如何用一臺思科三層交換機搞定辦公網絡-經驗分享篇

今天，突發的心思想把一個很是基礎而簡單的應用場景再作一次介紹，作網工的咱們不斷在追求高端技術原理和場景，但偶爾真的對於咱們來說，一件簡單而又實用的技術對於身邊的同事和初來匝道的新成員都是很是有意思的。

如上圖所示，這是一個大環境下的局部參考，思惟稍微發散下，把變成了DHCP+GW的角色，而後服務器設置DHCP直接拉取到IP地址，而後給出全網順利互相ping通。

我這裏啊，介紹兩種思科的DHCP配置方法，一種是基於物理接口，另一種是基於SVI接口的。我就直接講配置方法貼在本文中。

基於接口DHCP

ip dhcp pool as001

   network 192.168.100.0 255.255.255.0

   default-router 192.168.100.254

   dns-server 114.114.114.114

   lease 300

#

interface FastEthernet0/0

 ip address 192.168.100.254 255.255.255.0

 duplex auto

 speed auto

使用場景：公司辦公位很少，只有一個或兩個區域，加上公司預算，接入交換機只能買不帶網管tplink純二層交換機，上聯接入咱們配置的DHCP的三層交換機，特色：目前市面上很是容易上手的辦公網絡的工程。

以下圖：

————————————————————————————————————————————

基於Vlan-DHCP

ip dhcp pool Lab-wifi

   network 172.17.10.0 255.255.255.0

   default-router 172.17.10.254 

   dns-server 114.114.114.114 8.8.8.8 

   lease 300

#

interface Vlan17

 description wifi

 ip address 172.17.10.254 255.255.255.0

使用場景，包含上面的以外，能夠更好的去在內網作區分，好比一個接入層交換機下面既有行政又有技術，這個時候基於vlan配置的dhcp就很是合適了。

以下圖：

文章就這樣結束了嗎？不不，還有最主要的一些現象要演示給你們看看，不然光學配置，不學思路這樣就很很差。

以下日誌輸出，我使用了一臺路由模擬終端服務器經過DHCP拿地址，而且開啓debug信息，顯示以下。

我這裏強調一遍，細心的去看日誌，你發清晰發現你的理論還不夠強大又或者你的理論和實踐徹底對上了。

R1(config-if)#

*Nov  8 12:56:21.655: DHCP: DHCP client process started: 10

*Nov  8 12:56:21.679: RAC: Starting DHCP discover on Ethernet1/0

*Nov  8 12:56:21.679: DHCP: Try 1 to acquire address for Ethernet1/0

*Nov  8 12:56:21.691: DHCP: allocate request

*Nov  8 12:56:21.691: DHCP: new entry. add to queue, interface Ethernet1/0

*Nov  8 12:56:21.691: DHCP: SDiscover attempt # 1 for entry:

*Nov  8 12:56:21.691: Temp IP addr: 0.0.0.0  for peer on Interface: Ethernet1/0

*Nov  8 12:56:21.695: Temp  sub net mask: 0.0.0.0

*Nov  8 12:56:21.695:    DHCP Lease server: 0.0.0.0, state: 1 Selecting

*Nov  8 12:56:21.695:    DHCP transaction id: 8DC

R1(config-if)#

R1(config-if)#

*Nov  8 12:56:21.695:    Lease: 0 secs,  Renewal: 0 secs,  Rebind: 0 secs

*Nov  8 12:56:21.699:    Next timer fires after: 00:00:04

*Nov  8 12:56:21.699:    Retry count: 1   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:56:21.699:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:56:21.703:                        303031632D4574312F30

*Nov  8 12:56:21.707:    Hostname: R1

*Nov  8 12:56:21.707: DHCP: SDiscover: sending 291 byte length DHCP packet

*Nov  8 12:56:21.711: DHCP: SDiscover 291 bytes 

*Nov  8 12:56:21.711:             B'cast on Ethernet1/0 interface from 0.0.0.0

*Nov  8 12:56:21.787: DHCP: Received a BOOTREP pkt

*Nov  8 12:56:21.787: DHCP: Scan: Message type: DHCP Offer

*Nov  8 12:56:21.787: DHCP: Scan: Server ID Option: 192.168.1.254 = C0A801FE

*Nov  8 12:56:21.791: DHCP: Scan: Lease Time: 25919829

*Nov  8 12:56:21.791: DHCP: Scan: Renewal time: 12959914

*Nov  8 12:56:21.791: DHCP: Scan: Rebind time: 22679850

*Nov  8 12:56:21.791: DHCP: Sc

R1(config-if)#an: Host Name: R1

*Nov  8 12:56:21.791: DHCP: Scan: Subnet Address Option: 255.255.255.0

*Nov  8 12:56:21.791: DHCP: Scan: Router Option: 192.168.1.254

*Nov  8 12:56:21.795: DHCP: Scan: DNS Name Server Option: 114.114.114.114

*Nov  8 12:56:21.795: DHCP: rcvd pkt source: 192.168.1.254,  destination:  255.255.255.255

*Nov  8 12:56:21.795:    UDP  sport: 43,  dport: 44,  length: 308

*Nov  8 12:56:21.795:    DHCP op: 2, htype: 1, hlen: 6, hops: 0

*Nov  8 12:56:21.795:    DHCP server identifier: 192.168.1.254

*Nov  8 12:56:21.795:         xid: 8DC, secs: 0, flags: 8000

*Nov  8 12:56:21.799:         client: 0.0.0.0, your: 192.168.1.1

*Nov  8 12:56:21.799:         srvr:   0.0.0.0, gw: 0.0.0.0

*Nov  8 12:56:21.799:         options block length: 60

*Nov  8 12:56:21.799: DHCP Offer Message   Offered Address: 192.168.1.1

*Nov  8 12:56:21.799: DHCP: Lease Seconds: 25919829    Renewal secs:  12959914    Rebind secs:   22679850

*Nov  8 12:56:21.803: DHCP: Server ID Option: 192.168.1

R1(config-if)#.254

*Nov  8 12:56:21.803: DHCP Host Name Option: R1

*Nov  8 12:56:21.803: DHCP: offer received from 192.168.1.254

*Nov  8 12:56:21.803: DHCP: SRequest attempt # 1 for entry:

*Nov  8 12:56:21.807: Temp IP addr: 192.168.1.1  for peer on Interface: Ethernet1/0

*Nov  8 12:56:21.807: Temp  sub net mask: 255.255.255.0

*Nov  8 12:56:21.807:    DHCP Lease server: 192.168.1.254, state: 2 Requesting

*Nov  8 12:56:21.807:    DHCP transaction id: 8DC

*Nov  8 12:56:21.807:    Lease: 25919829 secs,  Renewal: 0 secs,  Rebind: 0 secs

*Nov  8 12:56:21.811:    Next timer fires after: 00:00:03

*Nov  8 12:56:21.811:    Retry count: 1   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:56:21.811:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:56:21.819:                        303031632D4574312F30

*Nov  8 12:56:21.831:    Hostname: R1

*Nov  8 12:56:21.831: DHCP: SRequest- Server ID option: 192.168.1.254

*Nov  8 12:56:21.835: DHCP: SRequest- Requested IP addr option: 192.168.1.1

*Nov  8 12:56:21.835: DHCP: SRequest placed lease len option: 25919829

*Nov  8 12:56:21.835: DHCP: SRequest: 309 bytes

*Nov  8 12:56:21.839: DHCP: SRequest: 309 bytes

*Nov  8 12:56:21.839:             B'cast on Ethernet1/0 interface from 0.0.0.0

*Nov  8 12:56:21.947: DHCP: Received a BOOTREP pkt

*Nov  8 12:56:21.947: DHCP: Scan: Message type: DHCP Ack

*Nov  8 12:56:21.947: DHCP: Scan: Server ID Option: 192.168.1.254 = C0A801FE

*Nov  8 12:56:21.951: DHCP: Scan: Lease Time: 25920000

*Nov  8 12:56:21.951: DHCP: Scan: Renewal time: 12960000

*Nov  8 12:56:21.951: DHCP: Scan: Rebind time: 22680000

*Nov  8 12:56:21.951: DHCP: Scan: Host Name: R1

*Nov  8 12:56:21.951: DHCP: Scan: Subnet Address Option: 255.255.255.0

*Nov  8 12:56:21.951: DHCP: Scan: Router Option: 192.168.1.254

*Nov  8 12:56:21.955: DHCP: Scan: DNS Name Server Option: 114.114.114.114

*Nov  8 12:56:21.955: DHCP: rcvd pkt source: 192.168.1.254,  destination:  255.255.255.255

*Nov  8 12:56:21.955:    UDP  

R1(config-if)#sport: 43,  dport: 44,  length: 308

*Nov  8 12:56:21.955:    DHCP op: 2, htype: 1, hlen: 6, hops: 0

*Nov  8 12:56:21.955:    DHCP server identifier: 192.168.1.254

*Nov  8 12:56:21.959:         xid: 8DC, secs: 0, flags: 8000

*Nov  8 12:56:21.959:         client: 0.0.0.0, your: 192.168.1.1

*Nov  8 12:56:21.959:         srvr:   0.0.0.0, gw: 0.0.0.0

*Nov  8 12:56:21.959:         options block length: 60

*Nov  8 12:56:21.959: DHCP Ack Message

*Nov  8 12:56:21.959: DHCP: Lease Seconds: 25920000    Renewal secs:  12960000    Rebind secs:   22680000

*Nov  8 12:56:21.963: DHCP: Server ID Option: 192.168.1.254

*Nov  8 12:56:21.963: DHCP Host Name Option: R1

*Nov  8 12:56:24.987: DHCP: Releasing ipl options:

*Nov  8 12:56:24.991: DHCP: Applying DHCP options:

*Nov  8 12:56:24.991:   Setting default_gateway to 192.168.1.254

*Nov  8 12:56:24.991:   Adding default route 192.168.1.254

*Nov  8 12:56:26.019:   Adding route to DHCP server 192.168.1.254 via Ethernet1/0 192.168.1.254

*Nov  8 12:56:26.019:   Adding DNS server address 114.114.114.114

*Nov  8 12:56:26.019: DHCP Client Pooling: ***Allocated IP address: 192.168.1.1

*Nov  8 12:56:26.023: Allocated IP address = 192.168.1.1  255.255.255.0

*Nov  8 12:56:26.023: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet1/0 assigned DHCP address 192.168.1.1, mask 255.255.255.0, hostname R1

以上的信息是模擬服務器去找DHCP服務器要IP地址，那咱們也很清楚，DHCP有要，就會有還。那接下來的debug日誌輸出就是咱們終端釋放IP地址的log。

*Nov  8 12:54:35.475: DHCP: Release IPL called for interface Ethernet1/0 in state 3

*Nov  8 12:54:35.479: DHCP: SRelease attempt # 1 for entry:

*Nov  8 12:54:35.479: Temp IP addr: 192.168.1.1  for peer on Interface: Ethernet1/0

*Nov  8 12:54:35.479: Temp  sub net mask: 255.255.255.0

*Nov  8 12:54:35.479:    DHCP Lease server: 192.168.1.254, state: 8 Releasing

*Nov  8 12:54:35.479:    DHCP transaction id: 521

*Nov  8 12:54:35.483:    Lease: 25920000 secs,  Renewal: 12960000 secs,  Rebind: 22680000 secs

*Nov  8 12:54:35.483: Temp default-gateway addr: 192.168.1.254

*Nov  8 12:54:35.483:    Next timer fires after: 00:00:02

*Nov  8 12:54:35.483:    Retry count: 1   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:54:35.483:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:54:35.491:                        303031632D4574312F30

*Nov  8 12:54:35.495:    Hostname: R1

*Nov  8 12:54:35.499: DHCP: SRelease placed Server ID option: 192.168.1.254

*Nov  8 12:54:35.499: DHCP: SRelease: 279 bytes

*Nov  8 12:54:39.503: DHCP: Shutting down from get_netinfo()

*Nov  8 12:54:39.503: DHCP: Attempting to shutdown DHCP Client

*Nov  8 12:54:39.503: DHCP: Releasing ipl options:

*Nov  8 12:54:39.503:   Clearing default gateway and route to 192.168.1.254

*Nov  8 12:54:39.503:   Removing old default route 192.168.1.254

*Nov  8 12:54:39.507:   Clearing route to DHCP server 192.168.1.254

*Nov  8 12:54:39.507:   Clearing DNS address 114.114.114.114

*Nov  8 12:54:39.507: DHCP: SRelease attempt # 2 for entry:

*Nov  8 12:54:39.507: Temp IP addr: 192.168.1.1  for peer on Interface: Ethernet1/0

*Nov  8 12:54:39.507: Temp  sub net mask: 255.255.255.0

*Nov  8 12:54:39.511:    DHCP Lease server: 192.168.1.254, state: 8 Releasing

*Nov  8 12:54:39.511:    DHCP transaction id: 521

*Nov  8 12:54:39.511:    Lease: 25920000 secs,  Renewal: 12960000 secs,  Rebind: 22680000 secs

*Nov  8 12:54:39.511:    Next timer fires after: 00:00:02

*Nov  8 12:54:39.511:    Retry count: 2   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:54:39.515:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:54:39.523:                        303031632D4574312F30

*Nov  8 12:54:39.535:    Hostname: R1

*Nov  8 12:54:39.535: DHCP: SRelease placed Server ID option: 192.168.1.254

*Nov  8 12:54:39.535: DHCP: SRelease: 279 bytes

*Nov  8 12:54:43.547: DHCP: SRelease attempt # 3 for entry:

*Nov  8 12:54:43.547: Temp IP addr: 192.168.1.1  for peer on Interface: Ethernet1/0

*Nov  8 12:54:43.547: Temp  sub net mask: 255.255.255.0

*Nov  8 12:54:43.547:    DHCP Lease server: 192.168.1.254, state: 8 Releasing

*Nov  8 12:54:43.551:    DHCP transaction id: 521

*Nov  8 12:54:43.551:    Lease: 25920000 secs,  Renewal: 12960000 secs,  Rebind: 22680000 secs

*Nov  8 12:54:43.551:    Next timer fires after: 00:00:02

*Nov  8 12:54:43.551:    Retry count: 3   Client-ID: cisco-ca01.69a8.001c-Et1/0

*Nov  8 12:54:43.551:    Client-ID hex dump: 636973636F2D636130312E363961382E

*Nov  8 12:54:43.559:                        303031632D4574312F30

*Nov  8 12:54:43.563:    Hostname: R1

*Nov  8 12:54:43.563: DHCP: SRelease placed Server ID option: 192.168.1.254

*Nov  8 12:54:43.563: DHCP: SRelease: 279 bytes

當年培訓老師的勁頭又上來了，這裏再囉嗦幾句，哈哈。

ipv4：DHCP一共有8個報文  切記切記

ipv6: 不僅8個

四個收發報文類型：discover、offer、request、ack

另外四個報文：

NAK：DHCP服務器拒絕客戶端的request請求

Decline：當客戶端發現本身地址重複時，向DHCP服務器發送該報文

Release：釋放本身的IP地址

Inform：客戶端獲取IP地址之後，若是還須要從DHCP服務器獲取更詳細的配置信息時，發送該報文

分發原則是先到先得（很人性化）

DHCP整個過程的小計：

【PC發】一、discover    source：0.0.0.0 port：68 destination：廣播形式（255.255.255.255）port：67

      做用：尋找DHCP服務器-廣播

【DHCP回offer】二、source：dhcp-server地址 port：67 destination：分配的地址

      做用：offer DHCP服務器用來響應dhcp discover報文，此報文攜帶了各類配置信息

【PCrequest】三、source：0.0.0.0 destination：廣播

      做用：該報文有三個用途：

            一、客戶端初始化，響應offer報文

            二、客戶端重啓後，確認以前分配出去的IP地址配置信息

            三、更新ip地址的租約-廣播或單薄

【ACK】四、server destination：PC客戶端

       做用：服務器對客戶端的DHCP request報文的確認響應報文

使用場景-避免員工弄個小TP-link出現網絡異常（現象是致使部分員工上不了網）的防範

只要開啓了dhcp snooping enable 全部的端口都是untrust的。這個時候，全部dhcp獲取的端口都沒法自動進行獲取。必需要在可信任接口底下開啓dhcp snooping trusted 可信任以後。服務器才能正常獲取ip地址。

好了，但願對你們有幫助。小小的筆記回憶確實又讓我鞏固了一次底層的基礎原理，把學習當作習慣，把時間當成金錢，你會受益無比巨大，加油！

                               —————來自一家二級運營商的網工分享