PXE across subnets using IP Helper Address

Similar Messages

• Problem With PXE Across Subnets

  I'm having a problem with PXE across subnets. The workstation boots,
  finds the dhcp server, finds the tftp server, downloads linux.1 and
  linux.2 with no problem. It is unable to download linux3.tgz, however.
  I've tried two different zen servers. I can tftp the file from either
  zen server in windows with no problem. I can tftp it from maintenance
  mode if I use a workstation as a tftp server. I can tftp it in PXE on
  the same subnet with no problems.
  A packet trace on the workstation shows that it gets so far into the
  download and then begins getting ICMP 'destination unreacable' packets
  from the server with the 'port unreachable' flag set.
  It sounds as if the server is closing the conversation on that port.
  Can anyone shed any light on this for me?
  Dave Thomas
  Rivercrest Technologies, Inc.

  Could you send me that trace? I would like to have a quick look
  Ron
  [email protected]
  <[email protected]> wrote in message
  news:iNOie.234$[email protected]..
  > The source address is the zen server. I'm relatively certain there is
  > not routing issue because I can tftp the file from windows with no issues
  > etc. Also there are a lot of other services crossing the subnets that
  > would fail if there is a routing issue.
  >
  > The 'port unreachable' flag seems to indicate that the zen server has
  > stopped listening on the port that is being used for the transfer.
  >
  > Dave Thomas
  >
  > > Where do these ICMP "destination unreacable" come from? could there be a
  > > routing issue to get to the imaging server?
  > >
  > > Ron
  > >
  > > <[email protected]> wrote in message
  > > news:[email protected] oups.com...
  > > > I'm having a problem with PXE across subnets. The workstation boots,
  > > > finds the dhcp server, finds the tftp server, downloads linux.1 and
  > > > linux.2 with no problem. It is unable to download linux3.tgz,
  > however.
  > > >
  > > >
  > > > I've tried two different zen servers. I can tftp the file from either
  > > > zen server in windows with no problem. I can tftp it from maintenance
  > > > mode if I use a workstation as a tftp server. I can tftp it in PXE on
  > > > the same subnet with no problems.
  > > >
  > > > A packet trace on the workstation shows that it gets so far into the
  > > > download and then begins getting ICMP 'destination unreacable' packets
  > > > from the server with the 'port unreachable' flag set.
  > > >
  > > > It sounds as if the server is closing the conversation on that port.
  > > >
  > > > Can anyone shed any light on this for me?
  > > >
  > > > Dave Thomas
  > > > Rivercrest Technologies, Inc.
  > > >
  > >
  > >
  >

• NetBoot across subnets with a bootpd relay

  Hello Apple Community!
  I've got 4 subnets at my school, each with various Macs around campus.  I have a Mavericks server on each subnet currently, each with their own NetBoot images.  It's a pain to keep everything updated.  I can get a single client Mac (pre-2011) to boot across subnets using the bless command, but that's not really a viable solution for us to run a bless command on each client every single time we want to netboot.  So far, the solution has been just to have dedicated netboot servers on each subnet, but I know there has to be a better way.
  This article (OS X Server: How to use NetBoot across subnets - Apple Support) describes three different methods for netbooting across subnets, but two of them are not really viable for us.  Those involve reconfiguring the network to allow BootP data to pass across subnets or configuring one server with multiple network connections, one for each subnet.  However, option #2 describes configuring a bootpd relay.  Based on my reading, this sounds like exactly what I need.  However, I can't find any good documentation to walk me through setting it up.
  I've thoroughly read the bootpd man page, which has had me editing the /etc/bootpd.plist on multiple servers.  This hasn't gotten me very far.  My clients still don't see the remote NetBoot server.  It seems like the relay is supposed to redirect broadcasts from the remote Netboot server, through a local NetBoot server to the client.  But I have no idea how to make this work.
  Could someone please give me more guidance on what I'm supposed to be doing here?  I'd like to host a single NetBoot server and have any client on any subnet be able to option-boot to see the NetBoot startup options (I have multiple NetBoot images, from Apple Service Toolkit to DeployStudio and Mavericks/Yosemite installers in between).  Even if I could get it to just netboot to one default source (AST), I could deal with that.  I'm also happy to host multiple NetBoot servers, but with all my NetBoot images in one location.  I'm stumped in this multiple subnet environment and I need help.  Please help.

  Thanks again for your feedback.  I had forgotten I left the "tftp://" on the IP address.  Though, I've tried that multiple ways, starting with IP only.  Also, per the bootpd man page (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/ man8/bootpd.8.html), <allow/> and <deny/> are lists for MAC address allowances and when nothing is defined everything goes through.  These are there by default, though I will remove them and see what happens.  Also, according to the man page, bootp_enabled enables on all connections when a boolean is set rather than an array.  Though I will still change this also and see what happens.  The array that comes after the netboot_disabled key is auto-generated by NetInstall when you turn the service on in Server.app.
  Essentially, that plist comes from a fresh activation of NetInstall.  I deleted the previous .plist, rebooted the server and when I turned on NetInstall, that's what was created, plus my bootp modifications.
  All that said, you said that you assumed I started the relay with the 'debug & logging' options enabled.  I haven't started the relay in any active sense.  So far, I've just been modifying this .plist, and rebooting a bunch of times, but that's where I seem to get lost.  Is there a way to actively "start" the relay?  I'd love to look at these 'debug & logging' options.  As for the 'Startup Disk' prefs on the client Mac, they do not show any significant change.  Basically, they just don't see the remote server as a startup option.  I have not gleaned any pertinent info from console, though I'm not sure I know what I'm looking for.
  On a side note, I had a wild hair to try something different.  I set my local subnet's server to look at a NetBootSP0 folder that was actually a symlink to a NetBootSP0 folder that was mounted as a file share from the remote NetBoot server.  This really looked like it might work.  When you boot the client, it saw the startup volumes from the remote server.  However, upon boot, it doesn't seem to make the connection and winds up booting back to the internal hard drive.  It was worth a try...

• NetBoot & NetInstall across subnets

  I've recently begun deployment of our NetBoot servers within our organization. Everything is working as expected, but I'd like to be able to NetInstall across subnets without having to add a helper address to the routers. Basically we're in a large organization and getting rules added to the routers is a lengthy and unlikely scenario. That said, I've seen a few articles regarding the ability to NetBoot across subnets using OF or EFI.
  http://www.bombich.com/software/nbas.html
  I've verified NetBoot is working on the same subnet, but I've encountered an issue when NetBooting from different subnets. I've tested three systems (iBook G4, PowerMac G4, & Intel MacBook), but only the Intel system is able to communicate. If I look at the server logs, the MacBook is able to consistently communicate, but there are no log entries for any of the PPC attempts. Thus, PPC systems time out when attempting to access the server.
  I'm not using any NetBoot, DHCP, or MAC address filtering, so I'm not sure what the problem is. I'm pretty much using an out-of-box configuration with all the larest updates (10.4.7). As far as the client, I've used the NBAS tool, as well as manually configured the systems using Terminal (sudo nvram boot-device="enet:10.x.x.x").
  Anybody have any additional input regarding the ability to NetBoot across subnets? Any idea why an Intel system would NetBoot, but PPC would not? Again, filtering has not been enabled.

  Yes, each system points to the appropriate image based on architecture (PPC, Intel). The problem is that the server never seems to acknowledge the PPC systems. If I boot an Intel system, I can see the communication data in the server logs. The PPC systems never even register an entry in the logs. It appears as though they never commmunicate at all. Even if a PPC image is specified and an Intel systems boots to the NetBoot server, the commmunication is still logged.
  I need to run some additional tests, as well as a packet capture. Perhaps a packet capture will yield some useful information.

• Best Practice for ip helper-address

  I have 2 dhcp servers on same subnet 192.168.1.0
  I'm trying to setup my SVI
  Gateway 192.168.6.1
  How should the ip helper-address be setup?
  ip helper-address 192.168.1.0
  or
  ip helper-address 192.168.1.1 <- dhcp 1
  ip helper-address 192.168.1.2 <- dhcp 2
  2 Dhcp servers setup each to handle half the scope of a given subnet.

  Sparky
  Generally I believe that the best practice for this is to use two helper address statements. This will send two unicaast packets, one to each server. The other alternative is to send a directed broadcast (which would actually be ip helper-address 192.168.1.255). To do this you would also have to be sure that ip directed-broadcast was enabled on the router interface connecting to the 192.168.1.0 subnet. Many people reguard ip directed-broadcast as a security vulnerability and do not want it enabled. If your environment is comfortable with enabling this function then both alternatives would work. The advantage of the directed broadcast is that it transmits one packet rather than transmitting two packets. If it were me I would use two helper address statements.
  HTH
  Rick

• Unable to ping across subnet

  hi
  i have a solaris system
  hostname sun
  router (IP) 10.xx.xx.1
  IP 10.xx.xx.20
  network id 10.xx.xx.0
  mask 255.255.255.0
  where problem is
  i can't ping from solaris machine(sun) to any PC across the subnet ( with IP as well as name).
  resolution
  --> /etc/defaultrouter is in order
  --> network card is properly setup and running
  --> can ping any system on local subnet including router(with IP ! DNS is across the subnet).
  --> can ping from other PC's(win) on same subnet to systems across subnet using same default gateway settings
  ( that is routing settings at router are okay) .
  --> netstat -r (shows following output )
  sun% netstat -r
  Routing Table:
  Destination Gateway Flags Ref Use Interface
  10.xx.xx.0 sun U 3 2460 hme0
  224.0.0.0 sun U 3 0 hme0
  default 10.xx.xx.1 UG 0 37756
  localhost localhost UH 0 6502 lo0
  sun%
  --> /etc/netmasks
  10.0.0.0 255.255.255.0
  --> it takes unreasonably long time to set default interface for multicast during boot.
  any suggestions where the problem could be.
  thnx
  garry

  Hi garry
  Yes you cannot ping with name unless you dont include that system's name and ip in the host file.
  Due to the following reasons, you cannot ping ip across the subnet :
  1. The pinging ip may be in a different vlan for which you dont have any access.
  2. The default gatway has to be added which is accessable to other subnet also.
  To over come your problem :
  sample diagram of your problem
  sub net 1- - - - - - - - - - - - - - - -
  you are here |
  sub net 2 - - - - - - - - - - - - route - - - - -dns / internet
  |
  sub net 3- - - - - - - - - - - - - - - -
  is this n/w diag ok.
  still you have any problem check the ACL of the router.
  Regards
  Sridhar M

• SG300-28 IP Helper Address

  I have learned that by default the ip helper-address will forward the following 8 udp ports
  UDP PORT
  Common Name.
  69
  TFTP
  67
  BOOTP Client
  68
  BOOTP Server
  37
  Time Protocol
  49
  TACACS
  53
  DNS
  137
  NetBios
  138
  NetBios Datagram
  But when I check in cisco SG300-28, only port 37, 42, 49, 53,137 and 138 are in the forwarded list. Does it mean we cannot use ip helper-address to relay DHCP request? Please advise

  Hi Blue, you cannot. The DHCP relay function is designed for that. Therefore it is reserved for that function of the switch.
  -Tom
  Please mark answered for helpful posts

• Solution to use Airprint across subnets wired/wireless

  A lot of companies are trying to figure out how to setup airprint to print
  in the workplace, wired+wireless across subnets.
  We finally figured it out with some DNS magic and a CUPS server.
  I have documented the solution at a live document hosted at
  http://sites.google.com/site/iwastepaper/
  Hopefully it helps a few folks.
  <Edited by Host>

  You will want to make sure your APs can route from where ever you install them to the WLC managment address.
  How APs find the controller can happen a few different ways:
  1) DNS A record
  2) Layer 2 broadcast (which you seen already)
  3) IP Route Forward
  4) DHCP Option 43
  5) Manual Prime the AP
  Most folks lead with option 43.
  http://www.my80211.com/cisco-wlc-labs/2009/7/4/cisco-dhcp-option-43-configuration-nugget.html
  if you check the config guide you will explain the other processes.

• PXE Boot/Ip helper address for staging OS-es

  Hi,
  In our production environment there is already a PXE-server SCCM 2007. Now, we're setting up an SCCM 2012-server which we would like to test staging/OS-deployment also.
  Is it safe to say we need to add the ip  of the SCCM 2012 "066 Boot Server Host Name" to stage. Note: on switches (Cisco) this is ip helper address,  correct?
  Please clarify.
  NOTE: is there an option to make it work WITHOUT needing a new VLAN?
  J.
  Jan Hoedt

  DHCP options and IP helper addresses have the same end goal but are completely different things.
  IP Helpers automatically forward broadcast requests to a destination system thus "bridging" subnets for services like DHCP and PXE.
  DHCP scope options directly instruct the NIC to boot from a specific PXE server.
  So, yes, it is possible to manipulate where a client PXE boots from, but it takes an integral understanding of how PXE works, of how IP Helpers work, and of how NICs initiate a PXE boot when either IP Helpers or DHCP scope options are in place (and
  thus DHCP also). Because *none* of this really has anything to do with ConfigMgr or even Microsoft itself, there really is no Microsoft guidance except that IP Helpers are preferred and are the Microsoft supported solution. A great starting reference
  is at http://en.wikipedia.org/wiki/Preboot_Execution_Environment
  Jason | http://blog.configmgrftw.com
  Is there any official Microsoft documentation that outlines why IP Helpers are preferred over scope options?

• Can't send email using different IP address subnet

  Hi, in our office using different IP address subnet, like this : 
  10.254.1.xxx and 10.254.3.xxx
  And Our Server Exchange version is 2007, using IP address 10.254.1.xxx, but when from another IP like 10.254.3.xxx can't send or receive email, and get error (on some pc that using SeaMonkey) :
  An error occured sending mail : The mail server sent an incorrect greeting: 4.3.2 Service not available, closing transmission channel.
  Someonce can help me, please..
  Thanks before.

  Hi Jim, 
  We have check the following path on our Exchange Server :
  C:\Program
  Files\Microsoft\Exchange Server\Logging\TraceLogs 
  And
  we not found any log files here.
  Thanks.
  Best Regards,
  Antoni

• WoL across subnets, how many helpers can you use?

  Been going through the searches on this and I can't find an answer to my question. We are implementing Dell KACE and are deploying WoL campus wide. I'm following the referenced doc and in our test environment its working well.
  http://www.cisco.com/en/US/customer/products/hw/switches/ps5023/products_configuration_example09186a008084b55c.shtml#diag
  My question is this part --------v
  I get the need for the bolded helper addresses on the server VLAN. However, I have nearly 150 target networks to deal with. We are on a Class A 10.x.x.x.x, Is there a better way to break this down or do I have to put a target entry for each subnet like the example. I don't want to combine networks because I don't want to broadcast that traffic over that many networks and hosts. Any ideas.
  L3(config-if)#
  interface vlan 3
  ip address 172.16.3.1 255.255.255.0
  ip helper-address 172.16.2.255
  ip helper-address 172.16.4.255

  I do not believe that there is a limit on how many helper addresses can be configured on a router. I am not sure if the same is true on a layer 3 switch (and I assume that what you are showing us is a layer 3 switch). You might just configure it will all the helper addresses and see if it works.
  It might be possible to implement some hierarchal approach. If your 150 networks were in 10 regions each of which had 15 networks, then it might be possible to put 10 helper addresses on the router/layer 3 switch where the WOL server is located with each helper address going to a region. On the subnet at each region there could be another router/layer 3 switch with 15 helper addresses to send the broadcast out to the networks in that region.
  HTH
  Rick

• Not able to use Apple tv across subnet

  Hi Guys,
  I have made a test setup which contain an cisco 2600 router, apple tv and Macbook pro with 10.9.2 OSX. Its pretty simple setup. One interface(Fa0/0) of the cisco router is connected to apple TV via ethernet cable in an network 10.0.1.0/24 and another interface (Fa0/1) is connected to Macbook pro in  network 10.0.2.0/24 via ethernet cable. Apple TV network ip is 10.0.1.2 whereas macook ip is 10.0.2.2. I am able to succesfully ping from macbook to apple tv, but not able to discover apple tv at all on my macbook. I tried every method, allowed udp port 5353 on router for bonjour discovery , but still no luck. Can any gentleman help me on this?

  Yes, we can mirror it across subnet. Thats what I am trying to figure out. People had done this eariler.

• SRM 7.0 Ship-to address by using search-help(F4).

  Hi,
  My problem -
  Create or change Ship-to address by using search-help(F4). After selection, new/changed address is not refreshed in detail screen of Ship-to adress. Default Ship-to address is displayed.
  I have looked at the SAP NOTE -1148246 which is the exact problem i have but the note is for older release and the changes mentioned in this SAP Note are done in my system.
  Thank you.
  Regards,
  Kailash.

  Hi
  did you crreate a new ship to address? or change the contact details of ship to address ?
  if you changed the ship to address . you must get updated address when you search.
  if you created new ship to address , you must get new ship to address when you search it.
  how did you change the ship to address ? - internal address?
  Muthu

• Communication across different subnets using DatagramSocket class

  Hi All
  I've written a simple client-server program to send broadcast messages across the network and receive them back after some processing. The problem is that the messages sent by the program are not received across the subnets i.e. my program broadcasts messages only on the one subnet. I am using DatagramSocket class. Is there any way to communicate across the subnets using DatagramSocket class or will I've to use the some other class like MulticastSocket?
  Thanks in advance
  Neeraj

  neejain wrote:
  The problem is that the messages sent by the program are not received across the subnets
  Your router/gateway is probably set up to drop udp. This is usually done by network administrators to prevent things like broadcast storms across large networks. If you have admin access to the router, you should be able to change it to allow routing of udp.
  God bless,
  -Toby Reyelts

• Clients using PXE don't get an IP address

  I'm trying to install an Altiris deplyment server but my clients even don't get an IP address during the PXE boot.
  I configured the port with "switchport host" and have on my router the command "ip helper" active.
  As soona s the clients boot their OS, they receive an IP address.
  Why aren't clients getting an IP address ( via DHCP ) when they boot in PXE but do get an IP address ( via DHCP ) when they boot their OS.
  Is this a IOS bug ???

  The command "switchport host" disables the spanning-tree on the port.
  I just found the problem.
  The Altiris deployment Ip address was faulty !
  It seems that the DHCP request and the boot file are connected together.
  If your PXE server isn't configured correct you wont get an DHCP address either