DHCP在企业网中的应用
DHCP简介
DHCP 是 Dynamic Host Configuration Protocol(动态主机配置协议)缩写,它的前身是 BOOTP。BOOTP 原本是用于无磁盘主机连接的网络上面的:网络主机使用 BOOT ROM 而不是磁盘启动并连接上网络,BOOTP则可以自动地为那些主机设定 TCP/IP 环境。但 BOOTP 有一个缺点:您在设定前须事先获得客户端的硬件地址,而且,与 IP 的对应是静态的。换而言之,BOOTP 非常缺乏 "动态性" ,若在有限的 IP 资源环境中,BOOTP 的一对一对应会造成非常严重的资源浪费。DHCP 可以说是 BOOTP 的增强版本,它分为两个部份:一个是服务器端,而另一个是客户端。所有的 IP 网络设定数据都由 DHCP 服务器集中管理,并负责处理客户端的 DHCP 要求;而客户端则会使用从服务器分配下来的IP环境数据。比较起 BOOTP ,DHCP 透过 "租约" 的概念,有效且动态的分配客户端的 TCP/IP 设定,而且,作为兼容考虑,DHCP 也完全照顾了 BOOTP Client 的需求。DHCP 的分配形式 首先,必须至少有一台 DHCP 工作在网络上面,它会监听网络的 DHCP 请求,并与客户端磋商 TCP/IP的设定环境。它提供三种 IP 定位方式:manual,automatic,和dynamic三种。
应用一:单作用域dhcp服务器搭建
挂载光盘
[root@localhost ~]# mount /dev/cdrom /mnt/cdrom
mount: block device /dev/cdrom is write-protected, mounting read-only
mount: /dev/cdrom already mounted or /mnt/cdrom busy
mount: according to mtab, /dev/hdc is already mounted on /mnt/cdrom
[root@localhost ~]# cd /mnt/cdrom/Server/
安装dhcp服务
[root@localhost Server]# ll dhcp*
-r--r--r-- 108 root root 886718 2009-07-16 dhcp-3.0.5-21.el5.i386.rpm
-r--r--r-- 125 root root 134127 2009-07-16 dhcp-devel-3.0.5-21.el5.i386.rpm
-r--r--r-- 108 root root 196554 2009-07-16 dhcpv6-1.0.10-17.el5.i386.rpm
-r--r--r-- 108 root root 125916 2009-07-16 dhcpv6-client-1.0.10-17.el5.i386.rpm
[root@localhost Server]# rpm -ivh dhcp-3.0.5-21.el5.i386.rpm
warning: dhcp-3.0.5-21.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing...
########################################### [100%]
package dhcp-3.0.5-21.el5.i386 is already installed
编辑文件
[root@localhost Server]# vim /etc/dhcpd.conf
#
# DHCP Server Configuration file.
#
see /usr/share/doc/dhcp*/dhcpd.conf.sample
ddns-update-style interim;
ignore client-updates;
subnet 192.168.28.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.28.254;
option subnet-mask 255.255.255.0;
option nis-domain "domain.org";
option domain-name "nxl.com";
option domain-name-servers 222.88.88.88;
option time-offset -18000; # Eastern Standard Time
#
option ntp-servers 192.168.1.1;
#
option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
#
option netbios-node-type 2;
range dynamic-bootp 192.168.28.8 192.168.28.20;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host ns {
next-server marvin.redhat.com;
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 207.175.42.254;
"/etc/dhcpd.conf" 35L, 940C
判断语法正确与否
[root@localhost Server]# service dhcpd configtest
Syntax: OK
启动dhcp
[root@localhost Server]# service dhcpd start
启动 dhcpd:
[确定]
查看dhcp日志
[root@localhost Server]# tail -f /var/log/messages
Jul 25 04:24:36 localhost dhcpd: Copyright 2004-2006 Internet Systems Consortium.
Jul 25 04:24:36 localhost dhcpd: All rights reserved.
Jul 25 04:24:36 localhost dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Jul 25 04:24:36 localhost dhcpd: WARNING: Host declarations are global. They are not limited to the scope you declared them in.
Jul 25 04:24:36 localhost dhcpd: Wrote 0 deleted host decls to leases file.
Jul 25 04:24:36 localhost dhcpd: Wrote 0 new dynamic host decls to leases file.
Jul 25 04:24:36 localhost dhcpd: Wrote 0 leases to leases file.
Jul 25 04:24:36 localhost dhcpd: Listening on LPF/eth0/00:0c:29:d6:5a:cc/192.168.28/24
Jul 25 04:24:36 localhost dhcpd: Sending on
LPF/eth0/00:0c:29:d6:5a:cc/192.168.28/24
Jul 25 04:24:36 localhost dhcpd: Sending on
Socket/fallback/fallback-net
通过window客户机测试
再次查看dhcp日志文件信息
[root@localhost Server]# tail -f /var/log/messages
Jul 25 04:44:56 localhost dhcpd: DHCPDISCOVER from 00:0c:29:71:6f:38 (xbjmfrkechdxtww) via eth0
Jul 25 04:44:57 localhost dhcpd: DHCPOFFER on 192.168.28.10 to 00:0c:29:71:6f:38 (xbjmfrkechdxtww) via eth0
Jul 25 04:44:57 localhost dhcpd: Unable to add forward map from xbjmfrkechdxtww.nxl.com to 192.168.28.10: connection refused
Jul 25 04:44:57 localhost dhcpd: DHCPREQUEST for 192.168.28.10 (192.168.28.128) from 00:0c:29:71:6f:38 (xbjmfrkechdxtww) via eth0
Jul 25 04:44:57 localhost dhcpd: DHCPACK on 192.168.28.10 to 00:0c:29:71:6f:38 (xbjmfrkechdxtww) via eth0
也可使用tshark抓包工具在dhcp服务器67端口进行抓包显示效果
如果客户机想要获得一个固定的ip也可在服务器端绑定mac地址编辑vim/etc/dhcpd.conf
[root@localhost Server]# vim /etc/dhcpd.conf
host ns {
next-server marvin.redhat.com;
hardware ethernet 00:0C:29:71:6F:38;//绑定的mac地址
fixed-address 192.168.28.100;
}
}
测试结果如下
应用二:超级作用域
超级作用域是由多个DHCP作用域组成的作用域,单个DHCP作用域只能包含一个固定的子网,而超级作用域可以包含多个DHCP作用域,从而包含多个子网。
[root@localhost Server]# vim /etc/dhcpd.conf
shared-network nxl {
subnet 192.168.28.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.28.254;
option subnet-mask 255.255.255.0;
option nis-domain "domain.org";
option domain-name "domain.org";
option domain-name-servers 222.88.88.88,222.85.85.85;
option time-offset -18000; # Eastern Standard Time
#
option ntp-servers 192.168.1.1;
#
option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
#
option netbios-node-type 2;
range dynamic-bootp 192.168.28.20 192.168.28.20;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
}
subnet 192.168.29.0 netmask 255.255.255.0 {
option routers 192.168.29.254;
option subnet-mask 255.255.255.0;
option domain-name-servers 222.88.88.88,222.85.85.85;
range dynamic-bootp 192.168.29.20 192.168.29.20;
default-lease-time 21600;
max-lease-time 43200;
}
测试结果如下:
三DHCP中继
在大型的网络中,可能会存在多个子网。DHCP客户机通过网络广播消息获得DHCP服务器的响应后得到IP地址。但广播消息是不能跨越子网的。因此,如果DHCP客户机和服务器在不同的子网内,客户机还能不能向服务器申请IP地址呢?这就要用到DHCP中继代理。DHCP中继代理实际上是一种软件技术,安装了DHCP中继代理的计算机称为DHCP中继代理服务器,它承担不同子网间的DHCP客户机和服务器的通信任务。
假设局域网内有vlan10 20 30 在vlan30内搭建dhcp服务器,通过在上面机器上的dhcp中继实现地址分配。
服务器端配置
启用setup配置默认路由查看路由信息
[root@localhost ~]# route -n
Kernel IP routing table
Destination
Gateway Genmask Flags Metric Ref Use Iface
192.168.28.0
0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0
0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0
192.168.28.254 0.0.0.0 UG 0 0 0 eth0
[root@localhost ~]# vim /etc/dhcpd.conf
range dynamic-bootp 192.168.10.1 192.168.10.253;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host ns {
next-server marvin.redhat.com;
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 207.175.42.254;
}
}
subnet 192.168.20.0 netmask 255.255.255.0 {
dhcp子网
# --- default gateway
option routers 192.168.20.254; 默认网关
option subnet-mask 255.255.255.0; 掩码
option domain-name "caiwu.com"; 设置dns域
option domain-name-servers 222.88.88.88; dns服务器地址
range dynamic-bootp 192.168.20.1 192.168.20.253; ip地址池
default-lease-time 21600; 默认租期
max-lease-time 43200; 最长租期
# we want the nameserver to appear at a fixed address
host www {
next-server marvin.redhat.com;
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 207.175.42.254;
}
}
subnet 192.168.28.0 netmask 255.255.255.0 {
}
[root@localhost ~]# service dhcpd configtest
Syntax: OK
[root@localhost ~]# service dhcpd restart
关闭 dhcpd:
[确定]
启动 dhcpd:
[确定]
配置路由器信息,用linux虚拟机代替
添加三块网卡通过setup配置网卡ip信息,显示结果
[root@localhost ~]# ifconfig
eth0
Link encap:Ethernet HWaddr 00:0C:29:EB:72:02
inet addr:192.168.28.254 Bcast:192.168.28.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feeb:7202/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:131 errors:0 dropped:0 overruns:0 frame:0
TX packets:311 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:13978 (13.6 KiB) TX bytes:64810 (63.2 KiB)
eth1
Link encap:Ethernet HWaddr 00:0C:29:EB:72:0C
inet addr:192.168.20.254 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feeb:720c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:235 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:56920 (55.5 KiB)
eth2
Link encap:Ethernet HWaddr 00:0C:29:EB:72:16
inet addr:192.168.10.254 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feeb:7216/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:226 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:55984 (54.6 KiB)
打开数据包转发功能
[root@localhost ~]# vim /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
检查是否修改成功
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
安装dhcp 编辑dhcrelay
[root@localhost Server]# ll dhcp*
-r--r--r-- 108 root root 886718 2009-07-16 dhcp-3.0.5-21.el5.i386.rpm
-r--r--r-- 125 root root 134127 2009-07-16 dhcp-devel-3.0.5-21.el5.i386.rpm
-r--r--r-- 108 root root 196554 2009-07-16 dhcpv6-1.0.10-17.el5.i386.rpm
-r--r--r-- 108 root root 125916 2009-07-16 dhcpv6-client-1.0.10-17.el5.i386.rpm
[root@localhost Server]# rpm -ivh dhcp-3.0.5-21.el5.i386.rpm
Preparing...
########################################### [100%]
package dhcp-3.0.5-21.el5.i386 is already installed
[root@localhost Server]# vim /etc/sysconfig/dhcrelay
# Command line options here
INTERFACES="eth0 eth1 eth2"
DHCPSERVERS="192.168.28.128"
~
启动dhcrelay服务
[root@localhost Server]# service dhcrelay start
启动 dhcrelay:
[确定]
设定开机自启动
[root@localhost Server]# chkconfig dhcrelay on
开启window虚拟机测试 将网卡改为VMnet3,即为tec.com部门,
把网卡改为VMnet2,测试结果如下
