Isc-Dhcp

如何將主機分配給 ISC DHCPD 中的類?

  • January 26, 2013

假設我有一堆這樣設置的主機:

host host2 { hardware ethernet 10:bf:48:xx:xx:xx; fixed-address 192.168.1.2; }
host host3 { hardware ethernet 10:bf:48:xx:xx:xx; fixed-address 192.168.1.3; }
# etc ...   

subnet 192.168.1.0 netmask 255.255.255.0 {
 option subnet-mask 255.255.255.0;
 option broadcast-address 192.168.1.255;
 option routers 192.168.1.254;
 option domain-name-servers 8.8.8.8, 8.8.4.4;

 # Unknown test clients get this pool.
 pool {
   max-lease-time 1800; # 30 minutes
   range 192.168.1.100 192.168.1.250;
   allow unknown-clients;
 }

 # MyHosts nodes get this pool
 pool {
   max-lease-time 1800;
   range 192.168.1.1 192.168.1.20;
   allow members of MyHosts;
   deny unknown-clients;
 }
}

我想將它們放入一個類並將它們分配給一個池,以便我可以確保該池中只允許那些主機。

我嘗試將它們定義為:

class "MyHosts" {
 host host2 { hardware ethernet 10:bf:48:xx:xx:xx; fixed-address 192.168.1.2; }
 host host3 { hardware ethernet 10:bf:48:xx:xx:xx; fixed-address 192.168.1.3; }
}

但這給出了一個錯誤“此處不允許主機聲明”。

我該怎麼做?

正如您所發現的,您不能host在 a 中聲明 s classclass聲明只能包含matchormatch if語句。如果您想使用class構造將您的客戶端請求分組到類中,您可以這樣做:

class "MyHosts" {
   match hardware;
}
subclass "MyHosts" 1:10:bf:48:xx:xx:xx;  # host2
subclass "MyHosts" 1:10:bf:48:xx:xx:xx;  # host3

在上面,match聲明中的class聲明子類將由hardware屬性匹配。(hardware評估為硬體類型和客戶端 MAC 地址的串聯;對於乙太網客戶端,硬體類型為 1,因此是語句1:數據字元串中的前綴。)subclass

當客戶端是子類的成員時,它也是父類的成員,因此現在您可以在聲明中使用allowanddeny子句pool來確保MyHosts從所需池中為成員分配 IP,例如:

subnet 192.168.1.0 netmask 255.255.255.0 {
   ...
   pool {
       range 192.168.1.101 192.168.1.250;
       ...
       deny members of "MyHosts";
       ...
   }
   pool {
       range 192.168.1.1 192.168.1.20;
       ...
       allow members of "MyHosts";
       ...
   }
}

引用自:https://serverfault.com/questions/472618