假设我有一组像这样设置的主机:
host host2 { hardware ethernet 10:bf:48:xx:xx:xx; fixed-address 192.168.1.2; }
host host3 { hardware ethernet 10:bf:48:xx:xx:xx; fixed-address 192.168.1.3; }
# etc ...
subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers 8.8.8.8, 8.8.4.4;
# Unknown test clients get this pool.
pool {
max-lease-time 1800; # 30 minutes
range 192.168.1.100 192.168.1.250;
allow unknown-clients;
}
# MyHosts nodes get this pool
pool {
max-lease-time 1800;
range 192.168.1.1 192.168.1.20;
allow members of MyHosts;
deny unknown-clients;
}
}
我想将它们放入一个类并将它们分配到一个池中,这样我就可以确保只有这些主机才被允许进入该池。
我尝试将它们定义为:
class "MyHosts" {
host host2 { hardware ethernet 10:bf:48:xx:xx:xx; fixed-address 192.168.1.2; }
host host3 { hardware ethernet 10:bf:48:xx:xx:xx; fixed-address 192.168.1.3; }
}
但这会出现错误“这里不允许主机声明”。
我该怎么做?
答案1
正如您所发现的,您不能host在 中声明 s class。class声明只能包含matchormatch if语句。如果您想使用class构造将客户端请求分组到类中,您可以这样做:
class "MyHosts" {
match hardware;
}
subclass "MyHosts" 1:10:bf:48:xx:xx:xx; # host2
subclass "MyHosts" 1:10:bf:48:xx:xx:xx; # host3
在上面的语句中,match声明class子类将与属性匹配hardware。 (hardware计算为硬件类型和客户端的 MAC 地址的连接;对于以太网客户端,硬件类型为 1,因此是1:语句数据字符串中的前缀subclass。)
当客户端是子类的成员时,它也是父类的成员,因此现在您可以在声明中使用allow和deny子句pool来确保为成员MyHosts分配所需池中的 IP,例如:
subnet 192.168.1.0 netmask 255.255.255.0 {
...
pool {
range 192.168.1.101 192.168.1.250;
...
deny members of "MyHosts";
...
}
pool {
range 192.168.1.1 192.168.1.20;
...
allow members of "MyHosts";
...
}
}