Linux網絡之DHCP服務和DHCP中繼
一、DHCP協議
1、dhcp介紹
【1】動態主機分配協議
【2】由Internet工作任務小組設計開發,專門爲用戶TCP/IP網絡中的計算機自動分配IP地址
2、dhcp優點
【1】減少管理員的工作量
【2】避免IP地址衝突
【3】提高了IP地址的利用率
3、dhcp分配方式
【1】自動分配:分配到一個IP地址後永久使用
【2】手動分配:由dhcp服務器管理員指定IP地址
【3】動態分配:使用完該IP地址就動態釋放,其他用戶使用
4、服務原理
(1)獲取IP地址的過程
【1】discover:客戶機在網絡中找到DHCP服務器的過程
【2】offer:dhcp服務器向客戶機提供IP地址、子網掩碼、網關、DNS地址、租約
【3】request:客戶機再次請求確認IP地址等是否可用
【4】ACK:服務器確認IP地址等可用 | noACK:IP地址等不可用,重新discover
(2)關於租約問題的概述
5、服務搭建步驟
【1】安裝DHCP服務功能
[root@localhost ~]# yum install -y dhcp*
【2】修改服務端和客戶端網卡模式(僅主機)
在虛擬網絡編輯器修改僅主機模式的網段爲空。
【3】修改配置文件
文件路徑:/etc/dhcp/dhcpd.conf
模板路徑:/usr/share/doc/dhcp-4.2.5/dhcpd.conf.example
(1)複製模板文件到配置文件中
[root@localhost ~]# vim /etc/dhcp/dhcpd.conf
進入主配置文件之後編輯模板文件
在模板文件下把內容強制寫入到主配置文件。
(2)全局配置修改
[root@localhost ~]# vim /etc/dhcp/dhcpd.conf
option domain-name "centos7.6";
option domain-name-servers 10.10.10.10;
(3)子網段配置修改
[root@localhost ~]# vim /etc/dhcp/dhcpd.conf
subnet 192.168.50.0 netmask 255.255.255.0 {
range 192.168.50.100 192.168.50.200;
option routers 192.168.50.1;
option domain-name-servers 9.9.9.9;
}
(4)手動分配IP地址
使用windows內部命令查看boss主機的物理地址用於手動指定IP地址
[root@localhost ~]# vim /etc/dhcp/dhcpd.conf
host boss {
hardware ethernet 00:0C:29:EA:92:0B;
fixed-address 192.168.50.88;
}
【4】關閉seLinux防護和防火牆,啓動DHCP服務
[root@localhost ~]# setenforce 0
setenforce: SELinux is disabled
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl start dhcpd(第一次使用開啓服務)
[root@localhost ~]# systemctl status dhcpd(查看服務狀態)
dhcpd.service - DHCPv4 Server Daemon
Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2020-07-05 12:04:05 CST; 1min 14s ago
[root@localhost ~]# systemctl restart dhcpd(每次修改完配置文件必須重啓服務)
【5】在客戶端修改自動獲取IP,釋放並重新獲取地址
(1)修改客戶機的IP獲取方式爲自動獲取
(2)使用windows內部命令查看boss指定IP地址
(3)使用Windows內部命令查看其他客戶機IP地址
二、DHCP中繼
【1】中繼原理
當某一個企業的內部網絡規模較大時,通常會被劃分多個子網形成不同的vlan,而DHCP服務這隻能在同一廣播域中給主機分配IP地址,其他網段的主機無法從DHCP服務器獲取IP地址,所以DHCP中繼的功能是跨越不同的vlan給不同的廣播域分配IP地址。注:DHCP中繼是配置在網關上爲各個網段分配地址。
【2】中繼服務搭建
(1)搭建模擬網絡
(2)啓用DHCP中繼
1)二層交換機SW1配置
<Huawei>undo terminal monitor (關閉提示信息)
<Huawei>sys
[Huawei]sysname SW1
[SW1]vlan batch 10 20 100
[SW1]int e0/0/1
[SW1-Ethernet0/0/1]p l a
[SW1-Ethernet0/0/1]p d v 10
[SW1-Ethernet0/0/1]q
[SW1]int e0/0/2
[SW1-Ethernet0/0/2]p l a
[SW1-Ethernet0/0/2]p d v 20
[SW1-Ethernet0/0/2]q
[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]p l a
[SW1-GigabitEthernet0/0/2]p d v 100
[SW1-GigabitEthernet0/0/2]q
[SW1]int e0/0/3
[SW1-Ethernet0/0/3]p l a
[SW1-Ethernet0/0/3]p d v 100
[SW1-Ethernet0/0/3]q
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]p l t
[SW1-GigabitEthernet0/0/1]p t a v a
[SW1-GigabitEthernet0/0/1]q
2)三層交換機LSW1的配置
<Huawei>undo terminal monitor (關閉提示信息)
<Huawei>sys
[Huawei]sysname LSW1
[LSW1]vlan batch 10 20 100
[LSW1]dhcp enable
[LSW1]interface Vlanif10
[LSW1-Vlanif10]ip address 192.168.10.1 255.255.255.0
[LSW1-Vlanif10]dhcp select relay(啓動中繼)
[LSW1-Vlanif10]dhcp relay server-ip 192.168.100.10(中繼服務地址)
[LSW1]interface Vlanif20
[LSW1-Vlanif20]ip address 192.168.20.1 255.255.255.0
[LSW1-Vlanif20]dhcp select relay
[LSW1-Vlanif20]dhcp relay server-ip 192.168.100.10
[LSW1]interface Vlanif100
[LSW1-Vlanif100]ip address 192.168.100.1 255.255.255.0
[LSW1-Vlanif100]dhcp select relay
[LSW1-Vlanif100]dhcp relay server-ip 192.168.100.10
[LSW1] interface GigabitEthernet0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type trunk
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 to 4094
[LSW1-GigabitEthernet0/0/1]q
(3)連接DHCP服務網卡
1)在網絡模擬器上連接
2)虛擬機上面連接網卡
(4)配置DHCP中繼服務
[root@kgc ~]# vim /etc/dhcp/dhcpd.conf
1)全局配置
option domain-name "centos7.6";
option domain-name-servers 10.10.10.10;
2)子網段配置
192.168.100.0網段
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.100 192.168.100.200;
option routers 192.168.100.1;
option domain-name-servers 9.9.9.9;
}
192.168.10.0網段
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.100 192.168.10.200;
option routers 192.168.10.1;
option domain-name-servers 9.9.9.9;
}
192.168.20.0網段
subnet 192.168.20.0 netmask 255.255.255.0 {
range 192.168.20.100 192.168.20.200;
option routers 192.168.20.1;
option domain-name-servers 9.9.9.9;
}
(5)ping測試服務器的連通性
在虛擬機上ping服務器網關
[root@kgc ~]# ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=128 time=0.347 ms
64 bytes from 192.168.100.1: icmp_seq=1 ttl=255 time=27.0 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=128 time=0.517 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=255 time=39.2 ms
在網絡模擬器上三層交換機上ping其餘網段的網關
[LSW1]ping 192.168.10.1
PING 192.168.10.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.10.1: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 192.168.10.1: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 192.168.10.1: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 192.168.10.1: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 192.168.10.1: bytes=56 Sequence=5 ttl=255 time=30 ms
(6)在主機上啓動DHCP獲取IP地址
192.168.10.0網段獲取IP地址
PC>ipconfig /renew
IP Configuration
Can't find DHCP server!
Link local IPv6 address...........: fe80::5689:98ff:fe2c:6333
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.100
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.1
Physical address..................: 54-89-98-2C-63-33
DNS server........................: 9.9.9.9
192.168.20.0網段獲取IP地址
PC>ipconfig /renew
IP Configuration
Can't find DHCP server!
Link local IPv6 address...........: fe80::5689:98ff:feaf:670a
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.20.100
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.20.1
Physical address..................: 54-89-98-AF-67-0A
DNS server........................: 9.9.9.9
在192.168.100.0網段獲取IP地址
PC>ipconfig /renew
IP Configuration
Link local IPv6 address...........: fe80::5689:98ff:fe51:4eba
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.100.101
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.100.1
Physical address..................: 54-89-98-51-4E-BA
DNS server........................: 9.9.9.9