实验名称:在不同网段中搭建DHCP服务和跨网段的DNS、web服务

实验原理:二层交换,三层转发,静态路由、vlan划分、DHCP原理、DNS原理、web原理

实验对象:客户机、服务器、二层设备、三层设备

实验思路:

1) 两台客户机被DHCP自动分配地址,处在不同vlan下

2) 获得ip地址后,便可以去访问网站,访问网站需要搭建DNS域名解析服务,然后再搭建httpd服务

配置思路便是由由底层往上层配置,由内网往外网配置

实验步骤:

1.话不多说,拓扑图在此

实验:在不同网段中搭建DHCP服务和跨网段的DNS、web服务_第1张图片

2.内网配置

sw 2交换机:

sw2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
sw2(config)#no ip routing   '设备是由路由器改过来的,需要取消路由转发'
sw2(config)#int f1/0
sw2(config-if)#sw mod tr    '接口配置trunk'
*Mar  1 00:00:47.903: %DTP-5-TRUNKPORTON: Port Fa1/0 has become dot1q trunk
sw2(config-if)#sw tr en d   'trunk封装类型dot1q'
sw2(config)#vlan 10,20,100  '创建VLAN'
sw2(config-vlan)#exit
sw2(config)#int f1/1
sw2(config-if)#sw mod acc   '接口配置access'
sw2(config-if)#sw acc vlan 10
sw2(config-if)#int f1/2
sw2(config-if)#sw mod acc
sw2(config-if)#sw acc vlan 20
sw2(config-if)#int f1/3
sw2(config-if)#sw mod acc
sw2(config-if)#sw acc vlan 100
sw2(config-if)#do show vlan-sw b    '查看vlan信息'

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/4, Fa1/5, Fa1/6, Fa1/7
                                                Fa1/8, Fa1/9, Fa1/10, Fa1/11
                                                Fa1/12, Fa1/13, Fa1/14, Fa1/15
10   VLAN0010                         active    Fa1/1
20   VLAN0020                         active    Fa1/2
100  VLAN0100                         active    Fa1/3
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 

sw3三层交换机:

sw3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
sw3(config)#int f1/0
sw3(config-if)#sw mod tru
sw3(config-if)#
*Mar  1 01:24:05.283: %DTP-5-TRUNKPORTON: Port Fa1/0 has become dot1q trunk
sw3(config-if)#sw tru en d
sw3(config-if)#exit
sw3(config)#vlan 10,20,100
sw3(config-vlan)#int vlan 10    '配置vlan-if的ip地址'
sw3(config-if)#
*Mar  1 01:25:05.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
sw3(config-if)#ip add 192.168.10.1 255.255.255.0
sw3(config-if)#ip helper-address 192.168.100.100    
'给dhcp的ip地址创建中继,帮助其跨越vlan'
sw3(config-if)#int vlan 20
*Mar  1 01:25:38.551: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
sw3(config-if)#ip add 192.168.20.1 255.255.255.0
sw3(config-if)#ip helper-address 192.168.100.100
sw3(config-if)#int vlan 100
*Mar  1 01:26:08.023: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to up
sw3(config-if)#ip add 192.168.100.1 255.255.255.0
sw3(config-if)#ip helper-address 192.168.100.100
sw3(config-if)#int f0/0
sw3(config-if)#ip add 11.0.0.11 255.255.255.0
sw3(config-if)#no shut
*Mar  1 01:32:01.439: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar  1 01:32:02.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
sw3(config-if)#exit
sw3(config)#ip route 0.0.0.0 0.0.0.0 11.0.0.1
sw3(config)#do show ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            11.0.0.11       YES manual up                    up      
Vlan1                      unassigned      YES unset  up                    up      
Vlan10                     192.168.10.1    YES manual up                    up      
Vlan20                     192.168.20.1    YES manual up                    up      
Vlan100                    192.168.100.1   YES manual up                    up      
sw3(config)#do show ip rout
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 11.0.0.1 to network 0.0.0.0

C    192.168.10.0/24 is directly connected, Vlan10
C    192.168.20.0/24 is directly connected, Vlan20
     11.0.0.0/24 is subnetted, 1 subnets
C       11.0.0.0 is directly connected, FastEthernet0/0
C    192.168.100.0/24 is directly connected, Vlan100
S*   0.0.0.0/0 [1/0] via 11.0.0.1
sw3(config)#

开始配置DHCP服务器

首先配置网卡

实验:在不同网段中搭建DHCP服务和跨网段的DNS、web服务_第2张图片

[root@localhost ~]# yum install dhcp* -y    '安装'
[root@localhost ~]# rpm -q dhcp
dhcp-4.2.5-77.el7.centos.x86_64
[root@localhost ~]# hostname dhcp
[root@localhost ~]# su
[root@dhcp ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
    '修改网卡'
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"  '修改为静态'
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="0f432513-5d7a-455c-88b4-257a9a1dbb45"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.100.100  'ip地址'
NETMASK=255.255.255.0   '子网掩码'
GATEWAY=192.168.100.1   '网关'
[root@dhcp ~]# systemctl restart network    '重启网卡'
[root@dhcp ~]# ifconfig '验证'
ens33: flags=4163  mtu 1500
        inet 192.168.100.100  netmask 255.255.255.0  broadcast 192.168.100.255

[root@dhcp ~]# vim /etc/dhcp/dhc    
'打开dhcpd.conf,会发现是空的,不过让我们去看/usr/share/doc/dhcp*/dhcpd.conf.example'
dhclient.d/            dhcpd6.conf            
dhclient-exit-hooks.d/ dhcpd.conf     
[root@dhcp ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf   '复制到/etc/dhcp/下'
cp:是否覆盖"/etc/dhcp/dhcpd.conf"? y    '覆盖'
[root@dhcp ~]# vim /etc/dhcp/dhcpd.conf '百编辑'
option domain-name "example.org";       '域名'
option domain-name-servers 12.0.0.12;   '修改为dns服务器IP'

default-lease-time 600;     '默认租约600s'
max-lease-time 7200;    '最大租约7200s'

subnet 192.168.10.0 netmask 255.255.255.0 {     
'网段                 子网掩码'
  range 192.168.10.10 192.168.10.100;
  '范围    '
  option routers 192.168.10.1;
  '指定网关 '
}

subnet 192.168.20.0 netmask 255.255.255.0 {
  range 192.168.20.20 192.168.20.200;
  option routers 192.168.20.1;
}

subnet 192.168.100.0 netmask 255.255.255.0 {
  range 192.168.100.10 192.168.100.200;
  option routers 192.168.100.1;
}

[root@dhcp ~]# systemctl start dhcpd    '开启dhcpd服务'
[root@dhcp ~]# systemctl stop firewalld.service     '关掉防火墙'
[root@dhcp ~]# setenforce 0 '临时关闭'
[root@dhcp ~]# netstat -natp | grep dhcp    '查看端口状态'
[root@dhcp ~]# netstat -naup | grep dhcp
udp        0      0 0.0.0.0:67              0.0.0.0:*                           39158/dhcpd         
[root@dhcp ~]# 

两台客户机的配置比较简单,把获取IP地址修改为自动获取

实验:在不同网段中搭建DHCP服务和跨网段的DNS、web服务_第3张图片

然后在CMD命令提示符中分别输入ipconfig /release 释放当前地址,ipconfig /renew 获取新地址命令

实验:在不同网段中搭建DHCP服务和跨网段的DNS、web服务_第4张图片
实验:在不同网段中搭建DHCP服务和跨网段的DNS、web服务_第5张图片

3.内网设置完毕,接下来就开始配置外网

ISP#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
ISP(config)#int f0/0
ISP(config-if)#ip add 11.0.0.1 255.255.255.0
ISP(config-if)#no shut
ISP(config-if)#int f
*Mar  1 01:23:42.951: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar  1 01:23:43.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

ISP(config)#int f0/1                       
ISP(config-if)#ip add 12.0.0.1 255.255.255.0

ISP(config-if)#no shut
*Mar  1 01:24:27.779: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar  1 01:24:28.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
ISP(config-if)#exit

ISP(config)#ip route 192.168.0.0 255.255.0.0 11.0.0.11
'     网段汇总   '
ISP(config)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     11.0.0.0/24 is subnetted, 1 subnets
C       11.0.0.0 is directly connected, FastEthernet0/0
S    192.168.0.0/16 [1/0] via 11.0.0.11
     12.0.0.0/24 is subnetted, 1 subnets
C       12.0.0.0 is directly connected, FastEthernet0/1
ISP(config)#do show ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            11.0.0.1        YES manual up                    up      
FastEthernet0/1            12.0.0.1        YES manual up                    up         
ISP(config)#

配置DNS和HTTPD服务器

[root@localhost ~]# yum install httpd bind -y
[root@localhost ~]# rpm -q httpd bind
httpd-2.4.6-90.el7.centos.x86_64
bind-9.11.4-9.P2.el7.x86_64
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="8d222179-116b-41b5-8b47-0076ca1aeddb"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=12.0.0.12
NETMASK=255.255.255.0
GATEWAY=12.0.0.1

[root@localhost ~]# systemctl restart network

[root@localhost ~]# ifconfig
ens33: flags=4163  mtu 1500
        inet 12.0.0.12  netmask 255.255.255.0  broadcast 12.0.0.255
        inet6 fe80::e2c1:c26d:afa1:a4ad  prefixlen 64  scopeid 0x20
        ether 00:0c:29:52:4d:89  txqueuelen 1000  (Ethernet)
        RX packets 8232  bytes 10547854 (10.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3149  bytes 242681 (236.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# vim /etc/named.
named.conf           named.iscdlv.key     named.rfc1912.zones  named.root.key
[root@localhost ~]# vim /etc/named.conf '主配置文件'

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };

[root@localhost ~]# vim /etc/named.rfc1912.zones    
                        '区域配置文件'

zone "kgc.com" IN {
        type master;
        file "kgc.com.zone";        '区域数据配置文件'
        allow-update { none; };
};

[root@localhost ~]# cp -p /var/named/named.localhost /var/named/kgc.com.zone    '复制模板,重命名,保留权限'
[root@localhost ~]# vim /var/named/kgc.com.zone '区域数据配置文件'

$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
        AAAA    ::1
www     IN      A       12.0.0.12       '增加此处'

[root@localhost ~]# systemctl stop firewalld.service 
                    '关掉防火墙'
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl start named
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf  
                        '配置httpd'

 41 Listen 12.0.0.12:80 '监听12.0.0.12的80端口'
 42 #Listen 80
。。。。。。
 95 ServerName www.kgc.com:80   '修改域名'

[root@localhost ~]# systemctl start httpd   '启动'
[root@localhost ~]# 

测试

C:\Users\GSY>nslookup www.kgc.com
DNS request timed out.
    timeout was 2 seconds.
服务器:  UnKnown
Address:  12.0.0.12

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
名称:    www.kgc.com
Address:  12.0.0.12

实验:在不同网段中搭建DHCP服务和跨网段的DNS、web服务_第6张图片

root@localhost ~]# cd /var/www/html '网页'
[root@localhost html]# ls
[root@localhost html]# vim index.html   '创建新文件,代表首页'

 this is test web 为了馒头争口气

[root@localhost html]# systemctl restart httpd

刷新

实验:在不同网段中搭建DHCP服务和跨网段的DNS、web服务_第7张图片

小结:了解每个配置文件的具体位置,如何配置,配置的格式如何写,每一条参数代表什么,这些都是需要用心记