DHCP Relay agent information 問題 - Linux
By Steve
at 2008-05-19T10:04
at 2008-05-19T10:04
Table of Contents
Dear Sirs,
我的 DHCP server 透過了一台有
L2 DHCP snooping with relay agent information ( option 82 ) 的設備 (switch),
接入我的 client 端;
依據接入 port 的 PVID 不同,會在 client 封包中安插入不同的 agent information,
但是因不為 L3 設備,因此 giaddr 不會寫入,僅新增 option 82 欄位提供給
DHCP server 分配 ip 之用。
在 class = "vlan1" 的情況下,( agent.circuit-id=1 ) client 端能夠正常的取得 ip,
1/2 lease time 的 request 也都正常,server 有正常回應 ack。
但在 class != "vlan1" (eg. vlan2 ) 的情況下,( agent.circuit-id!=1 )
client 第一次透過 discovery 取得 ip 之後,不論是 1/2, 3/4, 還是 7/8 的
lease time 都無法透過 request 繼續更新,直到 lease time 完全用完,
重新 discovery。
此時 client 端和 server 端安裝 wireshark/ethereal 監看,client 有發出 request
封包,server 也有收到 request,但是 server 就是沒有發出相對應的回應 ack。
我用的是 ISC dhcpd-3.0.7 版本,client 用的是 windows xp sp2,
以下是我的 /etc/dhcpd config 檔,不知道各位先進有什麼看法,
還是說設定檔有誤,感謝回應。
--
log-facility local6;
ddns-update-style none;
default-lease-time 180;
max-lease-time 600;
shared-network subnet100{
class "vlan100" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "100" ;}
class "vlan200" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "200" ;}
class "vlan1" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "1" ;}
class "vlan2" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "2" ;}
class "vlan4094" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "4094" ;}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan100";
range 192.168.3.20 192.168.3.22;
option subnet-mask 255.255.255.0;
option nis-domain "vlan100";
option domain-name "vlan100";
option routers 192.168.3.253;
}
}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan200";
range 192.168.3.23 192.168.3.25;
option subnet-mask 255.255.255.0;
option nis-domain "vlan200";
option domain-name "vlan200";
option routers 192.168.3.253;
}
}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan2";
range 192.168.3.26 192.168.3.28;
option subnet-mask 255.255.255.0;
option nis-domain "vlan1";
option domain-name "vlan1";
option routers 192.168.3.253;
}
}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan1";
range 192.168.3.29 192.168.3.31;
option subnet-mask 255.255.255.0;
option nis-domain "vlan1";
option domain-name "vlan1";
option routers 192.168.3.253;
}
}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan4094";
range 192.168.3.32 192.168.3.34;
option subnet-mask 255.255.255.0;
option domain-name "vlan4094";
option routers 192.168.3.253;
}
}
#subnet 192.168.3.0 netmask 255.255.255.0 {
# pool {
# range 192.168.3.13 192.168.3.15;
# option subnet-mask 255.255.255.0;
# option nis-domain "novlan";
# option domain-name "novlan";
# option routers 192.168.3.253;
# }
#}
}
--
我的 DHCP server 透過了一台有
L2 DHCP snooping with relay agent information ( option 82 ) 的設備 (switch),
接入我的 client 端;
依據接入 port 的 PVID 不同,會在 client 封包中安插入不同的 agent information,
但是因不為 L3 設備,因此 giaddr 不會寫入,僅新增 option 82 欄位提供給
DHCP server 分配 ip 之用。
在 class = "vlan1" 的情況下,( agent.circuit-id=1 ) client 端能夠正常的取得 ip,
1/2 lease time 的 request 也都正常,server 有正常回應 ack。
但在 class != "vlan1" (eg. vlan2 ) 的情況下,( agent.circuit-id!=1 )
client 第一次透過 discovery 取得 ip 之後,不論是 1/2, 3/4, 還是 7/8 的
lease time 都無法透過 request 繼續更新,直到 lease time 完全用完,
重新 discovery。
此時 client 端和 server 端安裝 wireshark/ethereal 監看,client 有發出 request
封包,server 也有收到 request,但是 server 就是沒有發出相對應的回應 ack。
我用的是 ISC dhcpd-3.0.7 版本,client 用的是 windows xp sp2,
以下是我的 /etc/dhcpd config 檔,不知道各位先進有什麼看法,
還是說設定檔有誤,感謝回應。
--
log-facility local6;
ddns-update-style none;
default-lease-time 180;
max-lease-time 600;
shared-network subnet100{
class "vlan100" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "100" ;}
class "vlan200" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "200" ;}
class "vlan1" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "1" ;}
class "vlan2" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "2" ;}
class "vlan4094" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "4094" ;}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan100";
range 192.168.3.20 192.168.3.22;
option subnet-mask 255.255.255.0;
option nis-domain "vlan100";
option domain-name "vlan100";
option routers 192.168.3.253;
}
}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan200";
range 192.168.3.23 192.168.3.25;
option subnet-mask 255.255.255.0;
option nis-domain "vlan200";
option domain-name "vlan200";
option routers 192.168.3.253;
}
}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan2";
range 192.168.3.26 192.168.3.28;
option subnet-mask 255.255.255.0;
option nis-domain "vlan1";
option domain-name "vlan1";
option routers 192.168.3.253;
}
}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan1";
range 192.168.3.29 192.168.3.31;
option subnet-mask 255.255.255.0;
option nis-domain "vlan1";
option domain-name "vlan1";
option routers 192.168.3.253;
}
}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan4094";
range 192.168.3.32 192.168.3.34;
option subnet-mask 255.255.255.0;
option domain-name "vlan4094";
option routers 192.168.3.253;
}
}
#subnet 192.168.3.0 netmask 255.255.255.0 {
# pool {
# range 192.168.3.13 192.168.3.15;
# option subnet-mask 255.255.255.0;
# option nis-domain "novlan";
# option domain-name "novlan";
# option routers 192.168.3.253;
# }
#}
}
--
Tags:
Linux
All Comments
Related Posts
Ctrl+Alt+F1~F6後螢幕一片黑
By Thomas
at 2008-05-19T09:21
at 2008-05-19T09:21
Ubuntu 8.04筆電可不可以進行雙螢幕輸出
By Dinah
at 2008-05-19T08:59
at 2008-05-19T08:59
急問!server死掉了…journal recreate …
By Emily
at 2008-05-19T04:24
at 2008-05-19T04:24
不能開機orz
By Regina
at 2008-05-19T02:16
at 2008-05-19T02:16
X61用wubi裝ubuntu
By Megan
at 2008-05-19T00:33
at 2008-05-19T00:33