DHCP options and PXE boot

Showing results for 
Search instead for 
Did you mean: 

DHCP options and PXE boot

L2 Linker



we have just recently made a change in where we moved clients from one segment to a new one. We are using WDS for PXE boot and the WDS server (MDT 2013) is on a different segment than the clients. The Palo is our DHCP server for clients and we have defined some options in our DHCP scope (option 66 pointing to the WDS server and option 67 pointing to the bootfile).


This setup is not working, the PXE boot process stops telling me it cannot find the TFPT server (PXE-032). Any suggestions are much appreciated.



Tony Lewis


Thanks for the input BPry! I will give it a go.






the Default Gateway is also the DNS server;



If your DNS server ip address is a palo interface then it won't work as palo cannot be used as a DNS server. Test with ip address of TFTP server instead 

Will do!

Okey, this is getting a bit confusing now. I've changed from the FQDN to the ip-address of the TFTP/WDS server, same result as before. I will go through all policies and zones to make sure I haven't messed things up.



Yes, it is a bit confusing. Are you able to test this set-up with the PC/laptop connected to this subinterface? You can initiate TFTP by connecting to the TFTP server with the tftp32 or similar software from the laptop GUI. This, at least, will prove policy and Layer 3 correct operation.

Hmm, okey, I've now been able to get a file from the TFTP/WDS server by putting my client on the PXE client subnet;

C:\temp>tftp -i vr-deploy.invmgt.wan get Boot\x64\wdsmgfw.efi
Transfer successful: 1007968 bytes in 2 second(s), 503984 bytes/s


This would mean that the communication between the different subnets is working in regards of TFTP. I took some time though for the connection to be established, the PXE-032 error I get when PXE session is started might emply there's a timing issue?



I would attempt to port mirror the traffic off your switch and wireshark it to see what is actually happening; if it's taking a long time to actually make a connecton you could easily be hitting the default timeout of 300 if that is still present in your configuration. 



after running a Wireshark capture I can tell the DORA process isn't working, I do get a Discover, Offer and a ACK but no Request. Could it be that I need to setup IP helper on the actual VLAN present at my Cisco switches?

IP helper should be placed only at your Layer 3 boundary when you actually leaving you subnet. So you talking to the DHCP server (Palo interface) it just weird why the client is not requesting ip address after offer. Post the dora pcap screenshot, please.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!