05-25-2018 05:33 AM - edited 03-08-2019 03:08 PM
Hello,
My main objective is to set up the WDS for client installs. However the WDS server and the clients are in different subnets (and on occasion different VLANs).
It isn't working out this far though, the which client doing the PXE boot won't receive any answer from the server subnet.
It works fine if I put the WDS server in the same subnet, as the client asking for the install.
About the environment:
I did some research on the topic, and found out that I either use Option 66/67 or go the IP Helper route.
Unfortunately this ASA router doesn't support Option 66/67, and I'm really not at all versed with Cisco/networking. I can't even find those IP Helper options in our router.
Tried to play around with a lot of things... among many others: the DHCP relay settings, also looked at the switch Static Hosts function (seen options 66-67 there) --> zero success this far.
Can someone please point me in the right direction?
It is a production environment, while it's rather small, my options for experimenting are still limited.
Since my networking/Cisco knowledge is rather poor, I'm using the ASDM GUI.
Thanks in advance!
Regards,
Zsolt
05-27-2018 03:59 AM - edited 05-27-2018 04:01 AM
Hi Zsolt,
Based on your description, I have drafted the attached network diagram and hoping it somewhat resembles your environment. Please verify if you have the required NAT, Routes, and ACL Policies inplace.
Your config should look like this:
ASA#
interface Ethernet0/1
vlan 100
nameif CLIENT-NW
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/2
vlan 200
nameif WDS-NW
security-level 100
ip address 1.1.1.1 255.255.255.0
!
static (WDS-NW,CLIENT-NW) 1.1.1.1 1.1.1.1 netmask 255.255.255.0
access-group acl_CLIENT-NW in interface CLIENT-NW
access-list acl_CLIENT-NW extended permit ip 192.168.1.0 255.255.255.0 1.1.1.0 255.255.255.0
Client Servers
ip route 1.1.1.0 mask 255.255.255.0 gateway 192.168.1.1
WDS Servers
ip route 192.168.1.0 mask 255.255.255.0 gateway 1.1.1.1
05-27-2018 04:09 AM
Are you using DHCP with option 66 and/or 67?
05-28-2018 04:33 AM
According to this table, Option 67 seems to be unsupported by our ASA: https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/dhcp.html#wp1115679
Is there be a similar option on the switch? I couldn't find it.
05-28-2018 04:59 AM
Hi Jean-Pierre,
Thank you for the drawing! It's a bit different in reality though (btw what software did you use to create it? I might try to do a diagram of my own, might help us a bit)
Actually, everything is behind the ASA router/firewall, and all of our devices are on the SG500-52 switch.
The old and the new domain controllers are on the same VLAN/subnet (dedicated to servers) as well, with zero DHCP used on that subnet.
Since I'm using the GUI and haven't really touched the CLI yet, I don't see yet how will the recommended settings forward any requests made by client computers towards the WDS. Which rule-policy will achieve this?
The VLAN part of your suggestions seems to be alright in our config, however I think the ACL policies might be missing.
05-28-2018 06:53 AM
06-03-2018 11:55 PM
Hi Zsolt,
Based on the symptoms you mentioned, It might be an issue with the routing / ACL policies.
Would you be able to share the relevant config files so that we can check further? Thank you.
Best Regards,
Jean-Pierre
06-15-2018 07:24 AM
All in all, I've found out that there might not be a way to do this, only if the DHCP role will be migrated to a Windows Server. The switch and the ASA missing the necessary options. As a workaround, I've placed the WDS server in the subnet where the client installs take place, so it works fine.
Later on I'm going to stop using the ASA as a DHCP.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: