DHCP,
or Dynamic Host Configuration Protocol, allows an administrator to configure
network settings for all clients on a central server. The DHCP clients request
an IP address and other network settings from the DHCP server on the network.
The DHCP server in turn leases the client an IP address within a given range or
leases the client an IP address based on the MAC address of the client’s
network interface card (NIC). If an IP address is assigned according to the MAC
address of the client’s NIC, the same IP address can be leased to the client
every time the client requests one.
DHCP
makes network administration easier and less prone to error. For example, when
network settings or the IP address range of a network changes, instead of
changing the configuration files on each client, the administrator simply
changes the configuration on the DHCP server and applies the changes. If your
network consists of hundreds of clients, it is easy to see the benefits.
From
the user’s point of view, DHCP can be useful for mobile computing. If a laptop
is configured to use DHCP for its network settings, it can easily move from one
network to another without reconfiguration or user intervention as long as the
network includes a DHCP server with an available IP address for the laptop.
Configuring the Server
To
configure a Red Hat Enterprise Linux system as a DHCP server, the dhcp RPM
package must be installed. If it is not installed, The DHCP server can allow
any system on the network to retrieve an IP address, assign systems the same IP
address each time one is requested, or a combination of the two.
The
DHCP service uses the /etc/dhcpd.conf configuration file. A file without any
configuration options is installed at this location with the dhcp package, and
a sample file is provided in /usr/share/doc/dhcp-<version>/dhcpd.conf.sample.
In
older versions of DHCP, the ad-hoc DNS update scheme was available. In the
current version, it is depreciated and does not work. Thus, the interim scheme
is highly recommended. For more details, refer to the dhcpd.conf man page with
the command man dhcpd.conf. As you can see from the sample configuration file
/usr/share/doc/dhcp<version>/dhcpd.conf.sample, the first line of /etc/dhcpd.conf
should define the DNS update scheme:
ddns-update-style
interim;
Listing
contains an example DHCP configuration file. In this example, three subnets are
defined, two of which are on the same physical network. In the 192.168.0.0
subnet declaration, several options including the gateway, subnet mask, and DNS
server are configured for all clients in the subnet. Clients in the subnet who
request an IP address are leased an IP address in the 192.168.0.128 to
192.168.0.254 range with the exception of the system defined in the host
statement. If the system with the MAC address listed in the host statement
connects, it is leased the 192.168.0.4 IP address each and every time.
LISTING Example DHCP
Configuration File
ddns-update-style
interim;
authoritative;
subnet
192.168.0.0 netmask 255.255.255.0 {
#global parameters for the subnet
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option domain-name “example.com”;
option domain-name-servers 192.168.1.1;
range dynamic-bootp 192.168.0.128
192.168.0.254;
default-lease-time 21600;
max-lease-time 43200;
# fixed address example
host jadefox {
next-server ns.example.com;
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 192.168.0.4;
}
}
shared-network third-floor {
#global parameters for the shared network
option routers 192.168.0.1;
option
subnet-mask 255.255.255.0;
option
nis-domain “example.com”;
option
domain-name “example.com”;
option
domain-name-servers 192.168.1.1;
default-lease-time
21600;
max-lease-time
43200;
subnet
192.168.10.0 netmask 255.255.255.0 {
range
dynamic-bootp 192.168.10.1 192.168.10.254;
}
subnet
192.168.20.0 netmask 255.255.255.0 {
range
dynamic-bootp 192.168.20.1 192.168.20.254;
}
}
In
Listing the two subnets in the shared-network grouping are on the same physical
network and share all the parameters defined before the first subnet
declaration within the shared-network declaration. Each subnet then has an IP
address range defined for its clients.
To
configure global settings for multiple declaration groups, use the group
statement as shown in Listing In this example, all the options outside the two
host declarations apply to both host declarations. The group statement is not
limited to host statements. It can be used to declare the same options for
multiple subnets, for example.
LISTING Example group
Declaration
group {
#common parameters
for both host declarations
option
routers 192.168.10.254;
option
subnet-mask 255.255.255.0;
option
domain-name “example.com”;
option
domain-name-servers 192.168.10.24;
default-lease-time
21600;
max-lease-time
43200;
host printer
{
option
host-name “printer.example.com”;
hardware
ethernet 01:BE:BB:5E:1A:CC;
fixed-address
192.168.10.7;
}
host payroll
{
option
host-name “payroll.example.com”;
hardware
ethernet 02:B4:7C:43:DD:FF;
fixed-address
192.168.10.10;
}
}
Common DHCP
parameters are described For a complete list, refer to the dhcpd.conf man page
with the command man dhcpd.conf.
TABLE Common DHCP
Parameters
Command Description
routers Router
or gateway for the client’s network
configuration.
domain-name Domain name for
the client’s network configuration.
domain-name-servers DNS
servers for the client’s network configuration.
default-lease-time
<time> Length of client
lease, in seconds, if client does not request a different lease length.
max-lease-time
<time> Maximum amount
of time, in seconds, the server will lease an IP address.
min-lease-time
<time> Minimum
amount of time, in seconds, the server will lease an IP address.
local-port By default,
DHCP listens for request on UDP port 67. Use this option to listen on a
different UDP port.
range
<start-ip> <end-ip> Range
of IP addresses to lease to clients.
log-facility
<facility> Instead
of logging to /var/log/messages, log to the specified facility. Refer to the
“Logging Connections” section of this chapter for details.
host-name Specify a
hostname for the client within a host declaration.
hardware <type>
<address> Specify the
hardware address of a client such as the MAC address of an Ethernet card.
<type> can be either ethernet or token-ring.
fixed-address
<IP-address> IP address
that should be assigned to a specific host. Only valid within a host
declaration.
After
a client has successfully leased an IP address from the server, that IP address
is reserved for the MAC address of the client for a specific amount of time as
determined by a combination of the default-lease-time, maximum-lease-time, and
minimum-lease-time parameters. This information is recorded in the
/var/lib/dhcp/dhcpd.leases file on the DHCP server to make sure an IP address
isn’t assigned to more than one system at the same time.
Starting and Stopping the Server
Like
the other services in Red Hat Enterprise Linux, DHCP can be started, stopped,
and restarted with the service command as root. To start the server, use the
service dhcpd start command. Each time the server is started, it looks for the
/var/lib/dhcp/dhcpd. leases file. If it is not found, the service is not
started. Before the service is started for the first time, the file must be
created with the command touch /var/lib/dhcp/dhcpd.leases.
The
command service dhcpd status displays whether the service is running. The command
service dhcpd restart restarts the service, including re-reading the configuration
file. Remember that the dhcpd service must be restarted after the configuration
file is modified.
To
configure the DHCP service to start automatically at boot time, use the
command:
chkconfig
dhcpd on
The
DHCP server also looks for the /etc/sysconfig/dhcpd configuration file on
startup. It is not required, but it can be used to define command-line options
to dhcpd. The default file contains the following lines:
#
Command line options here
DHCPDARGS=
For
example, to only listen for connections on a specific network interface:
DHCPDARGS=eth0
This
argument is useful for a DHCP server with separate network cards for traffic
inside and outside a private network. For security reasons, the DHCP server
should only listen for client connections on the NIC configured for internal
traffic.
Additional
command-line options are explained in the man page for dhcpd. Use the command
man dhcpd to read it.
Logging Connections
By
default, log messages from the DHCP server are written to /var/log/messages.
However,
DHCP supports logging to a separate file by adding the following statement to the
top of dhcpd.conf:
log-facility
<facility>;
For
example, to use the local7 facility of syslog, use the following line:
log-facility
local7;
The
/etc/syslog.conf file must also be modified to include the following:
#Log
DHCP daemon messages to separate file
local7.*
/var/log/dhcpd.log
You
can use a different name for the log file, but the syslog.conf line must
include its full path and it must be created with the same permissions as the
/var/log/messages file. Also restart syslog to enable the change (as the root
user):
service
syslog restart
Because
the log-facility statement is not read until dhcpd.conf is read, all logs
before reading the configuration file are still written to /var/log/messages.
For
more details on log facilities, refer to the syslog and syslog.conf man pages.
0 comments:
Post a Comment