Can a PXE Forced Mode be configured to forward only packets from PXE Clients to the PXE Server?
Yes. This can be done by using DHCP Vendor Class specific options. DHCP Vendor Specific options provide a way to further reduce the network traffic of PXE Forced mode (PXE Forced Mode is described in article 27249, "PXE Modes of Operation"). Vendor-specific PXE Forced Mode also eliminates the chance of other devices, such as HP JetDirect Printers, having their packets, which contain Option 43, sent to the PXE server.
A training video has been created to cover this topic, it has been attached to this KB article.
Altiris has created a utility to help configure the original PXE Forced Mode, however the utility hasn't been upgraded to include the improvements made in Vendor-Specific PXE Forced Mode. This utility can be found in article 28035, "PXE Forced Mode Utility". If this utility is used, network devices which also use option 43 will stop functioning.
The steps below describe how to manually implement DHCP Vendor specific options for PXE Forced Mode on a per DHCP server scope basis.
First, the DHCP Server will need to be configured to distinguish which packets are for the PXE Server. DHCP Vendor Classes are used to specify that if a packet contains certain information, to follow the suboptions given in that class. To configure this, open the DHCP Microsoft Management Snap-in (on the DHCP server, Start > Control Panel > Administrative Tools > DHCP). Right-click the DHCP server and choose Define Vendor Classes. Add a class with the following settings (case sensitive):
Display name: PXEClient
Description: Altiris PXE Class
ASCII: PXEClient:Arch:00000:UNDI:002001 ( for UEFI systems use: PXEClient:Arch:00007:UNDI:002001 )
This will instruct the DHCP server to only forward packets to the PXE Server if it contains the bytes set in the Vendor Class.
After the Vendor Class is created, two sub-options need to be added to the PXEClient Vendor Class to give the PXE Client some required information on the PXE Server, such as the Discovery Control (containing how to discover PXE servers, whether unicast, broadcast, or multicast) and the list of PXE Boot Servers. Right-click the server again and choose Set Predefined Options. In the Predefined Options and Values window, change the Option class to PXEClient (this will only be available if the first step was completed successfully). Click Add, and add the following options as shown in the following screenshots. (Note where it says Class: PXEClient. If it says Global, or anything other than PXEClient, close the window and try again):
After those two options are created, in the Predefined Options and Values window the values need to be set.
First, the PXE Discovery Control will be set to (Hex) 0B (decimal 11 or binary 10110000). According to PXE Standards, the binary 1011 state that the PXE Client is to disable broadcast PXE discovery (1 to disable broadcast discovery), enable multicast PXE discovery (1 to disable multicast, but since it is 0 it enables multicast), only use servers in the PXE Boot Servers list (given in the next option)(1 to only accept servers given in the PXE_BOOT_SERVERS list), and download the boot file offered in the initial DHCP offer packet without prompting (if 1, and a filename is present in the initial DHCP offer, download the boot file - do not prompt).
To set this option, select Option name 006 PXE_Discovery_Control, click Edit Array, and configure it as shown below (note, remove the default value '0'):
Now that sub-option 006 is set the PXE Client needs information on the PXE Servers. This information is set in sub-option 008 in the PXEClient Vendor Class.
Select Option name 008 and click Edit Array. This one is a bit more tricky. Again, remove the default value "0". This is an explanation of what is contained in these values, at the end of this paragraph is an example. The first value will be the PXE Boot Server type, followed by the number of PXE Boot Servers, followed by their IP addresses.
The Altiris PXE Boot Server is type (in Hex) AA AA (AA in decimal is 170); this will tell the PXE Server if the request is for it or another type of PXE Server (if AA AA is not present as the PXE Boot Server type, the Altiris PXE Server will ignore the request).
Following the type is the number of servers of that type. In the example below only one PXE Server is specified; however, if more than one PXE Server is to be used, simply replace the value "1" with the number of PXE Servers that will be in the list.
The last set of four values is the IP address (all these values will be transferred as Hex; however, in this window it can be entered as decimal to make it easier).
The values can be added in any order, but if they are added in order starting with the PXE Boot Server Type and ending with the IP address, the values will be in reverse and will need to be sorted (with the up and down buttons) so that the PXE Boot Server type is at the top, followed by the number of servers, followed by the IP addresses.
The other way would be to add the values in reverse order (start with the last octet of the IP address, and end with the PXE Boot Server type).
The following example uses a single PXE Server with IP Address 192.168.10.10, and was entered as 10 [Add] (last IP address octet), 10 [Add] (third IP address octet), 168 [Add] (second IP address octet), 192 [Add] (first IP address octet), 1 [Add] (number of PXE Servers), 170 [Add] 170 [Add] (Altiris PXE Boot Server type):
Click OK to close the Predefined Options and Values window. Right-click the Server Options folder (in the DHCP snap-in, DHCP > [servername] > Server Options. Also note that this is for global settings; these same steps can be followed for individual subnets by right-clicking the subnet's Scope Options rather than the Server Options), and select Configure Options.
In the Server (or Scope) Options window, changed to the Advanced tab. Change the Vendor class to PXEClient, and check the boxes next to both option 006 and 008. Apply the changes, then click OK to close the Server Options window.
The rest of this article covers what was already explained in article 27249; if the DHCP server is already configured as specified in article 27249, all that is needed is to disable the Standard option 43 and enable the PXE Vendor Class with options 006 and 008. If this is the first time configuring the DHCP server for PXE Forced mode, read on. This is given without explanation, for more in-depth knowledge on PXE Forced Mode read article 27249.
Right-click the DHCP server again, and select Set Predefined Options. In the Predefined Options and Values window, make sure the Option class is set to DHCP Standard Options, and click the Add button. Add the following option:
Select option 60, and in the String value box put "PXEClient". This is setting default settings; if desired, select option 66 and, in the String value box, put the IP address of the PXE Server. Then select option 67 and, in the String value box, put "BStrap\X86pc\BStrap.0" (or for UEFI systems use "BStrap\X64\BStrap.efi"). Then click OK. (Note: The quotes are not to be placed in the string—only the contents within the quotes.)
Right-click the Server Options folder, and select Configure Options. In the General tab, enable (by checking the box next to) options 60, 66 and 67. The final result should look like this:
Rate this Article