Cisco IOS Cookbook 中文精简版第二十章 DHCP

20.1. 使用IP Helper Addresses命令

提问 配置路由器对DHCP Request转发的支持

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface Ethernet0

Router1(config-if)#ip helper-address 172.25.1.1

Router1(config-if)#ip helper-address 172.25.10.7

Router1(config-if)#exit

Router1(config)#end

Router1#

注释 使用IP Helper Address命令把路由器配置成为一个DHCP代理服务器，转发客户端的DHCP Request至配置的ip helper address。

20.2. 限制IP Helper Addresses命令的影响

提问 配置IP Helper Address命令以后导致链路利用率增高或者DHCP服务器负荷增高

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#no ip forward-protocol udp tFTP

Router1(config)#no ip forward-protocol udp nameserver

Router1(config)#no ip forward-protocol udp domain

Router1(config)#no ip forward-protocol udp time

Router1(config)#no ip forward-protocol udp netbios-ns

Router1(config)#no ip forward-protocol udp netbios-dgm

Router1(config)#no ip forward-protocol udp tacacs

Router1(config)#end

Router1#

注释 缺省情况下IP Helper命令会转发很多UDP广播数据包，不仅仅是DHCP数据包，并且不能针对不同的服务器转发不同的广播包

20.3. 使用DHCP来动态配置路由器IP地址

提问 配置路由器动态获得IP地址

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet0/1

Router1(config-if)#ip address dhcp

Router1(config-if)#end

Router1#

Interface FastEthernet0/1 assigned DHCP address 172.25.1.57, mask 255.255.255.0

Router1#

注释 在12.2(8)T之前此命令仅仅适用于以太网接口。从12.3(8)T以后可以对DHCP选项进行控制，下例配置为不获得DNS服务器

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet0/1

Router1(config-if)#no ip dhcp client request dns-nameserver

Router1(config-if)#end

另外对于获得的缺省路由，治理距离为254

S* 0.0.0.0/0 [254/0] via 172.25.1.1

从12.3(4)T开始增加了对获得地址释放和重新获得的支持

Router1#release dhcp FastEthernet0/1

Router1#renew dhcp FastEthernet0/1

20.4. 通过DHCP来对客户端进行动态IP地址分配

提问 配置路由器成为DHCP服务器

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#service dhcp

Router1(config)#ip dhcp pool 172.25.1.0/24

Router1(dhcp-config)#network 172.25.1.0 255.255.255.0

Router1(dhcp-config)#default-router 172.25.1.1

Router1(dhcp-config)#exit

Router1(config)#ip dhcp excluded-address 172.25.1.1 172.25.1.50

Router1(config)#ip dhcp excluded-address 172.25.1.200 172.25.1.255

Router1(config)#end

Router1#

注释 注重的是要配置excluded命令来排除某些地址，防止出现地址冲突

20.5. 配置DHCP的配置选项

提问 配置更多的DHCP配置选项提供给客户端

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#ip dhcp pool ORAserver

Router1(dhcp-config)#host 172.25.1.34 255.255.255.0

Router1(dhcp-config)#client-name bigserver

Router1(dhcp-config)#default-router 172.25.1.1 172.25.1.3

Router1(dhcp-config)#domain-name oreilly.com

Router1(dhcp-config)#dns-server 172.25.1.1 10.1.2.3

Router1(dhcp-config)#netbios-name-server 172.25.1.1

Router1(dhcp-config)#netbios-node-type h-node

Router1(dhcp-config)#option 66 ip 10.1.1.1

Router1(dhcp-config)#option 33 ip 192.0.2.1 172.25.1.3

Router1(dhcp-config)#option 31 hex 01

Router1(dhcp-config)#lease 2

Router1(dhcp-config)#exit

Router1(config)#end

Router1#

注释 Option 66 定义TFTP服务器; Option 33定义静态路由; Option 31定义客户端使用IRDP.

20.6. 配置DHCP的分配时长

提问 修改缺省DHCP分配时长

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#ip dhcp pool 172.25.2.0/24

Router1(dhcp-config)#lease 2 12 30

Router1(dhcp-config)#exit

Router1(config)#end

Router1#

注释 缺省分配为一天，配置选项为天，小时，分钟

20.7. 分配静态IP地址

提问 每次都分配给某个特定设备特定IP地址

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#ip dhcp pool IAN

Router1(dhcp-config)#host 172.25.1.33 255.255.255.0

Router1(dhcp-config)#client-identifier 0100.0103.85e9.87

Router1(dhcp-config)#client-name win2k

Router1(dhcp-config)#default-router 172.25.1.1

Router1(dhcp-config)#domain-name oreilly.com

Router1(dhcp-config)#dns-server 172.25.1.1

Router1(dhcp-config)#exit

Router1(config)#end

Router1#

注释 这里通过MAC地址来绑定某个IP地址。Client-identifier后面跟的是MAC地址，不过比传统MAC地址多了0100，代表是以太网，对于更多的媒介类型值参考RFC 3232中的Number Hardware Type部分

Router1#show ip dhcp binding

IP address Hardware address Lease eXPiration Type

172.25.1.33 0100.0103.85e9.87 Infinite Manual

172.25.1.52 0100.50da.2a5e.a2 Apr 11 2006 09:00 PM Automatic

172.25.1.53 0100.0103.ea1b.ed Apr 11 2006 08:58 PM Automatic

20.8. 配置一个DHCP 数据库客户端

提问 在另一个设备上备份当前的DHCP数据库

回答

FTP方式

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#ip dhcp database ftp://dhcp:bindsave@172.25.1.1/dhcp-leases

Router1(config)#end

Router1#

TFTP 方式

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#ip dhcp database tftp://172.25.1.1/dhcp-leases

Router1(config)#end

Router1#

RCP方式

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#ip dhcp database rcp://dhcp@172.25.1.1/dhcp-leases

Router1(config)#end

Router1#

注释 通常DHCP数据库保存于内存，假如重启就会丢失，可以使用上述方式进行备份从而不会丢失，通过下述命令验证

Router1#show ip dhcp database

URL : ftp://dhcp:bindsave@172.25.1.1/dhcp-leases

Read : Never

Written : Apr 09 2006 10:24 PM

Status : Last write sUCceeded. Agent information is up-to-date.

Delay : 300 seconds

Timeout : 300 seconds

Failures : 1

Successes: 30

20.9. 在同一子网配置多个DHCP服务器

提问 在同一子网配置多个DHCP服务器来增加可用性

回答

Router1:

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#ip dhcp pool 172.22.1.0/24

Router1(dhcp-config)#network 172.22.1.0 255.255.255.0

Router1(dhcp-config)#default-router 172.22.1.1

Router1(dhcp-config)#domain-name oreilly.com

Router1(dhcp-config)#dns-server 172.25.1.1 10.1.2.3

Router1(dhcp-config)#exit

Router1(config)#ip dhcp excluded-address 172.22.1.1 172.22.1.49

Router1(config)#ip dhcp excluded-address 172.22.1.150 172.22.1.254

Router1(config)#ip dhcp database ftp://dhcp:bindsave@172.25.1.1/dhcp-leases-rtr1

Router1(config)#end

Router1#

Router2:

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#ip dhcp pool 172.22.1.0/24

Router2(dhcp-config)#network 172.22.1.0 255.255.255.0

Router2(dhcp-config)#default-router 172.22.1.1

Router2(dhcp-config)#domain-name oreilly.com

Router2(dhcp-config)#dns-server 172.25.1.1 10.1.2.3

Router2(dhcp-config)#exit

Router2(config)#ip dhcp excluded-address 172.22.1.1 172.22.1.149

Router2(config)#ip dhcp database ftp://dhcp:bindsave@172.25.1.1/dhcp-leases-rtr2

Router2(config)#end

Router2#

注释 要确保配置的地址池不重复，Router1 分配地址为从172.25.1.50到172.25.1.149, Router2 分配地址为从 172.25.1.150 到172.25.1.254,

20.10. DHCP静态映射

提问 根据某个文本文件来进行IP地址的静态指配

回答

先在TFTP服务器上创建此文本文件

Freebsd% cat /tftpboot/dhcp.static

*time* Aug 17 2006 03:52 PM

*version* 2

!IP address Type Hardware address Lease expiration

10.1.1.16 /24 id 0100.104b.33da.74 Infinite

10.1.1.17 /24 id 0100.0dbc.eff6.38 Infinite

10.1.1.18 /24 id 0100.0a5e.4001.27 Infinite

10.1.1.19 /24 id 0100.0331.327e.41 Infinite

10.1.1.20 /24 id 0100.0d60.b21a.4c Infinite

*end*

Freebsd%

路由器配置

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#ip dhcp pool OREILLY

Router1(dhcp-config)#origin file tftp://172.25.1.1/dhcp.static

Router1(dhcp-config)#default-router 10.1.1.1

Router1(dhcp-config)#dns-server 172.25.1.1 172.25.1.3

Router1(dhcp-config)#domain-name oreilly.com

Router1(dhcp-config)#lease 3

Router1(dhcp-config)#end

Router1#

注释 20.7讲到的静态地址分配需要一个特定的DHCP Pool，扩展性不强，从12.3(11)T以后可以使用特定的文本文件来进行指配，不过必须遵照一定的格式。假如文本文件修改后需要生效，必须先no service dhcp 来停止DHCP服务然后service dhcp 命令重新启用来生效

<!--[if !supportLists]-->20.11. <!--[endif]-->安全DHCP IP地址指派

提问 同步ARP和DHCP地址绑定来防止出现IP地址欺骗

回答

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#ip dhcp pool OREILLY

Router1(dhcp-config)#update arp

Router1(dhcp-config)#end

Router1#

注释 从12.2(15)T开始思科引入了安全DHCP IP地址指派（DHCP secured IP address assignment），启用此特性后会针对每个DHCP绑定增加一个安全ARP条目，从而防止对此条目的修改，即使使用clear arp-cache命令也会保证此条目不被清除

20.12. 显示DHCP状态

提问 显示DHCP服务器的状态

回答

显示绑定和相应的分配时长

Router1#show ip dhcp binding

显示地址冲突

Router1#show ip dhcp conflict

显示数据库状态

Router1#show ip dhcp database

显示全局DHCP数据统计

Router1#show ip dhcp server statistics

注释

Router1#show ip dhcp server statistics

Memory usage 17996

Address pools 4

Database agents 1

Automatic bindings 2

Manual bindings 1

Expired bindings 3

Malformed messages 0

Message Received

BOOTREQUEST 0

DHCPDISCOVER 63

DHCPREQUEST 203

DHCPDECLINE 1

DHCPRELEASE 27

DHCPINFORM 19

Message Sent

BOOTREPLY 0

DHCPOFFER 63

DHCPACK 139

DHCPNAK 2

Router1#

<!--[if !supportLists]-->20.13. <!--[endif]-->DHCP排错

提问 对DHCP出现的问题进行排错

回答

Router1#debug ip dhcp server events

Router1#debug ip dhcp server packet

注释 无

• ·Cisco IOS Cookbook 中文精简
• ·Cisco PIX515防火墙的典型多接口配置
• ·Cisco PIX 网络访问认证相关配置实例
• ·思科：值得关注的十大趋势
• ·Cisco IOS Cookbook 中文精简
• ·Cisco IOS Cookbook 中文精简
• ·Cisco IOS Cookbook 中文精简
• ·FortiOS Traffic Shaping
• ·Cisco IOS Cookbook 中文精简
• ·65系列机箱种类和区别