请选择 进入手机版 | 继续访问电脑版

设为首页 收藏本站
思科社区 关注
思科社区

搜索
热搜: 邮件服务器
查看: 457|回复: 0

【原创】DHCP服务器通过option 82选项为接入交换机指定接口的设备分配固定IP测试

[复制链接]
发表于 2020-4-16 23:06:21 | 显示全部楼层 |阅读模式
本帖最后由 碧云天 于 2020-4-16 23:27 编辑

一.概述
    默认情况下,DHCP客户端发出DHCP Discover包的时候,里面不带82选项,需要交换机开启DHCP snooping才会自动插入该选项。如果交换机开启DHCP snooping,插入的82选项里面包含接收DHCP Discover包初始交换机接口的信息,DHCP服务器经过配置后,能根据82选项的信息,为接入这个接口的设备分配指定的IP地址。下面为思科路由器作为DHCP服务器,根据DHCP 82选项来为接入交换机指定接口的设备分配固定IP地址的配置测试。如果DHCP服务器为Linux设备,可以参考如下链接配置:https://www.jianshu.com/p/e02e4da6922f


测试拓扑:

需求:
1.接SW1的E0/1接口设备获取的P地址为192.168.10.18
2.接SW1的E0/3接口设备获取的P地址为192.168.20.18

测试总结:
1.DHCP snooping会导致DHCP中继出现问题
---连接交换机自身的设备DHCP中继能正常,出现问题的是通过trunk过来的需要进行DHCP中继,上图如果SW2配置中继能正常工作。
2.DHCP地址池如果配置class但没配置通配的话,会导致接入没有被class匹配的交换机接口的设备无法获取IP地址。
二.基本配置
1.DHCPserver

hostname DHCPserver
interface Ethernet0/0
    ip address 192.168.10.8 255.255.255.0
    no shutdown
ip dhcp excluded-address 192.168.10.8
ip dhcp excluded-address 192.168.10.254
ip dhcp excluded-address 192.168.20.254
ip dhcp pool vlan10Pool
    network 192.168.10.0 255.255.255.0
    default-router 192.168.10.254
ip dhcp pool vlan20Pool
    network 192.168.20.0 255.255.255.0
    default-router 192.168.20.254
ip route 0.0.0.0 0.0.0.0 192.168.10.254
备注:必须配置默认路由,不然虽然接收到DHCP中继传递过来的请求,不会回复。
2.SW1
hostname SW1
vlan 10
vlan 20
interface Ethernet0/0
    switchport trunk encapsulation dot1q
    switchport mode trunk
interface range Ethernet0/1-2
     switchport mode access
     switchport access vlan 10
interface range Ethernet0/3
     switchport mode access
     switchport access vlan 20
interface Vlan10
    ip address 192.168.10.254 255.255.255.0
    no shutdown
interface Vlan20
    ip address 192.168.20.254 255.255.255.0
    no shutdown
    ip helper-address 192.168.10.8
3.SW2
hostname SW2
vlan 10
vlan 20
interface Ethernet0/0
    switchport trunk encapsulation dot1q
    switchport mode trunk
interface range Ethernet0/1
     switchport mode access
     switchport access vlan 10
interface range Ethernet0/2
     switchport mode access
     switchport access vlan 20
4.验证DHCP和DHCP中继能正常工作
①Client1能正常获取IP地址

Client1(config)#int e0/0
Client1(config-if)#ip address dhcp
Client1(config-if)#no shutdown
Client1(config-if)#
*Apr 16 06:26:49.838: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*Apr 16 06:26:50.845: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
Client1(config-if)#
*Apr 16 06:29:16.314: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 192.168.10.1, mask 255.255.255.0, hostname Client1

Client1(config-if)#
②Client2能正常获取IP地址
Client2(config)#int e0/0
Client2(config-if)#no shutdown
Client2(config-if)#
*Apr 16 06:37:31.964: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*Apr 16 06:37:32.967: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
Client2(config-if)#
*Apr 16 06:39:06.786: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 192.168.20.1, mask 255.255.255.0, hostname Client2

Client2(config-if)#
③Client4能正常获取IP地址
Client4(config)#int e0/0
Client4(config-if)#no sh
Client4(config-if)#no shutdown
*Apr 16 06:42:07.665: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*Apr 16 06:42:08.674: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
Client4(config-if)#
*Apr 16 06:43:11.891: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 192.168.20.2, mask 255.255.255.0, hostname Client4

Client4(config-if)#
备注:此时如果通过wireshark在DHCPserver的e/0接口抓包,可以看到DHCP Discover包中不包含82选项。
三.交换机配置DHCP snooping
1.在交换机上全局开启DHCP snooping

SW1(config)#ip dhcp snooping

SW2(config)#ip dhcp snooping
2.配置DHCP本地DHCP snooping数据库存储位置(需要提前设置好时间)
SW1(config)#clock timezone GMT +8
SW1(config)#do clock set 14:50:00 16 Apr 2020
SW1(config)#ip dhcp snooping database unix:/dhcp.db

SW2(config)#clock timezone GMT +8
SW2(config)#do clock set 14:50:00 16 Apr 2020
SW2(config)#ip dhcp snooping database unix:/dhcp.db
3.把连接合法DHCP服务器的端口以及trunk接口配置为Trust
SW1(config)#int rang e0/0,E0/2
SW1(config-if-range)#ip dhcp snooping trust

SW2(config)#int  e0/0
SW2(config-if)#ip dhcp snooping trust
4.在非信任的端口上配置DHCP限速
SW1(config)#int rang e0/1,e0/3
SW1(config-if)#ip dhcp snooping limit rate 3

SW2(config)#int range e0/1-2
SW2(config-if-range)#ip dhcp snooping limit rate 3
5.在特定VLNA中启用DHCP snooping
SW1(config)#ip dhcp snooping vlan 10,20
SW2(config)#ip dhcp snooping vlan 10,20
6.验证
此时客户端都无法获取IP地址,通过wireshark在DHCPserver的e/0接口抓包,可以看到DHCP Discover包中包含82选项。
7.DHCP服务配置信任82选项
DHCPserver(config)#ip dhcp relay information trust-all
8.再次验证
此时,Client1和Client2能正常获取IP地址,但是Client4无法获取IP地址,经过抓包发现是因为SW1根本就不把client4的DHCP Discover包转发给DHCPserver,但是关闭SW1的DHCP snooping之后,Client4能正常获取IP地址,说明DHCP snooping对DHCP中继的正常工作会存在影响

四.配置交换机指定接口的设备获取IP相同
1.配置dhcp class

ip dhcp class Client1
    relay agent information
          relay-information hex 01060004000a000102080006aabbcc001000
ip dhcp class Client2
    relay agent information
          relay-information hex 010600040014000302080006aabbcc001000
ip dhcp class any1
    relay agent information
          relay-information hex 0106000400*
ip dhcp class any2
    relay agent information
          relay-information hex 0106000400*
备注: relay-information 可以通过DHCP服务器 debug ip dhcp server class获取,地址池里面需要先配置一个随意匹配的class。

2.修改原有dhcp pool调用dhcp class
ip dhcp pool vlan10Pool
    network 192.168.10.0 255.255.255.0
    default-router 192.168.10.254
    class Client1
      address range 192.168.10.18 192.168.10.18
     class any1
        address range 192.168.10.1 192.168.10.17
     class any2
        address range 192.168.10.19 192.168.10.253
ip dhcp pool vlan20Pool
    network 192.168.20.0 255.255.255.0
    default-router 192.168.20.254
    class Client2
      address range 192.168.20.18 192.168.20.18
     class any1
        address range 192.168.20.1 192.168.20.17
     class any2
        address range 192.168.20.19 192.168.20.253

3.验证
①Client1能按之前预设的获取IP地址
Client1(config)#int e0/0
Client1(config-if)#shutdown
Client1(config-if)#no shutdown
Client1(config-if)#
*Apr 16 07:25:15.769: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 192.168.10.18, mask 255.255.255.0, hostname Client1

Client1(config-if)#
②Client2也能按之前预设的获取IP地址
Client2(config)#int e0/0
Client2(config-if)#shutdown
Client2(config-if)#no shutdown
Client2(config-if)#
*Apr 16 07:32:00.263: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*Apr 16 07:32:01.271: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
Client2(config-if)#
*Apr 16 07:32:04.381: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 192.168.20.18, mask 255.255.255.0, hostname Client2

Client2(config-if)#
③Client3也也能获取IP地址
Client3(config)#int e0/0
Client3(config-if)#ip address dhcp
Client3(config-if)#no shutdown
Client3(config-if)#
*Apr 16 14:45:50.850: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
Client3(config-if)#
*Apr 16 14:45:51.859: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
Client3(config-if)#
*Apr 16 14:46:59.453: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 192.168.10.2, mask 255.255.255.0, hostname Client3

Client3(config-if)#
备注:如果地址池里面不配置通配的class,会导致没有指定relay-information的接口无法接入的设备无法或者IP地址。
④保存配置,stop各个设备,然后将Client1和client2连接SW1的接口对调
--可以看到Client1和Client2的地址跟之前进行了呼唤,从而可以确定
Client1(config)#int e0/0
Client1(config-if)#shutdown
Client1(config-if)#no shutdown
*Apr 16 15:00:14.566: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*Apr 16 15:00:15.572: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
Client1(config-if)#
*Apr 16 15:00:18.747: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 192.168.20.18, mask 255.255.255.0, hostname Client1

Client1(config-if)#

Client2(config)#int e0/0
Client2(config-if)#shutdown
*Apr 16 14:57:09.910: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
*Apr 16 14:57:10.914: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down
Client2(config-if)#no shutdown
*Apr 16 14:57:39.118: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*Apr 16 14:57:40.124: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
Client2(config-if)#
*Apr 16 15:00:04.117: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 192.168.10.18, mask 255.255.255.0, hostname Client2

Client2(config-if)#

本帖子中包含更多资源

您需要 思科 CCO 登录 才可以下载或查看,没有帐号?思科 CCO 注册   

x
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
您需要登录后才可以回帖 思科 CCO 登录 | 思科 CCO 注册   

本版积分规则

Archiver | 思科社区  

GMT+8, 2020-5-29 07:49 , Processed in 0.093628 second(s), 29 queries .

京ICP备11014401号-17

© 2020 思科系统.版权所有 重要声明 | 保密声明 | 隐私权政策 | 商标 |

快速回复 返回顶部 返回列表