DHCP options and PXE boot

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L2 Linker

Thanks for the input BPry! I will give it a go.

 

Regards,

Tony

Highlighted
L2 Linker

Hi,

 

the Default Gateway is also the DNS server;

 

DHCP_DNS.GIF

Highlighted
L6 Presenter

If your DNS server ip address is a palo interface then it won't work as palo cannot be used as a DNS server. Test with ip address of TFTP server instead 

Highlighted
L2 Linker

Will do!

Highlighted
L2 Linker

Okey, this is getting a bit confusing now. I've changed from the FQDN to the ip-address of the TFTP/WDS server, same result as before. I will go through all policies and zones to make sure I haven't messed things up.

Highlighted
L6 Presenter

Hey,

 

Yes, it is a bit confusing. Are you able to test this set-up with the PC/laptop connected to this subinterface? You can initiate TFTP by connecting to the TFTP server with the tftp32 or similar software from the laptop GUI. This, at least, will prove policy and Layer 3 correct operation.

Highlighted
L2 Linker

Hmm, okey, I've now been able to get a file from the TFTP/WDS server by putting my client on the PXE client subnet;

C:\temp>tftp -i vr-deploy.invmgt.wan get Boot\x64\wdsmgfw.efi
Transfer successful: 1007968 bytes in 2 second(s), 503984 bytes/s

 

This would mean that the communication between the different subnets is working in regards of TFTP. I took some time though for the connection to be established, the PXE-032 error I get when PXE session is started might emply there's a timing issue?

 

Sigh....

Highlighted
Cyber Elite

I would attempt to port mirror the traffic off your switch and wireshark it to see what is actually happening; if it's taking a long time to actually make a connecton you could easily be hitting the default timeout of 300 if that is still present in your configuration. 

L2 Linker

Hi,

 

after running a Wireshark capture I can tell the DORA process isn't working, I do get a Discover, Offer and a ACK but no Request. Could it be that I need to setup IP helper on the actual VLAN present at my Cisco switches?

Highlighted
L6 Presenter

IP helper should be placed only at your Layer 3 boundary when you actually leaving you subnet. So you talking to the DHCP server (Palo interface) it just weird why the client is not requesting ip address after offer. Post the dora pcap screenshot, please.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!