Please enter the TFTP issues with Cisco WS-C2960X-48TS-L

  • Developer

    • FOG Version: 1.4.2
    • OS: RedHat 7.3
    • Service Version:
    • OS:

    I have problems with TFTP server and the Cisco WS-C2960X-48TS switches.


    I know that the next issue is in the wiki

    Typically this is caused by two or more DHCP services running on one network, and one or more of them being incorrectly configured for FOG. The administrator may or may not know of these DHCP services, one or more of them could be a rogue DHCP service. You can find a rogue DHCP service by running Wireshark on a computer and applying the filter bootp to only see DHCP traffic, and then doing several IP releases and renews. Any rogue DHCP service should show up in the replies.
    Another cause of this problem, although less common, is that Option 066/next-server is not configured on the only DHCP server in the environment. Find instructions on correcting this here: Modifying existing DHCP server to work with FOG 

    My problems is that the NOC doesn’t want to change the options in the DHCP :(
    The Cisco WS-C2960X-48TS-L has one option “switchport-port-security” which if is enabled the issue appears and if disabled, the issue doesn’t appear. Problem for me, the NOC is reluctant to change this option to disabled :(

    Can I send, changing the iPXE menu or using other alternative, the TFTP server?

  • Developer


    How I said in before posts, the problem was the different states of the network card. After working hardly with the network guys and talking with @Sebastian-Roth, we solved the problem using the undionly.kpxe file that is in the folder 10seconddelay.

    This file adds a little delay in the DHCP request after power on the network card.

  • Developer

    I know that this thread is old, but until now I could make tests with Network team (NOC).

    I will try to translate to english the NOC’s reasons:


    In our network, we have a mixed environment:

    • Corporate DHCP Servers giving basic IP configuration (although we have option to include additional parameters if required) [controlled by Area of communications]

    • DNSMasq in the FOG Server passing additional parameters in the DHCPOFFER messages on demand (only to computers with active FOG tasks) [controlled by Area of classrooms]


    The new version of FOG that uses iPXE fails in the networked environment where previously worked fine with PXE.
    It has been detected that the boot iPXE fails when the configuration of the interface of the switch contains the command “switchport port-security” .

    This is a typical configuration for an interface of a switch access:

    interface GigabitEthernet3/0/25
    description Tests-Fog 
    switchport access vlan 65 (this is the test vlan)
    switchport mode access
    switchport port-security
    spanning-tree portfast

    Start progressing well and the unionly.kpxe is downloaded but when you must load the default.ipxe the boot sequence stops waiting for the introduction by keyboard the IP of the server iPXE.

    If you delete the “switchport port-security” configuration, startup iPXE does not fail.

    We have observed that the port-security settings slow down the transition from the interface of the switch from OFF to ON state. I mean, it takes time you need the interface to start to switch frames.

    With an interface that does not have this setting, there is a difference of about 8 seconds for the same boot iPXE process.

    It must keep in mind that you will pass by several shutdowns / starts from the interface of the PC during the complete boot sequence.

    This delay is avoided if you sandwich between switch and host an element of level 1 (HUB) or 2 (SWITCH) that force the mouth of the switch to stay UP while the PC is turned off.


    Can we avoid the iPXE behavour? Can we config to not shutdown the nertwork card?

  • Developer

    We have several PXE server in the same vlan, three FOG servers and one LanDesk server. We control the access to the PXE using a little daemon in the different FOG servers that update the dnsmasq.conf file with the mac of the computers that have an active task. Is simply but effective.

    Historically, this option has been empty and this change may lead to unforeseen side effects.

    The “port-security” option is configured enable to avoid the loops and the possibility of using virtual machines without NAT.

  • @Fernando-Gietz said in Please enter the TFTP issues with Cisco WS-C2960X-48TS-L:

    My problems is that the NOC doesn’t want to change the options in the DHCP :(

    did they told you the reason? if the needed dhcp options are not in use why the hell they say no?
    Btw. you are facing a problem when a company gets to big ;) and the IT is not sitting completely in one big office.

    Corporations / Concerns groups are bad ;-p

    Regards X23

  • Developer

    Thanks Wayne for your good words XD

  • @Fernando-Gietz said in Please enter the TFTP issues with Cisco WS-C2960X-48TS-L:

    Can I send, changing the iPXE menu or using other alternative, the TFTP server?

    Your not even getting that far, so this won’t work. Dhcp needs adjusted, this is the most simple, easy, and supportable solution.

    You’re NOC should realize you are one of their customers, and should realize you are all on the same team and all have good intentions.

  • Developer

    One more thing, I have a very old FOG server (0.30) using PXE and with PXE I don’t have issues with TFTP and Cisco WS-C2960X-48TS switches.