首页 文章 精选 留言 我的

如何用一台思科三层交换机搞定办公网络-经验分享篇

2017-02-12 646

今天,突发的心思想把一个非常基础而简单的应用场景再做一次介绍,做网工的我们不断在追求高端技术原理和场景,但偶尔真的对于我们来讲,一件简单而又实用的技术对于身边的同事和初来匝道的新成员都是非常有意思的。


wKiom1igA9KRJNk3AADfbYbdCwI730.png


如上图所示,这是一个大环境下的局部参考,思维稍微发散下,把变成了DHCP+GW的角色,然后服务器设置DHCP直接拉取到IP地址,然后给出全网顺利互相ping通。


我这里啊,介绍两种思科的DHCP配置方法,一种是基于物理接口,另外一种是基于SVI接口的。我就直接讲配置方法贴在本文中。


基于接口DHCP

ip dhcp pool as001

   network 192.168.100.0 255.255.255.0

   default-router 192.168.100.254

   dns-server 114.114.114.114

   lease 300

#

interface FastEthernet0/0

 ip address 192.168.100.254 255.255.255.0

 duplex auto

 speed auto


使用场景:公司办公位不多,只有一个或两个区域,加上公司预算,接入交换机只能买不带网管tplink纯二层交换机,上联接入我们配置的DHCP的三层交换机,特点:目前市面上非常容易上手的办公网络的工程。


如下图:

wKioL1igBbqinP17AACZSBYypcQ819.png


————————————————————————————————————————————


基于Vlan-DHCP

ip dhcp pool Lab-wifi

   network 172.17.10.0 255.255.255.0

   default-router 172.17.10.254 

   dns-server 114.114.114.114 8.8.8.8 

   lease 300

#

interface Vlan17

 description wifi

 ip address 172.17.10.254 255.255.255.0


使用场景,包含上面的之外,可以更好的去在内网做区分,比如一个接入层交换机下面既有行政又有技术,这个时候基于vlan配置的dhcp就非常合适了。


如下图:

wKiom1igCF2jkG4bAACUNqoHoeo463.png


文章就这样结束了吗?不不,还有最主要的一些现象要演示给大家看看,否则光学配置,不学思路这样就很不好。




如下日志输出,我使用了一台路由模拟终端服务器通过DHCP拿地址,并且开启debug信息,显示如下。

我这里强调一遍,细心的去看日志,你发清晰发现你的理论还不够强大又或者你的理论和实践完全对上了。

R1(config-if)#

*Nov  8 12:56:21.655: DHCP: DHCP client process started: 10

*Nov  8 12:56:21.679: RAC: Starting DHCP discover on Ethernet1/0

*Nov  8 12:56:21.679: DHCP: Try 1 to acquire address for Ethernet1/0

*Nov  8 12:56:21.691: DHCP: allocate request

*Nov  8 12:56:21.691: DHCP: new entry. add to queue, interface Ethernet1/0

*Nov  8 12:56:21.691: DHCP: SDiscover attempt # 1 for entry:

*Nov  8 12:56:21.691: Temp IP addr: 0.0.0.0  for peer on Interface: Ethernet1/0

*Nov  8 12:56:21.695: Temp  sub net mask: 0.0.0.0

*Nov  8 12:56:21.695:    DHCP Lease server: 0.0.0.0, state: 1 Selecting

*Nov  8 12:56:21.695:    DHCP transaction id: 8DC

R1(config-if)#

R1(config-if)#

*Nov  8 12:56:21.695:    Lease: 0 secs,  Renewal: 0 secs,  Rebind: 0 secs

*Nov  8 12:56:21.699:    Next timer fires after: 00:00:04

*Nov  8 12:56:21.699:    Retry count: 1   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:56:21.699:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:56:21.703:                        303031632D4574312F30

*Nov  8 12:56:21.707:    Hostname: R1

*Nov  8 12:56:21.707: DHCP: SDiscover: sending 291 byte length DHCP packet

*Nov  8 12:56:21.711: DHCP: SDiscover 291 bytes 

*Nov  8 12:56:21.711:             B'cast on Ethernet1/0 interface from 0.0.0.0

*Nov  8 12:56:21.787: DHCP: Received a BOOTREP pkt

*Nov  8 12:56:21.787: DHCP: Scan: Message type: DHCP Offer

*Nov  8 12:56:21.787: DHCP: Scan: Server ID Option: 192.168.1.254 = C0A801FE

*Nov  8 12:56:21.791: DHCP: Scan: Lease Time: 25919829

*Nov  8 12:56:21.791: DHCP: Scan: Renewal time: 12959914

*Nov  8 12:56:21.791: DHCP: Scan: Rebind time: 22679850

*Nov  8 12:56:21.791: DHCP: Sc

R1(config-if)#an: Host Name: R1

*Nov  8 12:56:21.791: DHCP: Scan: Subnet Address Option: 255.255.255.0

*Nov  8 12:56:21.791: DHCP: Scan: Router Option: 192.168.1.254

*Nov  8 12:56:21.795: DHCP: Scan: DNS Name Server Option: 114.114.114.114

*Nov  8 12:56:21.795: DHCP: rcvd pkt source: 192.168.1.254,  destination:  255.255.255.255

*Nov  8 12:56:21.795:    UDP  sport: 43,  dport: 44,  length: 308

*Nov  8 12:56:21.795:    DHCP op: 2, htype: 1, hlen: 6, hops: 0

*Nov  8 12:56:21.795:    DHCP server identifier: 192.168.1.254

*Nov  8 12:56:21.795:         xid: 8DC, secs: 0, flags: 8000

*Nov  8 12:56:21.799:         client: 0.0.0.0, your: 192.168.1.1

*Nov  8 12:56:21.799:         srvr:   0.0.0.0, gw: 0.0.0.0

*Nov  8 12:56:21.799:         options block length: 60


*Nov  8 12:56:21.799: DHCP Offer Message   Offered Address: 192.168.1.1

*Nov  8 12:56:21.799: DHCP: Lease Seconds: 25919829    Renewal secs:  12959914    Rebind secs:   22679850

*Nov  8 12:56:21.803: DHCP: Server ID Option: 192.168.1

R1(config-if)#.254

*Nov  8 12:56:21.803: DHCP Host Name Option: R1

*Nov  8 12:56:21.803: DHCP: offer received from 192.168.1.254

*Nov  8 12:56:21.803: DHCP: SRequest attempt # 1 for entry:

*Nov  8 12:56:21.807: Temp IP addr: 192.168.1.1  for peer on Interface: Ethernet1/0

*Nov  8 12:56:21.807: Temp  sub net mask: 255.255.255.0

*Nov  8 12:56:21.807:    DHCP Lease server: 192.168.1.254, state: 2 Requesting

*Nov  8 12:56:21.807:    DHCP transaction id: 8DC

*Nov  8 12:56:21.807:    Lease: 25919829 secs,  Renewal: 0 secs,  Rebind: 0 secs

*Nov  8 12:56:21.811:    Next timer fires after: 00:00:03

*Nov  8 12:56:21.811:    Retry count: 1   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:56:21.811:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:56:21.819:                        303031632D4574312F30

*Nov  8 12:56:21.831:    Hostname: R1

*Nov  8 12:56:21.831: DHCP: SRequest- Server ID option: 192.168.1.254

*Nov  8 12:56:21.835: DHCP: SRequest- Requested IP addr option: 192.168.1.1

*Nov  8 12:56:21.835: DHCP: SRequest placed lease len option: 25919829

*Nov  8 12:56:21.835: DHCP: SRequest: 309 bytes

*Nov  8 12:56:21.839: DHCP: SRequest: 309 bytes

*Nov  8 12:56:21.839:             B'cast on Ethernet1/0 interface from 0.0.0.0

*Nov  8 12:56:21.947: DHCP: Received a BOOTREP pkt

*Nov  8 12:56:21.947: DHCP: Scan: Message type: DHCP Ack

*Nov  8 12:56:21.947: DHCP: Scan: Server ID Option: 192.168.1.254 = C0A801FE

*Nov  8 12:56:21.951: DHCP: Scan: Lease Time: 25920000

*Nov  8 12:56:21.951: DHCP: Scan: Renewal time: 12960000

*Nov  8 12:56:21.951: DHCP: Scan: Rebind time: 22680000

*Nov  8 12:56:21.951: DHCP: Scan: Host Name: R1

*Nov  8 12:56:21.951: DHCP: Scan: Subnet Address Option: 255.255.255.0

*Nov  8 12:56:21.951: DHCP: Scan: Router Option: 192.168.1.254

*Nov  8 12:56:21.955: DHCP: Scan: DNS Name Server Option: 114.114.114.114

*Nov  8 12:56:21.955: DHCP: rcvd pkt source: 192.168.1.254,  destination:  255.255.255.255

*Nov  8 12:56:21.955:    UDP  

R1(config-if)#sport: 43,  dport: 44,  length: 308

*Nov  8 12:56:21.955:    DHCP op: 2, htype: 1, hlen: 6, hops: 0

*Nov  8 12:56:21.955:    DHCP server identifier: 192.168.1.254

*Nov  8 12:56:21.959:         xid: 8DC, secs: 0, flags: 8000

*Nov  8 12:56:21.959:         client: 0.0.0.0, your: 192.168.1.1

*Nov  8 12:56:21.959:         srvr:   0.0.0.0, gw: 0.0.0.0

*Nov  8 12:56:21.959:         options block length: 60


*Nov  8 12:56:21.959: DHCP Ack Message

*Nov  8 12:56:21.959: DHCP: Lease Seconds: 25920000    Renewal secs:  12960000    Rebind secs:   22680000

*Nov  8 12:56:21.963: DHCP: Server ID Option: 192.168.1.254

*Nov  8 12:56:21.963: DHCP Host Name Option: R1

*Nov  8 12:56:24.987: DHCP: Releasing ipl options:

*Nov  8 12:56:24.991: DHCP: Applying DHCP options:

*Nov  8 12:56:24.991:   Setting default_gateway to 192.168.1.254

*Nov  8 12:56:24.991:   Adding default route 192.168.1.254

*Nov  8 12:56:26.019:   Adding route to DHCP server 192.168.1.254 via Ethernet1/0 192.168.1.254

*Nov  8 12:56:26.019:   Adding DNS server address 114.114.114.114

*Nov  8 12:56:26.019: DHCP Client Pooling: ***Allocated IP address: 192.168.1.1

*Nov  8 12:56:26.023: Allocated IP address = 192.168.1.1  255.255.255.0

*Nov  8 12:56:26.023: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet1/0 assigned DHCP address 192.168.1.1, mask 255.255.255.0, hostname R1


以上的信息是模拟服务器去找DHCP服务器要IP地址,那我们也很清楚,DHCP有要,就会有还。那接下来的debug日志输出就是我们终端释放IP地址的log。

*Nov  8 12:54:35.475: DHCP: Release IPL called for interface Ethernet1/0 in state 3

*Nov  8 12:54:35.479: DHCP: SRelease attempt # 1 for entry:

*Nov  8 12:54:35.479: Temp IP addr: 192.168.1.1  for peer on Interface: Ethernet1/0

*Nov  8 12:54:35.479: Temp  sub net mask: 255.255.255.0

*Nov  8 12:54:35.479:    DHCP Lease server: 192.168.1.254, state: 8 Releasing

*Nov  8 12:54:35.479:    DHCP transaction id: 521

*Nov  8 12:54:35.483:    Lease: 25920000 secs,  Renewal: 12960000 secs,  Rebind: 22680000 secs

*Nov  8 12:54:35.483: Temp default-gateway addr: 192.168.1.254

*Nov  8 12:54:35.483:    Next timer fires after: 00:00:02

*Nov  8 12:54:35.483:    Retry count: 1   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:54:35.483:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:54:35.491:                        303031632D4574312F30

*Nov  8 12:54:35.495:    Hostname: R1

*Nov  8 12:54:35.499: DHCP: SRelease placed Server ID option: 192.168.1.254

*Nov  8 12:54:35.499: DHCP: SRelease: 279 bytes

*Nov  8 12:54:39.503: DHCP: Shutting down from get_netinfo()

*Nov  8 12:54:39.503: DHCP: Attempting to shutdown DHCP Client

*Nov  8 12:54:39.503: DHCP: Releasing ipl options:

*Nov  8 12:54:39.503:   Clearing default gateway and route to 192.168.1.254

*Nov  8 12:54:39.503:   Removing old default route 192.168.1.254

*Nov  8 12:54:39.507:   Clearing route to DHCP server 192.168.1.254

*Nov  8 12:54:39.507:   Clearing DNS address 114.114.114.114

*Nov  8 12:54:39.507: DHCP: SRelease attempt # 2 for entry:

*Nov  8 12:54:39.507: Temp IP addr: 192.168.1.1  for peer on Interface: Ethernet1/0

*Nov  8 12:54:39.507: Temp  sub net mask: 255.255.255.0

*Nov  8 12:54:39.511:    DHCP Lease server: 192.168.1.254, state: 8 Releasing

*Nov  8 12:54:39.511:    DHCP transaction id: 521

*Nov  8 12:54:39.511:    Lease: 25920000 secs,  Renewal: 12960000 secs,  Rebind: 22680000 secs

*Nov  8 12:54:39.511:    Next timer fires after: 00:00:02

*Nov  8 12:54:39.511:    Retry count: 2   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:54:39.515:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:54:39.523:                        303031632D4574312F30

*Nov  8 12:54:39.535:    Hostname: R1

*Nov  8 12:54:39.535: DHCP: SRelease placed Server ID option: 192.168.1.254

*Nov  8 12:54:39.535: DHCP: SRelease: 279 bytes

*Nov  8 12:54:43.547: DHCP: SRelease attempt # 3 for entry:

*Nov  8 12:54:43.547: Temp IP addr: 192.168.1.1  for peer on Interface: Ethernet1/0

*Nov  8 12:54:43.547: Temp  sub net mask: 255.255.255.0

*Nov  8 12:54:43.547:    DHCP Lease server: 192.168.1.254, state: 8 Releasing

*Nov  8 12:54:43.551:    DHCP transaction id: 521

*Nov  8 12:54:43.551:    Lease: 25920000 secs,  Renewal: 12960000 secs,  Rebind: 22680000 secs

*Nov  8 12:54:43.551:    Next timer fires after: 00:00:02

*Nov  8 12:54:43.551:    Retry count: 3   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:54:43.551:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:54:43.559:                        303031632D4574312F30

*Nov  8 12:54:43.563:    Hostname: R1

*Nov  8 12:54:43.563: DHCP: SRelease placed Server ID option: 192.168.1.254

*Nov  8 12:54:43.563: DHCP: SRelease: 279 bytes


当年培训老师的劲头又上来了,这里再啰嗦几句,哈哈。


ipv4:DHCP一共有8个报文  切记切记

ipv6: 不只8个

四个收发报文类型:discover、offer、request、ack

另外四个报文:

NAK:DHCP服务器拒绝客户端的request请求

Decline:当客户端发现自己地址重复时,向DHCP服务器发送该报文

Release:释放自己的IP地址

Inform:客户端获取IP地址以后,如果还需要从DHCP服务器获取更详细的配置信息时,发送该报文

分发原则是先到先得(很人性化)


DHCP整个过程的小计:

【PC发】1、discover    source:0.0.0.0 port:68 destination:广播形式(255.255.255.255)port:67

      作用:寻找DHCP服务器-广播

【DHCP回offer】2、source:dhcp-server地址 port:67 destination:分配的地址

      作用:offer DHCP服务器用来响应dhcp discover报文,此报文携带了各种配置信息

【PCrequest】3、source:0.0.0.0 destination:广播

      作用:该报文有三个用途:

            1、客户端初始化,响应offer报文

            2、客户端重启后,确认之前分配出去的IP地址配置信息

            3、更新ip地址的租约-广播或单薄

【ACK】4、server destination:PC客户端

       作用:服务器对客户端的DHCP request报文的确认响应报文


使用场景-避免员工弄个小TP-link出现网络异常(现象是导致部分员工上不了网)的防范

只要开启了dhcp snooping enable 所有的端口都是untrust的。这个时候,所有dhcp获取的端口都无法自动进行获取。必须要在可信任接口底下开启dhcp snooping trusted 可信任之后。服务器才能正常获取ip地址。



好了,希望对大家有帮助。小小的笔记回忆确实又让我巩固了一次底层的基础原理,把学习当做习惯,把时间当成金钱,你会受益无比巨大,加油!

                               —————来自一家二级运营商的网工分享



上一篇 下一篇
优秀的个人博客,低调大师

微信关注我们

原文链接:https://blog.51cto.com/allen686/1897055

转载内容版权归作者及来源网站所有!

低调大师中文资讯倾力打造互联网数据资讯、行业资源、电子商务、移动互联网、网络营销平台。持续更新报道IT业界、互联网、市场资讯、驱动更新,是最及时权威的产业资讯及硬件资讯报道平台。

Nginx、Apache工作原理以及nginx为何比Apache高效

Nginx才短短几年,就拿下了web服务器大笔江山,众所周知,Nginx在处理大并发静态请求方面,效率明显高于httpd,甚至能轻松解决C10K问题。 在高并发连接的情况下,Nginx是Apache服务器不错的替代品。Nginx同时也可以作为7层负载均衡服务器来使用。根据我的测试结果,Nginx0.7.14+PHP5.2.6(FastCGI)可以承受3万以上的并发连接数,相当于同等环境下Apache的10倍。 一般来说,4GB内存的服务器+Apache(prefork模式)一般只能处理3000个并发连接,因为它们将占用3GB以上的内存,还得为系统预留1GB的内存。我曾经就有两台Apache服务器,因为在配置文件中设置的MaxClients为4000,当Apache并发连接数达到3800时,导致服务器内存和Swap空间用满而崩溃。 而这台Nginx0.7.14+PHP5.2.6(FastCGI)服务器在3万并发连接下,开启的10个Nginx进程消耗150M内存(15M*10=150M),开启的64个php-cgi进程消耗1280M内存(20M*64=1280M),加上系统自身消耗的内存,...
2017-02-11
584
上一篇

全新Linux+Python高端运维班第三次作业

1、找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello(); [root@tom~]#grep-E-o"[_[:alpha:]]+\(\)"/etc/rc.d/init.d/functions fstab_decode_str() checkpid() __readlink() __fgrep() __kill_pids_term_kill_checkpids() __kill_pids_term_kill() __umount_loop() __source_netdevs_fstab() __source_netdevs_mtab() __umount_loopback_loop() __find_mounts() __pids_var_run() __pids_pidof() daemon() killproc() pidfileofproc() pidofproc() status() echo_success() echo_failure() echo_passed() echo_warning() update_boo...
2017-02-12
617
下一篇

相关文章

发表评论

资源下载

更多资源
优质分享App

优质分享App

近一个月的开发和优化,本站点的第一个app全新上线。该app采用极致压缩,本体才4.36MB。系统里面做了大量数据访问、缓存优化。方便用户在手机上查看文章。后续会推出HarmonyOS的适配版本。

时间: 2025-12-03 大小: 4.36MB 下载: 23次
Mario

Mario

马里奥是站在游戏界顶峰的超人气多面角色。马里奥靠吃蘑菇成长,特征是大鼻子、头戴帽子、身穿背带裤,还留着胡子。与他的双胞胎兄弟路易基一起,长年担任任天堂的招牌角色。

时间: 2025-12-12 大小: 211.28KB 下载: 54次
腾讯云软件源

腾讯云软件源

为解决软件依赖安装时官方源访问速度慢的问题,腾讯云为一些软件搭建了缓存服务。您可以通过使用腾讯云软件源站来提升依赖包的安装速度。为了方便用户自由搭建服务架构,目前腾讯云软件源站支持公网访问和内网访问。

时间: 2025-12-17 大小: 1MB 下载: 2次
Sublime Text

Sublime Text

Sublime Text具有漂亮的用户界面和强大的功能,例如代码缩略图,Python的插件,代码段等。还可自定义键绑定,菜单和工具栏。Sublime Text 的主要功能包括:拼写检查,书签,完整的 Python API , Goto 功能,即时项目切换,多选择,多窗口等等。Sublime Text 是一个跨平台的编辑器,同时支持Windows、Linux、Mac OS X等操作系统。

时间: 2025-12-03 大小: 9.84MB 下载: 39次
手机查看

扫码在手机上查看文章

扫描二维码,手机阅读更方便

热门标签
Rocky SpringCloud Jdk25 Service Mesh Gemini3 SpringBoot4 Nacos3 Docker Kubernetes DeepSeek OpenAi HarmonyOS6 Redis

欢迎您!

登录后,您将获得更多功能!

热门文章
联系我们

有任何问题或合作意向欢迎联系我们

Email: 99873273@qq.com

QQ: 99873273