有没有办法强制ISC DHCPD触发客户端断开后过期或释放静态租赁权?
我想在客户端连接(“提交”DHCPD事件)和断开连接(“到期”或“释放”DHCPD事件)后立即触发脚本。
虽然第一个作品像魅力,后者永远不会触发。 任何build议?
编辑 :configurationsnipplet(与testing脚本):
subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.40 192.168.1.49; on commit { set ip = binary-to-ascii (10, 8, ".", leased-address); execute ("/usr/local/bin/dhcp-test", "commit", ip); } on release { set ip = binary-to-ascii (10, 8, ".", leased-address); execute ("/usr/local/bin/dhcp-test", "release", ip); } on expiry { set ip = binary-to-ascii (10, 8, ".", leased-address); execute ("/usr/local/bin/dhcp-test", "expiry", ip); } } 如果我正确理解,做一个静态的租约你有这样的东西在你的configuration:
host static-1 { hardware ethernet 00:01:02:03:04:05; fixed-address 192.168.1.40; }
这将按照您的预期工作,但不会释放此IP地址(客户端是否发送DHCPRELEASE并不重要) – 因为从dhcpd的angular度来看它是静态IP。
你必须创build一个DYNAMIC IP(同样,从dhcpd的angular度来看),所以dhcpd会跟踪它。 你可以这样做:
# First create pseudo class class "static-ip" { match suffix(hardware, 6); } # Here you will declare all MAC of your clients and make it a subclass of "static-ip" # class "<UNIQ-CLASSNAME>" { match if suffix(hardware, 6) = <CLIENT-MAC-ADDRESS>; } subclass "static-ip" <CLIENT-MAC-ADDRESS>; # Example class "static-1" { match if suffix(hardware, 6) = 00:01:02:03:04:05; } subclass "static-ip" 00:01:02:03:04:05; # Next allocate an address for every client (inside subnet declaration): subnet 192.168.1.0 netmask 255.255.255.0 { on commit { set ip = binary-to-ascii (10, 8, ".", leased-address); execute ("/usr/local/bin/dhcp-test", "commit", ip); } on release { set ip = binary-to-ascii (10, 8, ".", leased-address); execute ("/usr/local/bin/dhcp-test", "release", ip); } on expiry { set ip = binary-to-ascii (10, 8, ".", leased-address); execute ("/usr/local/bin/dhcp-test", "expiry", ip); } # pool { range <ip-addr>; allow members of "<UNIQ-CLASSNAME>"; } pool { range 192.168.1.40; allow members of "static-1"; } # pool { range 192.168.1.41; allow members of "static-2"; } #... so on }
为了使你的configuration更加灵活,你可以把class-subclass和pool-range声明放到不同的文件中,并把它们包含到主dhcpd.conf
#dhcpd.conf authoritative; min-lease-time ...; ... etc. include "/path/to/classes.conf"; include "/path/to/subnet.conf";
正如你所看到的,我们把每个客户端放到自己的类中,并将其分类到“static-ip”类中。 这是万一你想要另一个子网W / O静态IP分配,例如:
subnet 192.168.2.0 netmask 255.255.255.0 { range 192.168.2.10 192.168.2.100; deny members of "static-ip"; }
然后,您必须拒绝客户端使用静态IP分配从该子网获取IP(使用拒绝关键字)。
这样你就可以得到DYNAMIC IP(从dhcpd的angular度),但实际上它永远不会改变(从客户的angular度)
一般来说,DHCP一直保持租期,直到到期时间,试图重新发送同样的租约给稍后重新连接的客户端。 新客户面临压力时,才会开始释放候选人。
这允许客户端在重新连接时重新获取相同的地址,而不需要太长的会话之间的时间间隔,并且出现接近静态的寻址。
在定时器到期之前,你的脚本可能不会触发(通过devise)。 您可以尝试通过增加范围内的争用来强制执行此操作,或通过减less计时器持续时间来加快此过程。
感谢@TomTom,我深入了解了RFC2131,并确认了静态租约的这种行为:
...DHCP supports three mechanisms for IP address allocation. In "automatic allocation", DHCP assigns a permanent IP address to a client. In "dynamic allocation", DHCP assigns an IP address to a client for a limited period of time (or until the client explicitly relinquishes the address). In "manual allocation", a client's IP address is assigned by the network administrator, and DHCP is used simply to convey the assigned address to the client. Dynamic allocation is the only one of the three mechanisms that allows automatic reuse of an address that is no longer needed by the client to which it was assigned...
我之所以没有find它,是因为RFC和Ctrl + F中的“ 永久 ” 静态租约没有内置的AI(不幸的是)
所以我仍然在寻找一种能够处理断开networking的客户的工作方式。