Linux

客戶端斷開連接時的 DHCPD 清潔租約

  • January 20, 2016

有沒有辦法在客戶端斷開連接後立即強制 ISC DHCPD 觸發過期或釋放靜態租賃?

我想在客戶端連接(“送出”DHCPD 事件)和斷開連接(“到期”或“釋放”DHCPD 事件)後立即觸發腳本。

雖然第一個像魅力一樣起作用,但後者永遠不會觸發。有什麼建議嗎?

編輯:一個配置片段(帶有測試腳本):

subnet 192.168.1.0 netmask 255.255.255.0 {
 range 192.168.1.40 192.168.1.49;

 on commit {
   set ip = binary-to-ascii (10, 8, ".", leased-address);
  execute ("/usr/local/bin/dhcp-test", "commit", ip);
 }
 on release {
   set ip = binary-to-ascii (10, 8, ".", leased-address);
   execute ("/usr/local/bin/dhcp-test", "release", ip);
 }
 on expiry {
   set ip = binary-to-ascii (10, 8, ".", leased-address);
   execute ("/usr/local/bin/dhcp-test", "expiry", ip);
 }
}

如果我理解正確,要進行靜態租約,您的配置中有類似的內容:

host static-1 {
   hardware ethernet 00:01:02:03:04:05;
   fixed-address 192.168.1.40;
}

這將按您的預期工作,但永遠不會釋放此 IP 地址(客戶端是否發送 DHCPRELEASE 無關緊要) - 因為從 dhcpd 的角度來看,它是靜態 IP。

您必須創建一個動態 IP(同樣,從 dhcpd 的角度來看),所以 dhcpd 將跟踪它。你可以這樣做:

# First create pseudo class
class "static-ip" { match suffix(hardware, 6); }

# Here you will declare all MAC of your clients and make it a subclass of "static-ip"
# class "<UNIQ-CLASSNAME>" { match if suffix(hardware, 6) = <CLIENT-MAC-ADDRESS>; } subclass "static-ip" <CLIENT-MAC-ADDRESS>;
# Example
class "static-1" { match if suffix(hardware, 6) = 00:01:02:03:04:05; } subclass "static-ip" 00:01:02:03:04:05;

# Next allocate an address for every client (inside subnet declaration):

subnet 192.168.1.0 netmask 255.255.255.0 {
 on commit {
   set ip = binary-to-ascii (10, 8, ".", leased-address);
  execute ("/usr/local/bin/dhcp-test", "commit", ip);
 }
 on release {
   set ip = binary-to-ascii (10, 8, ".", leased-address);
   execute ("/usr/local/bin/dhcp-test", "release", ip);
 }
 on expiry {
   set ip = binary-to-ascii (10, 8, ".", leased-address);
   execute ("/usr/local/bin/dhcp-test", "expiry", ip);
 }

# pool { range <ip-addr>; allow members of "<UNIQ-CLASSNAME>"; }
  pool { range 192.168.1.40; allow members of "static-1"; }
# pool { range 192.168.1.41; allow members of "static-2"; }
#... so on
}

為了使您的配置更加靈活,您可以將 class-subclass 和 pool-range 聲明放入不同的文件中,並將它們包含在 main dhcpd.conf 中

#dhcpd.conf
authoritative;
min-lease-time ...;
... etc.

include "/path/to/classes.conf";
include "/path/to/subnet.conf";

如您所見,我們將每個客戶端放入其自己的類中,並將其子類化為“static-ip”類。這是為了以防您想擁有另一個沒有靜態 IP 分配的子網,例如:

subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.10 192.168.2.100;
deny members of "static-ip";
}

然後,您必須拒絕具有靜態 IP 分配的客戶端才能從該子網獲取 IP(使用拒絕關鍵字)。

這樣您就可以獲得動態 IP(從 dhcpd 的角度來看),但實際上它永遠不會改變(從客戶端的角度來看)

引用自:https://serverfault.com/questions/562628

相關問答

Linux

如何強制 Linux 從 DHCP 伺服器重新獲取新的 IP 地址?

  • January 26, 2022
檢視問答
Linux

是否可以使用 iptables 阻止 dhcp 流量?

  • June 22, 2021
檢視問答
Linux

強制 DHCP 伺服器更新客戶端機器的 IP 地址,而不在客戶端機器上做任何事情

  • March 30, 2021
檢視問答
Linux

是否可以在一個介面上同時擁有靜態和動態 IPv6 地址?

  • November 30, 2020
檢視問答
Linux

我可以強制 dhcp 伺服器重新評估租約嗎?

  • January 29, 2019
檢視問答
Linux

從分發中排除子網?

  • November 2, 2018
檢視問答