背景
我正在将 2 个现有的 Linux DHCP 服务器移至新网络。服务器当前配置如下:
shared-network network {
#new network
subnet 192.168.100.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.100.1;
deny unknown-clients;
}
# 1 Subnet
subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.1.1;
deny unknown-clients;
}
# 2/3 Subnet
subnet 192.168.2.0 netmask 255.255.254.0 {
option subnet-mask 255.255.254.0;
option routers 192.168.2.1;
}
# 4 Subnet
subnet 192.168.4.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.4.1;
deny client-updates;
deny unknown-clients;
}
# 5 Subnet
subnet 192.168.5.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.5.1;
option domain-name "domain.com";
option domain-name-servers x.x.x.x, x.x.x.x, x.x.x.x, x.x.x.x;
deny client-updates;
deny unknown-clients;
}
# 6 Subnet
subnet 192.168.6.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.5.1;
pool {
deny unknown-clients;
deny dynamic bootp clients;
failover peer "dhcp";
range 192.168.6.100 192.168.6.149;
}
}
}
问题
我停止了现有 DHCP 服务器上的 DHCP,并在新的 DHCP 服务器上启动了 DHCP。除子网 4 外,所有网络均正常工作。此网络上的 MAC(苹果)无法获取 IP。
这是来自日志的内容:
dhcpd: DHCPDISCOVER from d5:9d:11:0h:s3:5u via 192.168.4.1
- This message is sent by a client that is connected to a local subnet.
dhcpd: DHCPOFFER on 192.168.5.126 to d5:9d:11:0h:s3:5u via 192.168.4.1
sent by a server.
dhcpd: DHCPREQUEST for 192.168.5.126 (192.168.100.10) from d5:9d:11:0h:s3:5u via 192.168.5.1
- This DHCP message is sent in response to DHCPOFFER indicating that the client has accepted the network configuration
dhcpd: DHCPACK on 192.168.5.126 to d5:9d:11:0h:s3:5u via 192.168.5.1
- This message signals the end of the process. Signals end of conversation.
此过程似乎循环进行,客户端始终无法获得 IP 地址。查看日志后半部分对话似乎通过不同的网关进行。可能是非对称路由?
笔记:BOOTP/ip helper-address 在网络级别配置,以跨网络转发 DHCP 流量。这些网络位于同一 VLAN 上。
interface Vlan342
vrf forwarding central-duss
ip address 192.168.6.1 255.255.255.0 secondary
ip address 192.168.5.1 255.255.255.0 secondary
ip address 192.168.4.1 255.255.255.0 secondary
ip address 192.168.1.1 255.255.254.0
ip helper-address 192.168.1.9 (current)
ip helper-address 192.168.1.10 (current)
ip helper-address 192.168.100.10 (new)
ip helper-address 192.168.100.11 (new)
no ip redirects
end
答案1
这是由于防火墙的访问规则造成的。我无法从网络团队获得完整的详细信息。
答案2
DHCP 服务器从哪个 IP 发送数据对于客户端来说并不重要,除非无法确认或更新。
使用 tcpdump/wireshark/tshark 检查传出的数据包并检查目标/源 MAC/IP,确保这些数据包可以到达客户端,反之亦然。
答案3
您的.4
子网包含声明deny unknown-clients;
,根据手册页,其含义是:
unknown-clients 标志用于告诉 dhcpd 是否动态分配地址给未知客户端。默认情况下允许向未知客户端动态分配地址。未知客户端就是没有主机声明的客户端。
由于您没有向我们显示池声明,因此似乎没有客户端会被分配子网上的地址.4
。您可能没有向我们显示整个 dhcpd 配置,但在这种情况下,无论如何都很难给您提供建议。