如何用一台思科三层交换机搞定办公网络-经验分享篇

时间  2019-11-09
标签 如何 一台 思科 三层 交换机 搞定 办公 网络 经验 分享 栏目 快乐工作 繁體版
原文   原文链接

今天,突发的心思想把一个很是基础而简单的应用场景再作一次介绍,作网工的咱们不断在追求高端技术原理和场景,但偶尔真的对于咱们来说,一件简单而又实用的技术对于身边的同事和初来匝道的新成员都是很是有意思的。服务器


wKiom1igA9KRJNk3AADfbYbdCwI730.png


如上图所示,这是一个大环境下的局部参考,思惟稍微发散下,把变成了DHCP+GW的角色,而后服务器设置DHCP直接拉取到IP地址,而后给出全网顺利互相ping通。网络


我这里啊,介绍两种思科的DHCP配置方法,一种是基于物理接口,另一种是基于SVI接口的。我就直接讲配置方法贴在本文中。
ide


基于接口DHCPoop

ip dhcp pool as001学习

   network 192.168.100.0 255.255.255.0ui

   default-router 192.168.100.254spa

   dns-server 114.114.114.114debug

   lease 300日志

#orm

interface FastEthernet0/0

 ip address 192.168.100.254 255.255.255.0

 duplex auto

 speed auto


使用场景:公司办公位很少,只有一个或两个区域,加上公司预算,接入交换机只能买不带网管tplink纯二层交换机,上联接入咱们配置的DHCP的三层交换机,特色:目前市面上很是容易上手的办公网络的工程。


以下图:

wKioL1igBbqinP17AACZSBYypcQ819.png


————————————————————————————————————————————


基于Vlan-DHCP

ip dhcp pool Lab-wifi

   network 172.17.10.0 255.255.255.0

   default-router 172.17.10.254 

   dns-server 114.114.114.114 8.8.8.8 

   lease 300

#

interface Vlan17

 description wifi

 ip address 172.17.10.254 255.255.255.0


使用场景,包含上面的以外,能够更好的去在内网作区分,好比一个接入层交换机下面既有行政又有技术,这个时候基于vlan配置的dhcp就很是合适了。


以下图:

wKiom1igCF2jkG4bAACUNqoHoeo463.png


文章就这样结束了吗?不不,还有最主要的一些现象要演示给你们看看,不然光学配置,不学思路这样就很很差。




以下日志输出,我使用了一台路由模拟终端服务器经过DHCP拿地址,而且开启debug信息,显示以下。

我这里强调一遍,细心的去看日志,你发清晰发现你的理论还不够强大又或者你的理论和实践彻底对上了。

R1(config-if)#

*Nov  8 12:56:21.655: DHCP: DHCP client process started: 10

*Nov  8 12:56:21.679: RAC: Starting DHCP discover on Ethernet1/0

*Nov  8 12:56:21.679: DHCP: Try 1 to acquire address for Ethernet1/0

*Nov  8 12:56:21.691: DHCP: allocate request

*Nov  8 12:56:21.691: DHCP: new entry. add to queue, interface Ethernet1/0

*Nov  8 12:56:21.691: DHCP: SDiscover attempt # 1 for entry:

*Nov  8 12:56:21.691: Temp IP addr: 0.0.0.0  for peer on Interface: Ethernet1/0

*Nov  8 12:56:21.695: Temp  sub net mask: 0.0.0.0

*Nov  8 12:56:21.695:    DHCP Lease server: 0.0.0.0, state: 1 Selecting

*Nov  8 12:56:21.695:    DHCP transaction id: 8DC

R1(config-if)#

R1(config-if)#

*Nov  8 12:56:21.695:    Lease: 0 secs,  Renewal: 0 secs,  Rebind: 0 secs

*Nov  8 12:56:21.699:    Next timer fires after: 00:00:04

*Nov  8 12:56:21.699:    Retry count: 1   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:56:21.699:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:56:21.703:                        303031632D4574312F30

*Nov  8 12:56:21.707:    Hostname: R1

*Nov  8 12:56:21.707: DHCP: SDiscover: sending 291 byte length DHCP packet

*Nov  8 12:56:21.711: DHCP: SDiscover 291 bytes 

*Nov  8 12:56:21.711:             B'cast on Ethernet1/0 interface from 0.0.0.0

*Nov  8 12:56:21.787: DHCP: Received a BOOTREP pkt

*Nov  8 12:56:21.787: DHCP: Scan: Message type: DHCP Offer

*Nov  8 12:56:21.787: DHCP: Scan: Server ID Option: 192.168.1.254 = C0A801FE

*Nov  8 12:56:21.791: DHCP: Scan: Lease Time: 25919829

*Nov  8 12:56:21.791: DHCP: Scan: Renewal time: 12959914

*Nov  8 12:56:21.791: DHCP: Scan: Rebind time: 22679850

*Nov  8 12:56:21.791: DHCP: Sc

R1(config-if)#an: Host Name: R1

*Nov  8 12:56:21.791: DHCP: Scan: Subnet Address Option: 255.255.255.0

*Nov  8 12:56:21.791: DHCP: Scan: Router Option: 192.168.1.254

*Nov  8 12:56:21.795: DHCP: Scan: DNS Name Server Option: 114.114.114.114

*Nov  8 12:56:21.795: DHCP: rcvd pkt source: 192.168.1.254,  destination:  255.255.255.255

*Nov  8 12:56:21.795:    UDP  sport: 43,  dport: 44,  length: 308

*Nov  8 12:56:21.795:    DHCP op: 2, htype: 1, hlen: 6, hops: 0

*Nov  8 12:56:21.795:    DHCP server identifier: 192.168.1.254

*Nov  8 12:56:21.795:         xid: 8DC, secs: 0, flags: 8000

*Nov  8 12:56:21.799:         client: 0.0.0.0, your: 192.168.1.1

*Nov  8 12:56:21.799:         srvr:   0.0.0.0, gw: 0.0.0.0

*Nov  8 12:56:21.799:         options block length: 60


*Nov  8 12:56:21.799: DHCP Offer Message   Offered Address: 192.168.1.1

*Nov  8 12:56:21.799: DHCP: Lease Seconds: 25919829    Renewal secs:  12959914    Rebind secs:   22679850

*Nov  8 12:56:21.803: DHCP: Server ID Option: 192.168.1

R1(config-if)#.254

*Nov  8 12:56:21.803: DHCP Host Name Option: R1

*Nov  8 12:56:21.803: DHCP: offer received from 192.168.1.254

*Nov  8 12:56:21.803: DHCP: SRequest attempt # 1 for entry:

*Nov  8 12:56:21.807: Temp IP addr: 192.168.1.1  for peer on Interface: Ethernet1/0

*Nov  8 12:56:21.807: Temp  sub net mask: 255.255.255.0

*Nov  8 12:56:21.807:    DHCP Lease server: 192.168.1.254, state: 2 Requesting

*Nov  8 12:56:21.807:    DHCP transaction id: 8DC

*Nov  8 12:56:21.807:    Lease: 25919829 secs,  Renewal: 0 secs,  Rebind: 0 secs

*Nov  8 12:56:21.811:    Next timer fires after: 00:00:03

*Nov  8 12:56:21.811:    Retry count: 1   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:56:21.811:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:56:21.819:                        303031632D4574312F30

*Nov  8 12:56:21.831:    Hostname: R1

*Nov  8 12:56:21.831: DHCP: SRequest- Server ID option: 192.168.1.254

*Nov  8 12:56:21.835: DHCP: SRequest- Requested IP addr option: 192.168.1.1

*Nov  8 12:56:21.835: DHCP: SRequest placed lease len option: 25919829

*Nov  8 12:56:21.835: DHCP: SRequest: 309 bytes

*Nov  8 12:56:21.839: DHCP: SRequest: 309 bytes

*Nov  8 12:56:21.839:             B'cast on Ethernet1/0 interface from 0.0.0.0

*Nov  8 12:56:21.947: DHCP: Received a BOOTREP pkt

*Nov  8 12:56:21.947: DHCP: Scan: Message type: DHCP Ack

*Nov  8 12:56:21.947: DHCP: Scan: Server ID Option: 192.168.1.254 = C0A801FE

*Nov  8 12:56:21.951: DHCP: Scan: Lease Time: 25920000

*Nov  8 12:56:21.951: DHCP: Scan: Renewal time: 12960000

*Nov  8 12:56:21.951: DHCP: Scan: Rebind time: 22680000

*Nov  8 12:56:21.951: DHCP: Scan: Host Name: R1

*Nov  8 12:56:21.951: DHCP: Scan: Subnet Address Option: 255.255.255.0

*Nov  8 12:56:21.951: DHCP: Scan: Router Option: 192.168.1.254

*Nov  8 12:56:21.955: DHCP: Scan: DNS Name Server Option: 114.114.114.114

*Nov  8 12:56:21.955: DHCP: rcvd pkt source: 192.168.1.254,  destination:  255.255.255.255

*Nov  8 12:56:21.955:    UDP  

R1(config-if)#sport: 43,  dport: 44,  length: 308

*Nov  8 12:56:21.955:    DHCP op: 2, htype: 1, hlen: 6, hops: 0

*Nov  8 12:56:21.955:    DHCP server identifier: 192.168.1.254

*Nov  8 12:56:21.959:         xid: 8DC, secs: 0, flags: 8000

*Nov  8 12:56:21.959:         client: 0.0.0.0, your: 192.168.1.1

*Nov  8 12:56:21.959:         srvr:   0.0.0.0, gw: 0.0.0.0

*Nov  8 12:56:21.959:         options block length: 60


*Nov  8 12:56:21.959: DHCP Ack Message

*Nov  8 12:56:21.959: DHCP: Lease Seconds: 25920000    Renewal secs:  12960000    Rebind secs:   22680000

*Nov  8 12:56:21.963: DHCP: Server ID Option: 192.168.1.254

*Nov  8 12:56:21.963: DHCP Host Name Option: R1

*Nov  8 12:56:24.987: DHCP: Releasing ipl options:

*Nov  8 12:56:24.991: DHCP: Applying DHCP options:

*Nov  8 12:56:24.991:   Setting default_gateway to 192.168.1.254

*Nov  8 12:56:24.991:   Adding default route 192.168.1.254

*Nov  8 12:56:26.019:   Adding route to DHCP server 192.168.1.254 via Ethernet1/0 192.168.1.254

*Nov  8 12:56:26.019:   Adding DNS server address 114.114.114.114

*Nov  8 12:56:26.019: DHCP Client Pooling: ***Allocated IP address: 192.168.1.1

*Nov  8 12:56:26.023: Allocated IP address = 192.168.1.1  255.255.255.0

*Nov  8 12:56:26.023: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet1/0 assigned DHCP address 192.168.1.1, mask 255.255.255.0, hostname R1


以上的信息是模拟服务器去找DHCP服务器要IP地址,那咱们也很清楚,DHCP有要,就会有还。那接下来的debug日志输出就是咱们终端释放IP地址的log。

*Nov  8 12:54:35.475: DHCP: Release IPL called for interface Ethernet1/0 in state 3

*Nov  8 12:54:35.479: DHCP: SRelease attempt # 1 for entry:

*Nov  8 12:54:35.479: Temp IP addr: 192.168.1.1  for peer on Interface: Ethernet1/0

*Nov  8 12:54:35.479: Temp  sub net mask: 255.255.255.0

*Nov  8 12:54:35.479:    DHCP Lease server: 192.168.1.254, state: 8 Releasing

*Nov  8 12:54:35.479:    DHCP transaction id: 521

*Nov  8 12:54:35.483:    Lease: 25920000 secs,  Renewal: 12960000 secs,  Rebind: 22680000 secs

*Nov  8 12:54:35.483: Temp default-gateway addr: 192.168.1.254

*Nov  8 12:54:35.483:    Next timer fires after: 00:00:02

*Nov  8 12:54:35.483:    Retry count: 1   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:54:35.483:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:54:35.491:                        303031632D4574312F30

*Nov  8 12:54:35.495:    Hostname: R1

*Nov  8 12:54:35.499: DHCP: SRelease placed Server ID option: 192.168.1.254

*Nov  8 12:54:35.499: DHCP: SRelease: 279 bytes

*Nov  8 12:54:39.503: DHCP: Shutting down from get_netinfo()

*Nov  8 12:54:39.503: DHCP: Attempting to shutdown DHCP Client

*Nov  8 12:54:39.503: DHCP: Releasing ipl options:

*Nov  8 12:54:39.503:   Clearing default gateway and route to 192.168.1.254

*Nov  8 12:54:39.503:   Removing old default route 192.168.1.254

*Nov  8 12:54:39.507:   Clearing route to DHCP server 192.168.1.254

*Nov  8 12:54:39.507:   Clearing DNS address 114.114.114.114

*Nov  8 12:54:39.507: DHCP: SRelease attempt # 2 for entry:

*Nov  8 12:54:39.507: Temp IP addr: 192.168.1.1  for peer on Interface: Ethernet1/0

*Nov  8 12:54:39.507: Temp  sub net mask: 255.255.255.0

*Nov  8 12:54:39.511:    DHCP Lease server: 192.168.1.254, state: 8 Releasing

*Nov  8 12:54:39.511:    DHCP transaction id: 521

*Nov  8 12:54:39.511:    Lease: 25920000 secs,  Renewal: 12960000 secs,  Rebind: 22680000 secs

*Nov  8 12:54:39.511:    Next timer fires after: 00:00:02

*Nov  8 12:54:39.511:    Retry count: 2   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:54:39.515:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:54:39.523:                        303031632D4574312F30

*Nov  8 12:54:39.535:    Hostname: R1

*Nov  8 12:54:39.535: DHCP: SRelease placed Server ID option: 192.168.1.254

*Nov  8 12:54:39.535: DHCP: SRelease: 279 bytes

*Nov  8 12:54:43.547: DHCP: SRelease attempt # 3 for entry:

*Nov  8 12:54:43.547: Temp IP addr: 192.168.1.1  for peer on Interface: Ethernet1/0

*Nov  8 12:54:43.547: Temp  sub net mask: 255.255.255.0

*Nov  8 12:54:43.547:    DHCP Lease server: 192.168.1.254, state: 8 Releasing

*Nov  8 12:54:43.551:    DHCP transaction id: 521

*Nov  8 12:54:43.551:    Lease: 25920000 secs,  Renewal: 12960000 secs,  Rebind: 22680000 secs

*Nov  8 12:54:43.551:    Next timer fires after: 00:00:02

*Nov  8 12:54:43.551:    Retry count: 3   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:54:43.551:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:54:43.559:                        303031632D4574312F30

*Nov  8 12:54:43.563:    Hostname: R1

*Nov  8 12:54:43.563: DHCP: SRelease placed Server ID option: 192.168.1.254

*Nov  8 12:54:43.563: DHCP: SRelease: 279 bytes


当年培训老师的劲头又上来了,这里再啰嗦几句,哈哈。


ipv4:DHCP一共有8个报文  切记切记

ipv6: 不仅8个

四个收发报文类型:discover、offer、request、ack

另外四个报文:

NAK:DHCP服务器拒绝客户端的request请求

Decline:当客户端发现本身地址重复时,向DHCP服务器发送该报文

Release:释放本身的IP地址

Inform:客户端获取IP地址之后,若是还须要从DHCP服务器获取更详细的配置信息时,发送该报文

分发原则是先到先得(很人性化)


DHCP整个过程的小计:

【PC发】一、discover    source:0.0.0.0 port:68 destination:广播形式(255.255.255.255)port:67

      做用:寻找DHCP服务器-广播

【DHCP回offer】二、source:dhcp-server地址 port:67 destination:分配的地址

      做用:offer DHCP服务器用来响应dhcp discover报文,此报文携带了各类配置信息

【PCrequest】三、source:0.0.0.0 destination:广播

      做用:该报文有三个用途:

            一、客户端初始化,响应offer报文

            二、客户端重启后,确认以前分配出去的IP地址配置信息

            三、更新ip地址的租约-广播或单薄

【ACK】四、server destination:PC客户端

       做用:服务器对客户端的DHCP request报文的确认响应报文


使用场景-避免员工弄个小TP-link出现网络异常(现象是致使部分员工上不了网)的防范

只要开启了dhcp snooping enable 全部的端口都是untrust的。这个时候,全部dhcp获取的端口都没法自动进行获取。必需要在可信任接口底下开启dhcp snooping trusted 可信任以后。服务器才能正常获取ip地址。



好了,但愿对你们有帮助。小小的笔记回忆确实又让我巩固了一次底层的基础原理,把学习当作习惯,把时间当成金钱,你会受益无比巨大,加油!

                               —————来自一家二级运营商的网工分享

相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程