作者jcli (Sincerely Yours.)
看板Linux
标题[问题] DHCP Relay agent information 问题
时间Mon May 19 10:04:36 2008
Dear Sirs,
我的 DHCP server 透过了一台有
L2 DHCP snooping with relay agent information ( option 82 ) 的设备 (switch),
接入我的 client 端;
依据接入 port 的 PVID 不同,会在 client 封包中安插入不同的 agent information,
但是因不为 L3 设备,因此 giaddr 不会写入,仅新增 option 82 栏位提供给
DHCP server 分配 ip 之用。
在 class = "vlan1" 的情况下,( agent.circuit-id=1 ) client 端能够正常的取得 ip,
1/2 lease time 的 request 也都正常,server 有正常回应 ack。
但在 class != "vlan1" (eg. vlan2 ) 的情况下,( agent.circuit-id!=1 )
client 第一次透过 discovery 取得 ip 之後,不论是 1/2, 3/4, 还是 7/8 的
lease time 都无法透过 request 继续更新,直到 lease time 完全用完,
重新 discovery。
此时 client 端和 server 端安装 wireshark/ethereal 监看,client 有发出 request
封包,server 也有收到 request,但是 server 就是没有发出相对应的回应 ack。
我用的是 ISC dhcpd-3.0.7 版本,client 用的是 windows xp sp2,
以下是我的 /etc/dhcpd config 档,不知道各位先进有什麽看法,
还是说设定档有误,感谢回应。
--
log-facility local6;
ddns-update-style none;
default-lease-time 180;
max-lease-time 600;
shared-network subnet100{
class "vlan100" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "100" ;}
class "vlan200" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "200" ;}
class "vlan1" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "1" ;}
class "vlan2" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "2" ;}
class "vlan4094" {
match if binary-to-ascii (10, 16, "", substring( option
agent.circuit-id, 2, 2)) = "4094" ;}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan100";
range 192.168.3.20 192.168.3.22;
option subnet-mask 255.255.255.0;
option nis-domain "vlan100";
option domain-name "vlan100";
option routers 192.168.3.253;
}
}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan200";
range 192.168.3.23 192.168.3.25;
option subnet-mask 255.255.255.0;
option nis-domain "vlan200";
option domain-name "vlan200";
option routers 192.168.3.253;
}
}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan2";
range 192.168.3.26 192.168.3.28;
option subnet-mask 255.255.255.0;
option nis-domain "vlan1";
option domain-name "vlan1";
option routers 192.168.3.253;
}
}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan1";
range 192.168.3.29 192.168.3.31;
option subnet-mask 255.255.255.0;
option nis-domain "vlan1";
option domain-name "vlan1";
option routers 192.168.3.253;
}
}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members of "vlan4094";
range 192.168.3.32 192.168.3.34;
option subnet-mask 255.255.255.0;
option domain-name "vlan4094";
option routers 192.168.3.253;
}
}
#subnet 192.168.3.0 netmask 255.255.255.0 {
# pool {
# range 192.168.3.13 192.168.3.15;
# option subnet-mask 255.255.255.0;
# option nis-domain "novlan";
# option domain-name "novlan";
# option routers 192.168.3.253;
# }
#}
}
--
※ 发信站: 批踢踢实业坊(ptt.cc)
◆ From: 60.250.138.121