一、 概述

DHCP协议

Dynamic Host Configuration Protocol ，动态主机配置协议

作用：动态的进行IP地址分配

服务端的监听端口 67/udp

客户端监听端口 68/udp

网络架构 C/S：client/server

DHCP的优势

• 提高配置效率

• 减少配置错误

DHCP的分配方式

• 手动分配：固定不变，工程师进行地址绑定

• 自动分配：但是不进行地址回收

• 动态分配：进行地址回收

应用场景

• 更加准确的配置网络参数的情况下

• 网络环境较大时

注意

同一个网络环境下不允许存在多个DHCP服务器

工作流程（背会）

1、当客户端配置为自动获得IP地址时，客户端发送discover广播包（发现），用来寻找网络中的DHCP服务器

2、假如网络存在DHCP服务器，此时服务器给出回应，向客户端发送Offer广播包（邀约），携带了IP地址的信息，询问客户端是否使用该IP地址

3、假如客户端使用上述IP地址，向服务端发送Request广播包（请求），并将请求信息写入到该包内。

4、服务端向客户端发送Ack广播包（确认），并确定IP地址的租约期。

何时更新租约

当租约期达到50%时

当客户端重启后

客户端直接发送Request包：

A、IP地址空闲 服务端直接回应Ack

B、IP地址被占用 服务端回应noAck 客户端需要将上述“工作流程”完整执行一遍

客户端类型

Linux DHCP服务器不存在，没有IP

Windows DHCP不存在，会启用备用IP地址 169.254.0.0/16 ~ 168.254.255.255/16

二、DCHP安装与配置

部署

基础环境

配置yum源

关闭防火墙及SElinux

[root@dhcpserver ~]# systemctl  stop  firewalld  && systemctl disable firewalld

查看SElinux状态

[root@dhcpserver ~]# getenforce
###设置宽容模式
[root@dhcpserver ~]# setenforce  0
###关闭SElinux，重启才能生效
[root@dhcpserver ~]# vim  /etc/selinux/config
SELINUX=enforcing  改为 SELINUX=disabled

配置静态IP

###关闭网络图形化工具
[root@dhcpserver ~]# systemctl  stop NetworkManager ; systemctl disable NetworkManager
[root@dhcpserver ~]# cd /etc/sysconfig/network-scripts/
[root@dhcpserver ~]# cp ifcfg-ens33 ifcfg-ens34
[root@dhcpserver ~]# cat ifcfg-ens34
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24
[root@dhcpserver ~]# systemctl restart network 

安装DHCP软件包

[root@localhost ~]# yum install -y dhcp-server

配置

配置文件存储路径 /etc/dhcp

默认配置文件副本路径 /usr/share/doc/dhcp-4.2.5/

数据文件存储路径 /var/lib/dhcpd

核心配置文件 /etc/dhcp/dhcpd.conf

[root@dhcpserver ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/
[root@dhcpserver ~]# cd /etc/dhcp/
[root@dhcpserver ~]# cp dhcpd.conf.example dhcpd.conf
[root@dhcpserver ~]# cat dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
## option definitions common to all supported networks...
option domain-name "example.org";    ##指定DNS服务器域名
option domain-name-servers ns1.example.org, ns2.example.org;  ##指定DNS服务器域名default-lease-time 600;  ##默认租约。单位s
max-lease-time 7200; ##最大租约时间，单位s# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;  ##日志输出通道，交给syslog服务管理# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.
#######每一个subnet都是一个分配地址段的定义######################
subnet 10.152.187.0 netmask 255.255.255.0 {
}# This is a very basic subnet declaration.subnet 10.254.239.0 netmask 255.255.255.224 {range 10.254.239.10 10.254.239.20;option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.subnet 10.254.239.32 netmask 255.255.255.224 {range dynamic-bootp 10.254.239.40 10.254.239.60;option broadcast-address 10.254.239.31;option routers rtr-239-32-1.example.org;
}# A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 {range 10.5.5.26 10.5.5.30;  ##定义分配地址段的地址范围option domain-name-servers ns1.internal.example.org;option domain-name "internal.example.org";option routers 10.5.5.1;  ###定义分配的网关地址option broadcast-address 10.5.5.31; ###定义地址段的广播地址default-lease-time 600;max-lease-time 7200;
}# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
######每一个host都是进行地址绑定的配置项###############
host passacaglia {hardware ethernet 0:0:c0:5d:bd:95;filename "vmunix.passacaglia";server-name "toccata.fugue.com";
}# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
host fantasia {hardware ethernet 08:00:07:26:c0:a5;  ###固定分配地址的主机的MAC地址fixed-address fantasia.fugue.com;  ###需要进行分配的IP地址
}# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.class "foo" {match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}shared-network 224-29 {subnet 10.17.224.0 netmask 255.255.255.0 {option routers rtr-224.example.org;}subnet 10.0.29.0 netmask 255.255.255.0 {option routers rtr-29.example.org;}pool {allow members of "foo";range 10.17.224.10 10.17.224.250;}pool {deny members of "foo";range 10.0.29.10 10.0.29.230;}
}

单一地址池的配置文件

[root@dhcpserver dhcp]# cat dhcpd.conf | grep -v "^#" | grep -v "^$"
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.100.0 netmask 255.255.255.0 {range 192.168.100.100 192.168.100.200;option domain-name-servers ns1.internal.example.org;option domain-name "internal.example.org";option routers 192.168.100.254;option broadcast-address 192.168.100.255;default-lease-time 600;max-lease-time 7200;
}
host passacaglia {hardware ethernet 0:0:c0:5d:bd:95;filename "vmunix.passacaglia";server-name "toccata.fugue.com";
}
host fantasia {hardware ethernet 08:00:07:26:c0:a5;fixed-address fantasia.fugue.com;
}
class "foo" {match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 224-29 {subnet 10.17.224.0 netmask 255.255.255.0 {option routers rtr-224.example.org;}subnet 10.0.29.0 netmask 255.255.255.0 {option routers rtr-29.example.org;}pool {allow members of "foo";range 10.17.224.10 10.17.224.250;}pool {deny members of "foo";range 10.0.29.10 10.0.29.230;}
}
###重启DHCP服务器
[root@dhcpserver dhcp]# systemctl restart dhcpd
###查看监听
[root@dhcpserver dhcp]# netstat -anptu | grep :67
udp        0      0 0.0.0.0:67              0.0.0.0:*                           28005/dhcpd 

地址绑定配置文件

[root@dhcpserver dhcp]# cat dhcpd.conf | grep -v "^#" | grep -v "^$"
....省略.....
host s1 {hardware ethernet 00:0c:29:dd:24:41;fixed-address 192.168.100.110;
}
....省略.....
###重启DHCP服务器
[root@dhcpserver dhcp]# systemctl restart dhcpd
###查看监听
[root@dhcpserver dhcp]# netstat -anptu | grep :67
udp        0      0 0.0.0.0:67              0.0.0.0:*                           28005/dhcpd 
####客户端验证
[root@client ~]# ifdown ens34 ; ifup ens34
[root@client ~]# ip a
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:dd:24:41 brd ff:ff:ff:ff:ff:ffinet 192.168.100.110/24 brd 192.168.100.255 scope global noprefixroute dynamic ens34valid_lft 599sec preferred_lft 599secinet6 fe80::20c:29ff:fedd:2441/64 scope link valid_lft forever preferred_lft forever

多地址池配置

路由器配置

###安装dhcp软件，提供dhcrelay命令
[root@nginx1 ~]# yum install -y dhcp
##开启路由功能
[root@nginx1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@nginx1 ~]# sysctl -p
net.ipv4.ip_forward = 1
##分别对连接两个网络的网卡配置IP地址
[root@nginx1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens34 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.253
PREFIX=24
[root@nginx1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens37
TYPE=Ethernet
BOOTPROTO=static
NAME=ens37
DEVICE=ens37
ONBOOT=yes
IPADDR=192.168.200.253
PREFIX=24
##使用dhcrelay进行DHCP广播的中继转发
[root@nginx1 ~]# dhcrelay 192.168.100.254  

DHCP服务器配置

##DHCP分配地址配置文件，添加如下配置：
[root@dhcpserver dhcp]# vim dhcpd.conf
....省略.....
subnet 192.168.200.0 netmask 255.255.255.0 {
range 192.168.200.100 192.168.200.200;
option domain-name-servers ns1.internal.example.org;
option domain-name "internal.example.org";
option routers 192.168.200.253;
option broadcast-address 192.168.200.255;
default-lease-time 600;
max-lease-time 7200;} 
....省略.....
##重启DHCP服务器
[root@dhcpserver ~]# systemctl restart dhcpd
##设置DHCP服务器的网关
[root@dhcpserver ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens34 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.100.254
PREFIX=24
GATEWAY=192.168.100.253
##验证网关
[root@dhcpserver ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.253 0.0.0.0         UG    103    0        0 ens34

客户端验证

[root@nginx2 ~]# ifdown ens34 ;ifup ens34
[root@nginx2 ~]# ifconfig ens34
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 192.168.200.100  netmask 255.255.255.0  broadcast 192.168.200.255inet6 fe80::20c:29ff:fe8a:4a83  prefixlen 64  scopeid 0x20<link>ether 00:0c:29:8a:4a:83  txqueuelen 1000  (Ethernet)RX packets 40  bytes 9956 (9.7 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 172  bytes 27844 (27.1 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

三、常见故障

1. 服务启动异常，排查配置文件，特别注意修改的位置！！！
2. 地址参数分配异常，排查网络连接情况，再排查subnet字段！！！