I used to image several Apple computer labs at my last job and we had the same issues. We started using a program "Netboot Across Subnets" by Mike Bombich. After doing some research on his site, we were able to netboot every Mac on our campus regardless of which vlan they were on. It looks like the site has changed a lot since I last used it but there is some good information there if you haven't visited it yet. Good luck. http://www.afp548.com/netboot/mactips/nbas.html
Joshua Humphrey Systems Administrator I Shared Services Center From: Stephen Wilson [mailto:[email protected]] Sent: Tuesday, August 09, 2011 4:58 PM To: Enterasys Customer Mailing List Subject: [enterasys] DHCP Snooping and Apple BSDP Hi all, I have an interesting problem, that at least thus far, I haven't been able to work around. I have dhcp snooping enabled on my client VLAN's and under normal circumstances it is working properly. This week our desktop imaging group tried to stand up an Apple NetBoot server to allow them to image OS X machines. As far as I can tell, NetBoot uses an Apple proprietary protocol called BSDP, which closely resembles DHCP. In fact, part of the Apple documentation says that to enable NetBoot across subnets you have to add your NetBoot server as a helper address on your router(s). I have added the server as a helper address, and the OS X clients can now see the NetBoot server but will not boot from it. If I disable DHCP snooping, the entire NetBoot process works as expected. Both the NetBoot and DHCP server are located through the same trusted interface on the switch, and the documentation states that DHCP packets received on trusted ports will always be forwarded. Is there some additional undocumented security that DHCP snooping provides to insure packets on ports 67/68 actually are DHCP packets? I have not yet done a packet capture, but my only theory is that the BSDP packets are being dropped because they aren't DHCP. Has anyone else run into this issue and found a resolution (other than disabling DHCP snooping)? Thanks in advance, Stephen Wilson Network Manager WCU Networking and Telecommunications 828-227-3215 * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
