To enable a Mac to boot from a network using the Parallels NetBoot service, the following requirements should be met:
The Mac must obtain its IPv4 address from the local DHCP server.
The following network traffic must be allowed from the Mac to the NetBoot host:
a. HTTP (TCP port 80)
b. TFTP (UDP port 69)
c. BootP/DHCP (UDP port 67)
Note: “Subnet” and “Broadcast domain” are used interchangeably in this document.
Configuration 1: Mac and NetBoot Server in the Same subnet
In this scenario, no specific configuration is required unless a firewall is enabled on the NetBoot server. If a firewall is running on a NetBoot server, then the following firewall rules must be created:
Inbound connections to TCP port 80 from any client must be enabled. This is usually done with the predefined “World Wide Web Services (HTTP Traffic-In)” rule.
- Inbound connections to UDP ports 67 and 69 from any client must be enabled. This is usually done with the predefined “Windows Deployment Services (UDP-In)” rule.
Configuration 2: Mac and NetBoot Server in Different subnets
In this scenario, the NetBoot server and the Mac are located in different subnets, which means that broadcast DHCP requests from the Mac can't reach the NetBoot server. To solve this issue, the administrator should set up DHCP Relay Agent on the client subnet’s router (R1), which will forward broadcast UDP traffic as unicast to the NetBoot server.
Cisco has excellent documentation on DHCP Relay Agent feature here
Note: On the layer3-capable switch DHCP Relay Agent must be configured on Vlan interface with an IP address assigned, not a physical uplink interface.
Suppose we have the following network configuration:
FastEthernet0/0 – the network interface on the router R1 which serves the User subnet.
- 172.17.2.100 – IP address of the NetBoot server.
To setup the DHCP Relay 1, you need to enter the following commands on R1:
configure terminal no ip forward-protocol udp 37 no ip forward-protocol udp 49 no ip forward-protocol udp 53 no ip forward-protocol udp 137 no ip forward-protocol udp 138 interface FastEthernet0/0 ip helper-address 172.17.2.100 end
No other devices between the Mac and the NetBoot server require a specific configuration. The administrator should only ensure that HTTP (TCP port 80), TFTP (UDP port 69), and BootP/DHCP (UDP port 67) traffic to the NetBoot server is not blocked.
Configuration 3: Mac, DHCP Server and NetBoot Server in Different subnets
In this scenario, the NetBoot server, the DHCP server and the managed computer are located in different subnets, which means that broadcast DHCP requests from the Mac can't reach the NetBoot server.
If your DHCP server is already set up – you’re already using DHCP Relay Agent. Just add a second server to forward DHCP packets to and make sure that the HTTP (TCP port 80), TFTP (UDP port 69), and BootP/DHCP (UDP port 67) traffic is not blocked by your firewall.
If you’re planning deployment – you’ll need to set up DHCP Relay Agent, and set it to forward DHCP requests to two servers: DHCP server and NetBoot server. See Configuration 2 for more details on setting up DHCP Relay Agent.