Hello
My machines can’t start with pxe over uefi from one vlan but works fine from an other vlan.
I have no problem with bios legacy pxe boot
I can’t understand the reason why ?
here the dhcpd.conf file:
#
# dhcpd.conf
#
ddns-update-style standard;
authoritative;
#log-facility local7;
set vendor-string = option vendor-class-identifier;
log (info, option vendor-class-identifier);
include "/etc/dhcp/vip.conf";
subnet 148.60.0.0 netmask 255.255.248.0 {
##########################################
option domain-name-servers 148.60.15.109,148.60.15.106 ;
option domain-name "istic.univ-rennes1.fr" ;
option routers 148.60.7.254 ;
option subnet-mask 255.255.248.0 ;
default-lease-time 2592000 ;
max-lease-time 5184000 ;
pool {
allow members of "vip";
range 148.60.7.200 148.60.7.230;
}
group {
next-server 148.60.4.1;
class "Legacy" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
filename "undionly.kkpxe";
}
class "UEFI-32-2" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
filename "i386-efi/ipxe.efi";
}
class "UEFI-32-1" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
filename "i386-efi/ipxe.efi";
}
class "UEFI-64-1" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
filename "ipxe.efi";
}
class "UEFI-64-2" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
filename "ipxe.efi";
}
class "UEFI-64-3" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
filename "ipxe.efi";
}
host admin01 { hardware ethernet 7**d:cf; fixed-address admin01; option Host-name "admin01";} #
host admin02 { hardware ethernet b8:85**a; fixed-address admin02; option Host-name "admin02";} # proto windows salles istic
#host admin04 { hardware ethernet 74**; fixed-address admin04; option Host-name "admin04";} #AIO Dell 9030
host admin05 { hardware ethernet d8:** fixed-address admin05; option Host-name "admin05";} # HP8100 AIO
host admin07 { hardware ethernet c**; fixed-address admin07; option Host-name "admin07";} # AIO Dell 9030
# marque debut pour dhcp-vm vlan 2, pas touche SVP.
# marque fin pour dhcp-vm vlan 2, pas touche SVP.
}
subnet 148.60.10.0 netmask 255.255.255.0 {
##########################################
option domain-name-servers 148.60.15.109,148.60.15.106 ;
option domain-name "istic.univ-rennes1.fr" ;
option routers 148.60.10.254 ;
option subnet-mask 255.255.255.0 ;
default-lease-time 600 ;
max-lease-time 1200 ;
group {
# On commente les deux lignes suivantes pour éviter le menu de Fog
next-server 148.60.4.1;
class "Legacy" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
filename "undionly.kkpxe";
}
class "UEFI-32-2" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
filename "i386-efi/ipxe.efi";
}
class "UEFI-32-1" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
filename "i386-efi/ipxe.efi";
}
class "UEFI-64-1" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
filename "ipxe.efi";
}
class "UEFI-64-2" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
filename "ipxe.efi";
}
class "UEFI-64-3" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
filename "ipxe.efi";
}
host arrakis { hardware ethernet 0***FA; fixed-address arrakis; option Host-name "arrakis";} # Gx360 Gentoo AD
host admin11 { hardware ethernet 9c****:ca; fixed-address admin11; option Host-name "admin11";} #linux test 8300 AD
host brisbane { hardware ethernet 00:2****c9; fixed-address brisbane; option Host-name "brisbane";} # Windows SA
# marque fin pour dhcp-vm vlan 10, pas touche SVP.
pool {
deny members of "telephones-ip";
range 148.60.10.180 148.60.10.220;
next-server 148.60.15.121;
filename "pxelinux.0";
}
####################################################
# pool d'adresse dynamique reserve aux telephones IP
# testsip
pool {
allow members of "telephones-ip";
range 148.60.10.224 148.60.10.239; #
}
}
}
The problem is for the subnet 148.60.10.0/24
With tcpdump, I don’t capture any packet on 148.60.4.1 fog server from the booting 148.60.10.193 machine
I have no firewall working on my fog server.
I have no access rules from 148.60.10.0 vlan to 148.60.4.0 vlan
Could you help me