Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6232
Views
0
Helpful
1
Replies

WDS and Cisco DHCP

Rory Hamaker
Level 1
Level 1

‎04-24-2012 12:09 PM - edited ‎03-07-2019 06:19 AM

Guys (and ladies), I am banging my head on a wall trying to figure this problem out.  I have a Windows Deployment Server (WDS) running on a lan with an address of 192.168.1.x.  I am trying to PXE boot clients in the range of 192.168.9.x and i keep getting the "No Boot File Received" error.  My primary layer 3 switch is a 3560G 48 port and it is handling the routing and vlans.  There are ACL's setup but .1 is my server vlan so everything has access to that vlan.  I have also setup the option 60 on the DHCP pool on the switch to point back to my WDS server.  All of this was working great before i switched over and let the switch handle DHCP, but due to some new security concerns i am having to move this direction with DHCP.  I have posted the primary snippets of the config for the "main" switch below:

Current configuration : 23275domain-name OMITTED bytes

!

! Last configuration change at 22:56:58 central Sat Mar 6 1993 by

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname 2097_Dev_3560

!

boot-start-marker

boot-end-marker

!

!

logging console emergencies

!

no aaa new-model

clock timezone central -6 0

system mtu routing 1500

no ip source-route

ip routing

ip domain-name OMITTED

ip name-server 192.168.1.8

ip name-server 192.168.1.78

!

!

ip dhcp pool Dev7

   network 192.168.7.0 255.255.255.0

   default-router 192.168.7.1

   dns-server 192.168.1.8 192.168.1.78

   domain-name OMITTED

   address 192.168.7.30 client-id *

!

ip dhcp pool Dev2

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.1

   dns-server 192.168.1.8 192.168.1.78

   domain-name OMITTED

   address 192.168.2.16 client-id *

   address 192.168.2.50 client-id *

   address 192.168.2.110 client-id*

   address 192.168.2.120 client-id *

!

ip dhcp pool Dev4

   network 192.168.4.0 255.255.255.0

   dns-server 192.168.1.8 192.168.1.78

   domain-name OMITTED

   default-router 192.168.4.1

!

ip dhcp pool Dev5

   network 192.168.5.0 255.255.255.0

   dns-server 192.168.1.8 192.168.1.78

   default-router 192.168.5.1

   domain-name OMITTED

!

ip dhcp pool Dev8

   network 192.168.8.0 255.255.255.0

   domain-name OMITTED

   default-router 192.168.8.1

   dns-server 192.168.1.8 192.168.1.78

!

ip dhcp pool Dev9

   network 192.168.9.0 255.255.255.0

   dns-server 192.168.1.8 192.168.1.78

   default-router 192.168.9.1

   domain-name OMITTED

   option 60 ip 192.168.1.78

   option 66 ip 192.168.1.78

!

ip dhcp pool Dev50

   network 192.168.50.0 255.255.255.0

   domain-name OMITTED

   default-router 192.168.50.1

   dns-server 192.168.1.8 192.168.1.78

!

ip dhcp pool Dev3

   network 192.168.3.0 255.255.255.0

   dns-server 192.168.1.8 192.168.1.78

   domain-name *

   default-router 192.168.3.1

   address 192.168.3.3 client-id *

   address 192.168.3.4 client-id *

   address 192.168.3.5 client-id *

   address 192.168.3.6 client-id *

   address 192.168.3.7 client-id *

   address 192.168.3.8 client-id *

   address 192.168.3.9 client-id *

   address 192.168.3.10 client-id *

   address 192.168.3.11 client-id *

   address 192.168.3.26 client-id *

!

!

!

!

key chain key_rotation

key 10

  key-string 7 14343B382F2B7B7B

  accept-lifetime 00:00:00 Jan 1 2012 00:30:00 Jun 30 2030

  send-lifetime 00:00:00 Jan 1 2012 00:00:00 Jun 30 2030

key chain main

key 1

!

crypto pki trustpoint TP-self-signed-*

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-*

revocation-check none

rsakeypair TP-self-signed-*

!

!

crypto pki certificate chain TP-self-signed-*

certificate self-signed 01

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh version 2

!

!

!

!

!

!

interface Loopback0

ip address 192.168.254.254 255.255.255.0

!

interface GigabitEthernet0/1

switchport access vlan 6

switchport mode access

switchport port-security maximum 5

switchport port-security

switchport port-security violation protect

spanning-tree portfast

!

OMITTED FOR SPACE - EACH PORT CONFIGURED LIKE PORT 1

!

interface GigabitEthernet0/52

switchport trunk encapsulation dot1q

switchport trunk native vlan 20

switchport mode trunk

!

interface Vlan1

no ip address

shutdown

!

interface Vlan2

ip address 192.168.2.1 255.255.255.0

ip access-group 102 in

ip helper-address 192.168.1.8

ip helper-address 192.168.1.78

!

interface Vlan3

ip address 192.168.3.1 255.255.255.0

ip access-group 103 in

ip helper-address 192.168.1.8

ip helper-address 192.168.1.78

ip helper-address 192.168.3.1

!

interface Vlan4

ip address 192.168.4.1 255.255.255.0

ip access-group 104 in

ip helper-address 192.168.1.8

ip helper-address 192.168.1.78

!

interface Vlan5

ip address 192.168.5.1 255.255.255.0

ip access-group 105 in

ip helper-address 192.168.1.8

ip helper-address 192.168.1.78

!

interface Vlan6

ip address 192.168.1.254 255.255.255.0

ip helper-address 192.168.1.78

!

interface Vlan7

ip address 192.168.7.1 255.255.255.0

ip access-group 107 in

ip helper-address 192.168.1.78

!

interface Vlan8

ip address 192.168.8.1 255.255.255.0

ip access-group 108 in

ip helper-address 192.168.1.8

ip helper-address 192.168.1.78

!

interface Vlan9

ip address 192.168.9.1 255.255.255.0

ip access-group 109 in

!

interface Vlan20

no ip address

!

interface Vlan50

ip address 192.168.50.1 255.255.255.0

ip helper-address 192.168.1.8

ip helper-address 192.168.1.78

!

interface Vlan90

ip address 10.20.20.1 255.255.255.0

!

interface Vlan98

ip address 192.168.98.1 255.255.255.0

!

interface Vlan99

ip address 192.168.99.1 255.255.255.0

ip access-group 199 in

!

interface Vlan100

ip address 192.168.100.1 255.255.255.0

ip helper-address 192.168.1.8

ip helper-address 192.168.1.78

ip helper-address 192.168.1.6

!

interface Vlan710

ip address 192.168.10.1 255.255.255.0

ip access-group 110 in

ip helper-address 192.168.1.8

ip helper-address 192.168.1.78

!

!        

router eigrp 563

redistribute static

no eigrp log-neighbor-changes

!

ip default-gateway 192.168.1.254

ip http server

no ip http secure-server

!

!

!

ip access-list extended SSH-Clients

!

ip radius source-interface Loopback0

logging esm config

access-list 3 permit any log

access-list 101 permit udp any 192.168.1.0 0.0.0.255 eq bootps

access-list 101 permit udp any host 255.255.255.255 eq bootps

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.8.0 0.0.0.255

access-list 102 permit udp any 192.168.1.0 0.0.0.255 eq bootps

access-list 102 permit udp any host 255.255.255.255 eq bootps

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 102 permit ip 192.168.50.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.50.0 0.0.0.255

access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 103 permit udp any 192.168.1.0 0.0.0.255 eq bootps

access-list 103 permit udp any host 255.255.255.255 eq bootps

access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.50.0 0.0.0.255

access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 104 permit udp any 192.168.1.0 0.0.0.255 eq bootps

access-list 104 permit udp any host 255.255.255.255 eq bootps

access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.50.0 0.0.0.255

access-list 105 permit ip 192.168.5.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 105 permit udp any 192.168.1.0 0.0.0.255 eq bootps

access-list 105 permit udp any host 255.255.255.255 eq bootps

access-list 105 permit ip 192.168.5.0 0.0.0.255 192.168.50.0 0.0.0.255

access-list 106 permit ip 192.168.6.0 0.0.0.255 192.168.50.0 0.0.0.255

access-list 107 permit ip 192.168.7.0 0.0.0.255 192.168.8.0 0.0.0.255

access-list 107 permit ip 192.168.7.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 107 permit ip 192.168.7.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 107 permit udp any 192.168.1.0 0.0.0.255 eq bootps

access-list 107 permit udp any host 255.255.255.255 eq bootps

access-list 107 permit ip 192.168.7.0 0.0.0.255 192.168.50.0 0.0.0.255

access-list 108 permit ip 192.168.8.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 108 permit ip 192.168.8.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 108 permit ip 192.168.8.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 108 permit udp any 192.168.1.0 0.0.0.255 eq bootps

access-list 108 permit udp any host 255.255.255.255 eq bootps

access-list 108 permit ip 192.168.8.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 108 permit ip 192.168.8.0 0.0.0.255 192.168.50.0 0.0.0.255

access-list 109 permit ip 192.168.9.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 109 permit udp any 192.168.1.0 0.0.0.255 eq bootps

access-list 109 permit udp any host 255.255.255.255 eq bootps

access-list 109 permit ip 192.168.9.0 0.0.0.255 192.168.50.0 0.0.0.255

access-list 110 permit ip 192.168.10.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 110 permit ip 192.168.10.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 110 permit ip 192.168.10.0 0.0.0.255 192.168.8.0 0.0.0.255

access-list 110 permit udp any host 255.255.255.255 eq bootps

access-list 110 permit udp any 192.168.1.0 0.0.0.255 eq bootps

access-list 110 permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 110 permit ip 192.168.10.0 0.0.0.255 192.168.50.0 0.0.0.255

access-list 199 deny   ip any any

!

!

banner motd ^C**************************************************************************

details removed

**************************************************************************^C

!

line con 0

logging synchronous

login local

line vty 0 4

access-class 3 in

login local

transport input ssh

line vty 5 15

access-class 3 in

login local

transport input ssh

!

ntp authentication-key 10 md5 020B055205 7

ntp authenticate

ntp trusted-key 10

ntp source Loopback0

ntp server 192.168.1.8

end

Labels:
0 Helpful
1 Reply 1

Peter Paluch
Cisco Employee
Cisco Employee

‎04-24-2012 03:37 PM

Hi Rory,

I have only very seldomly configured DHCP with PXE-enabling options. However, one thing I am missing here is the bootfile directive that should tell the PXE clients which file to download from the server and execute during the boot phase. This file has to be downloadable via TFTP from the WDS server. Sadly, I do not know what the value is supposed to be - in case you do not know, either, it may be helpful to capture and analyze the communication between a PXE client and the former DHCP server on the WDS to see the individual options and their values - and then configure them identically on Cisco DHCP server.

It should be noted, however, that even Cisco considers the DHCP server functionality in IOS as being rather simplistic and limited, and if more complex DHCP scenarios are required, you should really consider using a dedicated DHCP server.

Best regards,

Peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card