DHCP服務(wù)
- DHCP介紹
- DHCP應(yīng)用場(chǎng)景
- DHCP工作原理
- DHCP服務(wù)器部署
- DHCP作用域
- DHCP超級(jí)作用域
一、DHCP介紹
在LAN(局域網(wǎng))中我們常會(huì)遇到以下的情況:
1)不知道如何配置IP地址及相關(guān)信息的員工,無法上網(wǎng)妨托;
2)IP地址配置沖突醉箕,無法上網(wǎng)熏迹;
3)來訪用戶因不熟悉公司網(wǎng)絡(luò)情況無法上網(wǎng);
以上這些情況都是日常最常見也是最無腦的工作,公司網(wǎng)絡(luò)管理員需要不停的去幫忙去解決這些問題吻育,以此來保障公司網(wǎng)絡(luò)的正常使用及員工的正常用網(wǎng)需求。而這些工作對(duì)于網(wǎng)絡(luò)管理員來說實(shí)在是太低級(jí)淤井、太無腦布疼、太繁瑣了,會(huì)消耗網(wǎng)絡(luò)管理員的大量工作時(shí)間币狠,也會(huì)影響公司員工的工作效能游两。那么如何通過其他的方法讓計(jì)算機(jī)就能直接解決了上述問題,從而解放網(wǎng)絡(luò)管理員呢漩绵?DHCP就是一個(gè)不二的選擇贱案。
DHCP(Dynamic Host Configuration Protocol,動(dòng)態(tài)主機(jī)配置協(xié)議),通常被應(yīng)用在局域網(wǎng)絡(luò)環(huán)境中止吐,主要作用是集中的管理宝踪、分配IP地址,使網(wǎng)絡(luò)環(huán)境中的主機(jī)動(dòng)態(tài)的獲得IP地址碍扔、Gateway地址瘩燥、DNS服務(wù)器地址等信息,并能夠提升地址的使用率不同。由于DHCP是一個(gè)UDP協(xié)議厉膀,所以運(yùn)行起來更加高效溶耘。
DHCP協(xié)議采用客戶端/服務(wù)器模型(C/S模型),服務(wù)端可以為客戶端提供IP服鹅、掩碼凳兵、網(wǎng)關(guān)、主機(jī)名企软、DNS等信息留荔。客戶端只需將IP獲得方式設(shè)置為自動(dòng)獲取即可澜倦。
目前可以提供DHCP服務(wù)的設(shè)備有很多聚蝶,比如:
- DHCP服務(wù)器(windows server、linux)
- 硬件路由器
- 家用寬帶路由
二藻治、DHCP應(yīng)用場(chǎng)景
1)公司局域網(wǎng)環(huán)境
2)家庭局域網(wǎng)環(huán)境
3)公共場(chǎng)合的wifi環(huán)境
4)寬帶環(huán)境網(wǎng)絡(luò)
使用DHCP的優(yōu)點(diǎn):
1)傻瓜式接入:用戶只需懂得插網(wǎng)線到電腦碘勉,或者輸入WiFi密碼接入網(wǎng)絡(luò)即可實(shí)現(xiàn)聯(lián)網(wǎng)
2)IP高效利用:及時(shí)回收IP機(jī)制,保證IP的高利用性桩卵,特別是對(duì)IP不足的網(wǎng)絡(luò)
3)避免IP沖突:避免IP沖突验靡,保證網(wǎng)絡(luò)的高效利用,保證公司員工及臨時(shí)人員高效工作
4)降低了公司網(wǎng)絡(luò)管理員的工作量雏节,提升了工作效率
三胜嗓、DHCP工作原理
![]()
image
3.1)工作方式
image
IP獲得需要通過發(fā)廣播來實(shí)現(xiàn)客戶端和服務(wù)器的通信,所以DHCP只能工作在局域網(wǎng)钩乍。
3.2)工作原理解析
1辞州、Client:向網(wǎng)絡(luò)中發(fā)送廣播,通過自己的UDP協(xié)議的68號(hào)端口向網(wǎng)絡(luò)中發(fā)送DHCP Discover包寥粹,用來尋找網(wǎng)絡(luò)中的DHCP Server.類似于你在你的公司大喊一聲:"誰是公司老板"一樣的道理变过。
2、Server:局域網(wǎng)中的所有DHCP服務(wù)器都能收到該Client發(fā)送的廣播包涝涤,然后DHCP Server會(huì)檢查自己的IP池中(也叫做作用域)是否還有可用IP可以分發(fā)媚狰。如果有的話,會(huì)直接將這個(gè)IP地址從池中拿出來阔拳,避免在發(fā)給別的客戶端崭孤,并且通過自己的UDP協(xié)議的67號(hào)端口給Client發(fā)一個(gè)響應(yīng)包DHCP Offer,同樣通信是采用廣播的方式,明確告訴其可以提供哪個(gè)IP給Client使用糊肠。類似于公司的幾個(gè)老板都在公司喊了一聲:“我是X老板辨宠,我有時(shí)間在哪個(gè)辦公室接待你”。
3罪针、Client:Client會(huì)收到局域網(wǎng)中的所有DHCP服務(wù)器發(fā)給自己的DHCP Offer包彭羹,默認(rèn)選一個(gè)最優(yōu)的DHCP Server進(jìn)行IP獲取(在這里就是第一個(gè)發(fā)送給他DHCP Offer的服務(wù)器算作最優(yōu))泪酱。然后繼續(xù)向網(wǎng)絡(luò)中通過UDP的68號(hào)端口發(fā)廣播DHCP Resquest派殷,明確指定DHCP Server IP地址和需要租用的IP地址,告訴它要從他這里獲得IP信息还最。自然其他DHCP Server也能收到廣播,確認(rèn)不從自己這里拿IP信息后毡惜,會(huì)將上步從IP池中拿出來的IP在釋放到池中拓轻,以便別人使用。類似于你在公司大喊一聲:“李老板经伙,我找你接待”扶叉,那么其他老板剛才計(jì)劃接待你的時(shí)間就會(huì)被釋放出來,用于接待別的客戶帕膜。
4枣氧、Server:被確認(rèn)的DHCP Server就會(huì)通過其UDP協(xié)議的67號(hào)端口發(fā)送DHCP ACK確認(rèn)包,采用廣播將IP垮刹、掩碼达吞、網(wǎng)關(guān)、DNS等信息還有IP租約一起發(fā)送給DHCP Client荒典,Client確認(rèn)IP可用后酪劫,根據(jù)IP租約開始計(jì)算使用時(shí)間。類似于李老板把你請(qǐng)進(jìn)他的辦公室寺董,開始和你聊天覆糟,并計(jì)算聊天時(shí)間為30分鐘,開始倒計(jì)時(shí)遮咖。
3.3)計(jì)算機(jī)獲得IP的時(shí)間點(diǎn)
a滩字、計(jì)算機(jī)開機(jī)
b、網(wǎng)卡接通網(wǎng)絡(luò)
c盯滚、重啟網(wǎng)卡服務(wù)
3.4)租約更新階段
a踢械、租約完成1/2
b酗电、租約完成7/8
c魄藕、租約到期
四、DHCP服務(wù)器部署
約定:本實(shí)驗(yàn)中使用過的機(jī)器為centos7.5_x86_64系統(tǒng)撵术,計(jì)算機(jī)名稱:baism.ayitula.com,IP地址192.168.11.16/24.請(qǐng)關(guān)閉防火墻和SELINUX背率。
4.1)DHCP安裝
[root@baism ~]# yum -y install dhcp
4.2)DHCP配置文件詳解
默認(rèn)情況下,dhcp服務(wù)并沒有提供配置文件嫩与,只是給提供了一個(gè)demo,存放在/usr/share/doc/dhcp*/目錄下.我們將demo文件拷貝到/etc/dhcp目錄下寝姿,并且命名為dhcpd.conf。
[root@baism ~]# cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp:是否覆蓋"/etc/dhcp/dhcpd.conf" y
配置文件詳解
[root@baism ~]# cat /etc/dhcp/dhcpd.conf
# #號(hào)代表注釋
# DHCP服務(wù)配置文件分為全局配置和作用域配置划滋,很好區(qū)分:subnet的就是作用域 不在subnet里面的就是全局設(shè)置饵筑。
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
#DNS全局選項(xiàng),指定DNS服務(wù)器的地址处坪,可以是IP根资,也可以是域名架专。
# option definitions common to all supported networks...
# DNS的域名
option domain-name "example.org";
#具體的DNS服務(wù)器
option domain-name-servers ns1.example.org, ns2.example.org;
#租約設(shè)置,默認(rèn)租約為600s
default-lease-time 600;
#租約設(shè)置玄帕,最大租約為7200s部脚,當(dāng)客戶端未請(qǐng)求明確的租約時(shí)間。
max-lease-time 7200;
#動(dòng)態(tài)DNS更新方式(none:不支持裤纹;interim:互動(dòng)更新模式委刘;ad-hoc:特殊更新模式)
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
#如果該DHCP服務(wù)器是本地官方DHCP就將此選項(xiàng)打開,避免其他DHCP服務(wù)器的干擾鹰椒。
#當(dāng)一個(gè)客戶端試圖獲得一個(gè)不是該DHCP服務(wù)器分配的IP信息锡移,DHCP將發(fā)送一個(gè)拒絕消息,而不會(huì)等待請(qǐng)求超時(shí)漆际。
#當(dāng)請(qǐng)求被拒絕罩抗,客戶端會(huì)重新向當(dāng)前DHCP發(fā)送IP請(qǐng)求獲得新地址。
#保證IP是自己發(fā)出去的
#
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
# 日志級(jí)別
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#作用域相關(guān)設(shè)置指令
#subnet 定義一個(gè)作用域
#netmask 定義作用域的掩碼
#range 允許發(fā)放的IP范圍
#option routers 指定網(wǎng)關(guān)地址
#option domain-name-servers 指定DNS服務(wù)器地址
#option broadcast-address 廣播地址
#
#
#案例:定義一個(gè)作用域 網(wǎng)段為10.152.187.0 掩碼為255.255.255.0
#此作用域不提供任何服務(wù)
subnet 10.152.187.0 netmask 255.255.255.0 {
}
# This is a very basic subnet declaration.
#案例:定義一個(gè)基本的作用域
#網(wǎng)段10.254.239.0 掩碼255.255.255.224
#分發(fā)范圍10.254.239.10-20
#網(wǎng)關(guān)為rtr-239-0-1.example.org, rtr-239-0-2.example.org
subnet 10.254.239.0 netmask 255.255.255.224 {
range 10.254.239.10 10.254.239.20;
option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
#案例:允許采用bootp協(xié)議的客戶端動(dòng)態(tài)獲得地址
#bootp DHCP的前身
#BOOTP用于無盤工作站的局域網(wǎng)中灿椅,可以讓無盤工作站從一個(gè)中心服務(wù)器上獲得IP地址套蒂。通過BOOTP協(xié)議可以為局域網(wǎng)中的無盤工作站分配動(dòng)態(tài)IP地址,
#這樣就不需要管理員去為每個(gè)用戶去設(shè)置靜態(tài)IP地址茫蛹。
subnet 10.254.239.32 netmask 255.255.255.224 {
range dynamic-bootp 10.254.239.40 10.254.239.60;
option broadcast-address 10.254.239.31;
option routers rtr-239-32-1.example.org;
}
#案例:一個(gè)簡(jiǎn)單的作用域案例
# A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 {
range 10.5.5.26 10.5.5.30;
option domain-name-servers ns1.internal.example.org;
option domain-name "internal.example.org";
option routers 10.5.5.1;
option broadcast-address 10.5.5.31;
default-lease-time 600;
max-lease-time 7200;
}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
#
#保留地址:可以將指定的IP分發(fā)給指定的機(jī)器操刀,根據(jù)網(wǎng)卡的MAC地址來做觸發(fā)
#host: 啟用保留。
#hardware:指定客戶端的mac地址
#filename:指定文件名
#server-name:指定下一跳服務(wù)器地址
#fixed-address: 指定保留IP地址
#
#
#案例:這個(gè)案例中分發(fā)給客戶端的不是IP地址信息婴洼,而是告訴客戶端去找toccata.fugue.com服務(wù)器骨坑,并且下載vmunix.passacaglia文件
host passacaglia {
hardware ethernet 0:0:c0:5d:bd:95;
filename "vmunix.passacaglia";
server-name "toccata.fugue.com";
}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
# 案例:保留地址,將指定IP(fantasia.fugue.com對(duì)應(yīng)的IP)分給指定客戶端網(wǎng)卡(MAC:08:00:07:26:c0:a5)
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address fantasia.fugue.com;
}
#超級(jí)作用域
#超級(jí)作用域是DHCP服務(wù)中的一種管理功能柬采,使用超級(jí)作用域欢唾,可以將多個(gè)作用域組合為單個(gè)管理實(shí)體。
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#在局域網(wǎng)中粉捻,可以配置策略根據(jù)各個(gè)機(jī)器的具體信息分配IP地址和其他的網(wǎng)絡(luò)參數(shù)礁遣,客戶機(jī)的具體信息:客戶機(jī)能夠給dhcp服務(wù)提供的信息由兩個(gè),
#第一個(gè)就是網(wǎng)卡的dhcp-client-identifier(mac地址)肩刃,
#第二個(gè)就是設(shè)備的vendor-class-identifier祟霍。
#管理員可以根據(jù)這兩個(gè)信息給不同的機(jī)器分組。
#案例:
#按client某種類型分組DHCP,而不是按物理接口網(wǎng)段
#例子: SUNW 分配地址段10.17.224.0/24
# 非SUNW的主機(jī),分配地址段10.0.29.0/24
#定義一個(gè)dhcp類:foo
#request廣播中vendor-class-identifier字段對(duì)應(yīng)的值前四個(gè)字節(jié)如果是"SUNW",則視合法客戶端.
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
#定義一個(gè)超級(jí)作用域: 224-29
shared-network 224-29 {
#定義第一個(gè)作用域
subnet 10.17.224.0 netmask 255.255.255.0 {
option routers rtr-224.example.org;
}
#定義第二個(gè)作用域
subnet 10.0.29.0 netmask 255.255.255.0 {
option routers rtr-29.example.org;
}
#關(guān)連池,如果客戶端匹配foo類盈包,將獲得該池地址
pool {
allow members of "foo";
range 10.17.224.10 10.17.224.250;
}
#關(guān)連池,如果客戶端配置foo類沸呐,則拒絕獲得該段地址
pool {
deny members of "foo";
range 10.0.29.10 10.0.29.230;
}
}
4.3)DHCP啟動(dòng)
[root@baism ~]# systemctl enable dhcpd
Created symlink from /etc/systemd/system/multi-user.target.wants/dhcpd.service to /usr/lib/systemd/system/dhcpd.service.
[root@baism ~]# systemctl start dhcpd
注意:可能發(fā)現(xiàn)無法啟動(dòng)DHCP服務(wù),原因是DHCP在啟動(dòng)的時(shí)候檢查配置文件呢燥,發(fā)現(xiàn)并沒有有效作用域(和服務(wù)器同網(wǎng)段的作用域)崭添。
五、DHCP作用域
教學(xué)案例一叛氨、配置一個(gè)作用域呼渣,用于為本地局域網(wǎng)中的計(jì)算機(jī)發(fā)放IP信息根暑。要求:
本地網(wǎng)段:192.168.11.0/24
發(fā)放IP地址:192.168.11.153--252
網(wǎng)關(guān):192.168.11.254
DNS1:202.106.0.20
DNS2:114.114.114.114
默認(rèn)租約為兩個(gè)小時(shí)
最大租約為3個(gè)小時(shí)
本DHCP服務(wù)器為本地權(quán)威DHCP,要求可以本地所有計(jì)算機(jī)獲得IP都是由本DHCP發(fā)放
5.1)DHCP服務(wù)配置
[root@baism dhcp]# cat /etc/dhcp/dhcpd.conf
option domain-name-servers 4.2.2.2, 4.2.2.1;
default-lease-time 28800;
max-lease-time 43200;
authoritative;
log-facility local7;
subnet 192.168.11.0 netmask 255.255.255.0 {
range 192.168.11.153 192.168.11.252;
option domain-name-servers 202.106.0.20, 114.114.114.114;
option routers 192.168.11.254;
option broadcast-address 192.168.11.255;
default-lease-time 7200;
max-lease-time 10800;
}
請(qǐng)根據(jù)4.2中的講解理解配置文件內(nèi)容徙邻。
5.2)重啟DHCP服務(wù)排嫌,生效配置
#重啟dhcpd服務(wù)
[root@baism dhcp]# systemctl restart dhcpd
#查看啟動(dòng)情況,同時(shí)也驗(yàn)證了客戶端使用的是68端口缰犁,服務(wù)端使用的是67端口
[root@baism dhcp]# lsof -i :68
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dhclient 55234 root 6u IPv4 110700 0t0 UDP *:bootpc
[root@baism dhcp]# lsof -i :67
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dnsmasq 1507 nobody 3u IPv4 27149 0t0 UDP *:bootps
dhcpd 56570 dhcpd 7u IPv4 129157 0t0 UDP *:bootps
5.3)測(cè)試IP分發(fā)
打開一個(gè)客戶端機(jī)器淳地,IP獲得方式為自動(dòng)獲取,測(cè)試是否獲得到了自己這個(gè)DHCP服務(wù)器發(fā)放的IP地址帅容。本例子中測(cè)試機(jī)使用了centos 6.5系統(tǒng)颇象。來看下測(cè)試結(jié)果吧!
1) 查看一下當(dāng)前eth0的IP地址并徘、MAC地址遣钳,并保證其IP獲得方式為:DHCP
[root@bogon 桌面]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:1A:F8:BD
inet addr:172.16.44.132 Bcast:172.16.44.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe1a:f8bd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:86 errors:0 dropped:0 overruns:0 frame:0
TX packets:63 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15294 (14.9 KiB) TX bytes:6769 (6.6 KiB)
2)使用dhclient命令來獲得IP,看一下重要輸出
[root@bogon 桌面]# dhclient -d eth0
Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth0/00:0c:29:1a:f8:bd
Sending on LPF/eth0/00:0c:29:1a:f8:bd
Sending on Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6 (xid=0x316768c3) 發(fā)廣播尋找DHCP服務(wù)器
DHCPOFFER from 192.168.11.16 192.168.11.16DHCP服務(wù)器應(yīng)答
DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x316768c3) client向服務(wù)器請(qǐng)求IP地址
DHCPACK from 192.168.11.16 (xid=0x316768c3) 確認(rèn)租賃關(guān)系
bound to 192.168.11.156 -- renewal in 2983 seconds. client分得IP:192.168.11.156
^C
注意:看到這些信息后麦乞,按CTRL+C退出蕴茴。
dhclient是一個(gè)DHCP協(xié)議客戶端,它使用DHCP協(xié)議或者BOOTP協(xié)議或在這兩個(gè)協(xié)議都不可用時(shí)使用靜態(tài)地址來配置一個(gè)或多個(gè)網(wǎng)絡(luò)接口
dhclient -r 釋放IP地址
dhclient -d 強(qiáng)制dhclient作為前臺(tái)進(jìn)程運(yùn)行姐直。 通常情況下倦淀,DHCP客戶端將在前臺(tái)運(yùn)行,直到配置了一個(gè)接口,此時(shí)它將恢復(fù)為在后
臺(tái)運(yùn)行。
3) 服務(wù)器日志查看驗(yàn)證獲取信息
[root@baism ~]# tailf /var/log/messages
Feb 21 13:40:44 baism dhcpd: DHCPDISCOVER from 00:0c:29:1a:f8:bd via ens33
Feb 21 13:40:45 baism dhcpd: DHCPOFFER on 192.168.11.156 to 00:0c:29:1a:f8:bd via ens33
Feb 21 13:40:45 baism dhcpd: DHCPREQUEST for 192.168.11.156 (192.168.11.16) from 00:0c:29:1a:f8:bd via ens33
Feb 21 13:40:45 baism dhcpd: DHCPACK on 192.168.11.156 to 00:0c:29:1a:f8:bd via ens33
4) 在client上通過ifconfig命令再次查看eth0 IP地址声畏,驗(yàn)證是否為192.168.11.156
[root@bogon 桌面]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:1A:F8:BD
inet addr:192.168.11.156 Bcast:192.168.11.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe1a:f8bd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:97 errors:0 dropped:0 overruns:0 frame:0
TX packets:67 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17364 (16.9 KiB) TX bytes:7537 (7.3 KiB)
5)查看網(wǎng)關(guān)撞叽,確定網(wǎng)關(guān)為192.168.11.254
[root@bogon 桌面]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
0.0.0.0 192.168.11.254 0.0.0.0 UG 0 0 0 eth0
6)查看DNS配置文件,看DNS是否為DHCP服務(wù)器發(fā)放的DNS服務(wù)器IP
[root@bogon 桌面]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 202.106.0.20
nameserver 114.114.114.114
5.4)通過DHCP服務(wù)器租約文件查看具體租約
租約文件的路徑: /var/lib/dhcpd/dhcpd.leases
[root@baism ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.2.5
lease 192.168.11.154 {
starts 4 2019/02/21 03:41:12;
ends 4 2019/02/21 03:43:12;
tstp 4 2019/02/21 03:43:12;
cltt 4 2019/02/21 03:41:12;
binding state free;
hardware ethernet ac:87:a3:02:8d:5d;
uid "\001\254\207\243\002\215]";
client-hostname "baismdeMBP";
}
lease 192.168.11.153 {
starts 4 2019/02/21 03:54:27;
ends 4 2019/02/21 03:56:27;
tstp 4 2019/02/21 03:56:27;
cltt 4 2019/02/21 03:54:27;
binding state free;
hardware ethernet 00:0c:29:97:97:11;
uid "\001\000\014)\227\227\021";
client-hostname "cool-PC";
}
server-duid "\000\001\000\001$\000\315\373\000\014) u\271";
lease 192.168.11.155 {
starts 4 2019/02/21 13:37:42;
ends 4 2019/02/21 15:37:42;
cltt 4 2019/02/21 13:37:42;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:0c:29:1a:f8:c7;
}
#發(fā)現(xiàn)租約
lease 192.168.11.156 {
starts 4 2019/02/21 13:40:45; 租約開始時(shí)間
ends 4 2019/02/21 15:40:45; 租約結(jié)束時(shí)間插龄,正好是兩個(gè)小時(shí)
cltt 4 2019/02/21 13:40:45;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:0c:29:1a:f8:bd;
}
注意:當(dāng)你發(fā)現(xiàn)這里的時(shí)間和你的服務(wù)器時(shí)間不一致的時(shí)候愿棋,建議你修改時(shí)區(qū)解決問題,一般是差8個(gè)小時(shí)均牢,大家明白就好糠雨。
5.5)保留IP
在IP租約到期后,如果無法續(xù)訂租約膨处,client只能乖乖交出IP地址见秤,重新獲得一個(gè)其他IP使用。但是在公司有些服務(wù)器的IP地址是不能變化的真椿,因?yàn)樽兞擞脩艟蜔o法連接到服務(wù)器了,比如公司文件服務(wù)器乎澄、打印服務(wù)器等等突硝。那么在這種環(huán)境中我們既想使用DHCP管理公司IP,又想實(shí)現(xiàn)部分機(jī)器的IP永久不變置济,那么怎么實(shí)現(xiàn)呢解恰。
DHCP的作者在寫DHCP的時(shí)候也想到了這個(gè)問題锋八,提出了保留IP的概念,就是將某些IP保留护盈,然后服務(wù)器來獲得IP的時(shí)候挟纱,根據(jù)其MAC地址做匹配,將對(duì)應(yīng)的IP分給它即可腐宋。
教學(xué)案例:希望這個(gè)MAC地址為00:0C:29:1A:F8:C7的網(wǎng)卡能永久獲得IP 192.168.11.252紊服,實(shí)現(xiàn)方式如下:
a、在配置文件/etc/dhcp/dhcpd.conf末尾添加以下內(nèi)容
host print {
hardware ethernet 00:0C:29:1A:F8:C7;
fixed-address 192.168.11.252;
}
host print host為指令胸竞,print是個(gè)名字欺嗤,隨便起,但是最好有意義卫枝,要不過一段你也記不住了煎饼。
hardware ethernet 指定以太網(wǎng)網(wǎng)卡MAC地址
fixed-address 指定要綁定的IP
b、重啟DHCP服務(wù)
[root@baism ~]# systemctl restart dhcpd
c校赤、測(cè)試吆玖,登陸測(cè)試機(jī),釋放擋墻IP马篮,重新獲得新的IP衰伯,查看IP地址是否正確分發(fā)
[root@bogon 桌面]# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0C:29:1A:F8:C7
inet addr:192.168.11.155 Bcast:192.168.11.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe1a:f8c7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4071 errors:0 dropped:0 overruns:0 frame:0
TX packets:187 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:433880 (423.7 KiB) TX bytes:16888 (16.4 KiB)
[root@bogon 桌面]# dhclient -r eth1
[root@bogon 桌面]# dhclient -d eth1
Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth1/00:0c:29:1a:f8:c7
Sending on LPF/eth1/00:0c:29:1a:f8:c7
Sending on Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x45c162c2)
DHCPOFFER from 192.168.11.16
DHCPREQUEST on eth1 to 255.255.255.255 port 67 (xid=0x45c162c2)
DHCPACK from 192.168.11.16 (xid=0x45c162c2)
bound to 192.168.11.252 -- renewal in 2881 seconds.
^C
[root@bogon 桌面]# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0C:29:1A:F8:C7
inet addr:192.168.11.252 Bcast:192.168.11.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe1a:f8c7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4081 errors:0 dropped:0 overruns:0 frame:0
TX packets:191 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:436337 (426.1 KiB) TX bytes:17656 (17.2 KiB)
完美!
六积蔚、DHCP超級(jí)作用域
體驗(yàn)了DHCP服務(wù)器給大家?guī)淼姆奖愫笠饩ǎ覀児ぷ鬏p松了很多,但是隨著時(shí)間的推移尽爆,突然有這么一個(gè)問題急需你解決怎顾,由于公司的發(fā)展壯大,公司人員數(shù)量越來越多漱贱,公司一個(gè)網(wǎng)段的IP無法滿足日常使用槐雾,所以又加了一個(gè)網(wǎng)段。但是默認(rèn)情況下幅狮,DHCP服務(wù)器只能發(fā)放和自己網(wǎng)卡在同一網(wǎng)段的IP地址募强,目前我們DHCP的網(wǎng)卡IP地址為192.168.11.0段,我們新加的網(wǎng)段為192.168.12.0崇摄,那么怎么能讓DHCP服務(wù)器既能發(fā)11網(wǎng)段擎值,又能發(fā)放12網(wǎng)段呢?學(xué)會(huì)超級(jí)作用域就可以解決這個(gè)問題逐抑。
超級(jí)作用域:將兩個(gè)或以上的不同網(wǎng)段的作用域合成一個(gè)作用域既是超級(jí)作用域鸠儿。
案例:部署一個(gè)超級(jí)作用域,作用域是192.168.11.0/24網(wǎng)段,192进每。168.12.0/24網(wǎng)段汹粤。
a、編輯配置文件
[root@baism ~]# cat /etc/dhcp/dhcpd.conf
option domain-name-servers 4.2.2.2, 4.2.2.1;
default-lease-time 28800;
max-lease-time 43200;
#authoritative;
log-facility local7;
#share-network 部署一個(gè)超級(jí)作用域
#supper 超級(jí)作用域名稱田晚,隨便起嘱兼,但是建議有意義。
shared-network supper {
#192.168.11.0作用域
subnet 192.168.11.0 netmask 255.255.255.0 {
range 192.168.11.150 192.168.11.150;
option domain-name-servers 202.106.0.20, 114.114.114.114;
option routers 192.168.11.254;
default-lease-time 7200;
max-lease-time 10800;
}
#192.168.12.0作用域
subnet 192.168.12.0 netmask 255.255.255.0 {
range 192.168.12.150 192.168.12.150;
option domain-name-servers 202.106.0.20, 114.114.114.114;
option routers 192.168.12.254;
default-lease-time 7200;
max-lease-time 10800;
}
}
注意:案例中為了方便驗(yàn)證贤徒,我每個(gè)作用域只發(fā)布一個(gè)IP芹壕,否者測(cè)試無法保證能100%分到兩個(gè)網(wǎng)段。
b泞莉、重啟DHCP服務(wù)哪雕,生效配置文件
[root@baism dhcp]# systemctl restart dhcpd
c、驗(yàn)證
#釋放兩網(wǎng)卡IP
[root@bogon 桌面]# dhclient -r eth0
[root@bogon 桌面]# dhclient -r eth1
#釋放成功
[root@bogon 桌面]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:1A:F8:BD
inet6 addr: fe80::20c:29ff:fe1a:f8bd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1591 errors:0 dropped:0 overruns:0 frame:0
TX packets:162 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:282324 (275.7 KiB) TX bytes:30619 (29.9 KiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:1A:F8:C7
inet6 addr: fe80::20c:29ff:fe1a:f8c7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4719 errors:0 dropped:0 overruns:0 frame:0
TX packets:216 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:559954 (546.8 KiB) TX bytes:19582 (19.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:720 (720.0 b) TX bytes:720 (720.0 b)
#分別獲取IP地址
[root@bogon 桌面]# dhclient -d eth0
Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth0/00:0c:29:1a:f8:bd
Sending on LPF/eth0/00:0c:29:1a:f8:bd
Sending on Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6 (xid=0x2574199a)
DHCPOFFER from 192.168.11.16
DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x2574199a)
DHCPACK from 192.168.11.16 (xid=0x2574199a)
bound to 192.168.11.150 -- renewal in 3026 seconds.
^C
#確保都是來自我們實(shí)驗(yàn)中的DHCP服務(wù)器
[root@bogon 桌面]# dhclient -d eth1
Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth1/00:0c:29:1a:f8:c7
Sending on LPF/eth1/00:0c:29:1a:f8:c7
Sending on Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x2cebde11)
DHCPOFFER from 192.168.11.16
DHCPREQUEST on eth1 to 255.255.255.255 port 67 (xid=0x2cebde11)
DHCPACK from 192.168.11.16 (xid=0x2cebde11)
bound to 192.168.12.150 -- renewal in 3102 seconds.
^C
#確保都是來自我們實(shí)驗(yàn)中的DHCP服務(wù)器
#查看IP情況鲫趁,發(fā)現(xiàn)實(shí)驗(yàn)成功了斯嚎,分別獲得到了不同網(wǎng)段IP
[root@bogon 桌面]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:1A:F8:BD
inet addr:192.168.11.150 Bcast:192.168.11.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe1a:f8bd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1613 errors:0 dropped:0 overruns:0 frame:0
TX packets:166 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:287076 (280.3 KiB) TX bytes:31387 (30.6 KiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:1A:F8:C7
inet addr:192.168.12.150 Bcast:192.168.12.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe1a:f8c7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4741 errors:0 dropped:0 overruns:0 frame:0
TX packets:220 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:564706 (551.4 KiB) TX bytes:20350 (19.8 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:720 (720.0 b) TX bytes:720 (720.0 b)
七、補(bǔ)充
7.1) 如果客戶端獲得不到 IP會(huì)怎么辦
當(dāng)客戶端獲得不到IP地址挨厚,會(huì)得到一個(gè)169.254開頭的臨時(shí)IP堡僻,此IP不能和其他網(wǎng)段通信,但是Client會(huì)繼續(xù)向網(wǎng)絡(luò)中發(fā)DHCP廣播疫剃,繼續(xù)堅(jiān)持不懈申請(qǐng)IP钉疫。
7.2)DHCP會(huì)面臨單機(jī)故障,如何解決
兩臺(tái)設(shè)備互相分發(fā)對(duì)方網(wǎng)段一段IP巢价,將作用域采用8/2原則牲阁,彼此互相冗余,當(dāng)一臺(tái)服務(wù)器出現(xiàn)問題壤躲,不至于整個(gè)網(wǎng)段故障城菊。
7.3)抓包驗(yàn)證方法
[root@baism dhcp]# tcpdump -nn -vvv -s 1500 -i ens33 host 192.168.11.16 and udp port 67 or udp port 68
7.4)如何發(fā)放計(jì)算機(jī)名稱
發(fā)放計(jì)算機(jī)名稱只能在保留中完成,要求Client的計(jì)算機(jī)名配置文件中將對(duì)應(yīng)字段刪除碉克。
option domain-name-servers 4.2.2.2, 4.2.2.1;
default-lease-time 28800;
max-lease-time 43200;
authoritative;
log-facility local7;
subnet 192.168.11.0 netmask 255.255.255.0 {
range 192.168.11.153 192.168.11.252;
option domain-name-servers 202.106.0.20, 114.114.114.114;
option routers 192.168.11.254;
option broadcast-address 192.168.11.255;
default-lease-time 7200;
max-lease-time 10800;
}
host print {
#指定計(jì)算機(jī)名稱
option host-name "test.ayitula.com";
hardware ethernet 00:0c:29:af:f1:84;
fixed-address 192.168.11.252;
}
注意:請(qǐng)把/etc/hostname 中的計(jì)算機(jī)名稱清除
/etc/sysconfig/network中的hostname字段清除
