我正在设置 Debian 作为小型办公网络的网关。我需要为公司内的不同区域设置三个子网,并且我将根据 MAC 地址定义哪些 PC 将获得哪个 IP。
我的问题是:是否可以使用单个 NIC 处理 3 个子网的 DHCP?怎么样?
我尝试像这样为每个网络设置虚拟接口:
# ip addr show dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 6c:f0:49:a4:47:38 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global eth2
inet 10.1.2.1/24 brd 10.1.2.255 scope global eth2:1
inet 10.1.3.1/24 brd 10.1.3.255 scope global eth2:2
inet 10.1.1.1/24 brd 10.1.1.255 scope global eth2:0
inet6 fe80::6ef0:49ff:fea4:4738/64 scope link
valid_lft forever preferred_lft forever
笔记:eth2 使用 192.168.1.10,因为该盒子目前不是网络网关。这只是暂时的。
然后我像这样设置我的 dhcpd.conf:
ddns-update-style interim;
option domain-name "mydomain.com";
option domain-name-servers ns1.mydomain.com;
default-lease-time 86400;
max-lease-time 86400;
authoritative;
log-facility local7;
subnet 10.1.1.0 netmask 255.255.255.0 {
range 10.1.1.100 10.1.1.254;
default-lease-time 86400;
max-lease-time 86400;
option routers 10.1.1.1;
option ip-forwarding off;
option broadcast-address 10.1.1.255;
option subnet-mask 255.255.255.0;
option ntp-servers 10.1.1.1;
option domain-name-servers 10.1.1.1;
}
subnet 10.1.2.0 netmask 255.255.255.0 {
range 10.1.2.100 10.1.2.254;
default-lease-time 86400;
max-lease-time 86400;
option routers 10.1.2.1;
option ip-forwarding off;
option broadcast-address 10.1.2.255;
option subnet-mask 255.255.255.0;
option ntp-servers 10.1.2.1;
option domain-name-servers 10.1.2.1;
}
subnet 10.1.3.0 netmask 255.255.255.0 {
range 10.1.3.100 10.1.3.254;
default-lease-time 86400;
max-lease-time 86400;
option routers 10.1.3.1;
option ip-forwarding off;
option broadcast-address 10.1.3.255;
option subnet-mask 255.255.255.0;
option ntp-servers 10.1.3.1;
option domain-name-servers 10.1.3.1;
}
但是当我尝试启动 dhcpd 时出现了以下信息:
# dhcpd -4 eth2:0 eth2:1 eth2:2
Internet Systems Consortium DHCP Server 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Wrote 0 leases to leases file.
No subnet declaration for eth2:2 (no IPv4 addresses).
** Ignoring requests on eth2:2. If this is not what
you want, please write a subnet declaration
in your dhcpd.conf file for the network segment
to which interface eth2:2 is attached. **
No subnet declaration for eth2:1 (no IPv4 addresses).
** Ignoring requests on eth2:1. If this is not what
you want, please write a subnet declaration
in your dhcpd.conf file for the network segment
to which interface eth2:1 is attached. **
No subnet declaration for eth2:0 (no IPv4 addresses).
** Ignoring requests on eth2:0. If this is not what
you want, please write a subnet declaration
in your dhcpd.conf file for the network segment
to which interface eth2:0 is attached. **
Not configured to listen on any interfaces!
我对 DHCP 还很陌生,所以我可能遗漏了一些显而易见的东西。我在 Google 上搜索了一段时间,但找不到我需要的答案,或者我搜索的方式不对。
答案1
由于三个子网共享相同的介质(eth2),因此应在相同的内部声明它们shared-network:
shared-network my-net {
subnet 10.1.1.0 netmask 255.255.255.0 {
...
}
subnet 10.1.2.0 netmask 255.255.255.0 {
...
}
subnet 10.1.3.0 netmask 255.255.255.0 {
...
}
}
答案2
实际上只有两种方法可以做到这一点;
- 将 DHCP 服务器的 IP 设置为 L3 交换机上每个 VLAN 的“DHCP 帮助器地址”,然后定义服务器上这些地址的范围。
- 将交换机上的 DHCP 服务器的 NIC 端口设置为承载所有适当 VLAN 的 .1q 中继,然后在服务器上为每个 VLAN 使用适当的 IP 设置单独的 vNIC,并从那里开始。
无论哪种方式,请尝试不要仅使用单个 NIC,您应该使用两个 NIC 来提高弹性,然后将它们绑定在一起。