I have a network containing N managed switches. Each of them is configured as a DHCP server and should assign predefined IP addresses in a port-based manner:
- Switch 1 assigns 172.17.1.1 to the device at its port 1,
- Switch 2 assigns 172.17.2.1 to the device at its port 1,
- ...
- Switch N assigns 172.17.N.1 to the device at its port 1.
The devices attached to the ports 1 are configured to try PXE booting.
When DHCP'ing in the PXE-ROM stage, they broadcast DHCPDICSOVERs with the "broadcast flag" set, which means they expect the DHCP server(s) to reply with layer-2 broadcasts (to ff:ff:ff:ff:ff:ff).
When DHCP'ing in the OS stage, they broadcast DHCPDICSOVERs with the broadcast flag not set, which means they expect the DHCP server(s) to reply with layer-2 unicasts (to the client’s MAC).
What I observe is:
- After the
DHCPDISCOVER from the PXE-ROM stage, the client receives broadcast DHCPOFFERs from each of the N switches. Interestingly, none of them is an offer for the designated IP for a port 1 (172.17.N.1) - they are all random IPs from the configured pool range.
- After the
DHCPDISCOVER from the OS stage, the client receives only a single unicast DHCPOFFER, only from the switch it is directly connected to. Interestingly, this is an offer for the designated IP (172.17.<local>.1).
To me, that means that the unicast DCHPOFFERs from all the other switches must have been filtered out on the way.
Why would a switch do that? Is this a typical configuration option?
I have no information about or access to the switches’ configuration, capabilities etc., but I was told about some "DHCP deny" option – maybe that’s a hint.
