实验:在不同网段中搭建DHCP服务和跨网段的DNS、web服务
发表于:2024-11-11 作者:千家信息网编辑
千家信息网最后更新 2024年11月11日,实验名称:在不同网段中搭建DHCP服务和跨网段的DNS、web服务实验原理:二层交换,三层转发,静态路由、vlan划分、DHCP原理、DNS原理、web原理实验对象:客户机、服务器、二层设备、三层设备
千家信息网最后更新 2024年11月11日实验:在不同网段中搭建DHCP服务和跨网段的DNS、web服务
实验名称:在不同网段中搭建DHCP服务和跨网段的DNS、web服务
实验原理:二层交换,三层转发,静态路由、vlan划分、DHCP原理、DNS原理、web原理
实验对象:客户机、服务器、二层设备、三层设备
实验思路:
1) 两台客户机被DHCP自动分配地址,处在不同vlan下
2) 获得ip地址后,便可以去访问网站,访问网站需要搭建DNS域名解析服务,然后再搭建httpd服务
配置思路便是由由底层往上层配置,由内网往外网配置
实验步骤:
1.话不多说,拓扑图在此
2.内网配置
sw 2交换机:
sw2#conf tEnter configuration commands, one per line. End with CNTL/Z.sw2(config)#no ip routing '设备是由路由器改过来的,需要取消路由转发'sw2(config)#int f1/0sw2(config-if)#sw mod tr '接口配置trunk'*Mar 1 00:00:47.903: %DTP-5-TRUNKPORTON: Port Fa1/0 has become dot1q trunksw2(config-if)#sw tr en d 'trunk封装类型dot1q'sw2(config)#vlan 10,20,100 '创建VLAN'sw2(config-vlan)#exitsw2(config)#int f1/1sw2(config-if)#sw mod acc '接口配置access'sw2(config-if)#sw acc vlan 10sw2(config-if)#int f1/2sw2(config-if)#sw mod accsw2(config-if)#sw acc vlan 20sw2(config-if)#int f1/3sw2(config-if)#sw mod accsw2(config-if)#sw acc vlan 100sw2(config-if)#do show vlan-sw b '查看vlan信息'VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa1/4, Fa1/5, Fa1/6, Fa1/7 Fa1/8, Fa1/9, Fa1/10, Fa1/11 Fa1/12, Fa1/13, Fa1/14, Fa1/1510 VLAN0010 active Fa1/120 VLAN0020 active Fa1/2100 VLAN0100 active Fa1/31002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup
sw3三层交换机:
sw3#conf tEnter configuration commands, one per line. End with CNTL/Z.sw3(config)#int f1/0sw3(config-if)#sw mod trusw3(config-if)#*Mar 1 01:24:05.283: %DTP-5-TRUNKPORTON: Port Fa1/0 has become dot1q trunksw3(config-if)#sw tru en dsw3(config-if)#exitsw3(config)#vlan 10,20,100sw3(config-vlan)#int vlan 10 '配置vlan-if的ip地址'sw3(config-if)#*Mar 1 01:25:05.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to upsw3(config-if)#ip add 192.168.10.1 255.255.255.0sw3(config-if)#ip helper-address 192.168.100.100 '给dhcp的ip地址创建中继,帮助其跨越vlan'sw3(config-if)#int vlan 20*Mar 1 01:25:38.551: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to upsw3(config-if)#ip add 192.168.20.1 255.255.255.0sw3(config-if)#ip helper-address 192.168.100.100sw3(config-if)#int vlan 100*Mar 1 01:26:08.023: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to upsw3(config-if)#ip add 192.168.100.1 255.255.255.0sw3(config-if)#ip helper-address 192.168.100.100sw3(config-if)#int f0/0sw3(config-if)#ip add 11.0.0.11 255.255.255.0sw3(config-if)#no shut*Mar 1 01:32:01.439: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up*Mar 1 01:32:02.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upsw3(config-if)#exitsw3(config)#ip route 0.0.0.0 0.0.0.0 11.0.0.1sw3(config)#do show ip int bInterface IP-Address OK? Method Status ProtocolFastEthernet0/0 11.0.0.11 YES manual up up Vlan1 unassigned YES unset up up Vlan10 192.168.10.1 YES manual up up Vlan20 192.168.20.1 YES manual up up Vlan100 192.168.100.1 YES manual up up sw3(config)#do show ip routCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 11.0.0.1 to network 0.0.0.0C 192.168.10.0/24 is directly connected, Vlan10C 192.168.20.0/24 is directly connected, Vlan20 11.0.0.0/24 is subnetted, 1 subnetsC 11.0.0.0 is directly connected, FastEthernet0/0C 192.168.100.0/24 is directly connected, Vlan100S* 0.0.0.0/0 [1/0] via 11.0.0.1sw3(config)#
开始配置DHCP服务器
首先配置网卡
[root@localhost ~]# yum install dhcp* -y '安装'[root@localhost ~]# rpm -q dhcpdhcp-4.2.5-77.el7.centos.x86_64[root@localhost ~]# hostname dhcp[root@localhost ~]# su[root@dhcp ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 '修改网卡'TYPE="Ethernet"PROXY_METHOD="none"BROWSER_ONLY="no"BOOTPROTO="static" '修改为静态'DEFROUTE="yes"IPV4_FAILURE_FATAL="no"IPV6INIT="yes"IPV6_AUTOCONF="yes"IPV6_DEFROUTE="yes"IPV6_FAILURE_FATAL="no"IPV6_ADDR_GEN_MODE="stable-privacy"NAME="ens33"UUID="0f432513-5d7a-455c-88b4-257a9a1dbb45"DEVICE="ens33"ONBOOT="yes"IPADDR=192.168.100.100 'ip地址'NETMASK=255.255.255.0 '子网掩码'GATEWAY=192.168.100.1 '网关'[root@dhcp ~]# systemctl restart network '重启网卡'[root@dhcp ~]# ifconfig '验证'ens33: flags=4163 mtu 1500 inet 192.168.100.100 netmask 255.255.255.0 broadcast 192.168.100.255[root@dhcp ~]# vim /etc/dhcp/dhc '打开dhcpd.conf,会发现是空的,不过让我们去看/usr/share/doc/dhcp*/dhcpd.conf.example'dhclient.d/ dhcpd6.conf dhclient-exit-hooks.d/ dhcpd.conf [root@dhcp ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf '复制到/etc/dhcp/下'cp:是否覆盖"/etc/dhcp/dhcpd.conf"? y '覆盖'[root@dhcp ~]# vim /etc/dhcp/dhcpd.conf '百编辑'option domain-name "example.org"; '域名'option domain-name-servers 12.0.0.12; '修改为dns服务器IP'default-lease-time 600; '默认租约600s'max-lease-time 7200; '最大租约7200s'subnet 192.168.10.0 netmask 255.255.255.0 { '网段 子网掩码' range 192.168.10.10 192.168.10.100; '范围 ' option routers 192.168.10.1; '指定网关 '}subnet 192.168.20.0 netmask 255.255.255.0 { range 192.168.20.20 192.168.20.200; option routers 192.168.20.1;}subnet 192.168.100.0 netmask 255.255.255.0 { range 192.168.100.10 192.168.100.200; option routers 192.168.100.1;}[root@dhcp ~]# systemctl start dhcpd '开启dhcpd服务'[root@dhcp ~]# systemctl stop firewalld.service '关掉防火墙'[root@dhcp ~]# setenforce 0 '临时关闭'[root@dhcp ~]# netstat -natp | grep dhcp '查看端口状态'[root@dhcp ~]# netstat -naup | grep dhcpudp 0 0 0.0.0.0:67 0.0.0.0:* 39158/dhcpd [root@dhcp ~]#
两台客户机的配置比较简单,把获取IP地址修改为自动获取
然后在CMD命令提示符中分别输入ipconfig /release 释放当前地址,ipconfig /renew 获取新地址命令
3.内网设置完毕,接下来就开始配置外网
ISP#conf tEnter configuration commands, one per line. End with CNTL/Z.ISP(config)#int f0/0ISP(config-if)#ip add 11.0.0.1 255.255.255.0ISP(config-if)#no shutISP(config-if)#int f*Mar 1 01:23:42.951: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up*Mar 1 01:23:43.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upISP(config)#int f0/1 ISP(config-if)#ip add 12.0.0.1 255.255.255.0ISP(config-if)#no shut*Mar 1 01:24:27.779: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up*Mar 1 01:24:28.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to upISP(config-if)#exitISP(config)#ip route 192.168.0.0 255.255.0.0 11.0.0.11' 网段汇总 'ISP(config)#do show ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not set 11.0.0.0/24 is subnetted, 1 subnetsC 11.0.0.0 is directly connected, FastEthernet0/0S 192.168.0.0/16 [1/0] via 11.0.0.11 12.0.0.0/24 is subnetted, 1 subnetsC 12.0.0.0 is directly connected, FastEthernet0/1ISP(config)#do show ip int bInterface IP-Address OK? Method Status ProtocolFastEthernet0/0 11.0.0.1 YES manual up up FastEthernet0/1 12.0.0.1 YES manual up up ISP(config)#
配置DNS和HTTPD服务器
[root@localhost ~]# yum install httpd bind -y[root@localhost ~]# rpm -q httpd bindhttpd-2.4.6-90.el7.centos.x86_64bind-9.11.4-9.P2.el7.x86_64[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33PROXY_METHOD="none"BROWSER_ONLY="no"BOOTPROTO="static"DEFROUTE="yes"IPV4_FAILURE_FATAL="no"IPV6INIT="yes"IPV6_AUTOCONF="yes"IPV6_DEFROUTE="yes"IPV6_FAILURE_FATAL="no"IPV6_ADDR_GEN_MODE="stable-privacy"NAME="ens33"UUID="8d222179-116b-41b5-8b47-0076ca1aeddb"DEVICE="ens33"ONBOOT="yes"IPADDR=12.0.0.12NETMASK=255.255.255.0GATEWAY=12.0.0.1[root@localhost ~]# systemctl restart network[root@localhost ~]# ifconfigens33: flags=4163 mtu 1500 inet 12.0.0.12 netmask 255.255.255.0 broadcast 12.0.0.255 inet6 fe80::e2c1:c26d:afa1:a4ad prefixlen 64 scopeid 0x20 ether 00:0c:29:52:4d:89 txqueuelen 1000 (Ethernet) RX packets 8232 bytes 10547854 (10.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3149 bytes 242681 (236.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@localhost ~]# vim /etc/named.named.conf named.iscdlv.key named.rfc1912.zones named.root.key[root@localhost ~]# vim /etc/named.conf '主配置文件'options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; };[root@localhost ~]# vim /etc/named.rfc1912.zones '区域配置文件'zone "kgc.com" IN { type master; file "kgc.com.zone"; '区域数据配置文件' allow-update { none; };};[root@localhost ~]# cp -p /var/named/named.localhost /var/named/kgc.com.zone '复制模板,重命名,保留权限'[root@localhost ~]# vim /var/named/kgc.com.zone '区域数据配置文件'$TTL 1D@ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1www IN A 12.0.0.12 '增加此处'[root@localhost ~]# systemctl stop firewalld.service '关掉防火墙'[root@localhost ~]# setenforce 0[root@localhost ~]# systemctl start named[root@localhost ~]# vim /etc/httpd/conf/httpd.conf '配置httpd' 41 Listen 12.0.0.12:80 '监听12.0.0.12的80端口' 42 #Listen 80。。。。。。 95 ServerName www.kgc.com:80 '修改域名'[root@localhost ~]# systemctl start httpd '启动'[root@localhost ~]#
测试
C:\Users\GSY>nslookup www.kgc.comDNS request timed out. timeout was 2 seconds.服务器: UnKnownAddress: 12.0.0.12DNS request timed out. timeout was 2 seconds.DNS request timed out. timeout was 2 seconds.名称: www.kgc.comAddress: 12.0.0.12
root@localhost ~]# cd /var/www/html '网页'[root@localhost html]# ls[root@localhost html]# vim index.html '创建新文件,代表首页' this is test web 为了馒头争口气[root@localhost html]# systemctl restart httpd
刷新
小结:了解每个配置文件的具体位置,如何配置,配置的格式如何写,每一条参数代表什么,这些都是需要用心记
配置
服务
地址
文件
实验
服务器
网段
原理
区域
域名
客户
客户机
网卡
设备
路由
不同
二层
交换机
代表
名称
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
北京智能家居软件开发公司
微信文件显示内部服务器出错
互联网科技是社会发达技术
盟广云服务器
人人追互联网科技有限公司
数据库为什么要分表分库储存
服务器啸声
java从数据库获取时间
黑板报关于网络安全的图片和文字
数据库最重要的性质
南山区正规网络技术优化
互联网科技圈四位大佬
未成年人网络安全防护网加固
高考数据库网页
Lantern无法连接到服务器
霏凡软件开发者
浏阳手机软件开发
Dell服务器R740语言设置
网络安全微动画
元神服务器开服
服务器拒绝电脑用的是什么协议
一台服务器两个千兆网口都用上
复旦大学数据库有哪些导师
数据库dg同步
3d建模软件开发
网络安全专题教案大班
闵行区参考网络技术服务怎么样
服务器中配和高配
数据库是否启用安全审计功能
行业软件开发机构