Question

DHCP server not working for iPXE

E

The switch is BlackDiamond X8.
I’ve set dhcp server for our lab VLAN that I’m using for testing. The pool range and everything else works as intended.
I’ve configured options 66 and 67 to FOG server machine and that’s where it breaks. I’m getting:

Filename: undionly.kpxe
Could not start download: Operation not supported (http://ipxe.org/3c092003)

 

I can confirm that when using separate isc-dhcp server there’s no problem. But I’d like to utilize our switch.

Here’s snippet of my configuration:

VLAN "XXX_TEST":
    DHCP Address Range   : 192.168.xx.xx->192.168.xx.xx
    Netlogin Lease Timer : Not configured (Default = 10 seconds)
    DHCP Lease Timer     : 86400 seconds
    Default Gateway      : 192.168.xx.xx
    Primary DNS Server   : xx.xx.xx.xx
    DHCP Option Code  66 : ipaddress 192.168.xx.xx
    DHCP Option Code  67 : string "undionly.kpxe"
    Ports DHCP Enabled   : 1:21

29 replies

StephanH
Userlevel 6
Badge +1

Hello,

do I understand correctly that the message:

Filename: undionly.kpxe

Could not start download: Operation not supported (http://ipxe.org/3c092003

is from you DHCP client?

Regards Stephan
E

Greetings, Stephan.
Yes, this is from my DHCP client (a workstation). It receives IP from the allocated pool then I get the quoted message. 

StephanH
Userlevel 6
Badge +1

The easiest way to narrow down this is to do a wiresharktrace on you client (or on an mirror port on the swicht) to gather the DHCP-Messages. If you see the messages you can check if the values in the options are correct. If you can do the same while using you ISC you can compare the dhcp messages in both situations (= DHCP on ISC and DHCP on XOS).

I can’t see an error in your dhcp config directly. Therefore I assume something in the options is different.

 

Regards Stephan
E

Thanks for the advice! Guess I’ll have to level up my wireshark skills.

StephanH
Userlevel 6
Badge +1

Wireshark is not difficult here. Just enter "bootp" in the displayfilter line. Then you will only see the DHCP messages. The DHCP options are displayed in plain text.

Regards Stephan
E

Managed to capture some frames.
On the working scenario I have DISCOVER and OFFER packets passing.
Here’s some output:

 

Frame 475: 342 bytes on wire (2736 bits), 342 bytes captured (2736 bits) on interface \Device\NPF_{4C63F991-A548-48B3-A772-5278B943AE7F}, id 0
Ethernet II, Src: e6:95:01:b5:0a:4e (e6:95:01:b5:0a:4e), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 192.168.230.51, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (Offer)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x9f77d344
    Seconds elapsed: 10
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 192.168.230.170
    Next server IP address: 192.168.230.51
    Relay agent IP address: 0.0.0.0
    Client MAC address: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name: undionly.kpxe
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Offer)
    Option: (54) DHCP Server Identifier (192.168.230.51)
    Option: (51) IP Address Lease Time
    Option: (1) Subnet Mask (255.255.255.0)
    Option: (3) Router
    Option: (6) Domain Name Server
    Option: (15) Domain Name
    Option: (255) End
    Padding: 00000000000000000000000000000000

 

 

 

And here having the switch as DHCP I can see only two DISCOVER packets and one Request to which there seems to be no response at all.

 

Frame 370: 449 bytes on wire (3592 bits), 449 bytes captured (3592 bits) on interface \Device\NPF_{4C63F991-A548-48B3-A772-5278B943AE7F}, id 0
Ethernet II, Src: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Request)
    Message type: Boot Request (1)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0xa41b0d65
    Seconds elapsed: 14
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 0.0.0.0
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Request)
    Option: (57) Maximum DHCP Message Size
    Option: (93) Client System Architecture
    Option: (94) Client Network Device Interface
    Option: (60) Vendor class identifier
    Option: (77) User Class Information
    Option: (55) Parameter Request List
    Option: (175) Etherboot
    Option: (61) Client identifier
    Option: (97) UUID/GUID-based Client Identifier
    Option: (54) DHCP Server Identifier (192.168.230.253)
    Option: (50) Requested IP Address (192.168.230.200)
    Option: (255) End

 

 

Let me know if this helps or I should provide more data.

StephanH
Userlevel 6
Badge +1

Hello,

in your first post you wrote:

I’ve set dhcp server for our lab VLAN that I’m using for testing. The pool range and everything else works as intended.


so I assumed that except for the two DHCP option DHCP works with XOS and the client receive a ip from the XOS DHCP. However, according to your last information, the client does not get an address from the DHCP server on the XOS switch. Is that correct?
I.e. the client has never received IP addresses from DHCP on the XOS switch, right?

Normaly you should see in both cases.

  1. Discover
  2. Offer
  3. Request
  4. ACK
Regards Stephan
E

Indeed, I wrote this and I can confirm that it works. I’ve set different range of addresses for both scenarios and right now the computer in front of me is working with ip address received from the pool of the switch (192.168.230.200 - 192.168.230.220). I realize how strange it may look, but that’s how it is.

StephanH
Userlevel 6
Badge +1

Hmm, if a client get an ip address from an dhcp all for packets I wrote have to be here. Therefore the packets are missing in your trace. Discover and Request go into the same direction. Maybe you are logging only one direction?

Regards Stephan
E

I don’t have significant experience with Wireshark, but I’m doing exactly the same thing as I did with my working scenario. Just filtering everything with “bootp”. I’m capturing those frames using a Windows machine on the same subnet with interface in promiscuous mode.

StephanH
Userlevel 6
Badge +1

In that way you are tracing you will see only broadcasts. The Offer can be a unicast and the ACK will be a unicast and a unicast will not reach you station. Therefore you have to create an mirror port or you can trace directly on the device getting the ip address.

Regards Stephan
E

Hi Stephan. Thank you for your time.
This morning I mirrored the port to the port of my Wireshark computer. Now I got  ONLY Offer and ACK frames. Here they are:

 

Frame 124877: 337 bytes on wire (2696 bits), 337 bytes captured (2696 bits) on interface \Device\NPF_{4C63F991-A548-48B3-A772-5278B943AE7F}, id 0
Ethernet II, Src: ExtremeN_9b:8e:d0 (00:04:96:9b:8e:d0), Dst: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
Internet Protocol Version 4, Src: 192.168.230.253, Dst: 192.168.230.200
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (Offer)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x1d398b73
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 192.168.230.200
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (51) IP Address Lease Time
    Option: (53) DHCP Message Type (Offer)
    Option: (1) Subnet Mask (255.255.255.0)
    Option: (54) DHCP Server Identifier (192.168.230.253)
    Option: (3) Router
    Option: (6) Domain Name Server
    Option: (66) TFTP Server Name
    Option: (67) Bootfile name
    Option: (255) End

 

 

Frame 137003: 337 bytes on wire (2696 bits), 337 bytes captured (2696 bits) on interface \Device\NPF_{4C63F991-A548-48B3-A772-5278B943AE7F}, id 0
Ethernet II, Src: ExtremeN_9b:8e:d0 (00:04:96:9b:8e:d0), Dst: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
Internet Protocol Version 4, Src: 192.168.230.253, Dst: 192.168.230.200
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (ACK)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x1d398b73
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 192.168.230.200
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (51) IP Address Lease Time
    Option: (53) DHCP Message Type (ACK)
    Option: (1) Subnet Mask (255.255.255.0)
    Option: (54) DHCP Server Identifier (192.168.230.253)
    Option: (3) Router
    Option: (6) Domain Name Server
    Option: (66) TFTP Server Name
    Option: (67) Bootfile name
    Option: (255) End

 

StephanH
Userlevel 6
Badge +1

Greate, what we see is that option 66 and option 67 are present, that’s good. Normaly you should be able to expant the single option by clicking in wireshark. Can you do this for Option 66 ind 67? Then we will see what is the content of the options.

Regards Stephan
E 
Option: (66) TFTP Server Name
    Length: 4
    TFTP Server Name: ���3


Option: (67) Bootfile name
    Length: 13
    Bootfile name: undionly.kpxe

 

Seems like option 66 is in wrong format, or for some reason looks unreadable.

67 seems to be correct.

StephanH
Userlevel 6
Badge +1

Hello, yes that’s the point. How does the according config line looks like in your switch?

Regards Stephan
StephanH
Userlevel 6
Badge +1

You can try to use “string” as type and set the ip like “192.168.x.x”

Regards Stephan
E 
DHCP Address Range   : 192.168.230.200->192.168.230.220
    Netlogin Lease Timer : Not configured (Default = 10 seconds)
    DHCP Lease Timer     : 86400 seconds
    Default Gateway      : 192.168.230.253
    Primary DNS Server   : xx.xx.xx.xx
    DHCP Option Code  66 : ipaddress 192.168.230.51
    DHCP Option Code  67 : string "undionly.kpxe"
    Ports DHCP Enabled   : 1:21,3:16

 

Here it is. I’ve selected “ipaddress” for option code 66 as it seems logical to me.

StephanH
Userlevel 6
Badge +1

Because of option 66 is defined as the TFTP server name, I assume your server is looking for a string maybe.

Regards Stephan
E

Changed it to string. The option now is readable in the frame:

Option: (66) TFTP Server Name
    Length: 14
    TFTP Server Name: 192.168.230.51

 

but unfortunately the end result is the same. My client machine still doesn’t download the kpxe file and produces same error as in my initial post.

 

I can see that on my working example I do have value for “Next server IP address:”
Here it is missing.

StephanH
Userlevel 6
Badge +1

So we are one step further. What you can do now is to trace while using your ISC as DHCP server and compare the traces from XOS dhcp and ISC dhcp. In this way you can check if there futher differences.

Regards Stephan
E

So the question is what I can do about that? On the ISC dhcp there is that option “next-server” which explains itself. But how I can set it on our XOS? 

StephanH
Userlevel 6
Badge +1

Try first do create a trace with wireshark for ISC to compare both options (66,67) for ICS and XOS.

 

Regards Stephan
E 
Frame 380: 342 bytes on wire (2736 bits), 342 bytes captured (2736 bits) on interface \Device\NPF_{4C63F991-A548-48B3-A772-5278B943AE7F}, id 0
Ethernet II, Src: e6:95:01:b5:0a:4e (e6:95:01:b5:0a:4e), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 192.168.230.51, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (ACK)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x8790a21c
    Seconds elapsed: 18
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 192.168.230.20
    Next server IP address: 192.168.230.51
    Relay agent IP address: 0.0.0.0
    Client MAC address: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name: undionly.kpxe
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (ACK)
    Option: (54) DHCP Server Identifier (192.168.230.51)
    Option: (51) IP Address Lease Time
    Option: (1) Subnet Mask (255.255.255.0)
    Option: (3) Router
    Option: (6) Domain Name Server
    Option: (15) Domain Name
    Option: (255) End
    Padding: 00000000000000000000000000000000

 

Apparently, the frames coming from isc-dhcp do not contain options 66 and 67, but have values for “Next server” and “Boot file name” which seems to be enough to boot iPXE.
I feel like I’m stuck.

StephanH
Userlevel 6
Badge +1

Check the other dhcp messages please

 

Regards Stephan
E

Sorry, maybe I misunderstood you. 

Anyway, here’s everything that appeared in Wireshark.
 

0.0.0.0		    255.255.255.255	    DHCP	451	DHCP Discover
192.168.230.253	255.255.255.255	    DHCP	347	DHCP Offer
192.168.230.51	255.255.255.255	    DHCP	342	DHCP Offer
0.0.0.0		    255.255.255.255	    DHCP	463	DHCP Request  
192.168.230.51	255.255.255.255	    DHCP	342	DHCP ACK     
0.0.0.0		    255.255.255.255	    DHCP	342	DHCP Request

The offer coming from 230.253 (which is my gateway interface on the switch) contains option 66 and 67. I’ve disabled the dhcp though!
Afterwards 230.51 provides the working Offer with no options.

Reply