Newer Mac models may not netboot if DHCP Snooping is enabled on some HP switch models

nigelg
Contributor

I recently spent some time investigating an issue with a new Fusion drive Mac Mini (model Macmini7,1) that would not Netboot. Eventually we narrowed it down to my HP 2915-8G switch. The Mac would attempt to use a TFTP package size of >2000 which would cause packets to fragment and eventually the netboot would fail but this didn't occur with other switch models or same switch models with older firmware.

Today one of our network engineers found that HP have posted that there is a problem with DHCP snooping on their HP5500 switches that causes Netboot to fail and it can be fixed by turning off DHCP snooping or by setting the MTU size on the Netboot server to a maximum of 1460. I am not sure if that is possible on NetSUS but we were able to Netboot after turning off DHCP snooping even though my switch is not the model noted in the article.

Link to HP Website Article

7 REPLIES 7

dferrara
Contributor II

@nigelg Thanks for taking the time to post this, it helped us resolve an MTU-related issue today. For some reason we have iMacs which need 2048 byte packets, while the MacBook Pros only need 558 bytes to get the job done.

Randydid
Contributor II

Hi,

We are experiencing the exact same behavior only with Palo Altos and their load balancing. My network guys have suggested I change the MTU size to something 1500 or less on the NetBoot Server. Mine is 10.11.6 OS X Server (version 5.x).

@dferrara @nigelg Can either of you point me to where/how to change the MTU to 1460? My network guys say 1460 would be great. My Google-fu is weak and I cannot seem to find how to go about this.

TIA,

/randy

Randydid
Contributor II

Nevermind, I figured out how to change the MTU. Thanks @nigelg for posting this as it narrowed things down for me. Our P-CAPS where seeing fragmented packets. Macbook Pros would netboot, but Minis and a 4K iMac would not (probably others but we didn't test any others).

/randy

mscottblake
Valued Contributor

I no longer use a NetSUS so I can't test this, but I think that all you need to do is add --blocksize 1460 to TFTP_OPTIONS in /etc/default/tftpd-hpa and then restart the tftp service.

blinvisible
Contributor

@Randydid Where did you set NetBoot MTU settings on OS X Server? My Google searches are coming up with JAMF threads like this but no definite answers.

deej
New Contributor III

@Randydid I would also like to know the answer to that.
I'm suspecting it might be parameters in /System/Library/LaunchDaemons/tftp.plist

jwrn3
New Contributor

This information was very useful in tracking down unreliable NetInstalls with an iMac18,1.

We have Cisco 3750X switches at the edge in the dept with DHCP snooping enabled and the one iMac18,1 Mac was very unreliable when booting from the network. Sometimes it would fail before the tftp stage, be very slow at transferring the booter file or even fail with a no entry sign. Setting --blocksize 1460 in the tftp server config has solved the problem.