DHCP服务

2123 字
11 分钟
DHCP服务

DHCP服务#

[TOC]


IPv6初认知#

  • nmcli 设置IPv6 地址

    • ipv6.method manual 手动分配

    • 自动分配

      • SLAAC

      • DHCPv6

通信地址段: ==2001:2026::/64==

主机R11: 2001:2026::121

主机R39: 2001:2026::126

Note

IPv6 没有广播

Terminal window
'主机R11'
[root@R11 ~]# nmcli device up ens161
Device 'ens161' successfully activated with 'f551d2f9-5a50-4960-940e-6a541cc20d83'.
[root@R11 ~]# nmcli connection modify ens161 ipv6.method manual ipv6.addresses 2001:2026::121/64
# 手动给了一个ipv6的地址!
[root@R11 ~]# ip a show ens161 | grep inet6
inet6 fe80::4ddc:6d1:5199:2f31/64 scope link noprefixroute
[root@R11 ~]# nmcli con up ens161
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@R11 ~]# ip a show ens161 | grep inet6
inet6 2001:2026::121/64 scope global noprefixroute
inet6 fe80::4ddc:6d1:5199:2f31/64 scope link noprefixroute
# 多了一个!
=============================
'主机R39'
[root@R39 ~]# nmcli connection modify ens224 ipv6.method manual ipv6.addresses 2001:2026::126/64
[root@R39 ~]# ip a sho ens224 | grep inet6
inet6 fe80::c847:ebb0:d4b8:ab8c/64 scope link noprefixroute
[root@R39 ~]# nmcli con up ens224
[root@R39 ~]# ip a sho ens224 | grep inet6
inet6 2001:2026::126/64 scope global noprefixroute
inet6 fe80::c847:ebb0:d4b8:ab8c/64 scope link noprefixroute
'测试联通性!'
[root@R39 ~]# ping 2001:2026::121/64
ping: 2001:2026::121/64: Name or service not known
❌️是ping6
❌️没有/64
[root@R39 ~]# ping6 2001:2026::121
PING 2001:2026::121 (2001:2026::121) 56 data bytes
64 bytes from 2001:2026::121: icmp_seq=1 ttl=64 time=1.13 ms
64 bytes from 2001:2026::121: icmp_seq=2 ttl=64 time=0.296 ms
64 bytes from 2001:2026::121: icmp_seq=3 ttl=64 time=0.253 ms

dhcp服务端配置#

image-20260503121153523
image-20260503121153523

Terminal window
这里我们用R11,做这个dhcp服务器!!
'就用ens160这张网卡'
用桥接的ssh连接它!
172.31.31.164
(1)先手动固定它的IPv4的地址!
[root@R11 ~]# nmcli con show
NAME UUID TYPE DEVICE
ens160 7ca842f6-eea7-3c7d-a423-4a26177e6ec0 ethernet ens160
[root@R11 ~]# ip a sho ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:36:5b:fb brd ff:ff:ff:ff:ff:ff
altname enp3s0
altname enx005056365bfb
inet 10.0.0.111/24 brd 10.0.0.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
[root@R11 ~]# nmcli con modify ens160 ipv4.method manual ipv4.addresses 10.0.0.33/24 ipv4.gateway 10.0.0.2 connection.autoconnect yes
[root@R11 ~]# nmcli con up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7)
[root@R11 ~]# ip a sho ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:36:5b:fb brd ff:ff:ff:ff:ff:ff
altname enp3s0
altname enx005056365bfb
inet 10.0.0.33/24 brd 10.0.0.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
[root@R11 ~]# dnf -y install kea kea-doc openssl-devel
Installed:
kea-3.0.1-2.el10_1.x86_64 kea-doc-3.0.1-2.el10_1.noarch
kea-libs-3.0.1-2.el10_1.x86_64 libpq-16.11-3.el10_1.x86_64
log4cplus-2.1.1-8.el10.x86_64 mariadb-connector-c-3.4.4-1.el10.x86_64
mariadb-connector-c-config-3.4.4-1.el10.noarch openssl-devel-1:3.5.1-7.el10_1.x86_64
Complete!
[root@R11 ~]# mv /etc/kea/kea-dhcp4.conf /etc/kea/kea-dhcp.conf.back
[root@R11 ~]# vim /etc/kea/kea-dhcp4.conf
{
"Dhcp4": {
"interfaces-config": {
// 网卡设备
"interfaces": [
"ens160"
]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "kea4-ctrl-socket"
},
"lease-database": {
"type": "memfile",
"lfc-interval": 3600
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
"subnet4": [
{
"id": 1,
// 子网声明
"subnet": "10.0.0.0/24",
// 地址池
"pools": [
{
// 从120开始分!
"pool": "10.0.0.120 - 10.0.0.220"
}
],
"option-data": [
{
// 网关
"name": "routers",
"data": "10.0.0.2"
},
{
// DNS 服务器
"name": "domain-name-servers",
"data": "10.0.0.2"
}
],
"reservations": []
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output-options": [
{
"output": "kea-dhcp4.log"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
Terminal window
[root@R11 ~]# getenforce
Disabled
[root@R11 ~]# systemctl is-active firewalld
inactive
[root@R11 ~]# systemctl start kea-dhcp4.service
[root@R11 ~]# systemctl status kea-dhcp4.service
kea-dhcp4.service - Kea DHCPv4 Server
Loaded: loaded (/usr/lib/systemd/system/kea-dhcp4.service; disabled; preset: disabled)
Active: active (running)
[root@R11 ~]# ss -lntup | grep 67
udp UNCONN 0 0 10.0.0.33:67 0.0.0.0:* users:(("kea-dhcp4",pid=4368,fd=16))
=================================
'测试!'
root@R39:~# ip a
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:32:84:40 brd ff:ff:ff:ff:ff:ff
altname enp3s0
altname enx000c29328440
inet 10.0.0.34/24 brd 10.0.0.255 scope global dynamic
✅️'10.0.0.34.。。。'

绑定mac地址#

Terminal window
(1)客户端手动添加一张网卡!!
# 我这张是ens256(得是NAT模式的)
[root@R39 ~]# ip a
4: ens256: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:32:84:54 brd ff:ff:ff:ff:ff:ff
altname enp27s0
altname enx000c29328454
# 找到它的Mac地址!00:0c:29:32:84:54
(2)来到服务端
1)修改配置文件
[root@R11 ~]# vim /etc/kea/kea-dhcp4.conf
{
// DNS 服务器
"name": "domain-name-servers",
"data": "10.0.0.2"
}
],
"reservations": [
// 绑定MAC地址
// 给固定的MAC,分配固定的IP地址
{
"hw-address": "00:0c:29:32:84:54",
// 客户端刚添加网卡的MAC地址
"ip-address": "10.0.0.124"
// 想要给客户端的IP地址
}
]
}
],
"loggers": [
Terminal window
[root@R11 ~]# systemctl restart kea-dhcp4.service
[root@R11 ~]# systemctl is-active kea-dhcp4
active
[root@R11 ~]# ss -lntup | grep dhcp
udp UNCONN 0 0 10.0.0.111:67 0.0.0.0:* users:(("kea-dhcp4",pid=3637,fd=16))
"来到客户端!!"
[root@R39 ~]# nmcli device up ens256
Device 'ens256' successfully activated with '5138d01c-89cd-433c-97eb-4a0c3059a626'.
# 把网卡启动了
[root@R39 ~]# ip a sh ens256
4: ens256: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:32:84:54 brd ff:ff:ff:ff:ff:ff
altname enp27s0
altname enx000c29328454
inet 10.0.0.124/24 brd 10.0.0.255 scope global dynamic noprefixroute ens256
valid_lft 3593sec preferred_lft 3593sec
inet6 fe80::b120:f845:9023:f80e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
# 现在这里面就是我们刚刚给的IP地址!

实验练习#

扩展KEA-DHCP4选项支持#

Terminal window
# 扩展NTP 服务器 / DNS 域
[root@R11 ~]# systemctl status kea-dhcp4
kea-dhcp4.service - Kea DHCPv4 Server
Loaded: loaded (/usr/lib/systemd/system/kea-dhcp4.service; enabled; preset: disabled)
Active: active (running)
[root@R11 ~]# vim /etc/kea/kea-dhcp4.conf
{
"Dhcp4": {
"interfaces-config": {
// 网卡设备
"interfaces": [
"eth0"
]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "kea4-ctrl-socket"
},
"lease-database": {
"type": "memfile",
"lfc-interval": 3600
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
"subnet4": [
{
"id": 1,
// 子网声明
"subnet": "10.0.0.0/24",
// 地址池
"pools": [
{
// 从120开始分!
"pool": "10.0.0.120 - 10.0.0.220"
}
],
"option-data": [
{
// 网关
"name": "routers",
"data": "10.0.0.2"
},
{
// DNS 搜索域
"name": "domain-search",
"data": "class-server.lab"
// ✅️添加搜索域
},
{
// NTP 服务器
"name": "ntp-servers",
"data": "210.72.145.44, 202.120.2.101"
// ✅️添加NTP服务器
},
{
// DNS 服务器
"name": "domain-name-servers",
"data": "10.0.0.2, 223.6.6.6"
}
],
"reservations": []
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output-options": [
{
"output": "kea-dhcp4.log"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
[root@R11 ~]# systemctl restart kea-dhcp4
Terminal window
'客户端验证:'
[root@R39 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.0.0.2
[root@R39 ~]# cat /run/chrony-dhcp/eth2.sources
cat: /run/chrony-dhcp/eth2.sources: No such file or directory
====================================
# 上面是没有重启服务之前!
[root@R39 ~]# nmcli connection up eth2
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/14)
[root@R39 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search class-server.lab
nameserver 10.0.0.2
nameserver 223.6.6.6
[root@R39 ~]# cat /run/chrony-dhcp/eth2.sources
server 210.72.145.44 iburst
server 202.120.2.101 iburst
[root@R39 ~]# chronyc sources -V
MS Name/IP address Stratum Poll Reach LastRx Last sampl
==========================================
^- ntp7.flashdance.cx
^- a.chl.la
^- 119.28.183.184
^* 211.159.153.122
^- 202.120.2.101.dns.sjtu.e>
^? 210.72.145.44

SLAAC 自动生成地址#

Terminal window
'dhcp-server ---> router'
[root@R11 ~]# dnf -y install radvd
Installed:
radvd-2.19-16.el10.x86_64
Complete!
[root@R11 ~]# vim /etc/radvd.conf
'G跳到文章最后!'
# 文件最后新增配置即可
interface eth0
{
# 启用路由通知,持续发送包括网络前缀【网络ID】报文
AdvSendAdvert on;
# 路由通知报文的发送最小间隔
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
# 路由通知报文的发送最大间隔
# 实际间隔为30~100 之间的随机值
# 前缀 接口ID 使用ipv6地址生成算法自动生成
prefix 2001:2026:1::/64
{
# 前缀可用
AdvOnLink on;
# 允许自动生成地址
AdvAutonomous on;
# 不发送接口地址
AdvRouterAddr off;
};
};
[root@R11 ~]# systemctl enable --now radvd
Created symlink '/etc/systemd/system/multi-user.target.wants/radvd.service' '/usr/lib/systemd/system/radvd.service'.
[root@R11 ~]# systemctl is-active radvd.service
active
[root@R11 ~]# systemctl is-enabled radvd.service
enabled
Terminal window
'client 默认地址自动配置'
[root@R102 ~]# ip a show eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:83:1f:2f brd ff:ff:ff:ff:ff:ff
altname enp27s0
altname ens256
altname enx000c29831f2f
inet 10.0.0.120/24 brd 10.0.0.255 scope global dynamic noprefixroute eth2
valid_lft 3126sec preferred_lft 3126sec
inet6 2001:2026:1:0:4de6:20a6:abff:fb1c/64 scope global dynamic noprefixroute
valid_lft 86360sec preferred_lft 14360sec
inet6 fe80::2510:db2b:f0a9:a589/64 scope link noprefixroute
valid_lft forever preferred_lft forever
==========================================
'抓包验证!'
[root@R102 ~]# tcpdump -nnvvi eth2 icmp6
dropped privs to tcpdump
tcpdump: listening on eth2, link-type EN10MB (Ethernet), snapshot length 262144 bytes
23:14:53.078320 IP6 (flowlabel 0xba277, hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::20c:29ff:fee9:26a2 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56
hop limit 64, Flags [none], pref medium, router lifetime 300s, reachable time 0ms, retrans timer 0ms
prefix info option (3), length 32 (4): 2001:2026:1::/64, Flags [onlink, auto], valid time 86400s, pref. time 14400s
0x0000: 40c0 0001 5180 0000 3840 0000 0000 2001
0x0010: 2026 0001 0000 0000 0000 0000 0000
source link-address option (1), length 8 (1): 00:0c:29:e9:26:a2
0x0000: 000c 29e9 26a2
23:15:05.214971 IP6 (flowlabel 0xba277, hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::20c:29ff:fee9:26a2 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56
hop limit 64, Flags [none], pref medium, router lifetime 0s, reachable time 0ms, retrans timer 0ms
prefix info option (3), length 32 (4): 2001:2026:1::/64, Flags [onlink, auto], valid time 86400s, pref. time 14400s
0x0000: 40c0 0001 5180 0000 3840 0000 0000 2001
0x0010: 2026 0001 0000 0000 0000 0000 0000
source link-address option (1), length 8 (1): 00:0c:29:e9:26:a2
0x0000: 000c 29e9 26a2
==========================================
'邻居状态维护 '
[root@R102 ~]# ip -6 neighbo
fe80::20c:29ff:fee9:26a2 dev eth2 lladdr 00:0c:29:e9:26:a2 router STALE
fe80::20c:29ff:fee9:26a2 dev eth0 lladdr 00:0c:29:e9:26:a2 router STALE

SLAAC 自动生成地址 + DHCPv6 辅助额外参数【option】#

Terminal window
[root@R101 ~]# rpm -qa radvd
radvd-2.19-16.el10.x86_64
[root@R101 ~]# systemctl status radvd
radvd.service - Router advertisement daemon for IPv6
Loaded: loaded (/usr/lib/systemd/system/radvd.service; enabled; preset: disabled)
Active: active (running)
[root@R101 ~]# vim /etc/radvd.conf
....
prefix 2001:2026:1::/64
{
# 前缀可用
AdvOnLink on;
# 允许自动生成地址
AdvAutonomous on;
# 不发送接口地址
AdvRouterAddr off;
};
# 原有配置无需修改,新增以下内容
# 不用从DHCPv6服务器获取地址
AdvManagedFlag off;
# 从DHCPv6服务器获取额外参数
AdvOtherConfigFlag on;
};
[root@R101 ~]# systemctl restart radvd.service
================================================
[root@R101 ~]# mv /etc/kea/kea-dhcp6.conf /etc/kea/kea-dhcp6.conf.bak
[root@R101 ~]# vim /etc/kea/kea-dhcp6.conf
{
"Dhcp6": {
"interfaces-config": {
"interfaces": [ "eth0" ]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "kea6-ctrl-socket"
},
"lease-database": {
"type": "memfile",
"lfc-interval": 3600
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 1000,
"rebind-timer": 2000,
"preferred-lifetime": 3000,
"valid-lifetime": 4000,
"option-data": [
{
"name": "dns-servers",
"data": "2001:4860:4860::8888, 2400:da00::6666"
},
{
"name": "domain-search",
"data": "class-server.lab6"
},
{
"name": "sntp-servers",
"data": "2001:4860:4806:1::"
}
],
"subnet6": [
{
"id": 2,
"subnet": "2001:2026:1::/64",
"pools": [ { "pool": "2001:2026:1::100 - 2001:2026:1::200" } ],
//"pd-pools": [
// {
// "prefix": "2001:2026:1::",
// "prefix-len": 56,
// "delegated-len": 64
// }
//],
"reservations": [
]
}
],
"loggers": [
{
"name": "kea-dhcp6",
"output-options": [
{
"output": "kea-dhcp6.log"
}
],
"severity": "DEBUG",
"debuglevel": 0
}
]
}
}
[root@R101 ~]# systemctl enable --now kea-dhcp6
Created symlink '/etc/systemd/system/multi-user.target.wants/kea-dhcp6.service' '/usr/lib/systemd/system/kea-dhcp6.service'.
[root@R101 ~]# systemctl restart kea-dhcp6.service
[root@R101 ~]# systemctl status -l kea-dhcp6
kea-dhcp6.service - Kea DHCPv6 Server
Loaded: loaded (/usr/lib/systemd/system/kea-dhcp6.service; enabled; preset: disabled)
Active: active (running)
[root@R101 ~]# ss -lntup | grep 547
udp UNCONN [fe.....a2]%eth0:547 users:(("kea-dhcp6"
udp UNCONN [ff02::1:2]%eth0:547 users:(("kea-dhcp6"
================================================
# 客户端验证!
[root@R102 ~]# nmcli connection show
eth0 030f5...467 ethernet eth0
Wired connection 1 04f7..fde ethernet eth2
eth1 cb82b7...5e009 ethernet eth1
[root@R102 ~]# nmcli con modify Wired\ connection\ 1 con-name eth2
[root@R102 ~]# nmcli con show | grep eth2
eth2 04f7..6de ethernet eth2
[root@R102 ~]# nmcli con up eth2
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@R102 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search class-server.lab6 class-server.lab
nameserver 223.6.6.6
nameserver 2001:4860:4860::8888
nameserver 2400:da00::6666
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 10.0.0.2
[root@R102 ~]# ls -lh /run/chrony
chrony/ chrony-dhcp/
[root@R102 ~]# cat /run/chrony-dhcp/eth2.sources
server 210.72.145.44 iburst
server 202.120.2.101 iburst
server 2001:4860:4806:1:: iburst

文章分享

如果这篇文章对你有帮助,欢迎分享给更多人!

DHCP服务
https://www.kpyun.fun/posts/basics/netops/netops05/
作者
久棹
发布于
2025-10-24
许可协议
CC BY-NC-SA 4.0
Profile Image of the Author
久棹
只要胆子大,天天寒暑假!
公告
欢迎来到久棹的技术小站!本站专注 Linux 运维学习笔记分享,如有问题欢迎交流探讨 🎉
分类
标签
站点统计
文章
98
分类
11
标签
203
总字数
244,453
运行时长
0
最后活动
0 天前
站点信息
构建平台
Local
博客版本
Firefly v6.13.5
文章许可
CC BY-NC-SA 4.0

文章目录