Wired Intelligent Edge

Hey all, 

We recently changed out our core router from an Enterasys S4 to an Aruba 5412Rzl2 and since then we have been unable to complete a PXE boot into a boot wim file when the client computer is on a different VLAN than the imaging server. It works fine if the client computer is on the same VLAN as the imaging server, which tells me something isn't crossing the router correctly. 

DHCP scope options 66 and 67 are set pointing at the correct server and the correct boot wim file. The clients get an IP and start to download the boot wim, but the download doesn't appear to complete. I can see some TFTP traffic coming from the imaging server to the client when I do a packet capture, however, when compared to a packet capture if the client is on the same VLAN as the imaging server there are far fewer TFTP packets, which leads be to believe the boot wim isn't being fully downloaded.

I've also tried enabling udp broadcast forwarding globally with specific settings on the client VLANs for udp forwarders pointing at the imaging server for ports udp/69 and udp/4011, but this hasn't helped.

Additionally, while there are both inbound and outbound ACLs applied to both the client and server VLANs, these do not block this kind of traffic for either VLAN. I have removed all the ACLs from the VLANs and tested and the issue still occurs, so it doesn't appear to be ACL related. 

MTU is 1500 across the board. No Jumbo Frames enabled. 

I appreciate any ideas and feedback. Thanks.

Greetings!

Do you have a sanitized 5412R configuration that you can post so we can figure out if there is anything missing or unusual? If there are any event log entries being generated while your clients are attempting to boot, those could also be useful.

It will take me a little bit, but I'll create a sanitized version so I can post it. I appreciate the help.

Hi Matt, 

Here is the sections of my config that I thought were relevant to the issue. I didn't include the ACLs because they're giant and would take forever to sanitize, plus the issue still occurs with all four ACLs off (the inbound and outbound on each vlan interface listed below). If you need other info from the config, please let me know.

In this sanitized version, the server at 172.16.20.170 is the imaging server that DHCP scope option 66 is pointed at.

ip default-gateway 192.168.0.1
ip ssh filetransfer
ip ssh listen data
ip route 0.0.0.0 0.0.0.0 172.10.1.1
ip route 10.200.0.0 255.255.252.0 192.168.13.1
ip route 172.19.0.0 255.255.0.0 192.168.13.1
ip route 192.168.10.0 255.255.255.252 192.168.13.1
ip route 192.168.20.0 255.255.255.252 192.168.13.1
ip routing
ip udp-bcast-forward

vlan 3000
   name "Public"
   tagged A2-A5,A7-A8,B1-B7,E4,F1-F2
   ip access-group "3000-IN" in
   ip access-group "3000-OUT" out
   ip address 10.30.10.1 255.255.252.0
   ip helper-address 172.16.20.55
   ip helper-address 172.16.20.68
   ip forward-protocol udp 172.16.20.170 tftp
   ip forward-protocol udp 134.16.20.170 4011
   ip igmp
   exit
   
vlan 3020
   name "Servers"
   untagged E4
   tagged A6,A8,B5,F1-F2
   ip access-group "3020-IN" in
   ip access-group "3020-OUT" out
   ip address 172.16.20.1 255.255.255.0
   ip igmp
   exit
   
management-vlan 1001
spanning-tree
spanning-tree priority 0 force-version rstp-operation
no tftp client
no tftp server
tftp server listen data
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager

We got it figured out.

PXE boot wasn't able to get to the imaging server as the "proxy DHCP" server because there was no ip helper in place pointing at the imaging server. Two solutions worked - making the ip helper point at the broadcast address of the subnet where both the DHCP and imaging server live or by putting both the DHCP server and imaging server as ip helpers on the vlan interface. I chose the latter. 

Interesting that this wasn't required on the Enterasys S4.

l have the same issue , DHCP and WDS server not the same server and client pc in other subnet .
configuration:-

dhcp:-  i configured option 66,67 
core switch :- ip udp-bcast forward
client vlan :- ip helper-add for DHCP and WDS  ,  ip forward-protocol udp  " ip add for wds server " 4011 and   ip igmp  
server vlan :- ip igmp 

still The problem continues!!