Novell ZENWORKS LINUX MANAGEMENT 7.3 IR2 - ADMINISTRATION GUIDE 02-12-2010 Administration Manual page 373

Configuring Filters on Switches and Routers
Some network devices filter network traffic that passes through them. Preboot Services makes use of
several different types of traffic, and all of these must be able to successfully pass through the router
or switch for the Preboot Services session to be successful. The Preboot Services session uses the
following destination ports:
Destination Ports for Preboot Services
Table 29-5
Component
DHCP and Proxy DHCP servers
TFTP server
novell-zmgprebootpolicy
IMPORTANT: If the switch is acting as a firewall and limiting the type of traffic on the network,
understand that the novell-tftp and novell-zmgprebootpolicy daemons are not firewall or network
filter friendly. You should not attempt to run these daemons through a firewall. If users need to pass
preboot work through a firewall, then all Preboot Services work needs to be on the outside and
merely reference a Web service inside the firewall.
Spanning Tree Protocol in Switched Environments
The spanning tree protocol (STP) is available on certain switches and is designed to detect loops in
the network. When a device (typically a network hub or a device) is patched into a port on the
switch, the switch indicates to the device that the link is active, but instead of forwarding frames
from the port to the rest of the network, the switch checks each frame for loops and then drops it.
The switch can remain in this listening state from 15 to 45 seconds.
The effect of this is to cause the DHCP requests issued by PXE to be dropped by the switch, causing
the Preboot Services session to fail.
It is normally possible to see that the STP is in progress by looking at the link light on the switch.
When the device is off, the link light on the switch is obviously off. When the device is turned on,
the link light changes to amber, and after a period of time changes to a normal green indicator. As
long as the link light is amber, STP is in progress.
This problem only affects PXE devices that are patched directly into an Ethernet switch. To correct
this problem, perform one of the following:
Turn off STP on the switch entirely.
Set STP to Port Fast for every port on the network switch where a PXE device is attached.
After the problem is resolved, the link light on the port should change to green almost immediately
after a device connected to that port is turned on.
Information about STP and its influence on DHCP can be found at
Commands to Fix End-Station Startup Connectivity Problems (http://www.cisco.com/univercd/cc/
td/doc/cisintwk/itg_v1/tr1923.htm#xtocid897350).
Port
UDP Port 67, 68, and 4011
UDP Port 69
UDP Port 13331
Using PortFast and Other
Setting Up Preboot Services 373