3.5. Setting up a Kea DHCP server

Kea is a modern, high-performance DHCP server with a modular design. Use a DHCP server to automatically assign IP addresses and other network settings to client devices. This eliminates the error-prone task of manual configuration.

Prerequisites

The kea package is installed.
You are logged in as the root user.

Procedure

If you are configuring an IPv4 network:

Edit the /etc/kea/kea-dhcp4.conf file, and use the following configuration:

{
  "Dhcp4": {
    // Global settings that apply to all subnets unless overridden.
    "valid-lifetime": 86400,
    "option-data": [
      {
        "name": "domain-name",
	"data": "example.com"
      },
      {
        "name": "domain-name-servers",
	"data": "192.0.2.53"
      }
    ],

    // The network interfaces on which Kea will listen for DHCP traffic.
    "interfaces-config": {
      "interfaces": [ "enp1s0" ]
    },

    "subnet4": [
      // A definition of a subnet that is directly connected to the server
      {
        "id": 1,
        "subnet": "192.0.2.0/24",
        "pools": [
          { "pool": "192.0.2.20  - 192.0.2.100" },
          { "pool": "192.0.2.150 - 192.0.2.200" }
        ],
        "option-data": [
          { "name": "routers", "data": "192.0.2.1" }
        ],
      },

      // A definition of a remote subnet served through a DHCP relay
      {
        "id": 2,
        "subnet": "198.51.100.0/24",
        "pools": [
          { "pool": "198.51.100.20 - 198.51.100.100" }
        ],
	// Allowed DHCP relay agents
	"relay": {
          "ip-addresses": [ "198.51.100.5" ]
        },
        "option-data": [
          { "name": "routers", "data": "198.51.100.1" },
	  { "name": "domain-name-servers", "data": "198.51.100.53" }
        ]
      }
    ]
  }
}

This example configures Kea to serve two subnets: one directly connected to the server and a remote one that uses a DHCP relay agent.

The settings specified in the example include the following:

interfaces: Defines the network interfaces on which Kea listens for DHCP requests. If a subnet is not directly connected to the server, ensure that you list the interface through which the subnet can be reached.
id: Defines a unique integer for the subnet. This is required if you define more than one subnet.
subnet: Defines the subnet in Classless Inter-Domain Routing (CIDR) format.
pools: Defines the IP address ranges from which Kea can assign addresses to clients.
option-data: Defines DHCP options sent to clients, such as the default gateway and DNS servers. Per-subnet option-data settings override global settings.
relay: Defines the IP addresses of DHCP relay agents. While this setting is optional for remote subnets, it improves the security to limit forwarded requests to trusted agents. Do not use this parameter for directly-connected subnets.

Verify the syntax of the configuration file:
```
# kea-dhcp4 -t /etc/kea/kea-dhcp4.conf
```
If the command returns Syntax check failed, fix the errors shown in the report.

Update the firewalld rules to allow incoming DHCPv4 traffic:

# firewall-cmd --permanent --add-service=dhcp
# firewall-cmd --reload

Enable and start the service:
```
# systemctl enable --now kea-dhcp4
```

If you are configuring an IPv6 network:

Edit the /etc/kea/kea-dhcp6.conf file, and use the following configuration:

{
  "Dhcp6": {
    // Global settings that apply to all subnets unless overridden.
    "valid-lifetime": 86400,
    "option-data": [
      {
        "name": "domain-name",
	"data": "example.com"
      },
      {
        "name": "dns-servers",
	"data": "2001:db8:0:1::53"
      }
    ],

    // The network interfaces on which Kea will listen for DHCP traffic.
    "interfaces-config": {
      "interfaces": [ "enp1s0" ]
    },

    "subnet6": [
      // A definition of a subnet that is directly connected to the server
      {
        "id": 1,
        "subnet": "2001:db8:0:1::/64",
        "pools": [
          { "pool": "2001:db8:0:1::1000 - 2001:db8:0:1::2000" },
          { "pool": "2001:db8:0:1::4000 - 2001:db8:0:1::5000" }
        ],
      },

      // A definition of a remote subnet served through a DHCP relay
      {
        "id": 2,
        "subnet": "2001:db8:0:2::/64",
        "pools": [
          { "pool": "2001:db8:0:2::1000 - 2001:db8:0:2::2000" }
        ],
	// Allowed DHCP relay agents
	"relay": {
          "ip-addresses": [ "2001:db8:0:2::5" ]
        },
        "option-data": [
	  { "name": "dns-servers", "data": "2001:db8:0:1::53" }
        ]
      }
    ]
  }
}

This example configures Kea to serve two subnets: one directly connected to the server and a remote one that uses a DHCP relay agent.

Verify the syntax of the configuration file:
```
# kea-dhcp6 -t /etc/kea/kea-dhcp6.conf
```
If the command returns Syntax check failed, fix the errors shown in the report.

Update the firewalld rules to allow incoming DHCPv6 traffic:

# firewall-cmd --permanent --add-service=dhcpv6
# firewall-cmd --reload

Enable and start the service:
```
# systemctl enable --now kea-dhcp6
```

Verification

Configure a network connection with DHCP on a client. See Configuring an Ethernet connection by using nmcli.
Connect the client to the network.

Check if the client received an IP address from the DHCP server:

# ip address show <interface>
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:17:b8:b6 brd ff:ff:ff:ff:ff:ff
    inet 192.0.2.20/24 brd 192.0.2.255 scope global noprefixroute enp1s0
       valid_lft forever preferred_lft forever
    inet6 2001:db8:1::1000/64 scope global noprefixroute
       valid_lft forever preferred_lft forever

Troubleshooting

Check on which IPv4 and IPv6 addresses Kea is listening:
```
# ss -lunp | grep -E ':(67|547)'
```
If Kea does not listen on all interfaces you configured, check the interfaces-config setting in the Kea configuration files.

Next steps

Configure logging

3.5. Setting up a Kea DHCP server

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links