一、 概述

DHCP協議

Dynamic Host Configuration Protocol ，動態主機配置協議

作用：動態的進行IP地址分配

服務端的監聽端口 67/udp

客戶端監聽端口 68/udp

網絡架構 C/S：client/server

DHCP的優勢

• 提高配置效率

• 減少配置錯誤

DHCP的分配方式

• 手動分配：固定不變，工程師進行地址綁定

• 自動分配：但是不進行地址回收

• 動態分配：進行地址回收

應用場景

• 更加準確的配置網絡參數的情況下

• 網絡環境較大時

注意

同一個網絡環境下不允許存在多個DHCP服務器

工作流程（背會）

1、當客戶端配置為自動獲得IP地址時，客戶端發送discover廣播包（發現），用來尋找網絡中的DHCP服務器

2、假如網絡存在DHCP服務器，此時服務器給出回應，向客戶端發送Offer廣播包（邀約），攜帶了IP地址的信息，詢問客戶端是否使用該IP地址

3、假如客戶端使用上述IP地址，向服務端發送Request廣播包（請求），并將請求信息寫入到該包內。

4、服務端向客戶端發送Ack廣播包（確認），并確定IP地址的租約期。

何時更新租約

當租約期達到50%時

當客戶端重啟后

客戶端直接發送Request包：

A、IP地址空閑 服務端直接回應Ack

B、IP地址被占用 服務端回應noAck 客戶端需要將上述“工作流程”完整執行一遍

客戶端類型

Linux DHCP服務器不存在，沒有IP

Windows DHCP不存在，會啟用備用IP地址 169.254.0.0/16 ~ 168.254.255.255/16

二、DCHP安裝與配置

部署

基礎環境

配置yum源

關閉防火墻及SElinux

[root@dhcpserver ~]# systemctl  stop  firewalld  && systemctl disable firewalld

查看SElinux狀態

[root@dhcpserver ~]# getenforce
###設置寬容模式
[root@dhcpserver ~]# setenforce  0
###關閉SElinux，重啟才能生效
[root@dhcpserver ~]# vim  /etc/selinux/config
SELINUX=enforcing  改為 SELINUX=disabled

配置靜態IP

###關閉網絡圖形化工具
[root@dhcpserver ~]# systemctl  stop NetworkManager ; systemctl disable NetworkManager
[root@dhcpserver ~]# cd /etc/sysconfig/network-scripts/
[root@dhcpserver ~]# cp ifcfg-ens33 ifcfg-ens34
[root@dhcpserver ~]# cat ifcfg-ens34
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24
[root@dhcpserver ~]# systemctl restart network 

安裝DHCP軟件包

[root@localhost ~]# yum install -y dhcp-server

配置

配置文件存儲路徑 /etc/dhcp

默認配置文件副本路徑 /usr/share/doc/dhcp-4.2.5/

數據文件存儲路徑 /var/lib/dhcpd

核心配置文件 /etc/dhcp/dhcpd.conf

[root@dhcpserver ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/
[root@dhcpserver ~]# cd /etc/dhcp/
[root@dhcpserver ~]# cp dhcpd.conf.example dhcpd.conf
[root@dhcpserver ~]# cat dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
## option definitions common to all supported networks...
option domain-name "example.org";    ##指定DNS服務器域名
option domain-name-servers ns1.example.org, ns2.example.org;  ##指定DNS服務器域名default-lease-time 600;  ##默認租約。單位s
max-lease-time 7200; ##最大租約時間，單位s# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;  ##日志輸出通道，交給syslog服務管理# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.
#######每一個subnet都是一個分配地址段的定義######################
subnet 10.152.187.0 netmask 255.255.255.0 {
}# This is a very basic subnet declaration.subnet 10.254.239.0 netmask 255.255.255.224 {range 10.254.239.10 10.254.239.20;option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.subnet 10.254.239.32 netmask 255.255.255.224 {range dynamic-bootp 10.254.239.40 10.254.239.60;option broadcast-address 10.254.239.31;option routers rtr-239-32-1.example.org;
}# A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 {range 10.5.5.26 10.5.5.30;  ##定義分配地址段的地址范圍option domain-name-servers ns1.internal.example.org;option domain-name "internal.example.org";option routers 10.5.5.1;  ###定義分配的網關地址option broadcast-address 10.5.5.31; ###定義地址段的廣播地址default-lease-time 600;max-lease-time 7200;
}# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
######每一個host都是進行地址綁定的配置項###############
host passacaglia {hardware ethernet 0:0:c0:5d:bd:95;filename "vmunix.passacaglia";server-name "toccata.fugue.com";
}# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
host fantasia {hardware ethernet 08:00:07:26:c0:a5;  ###固定分配地址的主機的MAC地址fixed-address fantasia.fugue.com;  ###需要進行分配的IP地址
}# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.class "foo" {match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}shared-network 224-29 {subnet 10.17.224.0 netmask 255.255.255.0 {option routers rtr-224.example.org;}subnet 10.0.29.0 netmask 255.255.255.0 {option routers rtr-29.example.org;}pool {allow members of "foo";range 10.17.224.10 10.17.224.250;}pool {deny members of "foo";range 10.0.29.10 10.0.29.230;}
}

單一地址池的配置文件

[root@dhcpserver dhcp]# cat dhcpd.conf | grep -v "^#" | grep -v "^$"
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.100.0 netmask 255.255.255.0 {range 192.168.100.100 192.168.100.200;option domain-name-servers ns1.internal.example.org;option domain-name "internal.example.org";option routers 192.168.100.254;option broadcast-address 192.168.100.255;default-lease-time 600;max-lease-time 7200;
}
host passacaglia {hardware ethernet 0:0:c0:5d:bd:95;filename "vmunix.passacaglia";server-name "toccata.fugue.com";
}
host fantasia {hardware ethernet 08:00:07:26:c0:a5;fixed-address fantasia.fugue.com;
}
class "foo" {match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 224-29 {subnet 10.17.224.0 netmask 255.255.255.0 {option routers rtr-224.example.org;}subnet 10.0.29.0 netmask 255.255.255.0 {option routers rtr-29.example.org;}pool {allow members of "foo";range 10.17.224.10 10.17.224.250;}pool {deny members of "foo";range 10.0.29.10 10.0.29.230;}
}
###重啟DHCP服務器
[root@dhcpserver dhcp]# systemctl restart dhcpd
###查看監聽
[root@dhcpserver dhcp]# netstat -anptu | grep :67
udp        0      0 0.0.0.0:67              0.0.0.0:*                           28005/dhcpd 

地址綁定配置文件

[root@dhcpserver dhcp]# cat dhcpd.conf | grep -v "^#" | grep -v "^$"
....省略.....
host s1 {hardware ethernet 00:0c:29:dd:24:41;fixed-address 192.168.100.110;
}
....省略.....
###重啟DHCP服務器
[root@dhcpserver dhcp]# systemctl restart dhcpd
###查看監聽
[root@dhcpserver dhcp]# netstat -anptu | grep :67
udp        0      0 0.0.0.0:67              0.0.0.0:*                           28005/dhcpd 
####客戶端驗證
[root@client ~]# ifdown ens34 ; ifup ens34
[root@client ~]# ip a
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:dd:24:41 brd ff:ff:ff:ff:ff:ffinet 192.168.100.110/24 brd 192.168.100.255 scope global noprefixroute dynamic ens34valid_lft 599sec preferred_lft 599secinet6 fe80::20c:29ff:fedd:2441/64 scope link valid_lft forever preferred_lft forever

多地址池配置

路由器配置

###安裝dhcp軟件，提供dhcrelay命令
[root@nginx1 ~]# yum install -y dhcp
##開啟路由功能
[root@nginx1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@nginx1 ~]# sysctl -p
net.ipv4.ip_forward = 1
##分別對連接兩個網絡的網卡配置IP地址
[root@nginx1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens34 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.253
PREFIX=24
[root@nginx1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens37
TYPE=Ethernet
BOOTPROTO=static
NAME=ens37
DEVICE=ens37
ONBOOT=yes
IPADDR=192.168.200.253
PREFIX=24
##使用dhcrelay進行DHCP廣播的中繼轉發
[root@nginx1 ~]# dhcrelay 192.168.100.254  

DHCP服務器配置

##DHCP分配地址配置文件，添加如下配置：
[root@dhcpserver dhcp]# vim dhcpd.conf
....省略.....
subnet 192.168.200.0 netmask 255.255.255.0 {
range 192.168.200.100 192.168.200.200;
option domain-name-servers ns1.internal.example.org;
option domain-name "internal.example.org";
option routers 192.168.200.253;
option broadcast-address 192.168.200.255;
default-lease-time 600;
max-lease-time 7200;} 
....省略.....
##重啟DHCP服務器
[root@dhcpserver ~]# systemctl restart dhcpd
##設置DHCP服務器的網關
[root@dhcpserver ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens34 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24
GATEWAY=192.168.100.253
##驗證網關
[root@dhcpserver ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.253 0.0.0.0         UG    103    0        0 ens34

客戶端驗證

[root@nginx2 ~]# ifdown ens34 ;ifup ens34
[root@nginx2 ~]# ifconfig ens34
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 192.168.200.100  netmask 255.255.255.0  broadcast 192.168.200.255inet6 fe80::20c:29ff:fe8a:4a83  prefixlen 64  scopeid 0x20<link>ether 00:0c:29:8a:4a:83  txqueuelen 1000  (Ethernet)RX packets 40  bytes 9956 (9.7 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 172  bytes 27844 (27.1 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

三、常見故障

1. 服務啟動異常，排查配置文件，特別注意修改的位置！！！
2. 地址參數分配異常，排查網絡連接情況，再排查subnet字段！！！