UEFI pxe boot problem from a network



  • Hello
    My machines can’t start with pxe over uefi from one vlan but works fine from an other vlan.
    I have no problem with bios legacy pxe boot
    I can’t understand the reason why ?
    here the dhcpd.conf file:

    # 
    # dhcpd.conf  
    #
    ddns-update-style standard;
    authoritative;
    
    #log-facility local7;
    set vendor-string = option vendor-class-identifier;
    log (info, option vendor-class-identifier);
    
    include "/etc/dhcp/vip.conf";
    
    subnet 148.60.0.0 netmask 255.255.248.0 {
    ##########################################
    option domain-name-servers 148.60.15.109,148.60.15.106 ;
    option domain-name "istic.univ-rennes1.fr" ;
    option routers 148.60.7.254 ;
    option subnet-mask 255.255.248.0 ;
    default-lease-time 2592000 ;
    max-lease-time 5184000 ;
    
    pool {
                    allow members of "vip";
                    range 148.60.7.200 148.60.7.230;
    }
    
    group {
            next-server 148.60.4.1;
    
    class "Legacy" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
            filename "undionly.kkpxe";
        }
        class "UEFI-32-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-32-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-64-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
            filename "ipxe.efi";
        }
        class "UEFI-64-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
            filename "ipxe.efi";
        }
        class "UEFI-64-3" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
            filename "ipxe.efi";
        }
    
    host admin01 { hardware ethernet 7**d:cf; fixed-address admin01; option Host-name "admin01";} # 
    host admin02 { hardware ethernet b8:85**a; fixed-address admin02; option Host-name "admin02";} # proto windows salles istic
    #host admin04 { hardware ethernet 74**; fixed-address admin04; option Host-name "admin04";} #AIO Dell 9030
    host admin05 { hardware ethernet d8:** fixed-address admin05; option Host-name "admin05";} # HP8100 AIO
    host admin07 { hardware ethernet c**; fixed-address admin07; option Host-name "admin07";} # AIO Dell 9030
               
    # marque debut pour dhcp-vm vlan 2, pas touche SVP.
    # marque fin pour dhcp-vm vlan 2, pas touche SVP.
    }
    
    subnet 148.60.10.0 netmask 255.255.255.0 {
    ##########################################
    option domain-name-servers 148.60.15.109,148.60.15.106 ;
    option domain-name "istic.univ-rennes1.fr" ;
    option routers 148.60.10.254 ;
    option subnet-mask 255.255.255.0 ;
    default-lease-time 600 ;
    max-lease-time 1200 ;
    
    group {
    # On commente les deux lignes suivantes pour éviter le menu de Fog
            next-server 148.60.4.1;
    
    class "Legacy" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
            filename "undionly.kkpxe";
        }
        class "UEFI-32-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-32-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-64-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
            filename "ipxe.efi";
        }
        class "UEFI-64-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
            filename "ipxe.efi";
        }
        class "UEFI-64-3" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
            filename "ipxe.efi";
        }
    host arrakis { hardware ethernet 0***FA; fixed-address arrakis; option Host-name "arrakis";} # Gx360 Gentoo AD
    host admin11 { hardware ethernet 9c****:ca; fixed-address admin11; option Host-name "admin11";} #linux test 8300 AD
    host brisbane { hardware ethernet 00:2****c9; fixed-address brisbane; option Host-name "brisbane";} # Windows SA
    
    # marque fin pour dhcp-vm vlan 10, pas touche SVP.
            pool {
                    deny members of "telephones-ip";
                    range 148.60.10.180 148.60.10.220;
                    next-server 148.60.15.121;
                    filename "pxelinux.0";
            }
    
            ####################################################
            # pool d'adresse dynamique reserve aux telephones IP
            # testsip
            pool {
                    allow members of "telephones-ip";
                    range 148.60.10.224 148.60.10.239; #
            }
    }
    
    }
    
    
    

    The problem is for the subnet 148.60.10.0/24
    With tcpdump, I don’t capture any packet on 148.60.4.1 fog server from the booting 148.60.10.193 machine
    I have no firewall working on my fog server.
    I have no access rules from 148.60.10.0 vlan to 148.60.4.0 vlan
    Could you help me



  • @Sebastian-Roth
    Yes class and host are now declarated in groups, not in subnets.
    So now, I declare all subnets first and after all groups.
    Here is my new dhcpd.conf file:

    # dhcpd.conf  
    #
    ddns-update-style standard;
    authoritative;
    
    #log-facility local7;
    set vendor-string = option vendor-class-identifier;
    log (info, option vendor-class-identifier);
    
    
    ##############################################
    # rajoute pour les telephones IP IFSIC/ISTIC
    # C'est pour pouvoir utiliser le prise LAN
    # derriere le telephone dans l'un des reseau ESIR/ISTIC
    ##################################################
    option space Tel-Sip;
    option Tel-Sip.cfg-server-address code 2 = text;
    option Tel-Sip.contact-rcs code 3 = boolean;
    
    class "telephones-ip" {
    	# voir man dhcp-eval
    	match if substring(hardware,1,3) = 00:08:5d;
    	option server.min-lease-time 40;
            option ntp-servers 129.20.251.1;
            #option tftp-server-name "129.20.131.108";
    	option server.vendor-option-space Tel-Sip;
          	option server.boot-unknown-clients true;
          	option Tel-Sip.contact-rcs true;
          	option Tel-Sip.cfg-server-address "ftp://connexio994:xa3SGXZE74@10.21.7.8";
    }
    
    # sacker un peu les smartphones ...
    class "android" {
      match if substring(option host-name,0,7) = "android";
      default-lease-time 900 ;
      max-lease-time 900 ;
    }
    class "iPhone" {
      match if substring(option host-name,0,6) = "iPhone";
      default-lease-time 900 ;
      max-lease-time 900 ;
    }
    class "iPad" {
      match if substring(option host-name,0,4) = "iPad";
      default-lease-time 900 ;
      max-lease-time 900 ;
    }
    class "Windows-Phone" {
      match if substring(option host-name,0,13) = "Windows-Phone";
      default-lease-time 900 ;
      max-lease-time 900 ;
    }
    class "Galaxy" {
      match if substring(option host-name,0,6) = "Galaxy";
      default-lease-time 900 ;
      max-lease-time 900 ;
    }
    class "HUAWEI" {
      match if substring(option host-name,0,6) = "HUAWEI";
      default-lease-time 900 ;
      max-lease-time 900 ;
    }
    class "Samsung" {
      match if substring(option host-name,0,7) = "Samsung";
      default-lease-time 900 ;
      max-lease-time 900 ;
    }
    class "Honor" {
      match if substring(option host-name,0,5) = "Honor";
      default-lease-time 900 ;
      max-lease-time 900 ;
    }
    
    
    #
    # machines recevant une IP dynamique dans le vlan2 (lan-free).
    #
    
    include "/etc/dhcp/vip.conf";
    
    subnet 145.55.0.0 netmask 255.255.248.0 {
    ##########################################
    option domain-name-servers 145.55.15.109,145.55.15.106 ;
    option domain-name "monuniversite1.fr" ;
    option routers 145.55.7.254 ;
    option subnet-mask 255.255.248.0 ;
    default-lease-time 86400 ;
    max-lease-time 172800 ;
    
    pool {
                    allow members of "vip";
                    range 145.55.7.200 145.55.7.230;
    }
    
    
    
    
    	####################################################
            # pool d'adresse dynamique reserve aux telephones IP
    	# masque de 255.255.255.240 pour le firewall
            pool {
                    allow members of "telephones-ip";
                    range 145.55.0.224 145.55.0.239;
            }
    }
    
    
    #subnet 145.55.8.0 netmask 255.255.255.0 {
    ##########################################                                                
    #option domain-name-servers 145.55.15.109,145.55.15.106 ;
    #option domain-name "monuniversite1.fr" ;
    #option routers 145.55.8.254 ;
    #option subnet-mask 255.255.255.0 ;
    #default-lease-time 6000 ;
    #max-lease-time 12000 ;
    #group {
    #}
    #}
    
    subnet 145.55.10.0 netmask 255.255.255.0 {
    ##########################################
    option domain-name-servers 145.55.15.109,145.55.15.106 ;
    option domain-name "monuniversite1.fr" ;
    option routers 145.55.10.254 ;
    option subnet-mask 255.255.255.0 ;
    default-lease-time 600 ;
    max-lease-time 1200 ;
    
    
    
    	pool {
    		deny members of "telephones-ip";
    		range 145.55.10.180 145.55.10.220;
    		next-server 145.55.4.1;
            	#filename "pxelinux.0";
    	}
    
    	####################################################
    	# pool d'adresse dynamique reserve aux telephones IP
    	# testsip
    	pool {
    		allow members of "telephones-ip";
    		range 145.55.10.224 145.55.10.239; #avec un masque de 255.255.255.240 pour erebus
    	}
    }
    
    subnet 145.55.11.0 netmask 255.255.255.0 {
    ##########################################
    option domain-name-servers 145.55.15.109,145.55.15.106 ;
    option domain-name "monuniversite1.fr" ;
    option routers 145.55.11.254 ;
    option subnet-mask 255.255.255.0 ;
    default-lease-time 86400 ;
    max-lease-time 172800 ;
    range 145.55.11.1 145.55.11.9 ;
    
    
    }
    
    subnet 145.55.12.0 netmask 255.255.255.0 {
    ##########################################
    option domain-name-servers 145.55.15.109,145.55.15.106 ;
    option domain-name "monuniversite1.fr" ;
    option routers 145.55.12.254 ;
    option subnet-mask 255.255.255.0 ;
    default-lease-time 86400 ;
    max-lease-time 172800 ;
    #
    
    range 145.55.12.101 145.55.12.140 ;
    #range 145.55.12.100 145.55.12.199 ;
    }
    
    subnet 145.55.13.0 netmask 255.255.255.0 {
    ##########################################
    option domain-name-servers 145.55.15.109,145.55.15.106 ;
    option domain-name "monuniversite1.fr" ;
    option routers 145.55.13.254 ;
    option subnet-mask 255.255.255.0 ;
    option ntp-servers 129.20.128.22;
    default-lease-time 3600 ;
    max-lease-time 3600 ;
    adaptive-lease-time-threshold 80;
    min-lease-time 900;
    range 145.55.13.1 145.55.13.247 ;
    }
    
    subnet 145.55.14.0 netmask 255.255.255.0 {
    ##########################################
    option domain-name-servers 145.55.15.109,145.55.15.106 ;
    option domain-name "monuniversite1.fr" ;
    option routers 145.55.14.254 ;
    option subnet-mask 255.255.255.0 ;
    option ntp-servers 129.20.128.22;
    default-lease-time 3600 ;
    max-lease-time 3600 ;
    adaptive-lease-time-threshold 80;
    min-lease-time 900;
    range 145.55.14.16 145.55.14.253 ;
    }
    
    subnet 145.55.15.0 netmask 255.255.255.0 {
    ##########################################
    option domain-name-servers 145.55.15.109,145.55.15.106 ;
    option domain-name "monuniversite1.fr" ;
    option routers 145.55.15.254 ;
    option subnet-mask 255.255.255.0 ;
    default-lease-time 2592000 ;
    max-lease-time 5184000 ;
    }
    
    subnet 129.20.15.0 netmask 255.255.255.0 {
    ##########################################
    option domain-name-servers 145.55.15.109,145.55.15.106 ;
    option domain-name "monuniversite1.fr" ;
    option routers 129.20.15.254 ;
    option subnet-mask 255.255.255.0 ;
    default-lease-time 2592000 ;
    max-lease-time 172800 ;
    #
    
    	####################################################
    	# pool d'adresse dynamique reserve aux telephones IP
    	# testsip
    	pool {
    		allow members of "telephones-ip";
    		range 129.20.15.224 129.20.15.239; #avec un masque de 255.255.255.240 pour erebus
    	}
    }
    
    group { #######################################VLAN2 > FOG ########################################
    	next-server 145.55.4.1;
    
    class "Legacy" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
            filename "undionly.kkpxe";
        }
        class "UEFI-32-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-32-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-64-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
            filename "ipxe.efi";
        }
        class "UEFI-64-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
            filename "ipxe.efi";
        }
        class "UEFI-64-3" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
            filename "ipxe.efi";
        }
    
    host admin01 { hardware ethernet 74:e6:e2:d9:dd:cf; fixed-address admin01; option Host-name "admin01";} # 
    host admin02 { hardware ethernet b8:85:84:ac:89:fa; fixed-address admin02; option Host-name "admin02";} # proto windows salles istic
    ..........................................................................
    host imp-b42-001 { hardware ethernet 78:e3:b5:fb:31:da; fixed-address imp-b42-001; option Host-name "imp-b42-001";}
    host imp-b42-002 { hardware ethernet 10:1F:74:47:1E:4E; fixed-address imp-b42-002; option Host-name "imp-b42-002";}
    # Gateway LORA F.Bodin le 11/12/2019
    
    
    ##module niusrp
    host niusrp6 { hardware ethernet 00:80:2f:17:b4:e3; fixed-address niusrp6; option Host-name "niusrp6";}
    
    ### Salle machines virtuelles
    #
    
    host virt01m01 { hardware ethernet aa:bb:aa:bb:aa:aa; fixed-address virt01m01; option Host-name "virt01m01";}
    host virt01m02 { hardware ethernet aa:bb:aa:bb:aa:ab; fixed-address virt01m02; option Host-name "virt01m02";}
    
    host w10 { hardware ethernet 9c:8e:99:f5:1a:a9; fixed-address w10; option Host-name "w10";}
    
    # marque debut pour dhcp-vm vlan 2, pas touche SVP.
    
    # marque fin pour dhcp-vm vlan 2, pas touche SVP.
    
    }
    
    group {  #######################################VLAN2 > COSINUS ########################################
    # Groupe pointant vers le pxe du Fog de test                                                                                                                                    
      	option domain-name-servers 145.55.15.109,145.55.15.106;
            next-server 145.55.4.2;
    
    class "Legacy" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
            filename "undionly.kkpxe";
        }
        class "UEFI-32-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-32-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-64-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
            filename "ipxe.efi";
        }
        class "UEFI-64-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
            filename "ipxe.efi";
        }
        class "UEFI-64-3" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
            filename "ipxe.efi";
        }
    #
    #Machine test cosinus
    
    #host centos7-6 { hardware ethernet 52:54:00:b3:30:b5; fixed-address centos7-6; option Host-name "centos7-6";} # VM sur admin11
    ..................................................................................................................
    #host b06-013m01 { hardware ethernet 9c:8e:99:f5:69:2a; fixed-address b06-013m01; option Host-name "b06-013m01";}
    
    
    
    }
    
    
    group {  ###################################### VLAN2 IMPRIMANTES ########################################
    host imp-2a-020 { hardware ethernet 00:11:85:FA:28:9A; fixed-address imp-2a-020; option Host-name "imp-2a-020";} # 
    h
    host d262m03 { hardware ethernet 00:11:43:2C:11:8D; fixed-address d262m03; option Host-name "d262m03";} # gx280 carte acquisition
    host e114m01 { hardware ethernet 00:13:72:0D:55:B7; fixed-address e114m01; option Host-name "e114m01";} # F Lamarche
    #host imp-b05-001 { hardware ethernet 00:1f:29:1f:23:c9; fixed-address imp-b05-001; option Host-name "imp-b05-001";} 
    
    }
    group {  #######################################VLAN2 COMMUT ########################################
    #
    # groupe  : commut
    #
    host c12eb { hardware ethernet ; fixed-address c12eb; option Host-name "c12eb";} # 
    host c12ea { hardware ethernet ; fixed-address c12ea; option Host-name "c12ea";} # 
    host c12ee { hardware ethernet ; fixed-address c12ee; option Host-name "c12ee";} # 
    host c2ba { hardware ethernet ; fixed-address c2ba; option Host-name "c2ba";} # 
    .................................................................................
    host c12dt { hardware ethernet ; fixed-address c12dt; option Host-name "c12dt";} # 
    host c12du { hardware ethernet ; fixed-address c12du; option Host-name "c12du";} # 
    }
    
    
    group { ####################################################VLAN10################################################
    # On commente les deux lignes suivantes pour eviter le menu de Fog
     	next-server 145.55.4.1;
    
    class "Legacy" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
            filename "undionly.kkpxe";
        }
        class "UEFI-32-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-32-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-64-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
            filename "ipxe.efi";
        }
        class "UEFI-64-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
            filename "ipxe.efi";
        }
        class "UEFI-64-3" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
            filename "ipxe.efi";
        }
    
    host arrakis { hardware ethernet 00:23:AE:6A:83:FA; fixed-address arrakis; option Host-name "arrakis";} # Gx360 Gentoo AD
    host admin11 { hardware ethernet 9c:8e:99:f5:68:ca; fixed-address admin11; option Host-name "admin11";} #linux test 8300 AD
    ......................................................................................................................
    #host miage-dell6 { hardware ethernet 10:65:30:83:5c:4b; fixed-address miage-dell6; option Host-name "miage-dell6";} #   
    # marque debut pour dhcp-vm vlan 10, pas touche SVP.
    host winrm10 {hardware ethernet 00:11:E2:61:00:03; fixed-address winrm10; option Host-name "winrm10";}     # Ajout par dhcp-vm le 22/08/2016 (11:32:32)
    # marque fin pour dhcp-vm vlan 10, pas touche SVP.
    
    }
    
    group { ####################################################VLAN11################################################
    # marque debut pour dhcp-vm vlan 11, pas touche SVP.
    host pret13 {hardware ethernet 00:11:E7:61:00:10; fixed-address pret13; option Host-name "pret13";}     # Ajout par dhcp-vm le 24/5/2013 (11:21:05)
    ...........................................................................................................
    host palme02 { hardware ethernet 00:23:ae:74:66:85; fixed-address palme02; option Host-name "palme02";} # poste asso Palme d193 Maxime Lambert 12006967
    }
    
    
    group { ##########################################VLAN12#######################################
    	next-server 145.55.4.1;
    
    class "Legacy" {
          match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
            filename "undionly.kkpxe";
        }
        class "UEFI-32-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-32-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-64-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
            filename "ipxe.efi";
        }
        class "UEFI-64-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
            filename "ipxe.efi";
        }
        class "UEFI-64-3" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
            filename "ipxe.efi";
        }
    #
    ### Salle_i204
    #
    host i204m01 { hardware ethernet 14:b3:1f:19:81:02; fixed-address i204m01; option Host-name "i204m01";}
    .........................................................................................................
    host i204m10 { hardware ethernet 14:b3:1f:19:80:20; fixed-address i204m10; option Host-name "i204m10";}
    
    ### Salle_i206
    #
    host i206m01 { hardware ethernet b8:85:84:b9:68:49; fixed-address i206m01; option Host-name "i206m01";}
    ...........................................................................................................
    host i206m10 { hardware ethernet b8:85:84:b9:5e:9f; fixed-address i206m10; option Host-name "i206m10";}
    #
    
    ### Salle_i207
    #
    host i207m01 { hardware ethernet 78:ac:c0:b1:aa:f6; fixed-address i207m01; option Host-name "i207m01";} # 
    ............................................................................................................
    host i207m22 { hardware ethernet 00:11:43:14:42:11; fixed-address i207m22; option Host-name "i207m22";} #
    
    }
    group {
    host psyche { hardware ethernet 00:13:72:08:e1:93; fixed-address psyche; option Host-name "psyche";} # 
    # host psyche { hardware ethernet 00:13:72:0D:70:D8; fixed-address psyche; option Host-name "psyche";} # 
    host anubis { hardware ethernet 00:14:22:75:AF:18; fixed-address anubis; option Host-name "anubis";} # 
    }
    
    
    group { ##############################################VLAN15################################################
    #
            next-server 145.55.4.1;
    
    class "Legacy" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
            filename "undionly.kkpxe";
        }
        class "UEFI-32-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-32-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-64-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
            filename "ipxe.efi";
        }
        class "UEFI-64-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
            filename "ipxe.efi";
        }
        class "UEFI-64-3" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
            filename "ipxe.efi";
        }
    
    #
    host wifsic1 { hardware ethernet 00:42:68:44:79:18; fixed-address wifsic1; option Host-name "wifsic1";} #
    h....................................................................................................
    host satus {hardware ethernet 78:2B:CB:6D:38:C3; fixed-address satus; option Host-name "satus";} 
    }
    
    
    group { ######################################## VLAN3 Personnels ############################
    # On commente les deux lignes suivantes pour eviter le menu de Fog 
     	next-server 145.55.4.1;
    
    class "Legacy" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
    	filename "undionly.kkpxe";
        }
        class "UEFI-32-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-32-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-64-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
            filename "ipxe.efi";
        }
        class "UEFI-64-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
            filename "ipxe.efi";
        }
        class "UEFI-64-3" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
            filename "ipxe.efi";
        }
                                                                                                                                                                                   #
    host ad-istic1 { hardware ethernet 00:15:5d:0f:fb:00; fixed-address ad-istic1; option Host-name "ad-istic1";}
    .....................................................................................................
    host b06-014m01 { hardware ethernet 8c:04:ba:5d:81:cc; fixed-address b06-014m01; option Host-name "b06-014m01";} # portable Samuel Crand 2019-06
    host bug { hardware ethernet 9c:8e:99:f5:9c:2e; fixed-address bug; option Host-name "bug";} # HP 8300 
    }
    group {  ######################################## VLAN3 Personnels > COSINUS############################
    # boot cosinus pour 129.20.15
        next-server 145.55.4.2;
    
    class "Legacy" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
            filename "undionly.kkpxe";
        }
        class "UEFI-32-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-32-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-64-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
            filename "ipxe.efi";
        }
        class "UEFI-64-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
            filename "ipxe.efi";
        }
        class "UEFI-64-3" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
            filename "ipxe.efi";
        }
    #host d000m02 { hardware ethernet c8:1f:66:aa:26:b2; fixed-address d000m02; option Host-name "d000m02";}
    #host b42-015m01new {hardware ethernet b8:85:84:b5:ea:9c; fixed-address b42-015m01new;option Host-name "b42-015m01new";}
    
    }
    

  • Developer

    @lebrun78 Guess you already saw there is another good piece of advice for you here: https://lists.isc.org/pipermail/dhcp-users/2020-April/022040.html




  • Developer

    @lebrun78 Good to hear you have figured it out! I have played with it a bit last night but didn’t find a solution yet.

    Niall O’Reilly proposed to declare hosts out of the subnet.

    Sounds interesting.


  • Moderator

    @lebrun78 Would you mind linking to the exact post you found. Since this issue isn’t specifically related to FOG it would be nice for others if they have the same problem to share in your success.



  • I found the solution of the problem
    After a post on dhcp-users-request@lists.isc.org, Niall O’Reilly proposed to declare hosts out of the subnet.
    And effectivly , now, hosts are declared in group but not in the subnet and it works .

    Thank you very much for your help, Sebastian and George.



  • @Sebastian-Roth
    Thank you very much for your work !


  • Developer

    @lebrun78 I have some good news and some bad. The good news is I found some time to setup a VM to try to replicate your setup and play with it. Found this is happening in my test setup as well!

    Bad news is that I have not found why this is happening yet. But I am fairly sure I will! Stay tuned.



  • @george1421
    So here is a capture with 2 request, on pxe at time 0 and at time 196 a usb boot ubuntu.
    When ubuntu loaded, ip a give good IP adress, good router and good netwask
    capturedhcp.pcap



  • @Sebastian-Roth
    Hello
    I have blanked the lease file. At the reboot of the client, same problem.
    Here is the actual lease file:

    cat dhcpd.leases
    # The format of this file is documented in the dhcpd.leases(5) manual page.
    # This lease file was written by isc-dhcp-4.2.5
    
    server-duid "\000\001\000\001&\036\337\215P\232L\202P~";
    
    lease 148.60.10.180 {
      starts 2 2020/04/07 06:53:04;
      ends 3 2020/04/08 06:53:04;
      cltt 2 2020/04/07 06:53:04;
      binding state active;
      next binding state free;
      rewind binding state free;
      hardware ethernet 10:65:30:83:5c:4b;
      set vendor-string = "PXEClient:Arch:00007:UNDI:003016";
    
    

  • Developer

    @lebrun78 I just had an idea. Maybe this is caused by a problematic entry in the DHCP leases cache file?? Take a look at /var/lib/dhcpd/dhcpd.leases. Not really sure what we are looking for but you might search that file for pattern 148.60.10. to see what leases are in the store. If you find something concerning than I would stop dhcp service for a second, make a backup copy of that file, edit and remove the problematic entry and start dhcp service up again.

    As you seem to have a lot if fixed addresses defined you might not even care much about the leases. In that case you could even clear the whole leases file (stop dhcp before) and see if it makes a difference.



  • @george1421
    I have just done the search of extra curly brace with notepadd++, I didn’t see the problem.

    The file in first post is an extract, you can view the production file here:
    https://filesender.renater.fr/?s=download&token=11cc357f-4663-41c8-830b-71938d2d2aa7


  • Moderator

    @george1421 Never mind, I just got excited for finding nothing. Still looking into the setup.


  • Moderator

    @lebrun78 Hey, I was just comparing your dhcp config file with an example ubuntu dual interface example. I loaded your configuration into notepad++ and it pointed out you have an extra curly brace at the end of your config file. I don’t know if this was a type-o when you pasted it in or you do have an extra curly brace in the config.



  • @george1421
    Hello Geoge
    this morning I made a test by reversing the places of the declarations of the subnet.
    In fact the client recovers the mask and router of the first declared subnet…


  • Moderator

    @george1421 said in UEFI pxe boot problem from a network:

    I really don’t understand how this is possible. I can understand the dhcp server giving its a new IP address as its booting. I’ve seen it before. What I don’t understand is how it would give it information that is not from its pool. That is totally confusing. If it was giving the complete information from the wrong pool I might understand, but the original pcap has the right IP address range and the wrong router and subnet information.

    Can you grab a pcap from a witness computer on this vlan 10 using this new capture filter. PXE boot it to the error and then let it boot into windows. I want to see the response from both dhcp requests.

    port 67 or port 68 and ether host 10:65:30:83:5c:4b

    The only thing I can think that we might do is create a second instance of the dhcp server, adjust the dhcp config files accordingly, and then bind each instance with config file to the proper interface. Your setup is not a traditional one using dhcp helper services and a single dhcp interface on the server. Its possible that the dhcp server is getting confused to where the bootp request is coming from. Right now I’m just grabbing at ideas, because what you are reporting should not be.



  • I have made 2 boot on the windows machine, UEFi pxe boot and hard drive boot.
    I get this logs in my dhcp server:

    Apr  6 09:46:02 sybille2 dhcpd: PXEClient:Arch:00007:UNDI:003016
    Apr  6 09:46:02 sybille2 dhcpd: DHCPDISCOVER from 10:65:30:83:5c:4b via em2.10
    Apr  6 09:46:03 sybille2 dhcpd: DHCPOFFER on 148.60.10.198 to 10:65:30:83:5c:4b via em2.10
    Apr  6 09:46:05 sybille2 dhcpd: PXEClient:Arch:00007:UNDI:003016
    Apr  6 09:46:05 sybille2 dhcpd: DHCPREQUEST for 148.60.10.198 (148.60.10.252) from 10:65:30:83:5c:4b via em2.10
    Apr  6 09:46:05 sybille2 dhcpd: DHCPACK on 148.60.10.198 to 10:65:30:83:5c:4b via em2.10
    Apr  6 09:46:41 sybille2 dhcpd: MSFT 5.0
    Apr  6 09:46:41 sybille2 dhcpd: DHCPDISCOVER from 10:65:30:83:5c:4b via em2.10
    Apr  6 09:46:42 sybille2 dhcpd: DHCPOFFER on 148.60.10.190 to 10:65:30:83:5c:4b (MININT-S9D1BSU) via em2.10
    Apr  6 09:46:42 sybille2 dhcpd: MSFT 5.0
    Apr  6 09:46:42 sybille2 dhcpd: DHCPREQUEST for 148.60.10.190 (148.60.10.252) from 10:65:30:83:5c:4b (MININT-S9D1BSU) via em2.10
    Apr  6 09:46:42 sybille2 dhcpd: DHCPACK on 148.60.10.190 to 10:65:30:83:5c:4b (MININT-S9D1BSU) via em2.10
    Apr  6 09:46:42 sybille2 dhcpd: Unable to add forward map from MININT-S9D1BSU.istic.univ-rennes1.fr to 148.60.10.190: not found
    
    

    The same machine gets to differents IP, 148.60.10.190 and 148.60.10.198 at 09:46:03 (pxe booot) and at 09:46:40



  • @george1421

    So I’ll ask you the same question again in a different way. Is dhcp server 148.60.10.252 and 148.60.4.3 the same computer?
    YES
    I have only one dhcpd.conf file, sone only one instance of dhcp

    Here is what I get on the same machine on vlan 148.60.10.0/24 when windows is loaded:
    Capture.PNG

    It’s crazy, no ?


  • Moderator

    @lebrun78 I can’t see from the config how/why its sending out the wrong router address unless something in include "/etc/dhcp/vip.conf"; is doing it.

    Wait, there is something strange going on here. Look at the base address and the subnet mask as defined.

    subnet 148.60.10.0 netmask 255.255.255.0 {
    ##########################################
    option domain-name-servers 148.60.15.109,148.60.15.106 ;
    option domain-name "istic.univ-rennes1.fr" ;
    option routers 148.60.10.254 ;
    option subnet-mask 255.255.255.0 ;
    default-lease-time 600 ;
    max-lease-time 1200 ;
    
    group {
    # On commente les deux lignes suivantes pour éviter le menu de Fog
            next-server 148.60.4.1;
    

    But look at the pcap what the client is being told.
    pcap_error.png

    As you see in the picture the client is being told that its subnet mask is 255.255.248.0, but your config files says 255.255.255.0. The client is being told the router is 148.60.7.254 but your config file says 148.60.10.254.

    So I’ll ask you the same question again in a different way. Is dhcp server 148.60.10.252 and 148.60.4.3 the same computer? If it is do you have 2 different instances of isc-dhcp server running, where each instance is bound to a different network interface? Something is strange with the 148.60.10.252 dhcp server.


Log in to reply
 

353
Online

7.0k
Users

14.2k
Topics

134.4k
Posts