配置启用dhcp

启用dhcp  时间:2021-04-03  阅读:()
ASA:DHCPv6中继配置示例和故障排除目录简介先决条件要求使用的组件有状态的与无状态的DHCPv6网络图DHCPv6与DHCPv4消息类型无状态的DHCPv6中继配置数据包流验证调试Wireshark快照有状态的DHCPv6配置数据包流验证调试Wireshark快照故障排除DHCP中继输出版本地址调试相关信息相关的思科支持社区讨论简介本文描述如何配置思科可适应安全工具(ASA),DHCPv6中继代理并且包括那些基本故障排除.
在ASA代码版本9.
0中及以后,ASA支持先决条件要求Cisco建议您了解以下主题:IPv6基本概念q寻址的IPv6机制qDHCPv6数据包流qDHCP中继概念q使用的组件本文档中的信息根据ASA5500版本9.
1.
2.
本文档中的信息都是基于特定实验室环境中的设备编写的.
本文档中使用的所有设备最初均采用原始(默认)配置.
如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响.
有状态的与无状态的DHCPv6如果了解地址分配不同的说法在IPv6的,帮助您知道DHCPv6中继功能如何在ASA运作.
对动态地址分配的Refre在IPv6使用SLAAC和DHCP简介的无状态的地址自动配置(SLAAC)和DHCPv6.
网络图此配置示例描述如何配置ASA作为DHCPv6中继代理.
在此配置中,客户端是IPv6客户端连接的接口.
服务器是DHCPv6服务器2001:db8:200:2/64是可及的接口.
DHCPv6与DHCPv4消息类型无状态的DHCPv6中继配置这是无状态的DHCPv6中继配置的基本配置在ASA:interfaceGigabitEthernet0/1nameifCLIENTsecurity-level100ipv6address2001:db8:100::1/64ipv6enableipv6ndother-config-flag!
interfaceGigabitEthernet0/0nameifSERVERsecurity-level0ipv6address2001:db8:200:1/64ipv6enable!
ipv6dhcprelayserver2001:db8:200:2insideipv6dhcprelayenableoutside数据包流使用无状态的DHCPv6,这是从客户端的数据包流:ASA截断这些数据包并且包裹他们到DHCP中继格式:验证调试如果启用dhcprelay调试的IPv6并且调试IPv6dhcp,则相关输出打印对屏幕.
此输出从一个工作的方案被采取:IPv6DHCP:ReceivedINFORMATION-REQUESTfromfe80::c671:feff:fe93:b51aonCLIENTIPv6DHCP:detailedpacketcontentssrcfe80::c671:feff:fe93:b51a(CLIENT)dstff02::1:2typeINFORMATION-REQUEST(11),xid1588088optionELAPSED-TIME(8),len2elapsed-time0optionCLIENTID(1),len1000030001c471fe93b516optionORO(6),len6DNS-SERVERS,DOMAIN-LIST,UNKNOWNIPv6DHCP_RELAY:RelayingINFORMATION-REQUESTfromfe80::c671:feff:fe93:b51aonCLIENTIPv6DHCP_RELAY:Creatingrelaybindingforfe80::c671:feff:fe93:b51aatinterfaceCLIENTIPv6DHCP_RELAY:to2001:db8:200::2via2001:db8:200::2usingSERVERIPv6DHCP:SendingRELAY-FORWARDto2001:db8:200::2onSERVERIPv6DHCP:detailedpacketcontentssrc2001:db8:200::1dst2001:db8:200::2(SERVER)typeRELAY-FORWARD(12),hop0link2001:db8:100::1peerfe80::c671:feff:fe93:b51aoptionRELAY-MSG(9),len34typeINFORMATION-REQUEST(11),xid1588088optionELAPSED-TIME(8),len2elapsed-time0optionCLIENTID(1),len1000030001c471fe93b516optionORO(6),len6DNS-SERVERS,DOMAIN-LIST,UNKNOWNoptionINTERFACE-ID(18),len40x00000015IPv6DHCP:ReceivedRELAY-REPLYfrom2001:db8:200::2onSERVERIPv6DHCP:detailedpacketcontentssrc2001:db8:200::2(SERVER)dst2001:db8:200::1typeRELAY-REPLY(13),hop0link2001:db8:100::1peerfe80::c671:feff:fe93:b51aoptionRELAY-MSG(9),len67typeREPLY(7),xid1588088optionSERVERID(2),len1000030001002414a33c94optionCLIENTID(1),len1000030001c471fe93b516optionDNS-SERVERS(23),len162001:db8:1000::1optionDOMAIN-LIST(24),len11cisco.
comoptionINTERFACE-ID(18),len40x00000015IPv6DHCP_RELAY:RelayingRELAY-REPLYfrom2001:db8:200::2onSERVERIPv6DHCP_RELAY:relayedmsg:REPLYIPv6DHCP_RELAY:tofe80::c671:feff:fe93:b51aIPv6DHCP:SendingREPLYtofe80::c671:feff:fe93:b51aonCLIENTIPv6DHCP:detailedpacketcontentssrcfe80::219:7ff:fe24:2e44dstfe80::c671:feff:fe93:b51a(CLIENT)typeREPLY(7),xid1588088optionSERVERID(2),len1000030001002414a33c94optionCLIENTID(1),len1000030001c471fe93b516optionDNS-SERVERS(23),len162001:db8:1000::1optionDOMAIN-LIST(24),len11cisco.
com在INFORMATION-REQUEST请求包中,客户端仅请求dns-server和域,预计,因为cilent为无状态的DHCPv6配置.
Wireshark快照DHCP客户端请求ASA中继的DHCP请求从服务器的DHCP回复转发的回复对客户端有状态的DHCPv6配置这是有状态的DHCPv6中继配置的基本配置在ASA:interfaceGigabitEthernet0/1nameifCLIENTsecurity-level100ipv6address2001:db8:100::1/64ipv6enable!
interfaceGigabitEthernet0/0nameifSERVERsecurity-level0ipv6address2001:db8:200:1/64ipv6enable!
ipv6dhcprelayserver2001:db8:200:2insideipv6dhcprelayenableoutside数据包流使用有状态的DHCPv6,这是从客户端的数据包流:ASA截断这些数据包并且包裹他们到DHCP中继格式:验证调试IPv6DHCP:ReceivedSOLICITfromfe80::c671:feff:fe93:b51aonCLIENTIPv6DHCP:detailedpacketcontentssrcfe80::c671:feff:fe93:b51a(CLIENT)dstff02::1:2typeSOLICIT(1),xid2490681optionELAPSED-TIME(8),len2elapsed-time0optionCLIENTID(1),len1000030001c471fe93b516optionORO(6),len4DNS-SERVERS,DOMAIN-LISToptionIA-NA(3),len12IAID0x00040001,T10,T20IPv6DHCP_RELAY:RelayingSOLICITfromfe80::c671:feff:fe93:b51aonCLIENTIPv6DHCP_RELAY:Creatingrelaybindingforfe80::c671:feff:fe93:b51aatinterfaceCLIENTIPv6DHCP_RELAY:to2001:db8:200::2via2001:db8:200::2usingSERVERIPv6DHCP:SendingRELAY-FORWARDto2001:db8:200::2onSERVERIPv6DHCP:detailedpacketcontentssrc2001:db8:200::1dst2001:db8:200::2(SERVER)typeRELAY-FORWARD(12),hop0link2001:db8:100::1peerfe80::c671:feff:fe93:b51aoptionRELAY-MSG(9),len48typeSOLICIT(1),xid2490681optionELAPSED-TIME(8),len2elapsed-time0optionCLIENTID(1),len1000030001c471fe93b516optionORO(6),len4DNS-SERVERS,DOMAIN-LISToptionIA-NA(3),len12IAID0x00040001,T10,T20optionINTERFACE-ID(18),len40x00000015IPv6DHCP:ReceivedRELAY-REPLYfrom2001:db8:200::2onSERVERIPv6DHCP:detailedpacketcontentssrc2001:db8:200::2(SERVER)dst2001:db8:200::1typeRELAY-REPLY(13),hop0link2001:db8:100::1peerfe80::c671:feff:fe93:b51aoptionRELAY-MSG(9),len111typeADVERTISE(2),xid2490681optionSERVERID(2),len1000030001002414a33c94optionCLIENTID(1),len1000030001c471fe93b516optionIA-NA(3),len40IAID0x00040001,T143200,T269120optionIAADDR(5),len24IPv6address2001:db8:300:0:48ae:5f5d:8290:e926preferredINFINITY,validINFINITYoptionDNS-SERVERS(23),len162001:db8:1000::1optionDOMAIN-LIST(24),len11cisco.
comoptionINTERFACE-ID(18),len40x00000015IPv6DHCP_RELAY:RelayingRELAY-REPLYfrom2001:db8:200::2onSERVERIPv6DHCP_RELAY:relayedmsg:ADVERTISEIPv6DHCP_RELAY:tofe80::c671:feff:fe93:b51aIPv6DHCP:SendingADVERTISEtofe80::c671:feff:fe93:b51aonCLIENTIPv6DHCP:detailedpacketcontentssrcfe80::219:7ff:fe24:2e44dstfe80::c671:feff:fe93:b51a(CLIENT)typeADVERTISE(2),xid2490681optionSERVERID(2),len1000030001002414a33c94optionCLIENTID(1),len1000030001c471fe93b516optionIA-NA(3),len40IAID0x00040001,T143200,T269120optionIAADDR(5),len24IPv6address2001:db8:300:0:48ae:5f5d:8290:e926preferredINFINITY,validINFINITYoptionDNS-SERVERS(23),len162001:db8:1000::1optionDOMAIN-LIST(24),len11cisco.
comIPv6DHCP:ReceivedREQUESTfromfe80::c671:feff:fe93:b51aonCLIENTIPv6DHCP:detailedpacketcontentssrcfe80::c671:feff:fe93:b51a(CLIENT)dstff02::1:2typeREQUEST(3),xid2492842optionELAPSED-TIME(8),len2elapsed-time0optionCLIENTID(1),len1000030001c471fe93b516optionORO(6),len4DNS-SERVERS,DOMAIN-LISToptionSERVERID(2),len1000030001002414a33c94optionIA-NA(3),len40IAID0x00040001,T10,T20optionIAADDR(5),len24IPv6address2001:db8:300:0:48ae:5f5d:8290:e926preferredINFINITY,validINFINITYIPv6DHCP_RELAY:RelayingREQUESTfromfe80::c671:feff:fe93:b51aonCLIENTIPv6DHCP_RELAY:to2001:db8:200::2via2001:db8:200::2usingSERVERIPv6DHCP:SendingRELAY-FORWARDto2001:db8:200::2onSERVERIPv6DHCP:detailedpacketcontentssrc2001:db8:200::1dst2001:db8:200::2(SERVER)typeRELAY-FORWARD(12),hop0link2001:db8:100::1peerfe80::c671:feff:fe93:b51aoptionRELAY-MSG(9),len90typeREQUEST(3),xid2492842optionELAPSED-TIME(8),len2elapsed-time0optionCLIENTID(1),len1000030001c471fe93b516optionORO(6),len4DNS-SERVERS,DOMAIN-LISToptionSERVERID(2),len1000030001002414a33c94optionIA-NA(3),len40IAID0x00040001,T10,T20optionIAADDR(5),len24IPv6address2001:db8:300:0:48ae:5f5d:8290:e926preferredINFINITY,validINFINITYoptionINTERFACE-ID(18),len40x00000015IPv6DHCP:ReceivedRELAY-REPLYfrom2001:db8:200::2onSERVERIPv6DHCP:detailedpacketcontentssrc2001:db8:200::2(SERVER)dst2001:db8:200::1typeRELAY-REPLY(13),hop0link2001:db8:100::1peerfe80::c671:feff:fe93:b51aoptionRELAY-MSG(9),len111typeREPLY(7),xid2492842optionSERVERID(2),len1000030001002414a33c94optionCLIENTID(1),len1000030001c471fe93b516optionIA-NA(3),len40IAID0x00040001,T143200,T269120optionIAADDR(5),len24IPv6address2001:db8:300:0:48ae:5f5d:8290:e926preferredINFINITY,validINFINITYoptionDNS-SERVERS(23),len162001:db8:1000::1optionDOMAIN-LIST(24),len11cisco.
comoptionINTERFACE-ID(18),len40x00000015IPv6DHCP_RELAY:RelayingRELAY-REPLYfrom2001:db8:200::2onSERVERIPv6DHCP_RELAY:relayedmsg:REPLYIPv6DHCP_RELAY:tofe80::c671:feff:fe93:b51aIPv6DHCP:SendingREPLYtofe80::c671:feff:fe93:b51aonCLIENTIPv6DHCP:detailedpacketcontentssrcfe80::219:7ff:fe24:2e44dstfe80::c671:feff:fe93:b51a(CLIENT)typeREPLY(7),xid2492842optionSERVERID(2),len1000030001002414a33c94optionCLIENTID(1),len1000030001c471fe93b516optionIA-NA(3),len40IAID0x00040001,T143200,T269120optionIAADDR(5),len24IPv6address2001:db8:300:0:48ae:5f5d:8290:e926preferredINFINITY,validINFINITYoptionDNS-SERVERS(23),len162001:db8:1000::1optionDOMAIN-LIST(24),len11cisco.
comWireshark快照恳求(1)DHCPv6客户端传送请求信息为了找出DHCPv6服务器.
ASA中继请求消息.
通告(2)服务器传送通告信息为了表明为DHCP服务是可用的,以回应从客户端接收的请求消息.
REQUEST(3)客户端发送Request信息为了要求配置参数,包括IP地址或分配的前缀,从一个特定服务器.
回复(7)服务器传送包含已分配地址和配置参数以回应请求的回复信息,请求,更新或者重新绑定从客户端接收的消息.
服务器传送包含配置参数以回应Information-request消息的回复信息.
服务器传送回复信息以回应确认的确认消息或拒绝地址分配到客户端是适当的对客户端连接的链路.
服务器传送回复信息为了确认版本的收据或拒绝消息.
故障排除确认连接用DHCPv6服务器.
ciscoasa#showipv6neighborIPv6AddressAgeLink-layerAddrStateInterface2001:db8:200::200024.
14a3.
3c98REACHSERVER确认您收到从客户端的数据包,当它请求IPv6地址.
客户端发送的数据包将取决于地址分配设置(即有状态的与无状态).
当客户端开始DHCPv6进程时,发送路由器恳求消息为了发现IPv6路由器在线状态链路的.
它传送组播路由器垦请信息为了提示IPv6路由器响应.
在路由器垦请消息的以太网报头,这些字段显示:源地址域是请求IPv6地址主机的MAC地址.
q目的地址字段设置到33-33-00-00-00-02.
q在路由器垦请消息的IPv6报头,这些字段显示.
源地址域设置为链路本地IPv6地址分配到发送的接口或IPv6未指明的地址(::).
q目的地址字段设置为链路本地范围所有路由器组播地址(FF02::2).
q跳Limit字段设置到255.
q合情合理IPv6路由器发送未经请求的路由器通告消息路由器通告消息由主机包含需的信息为了确定链路前缀、链路最大传输单元(MTU)和特定路由.
ciscoasa(config)#showcapturecapindetailfe80::c671:feff:fe93:b51a.
546>ff02::1:2.
547:[udpsumok]udp42[hlim255](len100)---->Requestfromclientfe80::219:7ff:fe24:2e44.
547>fe80::c671:feff:fe93:b51a.
546:[udpsumok]udp75[class0xe0](len133,hlim255)ciscoasa(config)#showcapturecapoutdetail2packetscaptured1:12:06:52.
7007992001:db8:200:1.
547>2001:db8:200:2.
547:udp88[class0xe0]---->ASAforwardsrequesttoDHCPv6router2:12:06:53.
2890472001:db8:200:2.
547>2001:db8:200:1.
547:udp121[class0xe0]---->ReplyfromDHCPV6server.
DHCP中继输出ciscoasa#showipv6dhcprelaybinding1inuse,1mostusedClient:fe80::c671:feff:fe93:b51a(CLIENT)DUID:00030001c471fe93b516,Timeoutin56seconds注意:捆绑由ASA删除在短期之后.
这在dhcprelay调试的IPv6被看到.
ciscoasa#showipv6dhcprelaybinding1inuse,1mostusedClient:fe80::c671:feff:fe93:b51a(CLIENT)DUID:00030001c471fe93b516,Timeoutin56secondsciscoasa#showipv6dhcprelaystatisticsRelayMessages:SOLICIT2ADVERTISE2REQUEST2CONFIRM0RENEW0REBIND0REPLY9RELEASE1DECLINE0RECONFIGURE0INFORMATION-REQUEST6RELAY-FORWARD11RELAY-REPLY11RelayErrors:Malformedmessage:0Blockallocation/duplicationfailure:0Hopcountlimitexceeded:0Forwardbindingcreationfailure:0Replybindinglookupfailure:0Nooutputroute:0Conflictrelayserverroute:0Failedtoaddserverinputrule:0Unitorcontextisnotactive:0TotalRelayBindingsCreated:8版本地址在他们执行使用它为网络后,客户端能发布他们的分配的DHCPv6地址.
下一部分显示用在有状态的DHCPv6的地址版本关联的debug输出.
调试ciscoasa#showipv6dhcprelaystatisticsRelayMessages:SOLICIT2ADVERTISE2REQUEST2CONFIRM0RENEW0REBIND0REPLY9RELEASE1DECLINE0RECONFIGURE0INFORMATION-REQUEST6RELAY-FORWARD11RELAY-REPLY11RelayErrors:Malformedmessage:0Blockallocation/duplicationfailure:0Hopcountlimitexceeded:0Forwardbindingcreationfailure:0Replybindinglookupfailure:0Nooutputroute:0Conflictrelayserverroute:0Failedtoaddserverinputrule:0Unitorcontextisnotactive:0TotalRelayBindingsCreated:8相关信息了解多种DHCP选项ASADHCP中继配置示例配置ASA通过IPv6流量有CLI和ASDM配置示例的ASA数据包捕获

搬瓦工香港 PCCW 机房已免费迁移升级至香港 CN2 GIA 机房

搬瓦工最新优惠码优惠码:BWH3HYATVBJW,节约6.58%,全场通用!搬瓦工关闭香港 PCCW 机房通知下面提炼一下邮件的关键信息,原文在最后面。香港 CN2 GIA 机房自从 2020 年上线以来,网络性能大幅提升,所有新订单都默认部署在香港 CN2 GIA 机房;目前可以免费迁移到香港 CN2 GIA 机房,在 KiwiVM 控制面板选择 HKHK_8 机房进行迁移即可,迁移会改变 IP...

buyvm迈阿密机房VPS国内首发测评,高性能平台:AMD Ryzen 9 3900x+DDR4+NVMe+1Gbps带宽不限流量

buyvm的第四个数据中心上线了,位于美国东南沿海的迈阿密市。迈阿密的VPS依旧和buyvm其他机房的一样,KVM虚拟,Ryzen 9 3900x、DDR4、NVMe、1Gbps带宽、不限流量。目前还没有看见buyvm上架迈阿密的block storage,估计不久也会有的。 官方网站:https://my.frantech.ca/cart.php?gid=48 加密货币、信用卡、PayPal、...

hostkey俄罗斯、荷兰GPU显卡服务器/免费Windows Server

Hostkey.com成立于2007年的荷兰公司,主要运营服务器出租与托管,其次是VPS、域名、域名证书,各种软件授权等。hostkey当前运作荷兰阿姆斯特丹、俄罗斯莫斯科、美国纽约等数据中心。支持Paypal,信用卡,Webmoney,以及支付宝等付款方式。禁止VPN,代理,Tor,网络诈骗,儿童色情,Spam,网络扫描,俄罗斯色情,俄罗斯电影,俄罗斯MP3,俄罗斯Trackers,以及俄罗斯法...

启用dhcp为你推荐
太空国家国际空间站有哪些国家的人?咏春大师被ko大师:咏春是不会败的 教练:能不偷袭吗,咏春拳教练firetrap流言终结者 中的银幕神偷 和开保险柜 的流言是 取材与 那几部电影的mathplayer比较word,TeX,MathML中的数学公式处理方式的异同点,尽量详细哦,分数不是问题,谢谢哈,会加分的。陈嘉垣反黑阿欣是谁演的 扮演者介绍www.haole012.com012.qq.com是真的吗sodu.tw台湾人看小说的网站是www.diediao.com这是什么电影www.jizzbo.comwww.toubai.com是什么网站朴容熙这个网诺红人叫什么
北京vps主机 域名解析文件 如何注册中文域名 60g硬盘 ixwebhosting godaddy parseerror 河南服务器 华为网络硬盘 炎黄盛世 双线主机 中国电信测网速 1g内存 isp服务商 免费美国空间 万网空间购买 联通网站 apnic 乐视会员免费领取 汤博乐 更多