我有类似这样的 ip_mac 文件,其中包含学生年份和各自的 mac 地址。我想只允许他们拥有 dhcp 租约。在 ubuntu 中可以执行此类操作吗?
94:92:66:38:a6:79 "Prajwal Bhandary" 2017 cs Mob
30:e1:71:c9:1b:43 "Prajwal Bhandary" 2017 cs Lan
94:65:2d:23:a8:4d "Unique Karki" 2017 cs Mob
84:8f:69:ca:15:00 "Anup Paudel" 2017 arch Mob
88:83:22:eb:1e:41 "Anup Paudel" 2017 arch Lan
并且可以将任何学生添加到任何部分,因此如果我重新启动 isc dhcp 服务器,学生就不会断开连接。
一种方法是在 /etc/dhcp/dchpd.conf 中使用如下格式
host student1 {
hardware ethernet 94:92:66:38:a6:79;
fixed-address 10.0.0.101;
}
但问题是我需要为每个学生设置 IP。而且有 400 多个学生,所以管理 IP 很麻烦,对吧?
另一种方法是默认允许,但我们有 IP 限制,例如只有 500 个 IP,所以如果不必要的人连接,学生就无法使用,那么这种情况有解决办法吗?
或者,
你能只使用 mac 地址并允许 dhcp 租约,而不是写固定地址吗
是否可以通过这样的扫描文件来允许 dhcp 租约?
答案1
您可以使用 来限制地址池deny unknown-clients;。这样,只有出现在host声明中的 MAC 地址才会收到 IP。
并且您不需要在声明fixed-address中指定host。
一个最小(且未经测试)的例子可能看起来像这样
subnet 192.168.0.0 netmask 255.255.0.0 {
# option routers 192.168.1.1;
# option ... etc.
pool {
range 192.168.100.1 192.168.101.254;
deny unknown-clients;
}
}
include "/etc/dhcpd/known-hosts.conf";
在“/etc/dhcpd/known-hosts.conf”中,可以使用 MAC 地址列表中的脚本轻松生成:
host h1 { hardware ethernet 00:09:b0:48:ca:ec; }
host h2 { hardware ethernet 00:80:88:11:e0:9f; }
答案2
我根据我保留的一个旧脚本制作了这个脚本。
#!/bin/bash
if [ "$EUID" -ne 0 ];
then echo "Please run as root (sudo)"
exit
fi
PATH_DHCP_FILE="./test.conf"
PATH_DHCP_TRUST_FILE="./trust_host"
PATH_STUDENTS_FILE="students.list"
PATH_DHCP_LEASES="/var/lib/dhcp/dhcpd.leases"
DATE=`date '+%Y-%m-%d %H:%M'`
IP_RANGE_DEFAULT='192.168.1.50 192.168.1.100'
NETMASK_DEFAULT='255.255.255.0'
AGREE_DEFAULT='yes'
echo ""
echo "|==========================================================|"
echo "|**********************************************************|"
echo "| DHCP CONF |"
echo "| Welcome to this configuration Script for DHCP Server. |"
echo "| |"
echo "|**********************************************************|"
echo "|==========================================================|"
echo ""
echo "CTRL-C to leave"
echo ""
read -p "WARNING. The file $PATH_DHCP_FILE will be edit. Do you want to continue ? [yes] " AGREE
AGREE=${AGREE:-$AGREE_DEFAULT}
if [ "$AGREE" != 'yes' ]
then echo "Stop script."
exit
fi
echo ""
echo "Please, fill the following informations (be care about the syntax)"
read -p "Network IP [192.168.1.0]: " IP
read -p "Netmask [255.255.255.0]: " NETMASK
read -p "IP Range [192.168.1.50 192.168.1.100]: " IP_RANGE
IP=${IP:-$IP_DEFAULT}
NETMASK=${NETMASK:-$NETMASK_DEFAULT}
IP_RANGE=${IP_RANGE:-$IP_RANGE_DEFAULT}
echo ""
echo "--DHCP Configuration--"
echo "----Append configuration to $PATH_DHCP_FILE----"
echo "
# ============================
# *DCHP Script configurations*
# ***$DATE***
subnet $IP netmask $NETMASK {
range $IP_RANGE;
deny unknown-clients;
}
include \"$PATH_DHCP_TRUST_FILE\";
# ============================
" >> $PATH_DHCP_FILE
echo ""
ADD_MAC_DEFAULT='yes'
echo "# ***$DATE***" >> $PATH_DHCP_TRUST_FILE
while IFS='' read -r line || [[ -n "$line" ]]; do
echo "Text read from file: $line"
studenMac=$(echo $line| cut -d' ' -f 1)
student=$(echo $line| cut -d' ' -f 2)
echo "Studen mac : $studenMac"
echo "Studen host : $student"
echo "Add $student with $studenMac"
echo "host $student { hardware ethernet $studenMac; }" >> $PATH_DHCP_TRUST_FILE
done < "$PATH_STUDENTS_FILE"
编辑 PATH_DHCP_FILE、PATH_DHCP_TRUST_FILE 和 PATH_STUDENTS_FILE 变量并在脚本询问信息时完成。
我这边的测试文件中有结果:
对于文件 test.conf (/etc/dhcpd.conf)
# ============================
# *DCHP Script configurations*
# ***2018-03-19 17:36***
subnet netmask 255.255.255.0 {
range 192.168.1.50 192.168.1.100;
deny unknown-clients;
}
include "./trust_host";
# ============================
在文件 trust_host 中:
# ***2018-03-19 18:44***
host Prajwal { hardware ethernet 94:92:66:38:a6:79; }
host Prajwal { hardware ethernet 30:e1:71:c9:1b:43; }
host Unique { hardware ethernet 94:65:2d:23:a8:4d; }
host Anup { hardware ethernet 84:8f:69:ca:15:00; }
host Anup { hardware ethernet 88:83:22:eb:1e:41; }
请小心,我不处理重复。
我希望这会有所帮助。