如何用一台思科三层交换机搞定办公网络-经验分享篇
今天,突发的心思想把一个非常基础而简单的应用场景再做一次介绍,做网工的我们不断在追求高端技术原理和场景,但偶尔真的对于我们来讲,一件简单而又实用的技术对于身边的同事和初来匝道的新成员都是非常有意思的。
如上图所示,这是一个大环境下的局部参考,思维稍微发散下,把变成了DHCP+GW的角色,然后服务器设置DHCP直接拉取到IP地址,然后给出全网顺利互相ping通。
我这里啊,介绍两种思科的DHCP配置方法,一种是基于物理接口,另外一种是基于SVI接口的。我就直接讲配置方法贴在本文中。
基于接口DHCP
ip dhcp pool as001
network 192.168.100.0 255.255.255.0
default-router 192.168.100.254
dns-server 114.114.114.114
lease 300
#
interface FastEthernet0/0
ip address 192.168.100.254 255.255.255.0
duplex auto
speed auto
使用场景:公司办公位不多,只有一个或两个区域,加上公司预算,接入交换机只能买不带网管tplink纯二层交换机,上联接入我们配置的DHCP的三层交换机,特点:目前市面上非常容易上手的办公网络的工程。
如下图:
————————————————————————————————————————————
基于Vlan-DHCP
ip dhcp pool Lab-wifi
network 172.17.10.0 255.255.255.0
default-router 172.17.10.254
dns-server 114.114.114.114 8.8.8.8
lease 300
#
interface Vlan17
description wifi
ip address 172.17.10.254 255.255.255.0
使用场景,包含上面的之外,可以更好的去在内网做区分,比如一个接入层交换机下面既有行政又有技术,这个时候基于vlan配置的dhcp就非常合适了。
如下图:
文章就这样结束了吗?不不,还有最主要的一些现象要演示给大家看看,否则光学配置,不学思路这样就很不好。
如下日志输出,我使用了一台路由模拟终端服务器通过DHCP拿地址,并且开启debug信息,显示如下。
我这里强调一遍,细心的去看日志,你发清晰发现你的理论还不够强大又或者你的理论和实践完全对上了。
R1(config-if)#
*Nov 8 12:56:21.655: DHCP: DHCP client process started: 10
*Nov 8 12:56:21.679: RAC: Starting DHCP discover on Ethernet1/0
*Nov 8 12:56:21.679: DHCP: Try 1 to acquire address for Ethernet1/0
*Nov 8 12:56:21.691: DHCP: allocate request
*Nov 8 12:56:21.691: DHCP: new entry. add to queue, interface Ethernet1/0
*Nov 8 12:56:21.691: DHCP: SDiscover attempt # 1 for entry:
*Nov 8 12:56:21.691: Temp IP addr: 0.0.0.0 for peer on Interface: Ethernet1/0
*Nov 8 12:56:21.695: Temp sub net mask: 0.0.0.0
*Nov 8 12:56:21.695: DHCP Lease server: 0.0.0.0, state: 1 Selecting
*Nov 8 12:56:21.695: DHCP transaction id: 8DC
R1(config-if)#
R1(config-if)#
*Nov 8 12:56:21.695: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
*Nov 8 12:56:21.699: Next timer fires after: 00:00:04
*Nov 8 12:56:21.699: Retry count: 1 Client-ID: cisco-ca01.69a8.001c-Et1/0
*Nov 8 12:56:21.699: Client-ID hex dump: 636973636F2D636130312E363961382E
*Nov 8 12:56:21.703: 303031632D4574312F30
*Nov 8 12:56:21.707: Hostname: R1
*Nov 8 12:56:21.707: DHCP: SDiscover: sending 291 byte length DHCP packet
*Nov 8 12:56:21.711: DHCP: SDiscover 291 bytes
*Nov 8 12:56:21.711: B'cast on Ethernet1/0 interface from 0.0.0.0
*Nov 8 12:56:21.787: DHCP: Received a BOOTREP pkt
*Nov 8 12:56:21.787: DHCP: Scan: Message type: DHCP Offer
*Nov 8 12:56:21.787: DHCP: Scan: Server ID Option: 192.168.1.254 = C0A801FE
*Nov 8 12:56:21.791: DHCP: Scan: Lease Time: 25919829
*Nov 8 12:56:21.791: DHCP: Scan: Renewal time: 12959914
*Nov 8 12:56:21.791: DHCP: Scan: Rebind time: 22679850
*Nov 8 12:56:21.791: DHCP: Sc
R1(config-if)#an: Host Name: R1
*Nov 8 12:56:21.791: DHCP: Scan: Subnet Address Option: 255.255.255.0
*Nov 8 12:56:21.791: DHCP: Scan: Router Option: 192.168.1.254
*Nov 8 12:56:21.795: DHCP: Scan: DNS Name Server Option: 114.114.114.114
*Nov 8 12:56:21.795: DHCP: rcvd pkt source: 192.168.1.254, destination: 255.255.255.255
*Nov 8 12:56:21.795: UDP sport: 43, dport: 44, length: 308
*Nov 8 12:56:21.795: DHCP op: 2, htype: 1, hlen: 6, hops: 0
*Nov 8 12:56:21.795: DHCP server identifier: 192.168.1.254
*Nov 8 12:56:21.795: xid: 8DC, secs: 0, flags: 8000
*Nov 8 12:56:21.799: client: 0.0.0.0, your: 192.168.1.1
*Nov 8 12:56:21.799: srvr: 0.0.0.0, gw: 0.0.0.0
*Nov 8 12:56:21.799: options block length: 60
*Nov 8 12:56:21.799: DHCP Offer Message Offered Address: 192.168.1.1
*Nov 8 12:56:21.799: DHCP: Lease Seconds: 25919829 Renewal secs: 12959914 Rebind secs: 22679850
*Nov 8 12:56:21.803: DHCP: Server ID Option: 192.168.1
R1(config-if)#.254
*Nov 8 12:56:21.803: DHCP Host Name Option: R1
*Nov 8 12:56:21.803: DHCP: offer received from 192.168.1.254
*Nov 8 12:56:21.803: DHCP: SRequest attempt # 1 for entry:
*Nov 8 12:56:21.807: Temp IP addr: 192.168.1.1 for peer on Interface: Ethernet1/0
*Nov 8 12:56:21.807: Temp sub net mask: 255.255.255.0
*Nov 8 12:56:21.807: DHCP Lease server: 192.168.1.254, state: 2 Requesting
*Nov 8 12:56:21.807: DHCP transaction id: 8DC
*Nov 8 12:56:21.807: Lease: 25919829 secs, Renewal: 0 secs, Rebind: 0 secs
*Nov 8 12:56:21.811: Next timer fires after: 00:00:03
*Nov 8 12:56:21.811: Retry count: 1 Client-ID: cisco-ca01.69a8.001c-Et1/0
*Nov 8 12:56:21.811: Client-ID hex dump: 636973636F2D636130312E363961382E
*Nov 8 12:56:21.819: 303031632D4574312F30
*Nov 8 12:56:21.831: Hostname: R1
*Nov 8 12:56:21.831: DHCP: SRequest- Server ID option: 192.168.1.254
*Nov 8 12:56:21.835: DHCP: SRequest- Requested IP addr option: 192.168.1.1
*Nov 8 12:56:21.835: DHCP: SRequest placed lease len option: 25919829
*Nov 8 12:56:21.835: DHCP: SRequest: 309 bytes
*Nov 8 12:56:21.839: DHCP: SRequest: 309 bytes
*Nov 8 12:56:21.839: B'cast on Ethernet1/0 interface from 0.0.0.0
*Nov 8 12:56:21.947: DHCP: Received a BOOTREP pkt
*Nov 8 12:56:21.947: DHCP: Scan: Message type: DHCP Ack
*Nov 8 12:56:21.947: DHCP: Scan: Server ID Option: 192.168.1.254 = C0A801FE
*Nov 8 12:56:21.951: DHCP: Scan: Lease Time: 25920000
*Nov 8 12:56:21.951: DHCP: Scan: Renewal time: 12960000
*Nov 8 12:56:21.951: DHCP: Scan: Rebind time: 22680000
*Nov 8 12:56:21.951: DHCP: Scan: Host Name: R1
*Nov 8 12:56:21.951: DHCP: Scan: Subnet Address Option: 255.255.255.0
*Nov 8 12:56:21.951: DHCP: Scan: Router Option: 192.168.1.254
*Nov 8 12:56:21.955: DHCP: Scan: DNS Name Server Option: 114.114.114.114
*Nov 8 12:56:21.955: DHCP: rcvd pkt source: 192.168.1.254, destination: 255.255.255.255
*Nov 8 12:56:21.955: UDP
R1(config-if)#sport: 43, dport: 44, length: 308
*Nov 8 12:56:21.955: DHCP op: 2, htype: 1, hlen: 6, hops: 0
*Nov 8 12:56:21.955: DHCP server identifier: 192.168.1.254
*Nov 8 12:56:21.959: xid: 8DC, secs: 0, flags: 8000
*Nov 8 12:56:21.959: client: 0.0.0.0, your: 192.168.1.1
*Nov 8 12:56:21.959: srvr: 0.0.0.0, gw: 0.0.0.0
*Nov 8 12:56:21.959: options block length: 60
*Nov 8 12:56:21.959: DHCP Ack Message
*Nov 8 12:56:21.959: DHCP: Lease Seconds: 25920000 Renewal secs: 12960000 Rebind secs: 22680000
*Nov 8 12:56:21.963: DHCP: Server ID Option: 192.168.1.254
*Nov 8 12:56:21.963: DHCP Host Name Option: R1
*Nov 8 12:56:24.987: DHCP: Releasing ipl options:
*Nov 8 12:56:24.991: DHCP: Applying DHCP options:
*Nov 8 12:56:24.991: Setting default_gateway to 192.168.1.254
*Nov 8 12:56:24.991: Adding default route 192.168.1.254
*Nov 8 12:56:26.019: Adding route to DHCP server 192.168.1.254 via Ethernet1/0 192.168.1.254
*Nov 8 12:56:26.019: Adding DNS server address 114.114.114.114
*Nov 8 12:56:26.019: DHCP Client Pooling: ***Allocated IP address: 192.168.1.1
*Nov 8 12:56:26.023: Allocated IP address = 192.168.1.1 255.255.255.0
*Nov 8 12:56:26.023: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet1/0 assigned DHCP address 192.168.1.1, mask 255.255.255.0, hostname R1
以上的信息是模拟服务器去找DHCP服务器要IP地址,那我们也很清楚,DHCP有要,就会有还。那接下来的debug日志输出就是我们终端释放IP地址的log。
*Nov 8 12:54:35.475: DHCP: Release IPL called for interface Ethernet1/0 in state 3
*Nov 8 12:54:35.479: DHCP: SRelease attempt # 1 for entry:
*Nov 8 12:54:35.479: Temp IP addr: 192.168.1.1 for peer on Interface: Ethernet1/0
*Nov 8 12:54:35.479: Temp sub net mask: 255.255.255.0
*Nov 8 12:54:35.479: DHCP Lease server: 192.168.1.254, state: 8 Releasing
*Nov 8 12:54:35.479: DHCP transaction id: 521
*Nov 8 12:54:35.483: Lease: 25920000 secs, Renewal: 12960000 secs, Rebind: 22680000 secs
*Nov 8 12:54:35.483: Temp default-gateway addr: 192.168.1.254
*Nov 8 12:54:35.483: Next timer fires after: 00:00:02
*Nov 8 12:54:35.483: Retry count: 1 Client-ID: cisco-ca01.69a8.001c-Et1/0
*Nov 8 12:54:35.483: Client-ID hex dump: 636973636F2D636130312E363961382E
*Nov 8 12:54:35.491: 303031632D4574312F30
*Nov 8 12:54:35.495: Hostname: R1
*Nov 8 12:54:35.499: DHCP: SRelease placed Server ID option: 192.168.1.254
*Nov 8 12:54:35.499: DHCP: SRelease: 279 bytes
*Nov 8 12:54:39.503: DHCP: Shutting down from get_netinfo()
*Nov 8 12:54:39.503: DHCP: Attempting to shutdown DHCP Client
*Nov 8 12:54:39.503: DHCP: Releasing ipl options:
*Nov 8 12:54:39.503: Clearing default gateway and route to 192.168.1.254
*Nov 8 12:54:39.503: Removing old default route 192.168.1.254
*Nov 8 12:54:39.507: Clearing route to DHCP server 192.168.1.254
*Nov 8 12:54:39.507: Clearing DNS address 114.114.114.114
*Nov 8 12:54:39.507: DHCP: SRelease attempt # 2 for entry:
*Nov 8 12:54:39.507: Temp IP addr: 192.168.1.1 for peer on Interface: Ethernet1/0
*Nov 8 12:54:39.507: Temp sub net mask: 255.255.255.0
*Nov 8 12:54:39.511: DHCP Lease server: 192.168.1.254, state: 8 Releasing
*Nov 8 12:54:39.511: DHCP transaction id: 521
*Nov 8 12:54:39.511: Lease: 25920000 secs, Renewal: 12960000 secs, Rebind: 22680000 secs
*Nov 8 12:54:39.511: Next timer fires after: 00:00:02
*Nov 8 12:54:39.511: Retry count: 2 Client-ID: cisco-ca01.69a8.001c-Et1/0
*Nov 8 12:54:39.515: Client-ID hex dump: 636973636F2D636130312E363961382E
*Nov 8 12:54:39.523: 303031632D4574312F30
*Nov 8 12:54:39.535: Hostname: R1
*Nov 8 12:54:39.535: DHCP: SRelease placed Server ID option: 192.168.1.254
*Nov 8 12:54:39.535: DHCP: SRelease: 279 bytes
*Nov 8 12:54:43.547: DHCP: SRelease attempt # 3 for entry:
*Nov 8 12:54:43.547: Temp IP addr: 192.168.1.1 for peer on Interface: Ethernet1/0
*Nov 8 12:54:43.547: Temp sub net mask: 255.255.255.0
*Nov 8 12:54:43.547: DHCP Lease server: 192.168.1.254, state: 8 Releasing
*Nov 8 12:54:43.551: DHCP transaction id: 521
*Nov 8 12:54:43.551: Lease: 25920000 secs, Renewal: 12960000 secs, Rebind: 22680000 secs
*Nov 8 12:54:43.551: Next timer fires after: 00:00:02
*Nov 8 12:54:43.551: Retry count: 3 Client-ID: cisco-ca01.69a8.001c-Et1/0
*Nov 8 12:54:43.551: Client-ID hex dump: 636973636F2D636130312E363961382E
*Nov 8 12:54:43.559: 303031632D4574312F30
*Nov 8 12:54:43.563: Hostname: R1
*Nov 8 12:54:43.563: DHCP: SRelease placed Server ID option: 192.168.1.254
*Nov 8 12:54:43.563: DHCP: SRelease: 279 bytes
当年培训老师的劲头又上来了,这里再啰嗦几句,哈哈。
ipv4:DHCP一共有8个报文 切记切记
ipv6: 不只8个
四个收发报文类型:discover、offer、request、ack
另外四个报文:
NAK:DHCP服务器拒绝客户端的request请求
Decline:当客户端发现自己地址重复时,向DHCP服务器发送该报文
Release:释放自己的IP地址
Inform:客户端获取IP地址以后,如果还需要从DHCP服务器获取更详细的配置信息时,发送该报文
分发原则是先到先得(很人性化)
DHCP整个过程的小计:
【PC发】1、discover source:0.0.0.0 port:68 destination:广播形式(255.255.255.255)port:67
作用:寻找DHCP服务器-广播
【DHCP回offer】2、source:dhcp-server地址 port:67 destination:分配的地址
作用:offer DHCP服务器用来响应dhcp discover报文,此报文携带了各种配置信息
【PCrequest】3、source:0.0.0.0 destination:广播
作用:该报文有三个用途:
1、客户端初始化,响应offer报文
2、客户端重启后,确认之前分配出去的IP地址配置信息
3、更新ip地址的租约-广播或单薄
【ACK】4、server destination:PC客户端
作用:服务器对客户端的DHCP request报文的确认响应报文
使用场景-避免员工弄个小TP-link出现网络异常(现象是导致部分员工上不了网)的防范
只要开启了dhcp snooping enable 所有的端口都是untrust的。这个时候,所有dhcp获取的端口都无法自动进行获取。必须要在可信任接口底下开启dhcp snooping trusted 可信任之后。服务器才能正常获取ip地址。
好了,希望对大家有帮助。小小的笔记回忆确实又让我巩固了一次底层的基础原理,把学习当做习惯,把时间当成金钱,你会受益无比巨大,加油!
—————来自一家二级运营商的网工分享
关注公众号
低调大师中文资讯倾力打造互联网数据资讯、行业资源、电子商务、移动互联网、网络营销平台。
持续更新报道IT业界、互联网、市场资讯、驱动更新,是最及时权威的产业资讯及硬件资讯报道平台。
转载内容版权归作者及来源网站所有,本站原创内容转载请注明来源。
-
上一篇
Nginx、Apache工作原理以及nginx为何比Apache高效
Nginx才短短几年,就拿下了web服务器大笔江山,众所周知,Nginx在处理大并发静态请求方面,效率明显高于httpd,甚至能轻松解决C10K问题。 在高并发连接的情况下,Nginx是Apache服务器不错的替代品。Nginx同时也可以作为7层负载均衡服务器来使用。根据我的测试结果,Nginx0.7.14+PHP5.2.6(FastCGI)可以承受3万以上的并发连接数,相当于同等环境下Apache的10倍。 一般来说,4GB内存的服务器+Apache(prefork模式)一般只能处理3000个并发连接,因为它们将占用3GB以上的内存,还得为系统预留1GB的内存。我曾经就有两台Apache服务器,因为在配置文件中设置的MaxClients为4000,当Apache并发连接数达到3800时,导致服务器内存和Swap空间用满而崩溃。 而这台Nginx0.7.14+PHP5.2.6(FastCGI)服务器在3万并发连接下,开启的10个Nginx进程消耗150M内存(15M*10=150M),开启的64个php-cgi进程消耗1280M内存(20M*64=1280M),加上系统自身消耗的内存,...
-
下一篇
全新Linux+Python高端运维班第三次作业
1、找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello(); [root@tom~]#grep-E-o"[_[:alpha:]]+\(\)"/etc/rc.d/init.d/functions fstab_decode_str() checkpid() __readlink() __fgrep() __kill_pids_term_kill_checkpids() __kill_pids_term_kill() __umount_loop() __source_netdevs_fstab() __source_netdevs_mtab() __umount_loopback_loop() __find_mounts() __pids_var_run() __pids_pidof() daemon() killproc() pidfileofproc() pidofproc() status() echo_success() echo_failure() echo_passed() echo_warning() update_boo...
相关文章
文章评论
共有0条评论来说两句吧...
文章二维码
点击排行
推荐阅读
最新文章
- SpringBoot2初体验,简单认识spring boot2并且搭建基础工程
- Docker使用Oracle官方镜像安装(12C,18C,19C)
- MySQL数据库中FOR UPDATE的使用
- Docker快速安装Oracle11G,搭建oracle11g学习环境
- SpringBoot2全家桶,快速入门学习开发网站教程
- MySQL8.0.19开启GTID主从同步CentOS8
- CentOS7,8上快速安装Gitea,搭建Git服务器
- CentOS8安装MyCat,轻松搞定数据库的读写分离、垂直分库、水平分库
- CentOS7,CentOS8安装Elasticsearch6.8.6
- CentOS8编译安装MySQL8.0.19
微信收款码
支付宝收款码