DHCP原理与配置
一、DHCP
1、DHCP常识
1)动态主机配置协议 :DHCP(Dynamic Host Configuration Protocol)
2)作用:
--给终端(电脑,服务器、IP电话等)自动分配IP地址等网络参数
--是一种用于集中对用户IP地址进行动态管理和配置的技术
3)优势:降低网络工程师的工作难度,提高工作效率,也能预防错误
2、DHCP角色
1)DHCP客户端
--请求获取IP地址等网络参数的终端设备,比如:电脑、服务器、手机、IP电话等
2)DHCP服务器
--负责为客户端设备分配网络参数的设备
3)DHCP中继
--负责转发DHCP服务器和DHCP客户端之间的DHCP报文,协助DHCP服务器向DHCP客户端动态分配网络参数的设备
3、DHCP首次接入
1)客户机广播发送DHCP发现报文(discover)-----寻找DHCP服务器
2) 服务器收到后,会单播回复DHCP回应报文(offer)----回应客户机的DHCP请求
3) 客户机在次广播发送DHCP请求报文(request)----请求租用IP地址
4) 服务器收到后,会单播回复客户机DHCP 确认报文(ack)----把IP地址租给客户机
其实这个过程中还有两个动作,很关键
备注1:DHCP服务器在给主机分配IP地址的时候,可以做ICMP-ping 探测,
探测的目的是保证自己分发出去的IP地址是空闲的,不存在冲突,避免造成客户机冲突无法上网,
为什么?DHCP难道不知道自己分发了那些IP地址吗?当然知道,只不过有特殊情况,
特殊情况就是可能有的电脑会手动配置静态IP地址,这个DHCP服务器是无法控制的,所以,我们可以做ping 探测
[DHCP-R1]dhcp server ping packet 3 //配置icmp探测
[DHCP-R1]dhcp server ping timeout 1000 //配置探测超时
备注2:客户机收到服务器发送的ACK确认报文后,
其实是不放心的,要发送免费ARP(目的地址为自己IP地址的arp)
探测DHCP分配给自己的这个地址是否是有别人在用,如果解析到的MAC地址是自己的MAC地址,才会放心
4、DHCP重复接入
1)客户机在次广播发送DHCP请求报文(request)---请求租用原来用过的IP地址
2) 服务器收到后,会单播回复DHCP确认报文(ack)---还把原来的地址给客户机
备注:
3)服务器收到后,如果单播回复nak报文,代表无法分配请求地址(地址已经租给别的主机了)
5、租期T1
1) 当租期时间到达50%,客户机会以单播方式向服务器发送request 请求报文,请求更新IP地址租期
2)DHCP 服务器如果回复DHCP ack 确认报文给客户机,就代表租期更新成功,租期时间归零
3)如果服务器回复DHCP nak报文给客户机,就代表这个地址不能分配给你了,请客户机重新申请新的地址,请客户机从新发送discover 报文
4)客户机在50%的时间给服务器单播发送request 请求,这个过程叫做T1
6、租期T2
1) 当租期时间到达87.5%,如果服务器一直没够回复信息,客户机会以广播方式向服务器发送request 请求报文,请求更新IP地址租期
2)DHCP服务器如果回复DHCP ack 确认报文给客户机,就代表租期更新成功,租期时间归零
3)如果服务器回复DHCP nak报文给客户机,就代表这个地址不能分配给你了,请客户机重新申请新的地址,请客户机重新发送discover 报文
4)客户机在87.5%的时间给服务器广播发送request 请求,这个过程叫做T2
二、项目案例-实验配置
1、部署基于全局的dhcp
1)拓扑图
2) 需求:
--部署基于全局的dhcp
--让pc1-pc4通过dhcp 获取IP动态IP地址
--让pc5通过dhcp获取固定IP地址
3) 配置
sw1配置:
sysname sw1
#
vlan batch 10 20
#
dhcp enable
#
ip pool vlan10-cw
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.230 192.168.10.253
lease day 2 hour 0 minute 0
dns-list 8.8.8.8
#
ip pool vlan20-yw
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
static-bind ip-address 192.168.20.100 mac-address 5489-98FB-7EE2
dns-list 8.8.8.8
#
interface Vlanif 10
dhcp select global
ip address 192.168.10.254 255.255.255.0
#
interface Vlanif 20
dhcp select global
ip address 192.168.20.254 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
sw2配置:
sysname sw2
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
sw3配置:
sysname sw3
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 20
2、部署基于接口的dhcp
1)拓扑图
1)配置:
sw1配置:
sysname sw1
#
vlan batch 10 20
#
dhcp enable
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 192.168.10.240 192.168.10.253
dhcp server dns-list 8.8.8.8
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8
dhcp server excluded-ip-address 192.168.20.240 192.168.20.253
dhcp server static-bind ip-address 192.168.20.100 mac-address 5489-98FB-7EE2
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
sw2和sw3配置和上个实验一样,不在重复
3、部署基于中继的dhcp
1)拓扑图
2)sw1配置:
#
sysname sw1
#
vlan batch 10 20 30
#
dhcp enable
#
ip pool vlan10-cw
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.240 192.168.10.253
lease day 2 hour 0 minute 0
dns-list 8.8.8.8
#
ip pool vlan20-yw
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
dns-list 8.8.8.8
static-bind ip-address 192.168.20.100 mac-address 5489-98FB-7EE2
#
interface Vlanif30
ip address 10.10.10.10 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
ip route-static 0.0.0.0 0.0.0.0 10.10.10.100
3) sw2-中继设备配置:
sysname sw2
#
vlan batch 10 20 30
#
dhcp enable
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.10.10.10
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.10.10.10
#
interface Vlanif30
ip address 10.10.10.100 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
4、DHCP综合项目实战
1)拓扑图
2)需求:
--配置设备的IP地址,确保设备之间可以互通
--PC1/2的网关位于 SW1,PC4/5的网关位于R2,PC3的网关位于R1(接口dhcp)
--确保PC获得正确的IP地址,实现PC之间的互通
3)配置:
sysname SW1
#
vlan batch 10 20 60
#
dhcp enable
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.60.2
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.60.2
#
interface Vlanif60
ip address 192.168.60.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 60
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
ip route-static 0.0.0.0 0.0.0.0 192.168.60.2
sysname R1
#
dhcp enable
#
ip pool vlan10
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool vlan20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool vlan40
gateway-list 192.168.40.254
network 192.168.40.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool vlan50
gateway-list 192.168.50.254
network 192.168.50.0 mask 255.255.255.0
dns-list 8.8.8.8
#
interface GigabitEthernet0/0/0
ip address 192.168.60.2 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
ip address 192.168.70.3 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/2
ip address 192.168.30.254 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8
#
ip route-static 192.168.10.0 255.255.255.0 192.168.60.1
ip route-static 192.168.20.0 255.255.255.0 192.168.60.1
ip route-static 192.168.40.0 255.255.255.0 192.168.70.4
ip route-static 192.168.50.0 255.255.255.0 192.168.70.4
sysname R2
#
dhcp enable
#
interface GigabitEthernet0/0/0
ip address 192.168.70.4 255.255.255.0
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 40
ip address 192.168.40.254 255.255.255.0
arp broadcast enable
dhcp select relay
dhcp relay server-ip 192.168.70.3
#
interface GigabitEthernet0/0/1.2
dot1q termination vid 50
ip address 192.168.50.254 255.255.255.0
arp broadcast enable
dhcp select relay
dhcp relay server-ip 192.168.70.3
#
ip route-static 0.0.0.0 0.0.0.0 192.168.70.3
sysname SW2
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
sysname SW3
#
vlan batch 30
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 30
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 30
sysname SW4
#
vlan batch 40 50
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 40
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 50
三、DHCP日常维护命令
1、预留IP地址(排除不参与分发的IP地址)
1)基于全局的: excluded-ip-address 192.168.10.230 192.168.10.253
2)基于接口的: dhcp server excluded-ip-address 192.168.10.240 192.168.10.253
2、修改租期:
1)基于全局的: lease day 2
2)基于接口的:dhcp server lease day 2
3、为客户端分配固定的地址
1)基于全局的:[huawei-ip-pool-vlan20-yw] static-bind ip-address 192.168.20.100 mac-address 5489-986A-273F
2) 基于接口的: [huawei-vlan10] dhcp server static-bind ip-address 192.168.10.100 mac-address 5454-9B6A-33EA
4、取消客户端固定的地址
1)基于全局
[huawei]ip pool vlan20-yw
[huawei-ip-pool-vlan20-yw] undo static-bind ip-address 192.168.20.100 //解除绑定关系
2)基于接口
[huawei]interface vlan10
[huawei-vlan10] undo dhcp server static-bind ip-address 192.168.10.100 //解除绑定关系
5、日常查看命令
全局:
接口:
6、清楚冲突的地址
1)基于全局:
2) 基于接口: