NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

dialsc's avatar
dialsc
Guide
Jun 13, 2020

IP-Helper breaks PXE in inter-VLAN setup

Hi

 

After searching and investigating for I-do-not-know-how-many hours I think I nailed the following problem down to an incompatible ip-helper implementation in the M5300 firmware.

 

The problem:

The ip-helper/UDP Relay implementation seams to have problems with DHCP Offer responses created by a Microsoft PXE enabled SCCM Distribution Point as well as with those created by Windows Deployment Services.

 

The point I nailed it down to:

The DHCP Offers sent back to the ip-helper address (on the M5300) are not getting forwarded as broadcast to the ip subnet the client is located at. The switch sends back an ICMP response with Destination unreachable (Port unreachable) to the PXE server.

 

DHCP Offer: 10.0.10.102 -> 10.0.20.254

ICMP DestUnreachable: 10.0.20.254 -> 10.0.10.102

 

The setup:

  • 2 VLANs:
    • VLAN10:
      Services: DHCP & PXE servers
      IP Network: 10.0.10.0/24
    • VLAN20:
      Services: DHCP clients
      IP Network: 10.0.20.0/24

  • The servers:
    • DHCP server 0: 10.0.10.100
    • DHCP server 1: 10.0.10.101
    • PXE server: 10.0.10.102

  • The switch:
    • VLAN10: 10.0.10.254
    • VLAN20: 10.0.20.254

 

Conclusion:

By simply setting up another router (Mikrotik) connected to the two vlans and configure the three ip-helpers needed on it things start to work because it is correctly fowarding the DHCP Offers from the PXE server to the client.

 

Would you agree on this might be a bug or is there anything I'm just missing.

 

Best,

dialsc

4 Replies

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Jun 17, 2020

    dialsc,

     

    As far as I have checked, there is no issue logged for the M5300 switch series as per you have described on your post.  Kindly answer the questions below: 

     

    a.  Is the Microsoft PXE enabled SCCM Distribution Point directly connected to the M5300-28GF3 switch?  Kindly post an image of your detailed network diagram.  

    b.  Do you have another M5300-28GF3 switch?  If yes, did you observed the same problem.  

    c.  On the conclusion part, is the Mikrotik router set as the main router in the network?  Kindly post an image of your detailed network diagram showing this as well.

    d.  What is the current firmware version of the M5300-28GF3 switch? 

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

    • dialsc's avatar
      dialsc
      Guide
      Jun 21, 2020

       

      DaneA 

       

      Thank you very much for your answer. Please find my answers to your questions below:

       

      a.  Is the Microsoft PXE enabled SCCM Distribution Point directly connected to the M5300-28GF3 switch?  Kindly post an image of your detailed network diagram.

      [Answer] No, the PXE as well as the DHCP servers and the clients are virtual machines where the virtualization hosts are attached to dedicated switches. Do you mind me sending the information about our network details as e.g. a PM? I do not want it to be posted to the world... ;)

       

      b.  Do you have another M5300-28GF3 switch?  If yes, did you observed the same problem.  

      [Answer] Yes and yes. Acctually we run two independend top of the rack switches, both of them are M5300 switches. The package path is managed by STP (MSTP).

       

      c.  On the conclusion part, is the Mikrotik router set as the main router in the network?  Kindly post an image of your detailed network diagram showing this as well.

      [Answer] No, it is not. It is not set as a router at all but only attached to the two VLANs thus it realizes the DHCP broadcasts from the client and forward them to the PXE server as well as forwarding the responses/DHCP Offers back to the client. Meanwhile I replaced the virtual Mikrotik with an older hardware one which is attached to the top of the rack M5300 switches, specifically to the VLANs in question. The result is still the same. The M5300 switches deny forwarding the DHCP Offers from the PXE server but the MT router does and therefore, as long as it is available, clients are able to boot via PXE.

       

      d.  What is the current firmware version of the M5300-28GF3 switch? 

      [Answer] The latest on all switches. For the top of the rack M5300, which also do routing (inter-VLAN) this means version 11.0.0.40

       

      Regards,

       

      dialsc

      • DaneA's avatar
        DaneA
        NETGEAR Employee Retired
        Jun 24, 2020

        dialsc,

         

        I apologize for the late response. :(   Thank you for your answers.  

         

        Do you mind me sending the information about our network details as e.g. a PM? I do not want it to be posted to the world... Smiley Wink

        Sure, no problem.  Kindly send it to me via private message.  

         

         

        Regards,

         

        DaneA

        NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More