Netbooting across subnets

anickless
Contributor II

So I am trying to netboot across subnets and I am having an awful time with it.

not sure where to modify the bootp.plist

and my resources that I have read have been:

https://discussions.apple.com/message/28173088#28173088

https://www.jamf.com/jamf-nation/discussions/5835/cannot-netboot-across-subnet

https://derflounder.wordpress.com/2011/12/08/netbooting-across-subnets/

c9e086723f1148458136c1c5205ca69c

9 REPLIES 9

mconners
Valued Contributor

Hello @anickless at our college, our network team needed to add an IP helper address on the VLANS in order for the Netboot protocol to pass over to our Netboot server.

Here is an article from sometime ago that might helpful.

Best wishes.

kstrick
Contributor III

I have been able to deploy software based relays around our network-- basically, you need to put one of these in each subnet.
I have package I created that pushed a bootpd configuration and then starts the bootpd process..

here is the bootpd.list i use--
I put this at /etc/bootpd.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>NetBoot</key>
    <dict/>
    <key>Subnets</key>
    <array>
        <dict>
            <key>allocate</key>
            <false/>
            <key>dhcp_bootfile_name</key>
            <string>pxelinux/pxelinux.0</string>
            <key>dhcp_domain_name</key>
            <string>no-dns-available.example.com</string>
            <key>dhcp_domain_name_server</key>
            <array>
                <string>0.0.0.0</string>
            </array>
            <key>dhcp_domain_search</key>
            <array>
                <string>no-dns-available.example.com</string>
            </array>
            <key>lease_max</key>
            <integer>3600</integer>
            <key>name</key>
            <string>169.254 Ethernet 1</string>
            <key>net_address</key>
            <string>169.254.0.0</string>
            <key>net_mask</key>
            <string>255.255.0.0</string>
            <key>net_range</key>
            <array>
                <string>169.254.0.2</string>
                <string>169.254.255.253</string>
            </array>
            <key>selected_port_name</key>
            <string>en0</string>
            <key>uuid</key>
            <string>0AFF77A7-BCF3-464C-B1A4-82EAC2C86D8F</string>
        </dict>
        <dict>
            <key>allocate</key>
            <false/>
            <key>dhcp_bootfile_name</key>
            <string>pxelinux/pxelinux.0</string>
            <key>dhcp_domain_name</key>
            <string>no-dns-available.example.com</string>
            <key>dhcp_domain_name_server</key>
            <array>
                <string>0.0.0.0</string>
            </array>
            <key>dhcp_domain_search</key>
            <array>
                <string>no-dns-available.example.com</string>
            </array>
            <key>lease_max</key>
            <integer>3600</integer>
            <key>name</key>
            <string>169.254 Ethernet 2</string>
            <key>net_address</key>
            <string>169.254.0.0</string>
            <key>net_mask</key>
            <string>255.255.0.0</string>
            <key>net_range</key>
            <array>
                <string>169.254.0.2</string>
                <string>169.254.255.253</string>
            </array>
            <key>selected_port_name</key>
            <string>en1</string>
            <key>uuid</key>
            <string>F04ADAC9-3504-4AF4-9318-3DC96FA513B3</string>
        </dict>
    </array>
    <key>allow</key>
    <array/>
    <key>bootp_enabled</key>
    <true/>
    <key>deny</key>
    <array/>
    <key>detect_other_dhcp_server</key>
    <false/>
    <key>dhcp_enabled</key>
    <false/>
    <key>netboot_enabled</key>
    <array>
        <string>en0</string>
    </array>
    <key>old_netboot_enabled</key>
    <false/>
    <key>relay_enabled</key>
    <true/>
    <key>relay_ip_list</key>
    <array>
        <string>**NETBOOT.SERVER.IP.HERE**</string>
    </array>
    <key>reply_threshold_seconds</key>
    <integer>0</integer>
    <key>startTime</key>
    <string>2011-03-18 07:56:05 -0700</string>
</dict>
</plist>

and I put a .plist at /Library/LaunchDaemons that looks like this---

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Disabled</key>
    <false/>
    <key>Label</key>
    <string>com.yourcompany.netboot-relay</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/libexec/bootpd</string>
    </array>
    <key>inetdCompatibility</key>
    <dict>
        <key>Wait</key>
        <true/>
    </dict>
    <key>Sockets</key>
    <dict>
        <key>Listeners</key>
        <dict>
            <key>SockServiceName</key>
            <string>bootps</string>
            <key>SockType</key>
            <string>dgram</string>
            <key>SockFamily</key>
            <string>IPv4</string>
        </dict>
    </dict>
</dict>
</plist>

I figured out how to do this after reading an article by Mike Bombich a long time ago, can't find the specific article.

Alternatively, if you can get your network admin to setup IP Helpers on your network equipment, that is probably easier to maintain and less work for you

anickless
Contributor II

@kstrick I am the network admin, mac admin, windows admin, desktop support, and anything else admin :)

I am interested in IP Helper but do not know enough on how to set it up? On the switches? router? if switches for specific ports or all ports?

kstrick
Contributor III

@anickless sounds like you work for a smaller place than me, they don't let me touch the network stuff here :(
(Used to have access to everything at my old job, small company)

I believe it's through the routers-- the routers need to be setup to route bootp requests from the vlan's to the netboot server.

here's a doc from cisco about it--
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/12-4t/dhcp-12-4t-book/con...

IP Helper is cisco terminology, other vendor routers may use different terms for the feature

chmeisch
New Contributor III

@anickless It depends on how you have your network setup. Typically it's at the layer 3 switch/router level. ie: on an HP 5800 it's dhcp relay server-group 0 ip x.x.x.x. You can have multiple entries for it if you have multiple servers. Note that this could potentially mess with your PC's PXE booting.

On your DHCP server under the scope options you can set option 067, which is the Boot File Name. ie: smsbootx86wdsnbp.com

I haven't gotten around to it yet, but since we use SCCM for imaging, we should be able to configure SCCM to see that the device netbooting is OSX, and then have SCCM forward their request to the OSX netboot server appropriately. Since we have such a small population of macs, it just hasn't been very high priority.

Good luck!

WacoKUNDA
New Contributor II

HI everyone,

@chmeisch Have you got around to implement the divert from SCCM to the JAMF netboot?

We are about to get the jumpstart done and my Network Admin is concerned because he setup IPHelper for SCCM and now we will also need to set it up for JAMFPro Netboot.

So if this is possible then the network admin wont have to change anything, I can just do this SCCM divert of macOS devices?

Was it possible to do as you described:

"On your DHCP server under the scope options you can set option 067, which is the Boot File Name. ie: smsbootx86wdsnbp.com

I haven't gotten around to it yet, but since we use SCCM for imaging, we should be able to configure SCCM to see that the device netbooting is OSX, and then have SCCM forward their request to the OSX netboot server appropriately. Since we have such a small population of macs, it just hasn't been very high priority."

Did I understand correctly?

chmeisch
New Contributor III

@Kruger Good morning. We had it working for a while. Since then we've updated our SCCM. With the changes made to OSX and the tools available via DEP, we stopped bothering with imaging. Now we'll image via net recovery and just download the image from Apple each time. Since we have gigabit networks & over a gigabit external pipe to the web, it didn't save enough time to bother with netbooting any longer.

Truth be told I'm no longer working on our Mac deployment and focused in more on programming/networking. I'm not 100% familiar with how our guys are handling everything now. I don't see any reason why it wouldn't be possible still, I just don't have my hands in SCCM any longer either. Sorry I can't be more help!

WacoKUNDA
New Contributor II

@chmeisch Great thanks for the quick reply!!

It's been 3 years since I worked on JamfPro, back then Jamf Casper and now getting a JumpStart(Just prepping Network and Server, and Not yet started the jump..) for my current employer. Are you saying we will be able to just image using DEP or recovery instead? OR would not need to Netboot as such for bulk imaging of Labs?

Sorry for my ignorance, it's been a while and can't remember all the ins and outs.

Cheers
Willem

Aguiness
New Contributor III

hi

You need to configure the IP helper-address for each vlan you want to image in. This will forward broadcast request to the correct server, see example below just change the IP address to that of the jamf pro server. If there are already IP helper-addresses configured add a new one to the vlan

vlan 4 name "WIRELESS_STD" tagged A2-A4,B2-B4,Trk1-Trk4,Trk11 ip address 10.91.7.254 255.255.252.0 ip helper-address 10.91.0.1 ip helper-address 10.91.0.2 ip helper-address 10.91.0.41 exit
vlan 8 name "WIRELESS_STAFF" tagged A2-A4,B2-B4,Trk1-Trk4,Trk11 ip address 10.91.11.254 255.255.252.0 ip helper-address 10.91.0.1 ip helper-address 10.91.0.2 ip helper-address 10.91.0.41 exit