PXE : switches to DOT1X and/or MAB
-
Hello,
FOG version: stable - 1.5.10
I am making this post because we are having a problem with the PXE boot since we switched our switches to DOT1X and/or MAB.
- With MAB alone no problem
- With DOT1X and MAB active: the PXE boot starts with a latency of 30 seconds on Start PXE (probably the switch from DOT1X to MAB) (attached)
We get the IP address but during the second DHCP request it gives us this error:
“No configuration methods succeeded” after the two attempts (attached)
After a few seconds we do the “dhcp” command and there we see that the network is active (surely the switch from DOT1X to MAB) (attached)
I tested the “autoboot” command, we can see that we contact the server but we did not have permission to start (attached)
How should we modify this boot sequence to for example make 5 attempts instead of 2, I suppose that the ipxe.efi file has to be redone but how?
- With DOT1X alone, it blocks on PXE start and nothing happens (attached)
Do you use DOT1X and MAB on your switches and if so, have you found solutions?
Thank you in advance.
Have a nice day. -
@Nicolas-Bricet This really sounds like a spanning tree issue vs dot1x authentication (unless your authentication process is taking a really long time to authenticate the port). Make sure the port is configured for port-fast, fast-stp, rstp or whatever your switch manufacturer calls it.
Secondly if TIME is the resolution then this can probably be addressed too.
First of all we have the ability to update the iPXE boot loader from a fog install. This tutorial is intended to solve a different problem but you will need this in your solution: https://forums.fogproject.org/topic/15826/updating-compiling-the-latest-version-of-ipxe
So at this point you know that you can rebuild iPXE right from your fog server. Now we need to adjust iPXE to wait 30 seconds before requesting an IP address (FWIW, by default spanning tree it take 27 seconds to start forwarding data, so the timing is suspiciously similar).
When iPXE boots up it runs a FOG custom script file that tells iPXE how to configure itself. If you can remember back to the DOS days, this was the autoexec.bat files function. iPXE has a similar script. Within the iPXE source directory the file is call ipxescript (a look on github) https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/src/ipxe/src-efi/ipxescript#L1 This is the script that runs inside iPXE to configure the network.To take this concept one step more, the FOG developers have already created a version of the iPXE that has a 10 second boot delay (remember you need a 30 second delay). An example of this 10 second delay startup is here: https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/src/ipxe/src-efi/ipxescript10sec#L3 All you need to do is either update that 10 to a 30 or copy that line over to the ipxescript main script and change it to 30. Once that is done recompile ipxe using the instructions above.
The FOG delivered 10second delay versions of iPXE are located in the /tftpboot/10seconds directory. So you have two paths to get this done, but I would surely look into spanning tree first to make sure port fast is enabled and make the above second way unnecessary.
