Question

DHCP server not working for iPXE


The switch is BlackDiamond X8.
I’ve set dhcp server for our lab VLAN that I’m using for testing. The pool range and everything else works as intended.
I’ve configured options 66 and 67 to FOG server machine and that’s where it breaks. I’m getting:

Filename: undionly.kpxe
Could not start download: Operation not supported (http://ipxe.org/3c092003)

 

I can confirm that when using separate isc-dhcp server there’s no problem. But I’d like to utilize our switch.

Here’s snippet of my configuration:

VLAN "XXX_TEST":
    DHCP Address Range   : 192.168.xx.xx->192.168.xx.xx
    Netlogin Lease Timer : Not configured (Default = 10 seconds)
    DHCP Lease Timer     : 86400 seconds
    Default Gateway      : 192.168.xx.xx
    Primary DNS Server   : xx.xx.xx.xx
    DHCP Option Code  66 : ipaddress 192.168.xx.xx
    DHCP Option Code  67 : string "undionly.kpxe"
    Ports DHCP Enabled   : 1:21


29 replies

Userlevel 6
Badge +1

Hello,

do I understand correctly that the message:

Filename: undionly.kpxe

Could not start download: Operation not supported (http://ipxe.org/3c092003

is from you DHCP client?

Greetings, Stephan.
Yes, this is from my DHCP client (a workstation). It receives IP from the allocated pool then I get the quoted message. 

Userlevel 6
Badge +1

The easiest way to narrow down this is to do a wiresharktrace on you client (or on an mirror port on the swicht) to gather the DHCP-Messages. If you see the messages you can check if the values in the options are correct. If you can do the same while using you ISC you can compare the dhcp messages in both situations (= DHCP on ISC and DHCP on XOS).

I can’t see an error in your dhcp config directly. Therefore I assume something in the options is different.

 

Thanks for the advice! Guess I’ll have to level up my wireshark skills.

Userlevel 6
Badge +1

Wireshark is not difficult here. Just enter "bootp" in the displayfilter line. Then you will only see the DHCP messages. The DHCP options are displayed in plain text.

Managed to capture some frames.
On the working scenario I have DISCOVER and OFFER packets passing.
Here’s some output:

 

Frame 475: 342 bytes on wire (2736 bits), 342 bytes captured (2736 bits) on interface \Device\NPF_{4C63F991-A548-48B3-A772-5278B943AE7F}, id 0
Ethernet II, Src: e6:95:01:b5:0a:4e (e6:95:01:b5:0a:4e), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 192.168.230.51, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (Offer)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x9f77d344
Seconds elapsed: 10
Bootp flags: 0x8000, Broadcast flag (Broadcast)
Client IP address: 0.0.0.0
Your (client) IP address: 192.168.230.170
Next server IP address: 192.168.230.51
Relay agent IP address: 0.0.0.0
Client MAC address: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name: undionly.kpxe
Magic cookie: DHCP
Option: (53) DHCP Message Type (Offer)
Option: (54) DHCP Server Identifier (192.168.230.51)
Option: (51) IP Address Lease Time
Option: (1) Subnet Mask (255.255.255.0)
Option: (3) Router
Option: (6) Domain Name Server
Option: (15) Domain Name
Option: (255) End
Padding: 00000000000000000000000000000000

 

 

 

And here having the switch as DHCP I can see only two DISCOVER packets and one Request to which there seems to be no response at all.

 

Frame 370: 449 bytes on wire (3592 bits), 449 bytes captured (3592 bits) on interface \Device\NPF_{4C63F991-A548-48B3-A772-5278B943AE7F}, id 0
Ethernet II, Src: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Request)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xa41b0d65
Seconds elapsed: 14
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Request)
Option: (57) Maximum DHCP Message Size
Option: (93) Client System Architecture
Option: (94) Client Network Device Interface
Option: (60) Vendor class identifier
Option: (77) User Class Information
Option: (55) Parameter Request List
Option: (175) Etherboot
Option: (61) Client identifier
Option: (97) UUID/GUID-based Client Identifier
Option: (54) DHCP Server Identifier (192.168.230.253)
Option: (50) Requested IP Address (192.168.230.200)
Option: (255) End

 

 

Let me know if this helps or I should provide more data.

Userlevel 6
Badge +1

Hello,

in your first post you wrote:

I’ve set dhcp server for our lab VLAN that I’m using for testing. The pool range and everything else works as intended.


so I assumed that except for the two DHCP option DHCP works with XOS and the client receive a ip from the XOS DHCP. However, according to your last information, the client does not get an address from the DHCP server on the XOS switch. Is that correct?
I.e. the client has never received IP addresses from DHCP on the XOS switch, right?

Normaly you should see in both cases.

  1. Discover
  2. Offer
  3. Request
  4. ACK

Indeed, I wrote this and I can confirm that it works. I’ve set different range of addresses for both scenarios and right now the computer in front of me is working with ip address received from the pool of the switch (192.168.230.200 - 192.168.230.220). I realize how strange it may look, but that’s how it is.

Userlevel 6
Badge +1

Hmm, if a client get an ip address from an dhcp all for packets I wrote have to be here. Therefore the packets are missing in your trace. Discover and Request go into the same direction. Maybe you are logging only one direction?

I don’t have significant experience with Wireshark, but I’m doing exactly the same thing as I did with my working scenario. Just filtering everything with “bootp”. I’m capturing those frames using a Windows machine on the same subnet with interface in promiscuous mode.

Userlevel 6
Badge +1

In that way you are tracing you will see only broadcasts. The Offer can be a unicast and the ACK will be a unicast and a unicast will not reach you station. Therefore you have to create an mirror port or you can trace directly on the device getting the ip address.

Hi Stephan. Thank you for your time.
This morning I mirrored the port to the port of my Wireshark computer. Now I got  ONLY Offer and ACK frames. Here they are:

 

Frame 124877: 337 bytes on wire (2696 bits), 337 bytes captured (2696 bits) on interface \Device\NPF_{4C63F991-A548-48B3-A772-5278B943AE7F}, id 0
Ethernet II, Src: ExtremeN_9b:8e:d0 (00:04:96:9b:8e:d0), Dst: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
Internet Protocol Version 4, Src: 192.168.230.253, Dst: 192.168.230.200
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (Offer)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x1d398b73
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0
Your (client) IP address: 192.168.230.200
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (51) IP Address Lease Time
Option: (53) DHCP Message Type (Offer)
Option: (1) Subnet Mask (255.255.255.0)
Option: (54) DHCP Server Identifier (192.168.230.253)
Option: (3) Router
Option: (6) Domain Name Server
Option: (66) TFTP Server Name
Option: (67) Bootfile name
Option: (255) End

 

 

Frame 137003: 337 bytes on wire (2696 bits), 337 bytes captured (2696 bits) on interface \Device\NPF_{4C63F991-A548-48B3-A772-5278B943AE7F}, id 0
Ethernet II, Src: ExtremeN_9b:8e:d0 (00:04:96:9b:8e:d0), Dst: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
Internet Protocol Version 4, Src: 192.168.230.253, Dst: 192.168.230.200
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (ACK)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x1d398b73
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0
Your (client) IP address: 192.168.230.200
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (51) IP Address Lease Time
Option: (53) DHCP Message Type (ACK)
Option: (1) Subnet Mask (255.255.255.0)
Option: (54) DHCP Server Identifier (192.168.230.253)
Option: (3) Router
Option: (6) Domain Name Server
Option: (66) TFTP Server Name
Option: (67) Bootfile name
Option: (255) End

 

Userlevel 6
Badge +1

Greate, what we see is that option 66 and option 67 are present, that’s good. Normaly you should be able to expant the single option by clicking in wireshark. Can you do this for Option 66 ind 67? Then we will see what is the content of the options.

Option: (66) TFTP Server Name
Length: 4
TFTP Server Name: ���3


Option: (67) Bootfile name
Length: 13
Bootfile name: undionly.kpxe

 

Seems like option 66 is in wrong format, or for some reason looks unreadable.

67 seems to be correct.

Userlevel 6
Badge +1

Hello, yes that’s the point. How does the according config line looks like in your switch?

Userlevel 6
Badge +1

You can try to use “string” as type and set the ip like “192.168.x.x”

DHCP Address Range   : 192.168.230.200->192.168.230.220
Netlogin Lease Timer : Not configured (Default = 10 seconds)
DHCP Lease Timer : 86400 seconds
Default Gateway : 192.168.230.253
Primary DNS Server : xx.xx.xx.xx
DHCP Option Code 66 : ipaddress 192.168.230.51
DHCP Option Code 67 : string "undionly.kpxe"
Ports DHCP Enabled : 1:21,3:16

 

Here it is. I’ve selected “ipaddress” for option code 66 as it seems logical to me.

Userlevel 6
Badge +1

Because of option 66 is defined as the TFTP server name, I assume your server is looking for a string maybe.

Changed it to string. The option now is readable in the frame:

Option: (66) TFTP Server Name
Length: 14
TFTP Server Name: 192.168.230.51

 

but unfortunately the end result is the same. My client machine still doesn’t download the kpxe file and produces same error as in my initial post.

 

I can see that on my working example I do have value for “Next server IP address:”
Here it is missing.

Userlevel 6
Badge +1

So we are one step further. What you can do now is to trace while using your ISC as DHCP server and compare the traces from XOS dhcp and ISC dhcp. In this way you can check if there futher differences.

So the question is what I can do about that? On the ISC dhcp there is that option “next-server” which explains itself. But how I can set it on our XOS? 

Userlevel 6
Badge +1

Try first do create a trace with wireshark for ISC to compare both options (66,67) for ICS and XOS.

 

Frame 380: 342 bytes on wire (2736 bits), 342 bytes captured (2736 bits) on interface \Device\NPF_{4C63F991-A548-48B3-A772-5278B943AE7F}, id 0
Ethernet II, Src: e6:95:01:b5:0a:4e (e6:95:01:b5:0a:4e), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 192.168.230.51, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (ACK)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x8790a21c
Seconds elapsed: 18
Bootp flags: 0x8000, Broadcast flag (Broadcast)
Client IP address: 0.0.0.0
Your (client) IP address: 192.168.230.20
Next server IP address: 192.168.230.51
Relay agent IP address: 0.0.0.0
Client MAC address: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name: undionly.kpxe
Magic cookie: DHCP
Option: (53) DHCP Message Type (ACK)
Option: (54) DHCP Server Identifier (192.168.230.51)
Option: (51) IP Address Lease Time
Option: (1) Subnet Mask (255.255.255.0)
Option: (3) Router
Option: (6) Domain Name Server
Option: (15) Domain Name
Option: (255) End
Padding: 00000000000000000000000000000000

 

Apparently, the frames coming from isc-dhcp do not contain options 66 and 67, but have values for “Next server” and “Boot file name” which seems to be enough to boot iPXE.
I feel like I’m stuck.

Userlevel 6
Badge +1

Check the other dhcp messages please

 

Sorry, maybe I misunderstood you. 

Anyway, here’s everything that appeared in Wireshark.
 

0.0.0.0		    255.255.255.255	    DHCP	451	DHCP Discover
192.168.230.253 255.255.255.255 DHCP 347 DHCP Offer
192.168.230.51 255.255.255.255 DHCP 342 DHCP Offer
0.0.0.0 255.255.255.255 DHCP 463 DHCP Request
192.168.230.51 255.255.255.255 DHCP 342 DHCP ACK
0.0.0.0 255.255.255.255 DHCP 342 DHCP Request

The offer coming from 230.253 (which is my gateway interface on the switch) contains option 66 and 67. I’ve disabled the dhcp though!
Afterwards 230.51 provides the working Offer with no options.

Reply