Linux系统网络服务之DCHP服务

目录

一、 概述

DHCP协议

DHCP的优势

DHCP的分配方式

应用场景

注意

工作流程（背会）

何时更新租约

当客户端重启后

客户端类型

二、DCHP安装与配置

部署

基础环境

安装DHCP软件包

配置

单一地址池的配置文件

地址绑定配置文件

多地址池配置

路由器配置

DHCP服务器配置

客户端验证

三、实战演练

四、常见故障

用脚本来实现以上实战要求

1.关闭防火墙，关闭SELinux，配置IP地址

2. 配置DHCP

1.首先配置内部网卡地址

2.安装DHCP服务​编辑 

3.接下来进入dhcpd.conf文件进行配置

4.然后将该文件复制到当前目录，并覆盖dhcpd.conf

5.进入配置文件，将不完整的字段注释掉，只修改完整的字段（注意用分号隔开字段）

​编辑

6.接下来配置同一网卡的硬件地址，进行绑定，并分配一个固定的IP地址

​编辑

一、 概述

DHCP协议

Dynamic Host Configuration Protocol ，动态主机配置协议

作用：动态的进行IP地址分配

服务端的监听端口 67/udp

客户端监听端口 68/udp

网络架构 C/S：client/server

DHCP的优势

• 提高配置效率

• 减少配置错误

DHCP的分配方式

• 手动分配：固定不变，工程师进行地址绑定

• 自动分配：但是不进行地址回收

• 动态分配：进行地址回收

应用场景

• 更加准确的配置网络参数的情况下

• 网络环境较大时

注意

同一个网络环境下不允许存在多个DHCP服务器

工作流程（背会）

1、当客户端配置为自动获得IP地址时，客户端发送discover广播包（发现），用来寻找网络中的DHCP服务器

2、假如网络存在DHCP服务器，此时服务器给出回应，向客户端发送Offer广播包（邀约），携带了IP地址的信息，询问客户端是否使用该IP地址

3、假如客户端使用上述IP地址，向服务端发送Request广播包（请求），并将请求信息写入到该包内。

4、服务端向客户端发送Ack广播包（确认），并确定IP地址的租约期。

何时更新租约

当租约期达到50%时

当客户端重启后

客户端直接发送Request包：

A、IP地址空闲 服务端直接回应Ack

B、IP地址被占用 服务端回应noAck 客户端需要将上述“工作流程”完整执行一遍

客户端类型

Linux DHCP服务器不存在，没有IP

Windows DHCP不存在，会启用备用IP地址 169.254.0.0/16 ~ 168.254.255.255/16

二、DCHP安装与配置

部署

基础环境

配置yum源

关闭防火墙及SElinux

[root@dhcpserver ~]# systemctl  stop  firewalld  && systemctl disable firewalld

查看SElinux状态

[root@dhcpserver ~]# getenforce
###设置宽容模式
[root@dhcpserver ~]# setenforce  0
###关闭SElinux，重启才能生效
[root@dhcpserver ~]# vim  /etc/selinux/config
SELINUX=enforcing  改为 SELINUX=disabled

配置静态IP

###关闭网络图形化工具
[root@dhcpserver ~]# systemctl  stop NetworkManager ; systemctl disable NetworkManager
[root@dhcpserver ~]# cd /etc/sysconfig/network-scripts/
[root@dhcpserver ~]# cp ifcfg-ens33 ifcfg-ens34
[root@dhcpserver ~]# cat ifcfg-ens34
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24
[root@dhcpserver ~]# systemctl restart network  

安装DHCP软件包

[root@localhost ~]# yum install -y dhcp-server

配置

配置文件存储路径 /etc/dhcp

默认配置文件副本路径 /usr/share/doc/dhcp-4.2.5/

数据文件存储路径 /var/lib/dhcpd

核心配置文件 /etc/dhcp/dhcpd.conf

[root@dhcpserver ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/
[root@dhcpserver ~]# cd /etc/dhcp/
[root@dhcpserver ~]# cp dhcpd.conf.example dhcpd.conf
[root@dhcpserver ~]# cat dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
​
# option definitions common to all supported networks...
option domain-name "example.org";    ##指定DNS服务器域名
option domain-name-servers ns1.example.org, ns2.example.org;  ##指定DNS服务器域名
​
default-lease-time 600;  ##默认租约。单位s
max-lease-time 7200; ##最大租约时间，单位s
​
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
​
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
​
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;  ##日志输出通道，交给syslog服务管理
​
# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.
#######每一个subnet都是一个分配地址段的定义######################
subnet 10.152.187.0 netmask 255.255.255.0 {
}
​
# This is a very basic subnet declaration.
​
subnet 10.254.239.0 netmask 255.255.255.224 {range 10.254.239.10 10.254.239.20;option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
​
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
​
subnet 10.254.239.32 netmask 255.255.255.224 {range dynamic-bootp 10.254.239.40 10.254.239.60;option broadcast-address 10.254.239.31;option routers rtr-239-32-1.example.org;
}
​
# A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 {range 10.5.5.26 10.5.5.30;  ##定义分配地址段的地址范围option domain-name-servers ns1.internal.example.org;option domain-name "internal.example.org";option routers 10.5.5.1;  ###定义分配的网关地址option broadcast-address 10.5.5.31; ###定义地址段的广播地址default-lease-time 600;max-lease-time 7200;
}
​
# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
######每一个host都是进行地址绑定的配置项###############
host passacaglia {hardware ethernet 0:0:c0:5d:bd:95;filename "vmunix.passacaglia";server-name "toccata.fugue.com";
}
​
# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
host fantasia {hardware ethernet 08:00:07:26:c0:a5;  ###固定分配地址的主机的MAC地址fixed-address fantasia.fugue.com;  ###需要进行分配的IP地址
}
​
# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
​
class "foo" {match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
​
shared-network 224-29 {subnet 10.17.224.0 netmask 255.255.255.0 {option routers rtr-224.example.org;}subnet 10.0.29.0 netmask 255.255.255.0 {option routers rtr-29.example.org;}pool {allow members of "foo";range 10.17.224.10 10.17.224.250;}pool {deny members of "foo";range 10.0.29.10 10.0.29.230;}
}

单一地址池的配置文件

[root@dhcpserver dhcp]# cat dhcpd.conf | grep -v "^#" | grep -v "^$"
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.100.0 netmask 255.255.255.0 {range 192.168.100.100 192.168.100.200;option domain-name-servers ns1.internal.example.org;option domain-name "internal.example.org";option routers 192.168.100.254;option broadcast-address 192.168.100.255;default-lease-time 600;max-lease-time 7200;
}
host passacaglia {hardware ethernet 0:0:c0:5d:bd:95;filename "vmunix.passacaglia";server-name "toccata.fugue.com";
}
host fantasia {hardware ethernet 08:00:07:26:c0:a5;fixed-address fantasia.fugue.com;
}
class "foo" {match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 224-29 {subnet 10.17.224.0 netmask 255.255.255.0 {option routers rtr-224.example.org;}subnet 10.0.29.0 netmask 255.255.255.0 {option routers rtr-29.example.org;}pool {allow members of "foo";range 10.17.224.10 10.17.224.250;}pool {deny members of "foo";range 10.0.29.10 10.0.29.230;}
}
###重启DHCP服务器
[root@dhcpserver dhcp]# systemctl restart dhcpd
###查看监听
[root@dhcpserver dhcp]# netstat -anptu | grep :67
udp        0      0 0.0.0.0:67              0.0.0.0:*                           28005/dhcpd 

地址绑定配置文件

[root@dhcpserver dhcp]# cat dhcpd.conf | grep -v "^#" | grep -v "^$"
....省略.....
host s1 {hardware ethernet 00:0c:29:dd:24:41;fixed-address 192.168.100.110;
}
....省略.....
###重启DHCP服务器
[root@dhcpserver dhcp]# systemctl restart dhcpd
###查看监听
[root@dhcpserver dhcp]# netstat -anptu | grep :67
udp        0      0 0.0.0.0:67              0.0.0.0:*                           28005/dhcpd 
####客户端验证
[root@client ~]# ifdown ens34 ; ifup ens34
[root@client ~]# ip a
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:dd:24:41 brd ff:ff:ff:ff:ff:ffinet 192.168.100.110/24 brd 192.168.100.255 scope global noprefixroute dynamic ens34valid_lft 599sec preferred_lft 599secinet6 fe80::20c:29ff:fedd:2441/64 scope link valid_lft forever preferred_lft forever

多地址池配置

路由器配置

###安装dhcp软件，提供dhcrelay命令
[root@nginx1 ~]# yum install -y dhcp
##开启路由功能
[root@nginx1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@nginx1 ~]# sysctl -p
net.ipv4.ip_forward = 1
##分别对连接两个网络的网卡配置IP地址
[root@nginx1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens34 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.253
PREFIX=24
[root@nginx1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens37
TYPE=Ethernet
BOOTPROTO=static
NAME=ens37
DEVICE=ens37
ONBOOT=yes
IPADDR=192.168.200.253
PREFIX=24
##使用dhcrelay进行DHCP广播的中继转发
[root@nginx1 ~]# dhcrelay 192.168.100.254  

DHCP服务器配置

##DHCP分配地址配置文件，添加如下配置：
[root@dhcpserver dhcp]# vim dhcpd.conf
....省略.....
subnet 192.168.200.0 netmask 255.255.255.0 {
range 192.168.200.100 192.168.200.200;
option domain-name-servers ns1.internal.example.org;
option domain-name "internal.example.org";
option routers 192.168.200.253;
option broadcast-address 192.168.200.255;
default-lease-time 600;
max-lease-time 7200;} 
....省略.....
##重启DHCP服务器
[root@dhcpserver ~]# systemctl restart dhcpd
##设置DHCP服务器的网关
[root@dhcpserver ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens34 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24
GATEWAY=192.168.100.253
##验证网关
[root@dhcpserver ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.253 0.0.0.0         UG    103    0        0 ens34

客户端验证

[root@nginx2 ~]# ifdown ens34 ;ifup ens34
[root@nginx2 ~]# ifconfig ens34
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 192.168.200.100  netmask 255.255.255.0  broadcast 192.168.200.255inet6 fe80::20c:29ff:fe8a:4a83  prefixlen 64  scopeid 0x20<link>ether 00:0c:29:8a:4a:83  txqueuelen 1000  (Ethernet)RX packets 40  bytes 9956 (9.7 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 172  bytes 27844 (27.1 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

三、实战演练

实战拓扑：

实战要求

1. DHCP服务器能够为两个网络分别分配IP地址。
2. 内部客户机设置为固定获得某一个IP地址。

四、常见故障

1. 服务启动异常，排查配置文件，特别注意修改的位置！！！
2. 地址参数分配异常，排查网络连接情况，再排查subnet字段！！！

用脚本来实现以上实战要求

1.关闭防火墙，关闭SELinux，配置IP地址

#!/bin/bash
##关闭防火墙
if systemctl status firewalld
thensystemctl disabled --now firewalld
elseecho "防火墙已经关闭"
fi
iptables -F
##关闭SELinux
if [ `getenforce` == 'Disabled' ]
thenecho "SELinux已经关闭"
elsesetenforce 0sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
fi
##配置IP地址
nics=`ip a | awk -F: '/ens/{print $2}' | grep -v "^$" | tr -d ' '`
echo -e "当前系统中可供配置的网卡有：\n$nics"
while true
do
read -p "请输入要配置的网卡名称：" nic
if ! [[ $nics =~ $nic ]]
thencontinue
fi
read -p "请输入配置网络参数的方式（dhcp|static）：" tp
if [ $tp == 'dhcp' ]
then
echo "TYPE=Ethernet
BOOTPROTO=$tp
NAME=$nic
DEVICE=$nic
ONBOOT=yes"> /etc/sysconfig/network-scripts/ifcfg-$nic
ifdown $nic ; ifup $nic
elif [ $tp == 'static' ]
thenread -p "输入IP地址：" ipread -p "输入子网掩码：" maskread -p "输入网关：" gwread -p "输入dns：" dns
echo "TYPE=Ethernet
BOOTPROTO=static
NAME=$nic
DEVICE=$nic
ONBOOT=yes
IPADDR=$ip
PREFIX=$mask
GATEWAY=$gw
DNS1=$dns" > /etc/sysconfig/network-scripts/ifcfg-$nic
ifdown $nic ; ifup $nic
elseecho "输入错误"exit
fi
done

2. 配置DHCP

#!/bin/bash
config_dhcp(){
echo "subnet 192.168.100.0 netmask 255.255.255.0 {range 192.168.100.2 192.168.100.253;option domain-name-servers ns1.internal.example.org;option domain-name "internal.example.org";option routers 192.168.100.254;option broadcast-address 192.168.100.255;default-lease-time 600;max-lease-time 7200;
}       
host fantasia {hardware ethernet 08:00:07:26:c0:a5;fixed-address 192.168.100.100;
}" > /etc/dhcp/dhcpd.conf
systemctl enable --now dhcpd
}
if  ! rpm -q dhcp
thenconfig_dhcp
elseyum install -y dhcpconfig_dhcp
fi

1.首先配置内部网卡地址

2.安装DHCP服务 

3.接下来进入dhcpd.conf文件进行配置

 会给出一个路径，将这个路径拷贝出来

4.然后将该文件复制到当前目录，并覆盖dhcpd.conf

5.进入配置文件，将不完整的字段注释掉，只修改完整的字段（注意用分号隔开字段）

6.接下来配置同一网卡的硬件地址，进行绑定，并分配一个固定的IP地址

 注意dchp配置文件中硬件地址与另一个主机中的硬件地址保持一致

设置dhcpd服务开机自启并现在立即启动