Linux DHCP 服务器迁移

tag-icon tag-icon linux dhcp-server
Linux DHCP 服务器迁移

背景

我正在将 2 个现有的 Linux DHCP 服务器移至新网络。服务器当前配置如下:

shared-network network {

        #new network
        subnet 192.168.100.0 netmask 255.255.255.0 {
            option subnet-mask 255.255.255.0;
            option routers 192.168.100.1;
            deny unknown-clients;
            }

        # 1 Subnet
        subnet 192.168.1.0 netmask 255.255.255.0 {
                option subnet-mask 255.255.255.0;
                option routers 192.168.1.1;
                deny unknown-clients;
                }

        # 2/3 Subnet
        subnet 192.168.2.0 netmask 255.255.254.0 {
                option subnet-mask 255.255.254.0;
                option routers 192.168.2.1;
                }

        # 4 Subnet
        subnet 192.168.4.0 netmask 255.255.255.0 {
                option subnet-mask 255.255.255.0;
                option routers 192.168.4.1;
                deny client-updates;
                deny unknown-clients;
                }

        # 5 Subnet
        subnet 192.168.5.0 netmask 255.255.255.0 {
                option subnet-mask 255.255.255.0;
                option routers 192.168.5.1;
                option domain-name "domain.com";
                option domain-name-servers x.x.x.x, x.x.x.x, x.x.x.x, x.x.x.x;
                deny client-updates;
                deny unknown-clients;
                }


        # 6 Subnet
        subnet 192.168.6.0 netmask 255.255.255.0 {
                option subnet-mask 255.255.255.0;
                option routers 192.168.5.1;
                pool {
                        deny unknown-clients;
                        deny dynamic bootp clients;
                        failover peer "dhcp";
                        range 192.168.6.100 192.168.6.149;
                        }
                }
}

问题

我停止了现有 DHCP 服务器上的 DHCP,并在新的 DHCP 服务器上启动了 DHCP。除子网 4 外,所有网络均正常工作。此网络上的 MAC(苹果)无法获取 IP。

这是来自日志的内容:

dhcpd: DHCPDISCOVER from d5:9d:11:0h:s3:5u via 192.168.4.1  

- This message is sent by a client that is connected to a local subnet. 

dhcpd: DHCPOFFER on 192.168.5.126 to d5:9d:11:0h:s3:5u via 192.168.4.1 

sent by a server. 

dhcpd: DHCPREQUEST for 192.168.5.126 (192.168.100.10) from d5:9d:11:0h:s3:5u via 192.168.5.1

- This DHCP message is sent in response to DHCPOFFER indicating that the client has accepted the network configuration

dhcpd: DHCPACK on 192.168.5.126 to d5:9d:11:0h:s3:5u via 192.168.5.1

- This message signals the end of the process.  Signals end of conversation.

此过程似乎循环进行,客户端始终无法获得 IP 地址。查看日志后半部分对话似乎通过不同的网关进行。可能是非对称路由?

笔记:BOOTP/ip helper-address 在网络级别配置,以跨网络转发 DHCP 流量。这些网络位于同一 VLAN 上。

interface Vlan342
vrf forwarding central-duss
ip address 192.168.6.1 255.255.255.0 secondary 
ip address 192.168.5.1 255.255.255.0 secondary 
ip address 192.168.4.1 255.255.255.0 secondary 
ip address 192.168.1.1 255.255.254.0 
ip helper-address 192.168.1.9 (current)
ip helper-address 192.168.1.10 (current)
ip helper-address 192.168.100.10  (new)
ip helper-address 192.168.100.11 (new)
no ip redirects 
end

答案1

这是由于防火墙的访问规则造成的。我无法从网络团队获得完整的详细信息。

答案2

DHCP 服务器从哪个 IP 发送数据对于客户端来说并不重要,除非无法确认或更新。

使用 tcpdump/wireshark/tshark 检查传出的数据包并检查目标/源 MAC/IP,确保这些数据包可以到达客户端,反之亦然。

答案3

您的.4子网包含声明deny unknown-clients;,根据手册页,其含义是:

unknown-clients 标志用于告诉 dhcpd 是否动态分配地址给未知客户端。默认情况下允许向未知客户端动态分配地址。未知客户端就是没有主机声明的客户端。

由于您没有向我们显示池声明,因此似乎没有客户端会被分配子网上的地址.4。您可能没有向我们显示整个 dhcpd 配置,但在这种情况下,无论如何都很难给您提供建议。

相关内容