My main objective is to set up the WDS for client installs. However the WDS server and the clients are in different subnets (and on occasion different VLANs).
It isn't working out this far though, the which client doing the PXE boot won't receive any answer from the server subnet.
It works fine if I put the WDS server in the same subnet, as the client asking for the install.
About the environment:
I did some research on the topic, and found out that I either use Option 66/67 or go the IP Helper route.
Unfortunately this ASA router doesn't support Option 66/67, and I'm really not at all versed with Cisco/networking. I can't even find those IP Helper options in our router.
Tried to play around with a lot of things... among many others: the DHCP relay settings, also looked at the switch Static Hosts function (seen options 66-67 there) --> zero success this far.
Can someone please point me in the right direction?
It is a production environment, while it's rather small, my options for experimenting are still limited.
Since my networking/Cisco knowledge is rather poor, I'm using the ASDM GUI.
Thanks in advance!
Based on your description, I have drafted the attached network diagram and hoping it somewhat resembles your environment. Please verify if you have the required NAT, Routes, and ACL Policies inplace.
Your config should look like this:
ip address 192.168.1.1 255.255.255.0
ip address 126.96.36.199 255.255.255.0
static (WDS-NW,CLIENT-NW) 188.8.131.52 184.108.40.206 netmask 255.255.255.0
access-group acl_CLIENT-NW in interface CLIENT-NW
access-list acl_CLIENT-NW extended permit ip 192.168.1.0 255.255.255.0 220.127.116.11 255.255.255.0
ip route 18.104.22.168 mask 255.255.255.0 gateway 192.168.1.1
ip route 192.168.1.0 mask 255.255.255.0 gateway 22.214.171.124
According to this table, Option 67 seems to be unsupported by our ASA: https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/dhcp.html#wp1115679
Is there be a similar option on the switch? I couldn't find it.
Thank you for the drawing! It's a bit different in reality though (btw what software did you use to create it? I might try to do a diagram of my own, might help us a bit)
Actually, everything is behind the ASA router/firewall, and all of our devices are on the SG500-52 switch.
The old and the new domain controllers are on the same VLAN/subnet (dedicated to servers) as well, with zero DHCP used on that subnet.
Since I'm using the GUI and haven't really touched the CLI yet, I don't see yet how will the recommended settings forward any requests made by client computers towards the WDS. Which rule-policy will achieve this?
The VLAN part of your suggestions seems to be alright in our config, however I think the ACL policies might be missing.
Based on the symptoms you mentioned, It might be an issue with the routing / ACL policies.
Would you be able to share the relevant config files so that we can check further? Thank you.
All in all, I've found out that there might not be a way to do this, only if the DHCP role will be migrated to a Windows Server. The switch and the ASA missing the necessary options. As a workaround, I've placed the WDS server in the subnet where the client installs take place, so it works fine.
Later on I'm going to stop using the ASA as a DHCP.