ICT Diary

Network、Server系の内容を気まぐれにUPしていく。

SRX DHCP Configuration (address-assignment)

Network

構成

トポロジー

[FW]----------------[PC(RT)]
　 |<-------------->|
          Local
       10.0.0.0/24

構成

機器
- FW: SRX (DHCP-Server)
- PC: CiscoRT (RouterをPCとして利用)
DHCP情報
- セグメント: 10.0.0.0/24
- デフォルトGW: 10.0.0.1
- DNS: 8.8.8.8, 8.8.4.4 (Google)
- リースタイム: 86400
- Pool名: TEST
- 配布範囲:
  - Name : TEST-RANGE
  - Low : 10.0.0.2
  - High : 10.0.0.200
- 除外するIP : 10.0.0.100
- DHCP受けI/F: ge-0/0/0
- 固定IP:
  - 管理名: hoge (任意の名前)
  - MAC-Address: xx:xx:xx:xx:xx:xx
  - IP-Address: 10.0.0.99

前提設定

RT (CiscoRT)

interface GigabitEthernet0/0
 ip address dhcp

FW

set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.1/24

DHCP設定

全設定

set access address-assignment pool TEST family inet network 10.0.0.0/24
set access address-assignment pool TEST family inet range TEST-RANGE low 10.0.0.2
set access address-assignment pool TEST family inet range TEST-RANGE high 10.0.0.200
set access address-assignment pool TEST family inet dhcp-attributes maximum-lease-time 86400
set access address-assignment pool TEST family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool TEST family inet dhcp-attributes name-server 8.8.4.4
set access address-assignment pool TEST family inet dhcp-attributes router 10.0.0.1
set access address-assignment pool TEST family inet excluded-address 10.0.0.100
set system services dhcp-local-server group TEST interface ge-0/0/0.0

set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping

設定詳細

set access address-assignment pool [NAME] family inet network [SEGMENT]                             :配布するセグメントを指定
set access address-assignment pool [NAME] family inet range [RANGE-NAME] low [LOW-IP]               :IP配布範囲の下限を指定
set access address-assignment pool [NAME] family inet range [RANGE-NAME] high [HIGH-IP]             :IP配布範囲の上限を指定
set access address-assignment pool [NAME] family inet dhcp-attributes maximum-lease-time [TIME]     :DHCPの最大リースタイムを指定 (Second)
set access address-assignment pool [NAME] family inet dhcp-attributes name-server [DNS]             :DNSのIPを指定 (最初に指定したものがプライマリ)
set access address-assignment pool [NAME] family inet dhcp-attributes router [GW]                   :デフォルトゲートウェイのIPを指定
set access address-assignment pool [NAME] family inet excluded-address [EXC-IP]                     :IP配布範囲から除外するIPを指定
set access address-assignment pool [NAME] family inet dhcp-attributes domain-name [DOMAIN]          :ドメイン名の指定
set system services dhcp-local-server group [NAME] interface [I/F]                                  :DHCPグループを動作させるI/Fを指定

set security zones security-zone [ZONE] interfaces [I/F] host-inbound-traffic system-services dhcp  :I/FでDHCPリクエスト受付を許可
set security zones security-zone [ZONE] interfaces [I/F] host-inbound-traffic system-services ping  :I/Fでping受付を許可

DHCP関係コマンド

show access address-assignment | display set    :DHCPのConfig確認
show dhcp server binding                        :払い出し済みのIPを確認
clear dhcp server binding                       :払い出しIPのクリア

設定パターン

ホストに特定のIPを割り当て (最初の設定に以下のものを追加)

設定

set access address-assignment pool TEST family inet host hoge hardware-address xx:xx:xx:xx:xx:xx
set access address-assignment pool TEST family inet host hoge ip-address 10.0.0.99

設定詳細

set access address-assignment pool TEST family inet host hoge ip-address [IP]                 :割り当てるIPを指定
set access address-assignment pool [NAME] family inet host hoge hardware-address [MAC-ADDR]   :割り当てる対象を指定

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies:

Alternative Proxy