dhcpd option 82
dhcpd option 82
Просьба не жадных людей поделиться скриптом (на любом языке) генерации оного из файла/базы/(иже с ними) для допиливания или перепиливания своего
тоже собрался модернизировать сеть с применением opt 82
перечитал кучу инфы с инета
http://xgu.ru/wiki/DHCP
http://xgu.ru/wiki/Опция_82_DHCP
http://forum.nag.ru/forum/index.php?sho ... 28&hl=DHCP
http://forum.nag.ru/forum/index.php?sho ... =Option+82
http://forum.nag.ru/forum/index.php?sho ... =Option+82
http://forum.nag.ru/forum/index.php?sho ... =Option+82
интересен момент кто и как связывает DHCP с UTM , поделитесь опытом
перечитал кучу инфы с инета
http://xgu.ru/wiki/DHCP
http://xgu.ru/wiki/Опция_82_DHCP
http://forum.nag.ru/forum/index.php?sho ... 28&hl=DHCP
http://forum.nag.ru/forum/index.php?sho ... =Option+82
http://forum.nag.ru/forum/index.php?sho ... =Option+82
http://forum.nag.ru/forum/index.php?sho ... =Option+82
интересен момент кто и как связывает DHCP с UTM , поделитесь опытом
Смотреть тут:
http://www.netpatch.ru/dhcp2radius.html
http://www.netpatch.ru/dhcp2radius.html
Используйте FreeRadius, он умеет работать как DHCPAndrewE писал(а):Смотреть тут:
http://www.netpatch.ru/dhcp2radius.html
06.04.2011 - UPD: last small fix in sql + script.
Вернулся с отдыху - выкладываю то, что перед ним наваяли и убяг
вообщем вот кошмар быстро наваяный.
запрос с биллинга дёргает у пользователя ip из услуги "Локальная сеть", свич и порт из его профиля и кладёт файл в виде: #свич порт ip_клиента
сам скрипт.
на выходе:
Костылинг хуле.
Вернулся с отдыху - выкладываю то, что перед ним наваяли и убяг
вообщем вот кошмар быстро наваяный.
запрос с биллинга дёргает у пользователя ip из услуги "Локальная сеть", свич и порт из его профиля и кладёт файл в виде: #свич порт ip_клиента
За запрос благодарить моего начальника192.168.11.53 9 172.31.100.10
192.168.11.53 17 172.31.100.11
192.168.11.53 11 172.31.100.12
192.168.11.53 12 172.31.100.13
192.168.11.53 13 172.31.100.14
192.168.11.53 14 172.31.100.15
192.168.11.53 15 172.31.100.16
192.168.11.53 16 172.31.100.17
192.168.11.55 28 172.31.100.18
192.168.11.55 31 172.31.100.19
192.168.11.53 1 172.31.100.2
service_id = связка "Локальная сеть"select * from (
select
(
select
INET_NTOA(b.router_bin_ip & 0x00000000FFFFFFFF)
from
users a, routers_info b
where
b.id = a.remote_switch_id and a.id = c.user_id and a.is_deleted = 0
)
as
switch_ip,
(
select
a.port_number
from
users a
where
a.id = c.user_id and is_deleted = 0 and a.port_number > 0
)
as
switch_port,
(
select
INET_NTOA(a.ip & 0x00000000FFFFFFFF)
from
ip_groups a
where
a.ip_group_id =
(
select
a.ip_group_id
from
iptraffic_service_links a
where
a.id = c.id and is_deleted = 0
)
and is_deleted = 0
)
as
user_ip
from
service_links c
where
c.service_id = 5 and is_deleted = 0
order by
user_ip
) u
where
u.switch_ip is not NULL and u.switch_port is not NULL;
сам скрипт.
Код: Выделить всё
#!/usr/local/bin/bash
prefix=user_temp
suffix=`dd if=/dev/urandom bs=10 count=10 | tr -dc A-Za-z0-9_ | head -c8`
tmp_db=/tmp/$prefix.$suffix
tmp=/tmp/temp.$suffix
out_db=/tmp/dhcpd.conf
report=/tmp/dhcpd_report.txt
mv /usr/local/etc/dhcpd.conf /usr/local/etc/dhcpd.conf.old >/dev/null 2>&1
mysql --skip-column-names -h ВАШ_СЕРВЕР -D ВАША_БАЗА -u dhcp -p'ВАШ_ПАРОЛЬ' < /usr/local/etc/utm.sql > $tmp_db
cat $tmp_db | while read line
do
swip=`printf "$line" | awk '{print $1}'`
port=`printf "$line" | awk '{print $2}'`
ip=`printf "$line" | awk '{print $3}'`
oct_1=`printf "$ip" | awk -F. '{print $1}'`
oct_2=`printf "$ip" | awk -F. '{print $2}'`
oct_3=`printf "$ip" | awk -F. '{print $3}'`
echo "class \"match:$swip:port$port\"" >> $tmp
echo "{" >> $tmp
echo " match if binary-to-ascii(10, 8, \".\", packet(24, 4)) = \"$swip\"" >> $tmp
echo " and binary-to-ascii(10, 8, \"\", substring(option agent.circuit-id, 5, 1)) = \"$port\";" >> $tmp
echo "}" >> $tmp
echo -e "\n" >> $tmp
echo " subnet $oct_1.$oct_2.$oct_3.0 netmask 255.255.255.0 {" > $oct_1.$oct_2.$oct_3.$suffix
echo " option routers $oct_1.$oct_2.$oct_3.1;" >> $oct_1.$oct_2.$oct_3.$suffix #ниже волшебные маршутизации для xp и остальных. робят даже :D
echo " option ms-classless-static-routes 8 ,10, $oct_1,$oct_2,$oct_3,1, 12, 172,16, $oct_1,$oct_2,$oct_3,1, 16, 192,168, $oct_1,$oct_2,$oct_3,1;" >> $oct_1.$oct_2.$oct_3.$suffix
echo " option rfc3442-classless-static-routes 8 ,10, $oct_1,$oct_2,$oct_3,1, 12, 172,16, $oct_1,$oct_2,$oct_3,1, 16, 192,168, $oct_1,$oct_2,$oct_3,1;" >> $oct_1.$oct_2.$oct_3.$suffix
done
cat $tmp_db | while read line
do
swip=`printf "$line" | awk '{print $1}'`
port=`printf "$line" | awk '{print $2}'`
ip=`printf "$line" | awk '{print $3}'`
oct_1=`printf "$ip" | awk -F. '{print $1}'`
oct_2=`printf "$ip" | awk -F. '{print $2}'`
oct_3=`printf "$ip" | awk -F. '{print $3}'`
echo " pool { range $ip; allow members of \"match:$swip:port$port\"; }" >> $oct_1.$oct_2.$oct_3.$suffix
done
echo "#dhcpd config file" > $out_db
echo -e "\n" >> $out_db
echo "authoritative;" >> $out_db
echo -e "\n" >> $out_db
echo "default-lease-time 600;" >> $out_db
echo "max-lease-time 600;" >> $out_db
echo "ddns-update-style none;" >> $out_db
echo "local-address 192.168.11.252;" >> $out_db
echo "option netbios-name-servers 172.31.30.2;" >> $out_db
echo "option domain-name-servers 172.31.30.2;" >> $out_db
echo "option netbios-node-type 8;" >> $out_db
echo "option ntp-servers 172.31.30.2;" >> $out_db
echo "option ms-classless-static-routes code 249 = array of unsigned integer 8;" >> $out_db
echo "option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;" >> $out_db
echo "option subnet-mask 255.255.255.0;" >> $out_db
echo -e "\n" >> $out_db
cat $tmp >> $out_db
echo "shared-network \"clients\" {" >> $out_db
echo -e "\n" >> $out_db
echo "subnet 192.168.11.0 netmask 255.255.255.0 { }" >> $out_db
echo -e "\n" >> $out_db
cat $tmp_db | while read line
do
ip=`printf "$line" | awk '{print $3}'`
oct_1=`printf "$ip" | awk -F. '{print $1}'`
oct_2=`printf "$ip" | awk -F. '{print $2}'`
oct_3=`printf "$ip" | awk -F. '{print $3}'`
if [[ $oct_1.$oct_2.$oct_3 = $oct_1_old.$oct_2_old.$oct_3_old ]]
then
continue
else
cat $oct_1.$oct_2.$oct_3.$suffix >> $out_db
echo " }" >> $out_db
echo -e "\n" >> $out_db
oct_1_old=`printf "$ip" | awk -F. '{print $1}'`
oct_2_old=`printf "$ip" | awk -F. '{print $2}'`
oct_3_old=`printf "$ip" | awk -F. '{print $3}'`
fi
rm $oct_1.$oct_2.$oct_3.$suffix
done
echo " }" >> $out_db
mv $out_db /usr/local/etc/dhcpd.conf.new
rm -rf $tmp_db $tmp $tmp_db1 >/dev/null 2>&1
/usr/local/etc/rc.d/isc-dhcpd stop
/usr/local/sbin/dhcpd -t -cf /usr/local/etc/dhcpd.conf.new > $report 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
mv /usr/local/etc/dhcpd.conf.new /usr/local/etc/dhcpd.conf
rm -rf $report
else
mv /usr/local/etc/dhcpd.conf.old /usr/local/etc/dhcpd.conf
mail -s "[DHCPD] Error in configuration" ваше@мыло < $report
rm -rf $report
fi
/usr/local/etc/rc.d/isc-dhcpd start
exit 0
в дальнейшем напишу его уже по-человечески на c# в связке с dhcp самописным с xml-rpc.#dhcpd config file
default-lease-time 604800;
max-lease-time 604800;
ddns-update-style none;
local-address 192.168.11.252;
option netbios-name-servers 172.31.30.2;
option domain-name-servers 172.31.30.2;
option netbios-node-type 8;
option ms-classless-static-routes code 249 = array of unsigned integer 8;
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
option subnet-mask 255.255.255.0;
class "match:192.168.11.51:port2"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.51"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "2";
}
class "match:192.168.11.53:port1"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "1";
}
class "match:192.168.11.53:port2"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "2";
}
class "match:192.168.11.53:port3"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "3";
}
class "match:192.168.11.53:port4"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "4";
}
class "match:192.168.11.53:port5"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "5";
}
class "match:192.168.11.53:port6"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "6";
}
class "match:192.168.11.53:port7"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "7";
}
class "match:192.168.11.53:port8"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "8";
}
class "match:192.168.11.53:port9"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "9";
}
class "match:192.168.11.53:port10"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "10";
}
class "match:192.168.11.53:port11"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "11";
}
class "match:192.168.11.53:port12"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "12";
}
class "match:192.168.11.53:port13"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "13";
}
class "match:192.168.11.53:port14"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "14";
}
class "match:192.168.11.53:port15"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "15";
}
class "match:192.168.11.53:port16"
{
match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "192.168.11.53"
and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "16";
}
shared-network "clients" {
subnet 192.168.11.0 netmask 255.255.255.0 { }
subnet 172.31.100.0 netmask 255.255.255.0 {
option routers 172.31.100.1;
option ms-classless-static-routes 8 ,10, 172,31,100,1, 12, 172,16, 172,31,100,1, 16, 192,168, 172,31,100,1;
option rfc3442-classless-static-routes 8 ,10, 172,31,100,1, 12, 172,16, 172,31,100,1, 16, 192,168, 172,31,100,1;
pool { range 172.31.100.200; allow members of "match:192.168.11.51:port2"; }
pool { range 172.31.100.2; allow members of "match:192.168.11.53:port1"; }
pool { range 172.31.100.3; allow members of "match:192.168.11.53:port2"; }
pool { range 172.31.100.4; allow members of "match:192.168.11.53:port3"; }
pool { range 172.31.100.5; allow members of "match:192.168.11.53:port4"; }
pool { range 172.31.100.6; allow members of "match:192.168.11.53:port5"; }
pool { range 172.31.100.7; allow members of "match:192.168.11.53:port6"; }
pool { range 172.31.100.8; allow members of "match:192.168.11.53:port7"; }
pool { range 172.31.100.9; allow members of "match:192.168.11.53:port8"; }
pool { range 172.31.100.10; allow members of "match:192.168.11.53:port9"; }
pool { range 172.31.100.11; allow members of "match:192.168.11.53:port10"; }
pool { range 172.31.100.12; allow members of "match:192.168.11.53:port11"; }
pool { range 172.31.100.13; allow members of "match:192.168.11.53:port12"; }
pool { range 172.31.100.14; allow members of "match:192.168.11.53:port13"; }
pool { range 172.31.100.15; allow members of "match:192.168.11.53:port14"; }
pool { range 172.31.100.16; allow members of "match:192.168.11.53:port15"; }
pool { range 172.31.100.17; allow members of "match:192.168.11.53:port16"; }
}
}
Костылинг хуле.
Последний раз редактировалось dAverk Ср апр 06, 2011 11:55, всего редактировалось 5 раз.
-
- Сообщения: 1612
- Зарегистрирован: Пт ноя 10, 2006 15:23
Подтверждаю, отлично работают на виста бизнес и ультимейт. А также в новой windows 7 (по крайней мере в бете).Davion писал(а):опции
option ms-classless-static-routes code 249 = array of unsigned integer 8;
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
Работаю ли на Windows Vista? читал что какие то есть проблемы...
Очень жаль что не работают на soho маршрутизаторах, по крайней мере длинки их полностью игнорируют.
-
- Сообщения: 1612
- Зарегистрирован: Пт ноя 10, 2006 15:23