我目前正在尝试设置 DHCP 服务器以在 ZTP 环境中使用它。我的第一个目标是能够根据硬件自动升级我的 Juniper 设备。
我真正想要实现的是将正确的 JUNOS 软件分发到正确的 Juniper 硬件。例如,MX104 应下载 MX104 目标映像,EX4550 应下载 EX4550 目标映像。
到目前为止,我已经使用 ISC 的 DHCP 服务器成功设置了 DHCP 服务器。但到目前为止,一切都还很简单。
现在,我正在尝试使用类和池来匹配供应商类标识符集并将其设置为适当的池。
我的 DHCP 服务器配置如下:
option domain-name "example.com";
option domain-name-servers 8.8.8.8, 8.8.4.4;
option domain-search "example.com";
set vendor-string = option vendor-class-identifier;
option ztp-file-server code 150 = { ip-address };
option space ztp-ops;
option ztp-ops.image-file-name code 0 = text;
option ztp-ops.config-file-name code 1 = text;
option ztp-ops.image-file-type code 2 = text;
option ztp-ops.transfer-mode code 3 = text;
option ztp-ops-encapsulation code 43 = encapsulate ztp-ops;
class "juniper-mx10003" {
match if substring(option vendor-class-identifier, 0, 15) = "Juniper-mx10003";
}
subnet 10.24.0.0 netmask 255.255.0.0 {
default-lease-time 600;
max-lease-time 86400;
option routers 10.24.0.1;
range 10.24.254.0 10.24.254.254;
# Address pool(s)
pool {
range 10.24.253.0 10.24.253.10;
allow members of "juniper-mx10003";
option ztp-file-server 10.24.1.2;
option ztp-ops.transfer-mode "http";
option ztp-ops.image-file-name "/junos-vmhost-install-mx-x86-64-18.1R1.9.tgz";
}
}
我的 MX10003 有一个 Juniper 配置,如下所示:
system {
root-authentication {
encrypted-password "YEAH"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
dhcp {
vendor-id Juniper-mx10003;
}
}
}
}
}
当启动或清除并请求租约时,MX 会请求一个 IP 地址,但这是已分配的 10.24.254.0 至 10.24.254.254 范围之一,而不是 10.24.253.0 至 10.24.253.10 范围之一。
我尝试使用 dhcpdump 转储 DHCP 交换,它发现了以下内容:
TIME: 2018-06-01 15:07:50.357
IP: 0.0.0.0 (d8:18:d3:1e:a9:66) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
OP: 1 (BOOTPREQUEST)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: 52cccd10
SECS: 0
FLAGS: 7f80
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: d8:18:d3:1e:a9:66:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 1 (DHCPDISCOVER)
OPTION: 60 ( 15) Vendor class identifier Juniper-mx10003
OPTION: 51 ( 4) IP address leasetime 86400 (24h)
---------------------------------------------------------------------------
TIME: 2018-06-01 15:07:51.297
IP: 10.24.1.2 (0:c:29:8:a6:dd) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
OP: 2 (BOOTPREPLY)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: 52cccd10
SECS: 0
FLAGS: 7f80
CIADDR: 0.0.0.0
YIADDR: 10.24.254.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: d8:18:d3:1e:a9:66:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 2 (DHCPOFFER)
OPTION: 54 ( 4) Server identifier 10.24.1.2
OPTION: 51 ( 4) IP address leasetime 86400 (24h)
OPTION: 1 ( 4) Subnet mask 255.255.0.0
OPTION: 3 ( 4) Routers 10.24.0.1
OPTION: 6 ( 8) DNS server 8.8.8.8,8.8.4.4
OPTION: 119 ( 30) Domain Search 0a6c75786e657477 .example
6f726b0269 .com.
OPTION: 15 ( 13) Domainname example.com
---------------------------------------------------------------------------
TIME: 2018-06-01 15:07:51.302
IP: 0.0.0.0 (d8:18:d3:1e:a9:66) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
OP: 1 (BOOTPREQUEST)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: 52cccd10
SECS: 0
FLAGS: 7f80
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: d8:18:d3:1e:a9:66:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 54 ( 4) Server identifier 10.24.1.2
OPTION: 55 ( 14) Parameter Request List 3 (Routers)
51 (IP address leasetime)
1 (Subnet mask)
15 (Domainname)
6 (DNS server)
66 (TFTP server name)
67 (Bootfile name)
120 (SIP Servers DHCP Option)
44 (NetBIOS name server)
43 (Vendor specific info)
150 (???)
12 (Host name)
7 (Log server)
42 (NTP servers)
OPTION: 50 ( 4) Request IP address 10.24.254.0
OPTION: 53 ( 1) DHCP message type 3 (DHCPREQUEST)
OPTION: 60 ( 15) Vendor class identifier Juniper-mx10003
OPTION: 51 ( 4) IP address leasetime 86400 (24h)
---------------------------------------------------------------------------
TIME: 2018-06-01 15:07:51.398
IP: 10.24.1.2 (0:c:29:8:a6:dd) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
OP: 2 (BOOTPREPLY)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: 52cccd10
SECS: 0
FLAGS: 7f80
CIADDR: 0.0.0.0
YIADDR: 10.24.254.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: d8:18:d3:1e:a9:66:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 5 (DHCPACK)
OPTION: 54 ( 4) Server identifier 10.24.1.2
OPTION: 51 ( 4) IP address leasetime 86400 (24h)
OPTION: 1 ( 4) Subnet mask 255.255.0.0
OPTION: 3 ( 4) Routers 10.24.0.1
OPTION: 15 ( 13) Domainname example.com
OPTION: 6 ( 8) DNS server 8.8.8.8,8.8.4.4
---------------------------------------------------------------------------
有人尝试过做同样的事情吗?也许我忽略了一些明显的东西?
答案1
删除range 10.24.254.0 10.24.254.254;配置行后,一切正常。class和match语句实际上正在工作,我可以通过为另一种硬件定义新类来确认这一点。
这是现在使用的正确配置:
#
# Classes
#
class "juniper-mx10003" {
match if (option vendor-class-identifier = "Juniper-mx10003");
}
class "juniper-qfx5110" {
match if (option vendor-class-identifier = "Juniper-qfx5110-48s-4c");
}
#
# Subnet declarations
#
subnet 10.24.0.0 netmask 255.255.0.0 {
default-lease-time 600;
max-lease-time 86400;
option routers 10.24.0.1;
# Address pool(s)
pool {
range 10.24.253.0 10.24.253.9;
allow members of "juniper-mx10003";
option ztp-file-server 10.24.1.2;
option ztp-ops.transfer-mode "http";
option ztp-ops.image-file-name "/junos-vmhost-install-mx-x86-64-18.1R1.9.tgz";
}
pool {
range 10.24.253.10 10.24.253.19;
allow members of "juniper-qfx5110";
option ztp-file-server 10.24.1.2;
option ztp-ops.transfer-mode "http";
option ztp-ops.image-file-name "/jinstall-host-qfx-5e-flex-15.1X53-D233.1-secure-domestic-signed.tgz";
}
}