Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "Dhcp4": {
- // Add names of your network interfaces to listen on.
- "interfaces-config": {
- // See section 8.2.4 for more details. You probably want to add just
- // interface name (e.g. "eth0" or specific IPv4 address on that
- // interface name (e.g. "eth0/192.0.2.1").
- "interfaces": [ "ens192" ]
- },
- // Kea support control channel, which is a way to receive management
- // commands while the server is running. This is a Unix domain socket that
- // receives commands formatted in JSON, e.g. config-set (which sets new
- // configuration), config-reload (which tells Kea to reload its
- // configuration from file), statistic-get (to retrieve statistics) and many
- // more. For detailed description, see Sections 8.8, 16 and 15.
- "control-socket": {
- "socket-type": "unix",
- "socket-name": "/tmp/kea4-ctrl-socket"
- },
- // Use Memfile lease database backend to store leases in a CSV file.
- // Depending on how Kea was compiled, it may also support SQL databases
- // (MySQL and/or PostgreSQL) and even Cassandra. Those database backends
- // require more parameters, like name, host and possibly user and password.
- // There are dedicated examples for each backend. See Section 7.2.2 "Lease
- // Storage" for details.
- "lease-database": {
- // Memfile is the simplest and easiest backend to use. It's a in-memory
- // C++ database that stores its state in CSV file.
- "type": "memfile",
- "lfc-interval": 3600
- },
- // Setup reclamation of the expired leases and leases affinity.
- // Expired leases will be reclaimed every 10 seconds. Every 25
- // seconds reclaimed leases, which have expired more than 3600
- // seconds ago, will be removed. The limits for leases reclamation
- // are 100 leases or 250 ms for a single cycle. A warning message
- // will be logged if there are still expired leases in the
- // database after 5 consecutive reclamation cycles.
- "expired-leases-processing": {
- "reclaim-timer-wait-time": 10,
- "flush-reclaimed-timer-wait-time": 25,
- "hold-reclaimed-time": 3600,
- "max-reclaim-leases": 100,
- "max-reclaim-time": 250,
- "unwarned-reclaim-cycles": 5
- },
- // Global timers specified here apply to all subnets, unless there are
- // subnet specific values defined in particular subnets.
- "renew-timer": 900,
- "rebind-timer": 1800,
- "valid-lifetime": 3600,
- // Many additional parameters can be specified here:
- // - option definitions (if you want to define vendor options, your own
- // custom options or perhaps handle standard options
- // that Kea does not support out of the box yet)
- // - client classes
- // - hooks
- // - ddns information (how the DHCPv4 component can reach a DDNS daemon)
- //
- // Some of them have examples below, but there are other parameters.
- // Consult Kea User's Guide to find out about them.
- // These are global options. They are going to be sent when a client
- // requests them, unless overwritten with values in more specific scopes.
- // The scope hierarchy is:
- // - global (most generic, can be overwritten by class, subnet or host)
- // - class (can be overwritten by subnet or host)
- // - subnet (can be overwritten by host)
- // - host (most specific, overwrites any other scopes)
- //
- // Not all of those options make sense. Please configure only those that
- // are actually useful in your network.
- //
- // For a complete list of options currently supported by Kea, see
- // Section 7.2.8 "Standard DHCPv4 Options". Kea also supports
- // vendor options (see Section 7.2.10) and allows users to define their
- // own custom options (see Section 7.2.9).
- "option-data": [
- // When specifying options, you typically need to specify
- // one of (name or code) and data. The full option specification
- // covers name, code, space, csv-format and data.
- // space defaults to "dhcp4" which is usually correct, unless you
- // use encapsulate options. csv-format defaults to "true", so
- // this is also correct, unless you want to specify the whole
- // option value as long hex string. For example, to specify
- // domain-name-servers you could do this:
- // {
- // "name": "domain-name-servers",
- // "code": 6,
- // "csv-format": "true",
- // "space": "dhcp4",
- // "data": "192.0.2.1, 192.0.2.2"
- // }
- // but it's a lot of writing, so it's easier to do this instead:
- {
- "name": "domain-name-servers",
- "data": "10.32.0.120, 10.32.0.121"
- },
- // Typically people prefer to refer to options by their names, so they
- // don't need to remember the code names. However, some people like
- // to use numerical values. For example, option "domain-name" uses
- // option code 15, so you can reference to it either by
- // "name": "domain-name" or "code": 15.
- {
- "code": 15,
- "data": "sitpi.lan"
- },
- // Domain search is also a popular option. It tells the client to
- // attempt to resolve names within those specified domains. For
- // example, name "foo" would be attempted to be resolved as
- // foo.mydomain.example.com and if it fails, then as foo.example.com
- {
- "name": "domain-search",
- "data": "sitpi.lan, sitpi.fr"
- },
- // String options that have a comma in their values need to have
- // it escaped (i.e. each comma is preceded by two backslashes).
- // That's because commas are reserved for separating fields in
- // compound options. At the same time, we need to be conformant
- // with JSON spec, that does not allow "\,". Therefore the
- // slightly uncommon double backslashes notation is needed.
- // Legal JSON escapes are \ followed by "\/bfnrt character
- // or \u followed by 4 hexadecimal numbers (currently Kea
- // supports only \u0000 to \u00ff code points).
- // CSV processing translates '\\' into '\' and '\,' into ','
- // only so for instance '\x' is translated into '\x'. But
- // as it works on a JSON string value each of these '\'
- // characters must be doubled on JSON input.
- {
- "name": "boot-file-name",
- "data": "EST5EDT4\\,M3.2.0/02:00\\,M11.1.0/02:00"
- },
- // Options that take integer values can either be specified in
- // dec or hex format. Hex format could be either plain (e.g. abcd)
- // or prefixed with 0x (e.g. 0xabcd).
- {
- "name": "default-ip-ttl",
- "data": "0xf0"
- }
- // Note that Kea provides some of the options on its own. In particular,
- // it sends IP Address lease type (code 51, based on valid-lifetime
- // parameter, Subnet mask (code 1, based on subnet definition), Renewal
- // time (code 58, based on renew-timer parameter), Rebind time (code 59,
- // based on rebind-timer parameter).
- ],
- // Other global parameters that can be defined here are option definitions
- // (this is useful if you want to use vendor options, your own custom
- // options or perhaps handle options that Kea does not handle out of the box
- // yet).
- // You can also define classes. If classes are defined, incoming packets
- // may be assigned to specific classes. A client class can represent any
- // group of devices that share some common characteristic, e.g. Windows
- // devices, iphones, broken printers that require special options, etc.
- // Based on the class information, you can then allow or reject clients
- // to use certain subnets, add special options for them or change values
- // of some fixed fields.
- "client-classes": [
- {
- // This specifies a name of this class. It's useful if you need to
- // reference this class.
- "name": "voip",
- // This is a test. It is an expression that is being evaluated on
- // each incoming packet. It is supposed to evaluate to either
- // true or false. If it's true, the packet is added to specified
- // class. See Section 12 for a list of available expressions. There
- // are several dozens. Section 8.2.14 for more details for DHCPv4
- // classification and Section 9.2.19 for DHCPv6.
- "test": "substring(option[60].hex,0,6) == 'Aastra'",
- // If a client belongs to this class, you can define extra behavior.
- // For example, certain fields in DHCPv4 packet will be set to
- // certain values.
- "next-server": "192.0.2.254",
- "server-hostname": "hal9000",
- "boot-file-name": "/dev/null"
- // You can also define option values here if you want devices from
- // this class to receive special options.
- }
- ],
- // Another thing possible here are hooks. Kea supports a powerful mechanism
- // that allows loading external libraries that can extract information and
- // even influence how the server processes packets. Those libraries include
- // additional forensic logging capabilities, ability to reserve hosts in
- // more flexible ways, and even add extra commands. For a list of available
- // hook libraries, see https://gitlab.isc.org/isc-projects/kea/wikis/Hooks-available.
- "hooks-libraries": [
- {
- "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so"
- },
- {
- "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_stat_cmds.so"
- },
- {
- "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_ha.so",
- "parameters": {
- "high-availability": [{
- "this-server-name": "cti-dhcp-prd01",
- "mode": "load-balancing",
- "heartbeat-delay": 10000,
- "max-response-delay": 10000,
- "max-ack-delay": 5000,
- "max-unacked-clients": 5,
- "peers": [{
- "name": "cti-dhcp-prd01",
- "url": "http://10.32.0.4:8000/",
- "role": "primary",
- "auto-failover": true
- }, {
- "name": "ros-dhcp-prd01",
- "url": "http://10.32.0.5:8000/",
- "role": "secondary",
- "auto-failover": true
- }]
- }]
- }
- }
- //{
- // // Forensic Logging library generates forensic type of audit trail
- // // of all devices serviced by Kea, including their identifiers
- // // (like MAC address), their location in the network, times
- // // when they were active etc.
- // "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_legal_log.so"
- // "parameters": {
- // "path": "/var/lib/kea",
- // "base-name": "kea-forensic4"
- // }
- //},
- //{
- // // Flexible identifier (flex-id). Kea software provides a way to
- // // handle host reservations that include addresses, prefixes,
- // // options, client classes and other features. The reservation can
- // // be based on hardware address, DUID, circuit-id or client-id in
- // // DHCPv4 and using hardware address or DUID in DHCPv6. However,
- // // there are sometimes scenario where the reservation is more
- // // complex, e.g. uses other options that mentioned above, uses part
- // // of specific options or perhaps even a combination of several
- // // options and fields to uniquely identify a client. Those scenarios
- // // are addressed by the Flexible Identifiers hook application.
- // "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_flex_id.so",
- // "parameters": {
- // "identifier-expression": "substring(relay6[0].option[18],0,8)"
- // }
- //}
- ],
- "subnet4": [
- {
- "user-context": {
- "sit-vlan-id": "203",
- "sit-vlan-name": "vlan_prod"
- },
- "subnet": "10.32.0.0/24",
- "pools": [ { "pool": "10.32.0.131 - 10.32.0.149" } ],
- "option-data": [
- {
- "name": "routers",
- "data": "10.32.0.250"
- }
- ]
- },
- {
- "user-context": {
- "sit-vlan-id": "205",
- "sit-vlan-name": "vlan_pole_infra"
- },
- "subnet": "10.32.5.0/24",
- "pools": [ { "pool": "10.32.5.60 - 10.32.5.160" } ],
- "option-data": [
- {
- "name": "routers",
- "data": "10.32.5.250"
- }
- ]
- },
- {
- "user-context": {
- "sit-vlan-id": "206",
- "sit-vlan-name": "vlan_dmz"
- },
- "subnet": "10.32.11.0/24",
- "pools": [ { "pool": "10.32.11.252 - 10.32.11.254" } ],
- "option-data": [
- {
- "name": "routers",
- "data": "10.32.11.250"
- }
- ]
- },
- {
- "user-context": {
- "sit-vlan-id": "207",
- "sit-vlan-name": "vlan_personnel_sitpi"
- },
- "subnet": "10.32.208.0/24",
- "pools": [ { "pool": "10.32.208.50 - 10.32.208.100" } ],
- "option-data": [
- {
- "name": "routers",
- "data": "10.32.208.250"
- }
- ]
- },
- {
- "user-context": {
- "sit-vlan-id": "210",
- "sit-vlan-name": "vlan_tse"
- },
- "subnet": "10.32.9.0/24",
- "pools": [ { "pool": "10.32.9.240 - 10.32.9.245" } ],
- "option-data": [
- {
- "name": "routers",
- "data": "10.32.208.250"
- }
- ]
- },
- {
- "user-context": {
- "sit-vlan-id": "211",
- "sit-vlan-name": "sit-vlan-tst"
- },
- "subnet": "10.32.3.0/24",
- "pools": [ { "pool": "10.32.3.200 - 10.32.3.219" } ],
- "option-data": [
- {
- "name": "routers",
- "data": "10.32.3.250"
- }
- ],
- "reservations": [
- {
- "hw-address": "00:50:56:12:03:34",
- "ip-address": "10.32.3.208"
- }
- ]
- },
- {
- "user-context": {
- "sit-vlan-id": "213",
- "sit-vlan-name": "vlan_pre"
- },
- "subnet": "10.32.4.0/24",
- "pools": [ { "pool": "10.32.4.240 - 10.32.4.245" } ],
- "option-data": [
- {
- "name": "routers",
- "data": "10.32.4.250"
- }
- ]
- },
- {
- "user-context": {
- "sit-vlan-id": "215",
- "sit-vlan-name": "vlan_telemaint"
- },
- "subnet": "10.32.15.0/24",
- "pools": [ { "pool": "10.32.15.20 - 10.32.15.29" } ],
- "option-data": [
- {
- "name": "routers",
- "data": "10.32.15.250"
- }
- ]
- },
- {
- "user-context": {
- "sit-vlan-id": "222",
- "sit-vlan-name": "vlan_dmz_ech"
- },
- "subnet": "10.32.22.0/24",
- "pools": [ { "pool": "10.32.22.240 - 10.32.22.245" } ],
- "option-data": [
- {
- "name": "routers",
- "data": "10.32.22.250"
- }
- ]
- },
- {
- "user-context": {
- "sit-vlan-id": "261",
- "sit-vlan-name": "vlan_nas"
- },
- "subnet": "10.32.61.0/24",
- "pools": [ { "pool": "10.32.61.240 - 10.32.61.245" } ],
- "option-data": [
- {
- "name": "routers",
- "data": "10.32.61.250"
- }
- ]
- },
- {
- "user-context": {
- "sit-vlan-id": "270",
- "sit-vlan-name": "vlan_adm_vmware"
- },
- "subnet": "10.32.70.0/24",
- "pools": [ { "pool": "10.32.70.240 - 10.32.70.245" } ],
- "option-data": [
- {
- "name": "routers",
- "data": "10.32.70.250"
- }
- ]
- },
- {
- "user-context": {
- "sit-vlan-id": "2255",
- "sit-vlan-name": "vlan_monitor"
- },
- "subnet": "10.32.255.0/24",
- "pools": [ { "pool": "10.32.255.240 - 10.32.255.245" } ],
- "option-data": [
- {
- "name": "routers",
- "data": "10.32.255.250"
- }
- ]
- },
- {
- "user-context": {
- "sit-vlan-id": "4009",
- "sit-vlan-name": "vlan_wifi_invite"
- },
- "subnet": "10.32.254.0/24",
- "pools": [ { "pool": "10.32.254.1 - 10.32.254.249" } ],
- "option-data": [
- {
- "name": "routers",
- "data": "10.32.254.250"
- }
- ]
- }
- ],
- // There are many, many more parameters that DHCPv4 server is able to use.
- // They were not added here to not overwhelm people with too much
- // information at once.
- // Logging configuration starts here. Kea uses different loggers to log various
- // activities. For details (e.g. names of loggers), see Chapter 18.
- "loggers": [
- {
- // This section affects kea-dhcp4, which is the base logger for DHCPv4
- // component. It tells DHCPv4 server to write all log messages (on
- // severity INFO or more) to a file.
- "name": "kea-dhcp4",
- "output_options": [
- {
- // Specifies the output file. There are several special values
- // supported:
- // - stdout (prints on standard output)
- // - stderr (prints on standard error)
- // - syslog (logs to syslog)
- // - syslog:name (logs to syslog using specified name)
- // Any other value is considered a name of a time
- "output": "syslog",
- // Shorter log pattern suitable for use with systemd,
- // avoids redundant information
- "pattern": "%-5p %m\n",
- // This governs whether the log output is flushed to disk after
- // every write.
- // "flush": false,
- // This specifies the maximum size of the file before it is
- // rotated.
- "maxsize": 1048576,
- // This specifies the maximum number of rotated files to keep.
- "maxver": 8
- }
- ],
- // This specifies the severity of log messages to keep. Supported values
- // are: FATAL, ERROR, WARN, INFO, DEBUG
- "severity": "INFO",
- // If DEBUG level is specified, this value is used. 0 is least verbose,
- // 99 is most verbose. Be cautious, Kea can generate lots and lots
- // of logs if told to do so.
- "debuglevel": 0
- }
- ]
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement