[問題] DHCP Relay agent information 問題

看板Linux作者jcli (Sincerely Yours.)時間16年前 (2008/05/19 10:04)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

Dear Sirs, 我的 DHCP server 透過了一台有 L2 DHCP snooping with relay agent information ( option 82 ) 的設備 (switch)，接入我的 client 端；依據接入 port 的 PVID 不同，會在 client 封包中安插入不同的 agent information，但是因不為 L3 設備，因此 giaddr 不會寫入，僅新增 option 82 欄位提供給 DHCP server 分配 ip 之用。在 class = "vlan1" 的情況下，( agent.circuit-id=1 ) client 端能夠正常的取得 ip， 1/2 lease time 的 request 也都正常，server 有正常回應 ack。但在 class != "vlan1" (eg. vlan2 ) 的情況下，( agent.circuit-id!=1 ) client 第一次透過 discovery 取得 ip 之後，不論是 1/2, 3/4, 還是 7/8 的 lease time 都無法透過 request 繼續更新，直到 lease time 完全用完，重新 discovery。此時 client 端和 server 端安裝 wireshark/ethereal 監看，client 有發出 request 封包，server 也有收到 request，但是 server 就是沒有發出相對應的回應 ack。我用的是 ISC dhcpd-3.0.7 版本，client 用的是 windows xp sp2，以下是我的 /etc/dhcpd config 檔，不知道各位先進有什麼看法，還是說設定檔有誤，感謝回應。 -- log-facility local6; ddns-update-style none; default-lease-time 180; max-lease-time 600; shared-network subnet100{ class "vlan100" { match if binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2)) = "100" ;} class "vlan200" { match if binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2)) = "200" ;} class "vlan1" { match if binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2)) = "1" ;} class "vlan2" { match if binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2)) = "2" ;} class "vlan4094" { match if binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2)) = "4094" ;} subnet 192.168.3.0 netmask 255.255.255.0 { pool { allow members of "vlan100"; range 192.168.3.20 192.168.3.22; option subnet-mask 255.255.255.0; option nis-domain "vlan100"; option domain-name "vlan100"; option routers 192.168.3.253; } } subnet 192.168.3.0 netmask 255.255.255.0 { pool { allow members of "vlan200"; range 192.168.3.23 192.168.3.25; option subnet-mask 255.255.255.0; option nis-domain "vlan200"; option domain-name "vlan200"; option routers 192.168.3.253; } } subnet 192.168.3.0 netmask 255.255.255.0 { pool { allow members of "vlan2"; range 192.168.3.26 192.168.3.28; option subnet-mask 255.255.255.0; option nis-domain "vlan1"; option domain-name "vlan1"; option routers 192.168.3.253; } } subnet 192.168.3.0 netmask 255.255.255.0 { pool { allow members of "vlan1"; range 192.168.3.29 192.168.3.31; option subnet-mask 255.255.255.0; option nis-domain "vlan1"; option domain-name "vlan1"; option routers 192.168.3.253; } } subnet 192.168.3.0 netmask 255.255.255.0 { pool { allow members of "vlan4094"; range 192.168.3.32 192.168.3.34; option subnet-mask 255.255.255.0; option domain-name "vlan4094"; option routers 192.168.3.253; } } #subnet 192.168.3.0 netmask 255.255.255.0 { # pool { # range 192.168.3.13 192.168.3.15; # option subnet-mask 255.255.255.0; # option nis-domain "novlan"; # option domain-name "novlan"; # option routers 192.168.3.253; # } #} } -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 60.250.138.121