DHCP / DHCP6
Jan Dušátko
jan at dusatko.org
Tue May 5 13:00:51 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ahoj
mam trochu obsahlejsi dotaz, tykajici se DHCP/DHCP6 a isc-dhcpd-server
balicku.
V soucasnosti pouzivam tento balicek pro pridelovani IPv4 adres a chci
zacit zkouset pridelovani IPv6, kde bych si chtel overit nektere
chovani. Vetsina provideru na IPv6 stale neni pripravena, takze
potrebuji vyresit i dalsi, souvisejici otazky, to je:
- - filtrovani IPv6
- - preklad IPv6-IPv4 a obracene
- - spravou adresaci v lokalni siti (fe80::?)
Pouzitelne IPv6 site by mely byt patrne z nasledujicich rozsahu, ale
zatim se v tom stale snazim zorientovat:
fe80::
fc00::
2000::
V tuto chvili muj DHCP server vypada nasledovne (viz nize), pouzivam
provazane DNS/DHCP a secure update. Range mam rozdelen na nekolik
rozmaskovatelnych oblasti, castecne z historickych duvodu. Do jednoho
poolu ted budu strkat mobily - androidy, jablicka a okna, ostatni jsou
pro dalsi zarizeni. Doporucil by mi nekdo rozumne reseni i pro IPv6
(idealne ukazka) nebo vhodne zdroje tak, aby mi uceni zabralo co nejmene
casu? Mel by nekdo cas na diskusi ohledne IPv6 i z hlediska ostatnich bodu?
Diky
Honza
authoritative;
min-lease-time 86400;
default-lease-time 604800;
max-lease-time 2419200;
ddns-updates on;
ddns-update-style interim;
allow declines;
allow booting;
allow bootp;
allow client-updates;
#ignore client-updates;
update-static-leases on;
one-lease-per-client true;
filename "pxelinux.0";
option primary-dns-suffix code 81 = string;
option custom-proxy-server code 252 = string;
log-facility local7;
ping-check true;
include "/usr/local/etc/namedb/ddns.key";
# network local
zone network.local. {
primary 127.0.0.1;
key DDNS_UPDATE;
}
# network reverse reversed
zone 1.168.192.in-addr.arpa {
primary 127.0.0.1;
key DDNS_UPDATE;
}
class "allocation-class-1" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "allocation-class-2" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "allocation-class-3" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "allocation-class-4" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "allocation-class-5" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
#Class server
subclass "allocation-class-1" 00:25:90:6d:01:98;
subclass "allocation-class-1" 00:25:90:6d:01:99;
subclass "allocation-class-1" 00:25:90:6d:01:9a;
subclass "allocation-class-1" 00:25:90:6d:01:9b;
#Class computer
subclass "allocation-class-2" 00:0E:2E:2F:2F:EA;
#Class notebook
subclass "allocation-class-3" A0:B3:CC:CA:84:A1;
#Class printserver
subclass "allocation-class-4" 00:30:C1:C0:92:FE;
#Class infrastructure
subclass "allocation-class-5" 64:66:B3:5F:8D:AF;
# Lokal net
subnet 192.168.1.0 netmask 255.255.255.0 {
local-address 192.168.1.1;
server-name "interni";
server-identifier 192.168.1.1;
option root-path "/image/";
ddns-domainname "network.local";
ddns-rev-domainname "1.168.192.in-addr.arpa";
next-server 192.168.1.1;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option time-servers 192.168.1.1;
option domain-name "network.local";
option domain-search "network.local", "network.cz";
option primary-dns-suffix "network.local";
option domain-name-servers 192.168.1.1;
option netbios-name-servers 192.168.1.1;
option ntp-servers 192.168.1.1;
option smtp-server 192.168.1.1;
option pop-server 192.168.1.1;
option nntp-server 192.168.1.1;
option netbios-node-type 8;
option slp-directory-agent on 192.168.1.1;
option fqdn.server-update on;
option custom-proxy-server "http://proxy.network.local/proxy.pac";
# Servers pool 192.168.1.0/240
pool {
ddns-updates on;
range 192.168.1.2 192.168.1.15;
allow members of "allocation-class-1";
deny unknown-clients;
}
# Reserved pool 192.168.1.16/240
pool {
ddns-updates on;
range 192.168.1.17 192.168.1.31;
deny unknown-clients;
}
# Computer pool 192.168.1.32/224
pool {
ddns-updates on;
range 192.168.1.33 192.168.1.62;
allow members of "allocation-class-2";
deny unknown-clients;
}
# Notebook pool 192.168.1.64/192
pool {
ddns-updates on;
range 192.168.1.65 192.168.1.126;
allow members of "allocation-class-3";
deny unknown-clients;
}
# Unknown clients pool 192.168.1.128/192
pool {
ddns-updates on;
range 192.168.1.129 192.168.1.190;
allow unknown-clients;
}
# Unknown clients pool 192.168.1.192/240
pool {
ddns-updates on;
range 192.168.1.193 192.168.1.206;
allow unknown-clients;
}
# Printer pool 192.168.1.208/240
pool {
ddns-updates on;
range 192.168.1.209 192.168.1.222;
allow members of "allocation-class-4";
deny unknown-clients;
}
# Reserved pool 192.168.1.224/240
pool {
ddns-updates on;
range 192.168.1.225 192.168.1.238;
allow members of "allocation-class-5";
deny unknown-clients;
}
# Infrastructure pool 192.168.1.240/240
pool {
deny unknown-clients;
ddns-updates on;
range 192.168.1.241 192.168.1.254;
}
}
- --
Jan Dušátko
Phone: +420 602 427 840
e-mail: jan na dusatko.org
SkypeID: darmodej
GPG: http://www.dusatko.org/downloads/jdusatko.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQGcBAEBAgAGBQJVSKLjAAoJEJNLvk7lNbWFHN0L/iZYXuIKdBbVTy4jySkSRnCX
PHhlKhUMFwAw5U/n5IX1reqZrmmMv34Xqf4zNawYXkX05X890bQKaTOfCQBUvpSK
DtlXzieBbccBV8IgH3Os7NfbzoM8qi8ZX+alzuptanRMIfCb4ZjC4wrHvNI3I5LM
AJEqIzLvg4ohMZHjBA8MJM1LodeMC39dqUJelSzR1yUucE4Op1MKXrHVxKPrDaNj
xOng5Zq0bl6V/ijAdCJ46YkkgilgkPsEhv+6nawDmNpxWmoSBrQuV5TAc1/y3EJT
UWV5YKVJ3GrgwWZ+VPvapD33JVWFqfOA0N7vo/7Dv697JpfGFKthDSYR34BlYIzg
WaXYLPkOg2PXThPy45eDEtIewAOV8wG/ry0sPUUsQp2+K1NcN0agXIpWf3lcp9aZ
VBpZBVoNJKoQwTcUvVGzX1NFUOBqfRR90azPAn8GG7dKpwvlV7xInEgmu3K5u/f5
WtoTSAepQEVa+S8wBJKZLPgeAralrFMDnasH9kKhuA==
=iqn8
-----END PGP SIGNATURE-----
More information about the Users-l
mailing list