>>
>>
>>
>> Regards,
>> Ritul
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> dhcp-users mailing list
>>
>> dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
>>
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>

More information about the dhcp-users mailing list