dhcp-relay配置
总部的core有3条链路:1、wan通过222.222.222.222/24的地址与公网相连网关为222.222.222.221
2、down_to_br通过192.168.33.2/24与分支机构的up_to_core相连
3、co_office接总部办公网,地址为172.16.2.100/24
分支机构也有3条链路:
1、up_to_core通过192.168.33.1/24 与总部的 down_to_br相连
2、br_office接分支机构办公网,地址为172.16.1.99/24
技术实现要求:分支机构的办公网内有40台机器需要从总部的DHCP服务器上统一分发地址
搭建基本环境如下所示
> ip ad pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.33.1/24 192.168.33.0 192.168.33.255up_to_core
1 172.16.1.99/24 172.16.1.0 172.16.1.255 br_office
>
> ip ad pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.33.2/24 192.168.33.0 192.168.33.255down_to_br
1 172.16.2.100/24 172.16.2.0 172.16.2.255 co_office
2 222.222.222.222/24 222.222.222.0 222.222.222.255 wan
>
在分支机构路由器上的办公网接口口上启用dhcp-relay的监听,并指定dhcp server为总部的192.168.33.2
> ip dhcp relay
ambiguous input (dhcp)
> ip dhcp-relay ex
# sep/11/2008 16:37:21 by RouterOS 2.9.27
# software id = PL4E-P00
#
/ ip dhcp-relay
add name="relay1" interface=br_office dhcp-server=192.168.33.2 \
delay-threshold=none local-address=0.0.0.0 disabled=no
>
在配置dhcp-relay之前,需要先做通总部与分支机构之间个网段的路由,验证办法就是从总部的dhcp服务器能够ping通需要被分发的网关接口
具体做法可参考:
http://bbs.routerclub.com/thread-33544-1-1.html
本例为简便起见直接使用总部的core作为dhcp服务器,配置如下:
> ip po ex
# sep/11/2008 17:05:35 by RouterOS 2.9.27
# software id = PL4E-P00
#
/ ip pool
add name="dhcp" ranges=172.16.1.200-172.16.1.250
>
> ip dhcp-server ex
# sep/11/2008 17:06:30 by RouterOS 2.9.27
# software id = PL4E-P00
#
/ ip dhcp-server
add name="server1" interface=down_to_br lease-time=3d address-pool=dhcp \
bootp-support=static authoritative=after-2sec-delay disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
/ ip dhcp-server network
add address=172.16.1.0/24 gateway=172.16.1.99 dns-server=222.222.222.221 \
comment=""
>
理解要点:
1、dhcp服务的监听接口为被dhcp-relay指向的那个IP地址的接口
2、与配置本地dhcp服务器不同,分配地址池的各个选项参数均以远端relay监听的接口配置匹配而不是与本地的监听接口匹配
验证:
> ip dhcp-server le pr
Flags: X - disabled, R - radius, D - dynamic, B - blocked
# ADDRESS MAC-ADDRESS HOST-NAME SERVERRATE-LIMITSTATUS
0 D 172.16.1.250 00:1D:09:B8:1B:31 liangry-6... server1 bound
1 D 172.16.1.249 00:1C:23:98:94:8C weywang server1 bound
>
以上可以看到总部的服务器正确地分配了远端地址 学习了,正有研究
页:
[1]