Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
755
Views
0
Helpful
4
Replies

SG350X-48MP DHCP binding - NACK for the same laptop

snuffy72205
Level 1
Level 1

‎07-31-2019 02:52 AM

I have an SG350X-48MP managing DHCP for a company we support. I have set up a Microsoft Deployment Toolkit (MDT) server to automate laptop builds. What I'm find is the following:
 
  1. Connect a brand new laptop out of the box and PXE boot to MDT (same issue with test virtual machine builds also)
  2. IP address is assigned and first part of the Preinstallation Environment download proceeds
  3. MDT then complains about an issue... but actually relates to not having an IP... confirmed by F8 and ipconfig /all showing a 169.154.x.x APIPA address. Can't proceed, 'Try again' button returns to same error dialogue box
  4. A Wireshark dump shows that the laptop is attempting to request/renew the IP address again, but the switch is sending NACKs. This just loops with the laptop requesting the IP and being sent NACKs... Discover, Offer, Request, NACK.
  5. On the Cisco switch... DHCP Server > Address Bindings, Locate MAC address, select the related binding and delete it.
  6. Hit 'Try again' button in MDT and the machine is granted an IP address and the install continues normally.
  7. Not ideal to have to remove the binding every time.

I'm not familiar with these switches so unsure what the issue is or how to troubleshoot further. Any advice on what is happening here? Is this somehow by design? Is there a workaround or option I need to configure? Hitting a brick wall here.

 

Thanks.

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎07-31-2019 03:54 AM

Hello,

 

when you clear the binding, is the MAC address displayed the actual real, physical MAC address of the laptop ?

 

It is kind of hard to troubleshoot this, but you might want to try and enable DHCP snooping and (DHCP Relay if applicable) on the SG350X (page 275 of the attached guide). Enable one interface and see if that problem disappears...

 

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/350xg/admin_guide/AG_Tesla_350_550.pdf

0 Helpful

snuffy72205
Level 1
Level 1
In response to Georg Pauwen

‎07-31-2019 04:02 AM

Thanks Georg.

 

Yes the MAC address is the physical MAC, I just compared the one I noted earlier to the 'ipconfig /all' result after the physical machine completed the build process and they are one and same MAC.

 

Never done the snooping/DHCP relay before but will read your link and see if I can enable them.

 

Thanks. Will report back.

0 Helpful

Georg Pauwen
VIP
VIP
In response to snuffy72205

‎07-31-2019 06:19 AM

Hello,

 

curious to know what will work, as this seems uncharted territory. I could not find a single document on how to configure the SG350X in combination with MDT...

0 Helpful

snuffy72205
Level 1
Level 1
In response to Georg Pauwen

‎08-01-2019 07:15 AM

Hi, yes, not a lot of info out there to go on is there!?

 

I was unable to enable the DHCP relay option as the switch is already the DHCP server (It will not permit enabling if the DHCP server is the switch). I enabled DHCP snooping globally and set all interfaces to Trusted, but this made no difference. I was unsure why this feature for DHCP security would have a positive effect anyway. From reading about this it appears to be used to prevent MITM attacks with rogue DHCP servers. Perhaps I'm overlooking something fundamental here?

 

I think I will try changing the DHCP server back to the ASA router this evening and see if I can enable an IP Helper on the router. I read that this is the preferred method for use with MDT (over DHCP Options).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card