有沒有辦法強制 ISC DHCPD 在客戶端斷開連線後立即觸發靜態租約到期或釋放?
我想在客戶端連線(「提交時」DHCPD 事件)和斷開連線(「到期時」或「釋放時」DHCPD 事件)後立即觸發腳本。
雖然第一個像魅力一樣起作用,但後面的卻永遠不會觸發。有什麼建議嗎?
編輯:配置片段(附測試腳本):
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.40 192.168.1.49;
on commit {
set ip = binary-to-ascii (10, 8, ".", leased-address);
execute ("/usr/local/bin/dhcp-test", "commit", ip);
}
on release {
set ip = binary-to-ascii (10, 8, ".", leased-address);
execute ("/usr/local/bin/dhcp-test", "release", ip);
}
on expiry {
set ip = binary-to-ascii (10, 8, ".", leased-address);
execute ("/usr/local/bin/dhcp-test", "expiry", ip);
}
}
答案1
如果我正確瞭解,要進行靜態租賃,您的配置中應包含以下內容:
host static-1 {
hardware ethernet 00:01:02:03:04:05;
fixed-address 192.168.1.40;
}
這將按您的預期工作,但永遠不會釋放此 IP 位址(客戶端是否發送 DHCPRELEASE 並不重要) - 因為從 dhcpd 的角度來看它是靜態 IP。
您必須建立一個動態 IP(同樣,從 dhcpd 的角度來看),以便 dhcpd 會追蹤它。你可以這樣做:
# First create pseudo class
class "static-ip" { match suffix(hardware, 6); }
# Here you will declare all MAC of your clients and make it a subclass of "static-ip"
# class "<UNIQ-CLASSNAME>" { match if suffix(hardware, 6) = <CLIENT-MAC-ADDRESS>; } subclass "static-ip" <CLIENT-MAC-ADDRESS>;
# Example
class "static-1" { match if suffix(hardware, 6) = 00:01:02:03:04:05; } subclass "static-ip" 00:01:02:03:04:05;
# Next allocate an address for every client (inside subnet declaration):
subnet 192.168.1.0 netmask 255.255.255.0 {
on commit {
set ip = binary-to-ascii (10, 8, ".", leased-address);
execute ("/usr/local/bin/dhcp-test", "commit", ip);
}
on release {
set ip = binary-to-ascii (10, 8, ".", leased-address);
execute ("/usr/local/bin/dhcp-test", "release", ip);
}
on expiry {
set ip = binary-to-ascii (10, 8, ".", leased-address);
execute ("/usr/local/bin/dhcp-test", "expiry", ip);
}
# pool { range <ip-addr>; allow members of "<UNIQ-CLASSNAME>"; }
pool { range 192.168.1.40; allow members of "static-1"; }
# pool { range 192.168.1.41; allow members of "static-2"; }
#... so on
}
為了使配置更加靈活,您可以將類別子類別和池範圍聲明放入不同的檔案中包括它們進入主 dhcpd.conf
#dhcpd.conf
authoritative;
min-lease-time ...;
... etc.
include "/path/to/classes.conf";
include "/path/to/subnet.conf";
如您所看到的,我們將每個客戶端放入自己的類別中,並將其子類別化為「static-ip」類別。這是為了防止您想要另一個沒有靜態 IP 分配的子網,例如:
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.10 192.168.2.100;
deny members of "static-ip";
}
然後,您必須拒絕具有靜態 IP 指派的用戶端才能從該子網路取得 IP(使用否定關鍵字)。
這樣你就可以獲得動態IP(從dhcpd的角度來看),但實際上它永遠不會改變(從客戶端的角度來看)
答案2
DHCP 通常會保留租約直至到期時間,以嘗試向稍後重新連接的用戶端重新發出相同的租約。只有當新客戶對範圍產生壓力時,它才會開始釋放候選人。
這允許客戶端在再次連接時重新獲取相同的位址,而會話之間的間隔不會太長,並且看起來幾乎是靜態尋址。
在計時器到期之前,您的腳本可能不會(根據設計)觸發。您可以嘗試透過增加範圍內的爭用或減少計時器持續時間來加快流程來強制執行此操作。
答案3
感謝@TomTom,我更深入地研究了 RFC2131 並確認了靜態租約的這種行為:
...DHCP supports three mechanisms for IP address allocation. In
"automatic allocation", DHCP assigns a permanent IP address to a
client. In "dynamic allocation", DHCP assigns an IP address to a
client for a limited period of time (or until the client explicitly
relinquishes the address). In "manual allocation", a client's IP
address is assigned by the network administrator, and DHCP is used
simply to convey the assigned address to the client.
Dynamic allocation is the only one of the three mechanisms that
allows automatic reuse of an address that is no longer needed by the
client to which it was assigned...
之所以沒有早點發現,是因為「靜態租約“叫”永恆的「 RFC 和 Ctrl+F 內部沒有內建 AI(不幸的是)
因此,我仍在尋找一種有效的方法來處理與網路斷開連接的客戶端。