IP Helper-Address Configuration for PXE Boot

To support BIOS & UEFI Firmware based hardware, we need to execute following commands on Cisco Switch (Global Configuration Mode):

IP helper-address <IP address of DHCP server>
IP helper-address <IP address of WDS server>
IP forward-protocol UDP 4011

CONFIGURATION of IP Helper Tables explained

When the PXE client PC, the DHCP server, and WDS Server, are located on different subnets or vlans, IP helper tables need to be set up in the routers/switches so that the PXE network requests can be routed correctly to the appropriate server. Once the PXE network requests are routed correctly. the appropriate servers can answer. Requirement here is:

  • Client to get IP address from DHCP Server
  • Directing a client to appropriate Network Boot Program (wdsnbp.com or wdsmgfw.efi)

The IP Helpers that need to be setup and configured on routers/switches to properly support PXE in SCCM are as follows:

1) All DHCP broadcasts on UDP port 67 by client computers should be forwarded directly to both the DHCP server and the Windows Deployment Services PXE server.


2) All traffic to UDP port 4011 from the client computers to the Windows Deployment Services PXE servers should be routed appropriately (these requests direct traffic to the server, not broadcasts).

Workflow of above-mentioned command lines

By default, clients cannot broadcast the request to different Subnets. Hence, we need to forward the Client request to both DHCP Server & WDS Server.

Command “IP helper-address <ServerName>” will do the following:

  • Cisco switch accepts the broadcast and converts to Unicast.
  • This request further forwards it to following UDP ports (37,49,53,67,68,69,137,138)
UDP Port Name
37 Time
49 TACACS
53 DNS
67 DHCP Server
68 DHCP Client
69 TFTP
137 NetBIOS
138 NetBIOS Datagram

As you can see from the above mentioned table, the request is not forwarded to UDP port 4011 (which is the 2nd requirement to forward request). We need the 3rd command ie:
IP forward-protocol UDP 4011
This Command will forward the request to port 4011 along with with other default ports as mentioned in above table. Hence request is now forwarded to following UDP Ports: 37,49,53,67,68,69,137,138,4011.

Prevent forwarding request to unnecessary Ports.

As we can see the client request is getting forwarded on multiple UDP Ports, however we are only interested in forwarding the request to following ports: 53,67,68,69,4011. Hence, we need to prevent forwarding request to port 37,49,137,138. Hence, we can use following commands to avoid forwarding the request:

  • NO IP forward-protocol UDP 37
  • NO IP forward-protocol UDP 49
  • NO IP forward-protocol UDP 137
  • NO IP forward-protocol UDP 138

Why we need IP Helper ?

We require IP Helper table when Client System, DHCP Server and / or WDS Server is not on same subnet. We also requires this if we want to support both types of firmware (BIOS & UEFI). By using IP helper table client gets:

  • IP address from DHCP Server
  • Downloads Network Boot Program (wdsnbdp.com or wdsmgfw.efi) file which further downloads Boot Image as part of PXE Process.

Is it Mandatory to have IP Helper?

Microsoft recommendation is to have IP Helper table configured as it provides robust solution for PXE process to boot both BIOS & UEFI based firmware. However, many organisations struggles to implement IP Helper table due to lack of proper approach and inefficiency on how to do that. You don’t require IP Helper to be configured when:

  1. When client, DHCP Server & WDS Server all resides on same subnet. BIOS & UEFI based firmware will do PXE Boot perfectly without any configuration.
  2. If you have only 1 type of firmware (either BIOS or UEFI) with client system, DHCP Server & WDS server in different subnet.

Note : If you have only 1 type of firmware (either BIOS or UEFI) with client system, DHCP Server & WDS server in different subnets.
Then, DHCP scope options 66 (servername) and 67 (pointing to Network Boot Program) can be used which is much more easier to configure.

DHCP Scope options limitation

1. You cannot specify 2 NBP files at the same time.

Defining DHCP Scope option has the biggest limitation that you can specify 1 type of Network Boot Program. Scope option 66 is used for WDS Servername while scope option 67 is used to specify NBP file (example: smsboot\x86\wdsnbp.com or smsboot\x86\wdsmgfw.efi)

Wdsnbp.com – This NBP file is used for BIOS Firmware.
Wdsmgfw.efi – This NBP file is used for UEFI Firmware.

2. DHCP Scope options are not supported by Microsoft.

In case you are facing issues with PXE Boot process, Microsoft won’t support this case if you open the troubleshooting case with them. Following is the link for your reference:
https://support.microsoft.com/en-us/kb/259670
Microsoft’s recommendation is to have IP Helper table configured.

Comments
  1. 8 months ago

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: