Setting up FOG 1.2.0 in Multiple VLANs



  • [B]Environment Details:[/B]
    [LIST]
    []School District Network with each school on their own VLAN
    [
    ]Windows Server 2008 R2 w/ AD, DHCP, and DNS
    []FOG server installed on Ubuntu Server 12.04.5 LTS
    [
    ]FOG server (hardware server) hooked into trunked VLAN port in switch
    []DHCP 066 is set to “fogserver” and not a specific IP
    [
    ]Configured DNS Forward Lookup Zones to point “fogserver” to it’s relative VLAN IP
    [LIST]
    [*][IMG]http://i.imgur.com/t2GZ5SS.png[/IMG]
    [/LIST]
    [/LIST]
    [B]FOG Installation Configuration:[/B]
    [CODE] Here are the settings FOG will use:
    Base Linux: Debian
    Detected Linux Distribution: Ubuntu
    Installation Type: Normal Server
    Server IP Address: 10.52.4.23
    DHCP router Address: 10.52.4.20
    DHCP DNS Address: 10.52.4.20
    Interface: eth2
    Using FOG DHCP: 0
    Internationalization: 0
    Donate: 0

        DHCP will NOT be setup but you must setup your
        current DHCP server to use FOG for PXE services.
    
        On a Linux DHCP server you must set:
            next-server
    
        On a Windows DHCP server you must set:
            option 066 & 067
    
          Option 066 is the IP of the FOG Server: (e.g. 10.52.4.23)
          Option 067 is the undionly.kpxe file: (e.g. undionly.kpxe)
    

    [/CODE]
    [B]**NOTE: [/B]I figure maybe when FOG asks for IP’s like above, it may cause issues since 10.52.4.x is the High School VLAN. The only way a server/workstation can communicate with another server/workstation on another VLAN is to use the DNS name I configured in DNS Forward Lookup Zones (“fogserver” in my case) but the FOG Install Script only wants IP addresses.

    [B]/etc/network/interfaces configuration:[/B]
    [CODE]# The loopback network interface
    auto lo
    iface lo inet loopback

    The primary network interface

    auto eth2

    iface eth2 inet dhcp

    High School

    auto eth2.4
    iface eth2.4 inet static
    address 10.52.4.23
    netmask 255.255.252.0
    gateway 10.52.4.1
    dns-nameservers 10.52.4.20 8.8.8.8
    vlan-raw-device eth2

    Junior High

    auto eth2.8
    iface eth2.8 inet static
    address 10.52.8.23
    netmask 255.255.252.0
    dns-nameservers 10.52.8.20 8.8.8.8
    vlan-raw-device eth2

    Central Office

    auto eth2.10
    iface eth2.10 inet static
    address 10.52.1.23
    netmask 255.255.255.0
    dns-nameservers 10.52.1.20 8.8.8.8
    vlan-raw-device eth2

    Primary School

    auto eth2.12
    iface eth2.12 inet static
    address 10.52.12.23
    netmask 255.255.252.0
    dns-nameservers 10.52.12.20 8.8.8.8
    vlan-raw-device eth2

    Elementary School

    auto eth2.16
    iface eth2.16 inet static
    address 10.52.16.23
    netmask 255.255.252.0
    dns-nameservers 10.52.16.20 8.8.8.8
    vlan-raw-device eth2
    [/CODE]

    [B]RESULTING PROBLEM:[/B]
    [B][IMG]http://i.imgur.com/34wfJco.png[/IMG][/B]

    Any suggestions? :\


  • Developer

    Sorry I can’t be of more help, I set up a server at each of my locations, but that works out to my benefit because each building uses the same base, but this lets me tweak the settings to better fit that novell context.



  • [quote=“Jaymes Driver, post: 37572, member: 3582”]I’ve never had success (in my messed up network) booting to my fog server from another VLAN. I know that with dnsmasq it is technically possible but I don’t have any experience in doing so.

    My network stems from one building and is dished out to each of the other buildings. Each building is a VLAN itself.

    I would assume (and you know what happens when you assume) that the ip address would be the same across all VLANs, the ip helper is just to help point that VLAN back to your fog server ip.[/quote]

    I just tried a couple of different things. Changing the dhcp-relay/ip-helper IP, removing the Scope Options from the DHCP server, re-enabling Scope Options with FOG’s hostname instead of VLAN IP.

    Meh… I’m giving up. I’ll just make the proper changes to get them to work on one of the VLANs everytime we need to re-image a computer.

    Thanks to all of you that tried to help


  • Developer

    [quote=“Christian Nichols, post: 37570, member: 2195”]I read on another thread that you use the DNSMASQ technique for FOG - I followed the wiki guide and set it up here as well. I’ve set the ip-helper/dhcp relay up to point back to the FOG server; however, it still cannot boot to the FOG menu because everytime iPXE loads it tries to pull the boot.php file from the wrong IP (much like the above result).

    Should the dhcp-relay/ip-helper be different on each VLAN (I’m using FOG’s respective VLAN IP)

    Any ideas?[/quote]

    I’ve never had success (in my messed up network) booting to my fog server from another VLAN. I know that with dnsmasq it is technically possible but I don’t have any experience in doing so.

    My network stems from one building and is dished out to each of the other buildings. Each building is a VLAN itself.

    I would assume (and you know what happens when you assume) that the ip address would be the same across all VLANs, the ip helper is just to help point that VLAN back to your fog server ip.



  • [quote=“Jaymes Driver, post: 37013, member: 3582”]does this help any? [url]http://fogproject.org/forum/threads/multicasting-over-vlans-get-stuck-at-please-wait.5436/#post-14158[/url]

    Sorry I don’t know anything about fortigate :([/quote]

    I read on another thread that you use the DNSMASQ technique for FOG - I followed the wiki guide and set it up here as well. I’ve set the ip-helper/dhcp relay up to point back to the FOG server; however, it still cannot boot to the FOG menu because everytime iPXE loads it tries to pull the boot.php file from the wrong IP (much like the above result).

    Should the dhcp-relay/ip-helper be different on each VLAN (I’m using FOG’s respective VLAN IP)

    Any ideas?



  • Nice hack! It almost worked.

    While I was testing it on another VLAN from the FOG server it did as you said and went down the list trying the different IP’s; however, when it finally got to the right VLAN IP and wanted to download bg.png it failed because it was trying to download it from FOG’s native IP (10.52.4.23). I say “native” because that’s the IP that’s setup in FOG’s settings because I had no choice as I couldn’t add FOG’s hostname instead.

    I was in the Elementary 10.52.[B]16[/B] vlan
    [QUOTE][url]http://10.52[/url].[B]4[/B].23/fog/service/ipxe/bg.png… Connection timeout[/QUOTE]


  • Developer

    here’s something for you to try
    [CODE]chain http://10.52.4.23/fog/service/ipxe/boot.php?mac=${net0/mac} || chain http://10.52.8.23/fog/service/ipxe/boot.php?mac=${net0/mac} || chain http://10.52.1.23/fog/service/ipxe/boot.php?mac=${net0/mac} || etc[/CODE]
    on each failure, it will try the next chain command



  • I mistyped on previous post.

    It will boot to the fogserver’s PXE (not the FOG menu) - it will timeout when default.ipxe is trying to load.

    Chainloading solved the issue but only for the VLAN FOG is on.



  • [quote=“Jaymes Driver, post: 37013, member: 3582”]does this help any? [url]http://fogproject.org/forum/threads/multicasting-over-vlans-get-stuck-at-please-wait.5436/#post-14158[/url]

    Sorry I don’t know anything about fortigate :([/quote]

    I’ll check it out and try that; however, multicasting isn’t the main problem right now. It’s just being able to use FOG across all VLANs. I can’t even PXE boot from another VLAN - only the VLAN that the FOG server is located. :(



  • Reading the wiki on setting up DNSMasq to try. Will report back.

    Still would like to know how to setup an ip-helper setting on a FortiGate router if anyone knows.


  • Developer

    does this help any? [url]http://fogproject.org/forum/threads/multicasting-over-vlans-get-stuck-at-please-wait.5436/#post-14158[/url]

    Sorry I don’t know anything about fortigate :(



  • I’m going to take a step back and make sure I have my router configured properly.

    [QUOTE][I]Tom Wrote[/I]: We have 12 separate VLANs in our organization. All have their own Gateway’s that lead back to our routing switch. Our routing switch has an ip-helper setting back to our central DHCP server for their related Gateway. This way there’s still a gate to communicate across, and the routing switch has all the routes configured to allow pass of traffic from one subnet to another.[/QUOTE]

    I’m researching how to configure our FortiGate router to make FOG’s IP visible across all VLANs. If anyone knows how I should setup the FortiGate so the VLANs can communicate with the FOG Server’s IP I’d appreciate it. My network engineering experience is limited.



  • Meh… doesn’t work in the other VLANs lol. [I]clenches fists[/I]



  • [url]http://www.fogproject.org/wiki/index.php/Chainloading_PXE_to_iPXE_using_pxelinux.0[/url]

    Followed that guide and I can get to the menu from at least one VLAN now (I will check the others soon).

    Only different thing I did from the guide is use FOG’s hostname instead of IP - works fine.
    [CODE]DEFAULT vesamenu.c32
    MENU TITLE Fog Reimage Menu
    MENU COLOR TITLE 1;36;44 #ffffffff #00000000 std
    LABEL iPXE Boot
    MENU DEFAULT
    KERNEL ipxe.krn
    APPEND dhcp && chain http://fogserver/fog/service/ipxe/boot.php?mac=${net0/mac}
    PROMPT 0
    TIMEOUT 1[/CODE]

    Hope it images okay tho. One step at a time! I’ll report back.



  • This is some of the output of ‘show running-config’ command on the FOG server switch.

    Interface GigabitEthernet1/0/16 is the FOG Server

    [CODE]system mtu routing 1500
    ip subnet-zero
    ip routing
    !
    !
    !
    !
    no file verify auto
    !
    spanning-tree mode rapid-pvst
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending

    !
    interface GigabitEthernet1/0/16
    switchport trunk encapsulation dot1q
    switchport mode trunk
    spanning-tree portfast trunk
    [/CODE]



  • [quote=“Junkhacker, post: 36537, member: 21583”]i seem to recall someone having a short writeup about cisco switch configuration on the forums, or at least a link to one. some forum searching might yield useful results[/quote]
    I found it. Jaymes wrote one. Thanks

    [url]http://fogproject.org/forum/threads/cisco-ws-c2960s-not-passing-pxe-or-proxydhcp.9916/[/url]

    [quote=“Tom Elliott, post: 36535, member: 7271”]STP, I’m assuming is enabled for a reason, so if you can I’d recommend start by enabling Portfast/Rapid STP if you can. If you cannot, see about disabling stp throughout if you can.

    You can do it, for testing, on a switch at a time, so yes, you can “test” by enabling/disabling as needed to a known problem area.

    I don’t know how your switches react, so I’d say, just for performance, if you can test it after hours.

    I don’t have a tutorial, I’m sorry.[/quote]

    Okay, I’ve enabled PortFast on all of the workstation interfaces (and on also on FOG Server switch port) and I’ve changed the Switch Mode from PVST to Rapid-PVST on both the FOG server switch & workstation switch with the same outcome. It doesn’t seem to make a difference. Connection timeout when it tries to load /default.ipxe

    However, it [B]DOES[/B] work on workstations connected to the same switch as the FOG Server.

    NOTE: I haven’t rebooted the switches since I’ve made those changes. Would that make a difference maybe?

    Any suggestions?


  • Developer

    i seem to recall someone having a short writeup about cisco switch configuration on the forums, or at least a link to one. some forum searching might yield useful results


  • Senior Developer

    STP, I’m assuming is enabled for a reason, so if you can I’d recommend start by enabling Portfast/Rapid STP if you can. If you cannot, see about disabling stp throughout if you can.

    You can do it, for testing, on a switch at a time, so yes, you can “test” by enabling/disabling as needed to a known problem area.

    I don’t know how your switches react, so I’d say, just for performance, if you can test it after hours.

    I don’t have a tutorial, I’m sorry.



  • Okay I’ve obtained the credentials and have access via telnet and web interface. Haven’t tried console.

    Questions before I start configuring the switches:
    [LIST]
    []STP is enabled. Does it need to be disabled or just enable Portfast or Rapid STP alongside it?
    [
    ]Can this be done on just one of the end switches (like a lab switch) to see if it fixes the problem or does it have to be enabled on every switch in the network for it to have any effect?
    []Should this be done after hours or do you think it can safely be done during the work day to avoid a lot of downtime for end-users?
    [
    ]Do you have a link to a tutorial/thread explaining how to do this with Cisco switches? Thought I’d ask.
    [/LIST]
    Thanks!



  • [quote=“Tom Elliott, post: 36343, member: 7271”]On each of your switches, I’m going to guess that you’ve got STP (Spanning Tree Protocol) enabled? Can you enable Portfast or Rapid STP?[/quote]

    I will check on this as soon as I get credentials for the switches. We outsourced the VLAN configuration and never got the credentials.

    Will update soon.


Log in to reply
 

435
Online

39.3k
Users

11.0k
Topics

104.4k
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.