文章目录
一、安装DHCP服务
1、联网情况下使用yum进行安装
#yum安装
yum -y install dhcp
yum -y install dhcp-common
[root@centos-01 ~]# rpm -q dhcp
dhcp-4.2.5-79.el7.centos.x86_64
[root@centos-01 ~]# rpm -q dhcp-common
dhcp-common-4.2.5-79.el7.centos.x86_64
#如果无网络
2、修改yum源为本地光盘进行yum安装
#创建光盘挂载目录并挂载光盘镜像
[root@centos-01 ~]# mkdir /mnt/cdrom && mount /dev/cdrom /mnt/cdrom
mount: /dev/sr0 写保护,将以只读方式挂载
#备份yum源
[root@centos-01 ~]# mkdir /etc/yum.repos.d/bak && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
#创建本地源
[root@centos-01 ~]# vi /etc/yum.repos.d/local.repo
[root@centos-01 ~]# cat /etc/yum.repos.d/local.repo
[LocalRepo]
name=LocalRepository
baseurl=file:///mnt/cdrom
enabled=1
gpgcheck=1
gpgkey=file:///mnt/cdrom/RPM-GPG-KEY-CentOS-7
#yum 把下载的软件包和duheader存储在cache中,而不会自动删除,之前通过yum安装过dhcp这里先清理下
[root@centos-01 ~]# yum clean all
已加载插件:fastestmirror
正在清理软件源: LocalRepo
Cleaning up list of fastest mirrors
Other repos take up 55 M of disk space (use --verbose for details)
[root@centos-01 ~]# yum list all #验证下
#安装dhcp服务
[root@centos-01 ~]# yum -y install dhcp
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
正在解决依赖关系
--> 正在检查事务
---> 软件包 dhcp.x86_64.12.4.2.5-79.el7.centos 将被 安装
--> 解决依赖关系完成
#...省略输出
完毕!
[root@centos-01 ~]# rpm -q dhcp
dhcp-4.2.5-79.el7.centos.x86_64
[root@centos-01 ~]# rpm -q dhcp-common
dhcp-common-4.2.5-79.el7.centos.x86_64
二、配置DHCP服务
DHCP服务比较特殊,如果不先对DHCP服务进行配置是该服务是无法启动的。
[root@centos-01 ~]# systemctl start dhcpd
Job for dhcpd.service failed because the control process exited with error code. See "systemctl status dhcpd.service" and "journalctl -xe" for details.
[root@centos-01 ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example #DHCP服务配置的模板文件
# see dhcpd.conf(5) man page
2.1 dhcp服务配置文件模板
#默认配置文件模板
[root@centos-01 ~]# cat /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "example.org"; //作用域名
option domain-name-servers ns1.example.org, ns2.example.org; //DNS
default-lease-time 600; //默认租约时间
max-lease-time 7200; //最大租约时间
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
subnet 10.152.187.0 netmask 255.255.255.0 {
} //声明网络拓扑
# This is a very basic subnet declaration.
subnet 10.254.239.0 netmask 255.255.255.224 {
range 10.254.239.10 10.254.239.20;
option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
subnet 10.254.239.32 netmask 255.255.255.224 {
range dynamic-bootp 10.254.239.40 10.254.239.60;
option broadcast-address 10.254.239.31;
option routers rtr-239-32-1.example.org;
}
# A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 { //作用域网段
range 10.5.5.26 10.5.5.30; //地址池范围
option domain-name-servers ns1.internal.example.org; //DNS
option domain-name "internal.example.org"; //作用域名
option routers 10.5.5.1; //网关,Ser上面配置的网关和此网关要一致
option broadcast-address 10.5.5.31; //广播地址
default-lease-time 600; //默认租约时间
max-lease-time 7200; //最大租约时间
} //创建一个子网地址池
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
host passacaglia {
hardware ethernet 0:0:c0:5d:bd:95;
filename "vmunix.passacaglia";
server-name "toccata.fugue.com";
}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address fantasia.fugue.com;
}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 224-29 {
subnet 10.17.224.0 netmask 255.255.255.0 {
option routers rtr-224.example.org;
}
subnet 10.0.29.0 netmask 255.255.255.0 {
option routers rtr-29.example.org;
}
pool {
allow members of "foo";
range 10.17.224.10 10.17.224.250;
}
pool {
deny members of "foo";
range 10.0.29.10 10.0.29.230;
}
}
2.2 配置dhcp服务
[root@centos-01 ~]# cat /etc/dhcp/dhcpd.conf
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.64.0 netmask 255.255.255.0 {
range 192.168.64.0 192.168.64.254;
option domain-name "admin.com";
option domain-name-servers 223.5.5.5;
option routers 192.168.64.2;
option broadcast-address 192.168.64.255;
default-lease-time 600;
max-lease-time 3600;
}
#注意DHCP服务器配置中必须有一个subnet和当前服务器处于同一网段
#关闭iptables和SELinux
[root@centos-01 ~]# systemctl stop firewalld #临时关闭iptables
[root@centos-01 ~]# sudo systemctl disable firewalld.service #禁止开机启动
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@centos-01 ~]# sudo setenforce 0 #临时关闭selinux
[root@centos-01 ~]# getenforce
Permissive
[root@centos-01 ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config #禁止selinux开机启动
[root@centos-01 ~]# grep SELINUX=disabled /etc/selinux/config
SELINUX=disabled
[root@centos-01 ~]# shutdown -r now
[root@centos-01 ~]# sestatus
SELinux status: disabled #禁止selinux开机启动成功
2.3 启动DHCP服务并验证
在启动DHCP服务之前先查看下另一台主机是否可以获取到IP地址。
启动DHCP服务。
[root@centos-01 ~]# systemctl start dhcpd
#设置dhcp服务器开机自启动
[root@centos-01 ~]# systemctl enable dhcpd
Created symlink from /etc/systemd/system/multi-user.target.wants/dhcpd.service to /usr/lib/systemd/system/dhcpd.service.
查看客户端是否获取到IP地址。
[root@centos-01 ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.2.5
server-duid "\000\001\000\001&\223Z\242\000\014)CA\331";
lease 192.168.64.128 {
starts 6 2020/07/04 15:21:09;
ends 6 2020/07/04 15:31:09;
cltt 6 2020/07/04 15:21:09;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:0c:29:3b:eb:ed;
client-hostname "centos-02";
}
三、DHCP服务器MAC地址绑定
我们可以看到现在客户机获取到的IP地址是192.168.64.128,如果我们想要为客户机指定分配一个固定的IP地址,就需要在DHCP服务器中配置MAC地址绑定.
#客户机DHCP信息
[root@centos-01 ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.2.5
lease 192.168.64.128 {
starts 0 2020/07/05 13:20:51;
ends 0 2020/07/05 13:30:51;
tstp 0 2020/07/05 13:30:51;
cltt 0 2020/07/05 13:20:51;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:0c:29:3b:eb:ed;
client-hostname "centos-02";
}
server-duid "\000\001\000\001&\223Z\242\000\014)CA\331";
#设置DHCP服务MAC地址绑定
[root@centos-01 ~]# cat /etc/dhcp/dhcpd.conf
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.64.0 netmask 255.255.255.0 {
range 192.168.64.0 192.168.64.254;
option domain-name "admin.com";
option domain-name-servers 223.5.5.5;
option routers 192.168.64.2;
option broadcast-address 192.168.64.255;
default-lease-time 600;
max-lease-time 3600;
}
host client_centos_02 { #MAC地址绑定
hardware ethernet 00:0c:29:3b:eb:ed;
fixed-address 192.168.64.20;
}
#重启DHCP服务
[root@centos-01 ~]# systemctl restart dhcpd
#客户机操作重启网卡
[root@centos-02 ~]# ifdown /etc/sysconfig/network-scripts/ifcfg-eth0 && ifup /etc/sysconfig/network-scripts/ifcfg-eth0
成功断开设备 "eth0"。
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/9)
#查看获取的IP地址信息
[root@centos-02 ~]# ip add | grep 192.168.64.
inet 192.168.64.20/24 brd 192.168.64.255 scope global noprefixroute dynamic eth0
#服务器查看dhcp日志信息
[root@centos-01 ~]# tail -n 10 /var/log/messages | grep dhcpd
Jul 5 21:31:59 centos-01 nm-dispatcher: find-scripts: Cannot execute '/etc/NetworkManager/dispatcher.d/12-dhcpd': not executable by owner.
Jul 5 21:35:28 centos-01 dhcpd: Dynamic and static leases present for 192.168.64.20.
Jul 5 21:35:28 centos-01 dhcpd: Remove host declaration client_centos_02 or remove 192.168.64.20
Jul 5 21:35:28 centos-01 dhcpd: from the dynamic address pool for 192.168.64.0/24
Jul 5 21:35:28 centos-01 dhcpd: DHCPREQUEST for 192.168.64.20 from 00:0c:29:3b:eb:ed via eth0
Jul 5 21:35:28 centos-01 dhcpd: DHCPACK on 192.168.64.20 to 00:0c:29:3b:eb:ed via eth0
四、DHCP服务器的超级作用域
-
客户机设置
#关闭客户网卡接口 [root@centos-02 ~]# ifdown eth0 成功断开设备 "eth0"。 [root@centos-03 ~]# ifdown eth0 成功断开设备 "eth0"。
-
服务器设置
#创建子接口并设置IP [root@centos-01 ~]# cp -a /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0 [root@centos-01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0:0 [root@centos-01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:0 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eth0:0 DEVICE=eth0:0 ONBOOT=yes IPADDR=192.168.65.10 NETMASK=255.255.255.0 GATEWAY=192.168.65.1 #开启子接口 [root@centos-01 ~]# ifup eth0:0 #开启路由转发功能 [root@centos-01 ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf #在/etc/sysctl.conf配置文件中新增net.ipv4.ip_forward = 1开启路由转发 [root@centos-01 ~]# sysctl -p #加载配置 net.ipv4.ip_forward = 1 [root@centos-01 ~]# sysctl -a |grep "ip_forward" #验证配置是否生效 sysctl: reading key "net.ipv6.conf.all.stable_secret" sysctl: reading key "net.ipv6.conf.default.stable_secret" sysctl: reading key "net.ipv6.conf.eth0.stable_secret" sysctl: reading key "net.ipv6.conf.lo.stable_secret" net.ipv4.ip_forward = 1 net.ipv4.ip_forward_use_pmtu = 0 #备份dhcp服务配置文件,之前的配置需要删除 [root@centos-01 ~]# cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf_bak #编辑dhcp配置文件 [root@centos-01 ~]# vi /etc/dhcp/dhcpd.conf option domain-name "example.org"; option domain-name-servers ns1.example.org, ns2.example.org; default-lease-time 600; max-lease-time 7200; shared-network public { subnet 192.168.64.0 netmask 255.255.255.0 { option routers 192.168.64.10; range 192.168.64.30 192.168.64.30; } subnet 192.168.65.0 netmask 255.255.255.0 { option routers 192.168.65.10; range 192.168.65.100 192.168.65.200; } } "/etc/dhcp/dhcpd.conf" 14L, 406C written #重启dhcp服务使配置生效 [root@centos-01 ~]# systemctl restart dhcpd
-
验证
[root@centos-02 ~]# ifup eth0 [root@centos-02 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:3b:eb:ed brd ff:ff:ff:ff:ff:ff inet 192.168.64.30/24 brd 192.168.64.255 scope global noprefixroute dynamic eth0 valid_lft 403sec preferred_lft 403sec inet6 fe80::20c:29ff:fe3b:ebed/64 scope link valid_lft forever preferred_lft forever
[root@centos-03 ~]# ifup eth0 [root@centos-03 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:97:a3:2c brd ff:ff:ff:ff:ff:ff inet 192.168.65.100/24 brd 192.168.65.255 scope global noprefixroute dynamic eth0 valid_lft 568sec preferred_lft 568sec inet6 fe80::20c:29ff:fe97:a32c/64 scope link valid_lft forever preferred_lft forever
五、DHCP中继
-
中继服务器配置
#为中继服务器eth0固定IP地址 [root@centos-02 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO=static DEFROUTE="yes" IPV4_FAILURE_FATAL="no" NAME="eth0" DEVICE="eth0" ONBOOT="yes" IPADDR=192.168.64.30 NETMASK=255.255.255.0 GATEWAY=192.168.64.1 #为中继服务器eth1固定IP地址 [root@centos-02 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO=static DEFROUTE="yes" IPV4_FAILURE_FATAL="no" NAME="eth1" DEVICE="eth1" ONBOOT="yes" IPADDR=172.100.100.1 NETMASK=255.255.255.0 GATEWAY=172.100.100.1 #安装dhcp服务 [root@centos-02 ~]# yum -y install dhcp #配置中继 [root@centos-02 ~]# vi /etc/sysconfig/dhcrelay INTERFACES="eht0 eth1" DHCPSERVERS="192.168.64.10" #开启路由转发 [root@centos-02 ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf [root@centos-02 ~]# sysctl -p net.ipv4.ip_forward = 1 #启动dhcp中继 [root@centos-02 ~]# dhcrelay -i eth0 -i eth1 192.168.64.10 Dropped all unnecessary capabilities. Internet Systems Consortium DHCP Relay Agent 4.2.5 Copyright 2004-2013 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/eth1/00:0c:29:3b:eb:f7 Sending on LPF/eth1/00:0c:29:3b:eb:f7 Listening on LPF/eth0/00:0c:29:3b:eb:ed Sending on LPF/eth0/00:0c:29:3b:eb:ed Sending on Socket/fallback
-
服务器配置
#将服务器的网关更改为中继服务器eth0的地址 [root@centos-01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eth0 DEVICE=eth0 ONBOOT=yes IPADDR=192.168.64.10 NETMASK=255.255.255.0 GATEWAY=192.168.64.30 #重启网络服务 [root@centos-01 ~]# systemctl restart network [root@centos-01 ~]# mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf_bak_relay [root@centos-01 ~]# mv /etc/dhcp/dhcpd.conf_bak /etc/dhcp/dhcpd.conf [root@centos-01 ~]# vi /etc/dhcp/dhcpd.conf option domain-name "example.org"; option domain-name-servers ns1.example.org, ns2.example.org; default-lease-time 600; max-lease-time 7200; subnet 192.168.64.0 netmask 255.255.255.0 { range 192.168.64.30 192.168.64.100; option routers 192.168.64.1; } subnet 172.100.100.0 netmask 255.255.255.0 { range 172.100.100.30 172.100.100.40; option routers 172.100.100.1; } #重启dhcp [root@centos-01 ~]# systemctl restart dhcpd
-
客户机验证
注意:需要将客户机的网卡连接修改值Vmnet11
[root@centos-03 ~]# ifdown eth0 && ifup eth0 成功断开设备 "eth0"。 连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/14) [root@centos-03 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:97:a3:2c brd ff:ff:ff:ff:ff:ff inet 172.100.100.30/24 brd 172.100.100.255 scope global noprefixroute dynamic eth0 valid_lft 598sec preferred_lft 598sec inet6 fe80::20c:29ff:fe97:a32c/64 scope link valid_lft forever preferred_lft forever