实验:在不同网段中搭建DHCP服务和跨网段的DNS、web服务
发表于:2024-11-24 作者:千家信息网编辑
千家信息网最后更新 2024年11月24日,实验名称:在不同网段中搭建DHCP服务和跨网段的DNS、web服务实验原理:二层交换,三层转发,静态路由、vlan划分、DHCP原理、DNS原理、web原理实验对象:客户机、服务器、二层设备、三层设备
千家信息网最后更新 2024年11月24日实验:在不同网段中搭建DHCP服务和跨网段的DNS、web服务
实验名称:在不同网段中搭建DHCP服务和跨网段的DNS、web服务
实验原理:二层交换,三层转发,静态路由、vlan划分、DHCP原理、DNS原理、web原理
实验对象:客户机、服务器、二层设备、三层设备
实验思路:
1) 两台客户机被DHCP自动分配地址,处在不同vlan下
2) 获得ip地址后,便可以去访问网站,访问网站需要搭建DNS域名解析服务,然后再搭建httpd服务
配置思路便是由由底层往上层配置,由内网往外网配置
实验步骤:
1.话不多说,拓扑图在此
2.内网配置
sw 2交换机:
sw2#conf tEnter configuration commands, one per line. End with CNTL/Z.sw2(config)#no ip routing '设备是由路由器改过来的,需要取消路由转发'sw2(config)#int f1/0sw2(config-if)#sw mod tr '接口配置trunk'*Mar 1 00:00:47.903: %DTP-5-TRUNKPORTON: Port Fa1/0 has become dot1q trunksw2(config-if)#sw tr en d 'trunk封装类型dot1q'sw2(config)#vlan 10,20,100 '创建VLAN'sw2(config-vlan)#exitsw2(config)#int f1/1sw2(config-if)#sw mod acc '接口配置access'sw2(config-if)#sw acc vlan 10sw2(config-if)#int f1/2sw2(config-if)#sw mod accsw2(config-if)#sw acc vlan 20sw2(config-if)#int f1/3sw2(config-if)#sw mod accsw2(config-if)#sw acc vlan 100sw2(config-if)#do show vlan-sw b '查看vlan信息'VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa1/4, Fa1/5, Fa1/6, Fa1/7 Fa1/8, Fa1/9, Fa1/10, Fa1/11 Fa1/12, Fa1/13, Fa1/14, Fa1/1510 VLAN0010 active Fa1/120 VLAN0020 active Fa1/2100 VLAN0100 active Fa1/31002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup
sw3三层交换机:
sw3#conf tEnter configuration commands, one per line. End with CNTL/Z.sw3(config)#int f1/0sw3(config-if)#sw mod trusw3(config-if)#*Mar 1 01:24:05.283: %DTP-5-TRUNKPORTON: Port Fa1/0 has become dot1q trunksw3(config-if)#sw tru en dsw3(config-if)#exitsw3(config)#vlan 10,20,100sw3(config-vlan)#int vlan 10 '配置vlan-if的ip地址'sw3(config-if)#*Mar 1 01:25:05.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to upsw3(config-if)#ip add 192.168.10.1 255.255.255.0sw3(config-if)#ip helper-address 192.168.100.100 '给dhcp的ip地址创建中继,帮助其跨越vlan'sw3(config-if)#int vlan 20*Mar 1 01:25:38.551: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to upsw3(config-if)#ip add 192.168.20.1 255.255.255.0sw3(config-if)#ip helper-address 192.168.100.100sw3(config-if)#int vlan 100*Mar 1 01:26:08.023: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to upsw3(config-if)#ip add 192.168.100.1 255.255.255.0sw3(config-if)#ip helper-address 192.168.100.100sw3(config-if)#int f0/0sw3(config-if)#ip add 11.0.0.11 255.255.255.0sw3(config-if)#no shut*Mar 1 01:32:01.439: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up*Mar 1 01:32:02.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upsw3(config-if)#exitsw3(config)#ip route 0.0.0.0 0.0.0.0 11.0.0.1sw3(config)#do show ip int bInterface IP-Address OK? Method Status ProtocolFastEthernet0/0 11.0.0.11 YES manual up up Vlan1 unassigned YES unset up up Vlan10 192.168.10.1 YES manual up up Vlan20 192.168.20.1 YES manual up up Vlan100 192.168.100.1 YES manual up up sw3(config)#do show ip routCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 11.0.0.1 to network 0.0.0.0C 192.168.10.0/24 is directly connected, Vlan10C 192.168.20.0/24 is directly connected, Vlan20 11.0.0.0/24 is subnetted, 1 subnetsC 11.0.0.0 is directly connected, FastEthernet0/0C 192.168.100.0/24 is directly connected, Vlan100S* 0.0.0.0/0 [1/0] via 11.0.0.1sw3(config)#
开始配置DHCP服务器
首先配置网卡
[root@localhost ~]# yum install dhcp* -y '安装'[root@localhost ~]# rpm -q dhcpdhcp-4.2.5-77.el7.centos.x86_64[root@localhost ~]# hostname dhcp[root@localhost ~]# su[root@dhcp ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 '修改网卡'TYPE="Ethernet"PROXY_METHOD="none"BROWSER_ONLY="no"BOOTPROTO="static" '修改为静态'DEFROUTE="yes"IPV4_FAILURE_FATAL="no"IPV6INIT="yes"IPV6_AUTOCONF="yes"IPV6_DEFROUTE="yes"IPV6_FAILURE_FATAL="no"IPV6_ADDR_GEN_MODE="stable-privacy"NAME="ens33"UUID="0f432513-5d7a-455c-88b4-257a9a1dbb45"DEVICE="ens33"ONBOOT="yes"IPADDR=192.168.100.100 'ip地址'NETMASK=255.255.255.0 '子网掩码'GATEWAY=192.168.100.1 '网关'[root@dhcp ~]# systemctl restart network '重启网卡'[root@dhcp ~]# ifconfig '验证'ens33: flags=4163 mtu 1500 inet 192.168.100.100 netmask 255.255.255.0 broadcast 192.168.100.255[root@dhcp ~]# vim /etc/dhcp/dhc '打开dhcpd.conf,会发现是空的,不过让我们去看/usr/share/doc/dhcp*/dhcpd.conf.example'dhclient.d/ dhcpd6.conf dhclient-exit-hooks.d/ dhcpd.conf [root@dhcp ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf '复制到/etc/dhcp/下'cp:是否覆盖"/etc/dhcp/dhcpd.conf"? y '覆盖'[root@dhcp ~]# vim /etc/dhcp/dhcpd.conf '百编辑'option domain-name "example.org"; '域名'option domain-name-servers 12.0.0.12; '修改为dns服务器IP'default-lease-time 600; '默认租约600s'max-lease-time 7200; '最大租约7200s'subnet 192.168.10.0 netmask 255.255.255.0 { '网段 子网掩码' range 192.168.10.10 192.168.10.100; '范围 ' option routers 192.168.10.1; '指定网关 '}subnet 192.168.20.0 netmask 255.255.255.0 { range 192.168.20.20 192.168.20.200; option routers 192.168.20.1;}subnet 192.168.100.0 netmask 255.255.255.0 { range 192.168.100.10 192.168.100.200; option routers 192.168.100.1;}[root@dhcp ~]# systemctl start dhcpd '开启dhcpd服务'[root@dhcp ~]# systemctl stop firewalld.service '关掉防火墙'[root@dhcp ~]# setenforce 0 '临时关闭'[root@dhcp ~]# netstat -natp | grep dhcp '查看端口状态'[root@dhcp ~]# netstat -naup | grep dhcpudp 0 0 0.0.0.0:67 0.0.0.0:* 39158/dhcpd [root@dhcp ~]#
两台客户机的配置比较简单,把获取IP地址修改为自动获取
然后在CMD命令提示符中分别输入ipconfig /release 释放当前地址,ipconfig /renew 获取新地址命令
3.内网设置完毕,接下来就开始配置外网
ISP#conf tEnter configuration commands, one per line. End with CNTL/Z.ISP(config)#int f0/0ISP(config-if)#ip add 11.0.0.1 255.255.255.0ISP(config-if)#no shutISP(config-if)#int f*Mar 1 01:23:42.951: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up*Mar 1 01:23:43.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upISP(config)#int f0/1 ISP(config-if)#ip add 12.0.0.1 255.255.255.0ISP(config-if)#no shut*Mar 1 01:24:27.779: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up*Mar 1 01:24:28.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to upISP(config-if)#exitISP(config)#ip route 192.168.0.0 255.255.0.0 11.0.0.11' 网段汇总 'ISP(config)#do show ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not set 11.0.0.0/24 is subnetted, 1 subnetsC 11.0.0.0 is directly connected, FastEthernet0/0S 192.168.0.0/16 [1/0] via 11.0.0.11 12.0.0.0/24 is subnetted, 1 subnetsC 12.0.0.0 is directly connected, FastEthernet0/1ISP(config)#do show ip int bInterface IP-Address OK? Method Status ProtocolFastEthernet0/0 11.0.0.1 YES manual up up FastEthernet0/1 12.0.0.1 YES manual up up ISP(config)#
配置DNS和HTTPD服务器
[root@localhost ~]# yum install httpd bind -y[root@localhost ~]# rpm -q httpd bindhttpd-2.4.6-90.el7.centos.x86_64bind-9.11.4-9.P2.el7.x86_64[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33PROXY_METHOD="none"BROWSER_ONLY="no"BOOTPROTO="static"DEFROUTE="yes"IPV4_FAILURE_FATAL="no"IPV6INIT="yes"IPV6_AUTOCONF="yes"IPV6_DEFROUTE="yes"IPV6_FAILURE_FATAL="no"IPV6_ADDR_GEN_MODE="stable-privacy"NAME="ens33"UUID="8d222179-116b-41b5-8b47-0076ca1aeddb"DEVICE="ens33"ONBOOT="yes"IPADDR=12.0.0.12NETMASK=255.255.255.0GATEWAY=12.0.0.1[root@localhost ~]# systemctl restart network[root@localhost ~]# ifconfigens33: flags=4163 mtu 1500 inet 12.0.0.12 netmask 255.255.255.0 broadcast 12.0.0.255 inet6 fe80::e2c1:c26d:afa1:a4ad prefixlen 64 scopeid 0x20 ether 00:0c:29:52:4d:89 txqueuelen 1000 (Ethernet) RX packets 8232 bytes 10547854 (10.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3149 bytes 242681 (236.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@localhost ~]# vim /etc/named.named.conf named.iscdlv.key named.rfc1912.zones named.root.key[root@localhost ~]# vim /etc/named.conf '主配置文件'options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; };[root@localhost ~]# vim /etc/named.rfc1912.zones '区域配置文件'zone "kgc.com" IN { type master; file "kgc.com.zone"; '区域数据配置文件' allow-update { none; };};[root@localhost ~]# cp -p /var/named/named.localhost /var/named/kgc.com.zone '复制模板,重命名,保留权限'[root@localhost ~]# vim /var/named/kgc.com.zone '区域数据配置文件'$TTL 1D@ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1www IN A 12.0.0.12 '增加此处'[root@localhost ~]# systemctl stop firewalld.service '关掉防火墙'[root@localhost ~]# setenforce 0[root@localhost ~]# systemctl start named[root@localhost ~]# vim /etc/httpd/conf/httpd.conf '配置httpd' 41 Listen 12.0.0.12:80 '监听12.0.0.12的80端口' 42 #Listen 80。。。。。。 95 ServerName www.kgc.com:80 '修改域名'[root@localhost ~]# systemctl start httpd '启动'[root@localhost ~]#
测试
C:\Users\GSY>nslookup www.kgc.comDNS request timed out. timeout was 2 seconds.服务器: UnKnownAddress: 12.0.0.12DNS request timed out. timeout was 2 seconds.DNS request timed out. timeout was 2 seconds.名称: www.kgc.comAddress: 12.0.0.12
root@localhost ~]# cd /var/www/html '网页'[root@localhost html]# ls[root@localhost html]# vim index.html '创建新文件,代表首页' this is test web 为了馒头争口气[root@localhost html]# systemctl restart httpd
刷新
小结:了解每个配置文件的具体位置,如何配置,配置的格式如何写,每一条参数代表什么,这些都是需要用心记
配置
服务
地址
文件
实验
服务器
网段
原理
区域
域名
客户
客户机
网卡
设备
路由
不同
二层
交换机
代表
名称
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
2021网络安全周时间
我的世界 服务器配置文件
中国网络安全十大名人
深圳最早的软件开发公司
spc数据库入门
搭建的数据库
防火墙安全区域 服务器
黑马头条项目数据库
数据库建表后不允许操作
华为v2服务器管理口地址
数据库多表查询分类
海鹰网络技术钉钉直播下载
怎么看服务器有没有ipmi口
有关网络安全的论文标题
计算机网络技术检索
中央网络安全日成立
网络安全领域风险挑战
数据库中如何删除2列值
怎么做好网络安全工作总结
未编译程序 部署服务器
连云港私有服务器服务商
身份证号前六位数据库
至强cpu服务器怎么用
装潢设计图软件开发
集群服务器怎么创建
x280适合软件开发吗
app汽车充电桩软件开发
数据库操作记录 工具
sql数据库写完还需要再保存吗
DNS服务器上能安装数据库吗