当前位置: 首页 > news >正文

零基础从头教学Linux(Day 37)

news 2025/9/19 6:31:09

DHCP服务

一、 概述

DHCP协议

Dynamic Host Configuration Protocol ,动态主机配置协议

作用:动态的进行IP地址分配

服务端的监听端口 67/udp

客户端监听端口 68/udp

网络架构 C/S:client/server

DHCP的优势

  • 提高配置效率

  • 减少配置错误

DHCP的分配方式

  • 手动分配:固定不变,工程师进行地址绑定

  • 自动分配:但是不进行地址回收

  • 动态分配:进行地址回收

应用场景

  • 更加准确的配置网络参数的情况下

  • 网络环境较大时

注意

同一个网络环境下不允许存在多个DHCP服务器

工作流程(背会)

1、当客户端配置为自动获得IP地址时,客户端发送discover广播包(发现),用来寻找网络中的DHCP服务器

2、假如网络存在DHCP服务器,此时服务器给出回应,向客户端发送Offer广播包(邀约),携带了IP地址的信息,询问客户端是否使用该IP地址

3、假如客户端使用上述IP地址,向服务端发送Request广播包(请求),并将请求信息写入到该包内。

4、服务端向客户端发送Ack广播包(确认),并确定IP地址的租约期。

何时更新租约

当租约期达到50%时

当客户端重启后

客户端直接发送Request包:

A、IP地址空闲 服务端直接回应Ack

B、IP地址被占用 服务端回应noAck 客户端需要将上述“工作流程”完整执行一遍

客户端类型

Linux DHCP服务器不存在,没有IP

Windows DHCP不存在,会启用备用IP地址 169.254.0.0/16 ~ 168.254.255.255/16

二、DCHP安装与配置

部署

基础环境

配置yum源

关闭防火墙及SElinux

[root@dhcpserver ~]# systemctl  stop  firewalld  && systemctl disable firewalld

查看SElinux状态

[root@dhcpserver ~]# getenforce
###设置宽容模式
[root@dhcpserver ~]# setenforce  0
###关闭SElinux,重启才能生效
[root@dhcpserver ~]# vim  /etc/selinux/config
SELINUX=enforcing  改为 SELINUX=disabled

配置静态IP

###关闭网络图形化工具
[root@dhcpserver ~]# systemctl  stop NetworkManager ; systemctl disable NetworkManager
[root@dhcpserver ~]# cd /etc/sysconfig/network-scripts/
[root@dhcpserver ~]# cp ifcfg-ens33 ifcfg-ens34
[root@dhcpserver ~]# cat ifcfg-ens34
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24
[root@dhcpserver ~]# systemctl restart network  
安装DHCP软件包
[root@localhost ~]# yum install -y dhcp-server

配置

配置文件存储路径 /etc/dhcp

默认配置文件副本路径 /usr/share/doc/dhcp-4.2.5/

数据文件存储路径 /var/lib/dhcpd

核心配置文件 /etc/dhcp/dhcpd.conf

[root@dhcpserver ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/
[root@dhcpserver ~]# cd /etc/dhcp/
[root@dhcpserver ~]# cp dhcpd.conf.example dhcpd.conf
[root@dhcpserver ~]# cat dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
​
# option definitions common to all supported networks...
option domain-name "example.org";    ##指定DNS服务器域名
option domain-name-servers ns1.example.org, ns2.example.org;  ##指定DNS服务器域名
​
default-lease-time 600;  ##默认租约。单位s
max-lease-time 7200; ##最大租约时间,单位s
​
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
​
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
​
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;  ##日志输出通道,交给syslog服务管理
​
# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.
#######每一个subnet都是一个分配地址段的定义######################
subnet 10.152.187.0 netmask 255.255.255.0 {
}
​
# This is a very basic subnet declaration.
​
subnet 10.254.239.0 netmask 255.255.255.224 {range 10.254.239.10 10.254.239.20;option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
​
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
​
subnet 10.254.239.32 netmask 255.255.255.224 {range dynamic-bootp 10.254.239.40 10.254.239.60;option broadcast-address 10.254.239.31;option routers rtr-239-32-1.example.org;
}
​
# A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 {range 10.5.5.26 10.5.5.30;  ##定义分配地址段的地址范围option domain-name-servers ns1.internal.example.org;option domain-name "internal.example.org";option routers 10.5.5.1;  ###定义分配的网关地址option broadcast-address 10.5.5.31; ###定义地址段的广播地址default-lease-time 600;max-lease-time 7200;
}
​
# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
######每一个host都是进行地址绑定的配置项###############
host passacaglia {hardware ethernet 0:0:c0:5d:bd:95;filename "vmunix.passacaglia";server-name "toccata.fugue.com";
}
​
# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
host fantasia {hardware ethernet 08:00:07:26:c0:a5;  ###固定分配地址的主机的MAC地址fixed-address fantasia.fugue.com;  ###需要进行分配的IP地址
}
​
# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
​
class "foo" {match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
​
shared-network 224-29 {subnet 10.17.224.0 netmask 255.255.255.0 {option routers rtr-224.example.org;}subnet 10.0.29.0 netmask 255.255.255.0 {option routers rtr-29.example.org;}pool {allow members of "foo";range 10.17.224.10 10.17.224.250;}pool {deny members of "foo";range 10.0.29.10 10.0.29.230;}
}
​
单一地址池的配置文件
[root@dhcpserver dhcp]# cat dhcpd.conf | grep -v "^#" | grep -v "^$"
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.100.0 netmask 255.255.255.0 {range 192.168.100.100 192.168.100.200;option domain-name-servers ns1.internal.example.org;option domain-name "internal.example.org";option routers 192.168.100.254;option broadcast-address 192.168.100.255;default-lease-time 600;max-lease-time 7200;
}
host passacaglia {hardware ethernet 0:0:c0:5d:bd:95;filename "vmunix.passacaglia";server-name "toccata.fugue.com";
}
host fantasia {hardware ethernet 08:00:07:26:c0:a5;fixed-address fantasia.fugue.com;
}
class "foo" {match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 224-29 {subnet 10.17.224.0 netmask 255.255.255.0 {option routers rtr-224.example.org;}subnet 10.0.29.0 netmask 255.255.255.0 {option routers rtr-29.example.org;}pool {allow members of "foo";range 10.17.224.10 10.17.224.250;}pool {deny members of "foo";range 10.0.29.10 10.0.29.230;}
}
###重启DHCP服务器
[root@dhcpserver dhcp]# systemctl restart dhcpd
###查看监听
[root@dhcpserver dhcp]# netstat -anptu | grep :67
udp        0      0 0.0.0.0:67              0.0.0.0:*                           28005/dhcpd
地址绑定配置文件
[root@dhcpserver dhcp]# cat dhcpd.conf | grep -v "^#" | grep -v "^$"
....省略.....
host s1 {hardware ethernet 00:0c:29:dd:24:41;fixed-address 192.168.100.110;
}
....省略.....
###重启DHCP服务器
[root@dhcpserver dhcp]# systemctl restart dhcpd
###查看监听
[root@dhcpserver dhcp]# netstat -anptu | grep :67
udp        0      0 0.0.0.0:67              0.0.0.0:*                           28005/dhcpd 
####客户端验证
[root@client ~]# ifdown ens34 ; ifup ens34
[root@client ~]# ip a
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:dd:24:41 brd ff:ff:ff:ff:ff:ffinet 192.168.100.110/24 brd 192.168.100.255 scope global noprefixroute dynamic ens34valid_lft 599sec preferred_lft 599secinet6 fe80::20c:29ff:fedd:2441/64 scope link valid_lft forever preferred_lft forever
多地址池配置
路由器配置
###安装dhcp软件,提供dhcrelay命令
[root@nginx1 ~]# yum install -y dhcp
##开启路由功能
[root@nginx1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@nginx1 ~]# sysctl -p
net.ipv4.ip_forward = 1
##分别对连接两个网络的网卡配置IP地址
[root@nginx1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens34 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.253
PREFIX=24
[root@nginx1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens37
TYPE=Ethernet
BOOTPROTO=static
NAME=ens37
DEVICE=ens37
ONBOOT=yes
IPADDR=192.168.200.253
PREFIX=24
##使用dhcrelay进行DHCP广播的中继转发
[root@nginx1 ~]# dhcrelay 192.168.100.254  
DHCP服务器配置
##DHCP分配地址配置文件,添加如下配置:
[root@dhcpserver dhcp]# vim dhcpd.conf
....省略.....
subnet 192.168.200.0 netmask 255.255.255.0 {
range 192.168.200.100 192.168.200.200;
option domain-name-servers ns1.internal.example.org;
option domain-name "internal.example.org";
option routers 192.168.200.253;
option broadcast-address 192.168.200.255;
default-lease-time 600;
max-lease-time 7200;} 
....省略.....
##重启DHCP服务器
[root@dhcpserver ~]# systemctl restart dhcpd
##设置DHCP服务器的网关
[root@dhcpserver ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens34 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24
GATEWAY=192.168.100.253
##验证网关
[root@dhcpserver ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.253 0.0.0.0         UG    103    0        0 ens34
客户端验证
[root@nginx2 ~]# ifdown ens34 ;ifup ens34
[root@nginx2 ~]# ifconfig ens34
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 192.168.200.100  netmask 255.255.255.0  broadcast 192.168.200.255inet6 fe80::20c:29ff:fe8a:4a83  prefixlen 64  scopeid 0x20<link>ether 00:0c:29:8a:4a:83  txqueuelen 1000  (Ethernet)RX packets 40  bytes 9956 (9.7 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 172  bytes 27844 (27.1 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

DHCP 服务故障排查详细步骤

一、基础检查流程

1. 服务状态检查

# 检查服务运行状态
systemctl status dhcpd  # ISC DHCP
systemctl status dhcpd6 # DHCPv6服务
systemctl status dnsmasq # 如果使用dnsmasq
​
# 检查服务日志
journalctl -u dhcpd --no-pager -n 50  # 最近50条日志
tail -n 100 /var/log/syslog | grep dhcp  # Debian/Ubuntu
tail -n 100 /var/log/messages | grep dhcp  # RHEL/CentOS

2. 网络接口检查

# 确认监听接口
ip addr show  # 检查接口是否启用
netstat -ulnp | grep dhcp  # 检查DHCP服务端口(67/UDP)
​
# 检查接口配置
cat /etc/default/isc-dhcp-server  # Debian/Ubuntu
cat /etc/sysconfig/dhcpd  # RHEL/CentOS

二、配置验证

1. 主配置文件检查

# 检查语法错误
dhcpd -t  # ISC DHCP
dhcpd -t -6  # DHCPv6配置检查
dnsmasq --test  # dnsmasq配置检查
​
# 检查租约文件
ls -l /var/lib/dhcp/dhcpd.leases  # 主租约文件

2. 配置文件关键点检查

  • 检查/etc/dhcp/dhcpd.conf中的:

    • subnet声明是否正确

    • range参数是否有效

    • option routersoption domain-name-servers

    • default-lease-timemax-lease-time

三、详细诊断方法

1. 调试模式启动

# ISC DHCP前台调试
dhcpd -d -f -cf /etc/dhcp/dhcpd.conf eth0
​
# dnsmasq调试模式
dnsmasq --no-daemon --log-dhcp --log-queries

2. 客户端测试矩阵

测试类型命令/方法预期结果
基础DHCP请求dhclient -v eth0获取有效IP地址
释放并重新获取dhclient -r eth0 && dhclient -v eth0成功释放并重新获取
指定服务器测试dhclient -s <DHCP服务器IP> eth0从指定服务器获取IP
IPv6地址获取dhclient -6 -v eth0获取IPv6地址
持久化租约检查cat /var/lib/dhclient/dhclient.leases查看历史租约记录

3. 常见错误代码分析

错误现象可能原因解决方案
客户端无响应网络连接问题检查物理连接和交换机端口
获取到169.254.x.x地址DHCP服务不可达检查服务状态和网络连通性
"no free leases"错误地址池耗尽扩大range范围或检查租约时间
获取到错误子网的IP错误的中继配置检查DHCP中继配置
重复IP分配地址冲突检查租约数据库和静态分配

四、高级诊断工具

1. 网络抓包分析

# 抓取DHCP流量
tcpdump -i eth0 -n port 67 or port 68 -w dhcp.pcap
tcpdump -n -r dhcp.pcap -v | grep -i "bootp"
​
# 详细解析
tshark -i eth0 -f "port 67 or port 68" -Y "bootp"

2. 服务性能分析

# 监控DHCP请求量
dhcp-lease-list  # 显示当前租约
dhcpd-pools -f /etc/dhcp/dhcpd.conf  # 地址池使用统计
​
# 压力测试
for i in {1..100}; do dhclient eth0 & done

3. 中继服务检查

# 检查中继服务状态
systemctl status dhcrelay
​
# 中继调试
dhcrelay -d -i eth1 -i eth2 192.168.1.10

五、常见问题解决方案

1. 客户端无法获取IP

  • 检查

    # 服务端检查
netstat -ulnp | grep dhcp
dhcpd -t
​
# 客户端检查
dhclient -v eth0

  • 解决

    • 确认服务监听正确接口

    • 检查防火墙规则(67/UDP入站,68/UDP出站)

    • 验证子网配置

2. IP地址池耗尽

  • 检查

    grep "lease" /var/lib/dhcp/dhcpd.leases | wc -l
dhcpd-pools -f /etc/dhcp/dhcpd.conf

  • 解决

    • 扩大range范围

    • 调整default-lease-time(默认值86400秒)

    • 清理旧租约:echo "" > /var/lib/dhcp/dhcpd.leases

3. DHCP中继不工作

  • 检查

    tcpdump -i eth0 -n port 67 or port 68
cat /etc/default/isc-dhcp-relay  # 中继配置

  • 解决

    • 确认中继指向正确的DHCP服务器

    • 检查中继服务的接口配置

    • 验证网络设备(交换机/路由器)的中继配置

4. 静态分配失效

  • 检查

    grep "host " /etc/dhcp/dhcpd.conf
grep "hardware ethernet" /var/lib/dhcp/dhcpd.leases

  • 解决

    • 确认MAC地址输入正确

    • 检查fixed-address是否在子网范围内

    • 验证主机声明是否在正确的作用域内

六、维护检查清单

  1. 日常检查

    # 检查服务状态
systemctl status dhcpd
​
# 检查地址池使用率
dhcpd-pools -f /etc/dhcp/dhcpd.conf
​
# 检查错误日志
grep -i error /var/log/syslog | grep dhcp

  2. 每月维护

    • 备份配置:tar czvf /backup/dhcp_$(date +%F).tar.gz /etc/dhcp /var/lib/dhcp

    • 检查租约文件大小:ls -lh /var/lib/dhcp/dhcpd.leases

    • 更新软件包:yum update dhcpapt upgrade isc-dhcp-server

  3. 应急工具包

    # 快速重启服务
systemctl restart dhcpd
​
# 临时增加调试
dhcpd -d -f -cf /etc/dhcp/dhcpd.conf eth0
​
# 释放所有租约(紧急情况)
echo "" > /var/lib/dhcp/dhcpd.leases

通过以上系统化的排查步骤,可以快速定位和解决DHCP服务遇到的大多数问题。建议配合网络监控系统,对DHCP DISCOVER/OFFER/REQUEST/ACK等报文进行监控,提前发现潜在问题。

http://www.dtcms.com/a/389231.html

相关文章:

  • ADB 在嵌入式 Linux 系统调试中的应用
  • 7HTMLCSS高级
  • 玩游戏/用设计软件提示d3dcompiler_47.dll缺失怎么修复?5步快速定位问题,高效修复不踩坑
  • HTML应用指南:利用GET请求获取全国宝马授权经销商门店位置信息
  • 《Java网络编程》第一章:基本网络概念
  • Python内存机制全解析:从基础到高级应用
  • Ubuntu24修改ssh端口
  • hadoop实现一个序列化案例
  • DBG数据库加密网关实现mySQL敏感数据动态脱敏与加密全攻略
  • 解决 Vue SPA 刷新导致 404 的问题
  • 大型语言模型 (LLMs) 的演进历程:从架构革命到智能涌现
  • 大语言模型为什么要叫【模型】
  • 教程上新丨ACL机器翻译大赛30个语种摘冠,腾讯Hunyuan-MT-7B支持33种语言翻译
  • 《C++程序设计》笔记
  • NVR接入录像回放平台EasyCVR海康设备视频平台视频监控系统常见故障与排查全解析
  • 半导体制造常提到的Fan-Out晶圆级封装是什么?
  • Qt 系统相关 - 文件
  • P2242 公路维修问题
  • 安装wsl
  • 牛客多校04C :Computational Geometry Problem(p-Dyck路计数)
  • CMake+visual studio 2022 +qt6 , 从Linux平台移植到windows下平台开发
  • 大模型系列——Playwright MCP 可以复用 Chrome 登录态了
  • 三星S25 Edge 与iPhone 17 Air:最新对比
  • 电脑怎么连接wifi?【图文详解】笔记本电脑怎么连接无线wifi?笔记本电脑连不上wifi怎么办?
  • 设计模式-代理模式详解
  • 怎样让AI图生3D更加高质高效
  • Java 集合框架 Set 接口:实现类的底层数据结构与核心特点
  • 【大模型】使用Qwen-VL大模型进行验证码识别的完整指南
  • 深度学习体系化入门:从理论到实践的完整框架
  • 餐饮行业系统集成分享:OMS 订单数据推送ERP 核算