在NCS上配DHCP Relay和DHCP Server,先说Server吧
1、配置本机的IP pool
#configure
(config)#pool vrf default ipv4 Pool_1
#/* Configures an IPv4 pool for the specifed VRF or all VRFs. Use the 'ipv6' keyword for IPv6 pool. */
(config-pool-ipv4)# address-range 10.111.1.3 10.111.1.254
#/*Specifies ip address range for allocation. */
(config-pool-ipv4)#network 10.111.1.0
#/* Specifies network for allocation. */
上面两条配置任意一条
2、配置DHCP Server Profile
#configure
router(config)#dhcp ipv4
/* The 'dhcp ipv6' command configures DHCP for IPv6 and enters the DHCPv6 configuration submode. */
router(config-dhcpv4)#profile ISP_1 server
/* Enters the server profile configuration mode. */
router(config-dhcpv4-server-profile)# lease 0 0 5
router(config-dhcpv4-server-profile)# pool Pool_1
#/* Configures the DAPS pool name. */
router(config-dhcpv4-server-profile)#dns-server 8.8.8.8 8.8.4.4
#或者DNS域名
router(config-dhcpv4-server-profile)domain-name xxx.com
router(config-dhcpv4-server-profile)subnet-mask 255.255.255.0
router(config-dhcpv4-server-profile)default-router 10.111.1.1
router(config-dhcpv4-server-profile)#class ISP1_CLASS
#/* Creates and enters the server profile class. */
router(config-dhcpv4-server-profile-class)#pool ISP1_CLASS_POOL
#/* Configures the pool name. */
router(config-dhcpv4-server-profile-class)#match option 60 hex PXEClient_2
#/* DHCP server selects a pool from a class by matching options in the received DISCOVER packet with the match option. */
router(config-dhcpv4-server-profile-class)#exit
router(config-dhcpv4-server-profile)#exit
router(config-dhcpv4)#commit
3、绑定端口
Router(config)# dhcp ipv4
Router(config-dhcpv4)#interface Te0/0/0/0 server profile ISP_1 server
4、校验
RP/0/RP0/CPU0:ncs01#sh dhcp ipv4 server statistics detail
Thu Nov 28 15:43:40.194 UTC
DHCP IPv4 Proxy/Server Statistics for VRF default:
TYPE | RECEIVE | TRANSMIT | DROP |
-------------------------------------------------------------------
DISCOVER | 7507 | 0 | 7139 |
OFFER | 0 | 303 | 0 |
REQUEST | 100707 | 0 | 87920 |
DECLINE | 0 | 0 | 0 |
ACK | 0 | 12787 | 0 |
NAK | 0 | 0 | 0 |
RELEASE | 3 | 0 | 0 |
INFORM | 0 | 0 | 0 |
LEASEQUERY | 0 | 0 | 0 |
LEASEUNASSIGNED | 0 | 0 | 0 |
LEASEUNKNOWN | 0 | 0 | 0 |
LEASEACTIVE | 0 | 0 | 0 |
BOOTP-REQUEST | 0 | 0 | 0 |
BOOTP-REPLY | 0 | 0 | 0 |
再说DHCP Relay
1、创建Relay Profile
Router(config)# dhcp ipv4
#/* Configures DHCP for IPv4 and enters the DHCPv4 configuration submode. */
Router(config-dhcpv4)# profile r1 relay
#/* Enables DHCP relay profile */
Router(config-dhcpv4-relay-profile)# helper-address vrf A 10.10.10.1 giaddr 40.1.1.2
Router(config-dhcpv4-relay-profile)# broadcast-flag policy check
#/* Configures VRF addresses for forwarding UDP broadcasts, including DHCP. */
Router(config-dhcpv4-relay-profile)# relay information option vpn Router(config-dhcpv4-relay-profile)# relay information option vpn-mode rfc
#/* Inserts the DHCP relay agent information option (option-82 field) in forwarded BOOTREQUEST messages to a DHCP server. */
Router(config-dhcpv4-relay-profile)# relay information option allow-untrusted
/* (Optional) Configures the DHCP IPv4 Relay not to discard BOOTREQUEST packets that have an existing relay information option and the giaddr set to zero. */
Router(config-dhcpv4-relay-profile)# exit
2、绑定端口
Router(config-dhcpv4)# interface BVI 1 relay profile r1
Router(config-dhcpv4)# commit
#/* Configures DHCP relay on a BVI interface and commits the configuration */
3、校验
RP/0/RP0/CPU0:ncs01#sh dhcp ipv4 relay statistics detail
Thu Nov 28 15:43:55.123 UTC
DHCP IPv4 Relay Statistics for VRF default:
TYPE | RECEIVE | TRANSMIT | DROP |
-------------------------------------------------------------------
DISCOVER | 432456 | 996447 | 100307 |
OFFER | 396 | 396 | 0 |
REQUEST | 422 | 1188 | 26 |
DECLINE | 0 | 0 | 0 |
ACK | 381 | 381 | 0 |
NAK | 14 | 14 | 0 |
RELEASE | 0 | 0 | 0 |
INFORM | 0 | 0 | 0 |
LEASEQUERY | 0 | 0 | 0 |
LEASEUNASSIGNED | 0 | 0 | 0 |
LEASEUNKNOWN | 0 | 0 | 0 |
LEASEACTIVE | 0 | 0 | 0 |
BOOTP-REQUEST | 0 | 0 | 0 |
BOOTP-REPLY | 0 | 0 | 0 |
BOOTP-INVALID | 0 | 0 | 0 |
在DHCP服务器(KEA)上,查看DHCP注册信息:
[axing@kea-1 kea]$ tail -f /var/kea/kea-forensic4.20191128.txt
2019-11-28 16:07:34 GMT Address: xxx.xx.xxx.94 has been renewed for 1 days 0 hrs 0 mins 0 secs to a device with hardware address: hwtype=1 30:23:03:9b:07:2a, client-id: 01:30:23:03:9b:07:2a connected via relay at address: xxx.xx.xxx.1
2019-11-28 16:07:34 GMT Address: xxx.xx.xxx.94 has been renewed for 1 days 0 hrs 0 mins 0 secs to a device with hardware address: hwtype=1 30:23:03:9b:07:2a, client-id: 01:30:23:03:9b:07:2a connected via relay at address: xxx.xx.xxx.1
2019-11-28 16:08:29 GMT Address: xxx.xx.xxx.248 has been assigned for 1 days 0 hrs 0 mins 0 secs to a device with hardware address: hwtype=1 fc:aa:14:cd:00:2f, client-id: 01:fc:aa:14:cd:00:2f connected via relay at address: xxx.xx.xxx.1, identified by circuit-id: 6f:6c:30:31:2e:77:68:69:2e:6c:6f:6e:20:78:70:6f:6e:20:30:2f:31:2f:30:2f:30:3a:31:31:2e:31:2e:31:30:31
...
Tips:
relay information option allow-untrusted
必须配置,否则会丢弃Discover包;
端口下有第二地址的时候,需要指定地址,使用giaddr
helper-address vrf A 10.10.10.1 giaddr 40.1.1.2
配置范例:
RP/0/RP0/CPU0:ncs01#sh run dhcp ipv4
Thu Nov 28 15:37:51.001 UTC
dhcp ipv4
profile kea relay
helper-address vrf default xx.2.11.81 giaddr xxx.xx.xxx.1
helper-address vrf default xx.113.xx.8 giaddr xxx.xx.xxx.1
helper-address vrf default xx.113.xx.255 giaddr xxx.xx.xxx.1
relay information option allow-untrusted
!
profile Pool_23 server
lease 0 0 5
pool Pool_23
dns-server 8.8.8.8 8.8.4.4
domain-name xxx.co.uk
subnet-mask 255.255.254.0
default-router 10.xx.xx.1
!
interface Bundle-Ether5 server profile Pool_23
interface Bundle-Ether5.101 relay profile kea
!
pool vrf default ipv4 Pool_23
address-range 10.xxx.xx.3 10.xxx.xx.254
!
网友评论