vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #159 from jjakob/master

Browse Source 
Draft: Edit DHCPv4/v6 server documentation, ...
This commit is contained in:
Christian Poessinger 2019-12-13 10:20:35 +01:00 committed by GitHub
commit c9d1f7a6ee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 261 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

304
docs/services/dhcp.rst
View File

@ -9,39 +9,33 @@ VyOS uses ISC DHCPd for both IPv4 and IPv6 address assignment.
DHCP Server
===========
Multiple DHCP Servers can be run from a single machine. Each DHCP service is
identified by a ``shared-network-name``.
The network topology is declared by shared-network-name and the subnet declarations.
The DHCP service can serve multiple shared networks, with each shared network having 1 or more subnets.
Each subnet must be present on an interface.
A range can be declared inside a subnet to define a pool of dynamic addresses.
Multiple ranges can be defined and can contain holes.
Static mappings can be set to assign "static" addresses to clients based on their MAC address.
Basic Example
-------------
We are offering address space in the 192.0.2.0/24 network, which is
physically connected on eth1, and pppoe0 is our connection to the internet.
We are using the network name ``<name>``.
Prerequisites:
* Configuring PPPoE interface is assumed to be done already, and appears
on `pppoe0`
* Interface ``eth1`` is configured to be connected to our DHCP subnet
192.0.2.0/24 by assigning e.g. address 192.0.2.1/24.
Multiple DHCP ranges can be defined and may contain holes.
In this example, we are offering address space in the 192.0.2.0/24 network.
We are using the network name `dhcpexample`.
.. code-block:: none
set service dhcp-server shared-network-name '<name>' authoritative
set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 default-router 192.0.2.1
set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 dns-server 192.0.2.1
set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 lease 86400
set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 range 0 start 192.0.2.100
set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 range 0 stop 192.0.2.199
set service dhcp-server shared-network-name dhcpexample authoritative
set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 default-router 192.0.2.1
set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 dns-server 192.0.2.1
set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 lease 86400
set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 range 0 start 192.0.2.100
set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 range 0 stop 192.0.2.199
The generated config will look like:
.. code-block:: none
vyos@vyos# show service dhcp-server shared-network-name '<name>'
vyos@vyos# show service dhcp-server shared-network-name dhcpexample
authoritative
subnet 192.0.2.0/24 {
default-router 192.0.2.1
@ -53,23 +47,22 @@ The generated config will look like:
}
}
Explanation
^^^^^^^^^^^
.. cfgcmd:: set service dhcp-server shared-network-name '<name>' authoritative
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample authoritative
This says that this device is the only DHCP server for this network. If other
devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to
any device trying to request an IP address that is
not valid for this network.
.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 default-router 192.0.2.1
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 default-router 192.0.2.1
This is a configuration parameter for the subnet, saying that as part of the
response, tell the client that I am the default router for this network
.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 dns-server 192.0.2.1
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 dns-server 192.0.2.1
This is a configuration parameter for the subnet, saying that as part of the
response, tell the client that I am the DNS server for this network. If you
@ -77,20 +70,20 @@ do not want to run a DNS server, you could also provide one of the public
DNS servers, such as google's. You can add multiple entries by repeating the
line.
.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 lease 86400
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 lease 86400
Assign the IP address to this machine for 24 hours. It is unlikely you'd need
to shorten this period, unless you are running a network with lots of devices
appearing and disappearing.
.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 range 0 start 192.0.2.100
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 range 0 start 192.0.2.100
Make a range of addresses available for clients starting from .100 [...]
.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 range 0 stop 192.0.2.199
[...] and ending at .199
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 range 0 stop 192.0.2.199
[...] and ending at .199.
Failover
--------
@ -115,7 +108,7 @@ A generic name referencing this sync service.
.. cfgcmd:: set service dhcp-server shared-network-name 'LAN' subnet '192.0.2.0/24' failover status '{primary|secondary}'
The primary and secondary statements determines whether the server is primary
r secondary.
or secondary.
.. note:: In order for the primary and the secondary DHCP server to keep
their lease tables in sync, they must be able to reach each other on TCP
@ -134,16 +127,18 @@ Static mappings
You can specify a static DHCP assignment on a per host basis. You will need the
MAC address of the station and your desired IP address. The address must be
inside your subnet definition but can be outside of your range sttement.
inside the subnet definition but can be outside of the range statement.
.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 static-mapping <host> ip-address 192.0.2.10
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping static-mapping-01 mac-address ff:ff:ff:ff:ff:ff
Configure desired IPv4 address for your host referenced to as `host`.
Each host is uniquely identified by its MAC address.
.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 static-mapping <hodt> mac-address ff:ff:ff:ff:ff:ff
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping static-mapping-01 ip-address 192.0.2.10
Configure MAC address for your host referenced by as `host` used in this static
assignment.
IP address to assign to this host. It must be inside the subnet in which it is defined but can be outside the dynamic range.
If ip-address is not specified, an IP from the dynamic pool (as specified by ``range``) is used. This is useful, for example, in combination with hostfile update.
.. hint:: This is the equivalent of the host block in dhcpd.conf of isc-dhcpd.
DHCP Options
------------
@ -170,6 +165,209 @@ The domain-name parameter should be the domain name used when completing DNS
request where no full FQDN is passed. This option can be given multiple times
if you need multiple search domains (DHCP Option 119).
.. list-table::
:header-rows: 1
:stub-columns: 0
:widths: 12 7 23 40 20
* - Setting name
- Option number
- ISC-DHCP Option name
- Option description
- Multi
* - client-prefix-length
- 1
- subnet-mask
- Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used.
- N
* - time-offset
- 2
- time-offset
- Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)
- N
* - default-router
- 3
- routers
- IPv4 address of router on the client's subnet
- N
* - time-server
- 4
- time-servers
- RFC 868 time server IPv4 address
- Y
* - dns-server
- 6
- domain-name-servers
- DNS server IPv4 address
- Y
* - domain-name
- 15
- domain-name
- Client domain name
- Y
* - ip-forwarding
- 19
- ip-forwarding
- Enable IP forwarding on client
- N
* - ntp-server
- 42
- ntp-servers
- IP address of NTP server
- Y
* - wins-server
- 44
- netbios-name-servers
- NetBIOS over TCP/IP name server
- Y
* - server-identifier
- 54
- dhcp-server-identifier
- IP address for DHCP server identifier
- N
* - bootfile-server
- siaddr
- next-server
- IPv4 address of next bootstrap server
- N
* - tftp-server-name
- 66
- tftp-server-name
- Name or IPv4 address of TFTP server
- N
* - bootfile-name
- 67
- bootfile-name, filename
- Bootstrap file name
- N
* - smtp-server
- 69
- smtp-server
- IP address of SMTP server
- Y
* - pop-server
- 70
- pop-server
- IP address of POP3 server
- Y
* - domain-search
- 119
- domain-search
- Client domain search
- Y
* - static-route
- 121, 249
- rfc3442-static-route, windows-static-route
- Classless static route
- N
* - wpad-url
- 252
- wpad-url, wpad-url code 252 = text
- Web Proxy Autodiscovery (WPAD) URL
- N
* - lease
-
- default-lease-time, max-lease-time
- Lease timeout in seconds (default: 86400)
- N
* - range
-
- range
- DHCP lease range
- Y
* - exclude
-
-
- IP address to exclude from DHCP lease range
- Y
* - failover
-
-
- DHCP failover parameters
-
* - static-mapping
-
-
- Name of static mapping
- Y
Multi: can be specified multiple times.
Raw parameters
--------------
Raw parameters can be passed to shared-network-name, subnet and static-mapping:
.. code-block:: none
set service dhcp-server shared-network-name dhcpexample shared-network-parameters
<text> Additional shared-network parameters for DHCP server.
set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 subnet-parameters
<text> Additional subnet parameters for DHCP server.
set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters
<text> Additional static-mapping parameters for DHCP server.
Will be placed inside the "host" block of the mapping.
These parameters are passed as-is to isc-dhcp's dhcpd.conf under the configuration node they are defined in.
They are not validated so an error in the raw parameters won't be caught by vyos's scripts and will cause dhcpd to fail to start.
Always verify that the parameters are correct before commiting the configuration.
Refer to isc-dhcp's dhcpd.conf manual for more information:
https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcpdconf
Example
^^^^^^^
.. opcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters "option domain-name-servers 192.0.2.11, 192.0.2.12;"
Override the static-mapping's dns-server with a custom one that will be sent only to this host.
Operation Mode
--------------
.. opcmd:: restart dhcp server
Restart the DHCP server
.. opcmd:: show dhcp server statistics
Show the DHCP server statistics:
.. code-block:: none
vyos@vyos:~$ show dhcp server statistics
Pool Size Leases Available Usage
----------- ------ -------- ----------- -------
dhcpexample 99 2 97 2%
.. opcmd:: show dhcp server statistics pool <pool>
Show the DHCP server statistics for the specified pool.
.. opcmd:: show dhcp server leases
Show statuses of all active leases:
.. code-block:: none
vyos@vyos:~$ show dhcp server leases
IP address Hardware address State Lease start Lease expiration Remaining Pool Hostname
-------------- ------------------ ------- ------------------- ------------------- ---------- ----------- ---------
192.0.2.104 aa:bb:cc:dd:ee:ff active 2019/12/05 14:24:23 2019/12/06 02:24:23 6:05:35 dhcpexample test1
192.0.2.115 ab:ac:ad:ae:af:bf active 2019/12/05 18:02:37 2019/12/06 06:02:37 9:43:49 dhcpexample test2
.. hint:: Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``.
.. opcmd:: show dhcp server leases pool <pool>
Show only leases in the specified pool.
.. opcmd:: show dhcp server leases sort <key>
Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)
.. opcmd:: show dhcp server leases state <state>
Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)
DHCPv6 Server
=============
@ -268,16 +466,16 @@ be created. The following example explains the process.
**Example:**
* IPv6 address ``2001:db8::101`` shall be statically mapped
* Device MAC address will be ``00:53:c5:b7:5e:23``
* Host specific mapping shall be named ``client1``
.. hint:: The MAC address identifier is defined by the last 4 byte of the
MAC address.
.. hint:: The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id).
If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``.
The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID.
.. code-block:: none
set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 static-mapping client1 ipv6-address 2001:db8::101
set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 static-mapping client1 identifier c5b75e23
set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 static-mapping client1 identifier 00:01:00:01:12:34:56:78:aa:bb:cc:dd:ee:ff
The configuration will look as follows:
@ -294,12 +492,11 @@ The configuration will look as follows:
}
static-mapping client1 {
ipv6-address 2001:db8::101
identifier c5b75e23
identifier 00:01:00:01:12:34:56:78:aa:bb:cc:dd:ee:ff
}
}
}
Operation Mode
--------------
@ -315,6 +512,27 @@ To show the current status of the DHCPv6 server.
Show statuses of all assigned leases:
.. code-block:: none
vyos@vyos:~$ show dhcpv6 server leases
IPv6 address State Last communication Lease expiration Remaining Type Pool IAID_DUID
------------- ------- -------------------- ------------------- ----------- ------------- ----- --------------------------------------------
2001:db8::101 active 2019/12/05 19:40:10 2019/12/06 07:40:10 11:45:21 non-temporary NET1 98:76:54:32:00:01:00:01:12:34:56:78:aa:bb:cc:dd:ee:ff
2001:db8::102 active 2019/12/05 14:01:23 2019/12/06 02:01:23 6:06:34 non-temporary NET1 87:65:43:21:00:01:00:01:11:22:33:44:fa:fb:fc:fd:fe:ff
.. hint:: Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``.
.. opcmd:: show dhcpv6 server leases pool <pool>
Show only leases in the specified pool.
.. opcmd:: show dhcpv6 server leases sort <key>
Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)
.. opcmd:: show dhcpv6 server leases state <state>
Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)
DHCP Relay
==========