Перейти до

option82 + несколько подсетей


Рекомендованные сообщения

Использую ubilling версии 0.5.4 rev 3484.

 

Настроил систему с поддержкой option82 и нескольких подсетей на разных vlan-ах.

 

Сейчас, когда система генерирует исключения из пула временных адресов по тегу  {DENYMEMBERS}, в список исключений попадают все хосты из всех подсетей. Это вызывает ошибку, так как в первой подсети определены классы только хостов из первой, а остальные не определены. Аналогично и для остальных подсетей.

 

Надо чтобы тег {DENYMEMBERS} генерировал исключения только для хостов той подсети, в конфиге которой он поставлен.

Ссылка на сообщение
Поделиться на других сайтах

Шаблоны и конфиги:
 
Глобальный шаблон стандартный.
Для каждой подсети задан индивидуальный конфиг:
подсеть 2:

subnet {NETWORK} netmask {MASK} {
default-lease-time 60;
option domain-name "synaps.com.ua";
option subnet-mask {MASK};
option routers {ROUTERS};
one-lease-per-client true;
deny duplicates;
deny leasequery;

include "/usr/local/etc/multinet/{HOSTS}";

pool {
{DENYMEMBERS}
range 10.76.2.248 10.76.2.254;
default-lease-time 10;
}

log(info, "==");
if exists agent.remote-id {
set clip = binary-to-ascii(10,8,".",leased-address);
set clremote = binary-to-ascii(16,8,"",option agent.remote-id);
set cid-vlan = binary-to-ascii(10,16,"",substring(option agent.circuit-id, 0, 2));
set cid-port = binary-to-ascii(10,8,"-",substring(option agent.circuit-id, 2, 3));
set clcircuit = concat(cid-vlan, concat( "-", cid-port));

log( info,concat("*Leased IP: ",clip, " SWITCH: ",clremote," PORT: ",clcircuit ," (with opt82)") );
} else {
set clhw = concat (
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
);

log( info,concat("*Leased IP: ",binary-to-ascii(10,8,".",leased-address), " MAC: ", clhw," (without opt82)") );
}
log(info, "==");

} 

Подсеть 4:

subnet {NETWORK} netmask {MASK} {
default-lease-time 60;
option domain-name "synaps.com.ua";
option subnet-mask {MASK};
option routers {ROUTERS};
one-lease-per-client true;
deny duplicates;
deny leasequery;

include "/usr/local/etc/multinet/{HOSTS}";

pool {
{DENYMEMBERS}
range 10.76.4.248 10.76.4.254;
default-lease-time 10;
}

log(info, "==");
if exists agent.remote-id {
set clip = binary-to-ascii(10,8,".",leased-address);
set clremote = binary-to-ascii(16,8,"",option agent.remote-id);
set cid-vlan = binary-to-ascii(10,16,"",substring(option agent.circuit-id, 0, 2));
set cid-port = binary-to-ascii(10,8,"-",substring(option agent.circuit-id, 2, 3));
set clcircuit = concat(cid-vlan, concat( "-", cid-port));

log( info,concat("*Leased IP: ",clip, " SWITCH: ",clremote," PORT: ",clcircuit ," (with opt82)") );
} else {
set clhw = concat (
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
);

log( info,concat("*Leased IP: ",binary-to-ascii(10,8,".",leased-address), " MAC: ", clhw," (without opt82)") );
}
log(info, "==");

} 

В результате получается такой dhcpd.conf:

... skip ...

subnet 10.76.2.0 netmask 255.255.255.0 {
default-lease-time 60;
option domain-name "synaps.com.ua";
option subnet-mask 255.255.255.0;
option routers 10.76.2.1;
one-lease-per-client true;
deny duplicates;
deny leasequery;

include "/usr/local/etc/multinet/net2";

pool {
deny members of "m10x76x2x3";
deny members of "m10x76x2x2";
deny members of "m10x76x2x4";
deny members of "m10x76x2x5";
deny members of "m10x76x2x7";
deny members of "m10x76x2x8";
deny members of "m10x76x2x9";
deny members of "m10x76x2x10";
deny members of "m10x76x2x11";
deny members of "m10x76x2x12";
deny members of "m10x76x2x13";
deny members of "m10x76x2x6";
deny members of "m10x76x2x14";
deny members of "m10x76x2x15";
deny members of "m10x76x2x16";
deny members of "m10x76x2x17";
deny members of "m10x76x2x18";
deny members of "m10x76x2x19";
deny members of "m10x76x2x20";
deny members of "m10x76x2x21";
deny members of "m10x76x2x22";
deny members of "m10x76x2x23";
deny members of "m10x76x2x24";
deny members of "m10x76x2x25";
deny members of "m10x76x2x26";
deny members of "m10x76x2x27";
deny members of "m10x76x2x28";
deny members of "m10x76x2x29";
deny members of "m10x76x2x30";
deny members of "m10x76x2x31";
deny members of "m10x76x2x32";
deny members of "m10x76x2x33";
deny members of "m10x76x2x34";
deny members of "m10x76x2x35";
deny members of "m10x76x2x36";
deny members of "m10x76x2x37";
deny members of "m10x76x2x38";
deny members of "m10x76x2x39";
deny members of "m10x76x2x40";
deny members of "m10x76x2x41";
deny members of "m10x76x2x42";
deny members of "m10x76x2x43";
deny members of "m10x76x2x44";
deny members of "m10x76x2x45";
deny members of "m10x76x2x46";
deny members of "m10x76x2x47";
deny members of "m10x76x2x48";
deny members of "m10x76x2x49";
deny members of "m10x76x2x50";
deny members of "m10x76x2x51";
deny members of "m10x76x2x52";
deny members of "m10x76x2x53";
deny members of "m10x76x2x54";
deny members of "m10x76x2x55";
deny members of "m10x76x2x56";
deny members of "m10x76x2x57";
deny members of "m10x76x2x58";
deny members of "m10x76x2x59";
deny members of "m10x76x2x60";
deny members of "m10x76x2x61";
deny members of "m10x76x2x62";
deny members of "m10x76x2x63";
deny members of "m10x76x2x64";
deny members of "m10x76x2x65";
deny members of "m10x76x2x66";
deny members of "m10x76x2x67";
deny members of "m10x76x2x68";
deny members of "m10x76x2x69";
deny members of "m10x76x2x70";
deny members of "m10x76x2x71";
deny members of "m10x76x2x72";
deny members of "m10x76x2x73";
deny members of "m10x76x2x74";
deny members of "m10x76x2x75";
deny members of "m10x76x2x76";
deny members of "m10x76x2x77";
deny members of "m10x76x2x78";
deny members of "m10x76x2x79";
deny members of "m10x76x2x80";
deny members of "m10x76x2x81";
deny members of "m10x76x3x2";
deny members of "m10x76x4x2";

range 10.76.2.248 10.76.2.254;
default-lease-time 10;
}

log(info, "==");
if exists agent.remote-id {
set clip = binary-to-ascii(10,8,".",leased-address);
set clremote = binary-to-ascii(16,8,"",option agent.remote-id);
set cid-vlan = binary-to-ascii(10,16,"",substring(option agent.circuit-id, 0, 2));
set cid-port = binary-to-ascii(10,8,"-",substring(option agent.circuit-id, 2, 3));
set clcircuit = concat(cid-vlan, concat( "-", cid-port));

log( info,concat("*Leased IP: ",clip, " SWITCH: ",clremote," PORT: ",clcircuit ," (with opt82)") );
} else {
set clhw = concat (
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
);

log( info,concat("*Leased IP: ",binary-to-ascii(10,8,".",leased-address), " MAC: ", clhw," (without opt82)") );
}
log(info, "==");

}
subnet 10.76.3.0 netmask 255.255.255.0 {
default-lease-time 60;
option domain-name "synaps.com.ua";
option subnet-mask 255.255.255.0;
option routers 10.76.3.1;
one-lease-per-client true;
deny duplicates;
deny leasequery;

include "/usr/local/etc/multinet/net3";

pool {
deny members of "m10x76x2x3";
deny members of "m10x76x2x2";
deny members of "m10x76x2x4";
deny members of "m10x76x2x5";
deny members of "m10x76x2x7";
deny members of "m10x76x2x8";
deny members of "m10x76x2x9";
deny members of "m10x76x2x10";
deny members of "m10x76x2x11";
deny members of "m10x76x2x12";
deny members of "m10x76x2x13";
deny members of "m10x76x2x6";
deny members of "m10x76x2x14";
deny members of "m10x76x2x15";
deny members of "m10x76x2x16";
deny members of "m10x76x2x17";
deny members of "m10x76x2x18";
deny members of "m10x76x2x19";
deny members of "m10x76x2x20";
deny members of "m10x76x2x21";
deny members of "m10x76x2x22";
deny members of "m10x76x2x23";
deny members of "m10x76x2x24";
deny members of "m10x76x2x25";
deny members of "m10x76x2x26";
deny members of "m10x76x2x27";
deny members of "m10x76x2x28";
deny members of "m10x76x2x29";
deny members of "m10x76x2x30";
deny members of "m10x76x2x31";
deny members of "m10x76x2x32";
deny members of "m10x76x2x33";
deny members of "m10x76x2x34";
deny members of "m10x76x2x35";
deny members of "m10x76x2x36";
deny members of "m10x76x2x37";
deny members of "m10x76x2x38";
deny members of "m10x76x2x39";
deny members of "m10x76x2x40";
deny members of "m10x76x2x41";
deny members of "m10x76x2x42";
deny members of "m10x76x2x43";
deny members of "m10x76x2x44";
deny members of "m10x76x2x45";
deny members of "m10x76x2x46";
deny members of "m10x76x2x47";
deny members of "m10x76x2x48";
deny members of "m10x76x2x49";
deny members of "m10x76x2x50";
deny members of "m10x76x2x51";
deny members of "m10x76x2x52";
deny members of "m10x76x2x53";
deny members of "m10x76x2x54";
deny members of "m10x76x2x55";
deny members of "m10x76x2x56";
deny members of "m10x76x2x57";
deny members of "m10x76x2x58";
deny members of "m10x76x2x59";
deny members of "m10x76x2x60";
deny members of "m10x76x2x61";
deny members of "m10x76x2x62";
deny members of "m10x76x2x63";
deny members of "m10x76x2x64";
deny members of "m10x76x2x65";
deny members of "m10x76x2x66";
deny members of "m10x76x2x67";
deny members of "m10x76x2x68";
deny members of "m10x76x2x69";
deny members of "m10x76x2x70";
deny members of "m10x76x2x71";
deny members of "m10x76x2x72";
deny members of "m10x76x2x73";
deny members of "m10x76x2x74";
deny members of "m10x76x2x75";
deny members of "m10x76x2x76";
deny members of "m10x76x2x77";
deny members of "m10x76x2x78";
deny members of "m10x76x2x79";
deny members of "m10x76x2x80";
deny members of "m10x76x2x81";
deny members of "m10x76x3x2";
deny members of "m10x76x4x2";

range 10.76.3.248 10.76.3.254;
default-lease-time 10;
}

log(info, "==");
if exists agent.remote-id {
set clip = binary-to-ascii(10,8,".",leased-address);
set clremote = binary-to-ascii(16,8,"",option agent.remote-id);
set cid-vlan = binary-to-ascii(10,16,"",substring(option agent.circuit-id, 0, 2));
set cid-port = binary-to-ascii(10,8,"-",substring(option agent.circuit-id, 2, 3));
set clcircuit = concat(cid-vlan, concat( "-", cid-port));

log( info,concat("*Leased IP: ",clip, " SWITCH: ",clremote," PORT: ",clcircuit ," (with opt82)") );
} else {
set clhw = concat (
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
);

log( info,concat("*Leased IP: ",binary-to-ascii(10,8,".",leased-address), " MAC: ", clhw," (without opt82)") );
}
log(info, "==");

}
subnet 10.76.4.0 netmask 255.255.255.0 {
default-lease-time 60;
option domain-name "synaps.com.ua";
option subnet-mask 255.255.255.0;
option routers 10.76.4.1;
one-lease-per-client true;
deny duplicates;
deny leasequery;

include "/usr/local/etc/multinet/net4";

pool {
deny members of "m10x76x2x3";
deny members of "m10x76x2x2";
deny members of "m10x76x2x4";
deny members of "m10x76x2x5";
deny members of "m10x76x2x7";
deny members of "m10x76x2x8";
deny members of "m10x76x2x9";
deny members of "m10x76x2x10";
deny members of "m10x76x2x11";
deny members of "m10x76x2x12";
deny members of "m10x76x2x13";
deny members of "m10x76x2x6";
deny members of "m10x76x2x14";
deny members of "m10x76x2x15";
deny members of "m10x76x2x16";
deny members of "m10x76x2x17";
deny members of "m10x76x2x18";
deny members of "m10x76x2x19";
deny members of "m10x76x2x20";
deny members of "m10x76x2x21";
deny members of "m10x76x2x22";
deny members of "m10x76x2x23";
deny members of "m10x76x2x24";
deny members of "m10x76x2x25";
deny members of "m10x76x2x26";
deny members of "m10x76x2x27";
deny members of "m10x76x2x28";
deny members of "m10x76x2x29";
deny members of "m10x76x2x30";
deny members of "m10x76x2x31";
deny members of "m10x76x2x32";
deny members of "m10x76x2x33";
deny members of "m10x76x2x34";
deny members of "m10x76x2x35";
deny members of "m10x76x2x36";
deny members of "m10x76x2x37";
deny members of "m10x76x2x38";
deny members of "m10x76x2x39";
deny members of "m10x76x2x40";
deny members of "m10x76x2x41";
deny members of "m10x76x2x42";
deny members of "m10x76x2x43";
deny members of "m10x76x2x44";
deny members of "m10x76x2x45";
deny members of "m10x76x2x46";
deny members of "m10x76x2x47";
deny members of "m10x76x2x48";
deny members of "m10x76x2x49";
deny members of "m10x76x2x50";
deny members of "m10x76x2x51";
deny members of "m10x76x2x52";
deny members of "m10x76x2x53";
deny members of "m10x76x2x54";
deny members of "m10x76x2x55";
deny members of "m10x76x2x56";
deny members of "m10x76x2x57";
deny members of "m10x76x2x58";
deny members of "m10x76x2x59";
deny members of "m10x76x2x60";
deny members of "m10x76x2x61";
deny members of "m10x76x2x62";
deny members of "m10x76x2x63";
deny members of "m10x76x2x64";
deny members of "m10x76x2x65";
deny members of "m10x76x2x66";
deny members of "m10x76x2x67";
deny members of "m10x76x2x68";
deny members of "m10x76x2x69";
deny members of "m10x76x2x70";
deny members of "m10x76x2x71";
deny members of "m10x76x2x72";
deny members of "m10x76x2x73";
deny members of "m10x76x2x74";
deny members of "m10x76x2x75";
deny members of "m10x76x2x76";
deny members of "m10x76x2x77";
deny members of "m10x76x2x78";
deny members of "m10x76x2x79";
deny members of "m10x76x2x80";
deny members of "m10x76x2x81";
deny members of "m10x76x3x2";
deny members of "m10x76x4x2";

range 10.76.4.248 10.76.4.254;
default-lease-time 10;
}

log(info, "==");
if exists agent.remote-id {
set clip = binary-to-ascii(10,8,".",leased-address);
set clremote = binary-to-ascii(16,8,"",option agent.remote-id);
set cid-vlan = binary-to-ascii(10,16,"",substring(option agent.circuit-id, 0, 2));
set cid-port = binary-to-ascii(10,8,"-",substring(option agent.circuit-id, 2, 3));
set clcircuit = concat(cid-vlan, concat( "-", cid-port));

log( info,concat("*Leased IP: ",clip, " SWITCH: ",clremote," PORT: ",clcircuit ," (with opt82)") );
} else {
set clhw = concat (
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
);

log( info,concat("*Leased IP: ",binary-to-ascii(10,8,".",leased-address), " MAC: ", clhw," (without opt82)") );
}
log(info, "==");

}

... skip ...

Как видно, в каждой подсети прописывается deny members of для всех хостов из всех подсетей. При обработке конфига подсети 10.76.2.0 dhcpd дает сообщение об ошибке, так как классы "m10x76x3x2" и "m10x76x4x2" прописаны в файлах других подсетей.

Корректно было бы прописывать только классы хостов из подсети, для которой генерируется данный кусок конфига.

Ссылка на сообщение
Поделиться на других сайтах

Макрос {DENYMEMBERS} нужен для запрещения выдачи айпишек динамикой из какого-то одного пула для неизвестного оборудования, собственно да - для всех известных хостов. Почему он у вас раскидан по всему конфигу - понятия не имею.

Логика простая и понятная - сверху вниз:

1. Повыдавали айпишек всем извесным  из {SUBNETS}

2. После чего в случае надобности, раскидали веером динамику попутно запрещая все что выше в виде {DENYMEMBERS}

Ссылка на сообщение
Поделиться на других сайтах

Макрос {DENYMEMBERS} нужен для запрещения выдачи айпишек динамикой из какого-то одного пула для неизвестного оборудования, собственно да - для всех известных хостов. Почему он у вас раскидан по всему конфигу - понятия не имею.

Логика простая и понятная - сверху вниз:

1. Повыдавали айпишек всем извесным  из {SUBNETS}

2. После чего в случае надобности, раскидали веером динамику попутно запрещая все что выше в виде {DENYMEMBERS}

Потому что пул определяется для каждой подсети отдельно. У меня из пула выдаются временные IP для незарегистрированных клиентов. Без временных IP не работает привязка option82.

В моей конфигурации несколько подсетей на разных интерфейсах.

Ссылка на сообщение
Поделиться на других сайтах

Написал скрипт-костыль, который чистит лишнее в dhcpd.conf. Может пригодится кому-то.

#!/usr/bin/perl

use strict;

my $bfilename = "/usr/local/etc/multinet/dhcpd.conf.bak";
my $filename = "/usr/local/etc/multinet/dhcpd.conf";
my $encoding = ":encoding(UTF-8)";
my $handle = undef; # this will be filled in on success
open($handle, "< $encoding", $filename) || die "$0: can't open $filename for reading: $!";
my @subnetip;

my $ofilename = "/usr/local/etc/multinet/dhcpdnew.conf";
my $ohandle = undef;
open($ohandle, "> $encoding", $ofilename) || die "$0: can't open $filename for reading: $!";

while(<$handle>) {
    my $line = $_;
    my @fields = split / /,$line;

    if ( $fields[0] eq "subnet" ) {
        @subnetip = split /\./,$fields[1];
    }
    elsif ( ($fields[0] eq "deny") and ($fields[1] eq "members") and ($fields[2] eq "of")  ) {
        my @classip = ($fields[3] =~ /\D*(\d+)\D+(\d+)\D+(\d+)\D+(\d+)\D*/);
        if ( $subnetip[0] == $classip[0] and $subnetip[1] == $classip[1] and $subnetip[2] == $classip[2] ) {
        }
        else {
            next;
        }
    }
    print {$ohandle} $line;
}

close($handle);
close($ohandle);

system("mv $filename $bfilename");
system("mv $ofilename $filename");
system("chown www $filename");

exit 0;

Скрипт надо вызывать из файла /usr/local/etc/rc.d/isc-dhcpd. Я добавил его вызов в функцию dhcpd_checkconfig.

Ссылка на сообщение
Поделиться на других сайтах

Создайте аккаунт или войдите в него для комментирования

Вы должны быть пользователем, чтобы оставить комментарий

Создать аккаунт

Зарегистрируйтесь для получения аккаунта. Это просто!

Зарегистрировать аккаунт

Вхід

Уже зарегистрированы? Войдите здесь.

Войти сейчас
  • Зараз на сторінці   0 користувачів

    Немає користувачів, що переглядають цю сторінку.

  • Схожий контент

    • Від ibrokeit
      Вітаю!
      Зіштовхнулися з проблемою із вланами на ZTE C300 (2.1.0) GTGHK.
      Загалом все працює нормально, але в окремих вланах просто перестає бігати трафіг, на ону відстутні мак-адреси, хоча статус порта full-1000.
      Якщо із таким же конфігом перевести ону в інший влан — все починає працювати (до певного часу). Виглядає так, що спрацьовує якесь блокування по номеру влану на рівні spanning-tree або детектора кілець (перше відключено, інше, якщо відключати — ситуацію не міняє).
      Чи може хтось підказати в якому напрямі копати рішення проблеми?
      Дякую
    • Від Georgianairlink
      нужен OID, чтобы увидеть это с помощью snmp
      interface TGigaEthernet0/1 description test switchport trunk vlan-allowed 352,362,365,509,514-515,518,528,565-566,590 switchport trunk vlan-allowed add 720-723,1543-1546,2021,2201,2208,2378,2441 switchport trunk vlan-untagged 1 switchport mode trunk  
    • Від subhan
      У нас есть сервер Ubilling. к которому соединены 5 брасов. Каждый Nas работает по отдельному влану. В вланах браса в определенное время мы видим пустой трафик который поднимается. Например в норме если 200мб то 500мб. В влане котором видится пустое поднятие трафика, также и поднимается трафик во всех портах свитча. Это исправляется на время только при ребуте определенного Nas. Проблема раньше была только в одном Nas-э, щас и на других Nas-ах тоже данная проблема. Это проблема только наблюдается во вланах которые подключены в Ubilling.

      Можете пожалуйста, помочь в данной проблеме.
    • Від allex21boy
      Привет. Есть проблема, и я не могу ее решить! OLT ZTE C300, это ONU, зарегистрированные на 2 vlan. Необходимо удалить 1 vlan. Пожалуйста помогите.
    • Від rusol
      Добрый вечер.
       
      Есть от провайдера блок реальных адресов, к примеру 100.1.1.192/26
       
      Раньше сеть была в одном влане и записи в /etc/rc.conf были такие:

       
      ifconfig_ix0="inet 192.168.0.1 netmask 255.255.255.0" # Шлюз для пользователей с локальным IP ifconfig_ix0_alias0="inet 100.1.1.193 netmask 255.255.255.192" # Шлюз для пользователей с реальными IP  
      После чего стала задача часть пользователей переводить во вланы тоже с разделением на локальные IP и реальные, первый влан создал где-то пару лет назад и все работает:
       
      ifconfig_vlan1="vlan 1 vlandev ix0 192.168.1.1 netmask 255.255.255.0" # Шлюз для пользователей с локальным IP во Влане 1 ifconfig_vlan1_alias0="inet 100.1.1.248 netmask 255.255.255.248" # Шлюз для пользователей с реальными IP  во Влане 1  
      И вот стоит задача создать еще один влан, делаю по аналогии с вланом 1, только маску смещаю назад:
       
      ifconfig_vlan1="vlan 1 vlandev ix0 192.168.1.1 netmask 255.255.255.0" # Шлюз для пользователей с локальным IP во Влане 2 ifconfig_vlan1_alias0="inet 100.1.1.246 netmask 255.255.255.254" # Шлюз для пользователей с реальными IP во Влане 2  
      Когда я вношу это в /etc/rc.conf и прописал команду:
       
      ifconfig vlan2 create  
      Все заработало.
       
      Но как только перезагрузился сервер, перестали работать реальные IP без вланов, в первом влане и во втором. Не пойму что не так делаю, возможно я с маской подсети что-то недопонимаю...
×
×
  • Створити нове...