Install and configure the isc dhcp server On Debian Linux

Install and configure the isc dhcp server On Debian Linux

The Dynamic Host Control Protocol (DHCP) provides a convenient way for network administrators to provide network layer addresses for ever-changing network hosts or Dynamic networks. The most common DHCP service tool is the isc dhcp Server. The purpose of the DHCP service is to provide the necessary network information for the host to communicate with other hosts connected to the network. Information provided by the DHCP service includes: DNS server information, network address (IP), subnet mask, default gateway information, and host name.

This tutorial describes how to manage multiple virtual LAN (VLANs) on the ISC-DHCP-Server running on Debian 7.7 4.2.4 and can be easily applied to a single network.

The network used for the test uses the Cisco router to manage the DHCP lease address in a traditional way. Currently, 12 VLANs need to be managed by a centralized server. After a DHCP task is transferred to a dedicated server, the vro can reclaim the corresponding resources and use the resources to more important tasks, such as routing addressing and access control lists, traffic Monitoring and network address translation.

Another advantage of transferring the DHCP service to a dedicated server will be discussed later. It can establish a dynamic Domain Name Server (DDNS), so that when the host requests a DHCP address from the server, in this way, the host name of the new host will be added to the DNS system.

 

Install and configure the isc dhcp server

1. Use apt to install the ISC software in the Debian software warehouse and create this multi-host server. Like other tutorials, you must use root or sudo for access. Modify the following command as needed. (LCTT annotation: The annotations in the brackets below. delete them when using them. # indicates the root permission)

1. # Apt-get install isc-dhcp-server [install the isc dhcp Server software]
2. # Dpkg -- get-selections isc-dhcp-server [confirm that the software has been successfully installed]
3. # Dpkg-s isc-dhcp-server [verify the installation in another way]

Install isc dhcp Server in Debian

2. confirm that the service software has been installed. Now we need to provide network information to configure the server so that the server can distribute network information as needed. As an administrator, the minimum required DHCP information is as follows:

• Network Address
• Subnet Mask
• Dynamically assigned address range

Other useful information about dynamic server allocation includes:

• Default Gateway
• DNS Server IP Address
• Domain Name
• Host Name
• Network broadcast address

This is only a small part of the options that can be processed by the isc dhcp server. If you want to view all options and their descriptions, enter the following command after installing the software:

1. #man dhcpd.conf

3. Once the Administrator has determined all necessary information for distribution on this server, it is time to configure the server and allocate the necessary address pool. Before configuring any address pool or server configuration, you must configure the DHCP server to listen to an interface on this server.

On this specific server, after the NIC is set, DHCP listens for the name'bond0'. Change the server and network environment according to your actual situation. The following configurations are for this tutorial.

Configure isc dhcp Network

This row specifies the DHCP traffic on the DHCP service listening interface (one or more. Modify the master configuration file and assign a suitable DHCP address pool to the desired network. The main configuration file is in/etc/dhcp/dhcpd. conf. Open this file in a text editor

1. #nano/etc/dhcp/dhcpd.conf

This configuration file can be used to configure the address pool/host we need. There is a 'ddns-update-style' statement at the top of the file. In this tutorial, it is set to 'None '. Dynamic DNS will be introduced in later tutorials, and ISC-DHCP-Server will be integrated with BIND9, which can update the host name to the IP address.

4. The following part is the administrator configuration of global network settings, such as DNS domain name, default lease time, IP address, subnet mask, and others. If you want to know all the options, read the dhcpd. conf file in the man Manual. The command is as follows:

1. #man dhcpd.conf

For this server, we need to configure some global network settings at the top of the configuration file so that we do not need to set them separately in each address pool.

Configure ISC DDNS

We will spend some time explaining these options. In this tutorial, although they are some global settings, they can also be configured separately for an address pool.

• Option domain-name "comptech. local";-all hosts using this DHCP server will become a member of the DNS domain "comptech. local"

• Option domain-name-servers 172.27.10.6; DHCP delivers the DNS server address 172.27.10.6 to all network hosts configured with this DHCP server.

• Option subnet-mask 255.255.255.255.0;-each network device is assigned a subnet mask 255.255.255.0 or 24

• Default-lease-time 3600;-default valid address lease time (in seconds ). If the lease time is exhausted, the host can apply for a new lease. If the lease is completed, the corresponding address will be reclaimed as soon as possible.

• Max-lease-time 86400;-this is the maximum lease time (in seconds) that a host can lease ).

• Ping-check true;-this is an additional test to ensure that the network address sent by the server is not the network address used by another host in the current network.

• Ping-timeout;-the number of seconds the server will wait for the ping response before determining whether the IP address has been used.

• Ignore client-updates; this option can be ignored because DDNS is already disabled in the configuration file, but when DDNS is running, this option ignores the host's request to update its DNS host name.

5. the following line in the file is the row where the authoritative DHCP is located. This line indicates that if the server is the server with the network distribution address configured in the file, the comment on this authoritative keyword (authoritative stanza) is canceled.

Remove the '#' before the keyword authoritative to uncomment the global authoritative keyword. This server will be the only authority in the network it manages.

Enable ISC Authoritative

By default, the server is assumed to be not an authoritative server on the network. This is done for security considerations. If someone does not know the configuration of the DHCP service, it may lead to improper configuration or is configured in a network that should not appear, which will cause serious connection problems. This line can also be configured separately in each network. That is to say, if this server is not the DHCP server of the entire network, the authoritative line can be used in each individual network, rather than the global configuration as above.

6. configure all DHCP address pools/networks to be managed by the server. To be brief, this tutorial only describes one of the configured address pools. As administrators, they need to collect necessary network information (such as domain names, network addresses, and how many addresses can be distributed)

The information used by the following address pool is collected by the Administrator: network ID 172.27.60.0, subnet mask 255.255.0 or/24, default subnet gateway 172.27.60.1, broadcast address 172.27.60.255.0.

The above information is very important for building a new network in the dhcpd. conf file. Use the text editor to modify the configuration file and add a new network. here we need to use root or sudo for access.

1. #nano/etc/dhcp/dhcpd.conf

Configure DHCP Pools and Networks

In this example, an IP address is assigned to the virtual server created with VMWare. The first line shows the subnet mask of the network. The content in the brackets is all the options that the DHCP server should provide to hosts on the network.

The first line, range 172.27.60.50 172.27.60.254; shows the IP address range that the DHCP service can dynamically distribute to the host on this network.

Row 2: option routers 172.27.60.1; the default gateway address distributed to all hosts in the network is displayed.

In the last line, option broadcast-address 172.27.60.255 is displayed. The broadcast address of the current network is displayed. This address cannot be included in the address range to be distributed, because the broadcast address cannot be allocated to a host.

It must be emphasized that the end of each line must end with (;), and all created networks must be in.

7. If you want to create multiple networks, continue to create their corresponding options and save the text file. After the configuration is complete, the ISC-DHCP-Server process needs to be restarted to make the new change take effect. To restart a process, run the following command:

1. # service isc-dhcp-server restart

This command will restart the DHCP service. The administrator can check whether the server can process dhcp requests in several different ways. The simplest way is to use the lsof command to check whether the server is listening on port 67. The command is as follows:

1. #lsof-i :67

Check DHCP Listening Port

The output indicates that the dhcpd (DHCP daemon) is running and listening on port 67. Because of port 67 ing in the/etc/services file, the output port 67 is actually converted to "bootps ".

This is very common in most systems. Now the server should be ready for network connection. We can request a DHCP address for a host to access the network to verify whether the service is normal.

 

Test Client Connection

8. Currently, many systems use the network manager to maintain the network connection status. Therefore, this device should be configured in advance so that DHCP can be obtained as long as the corresponding interface is active.

However, when a device cannot use the network manager, it may need to manually obtain the DHCP address. The following steps demonstrate how to obtain the address manually and check whether the server has been distributed as needed.

The 'ifconfig' tool can be used to check interface configurations. The DHCP server device used for testing has only one network adapter, which is named 'eth0 '.

1. #ifconfig eth0

Check Network Interface IP Address

The output result shows that the device does not have an IPv4 address, which is convenient for testing. We connect this device to the DHCP server and send a request. A DHCP client named 'dhclient' has been installed on this device. Because the operating systems are different, the client software is also different.

1. # dhclient eth0

Request IP Address from DHCP

Current'inet addr:'The IPv4 address within the network address range of 172.27.60.0 is displayed. We are pleased that the current network has configured the correct subnet mask and distributed broadcast addresses.

It looks pretty good here. Let's test to see if the device received the new IP address from the server. Here, we can complete this task by referring to the server log file. Although this log contains hundreds of thousands of logs, only a few logs are used to determine whether the server works normally. Here we use a tool 'tail', which only displays the last few lines of the log file, so that we don't have to use a text editor to view all the log files. The command is as follows:

1. #tail/var/log/syslog

Check DHCP Logs

OK! The server record indicates that it has distributed an address to the host (HRTDEBXENSRV ). The server runs as expected and distributes suitable network addresses to the network serving as the authoritative server. So far, the DHCP server is successfully set up and running. If necessary, you can continue to configure other networks to troubleshoot and ensure security.

In future Debian tutorials, I will introduce some new ISC-DHCP-Server features. If I have time, I will write a tutorial on Bind9 and DDNS, which will be integrated into this article.

Via: http://www.tecmint.com/install-and-configure-multihomed-isc-dhcp-server-on-debian-linux/

Author: Rob Turner Translator: ivo-wang Proofreader: wxy

This article was originally translated by LCTT and launched with the Linux honor in China

This article permanently updates the link address: