Just Trying To Get Started
-
My DHCP server is a virtualized 2008R2 installation running on a VMWare ESX server in my central rack. That ESX server is connected to the network via a Cisco Catalyst 2960G switch which is connected to a Cisco Catalyst 3750 switch which is connected to my core switches mentioned above.
-
Maybe I sound ignorant by asking, but what if you actually just tried to use your existing DHCP server? Perhaps adding options 66/67 to a ‘sandbox’ scope or a scope that is easily accessible in your building. This would point to the Proxy DHCP service setup.
Also, I’ve experienced the whole PXE-M0F error if you’re not using the legacy PXE boot option. Would this happen to be a UEFI device? I know we’ve had to revert some of the newer laptops we deploy in our schools because it refuses to PXE boot.
-
[quote=“Phil Brackett, post: 32368, member: 24966”]My DHCP server is a virtualized 2008R2 installation running on a VMWare ESX server in my central rack. That ESX server is connected to the network via a Cisco Catalyst 2960G switch which is connected to a Cisco Catalyst 3750 switch which is connected to my core switches mentioned above.[/quote]
What happens when you run the tftp get commands from a machine within the network?
from a windows machine (preferably on the same switch you are working with), enable the tftp client in the Windows Add/Remove Programs and Features section of Control Panel.
Now open a command prompt and issue the following command where x.x.x.x is your ip address of your FOG server.
[code]
tftp x.x.x.x get undionly.kpxe[/code]Is Port Fast enabled on your switches? I use the 2960 in my environment as well, I don’t claim to be an expert but with the correct settings and dnsmasq I can pxe boot without issues. This is really the only setting I remember enabling other than IGMP Snooping, which I am told will not have an affect here.
-
Jaymes, the tftp attempt fails. I do have telnet access to all of my major switches, so if you can tell me how to check for Port Fast (my CLI is very rusty), I will look and see.
RLane, the client in question is a UEFI device, so I will try a legacy PXE boot to see if that works.
Thanks for the suggestions; more in a few minutes.
-
Okay, here’s some more info:
I checked the BIOS settings on the client (an HP Elitebook 8570p), and it is set-up for a legacy boot (I must have done that at some point in the past). However, in the System Configuration menu of the BIOS, there were three PXE boot options: 1) PXE NIC, 2) PXE IPV4, & 3) PXE IPV6. Only the first one was optioned. I optioned the other two, but still no joy.
Something interesting has changed though. Now, during PXE booting, I get the F8 menu and I choose network boot (as before) and the TFTP search seems to take a few seconds now. Previously, the PXE-M0F error appeared so fast that I had to video the process to see the error in slow-mo. Now, the TFTP search takes multiple seconds, and the periods after the TFTP are multiple before timing out. I don’t know if this makes a difference or not.
-
PXE Nic is likely the option you want. PXE IPv4 and PXE IPv6 is looking for UEFI files to boot which we don’t have right now.
The fact that you can’t tftp the files you need even in a windows box means either the networking is not allowing the passage of the tftp traffic, or tftpd-hpa service is not running.
-
This post is deleted! -
[quote=“Phil Brackett, post: 32399, member: 24966”]Okay, here’s some more info:
I checked the BIOS settings on the client (an HP Elitebook 8570p), and it is set-up for a legacy boot (I must have done that at some point in the past). However, in the System Configuration menu of the BIOS, there were three PXE boot options: 1) PXE NIC, 2) PXE IPV4, & 3) PXE IPV6. Only the first one was optioned. I optioned the other two, but still no joy.
Something interesting has changed though. Now, during PXE booting, I get the F8 menu and I choose network boot (as before) and the TFTP search seems to take a few seconds now. Previously, the PXE-M0F error appeared so fast that I had to video the process to see the error in slow-mo. Now, the TFTP search takes multiple seconds, and the periods after the TFTP are multiple before timing out. I don’t know if this makes a difference or not.[/quote]
Because the command failed I want you to verify that the tftp service is running, on the FOG server from the linux installation open a terminal and type the following command
[code]
sudo service tftpd-hpa restart[/code]This should cause the service to restart. After the service is restarted please try the command on the windows box again.
I use the CNA program provided by cisco to edit the settings of my switches after the initial set up. I recommend using this program as it is a GUI and you can back up and restore switch settings within it. I would verify that Port Fast is enabled on all your ports with the CNA program.
-
I restarted the tftpd-hpa service on the FOG machine, and I am now able to tftp the undionly.kpxe file inside a windows machine. Yay!
BUT, when I attempted to PXE boot the client machine (the HP Elitebook), the F8 menu timed out super-fast (as it had before).
Jaymes, I have started a download from cisco.com of the cna of which you speak. You may have opened a door to a whole new world for me:)
I will hopefully use it to check my switches for Port Fast functionality.
-
By the way, is it strange that I can’t use my FOG box to access the internet?
I was previously able to access the internet on the Ubuntu machine (I obviously downloaded the update to FOG 1.1.2 yesterday), but now I can’t browse to anywhere, other than local web servers (like the FOG interface or my web filter interface).
Just wondering if this has something to do with the major problem.
-
It could be possible, I know it is set this way in my environment as I work in education, that every devices is defaulted to a filter that is not allowing it to communicate with the outside world. This shouldn’t cause issues with pxe booting, but it will cause issues when trying to download directly to the server or to perform upgrades.
We are a Novell network with a cymphonix webfilter, I had to add my admin machines and my fog boxes to the filter bypass group, you may need to do something similar.
I am curious if you move the FOG server and a machine to a switch by themselves if the pxe menu will display, it should, but I am worried there may be more in your infrastructure that could cause issues with receiving the boot file in a timely manor.
Never fret, I have a solution if we need to use it, for now can you isolate a host and the fog server and verify that the host can load the pxe menu?
-
We are a Windows network with a Lightspeed filter, and my FOG machine is already a part of a filter bypass group, so its inability to access the internet is a little dumbfounding. In fact, when I check my web filter logs to see where the FOG machine has tried to go, it shows no attempts to access the internet at all (since yesterday). Weird?!?!
Anyway, thanks for the CNA information, I have it right now discovering my switches on the IP subnet where I have them all assigned!!
When you suggest moving the FOG server and a host machine to an isolated switch, do you mean just connecting the two machines to a single switch that is not connected to anything else?
-
[quote=“Phil Brackett, post: 32422, member: 24966”]We are a Windows network with a Lightspeed filter, and my FOG machine is already a part of a filter bypass group, so its inability to access the internet is a little dumbfounding. In fact, when I check my web filter logs to see where the FOG machine has tried to go, it shows no attempts to access the internet at all (since yesterday). Weird?!?!
Anyway, thanks for the CNA information, I have it right now discovering my switches on the IP subnet where I have them all assigned!!
When you suggest moving the FOG server and a host machine to an isolated switch, do you mean just connecting the two machines to a single switch that is not connected to anything else?[/quote]
That is very odd, however, I don’t have any experience with lightspeed.
In theory, yes, just connecting the two machines on the same switch without any other network access should work, as long as you can supply some kind of DHCP information.
If you would like we can set up the DNSMASQ service, I use this in my environment and it is actually the only way to resolve to my FOG server. It’s a quick easy set up, and it’s just as easy to remove. The DNSMASQ will act as a proxy dhcp server for machines looking to boot via TFTP, it will also help to point those machines to the correct boot file.
If you are interested the link is here [url]http://fogproject.org/wiki/index.php/Using_FOG_with_an_unmodifiable_DHCP_server/_Using_FOG_with_no_DHCP_server#DNSMASQ_settings_for_iPXE[/url]
-
I will get started right away. More to come in a few.
-
To check if you have portfast enabled on your 2960 series
telnet to your switch and issue these commands:
show running-config
scroll down to your interfaces.
[CODE]interface GigabitEthernet1/0/1
switchport access vlan 130
switchport mode access
switchport voice vlan 120
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
macro description cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
!
interface GigabitEthernet1/0/2
switchport access vlan 130
switchport mode access
switchport voice vlan 120
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
macro description cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
[/CODE]look for [COLOR=#ff0000]spanning-tree portfast[/COLOR]
if you see it, its enabled, unless its expressly disabled then you will see
spanning-tree portfast disabledto enable port-fast: --change 1/0/1 to the interface you need
[CODE]
GR-NB-2960S-01#enable
GR-NB-2960S-01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
GR-NB-2960S-01(config)#
GR-NB-2960S-01(config)#interface gigabitEthernet 1/0/1
GR-NB-2960S-01(config-if)#
GR-NB-2960S-01(config-if)#spanning-tree portfast
GR-NB-2960S-01(config-if)#exit
GR-NB-2960S-01(config)#exit
GR-NB-2960S-01#
[/CODE][COLOR=#000000]If you wish to save your settings. [/COLOR]
[CODE]GR-NB-2960S-01#write memory
Building configuration…
[OK]
GR-NB-2960S-01#
[/CODE] -
Jaymes, I have installed the FOG machine and a client machine (the HP Elitebook) on a spare Cisco 2960. I have also edited my ltsp.conf to match the one you showed me at [URL=‘http://fogproject.org/wiki/index.php/Using_FOG_with_an_unmodifiable_DHCP_server/_Using_FOG_with_no_DHCP_server#DNSMASQ_settings_for_iPXE’]http://fogproject.org/wiki/index.ph...with_no_DHCP_server#DNSMASQ_settings_for_iPXE[/URL]
I have also restarted the dnsmasq service.
Where is the tftpboot folder, so I can symlink according to your directions?
-
[quote=“Phil Brackett, post: 32431, member: 24966”]Jaymes, I have installed the FOG machine and a client machine (the HP Elitebook) on a spare Cisco 2960. I have also edited my ltsp.conf to match the one you showed me at [URL=‘http://fogproject.org/wiki/index.php/Using_FOG_with_an_unmodifiable_DHCP_server/_Using_FOG_with_no_DHCP_server#DNSMASQ_settings_for_iPXE’]http://fogproject.org/wiki/index.ph...with_no_DHCP_server#DNSMASQ_settings_for_iPXE[/URL]
I have also restarted the dnsmasq service.
Where is the tftpboot folder, so I can symlink according to your directions?[/quote]
It is on the root of the drive.
[code]
cd /tftpboot [/code] -
On HP Elitebook (client):
no DHCP or ProxyDHCP offers were received.
I am using the exact ltsp.conf that you showed me (no changes).
FOG machine and Elitebook both plugged into Cisco 2960 ports 1 & 2
-
Since the FOG machine is not hooked up to my network anymore (because you had me move it to an isolated switch) I don’t know its IP address so I couldn’t modify to ltsp.conf to be any more specific.
-
I’m going to step in a little bit. You’re over thinking I think a little bit.
If you take the client system and place the network on the same switch as your FOG server does all work?
If it doesn’t work, then the problem is either DHCP isn’t handing out the right pointers to your FOG Server (Option 66/Option 67) or your switch is blocking the passing of this data to the FOG Server, or the service isn’t running on the FOG Server.If the first switch works, then step to the next switch and try again, if that doesn’t work then something in that second switch is blocking access out. If all works fine, step back to the next switch in the chain. And so forth.