DHCP / DHCP6

Jan Dušátko jan at dusatko.org
Tue May 5 13:00:51 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Ahoj
mam trochu obsahlejsi dotaz, tykajici se DHCP/DHCP6 a isc-dhcpd-server
balicku.
V soucasnosti pouzivam tento balicek pro pridelovani IPv4 adres a chci
zacit zkouset pridelovani IPv6, kde bych si chtel overit nektere
chovani. Vetsina provideru na IPv6 stale neni pripravena, takze
potrebuji vyresit i dalsi, souvisejici otazky, to je:
- - filtrovani IPv6
- - preklad IPv6-IPv4 a obracene
- - spravou adresaci v lokalni siti (fe80::?)

Pouzitelne IPv6 site by mely byt patrne z nasledujicich rozsahu, ale
zatim se v tom stale snazim zorientovat:
fe80::
fc00::
2000::

V tuto chvili muj DHCP server vypada nasledovne (viz nize), pouzivam
provazane DNS/DHCP a secure update. Range mam rozdelen na nekolik
rozmaskovatelnych oblasti, castecne z historickych duvodu. Do jednoho
poolu ted budu strkat mobily - androidy, jablicka a okna, ostatni jsou
pro dalsi zarizeni. Doporucil by mi nekdo rozumne reseni i pro IPv6
(idealne ukazka) nebo vhodne zdroje tak, aby mi uceni zabralo co nejmene
casu? Mel by nekdo cas na diskusi ohledne IPv6 i z hlediska ostatnich bodu?

Diky

Honza

authoritative;
min-lease-time 86400;
default-lease-time 604800;
max-lease-time 2419200;
ddns-updates on;
ddns-update-style interim;
allow declines;
allow booting;
allow bootp;
allow client-updates;
#ignore client-updates;
update-static-leases on;
one-lease-per-client true;
filename "pxelinux.0";
option primary-dns-suffix code 81 = string;
option custom-proxy-server code 252 = string;
log-facility local7;
ping-check true;
include "/usr/local/etc/namedb/ddns.key";

# network local
zone network.local. {
        primary 127.0.0.1;
        key DDNS_UPDATE;
        }

# network reverse reversed
zone 1.168.192.in-addr.arpa {
        primary 127.0.0.1;
        key DDNS_UPDATE;
        }

class "allocation-class-1" {
        match pick-first-value (option dhcp-client-identifier, hardware);
}
class "allocation-class-2" {
        match pick-first-value (option dhcp-client-identifier, hardware);
}
class "allocation-class-3" {
        match pick-first-value (option dhcp-client-identifier, hardware);
}
class "allocation-class-4" {
        match pick-first-value (option dhcp-client-identifier, hardware);
}
class "allocation-class-5" {
        match pick-first-value (option dhcp-client-identifier, hardware);
}

#Class server
subclass "allocation-class-1" 00:25:90:6d:01:98;
subclass "allocation-class-1" 00:25:90:6d:01:99;
subclass "allocation-class-1" 00:25:90:6d:01:9a;
subclass "allocation-class-1" 00:25:90:6d:01:9b;
#Class computer
subclass "allocation-class-2" 00:0E:2E:2F:2F:EA;
#Class notebook
subclass "allocation-class-3" A0:B3:CC:CA:84:A1;
#Class printserver
subclass "allocation-class-4" 00:30:C1:C0:92:FE;
#Class infrastructure
subclass "allocation-class-5" 64:66:B3:5F:8D:AF;

# Lokal net
subnet 192.168.1.0 netmask 255.255.255.0 {
        local-address 192.168.1.1;
        server-name "interni";
        server-identifier 192.168.1.1;
        option root-path "/image/";
        ddns-domainname "network.local";
        ddns-rev-domainname "1.168.192.in-addr.arpa";
        next-server 192.168.1.1;
        option routers 192.168.1.1;
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.1.255;
        option time-servers 192.168.1.1;
        option domain-name "network.local";
        option domain-search "network.local", "network.cz";
        option primary-dns-suffix "network.local";
        option domain-name-servers 192.168.1.1;
        option netbios-name-servers 192.168.1.1;
        option ntp-servers 192.168.1.1;
        option smtp-server 192.168.1.1;
        option pop-server 192.168.1.1;
        option nntp-server 192.168.1.1;
        option netbios-node-type 8;
        option slp-directory-agent on 192.168.1.1;
        option fqdn.server-update on;
        option custom-proxy-server "http://proxy.network.local/proxy.pac";
        # Servers pool 192.168.1.0/240
        pool {
                ddns-updates on;
                range 192.168.1.2 192.168.1.15;
                allow members of "allocation-class-1";
                deny unknown-clients;
                }

        # Reserved pool 192.168.1.16/240
        pool {
                ddns-updates on;
                range 192.168.1.17 192.168.1.31;
                deny unknown-clients;
                }

        # Computer pool 192.168.1.32/224
        pool {
                ddns-updates on;
                range 192.168.1.33 192.168.1.62;
                allow members of "allocation-class-2";
                deny unknown-clients;
                }

        # Notebook pool 192.168.1.64/192
        pool {
                ddns-updates on;
                range 192.168.1.65 192.168.1.126;
                allow members of "allocation-class-3";
                deny unknown-clients;
                }

        # Unknown clients pool 192.168.1.128/192
        pool {
                ddns-updates on;
                range 192.168.1.129 192.168.1.190;
                allow unknown-clients;
                }

        # Unknown clients pool 192.168.1.192/240
        pool {
                ddns-updates on;
                range 192.168.1.193 192.168.1.206;
                allow unknown-clients;
                }

        # Printer pool 192.168.1.208/240
        pool {
                ddns-updates on;
                range 192.168.1.209 192.168.1.222;
                allow members of "allocation-class-4";
                deny unknown-clients;
                }

        # Reserved pool 192.168.1.224/240
        pool {
                ddns-updates on;
                range 192.168.1.225 192.168.1.238;
                allow members of "allocation-class-5";
                deny unknown-clients;
                }

        # Infrastructure pool 192.168.1.240/240
        pool {
                deny unknown-clients;
                ddns-updates on;
                range 192.168.1.241 192.168.1.254;
                }

}

- -- 
Jan Dušátko

Phone:        +420 602 427 840
e-mail:        jan na dusatko.org
SkypeID:    darmodej
GPG:        http://www.dusatko.org/downloads/jdusatko.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQGcBAEBAgAGBQJVSKLjAAoJEJNLvk7lNbWFHN0L/iZYXuIKdBbVTy4jySkSRnCX
PHhlKhUMFwAw5U/n5IX1reqZrmmMv34Xqf4zNawYXkX05X890bQKaTOfCQBUvpSK
DtlXzieBbccBV8IgH3Os7NfbzoM8qi8ZX+alzuptanRMIfCb4ZjC4wrHvNI3I5LM
AJEqIzLvg4ohMZHjBA8MJM1LodeMC39dqUJelSzR1yUucE4Op1MKXrHVxKPrDaNj
xOng5Zq0bl6V/ijAdCJ46YkkgilgkPsEhv+6nawDmNpxWmoSBrQuV5TAc1/y3EJT
UWV5YKVJ3GrgwWZ+VPvapD33JVWFqfOA0N7vo/7Dv697JpfGFKthDSYR34BlYIzg
WaXYLPkOg2PXThPy45eDEtIewAOV8wG/ry0sPUUsQp2+K1NcN0agXIpWf3lcp9aZ
VBpZBVoNJKoQwTcUvVGzX1NFUOBqfRR90azPAn8GG7dKpwvlV7xInEgmu3K5u/f5
WtoTSAepQEVa+S8wBJKZLPgeAralrFMDnasH9kKhuA==
=iqn8
-----END PGP SIGNATURE-----



More information about the Users-l mailing list