FOG TFTP FAILING. ADVANCED HELP NEEDED



  • I have just rolled out a security product from Cisco called Identity Services Engine (ISE). Part of the confiuration is setting up the switchports for the commands to support dot1x authentication. I have noticed only with our Cisco 3750E switches that the switchport command MAB (MAC Authentication Bypass) causes the TFTP/PXE to fail…timeout.

    Any ideas of why this would be?


  • group:cid:13:privileges:mods:members

    A couple of ideas found on Cisco forums, [url]https://supportforums.cisco.com/thread/2033218[/url]:

    1. [SIZE=12px][FONT=Arial][COLOR=#333333]Do you have a Layer 3 interface (interface vlan 73) on the 3750? Please try[/COLOR][/FONT][/SIZE]
      [FONT=Arial][COLOR=#333333][SIZE=12px]the following on the leaf switch:[/SIZE][/COLOR][/FONT]
      [FONT=Arial][COLOR=#333333][SIZE=12px] [/SIZE][/COLOR][/FONT]
      [FONT=Arial][COLOR=#333333][SIZE=12px]ip routing[/SIZE][/COLOR][/FONT]
      [FONT=Arial][COLOR=#333333][SIZE=12px] [/SIZE][/COLOR][/FONT]
      [FONT=Arial][COLOR=#333333][SIZE=12px]interface vlan 73[/SIZE][/COLOR][/FONT]
      [FONT=Arial][COLOR=#333333][SIZE=12px]ip helper-address[/SIZE][/COLOR][/FONT]
      [FONT=Arial][COLOR=#333333][SIZE=12px]exit[/SIZE][/COLOR][/FONT]
      [FONT=Arial][COLOR=#333333][SIZE=12px] [/SIZE][/COLOR][/FONT]
      [FONT=Arial][COLOR=#333333][SIZE=12px]service dhcp[/SIZE][/COLOR][/FONT]
      [FONT=Arial][COLOR=#333333][SIZE=12px] [/SIZE][/COLOR][/FONT]
      [FONT=Arial][COLOR=#333333][SIZE=12px]2. try to use encapsulation on both ports[/SIZE][/COLOR][/FONT]
      [FONT=Arial][COLOR=#333333][SIZE=12px] [/SIZE][/COLOR][/FONT]
      [FONT=Arial][COLOR=#333333][SIZE=12px]switchport trunk encapsulation dot1q[/SIZE][/COLOR][/FONT]


  • [quote=“chad-bisd, post: 17861, member: 18”]I’m no Cisco guy, but have you tried looking at [url]http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_sw_cnfg.pdf[/url], specifically the sections on PXE and TFTP?[/quote]

    Thanks for the link, but this is not the issue. As stated in the very beginning of that step; that ACL is only required for IOS earlier than IOS 12.2.(55)SE. My access switches are at this level of code, and for giggles I’ve applied the ACL anyway to see if there would be any difference, and there was no difference.

    EDIT: In addition this does not have any problems on my core switches. FOG TFTP’s just fine there, and the same port command are on that switch as are on the 3750 switches.


  • Moderator

    I’m no Cisco guy, but have you tried looking at [url]http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_sw_cnfg.pdf[/url], specifically the sections on PXE and TFTP?


Log in to reply
 

407
Online

38993
Users

10713
Topics

101700
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.