Проблемы с конфигурацией DHCP на маршрутизаторе Cisco (VLANs)

Форум — Admin

Делаю лабку на eve-ng.

Топология (Активная часть) https://imageban.ru/show/2019/03/13/08eede013c36fd9e41076f18b42b18bb/jpg

Задача получить DHCP на PC1 (CentOS7), в сети настроены VLAN VLAN100 - MGT 172.16.10.0/24 VLAN200 - DATA 172.16.20.0/30 VLAN300 - OFFICE 30.30.30.0/24 Trunk's созданы и работают через VTP.

На HQ1 (Router) настроил DHCP pool с Network 30.30.30.0/24 На PC1 пытаюсь получить DHCP, и вижу (WireShark) что HQ1 получает DHCP Discovery, но не отвечает. Вывод команды (sh ip dhcp server statistics) говорит о том же:

Memory usage         23511
Address pools        1
Database agents      0
Automatic bindings   0
Manual bindings      0
Expired bindings     0
Malformed messages   0
Secure arp entries   0

Message              Received
BOOTREQUEST          0
DHCPDISCOVER         28
DHCPREQUEST          18
DHCPDECLINE          0
DHCPRELEASE          0
DHCPINFORM           0

Message              Sent
BOOTREPLY            0
DHCPOFFER            0
DHCPACK              0
DHCPNAK              0

Проблема точно не в топологии, т.к если я создаю DHCP pool с Network 192.168.254.0/24 (Подсеть из физического интерфейса), то всё работает, но не работает с саб-интерфейсом (30.30.30.0/24) Конфиг роутера:

Current configuration : 1826 bytes
!
! Last configuration change at 21:04:49 EET Wed Mar 13 2019
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HQ1
!
boot-start-marker
boot-end-marker
!
!
enable password cisco
!
no aaa new-model
!
!
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone EET 2 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
!
!


!
!
ip dhcp pool OFFICE
 network 30.30.30.0 255.255.255.0
 default-router 30.30.30.1
!
!
!
ip domain name wsr2018.ru
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
cts logging verbose
!
!
username wsr2018 privilege 15 secret 5 $1$ry02$F//7pj2xXnRmQ/NkTbI4I0
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 no ip address
 shutdown
!
interface Ethernet0/1
 ip address 192.168.254.1 255.255.255.0
!
interface Ethernet0/1.100
 encapsulation dot1Q 100
 ip address 172.16.10.1 255.255.255.0
!
interface Ethernet0/1.200
 encapsulation dot1Q 200
 ip address 172.16.20.1 255.255.255.252
!
interface Ethernet0/1.300
 encapsulation dot1Q 300
 ip address 30.30.30.1 255.255.255.0
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Serial1/0
 no ip address
 shutdown
 serial restart-delay 0
 no cdp enable
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
 no cdp enable
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 password cisco
 login
 transport input telnet
!
!
end

Конфиги свичей: SW1

Current configuration : 2242 bytes
!
! Last configuration change at 19:48:53 EET Wed Mar 13 2019
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
enable password cisco
!
username wsr2018 privilege 15 secret 5 $1$4DVT$r.Ghf8lXhNNi4ggANKaC41
no aaa new-model
clock timezone EET 2 0
!
!
!
!
!
!
!
!
ip domain-name wsr2018.ru
ip cef
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 100,200 priority 20480
spanning-tree vlan 300 priority 24576
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
 switchport trunk encapsulation dot1q
 switchport mode dynamic desirable
!
interface Ethernet0/0
 switchport access vlan 200
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast edge
 spanning-tree bpduguard enable
!
interface Ethernet0/1
 switchport trunk encapsulation dot1q
 switchport mode dynamic desirable
 spanning-tree guard root
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet1/0
!
interface Ethernet1/1
 switchport trunk encapsulation dot1q
 switchport mode dynamic desirable
 channel-group 1 mode active
 spanning-tree guard root
!
interface Ethernet1/2
 switchport trunk encapsulation dot1q
 switchport mode dynamic desirable
 channel-group 1 mode active
 spanning-tree guard root
!
interface Ethernet1/3
 switchport trunk encapsulation dot1q
 switchport mode dynamic desirable
 channel-group 1 mode active
 spanning-tree guard root
!
interface Ethernet2/0
!
interface Ethernet2/1
!
interface Ethernet2/2
!
interface Ethernet2/3
!
interface Ethernet3/0
!
interface Ethernet3/1
!
interface Ethernet3/2
!
interface Ethernet3/3
!
interface Ethernet4/0
!
interface Ethernet4/1
!
interface Ethernet4/2
!
interface Ethernet4/3
!
interface Ethernet5/0
!
interface Ethernet5/1
!
interface Ethernet5/2
!
interface Ethernet5/3
!
interface Vlan1
 ip address 192.168.254.10 255.255.255.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 password cisco
 login
 transport input telnet
!
!
end

SW2

Current configuration : 2360 bytes
!
! Last configuration change at 19:01:03 EET Wed Mar 13 2019
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
enable password cisco
!
username wsr2018 privilege 15 secret 5 $1$TYY/$PGCG1WaJhEaOZYsG9Edua0
no aaa new-model
clock timezone EET 2 0
!
!
!
!
!
!
!
!
ip domain-name wsr2018.ru
ip cef
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 100,200,300 priority 28672
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
 switchport trunk encapsulation dot1q
!
interface Port-channel2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
!
interface Ethernet0/0
 switchport access vlan 300
 switchport mode access
!
interface Ethernet0/1
!
interface Ethernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 channel-group 2 mode desirable
 spanning-tree guard root
!
interface Ethernet0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 channel-group 2 mode desirable
 spanning-tree guard root
!
interface Ethernet1/0
!
interface Ethernet1/1
 switchport trunk encapsulation dot1q
 channel-group 1 mode passive
 spanning-tree guard root
!
interface Ethernet1/2
 switchport trunk encapsulation dot1q
 channel-group 1 mode passive
 spanning-tree guard root
!
interface Ethernet1/3
 switchport trunk encapsulation dot1q
 channel-group 1 mode passive
 spanning-tree guard root
!
interface Ethernet2/0
 switchport access vlan 300
 switchport mode access
 switchport nonegotiate
!
interface Ethernet2/1
!
interface Ethernet2/2
!
interface Ethernet2/3
!
interface Ethernet3/0
!
interface Ethernet3/1
!
interface Ethernet3/2
!
interface Ethernet3/3
!
interface Ethernet4/0
!
interface Ethernet4/1
!
interface Ethernet4/2
!
interface Ethernet4/3
!
interface Ethernet5/0
!
interface Ethernet5/1
!
interface Ethernet5/2
!
interface Ethernet5/3
!
interface Vlan1
 ip address 192.168.254.20 255.255.255.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 password cisco
 login
 transport input telnet
!
!
end

SW3

Current configuration : 1864 bytes
!
! Last configuration change at 19:01:03 EET Wed Mar 13 2019
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW3
!
boot-start-marker
boot-end-marker
!
!
enable password cisco
!
username wsr2018 privilege 15 secret 5 $1$Wzgn$cxIT6anHZ0g8gmX1YCerq.
no aaa new-model
clock timezone EET 2 0
!
!
!
!
!
!
!
!
ip domain-name wsr2018.ru
ip cef
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
!
interface Ethernet0/0
 switchport mode access
 switchport nonegotiate
!
interface Ethernet0/1
 switchport trunk encapsulation dot1q
!
interface Ethernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 channel-group 2 mode auto
!
interface Ethernet0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 channel-group 2 mode auto
!
interface Ethernet1/0
!
interface Ethernet1/1
!
interface Ethernet1/2
!
interface Ethernet1/3
!
interface Ethernet2/0
!
interface Ethernet2/1
!
interface Ethernet2/2
!
interface Ethernet2/3
!
interface Ethernet3/0
!
interface Ethernet3/1
!
interface Ethernet3/2
!
interface Ethernet3/3
!
interface Ethernet4/0
!
interface Ethernet4/1
!
interface Ethernet4/2
!
interface Ethernet4/3
!
interface Ethernet5/0
!
interface Ethernet5/1
!
interface Ethernet5/2
!
interface Ethernet5/3
!
interface Vlan1
 ip address 192.168.254.30 255.255.255.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 password cisco
 login
 transport input telnet
!
!
end

По сути работая в EVE, это всё равно, что работать с реальным оборудованием (Я использую Cisco IOL), просто у одногруппников всё работает в Cisco Packet Tracer, а у меня в EVE нет, хотя конфигурация одинаковая. Видимо есть нюансы которые в Packet Tracer не учитываются... Ну я просто не знаю в чем еще может быть проблема, не судите строго...

cisco, dhcp, eve, vlan

Lumine
(13.03.19 22:51:06 MSK)

2 комментария

Проблемы с конфигурацией DHCP

Форум — Admin

UPD: проблема была решена, из-за копипаста были неправильные кавычки, после ручной замены в редакторе проблема исчезла.

Здравствуйте, я новичок в работе с Linux. Есть машинка gw (CentOS 7), которая является шлюзом для LAN, я пытаюсь поднять на ней DHCP, но получают ошибки в конфиге судя по всему.

/etc/dhcp/dhcpd.conf

#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#

default-lease-time 600;
max-lease-time 7200;

subnet 172.16.2.0 netmask 255.255.255.0 {
    range 172.16.2.50 172.16.2.100;
    option domain-name-servers 172.16.1.100, 8.8.8.8;
    option domain-name “lab.lan”;
    option routers 172.16.2.1;
    option broadcast-address 172.16.2.255;
    group {    
	host mail {
	    hardware ethernet 00:00:27:c3:39:94;
	    fixed-address 172.16.2.50;
	    option domain-name "mail.lab.lan";
	}
	host ftp {
	    hardware ethernet 00:00:27:e1:87:fd;
	    fixed-address 172.16.2.100;
	    option domain-name "ftp.lab.lan";
        }
    }
}

subnet 172.16.3.0 netmask 255.255.255.0 {
    range 172.16.3.50 172.16.3.100;
    option domain-name-servers 172.16.1.100, 8.8.8.8;
    option domain-name “lab.lan”;
    option routers 172.16.3.1;
    option broadcast-address 172.16.3.255;
    
    group {
	host FreeIPA {
	    hardware ethernet 08:00:27:fc:52:68;
	    fixed-address 172.16.3.50;
	    option domain-name "freeipa.lab.lan"
	}
	host FS {
	    hardware ethernet 08:00:27:e3:9a:39;
	    fixed-address 172.16.3.100;
	    option domain-name "fs.lab.lan";
	}
    }
}

journalctl показывает следующее:

-- Начат процесс запуска юнита dhcpd.service.
дек 03 15:44:16 l-gw dhcpd[1952]: Internet Systems Consortium DHCP Server 4.2.5
дек 03 15:44:16 l-gw dhcpd[1952]: Copyright 2004-2013 Internet Systems Consortium.
дек 03 15:44:16 l-gw dhcpd[1952]: All rights reserved.
дек 03 15:44:16 l-gw dhcpd[1952]: For info, please visit https://www.isc.org/software/dhcp/
дек 03 15:44:16 l-gw dhcpd[1952]: /etc/dhcp/dhcpd.conf line 13: semicolon expected.
дек 03 15:44:16 l-gw dhcpd[1952]: [25B blob data]
дек 03 15:44:16 l-gw dhcpd[1952]: ^
дек 03 15:44:16 l-gw dhcpd[1952]: /etc/dhcp/dhcpd.conf line 33: semicolon expected.
дек 03 15:44:16 l-gw dhcpd[1952]: [25B blob data]
дек 03 15:44:16 l-gw dhcpd[1952]: ^
дек 03 15:44:16 l-gw dhcpd[1952]: /etc/dhcp/dhcpd.conf line 42: semicolon expected.
дек 03 15:44:16 l-gw dhcpd[1952]: }
дек 03 15:44:16 l-gw dhcpd[1952]: ^
дек 03 15:44:16 l-gw dhcpd[1952]: /etc/dhcp/dhcpd.conf line 49: unexpected end of file
дек 03 15:44:16 l-gw dhcpd[1952]: }
дек 03 15:44:16 l-gw dhcpd[1952]: ^
дек 03 15:44:16 l-gw dhcpd[1952]: Configuration file errors encountered -- exiting
дек 03 15:44:16 l-gw dhcpd[1952]: 
дек 03 15:44:16 l-gw dhcpd[1952]: This version of ISC DHCP is based on the release available
дек 03 15:44:16 l-gw dhcpd[1952]: on ftp.isc.org. Features have been added and other changes
дек 03 15:44:17 l-gw systemd[1]: dhcpd.service: main process exited, code=exited, status=1/FAILURE
дек 03 15:44:16 l-gw dhcpd[1952]: have been made to the base software release in order to make
дек 03 15:44:17 l-gw systemd[1]: Failed to start DHCPv4 Server Daemon.
-- Subject: Ошибка юнита dhcpd.service
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Произошел сбой юнита dhcpd.service.
-- 
-- Результат: failed.

~~Не совсем понимаю где закралась ошибка, вроде несколько раз перепроверял, тчетно... Куда копать?~~

centos, dhcp, ip

Lumine
(03.12.18 16:25:20 MSK)

1 комментарий

Сообщения Lumine

Проблемы с конфигурацией DHCP на маршрутизаторе Cisco (VLANs)

Проблемы с конфигурацией DHCP