isc-dhcp 选项82

tag-icon tag-icon isc-dhcp dhcp
isc-dhcp 选项82

我对正确的 isc-dhcp 配置有疑问。我想根据交换机端口向用户出租 IP 地址。为此,我使用 DLink DES-3200 系列交换机。一切运行良好,但最近我决定将特定子网出租给所有未知用户,即未在 dhcpd.conf 文件中明确指定的用户。这是一个配置示例:# dhcpd.conf

default-lease-time 30;
max-lease-time 60;
authoritative;
log-facility local7;
option domain-name-servers 8.8.8.8;

include "/usr/local/etc/dhcpd/dhcpd.classes";

shared-network "clients"
{
    subnet 10.5.20.0 netmask 255.255.255.0 {}
    include "/usr/local/etc/dhcpd/dhcpd.networks";
}

dhcpd.classes

class "10.5.20.4_2" { match if ( substring(option agent.remote-id,2,15)="10.5.20.4" and binary-to-ascii(10, 16, "",  substring(option agent.circuit-id, 4, 2)) = "2" ); }
class "10.5.20.4_1" { match if ( substring(option agent.remote-id,2,15)="10.5.20.4" and binary-to-ascii(10, 16, "",  substring(option agent.circuit-id, 4, 2)) = "1" ); }
class "10.5.20.2_1" { match if ( substring(option agent.remote-id,2,15)="10.5.20.2" and     binary-to-ascii(10, 16, "",  substring(option agent.circuit-id, 4, 2)) = "1" ); }
class "10.5.20.2_3" { match if ( substring(option agent.remote-id,2,15)="10.5.20.2" and binary-to-ascii(10, 16, "",  substring(option agent.circuit-id, 4, 2)) = "3" ); }
class "10.5.20.2_2" { match if ( substring(option agent.remote-id,2,15)="10.5.20.2" and binary-to-ascii(10, 16, "",  substring(option agent.circuit-id, 4, 2)) = "2" ); }
class "10.5.20.2_4" { match if ( substring(option agent.remote-id,2,15)="10.5.20.2" and binary-to-ascii(10, 16, "",  substring(option agent.circuit-id, 4, 2)) = "4" ); }

dhcpd.网络

subnet 172.30.20.0 netmask 255.255.255.0
{
   option subnet-mask 255.255.255.0;
   option routers 172.30.20.1;
    pool {range 172.30.20.3; allow members of "10.5.20.4_2"; }
    pool {range 172.30.20.2; allow members of "10.5.20.4_1"; }
}
subnet 172.30.160.0 netmask 255.255.255.0
{
   option subnet-mask 255.255.255.0;
   option routers 172.30.160.1;
    pool {range 172.30.160.3; allow members of "10.5.20.2_1"; }
    pool {range 172.30.160.4; allow members of "10.5.20.2_3"; }
    pool {range 172.30.160.10; allow members of "10.5.20.2_2"; }
    pool {range 172.30.160.12; allow members of "10.5.20.2_4"; }
}

因此,如果添加添加,则假设:

subnet 172.20.111.0  netmask 255.255.255.0 {
                        option routers 172.20.111.1;
                        max-lease-time 60;
                        min-lease-time 30;
                        range 172.20.111.10  172.20.111.20 ;
                        }

在 dhcpd.networks 文件(我将其包含在共享网络“客户端”子句中,参见上文)的末尾,我的所有客户端都开始从 172.20.111.0 范围获取 IP 地址,无论它们是否为其端口指定了类。

有没有办法让 dhcpd 服务器首先查看类声明,然后再查看子网?

答案1

您写道,您在 dhcpd.conf 文件末尾添加了新子网。您需要将其添加到shared-network,否则 dhcpd 将不会将这些网络视为备选方案。

答案2

在阅读了 man dhcpd.conf 并进行了一些尝试之后,我通过对 dhcpd.networks 文件进行以下修改成功实现了我的目标:

subnet 172.20.111.0  netmask 255.255.255.0 {
    pool {
        option routers 172.20.111.1;
        max-lease-time 60;
        min-lease-time 30;
        range 172.20.111.10  172.20.111.20 ;
        deny members of "10.5.20.4_1";
        deny members of "10.5.20.4_2";
        deny members of "10.5.20.2_1";
        #  .... etc
}

}

现在它可以按照我想要的方式工作了,尽管我不确定它是否能很好地扩展。

答案3

这只是对这个旧但仍然有效的线程的补充。它简化了子网部分,但每个固定 IP 都添加了一行。

class "FastIP"{
      match pick-first-value (option agent.circuit-id);
}

与以前一样上课:

class "IP-10.1.2.3" {
       match if option agent.circuit-id = "YourOp82Value";
}

为每个 Op82 值添加此项以将固定 IP 客户排除在空闲池之外:子类“FixedIP”“YourOp82Value”;

在子网中:

deny members of "FixedIP";
pool { 
        allow members of "IP-10.1.2.3" ; 
        range 10.1.2.3 10.1.2.3;
}

这样,您就不必在子网部分中塞满大量拒绝线。一条就够了。

相关内容