导图社区 华为数通DHCP协议
- 30
- 1
- 0
- 举报
华为数通DHCP协议
华为数通 动态主机配置协议DHCP(Dynamic Host Configuration Protocol),网络参数配置的自动化,降低客户端配置和维护成本,C/S架构 用 UDP传输 端口 67服务器 68客户端。
编辑于2023-07-21 18:01:14 湖北省- 华为
- dhcp
- 数通
- 动态主机协议
- 华为数通
- 相似推荐
- 大纲
DHCP
概述
动态主机配置协议DHCP(Dynamic Host Configuration Protocol)
网络参数配置的自动化,降低客户端配置和维护成本
C/S架构 用 UDP传输 端口 67服务器 68客户端
过程
1.发现阶段 dhcp discover广播
DHCP DISCOVER报文中携带了客户端的MAC地址(chaddr字段)、需要请求的参数列表选项(Option55)、广播标志位(flags字段)等信息
广播目的IP地址为255.255.255.255
2.提供阶段 dhcp offer(单播/广播)
工作原理
租期更新
3.选择阶段 dhcp request(广播)
4.确认阶段 dhcp ack(单播)
报文
报文
配置
基于接口的DHCP
[Huawei] dhcp enable 开启DHCP功能 [Huawei-Gigabitthernet0/0/0]dhcp select interface 基于接口的DHCP [Huawei-Gigabitthernet0/0/0]dhcp server dns-list ip-address DNS地址 [Huawei-Gigabitthernet0/0/0]dhcp server excluded-ip-address start-ip-address [ end-ip-address ]不能与分配的地址 [Huawei-Gigabitthernet0/0/0]dhcp server lease { day day [ hour hour [ minute minute ] ] | unlimited } 分配地址租期
开启DHCP功能 接口下基于接口的功能 设置DNS地址 排除掉不能分配的地址 分配地址租期
基于全局的DHCP
[Huawei]dhcp enable [Huawei]ip pool pool2 [Huawei-ip-pool-pool2]network 1.1.1.0 mask 24 [Huawei-ip-pool-pool2]gateway-list 1.1.1.1 [Huawei-ip-pool-pool2]dns-list 1.1.1.1 [Huawei-ip-pool-pool2]lease { day day [ hour hour [ minute minute ] ] | unlimited } [Huawei-ip-pool-pool2]quit [Huawei]interface GigabitEthernet0/0/0 [Huawei-GigabitEthernet0/0/1]dhcp select global
dhcp功能打开 创建地址池2 可分配的地址范围 网关地址 DNS地址 地址租期 退出 进入接口 接口下开启全局地址池功能
双机热备配置
子主题
# sysname RouterA # dhcp enable # ip pool p1 gateway-list 10.1.1.111 network 10.1.1.0 mask 255.255.255.0 excluded-ip-address 10.1.1.2 # interface GigabitEthernet1/0/0 ip address 192.168.1.1 255.255.255.0 # interface GigabitEthernet2/0/0 ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 priority 120 dhcp select global # hsb-service 0 service-ip-port local-ip 192.168.1.1 peer-ip 192.168.1.2 local-data-port 10241 peer-data-port 10241 # hsb-group 0 track vrrp vrid 1 interface GigabitEthernet2/0/0 bind-service 0 hsb enable # return
# sysname RouterB # dhcp enable # ip pool p1 gateway-list 10.1.1.111 network 10.1.1.0 mask 255.255.255.0 excluded-ip-address 10.1.1.1 # interface GigabitEthernet1/0/0 ip address 192.168.2.1 255.255.255.0 # interface GigabitEthernet2/0/0 ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 dhcp select global # hsb-service 0 service-ip-port local-ip 192.168.1.2 peer-ip 192.168.1.1 local-data-port 10241 peer-data-port 10241 # hsb-group 0 track vrrp vrid 1 interface GigabitEthernet2/0/0 bind-service 0 hsb enable # return
# sysname Switch # vlan batch 100 # interface GigabitEthernet0/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet0/0/2 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # return
中继
中继与服务器处于同一网络
配置
# sysname RouterA # vlan batch 100 200 # dhcp enable # interface Vlanif100 ip address 10.20.20.1 255.255.255.0 dhcp select relay dhcp relay server-ip 10.10.20.2 # interface Vlanif200 ip address 10.10.20.1 255.255.255.0 # interface Ethernet2/0/0 port link-type trunk port trunk allow-pass vlan 200 # interface Ethernet2/0/1 port link-type access port default vlan 100 # ip route-static 0.0.0.0 0.0.0.0 10.10.20.2 # return
# sysname RouterB # vlan batch 200 # dhcp enable # ip pool pool1 gateway-list 10.20.20.1 network 10.20.20.0 mask 255.255.255.0 option121 ip-address 10.10.20.0 24 10.20.20.1 # interface Vlanif200 ip address 10.10.20.2 255.255.255.0 dhcp select global # interface Ethernet2/0/0 port link-type trunk port trunk allow-pass vlan 200 # ip route-static 0.0.0.0 0.0.0.0 10.10.20.1 # return
中继与服务器之间跨越BGP/MPLS IP VPN隧道
配置
# sysname PE_1 # ip vpn-instance vpna ipv4-family route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb ipv4-family route-distinguisher 100:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 10.10.10.9 mpls # mpls ldp # interface GigabitEthernet3/0/0 ip address 10.1.3.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpnb ip address 10.1.2.2 255.255.255.0 # interface GigabitEthernet2/0/0 ip binding vpn-instance vpna ip address 10.1.2.2 255.255.255.0 # interface LoopBack0 ip address 10.10.10.9 255.255.255.255 # bgp 100 peer 10.20.20.9 as-number 100 peer 10.20.20.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.20.20.9 enable # ipv4-family vpnv4 policy vpn-target peer 10.20.20.9 enable # ipv4-family vpn-instance vpna import-route direct peer 10.1.2.1 as-number 65410 # ipv4-family vpn-instance vpnb import-route direct peer 10.1.2.1 as-number 65411 # ospf 1 area 0.0.0.0 network 10.1.3.0 0.0.0.255 network 10.10.10.9 0.0.0.0 # return
# sysname PE_2 # ip vpn-instance vpna ipv4-family route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb ipv4-family route-distinguisher 200:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 10.20.20.9 mpls # mpls ldp # interface GigabitEthernet2/0/0 ip address 10.1.3.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0.1 dot1q termination vid 10 ip binding vpn-instance vpna ip address 10.1.4.2 255.255.255.0 # interface GigabitEthernet1/0/0.2 dot1q termination vid 20 ip binding vpn-instance vpnb ip address 10.1.5.2 255.255.255.0 # interface LoopBack0 ip address 10.20.20.9 255.255.255.255 # bgp 100 peer 10.10.10.9 as-number 100 peer 10.10.10.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.10.10.9 enable # ipv4-family vpnv4 policy vpn-target peer 10.10.10.9 enable # ipv4-family vpn-instance vpna import-route direct import-route ospf 100 # ipv4-family vpn-instance vpnb import-route direct import-route ospf 200 # ospf 1 area 0.0.0.0 network 10.1.3.0 0.0.0.255 network 10.20.20.9 0.0.0.0 # ospf 100 vpn-instance vpna import-route bgp area 0.0.0.0 network 10.1.4.0 0.0.0.255 # ospf 200 vpn-instance vpnb import-route bgp area 0.0.0.0 network 10.1.5.0 0.0.0.255 # return
# sysname CE_1 # dhcp enable # interface GigabitEthernet0/0/1 ip address 10.1.1.1 255.255.255.0 dhcp select relay dhcp relay server-ip 10.1.4.1 # interface GigabitEthernet0/0/2 ip address 10.1.2.1 255.255.255.0 # bgp 65410 peer 10.1.2.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.2.2 enable # return
# sysname CE_2 # dhcp enable # interface GigabitEthernet0/0/1 ip address 10.1.1.1 255.255.255.0 dhcp select relay dhcp relay server-ip 10.1.5.1 # interface GigabitEthernet0/0/2 ip address 10.1.2.1 255.255.255.0 # bgp 65411 peer 10.1.2.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.2.2 enable # return
# sysname MCE # dhcp enable # ip vpn-instance vpna ipv4-family route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb ipv4-family route-distinguisher 200:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # ip pool pool1 vpn-instance vpna gateway-list 10.1.1.1 network 10.1.1.0 mask 255.255.255.0 # ip pool pool2 vpn-instance vpnb gateway-list 10.1.1.1 network 10.1.1.0 mask 255.255.255.0 # interface GigabitEthernet0/0/1.1 dot1q termination vid 10 ip binding vpn-instance vpna ip address 10.1.4.1 255.255.255.0 dhcp select global # interface GigabitEthernet0/0/1.2 dot1q termination vid 20 ip binding vpn-instance vpnb ip address 10.1.5.1 255.255.255.0 dhcp select global # ospf 100 vpn-instance vpna vpn-instance-capability simple area 0.0.0.0 network 10.1.4.0 0.0.0.255 # ospf 200 vpn-instance vpnb vpn-instance-capability simple area 0.0.0.0 network 10.1.5.0 0.0.0.255 # return
dhcp snooping
[SwitchA] dhcp enable [SwitchA] dhcp snooping enable ipv4
全能DHCP功能及配置设备仅处理DHCPV4报文,节约CPU利用率
[SwitchA-GigabitEthernet0/0/1] dhcp snooping trusted
与DHCP服务连接的接口做信任,只从该接口接收DHCP服务响应报文
[SwitchA-GigabitEthernet0/0/2] dhcp snooping enable
与用户连接的接口打开功能