Wired Intelligent Edge (Campus Switching and Routing)

Reply
Occasional Contributor I

PXE Boot/TFTP across VLANs with Aruba 5412Rzl2

Hey all, 

 

We recently changed out our core router from an Enterasys S4 to an Aruba 5412Rzl2 and since then we have been unable to complete a PXE boot into a boot wim file when the client computer is on a different VLAN than the imaging server. It works fine if the client computer is on the same VLAN as the imaging server, which tells me something isn't crossing the router correctly. 

 

DHCP scope options 66 and 67 are set pointing at the correct server and the correct boot wim file. The clients get an IP and start to download the boot wim, but the download doesn't appear to complete. I can see some TFTP traffic coming from the imaging server to the client when I do a packet capture, however, when compared to a packet capture if the client is on the same VLAN as the imaging server there are far fewer TFTP packets, which leads be to believe the boot wim isn't being fully downloaded.

 

I've also tried enabling udp broadcast forwarding globally with specific settings on the client VLANs for udp forwarders pointing at the imaging server for ports udp/69 and udp/4011, but this hasn't helped.

 

Additionally, while there are both inbound and outbound ACLs applied to both the client and server VLANs, these do not block this kind of traffic for either VLAN. I have removed all the ACLs from the VLANs and tested and the issue still occurs, so it doesn't appear to be ACL related. 

 

MTU is 1500 across the board. No Jumbo Frames enabled. 

 

I appreciate any ideas and feedback. Thanks.

MVP Expert

Re: PXE Boot/TFTP across VLANs with Aruba 5412Rzl2

Greetings!

 

Do you have a sanitized 5412R configuration that you can post so we can figure out if there is anything missing or unusual? If there are any event log entries being generated while your clients are attempting to boot, those could also be useful.



Matt Fern
Technical Marketing Engineer, Wired Intelligent Edge

Aruba, a Hewlett Packard Enterprise company

8000 FOOTHILLS BLVD  |  ROSEVILLE, CA 95747
T: 916.540.1759  |  E: mfern@hpe.com   |   Matt @ Twitter
Occasional Contributor I

Re: PXE Boot/TFTP across VLANs with Aruba 5412Rzl2

It will take me a little bit, but I'll create a sanitized version so I can post it. I appreciate the help.

Occasional Contributor I

Re: PXE Boot/TFTP across VLANs with Aruba 5412Rzl2

Hi Matt, 

 

Here is the sections of my config that I thought were relevant to the issue. I didn't include the ACLs because they're giant and would take forever to sanitize, plus the issue still occurs with all four ACLs off (the inbound and outbound on each vlan interface listed below). If you need other info from the config, please let me know.

 

In this sanitized version, the server at 172.16.20.170 is the imaging server that DHCP scope option 66 is pointed at.

 

ip default-gateway 192.168.0.1
ip ssh filetransfer
ip ssh listen data
ip route 0.0.0.0 0.0.0.0 172.10.1.1
ip route 10.200.0.0 255.255.252.0 192.168.13.1
ip route 172.19.0.0 255.255.0.0 192.168.13.1
ip route 192.168.10.0 255.255.255.252 192.168.13.1
ip route 192.168.20.0 255.255.255.252 192.168.13.1
ip routing
ip udp-bcast-forward

vlan 3000
   name "Public"
   tagged A2-A5,A7-A8,B1-B7,E4,F1-F2
   ip access-group "3000-IN" in
   ip access-group "3000-OUT" out
   ip address 10.30.10.1 255.255.252.0
   ip helper-address 172.16.20.55
   ip helper-address 172.16.20.68
   ip forward-protocol udp 172.16.20.170 tftp
   ip forward-protocol udp 134.16.20.170 4011
   ip igmp
   exit
   
vlan 3020
   name "Servers"
   untagged E4
   tagged A6,A8,B5,F1-F2
   ip access-group "3020-IN" in
   ip access-group "3020-OUT" out
   ip address 172.16.20.1 255.255.255.0
   ip igmp
   exit
   
management-vlan 1001
spanning-tree
spanning-tree priority 0 force-version rstp-operation
no tftp client
no tftp server
tftp server listen data
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
Occasional Contributor I

Re: PXE Boot/TFTP across VLANs with Aruba 5412Rzl2

We got it figured out.

 

PXE boot wasn't able to get to the imaging server as the "proxy DHCP" server because there was no ip helper in place pointing at the imaging server. Two solutions worked - making the ip helper point at the broadcast address of the subnet where both the DHCP and imaging server live or by putting both the DHCP server and imaging server as ip helpers on the vlan interface. I chose the latter. 

 

Interesting that this wasn't required on the Enterasys S4.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: