實驗環境:centos 6.4
定義:DHCP(dynamic host configuration protocol,動態主機分配協議),於1993年成爲標準協議,前身是bootp,dhcp提供簡單的TCP/IP的網絡設置,避免了TCP/IP網絡中地址衝突,同時也降低了管理IP地址設置的工作強度,使用DHCP主要有以下好處:
1.減小管理員的工作量
2.減小輸錯的可能
3.避免IP衝突
4.當網絡更改IP地址段時,不需要重新配置每一臺的IP。
5.提高IP地址利用率。
租約的更新
當客戶端重新啓動或租約達到50%,,就需要從新更新租約
中繼代理獲取地址的過程
DHCP所運用的端口
Server:udp 67
Client:udp68
DHCP客戶端廣播dhcpdiscover包
Dhcp中繼代理將DHCPDiscover以單播轉發到DHCP服務器
DHCP服務器以單播發送DHCPoffer包給DHCP中繼代理。
DHCP中繼代理廣播DHCPoffer包
DHCP客戶端廣播DHCPRequest包
DHCP中繼代理以單播轉發DHCPrequest包給DHCP服務器
DHCP服務器以單播發送DHCPack包給DHCP中繼代理。
DHCP中繼代理廣播DHCPack包。
案例1centos實現dhcp服務器
192.168.10.0 網絡動態分配地址:
地址池192.168.10.200 192.168.10.240
子網掩碼255.255.255.0網關 192.168.10.254
Dns指向 202.102.224.68.
DHCP服務的安裝:
[root@host2 network-scripts]# yum --disablerepo=\* --enablerepo=c6-media install dhcp
提示DHCP已經裝過了。
用rpm -ql dhcp |less查詢一下dhcp服務
[root@host2 network-scripts]# rpm -ql dhcp |less
/etc/dhcp/dhcpd.conf//配置服務器的文件
/usr/share/doc/dhcp-4.1.1 /dhcpd.conf.sample //樣例文件
用vim打開dhcp.conf文件
[root@host2 network-scripts]# vim /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample
底行輸入::r /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample
把文件修改爲圖中,滿足當初規劃
進行語法檢測
[root@host2 network-scripts]# service dhcpd configtest
出現錯誤,提示34,丟失一個}
修改後,繼續檢測語法
重啓dhcpd服務
保證每次開機啓動
查看所起的端口
netstat -tupln |grep dhcp
測試能否獲得地址:
綁定MAC地址
進入
[root@host2 ~]# vim /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample
75,78 w >>/etc/dhcp/dhcpd.conf
[root@host2 ~]# vim /etc/dhcp/dhcp.conf
Host fantasia {
Hardware ethernet MAC地址;
Fixed-address IP地址;
}
案例2
進入dhcpd.conf
[root@host2 ~]# vim /etc/dhcp/dhcpd.conf
底行:r /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample
編輯以下內容,添加超級作用域
語法檢測
[root@host2 ~]# service dhcpd configtest
Syntax: OK
[root@host2 ~]#service dhcpd restart
[root@host2 ~]# netstat -tupln |grep dhcp
udp00 0.0.0.0:670.0.0.0:*1538/dhcpd
能成功的獲取到地址
案例3.
網絡中存在多個vlan
每一個vlan中的機器都dhcpclient
在servervlan 架構dhcpserver
單播unicast
組播multicast
廣播broadcast(變成單播通過路由)
虛擬機配置(DHCPserver):
centos系統的dhcp server 虛擬機選擇橋接.
[root@host2 ~]# vim /etc/dhcp/dhcpd.conf
[root@host2 ~]# service dhcpd configtest
[root@host2 ~]# service dhcpd restart
Starting dhcpd:[OK]
[root@host2 ~]# chkconfig dhcpd on
<Quidway>system-view
[Quidway]vlan10
[Quidway-vlan10]port e1/0/10
[Quidway-vlan10]vlan 20
[Quidway-vlan20]port e1/0/20
[Quidway-vlan20]vlan 30
[Quidway-vlan30]port e1/0/22
[Quidway-vlan30]int eth1/0/24
[Quidway-Ethernet1/0/24]port link-typetrunk
[Quidway-Ethernet1/0/24]port trunk permitvlan all
Pleasewait........................................... Done.
<H3C>
<H3C>system-view
System View: return to User View withCtrl+Z.
[H3C]undo insulate
[H3C]inteth0/0.3
[H3C-Ethernet0/0.3]int eth0/0.1
[H3C-Ethernet0/0.1]vlan-type dot1q vid10
[H3C-Ethernet0/0.1]ipadd 192.168.10.1 24
[H3C-Ethernet0/0.1]inteth0/0.2
[H3C-Ethernet0/0.2]vl
[H3C-Ethernet0/0.2]vlan-type dot1q vid 20
[H3C-Ethernet0/0.2]ip add 192.168.20.1 24
[H3C-Ethernet0/0.2]inteth0/0.3
[H3C-Ethernet0/0.3]v
[H3C-Ethernet0/0.3]vlan-type d
[H3C-Ethernet0/0.3]vlan-type dot1qv
[H3C-Ethernet0/0.3]vlan-type dot1qvid 30
[H3C-Ethernet0/0.3]ip add 192.168.30.1 24
[H3C-Ethernet0/0.3]disip routing-table
Routing Table: public net
Destination/MaskProtocol PreCostNexthopInterface
127.0.0.0/8DIRECT00127.0.0.1InLoopBack0
127.0.0.1/32DIRECT00127.0.0.1InLoopBack0
192.168.0.0/24DIRECT00192.168.0.1Ethernet0/0
192.168.0.1/32DIRECT00127.0.0.1InLoopBack0
192.168.10.0/24DIRECT00192.168.10.1Ethernet0/0.1
192.168.10.1/32DIRECT00127.0.0.1InLoopBack0
192.168.20.0/24DIRECT00192.168.20.1Ethernet0/0.2
192.168.20.1/32DIRECT00127.0.0.1InLoopBack0
192.168.30.0/24DIRECT00192.168.30.1Ethernet0/0.3
192.168.30.1/32DIRECT00127.0.0.1InLoopBack0
[H3C]firewallzone trust
[H3C-zone-trust]add int eth0/0.1
[H3C-zone-trust]add int eth0/0.2
[H3C-zone-trust]add int eth0/0.3
[H3C-zone-trust]q
[H3C]firewallpacket-filter default permit
[H3C]ping 192.168.30.100
PING 192.168.30.100: 56databytes, press CTRL_C to break
Reply from 192.168.30.100: bytes=56 Sequence=1 ttl=64 time=15 ms
Reply from 192.168.30.100: bytes=56 Sequence=2 ttl=64 time=6 ms
Reply from 192.168.30.100: bytes=56 Sequence=3 ttl=64 time=6 ms
Reply from 192.168.30.100: bytes=56 Sequence=4 ttl=64 time=6 ms
Reply from 192.168.30.100: bytes=56 Sequence=5 ttl=64 time=7 ms
[H3C]dhcp selectrelay interface e
[H3C]dhcp selectrelay interface Ethernet0/0.1
[H3C]dhcp selectrelay interface Ethernet0/0.2
[H3C]int eth0/0.1
[H3C-Ethernet0/0.1]iprelayaddress192.168.30.100
[H3C-Ethernet0/0.1]int eth0/0.2
[H3C-Ethernet0/0.2]iprelay add
[H3C-Ethernet0/0.2]ip relay address192.168.30.100
把一個防火牆先連接到eth0/0接口上面,模擬10.0網段的一臺PC,看是否能獲得地址。
[H3C]firewall packet-filter default permit
[H3C]firewall zone trust
[H3C-zone-trust]add int eth0/0
去掉eth0/0的地址
[H3C]sysname PC
[PC]int eth0/0
[PC-Ethernet0/0]undo ip add
[PC-Ethernet0/0]ip address dhcp-alloc
進入ETH0/0看是否通過DHCP獲得了地址:
Internet address is 192.168.10.13/24,acquired via DHCP
得到的網關爲192.168.10.1
DNS
Domain-serverIpaddress
01.1.1.1
12.2.2.2
到此我們做完實驗,滿足當初規劃的要求了。