實驗：在不同網段中搭建DHCP服務和跨網段的DNS、web服務

實驗名稱：在不同網段中搭建DHCP服務和跨網段的DNS、web服務

實驗原理：二層交換，三層轉發，靜態路由、vlan劃分、DHCP原理、DNS原理、web原理

實驗對象：客戶機、服務器、二層設備、三層設備

實驗思路：

1） 兩臺客戶機被DHCP自動分配地址，處在不同vlan下

2） 獲得ip地址後，便可以去訪問網站，訪問網站需要搭建DNS域名解析服務，然後再搭建httpd服務

配置思路便是由由底層往上層配置，由內網往外網配置

實驗步驟：

1.話不多說，拓撲圖在此

2.內網配置

sw 2交換機：

sw2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
sw2(config)#no ip routing   '設備是由路由器改過來的，需要取消路由轉發'
sw2(config)#int f1/0
sw2(config-if)#sw mod tr    '接口配置trunk'
*Mar  1 00:00:47.903: %DTP-5-TRUNKPORTON: Port Fa1/0 has become dot1q trunk
sw2(config-if)#sw tr en d   'trunk封裝類型dot1q'
sw2(config)#vlan 10,20,100  '創建VLAN'
sw2(config-vlan)#exit
sw2(config)#int f1/1
sw2(config-if)#sw mod acc   '接口配置access'
sw2(config-if)#sw acc vlan 10
sw2(config-if)#int f1/2
sw2(config-if)#sw mod acc
sw2(config-if)#sw acc vlan 20
sw2(config-if)#int f1/3
sw2(config-if)#sw mod acc
sw2(config-if)#sw acc vlan 100
sw2(config-if)#do show vlan-sw b    '查看vlan信息'

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/4, Fa1/5, Fa1/6, Fa1/7
                                                Fa1/8, Fa1/9, Fa1/10, Fa1/11
                                                Fa1/12, Fa1/13, Fa1/14, Fa1/15
10   VLAN0010                         active    Fa1/1
20   VLAN0020                         active    Fa1/2
100  VLAN0100                         active    Fa1/3
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 

sw3三層交換機：

sw3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
sw3(config)#int f1/0
sw3(config-if)#sw mod tru
sw3(config-if)#
*Mar  1 01:24:05.283: %DTP-5-TRUNKPORTON: Port Fa1/0 has become dot1q trunk
sw3(config-if)#sw tru en d
sw3(config-if)#exit
sw3(config)#vlan 10,20,100
sw3(config-vlan)#int vlan 10    '配置vlan-if的ip地址'
sw3(config-if)#
*Mar  1 01:25:05.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
sw3(config-if)#ip add 192.168.10.1 255.255.255.0
sw3(config-if)#ip helper-address 192.168.100.100    
'給dhcp的ip地址創建中繼，幫助其跨越vlan'
sw3(config-if)#int vlan 20
*Mar  1 01:25:38.551: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
sw3(config-if)#ip add 192.168.20.1 255.255.255.0
sw3(config-if)#ip helper-address 192.168.100.100
sw3(config-if)#int vlan 100
*Mar  1 01:26:08.023: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to up
sw3(config-if)#ip add 192.168.100.1 255.255.255.0
sw3(config-if)#ip helper-address 192.168.100.100
sw3(config-if)#int f0/0
sw3(config-if)#ip add 11.0.0.11 255.255.255.0
sw3(config-if)#no shut
*Mar  1 01:32:01.439: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar  1 01:32:02.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
sw3(config-if)#exit
sw3(config)#ip route 0.0.0.0 0.0.0.0 11.0.0.1
sw3(config)#do show ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            11.0.0.11       YES manual up                    up      
Vlan1                      unassigned      YES unset  up                    up      
Vlan10                     192.168.10.1    YES manual up                    up      
Vlan20                     192.168.20.1    YES manual up                    up      
Vlan100                    192.168.100.1   YES manual up                    up      
sw3(config)#do show ip rout
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 11.0.0.1 to network 0.0.0.0

C    192.168.10.0/24 is directly connected, Vlan10
C    192.168.20.0/24 is directly connected, Vlan20
     11.0.0.0/24 is subnetted, 1 subnets
C       11.0.0.0 is directly connected, FastEthernet0/0
C    192.168.100.0/24 is directly connected, Vlan100
S*   0.0.0.0/0 [1/0] via 11.0.0.1
sw3(config)#

開始配置DHCP服務器

首先配置網卡

[root@localhost ~]# yum install dhcp* -y    '安裝'
[root@localhost ~]# rpm -q dhcp
dhcp-4.2.5-77.el7.centos.x86_64
[root@localhost ~]# hostname dhcp
[root@localhost ~]# su
[root@dhcp ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
    '修改網卡'
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"  '修改爲靜態'
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="0f432513-5d7a-455c-88b4-257a9a1dbb45"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.100.100  'ip地址'
NETMASK=255.255.255.0   '子網掩碼'
GATEWAY=192.168.100.1   '網關'
[root@dhcp ~]# systemctl restart network    '重啓網卡'
[root@dhcp ~]# ifconfig '驗證'
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.100.100  netmask 255.255.255.0  broadcast 192.168.100.255

[root@dhcp ~]# vim /etc/dhcp/dhc    
'打開dhcpd.conf，會發現是空的，不過讓我們去看/usr/share/doc/dhcp*/dhcpd.conf.example'
dhclient.d/            dhcpd6.conf            
dhclient-exit-hooks.d/ dhcpd.conf     
[root@dhcp ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf   '複製到/etc/dhcp/下'
cp：是否覆蓋"/etc/dhcp/dhcpd.conf"？ y    '覆蓋'
[root@dhcp ~]# vim /etc/dhcp/dhcpd.conf '百編輯'
option domain-name "example.org";       '域名'
option domain-name-servers 12.0.0.12;   '修改爲dns服務器IP'

default-lease-time 600;     '默認租約600s'
max-lease-time 7200;    '最大租約7200s'

subnet 192.168.10.0 netmask 255.255.255.0 {     
'網段                 子網掩碼'
  range 192.168.10.10 192.168.10.100;
  '範圍    '
  option routers 192.168.10.1;
  '指定網關 '
}

subnet 192.168.20.0 netmask 255.255.255.0 {
  range 192.168.20.20 192.168.20.200;
  option routers 192.168.20.1;
}

subnet 192.168.100.0 netmask 255.255.255.0 {
  range 192.168.100.10 192.168.100.200;
  option routers 192.168.100.1;
}

[root@dhcp ~]# systemctl start dhcpd    '開啓dhcpd服務'
[root@dhcp ~]# systemctl stop firewalld.service     '關掉防火牆'
[root@dhcp ~]# setenforce 0 '臨時關閉'
[root@dhcp ~]# netstat -natp | grep dhcp    '查看端口狀態'
[root@dhcp ~]# netstat -naup | grep dhcp
udp        0      0 0.0.0.0:67              0.0.0.0:*                           39158/dhcpd         
[root@dhcp ~]# 

兩臺客戶機的配置比較簡單，把獲取IP地址修改爲自動獲取

然後在CMD命令提示符中分別輸入ipconfig /release 釋放當前地址，ipconfig /renew 獲取新地址命令

3.內網設置完畢，接下來就開始配置外網

ISP#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
ISP(config)#int f0/0
ISP(config-if)#ip add 11.0.0.1 255.255.255.0
ISP(config-if)#no shut
ISP(config-if)#int f
*Mar  1 01:23:42.951: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar  1 01:23:43.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

ISP(config)#int f0/1                       
ISP(config-if)#ip add 12.0.0.1 255.255.255.0

ISP(config-if)#no shut
*Mar  1 01:24:27.779: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar  1 01:24:28.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
ISP(config-if)#exit

ISP(config)#ip route 192.168.0.0 255.255.0.0 11.0.0.11
'     網段彙總   '
ISP(config)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     11.0.0.0/24 is subnetted, 1 subnets
C       11.0.0.0 is directly connected, FastEthernet0/0
S    192.168.0.0/16 [1/0] via 11.0.0.11
     12.0.0.0/24 is subnetted, 1 subnets
C       12.0.0.0 is directly connected, FastEthernet0/1
ISP(config)#do show ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            11.0.0.1        YES manual up                    up      
FastEthernet0/1            12.0.0.1        YES manual up                    up         
ISP(config)#

配置DNS和HTTPD服務器

[root@localhost ~]# yum install httpd bind -y
[root@localhost ~]# rpm -q httpd bind
httpd-2.4.6-90.el7.centos.x86_64
bind-9.11.4-9.P2.el7.x86_64
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="8d222179-116b-41b5-8b47-0076ca1aeddb"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=12.0.0.12
NETMASK=255.255.255.0
GATEWAY=12.0.0.1

[root@localhost ~]# systemctl restart network

[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 12.0.0.12  netmask 255.255.255.0  broadcast 12.0.0.255
        inet6 fe80::e2c1:c26d:afa1:a4ad  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:52:4d:89  txqueuelen 1000  (Ethernet)
        RX packets 8232  bytes 10547854 (10.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3149  bytes 242681 (236.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# vim /etc/named.
named.conf           named.iscdlv.key     named.rfc1912.zones  named.root.key
[root@localhost ~]# vim /etc/named.conf '主配置文件'

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };

[root@localhost ~]# vim /etc/named.rfc1912.zones    
                        '區域配置文件'

zone "kgc.com" IN {
        type master;
        file "kgc.com.zone";        '區域數據配置文件'
        allow-update { none; };
};

[root@localhost ~]# cp -p /var/named/named.localhost /var/named/kgc.com.zone    '複製模板，重命名，保留權限'
[root@localhost ~]# vim /var/named/kgc.com.zone '區域數據配置文件'

$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
        AAAA    ::1
www     IN      A       12.0.0.12       '增加此處'

[root@localhost ~]# systemctl stop firewalld.service 
                    '關掉防火牆'
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl start named
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf  
                        '配置httpd'

 41 Listen 12.0.0.12:80 '監聽12.0.0.12的80端口'
 42 #Listen 80
。。。。。。
 95 ServerName www.kgc.com:80   '修改域名'

[root@localhost ~]# systemctl start httpd   '啓動'
[root@localhost ~]# 

測試

C:\Users\GSY>nslookup www.kgc.com
DNS request timed out.
    timeout was 2 seconds.
服務器:  UnKnown
Address:  12.0.0.12

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
名稱:    www.kgc.com
Address:  12.0.0.12

root@localhost ~]# cd /var/www/html '網頁'
[root@localhost html]# ls
[root@localhost html]# vim index.html   '創建新文件，代表首頁'

<hi> this is test web 爲了饅頭爭口氣</hi>

[root@localhost html]# systemctl restart httpd

刷新

小結：瞭解每個配置文件的具體位置，如何配置，配置的格式如何寫，每一條參數代表什麼，這些都是需要用心記