dhcp在企业网中应用

dhcp在企业网中应用

应用一：dhcp单作用域

拓扑图

dhcp服务器配置

建立光盘挂载点，进行挂盘挂载

[root@mh3570 ~]# mkdir /mnt/cdrom

[root@mh3570 ~]# mount /dev/cdrom /mnt/cdrom

mount: block device /dev/cdrom is write-protected, mounting read-only

安装dhcp服务

[root@mh3570 ~]# cd /mnt/cdrom/Server

[root@mh3570 Server]# rpm -ivh dhcp-3.0.5-21.el5.i386.rpm

warning: dhcp-3.0.5-21.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:dhcp ########################################### [100%]

编辑dhcpd的配置文件

[root@mh3570 Server]# vim /etc/dhcpd.conf

1 #

2 ddns-update-style interim;

3 ignore client-updates;

4

5 subnet 192.168.101.0 netmask 255.255.255.0 {-------------------------------------添加作用域

6

7 # --- default gateway

8 option routers 192.168.101.254;--------------------指定网关

9 option subnet-mask 255.255.255.0;

10

11 option nis-domain "domain.org";

12 option domain-name "mh3570.com";--------命名客户端作用域名

13 option domain-name-servers 222.88.88.88;--------------指定DNS

14

15 option time-offset -18000; # Eastern Standard Time

16 # option ntp-servers 192.168.1.1;

17 # option netbios-name-servers 192.168.1.1;

18 # --- Selects point-to-point node (default is hybrid). Don't change this unless

19 # -- you understand Netbios very well

20 # option netbios-node-type 2;

21

22 range dynamic-bootp 192.168.101.2 192.168.101.98;器地址

-----------------------------------------------------------------------------指定地址池，并排除服务器地址192.168.101.99

23 range dynamic-bootp 192.168.101.100 192.168.101.253;

24 default-lease-time 21600;

25 max-lease-time 43200;

启动dhcp服务并查看服务器日志

[root@mh3570 Server]# service dhcpd start

Starting dhcpd: [ OK ]

[root@mh3570 ~]# tail -f /var/log/messages

Aug 14 10:45:45 mh3570 dhcpd: Internet Systems Consortium DHCP Server V3.0.5-RedHat

Aug 14 10:45:45 mh3570 dhcpd: Copyright 2004-2006 Internet Systems Consortium.

Aug 14 10:45:45 mh3570 dhcpd: All rights reserved.

Aug 14 10:45:45 mh3570 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/

Aug 14 10:45:45 mh3570 dhcpd: WARNING: Host declarations are global. They are not limited to the scope you declared them in.

Aug 14 10:45:45 mh3570 dhcpd: Wrote 0 deleted host decls to leases file.

Aug 14 10:45:45 mh3570 dhcpd: Wrote 0 new dynamic host decls to leases file.

Aug 14 10:45:45 mh3570 dhcpd: Wrote 0 leases to leases file.

Aug 14 10:45:45 mh3570 dhcpd: Listening on LPF/eth0/00:0c:29:9a:5d:2d/192.168.101/24

Aug 14 10:45:45 mh3570 dhcpd: Sending on LPF/eth0/00:0c:29:9a:5d:2d/192.168.101/24

Aug 14 10:45:45 mh3570 dhcpd: Sending on Socket/fallback/fallback-net

把客户端网络设置成自动获取，并在服务器上查看日志

[root@mh3570 ~]# tail -f /var/log/messages

Aug 14 10:49:39 mh3570 dhcpd: DHCPDISCOVER from 00:0c:29:92:b2:1e via eth0

Aug 14 10:49:40 mh3570 dhcpd: DHCPOFFER on 192.168.101.253 to 00:0c:29:92:b2:1e (4440d83c310a49d) via eth0

Aug 14 10:49:42 mh3570 dhcpd: Unable to add forward map from 4440d83c310a49d.mh3570.com to 192.168.101.253: timed out

Aug 14 10:49:42 mh3570 dhcpd: DHCPREQUEST for 192.168.101.253 (192.168.101.99) from 00:0c:29:92:b2:1e (4440d83c310a49d) via eth0

Aug 14 10:49:42 mh3570 dhcpd: DHCPACK on 192.168.101.253 to 00:0c:29:92:b2:1e (4440d83c310a49d) via eth0--------------------------日志显示服务器已经通过eth0接口向pc分配了一个192.168.101.253的地址

查看客户端网络参数

单作用域dhcp实验成功

应用二： dhcp超级作用域

拓扑图

dhcp服务器配置

建立光盘挂载点，进行挂盘挂载

[root@mh3570 ~]# mkdir /mnt/cdrom

[root@mh3570 ~]# mount /dev/cdrom /mnt/cdrom

mount: block device /dev/cdrom is write-protected, mounting read-only

安装dhcp服务

[root@mh3570 ~]# cd /mnt/cdrom/Server

[root@mh3570 Server]# rpm -ivh dhcp-3.0.5-21.el5.i386.rpm

warning: dhcp-3.0.5-21.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:dhcp ########################################### [100%]

编辑dhcpd的配置文件

[root@mh3570 Server]# vim /etc/dhcpd.conf

ddns-update-style interim;

ignore client-updates;

shared-network mh3570{-------------------------------------------------------声明超级作用域mh3570

subnet 192.168.101.0 netmask 255.255.255.0 {

# --- default gateway

option routers 192.168.101.254;

option subnet-mask 255.255.255.0;

option nis-domain "domain.org";

option domain-name "mh3570.com";

option domain-name-servers 222.88.88.88;

option time-offset -18000; # Eastern Standard Time

# option ntp-servers 192.168.1.1;

# option netbios-name-servers 192.168.1.1;

# --- Selects point-to-point node (default is hybrid). Don't change this unless

# -- you understand Netbios very well

# option netbios-node-type 2;

range dynamic-bootp 192.168.101.2 192.168.101.98;

range dynamic-bootp 192.168.101.100 192.168.101.253;

default-lease-time 21600;

max-lease-time 43200;

}

subnet 192.168.102.0 netmask 255.255.255.0 {------------------------------再添加一个作用域

# --- default gateway

option routers 192.168.102.254;

option subnet-mask 255.255.255.0;

option nis-domain "domain.org";

option domain-name "ae3570.com";

option domain-name-servers 222.88.88.88;

option time-offset -18000; # Eastern Standard Time

# option ntp-servers 192.168.1.1;

# option netbios-name-servers 192.168.1.1;

# --- Selects point-to-point node (default is hybrid). Don't change this unless

# -- you understand Netbios very well

# option netbios-node-type 2;

range dynamic-bootp 192.168.102.2 192.168.102.253;

default-lease-time 21600;

max-lease-time 43200;

}

}

为了测试一下超级作用域的效果，需要把两个作用域中的地址池改一下，都改为仅有一个地址，修改后的脚本如下

第一个作用域

range dynamic-bootp 192.168.101.2 192.168.101.2;

第二个作用域

range dynamic-bootp 192.168.102.2 192.168.102.2

重启dhcp服务

[root@mh3570 Server]# service dhcpd rstart

配置客户端2的网络设置也为自动获取

重启客户端1和2的网卡，并查看服务器日志

[root@mh3570 ~]# tail -f /var/log/messages

Aug 14 11:52:11 mh3570 dhcpd: DHCPDISCOVER from 00:0c:29:92:b2:1e (4440d83c310a49d) via eth0

Aug 14 11:52:12 mh3570 dhcpd: DHCPOFFER on 192.168.101.2 to 00:0c:29:92:b2:1e (4440d83c310a49d) via eth0

Aug 14 11:52:14 mh3570 dhcpd: Unable to add forward map from 4440d83c310a49d.mh3570.com to 192.168.101.2: timed out

Aug 14 11:52:14 mh3570 dhcpd: DHCPREQUEST for 192.168.101.2 (192.168.101.99) from 00:0c:29:92:b2:1e (4440d83c310a49d) via eth0

Aug 14 11:52:14 mh3570 dhcpd: DHCPACK on 192.168.101.2 to 00:0c:29:92:b2:1e (4440d83c310a49d) via eth0

-----------------------------------------------日志显示服务器通过dhcpack向客户机1分配了一个192.168.101.2的地址

查看客户端1网络参数

Aug 14 11:52:50 mh3570 dhcpd: DHCPDISCOVER from 00:0c:29:89:36:a0 (mh3570-0sxn9t0a) via eth0

Aug 14 11:52:51 mh3570 dhcpd: DHCPOFFER on 192.168.102.2 to 00:0c:29:89:36:a0 (mh3570-0sxn9t0a) via eth0

Aug 14 11:52:53 mh3570 dhcpd: Unable to add forward map from mh3570-0sxn9t0a.ae3570.com to 192.168.102.2: timed out

Aug 14 11:52:53 mh3570 dhcpd: DHCPREQUEST for 192.168.102.2 (192.168.101.99) from 00:0c:29:89:36:a0 (mh3570-0sxn9t0a) via eth0

Aug 14 11:52:53 mh3570 dhcpd: DHCPACK on 192.168.102.2 to 00:0c:29:89:36:a0 (mh3570-0sxn9t0a) via eth0

------------------------------------------------日志显示服务器通过dhcpack向客户机2分配了一个192.168.102.2的地址

查看客户端2的网络参数

上述测试表明超级作用域生效了，超级作用域dhcp实验成功

应用三：dhcp中继

拓扑图

dhcp服务器配置

建立光盘挂载点，进行挂盘挂载

[root@mh3570 ~]# mkdir /mnt/cdrom

[root@mh3570 ~]# mount /dev/cdrom /mnt/cdrom

mount: block device /dev/cdrom is write-protected, mounting read-only

安装dhcp服务

[root@mh3570 ~]# cd /mnt/cdrom/Server

[root@mh3570 Server]# rpm -ivh dhcp-3.0.5-21.el5.i386.rpm

warning: dhcp-3.0.5-21.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:dhcp ########################################### [100%]

编辑dhcpd的配置文件

[root@mh3570 Server]# vim /etc/dhcpd.conf

ddns-update-style interim;

ignore client-updates;

shared-network mh3570{-------------------------------------------------------声明超级作用域mh3570

subnet 192.168.101.0 netmask 255.255.255.0 {

}-----------------------------------第一个作用域101.0设为空作用域

subnet 192.168.102.0 netmask 255.255.255.0 {------------------------------再添加一个作用域102.0

# --- default gateway

option routers 192.168.102.254;

option subnet-mask 255.255.255.0;

option nis-domain "domain.org";

option domain-name "mh3570.com";

option domain-name-servers 222.88.88.88;

option time-offset -18000; # Eastern Standard Time

# option ntp-servers 192.168.1.1;

# option netbios-name-servers 192.168.1.1;

# --- Selects point-to-point node (default is hybrid). Don't change this unless

# -- you understand Netbios very well

# option netbios-node-type 2;

range dynamic-bootp 192.168.102.2 192.168.102.253;

default-lease-time 21600;

max-lease-time 43200;

}

subnet 192.168.103.0 netmask 255.255.255.0 {------------------------------再添加一个作用域103.0

# --- default gateway

option routers 192.168.103.254;

option subnet-mask 255.255.255.0;

option nis-domain "domain.org";

option domain-name "ae3570.com";

option domain-name-servers 222.88.88.88;

option time-offset -18000; # Eastern Standard Time

# option ntp-servers 192.168.1.1;

# option netbios-name-servers 192.168.1.1;

# --- Selects point-to-point node (default is hybrid). Don't change this unless

# -- you understand Netbios very well

# option netbios-node-type 2;

range dynamic-bootp 192.168.103.2 192.168.103.253;

default-lease-time 21600;

max-lease-time 43200;

}

}

路由器配置（用linux实现路由功能）

在linux机器上添加三块网卡，分别是vm1、vm2、vm3对应的网络接口为eth0、eth1、eth2，其中eth0连接linux服务器

首先配置三块网卡的网络地址

需在三个端口均配置子网掩码255.255.255.0

查看三个网络接口配置

编辑sysctl配置文件，只需把第7行中的0改为1

[root@localhost ~]# vim /etc/sysctl.conf

7 net.ipv4.ip_forward = 1

查看一下

[root@localhost ~]# sysctl -p

net.ipv4.ip_forward = 1

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 4294967295

kernel.shmall = 268435456

建立光盘挂载点，进行挂盘挂载

[root@mh3570 ~]# mkdir /mnt/cdrom

[root@mh3570 ~]# mount /dev/cdrom /mnt/cdrom

mount: block device /dev/cdrom is write-protected, mounting read-only

安装dhcp服务

[root@mh3570 ~]# cd /mnt/cdrom/Server

[root@mh3570 Server]# rpm -ivh dhcp-3.0.5-21.el5.i386.rpm

warning: dhcp-3.0.5-21.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:dhcp ########################################### [100%]

编辑dhcp中继相关文件

[root@localhost Server]# vim /etc/sysconfig/dhcrelay

INTERFACES="eth0 eth1 eth2"

DHCPSERVERS="192.168.101.99"

启动dhcrelay服务

[root@localhost Server]# service dhcrelay start

Starting dhcrelay: [ OK ]

配置客户端1的网络设置为自动获取

重启客户端1的网卡

在服务器上抓包

[root@mh3570 ~]# tshark -ni eth0 -R "udp.port eq 67"

Running as user "root" and group "root". This could be dangerous.

Capturing on eth0

7.468448 192.168.101.254 -> 192.168.101.99 DHCP DHCP Discover - Transaction ID 0xa8843875

8.495685 192.168.101.99 -> 192.168.102.254 DHCP DHCP Offer - Transaction ID 0xa8843875

8.497043 192.168.101.254 -> 192.168.101.99 DHCP DHCP Request - Transaction ID 0xa8843875

10.516413 192.168.101.99 -> 192.168.102.254 DHCP DHCP ACK - Transaction ID 0xa8843875

在路由器上抓包

[root@localhost ~]# tshark -ni eth1 -R "udp.port eq 67"

Running as user "root" and group "root". This could be dangerous.

Capturing on eth1

0.000000 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xa2b9b218-------------------------------客户端1向外发送广播，到达路由器eth0端口，eth0网关域生效，向服务器发送dhcpdiscover

0.327310 192.168.102.254 -> 192.168.102.253 DHCP DHCP Offer - Transaction ID 0xa2b9b218-------------------------------服务器返回给e路由器eth0网关，eth0发给客户端1一个dhcp offer

0.328475 0.0.0.0 -> 255.255.255.255 DHCP DHCP Request - Transaction ID 0xa2b9b218-------------------------------客户端1向外发送广播，到达路由器eth0端口，eth0网关域生效，向服务器发送dhcpresquest

2.451640 192.168.102.254 -> 192.168.102.253 DHCP DHCP ACK - Transaction ID 0xa2b9b218---------------------------------服务器返回给e路由器eth0网关，eth0发给客户端1一个dhcp ack分配地址192.168.102.253给客户端1

在客户端1上查看网络状态

配置客户端2的网络设置为自动获取

重启客户端2的网卡

在服务器上抓包

[root@mh3570 ~]# tshark -ni eth0 -R "udp.port eq 67"

Running as user "root" and group "root". This could be dangerous.

Capturing on eth0

0.000000 192.168.101.254 -> 192.168.101.99 DHCP DHCP Discover - Transaction ID 0x921d8b90

0.000007 192.168.101.99 -> 192.168.103.254 DHCP DHCP Offer - Transaction ID 0x921d8b90

0.000890 192.168.101.254 -> 192.168.101.99 DHCP DHCP Request - Transaction ID 0x921d8b90

2.242713 192.168.101.99 -> 192.168.103.254 DHCP DHCP ACK - Transaction ID 0x921d8b90

在路由器上抓包

[root@localhost ~]# tshark -ni eth2 -R "udp.port eq 67"

Running as user "root" and group "root". This could be dangerous.

Capturing on eth2

0.000000 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xecb0a8f

0.140907 192.168.103.254 -> 192.168.103.251 DHCP DHCP Offer - Transaction ID 0xecb0a8f

0.142072 0.0.0.0 -> 255.255.255.255 DHCP DHCP Request - Transaction ID 0xecb0a8f

2.430309 192.168.103.254 -> 192.168.103.251 DHCP DHCP ACK - Transaction ID 0xecb0a8f

在客户端2上查看网络状态

上述测试表明dhcp中继实验成功!

转载于:https://blog.51cto.com/mh3570/963639