PXE Boot
Preboot Execution Environment (PXE) is an environment to boot computers using a network interface independently of data storage devices (like hard disks) or installed operating systems. The PXE protocol is approximately a combination of Dynamic Host Configuration Protocol (DHCP) and Trivial File Transfer Protocol (TFTP), albeit with subtle modifications to both. DHCP is used to locate the appropriate boot server or servers, with TFTP used to download the initial bootstrap program and additional files.
For a Cisco Switches, the following configuration requires to speed up Internet Protocol (IP) assignation during PXE boot.
Each of every PC connected to switch, following configuration is required:
** Spanning Tree Protocol (STP) convergence (Layer 2 convergence) happens when bridges and switches have transitioned to either the forwarding or blocking state. Normal Spanning Tree Protocol (STP) convergence (Layer 2 convergence) time is 50 seconds and the end user traffic is blocked until Root Port and/or Designated Port reach the forwarding state.
In order to run PXE in Virtual Local Area Network (VLAN) environment, DHCP Relay require to configured at Switch if the server’s VLAN and client’s VLAN is different. This is in order for the PXE signal to transfer from server’s VLAN to client’s VLAN
When configuring the Layer 3 switch, make sure that the Vlan of the server and the Vlan of the client can communicate with each other. The PXE between the server and the client is UDP 67, UDP 68, UDP 69, UDP 4011 (PXE protocol See the following figure), Phantosys transport protocol (port UDP 14372, management port 4001,4002,4003) can be successfully forwarded communications; all client-connected switch port Portfast function is open; PXE protocol boot process is as follows:
Phantosys application examples over VLANs
Environment description:
Cisco3560 Layer 3 Hub one in the Hub Add two Vlan (Vlan 10 and Vlan 11), Vlan segment 10 is set 192.168.128.0/24(IP Mask to 255.255.255.0), Gateway to 192.168.128.1; Vlan 11 segments to 192.168.127.0/24(IP Mask to 255.255.255.0), Gateway to 192.168.127.1; will Cisco3560 in Gigabit Ethernet 0/1 port assigned to Vlan 10; will Cisco3560 in Gigabit Ethernet 0/2 port included Vlan 11; Phantosys server connected to the Gigabit Ethernet 0/1 port, Phantosys server set a fixed IP: 192.168.128.100, IP mask: 255.255.255.0, Gateway to 192.168.128.1; Phantosys client connected to the Gigabit Ethernet 0 on / 2 port, IP set 192.168.127.50, IP Mask is 255.255.255.0, Gateway to 192.168.127.1.
Please make when Layer 3 Hub configuration to ensure Vlan Phantosys server where the 10 and the end of Vlan 11 Client can be “routed”, PXE Phantosys server and the Client’s, UDP [port: 14372] communication protocol can successfully communicate; will all port The “Port fast” feature enabled
Layer 3 Hub parameter command (Reference):enable the “routing” feature:
Switch# configure terminal
Switch(config)#ip routing
Switch(config)#end
config vlan 10:
Switch# configure terminal
Switch(config)#vlan 10
Switch(config-vlan)#name test1
Switch(config-vlan)#end
set vlan 10 and IP mask
Switch# configure terminal
Switch(config)#interface vlan 10
Switch(config)#ip address 192.168.128.1 255.255.255.0
Switch(config-vlan)#end
config vlan 11
Switch# configure terminal
Switch(config)#vlan 11
Switch(config-vlan)#name test2
Switch(config-vlan)#end
set vlan 11 and IP mask while the ip helper-address pointing server 192.168.127.1
Switch# configure terminal
Switch(config)#interface vlan 11
Switch(config)#ip address 192.168.127.1 255.255.255.0
Switch(config)#ip helper-address 192.168.128.100
Switch(config-vlan)#end
Gigabit Ethernet port 1 included Vlan 10 enable portfast
Switch# configure terminal
Switch(config)#interface gigabitEthernet 0/1
Switch(config-if)#switchport
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# Spanning-tree Portfast
Switch(config-if)#no shutdown
Switch(config-if)#end
Gigabit Ethernet port 1 included Vlan 11 enable portfast
Switch# configure terminal
Switch(config)#interface gigabitEthernet 0/2
Switch(config-if)#switchport
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 11
Switch(config-if)# Spanning-tree Portfast
Switch(config-if)#no shutdown
Switch(config-if)#end
Notes: ip helper- address is used to UDP broadcast network segment to another segment on the specified machine, and be broadcast to another segment is unicast broadcast] [single way.
Spanning-tree portfast purpose is to change the setting so that the client side can quickly get the normal allotment of DHCP IP information
About Cisco ACL access control lists
If the ACL is enabled for ACL access, configure the request to allow PXE DHCP requests to reach the Phantosys server
The reference configuration is as follows:
# Create an ACL named Phantosys-access Switch (config) # ip access-list extend Phantosys-access
Switch (config) # Permit ip any host 192.168.128.100 Switch (config) # Permit udp any host 255.255.255.255 eq 67
Switch (config) #exit
# Vlan11 reference Phantosys-access Switch (config) # interface vlan11 Switch (config-if) # ip access-group Phantosys-access out
or
Switch (config) # interface vlan11
Switch (config-if) # access-list 101 Permit ip any host 192.168.128.100
Switch (config-if) # access-list 101 Permit udp any host 255.255.255.255 eq 67
————————————————————————– ————-
Note: ip helper-address is the network segment of the UDP broadcast to another network segment of the specified machine, and forwarded to another network segment is unicast (unicast) way;
Spanning-tree portfast set the port directly from the blocking into the forwarding state, without going through the middle of other stp state; general client PXE DHCP can not get temporary IP or get very slow, because it is not open the switch port fast forwarding function.
————————— ————————————————– ————-
Note: If the enterprise uses its own independent DHCP server (do not use the Phantosys server to do DHCP), then the DHCP Server can point to a separate DHCP server address.
Enterprise independent DHCP server application
If there is a unified DHCP server within the enterprise, and hope that the client in the PXE start IP information from the enterprise independent DHCP server, the switch client where the Vlan switch settings on the ip helper-address settings still need to point to Phantosys server, and to add a point to the ip helper-address, point to a separate DHCP server IP.
Example: If Phantosys server IP is 192.168.128.100, in vlan 10; independent DHCP server IP is
192.168.125.100, in vlan 4; client IP is 192.168.127.50, in vlan 11; such as PXE get IP information from independent DHCP server to obtain, it is necessary to confirm the switch vlan 11 to add two lines of instructions
Ip helper-address 192.168.128.100 Ip helper-address 192.168.125.100
How to wake up the client remotely across Vlan
By default, broadcast data packets can not be spread through the router, there are so many applications, to a broadcast domain in all the hosts to send broadcast, but the sender is not in the broadcast domain, this time, hope that there is a Can use unicast data packets through the routing network, but when the destination network, to broadcast the way (this application can generally be seen as no return, mostly no connection UDP applications). IP broadcasts are widely supported in IOS.
For example, need to wake up the client across the Vlan, it needs to be configured on the Vlan interface where the client allows IP live
The reference configuration is as follows:
# Client in Vlan11 Switch (config) # interface vlan11
Switch (config-if) # ip directed-broadcast
