假设我有一堆这样设置的主机:
host host2 { hardware ethernet 10:bf:48:xx:xx:xx; fixed-address 192.168.1.2; } host host3 { hardware ethernet 10:bf:48:xx:xx:xx; fixed-address 192.168.1.3; } # etc ... subnet 192.168.1.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.254; option domain-name-servers 8.8.8.8, 8.8.4.4; # Unknown test clients get this pool. pool { max-lease-time 1800; # 30 minutes range 192.168.1.100 192.168.1.250; allow unknown-clients; } # MyHosts nodes get this pool pool { max-lease-time 1800; range 192.168.1.1 192.168.1.20; allow members of MyHosts; deny unknown-clients; } } 我想把它们放到一个类中,并将它们分配给一个池,这样我就可以确保只有那些主机在这个池中被允许。
我试图将它们定义为:
class "MyHosts" { host host2 { hardware ethernet 10:bf:48:xx:xx:xx; fixed-address 192.168.1.2; } host host3 { hardware ethernet 10:bf:48:xx:xx:xx; fixed-address 192.168.1.3; } }
但这给了一个错误“主机声明不允许在这里”。
我该怎么做?
正如你发现的,你不能在class声明host 。 class声明只能包含match或match if语句。 如果您想使用class构造将您的客户端请求分组到类中,可以这样做:
class "MyHosts" { match hardware; } subclass "MyHosts" 1:10:bf:48:xx:xx:xx; # host2 subclass "MyHosts" 1:10:bf:48:xx:xx:xx; # host3
在上面,类中的match语句声明子类将被hardware属性匹配。 ( hardware评估为客户端的硬件types和MAC地址的连接;对于以太网客户端,硬件types为1,因此subclass语句的数据string中为1:前缀。)
当一个客户是一个子类的成员时,它也是父类的成员,所以现在你可以在你的pool声明中使用allow和deny子句,以确保MyHosts成员分配了来自所需池的IP,例如:
subnet 192.168.1.0 netmask 255.255.255.0 { ... pool { range 192.168.1.101 192.168.1.250; ... deny members of "MyHosts"; ... } pool { range 192.168.1.1 192.168.1.20; ... allow members of "MyHosts"; ... } }