Xa uqhagamshela ikhompyutha kwinethiwekhi, into yokuqala eyenzayo kukufumana indlela yokufumana idilesi ye-IP yayo ukuze ikwazi ukunxibelelana. KwiWindows, ezona ndlela ziqhelekileyo zi I-DHCP, i-manual configuration (static IP), i-APIPA kunye, kwi-IPv6, i-SLAACIndlela nganye ineenzuzo, imida, kunye neemeko ezithile zokusetyenziswa ezimele ziqondwe ukuphepha iintloko.
Siza kudlula, inyathelo ngenyathelo, indlela nganye isebenza ngayo, yeyiphi imiyalezo umxumi atshintshiselana ngayo nomncedisi, Ungazixilonga njani iingxaki eziqhelekileyo ezinje ngokuJonga iDHCP edume kakubiZiziphi ezinye iindlela ezikhoyo (BOOTP, Zeroconf, DHCPv6/SLAAC), kwaye ngawaphi amanyathelo okhuseleko omele uwavule ukukhusela inethiwekhi yakho kumaseva angagunyaziswanga okanye uqeshise ukuhlaselwa kokuphelelwa amandla?
Yintoni i-DHCP kwaye yeyiphi imilinganiselo ehambisa ngayo?
Iprothokholi yeDHCP yabela ngokuzenzekelayo iidilesi ze-IP kubathengi, kwaye ngaphezu koko, Isasaza iiparamitha ezibalulekileyo ezifana nemaski, isango, kunye neDNS.Ichazwa yi-RFC 2131 kwaye ivumela iindlela ezintathu zolwabiwo: i-manual (ugcino), oluzenzekelayo, kunye nokuguquguqukayo.
Nangona sihlala sicinga nge-IP, imaski kunye nesango, abancedisi banokuthumela ukhetho oluninzi: I-DNS yokuqala/yesibini, igama lesizinda, MTU, NTP, WINS, TFTP, LDAP, NIS kunye nezinye iimpawu eziphambili. Oku kwenza ulawulo lube kwindawo enye kwaye lungaguquguquki, kuthintelwa iimpazamo zoqwalaselo ngesandla kwisixhobo ngasinye.
Iindlela eziqhelekileyo zolwabiwo kwiiseva kunye neerotha:
- Imanuwali okanye imile (ugcino): Ikhonkco le-IP-MAC okanye ngeSichongi soMxumi ukuze ikhomputha isoloko ifumana i-IP efanayo.
- ZenzekelayoIdilesi ye-IP inikezelwe ngokungenasiphelo de ikhutshwe; ezinye ii-firmwares zisebenzisa ii-algorithms ezingalandelelaniyo ezisekelwe kwidilesi ye-MAC.
- Inamandla: eyona ndlela iguquguqukayo, ngokuphinda kusetyenziswe iidilesi kunye nolawulo lwamaxesha oqeshiso.
Umncedisi ugcina ilogi yee-IPs ezinikezelweyo kunye needilesi zabo ezihambelanayo ze-MAC, ezithi Ithintela ukuphindaphinda kwaye ivumela ukusetyenziswa kwakhona kweedilesi xa ziphelelwe lixesha.Ngale ndlela, uthungelwano luhlala lucwangcisiwe kwaye lukhula.
Umjikelo weDORA kunye namazibuko abandakanyekayo
Xa ikhomputha idibanisa okokuqala kwaye ingenayo idilesi ye-IP, ithumela ipakethi I-DHCP DISCOVER ukusuka ku-0.0.0.0 ukuya ku-255.255.255.255 Ukufumana abancedisi, i-UDP isetyenziswa, kunye ne-port yomthombo 68 (umxhasi) kunye ne-port ye-67 (umncedisi). Ukuba i-firewall ivalela la mazibuko nokuba kumxhasi okanye umncedisi, akukho midibaniso iya kwenziwa.
Umncedisi omamelayo uphendula nge I-DHCP OFFER ebonisa idilesi ye-IP yomgqatswa kunye neenketho. Umxhasi uphendula nge ISICELO se-DHCP eqinisekisa ukhetho lwabo kwaye umncedisi agxothe nge I-DHCP ACKLo mjikelo we-DORA unokuxuba usasazo kunye ne-unicast ngokuxhomekeke kuqwalaselo, kwaye ekugqityweni, umxhasi ukhupha i-cache ye-ARP. Ihlola iingxabano kwaye, ukuba ifumanisa ii-IP ezisetyenziswayo, ithumela i-DHCPDECLINE..
Ukongeza kwizibuko ze-UDP 67/68, kuyacetyiswa ukuba ujonge ukuba ezinye iinkonzo ezifana ne-PXE/WDS azingqubani. Umyalelo olula othi `netstat -anb` unceda ekuboneni iinkqubo ezidityaniswe nelo zibuko. ukuphelisa nawaphi na amathandabuzo.
APIPA kwi-Windows: ikhonkco-local 169.254/16
Ukuba ikhomputha iyasilela ukudibanisa kwiseva ye-DHCP, iWindows ivula i-APIPA kwaye ngokuzenzekelayo iqwalasele IPv4 169.254.0.0/16 ngemaski 255.255.0.0Yidilesi yendawo yekhonkco elungiselelwe uthungelwano olungenamncedisi okanye uxilongo, kwaye rhoqo ngemizuzu embalwa inkqubo izama kwakhona ukufumana uqeshiso olusebenzayo.
Umbuzo ophindaphindiweyo: ngaba unokunyanzeliswa ukuba, xa unqanyulwa kwi-DHCP, i-NIC isebenzisa 192.168.0.x endaweni 169.254.xxKwi-Windows, uluhlu lwe-APIPA alunakutshintshwa, kodwa ungasebenzisa ithebhu ye Uqwalaselo olulolunye Kwi-IPv4: shiya i-adaptha iseti Ukufumana idilesi ye-IP ngokuzenzekelayo kwaye, ngolunye uqwalaselo, chaza idilesi ye-IP yogcino lwe-static (umzekelo, 192.168.0.10/24 kunye nesango layo). Ngale ndlela, ukuba akukho mncedisi we-DHCP, uya kusebenzisa idilesi ye-IP engatshintshiyo; ukuba iseva iyafumaneka, iya kubuyela kwi-DHCP ngaphandle kokuba utshintshe nantoni na.
Ukuba ufuna ukutshintsha phakathi kweeprofayili ezinzima ngakumbi, ungasebenzisa PowerShell okanye netsh ukutshintsha phakathi kweeprofayileokanye wenze izikripthi ezenza zisebenze/zivale iidilesi ze-IP ezizizo ezisekelwe kwindawo. Into engasebenziyo kukuba ne-DHCP kunye nedilesi ye-IP engatshintshiyo ngaxeshanye kujongano olufanayo ngaphandle kokulawula, kuba Unokubangela iingxabano okanye iindlela ezingacacanga.
IPv6, SLAAC kunye neDHCPv6: uqwalaselo oluzenzekelayo olungenammiselo
Kuthungelwano lwe-IPv6, izixhobo zinokuziqwalasela ngokwazo zisebenzisa I-SLAAC isebenzisa iiNtengiso zeRouterOku kuphelisa imfuno yomncedisi ukwenza idilesi. Nangona kunjalo, kwiindawo ezininzi zidityaniswa I-DHCPv6 ukusasaza i-DNS okanye ezinye iiparamitha, ekubeni i-SLAAC yodwa inokusilela kulawulo.
Khumbula ukuba kwi-IPv6 kuhlala kukho a ikhonkco-lendawo FE80::/64 Ngojongano lwayo, iluncedo kulawulo kunye noxilongo. Iindlela ezizezinye ezifana neZeroconf zenza lula uthungelwano oluncinci, kodwa kwinqanaba leshishini lilinganiselwe kwi-scalability kunye nolawulo.
Indawo yokubeka iseva ye-DHCP
Ungayifaka kumncedisi obonakalayo okanye wenyani. Kwi-virtualization nge-Hyper-V, ukuba i-DHCP iyafuneka Ukusebenzela inethiwekhi ebonakalayo, i-vSwitch kufuneka ibe yangaphandle.Qhagamshelana nesikhokelo sethu ku iinethiwekhi ze-hypervisorKuphephe ukuxhomekeka kwi-hardware efana nee-GPUs kuloo VM kwaye uvavanye impembelelo ye-virtualization kwi-latency ukuba umamkeli usebenzisa ii-apps ezinovakalelo.
I-Windows Server ineempawu eziphambili ezinomdla (i-failover, imfuduko ephilayo, i-SR-IOV, i-VHDX ekwabelwana ngayo), ngelixa Windows 10/11 inikeza iinketho ezisisiseko ngakumbi njenge-NAT engagqibekanga kunye neetemplate ezikhawulezayoKhetha iqonga elisekelwe kubukho bakho kunye neemfuno ze-HA.
Ukuphunyezwa okusebenzayo kunye nohlengahlengiso oluphambili
Kwiseva yeWindows, faka indima yeDHCP, igunyazisa umncedisi kwi-Active Directory kwaye ichaza imida ngoluhlu lwayo, imaski, ukukhutshwa, kunye nexesha lesibonelelo. Qwalasela iziqinisekiso ze uhlaziyo lweDNS oluguqukayo (iirekhodi ze-A/PTR) Kwaye, ukuba unamakhadi amaninzi, nciphisa isibophelelo kujongano olufanelekileyo.
Kuthungelwano ngeeVLAN, awudingi mncedisi ngeVLAN nganye: sebenzisa iiarhente zokuthumela (IP Helper) kwiirotha okanye ii-SVI ​​ukuhambisa izicelo kumncedisi ophakathi. Lungisa ingqesho: kwiinethiwekhi ezizinzileyo unokushiya iintsuku; kuthungelwano lwetrafikhi ephezulu (iindwendwe, iWi-Fi yeendwendwe) Nciphisa ixesha kwiiyure ezimbalwa ukuhlaziya ii-IPs ngokukhawuleza.
Kwizisombululo ezifana ne-pfSense unokwenza amachibi nge-subnet, Vula iinketho eziphambili (NTP, TFTP, LDAP) kwaye uchaze uluhlu lolawulo lofikelelo. Kwiirotha zasekhaya (i-ASUS okanye i-AVM FRITZ! Ibhokisi) ukhetho lulinganiselwe ngakumbi, kodwa luvumela ukutshintsha i-DNS, uluhlu kunye nokwenza iimaphu ezimileyo.
I-DHCP engatshintshiyo (ugcino) kwii-router kunye ne-firewall
Oku kubizwa ngokuba yi-DHCP engatshintshiyo, i-Static Mapping okanye ugcino lubandakanya Xhuma idilesi ye-MAC kwidilesi ye-IP ukuze isixhobo sisoloko sifumana idilesi efanayo.Ifanelekile kubashicileli, iikhamera, iNAS okanye ikhaya/iiseva zamashishini amancinci ngaphandle kokuqwalasela umxhasi ngamnye ngesandla.
Kwi-pfSense, i-MAC/Client Ichongi kunye neeparamitha ezifana negama lenginginya, DNS, WINS okanye NTP zingeniswa njengesiqhelo. Kwi-ASUS, oku kwenziwa kwi-LAN ⇢ Iseva ye-DHCP, yongeza i-MAC kunye ne-IP., kunye ne FRITZ!Ibhokisi esuka kuThungelwano, ngokuhlela isixhobo kunye nokuphawula ukuba ihlala isebenzisa i-IPv4 efanayo (itshintsha i-octet yokugqibela ngaphakathi koluhlu).
Ukhuseleko: I-DHCP ekhohlakeleyo, i-Snooping kunye ne-IP Source Guard
I-DHCP ayinabungqina bendalo, ngoko isengozini. Umhlaseli unokuphakamisa a I-DHCP ekhohlakeleyo ukubonelela ngamasango akhohlakeleyo okanye i-DNS, ukwenza uMntu kuhlaselo oluphakathi, okanye kubangele ukwaliwa kwenkonzo.
Olona khuselo lusebenzayo kutshintsho olulawulwayo lu Uvavanyo lwe-DHCPUphawula kuphela amazibuko akhokelela kumncedisi osemthethweni njengothenjiweyo kwaye uvala i-OFFER/ACK kumazibuko angagunyaziswanga. Gcwalisa nge IP Source Guard, esebenzisa i-database ye-Snooping ukuhluza ii-IPs ezingcolileyo ekufikeleleni.
Olunye uhlaselo oluqhelekileyo lu Indlala yeDHCP (izicelo ezininzi ezineedilesi zomgunyathi ze-MAC zokukhupha idama). Ukunciphisa ngokunciphisa amaxabiso kwizibuko ngalinye, kusetyenziswa i-802.1X ekufikeleleni ngeengcingo kwaye, kuthungelwano lomthwali, iilebhile zokudlulisa umyalezo (RFC3046) okanye uqinisekiso lomyalezo (RFC3118, isetyenzisiwe kancinci). Izigodo zokubeka iliso kunye nezilumkiso ngundoqo.
Izinto eziluncedo kunye nezingeloncedo zokusebenzisa iDHCP
Phakathi kwamandla ayo: uqwalaselo olusembindini, iimpazamo zabantu ezimbalwa, ulawulo lotshintsho, kunye nesantya ngokusasaza izicwangciso kuyo yonke inethiwekhi. Ngaphaya koko, ikhusela impixano ye-IP ephindwe kabini kwaye ivumela ukuzenzekelayo kweeparamitha ezibalulekileyo njenge-DNS.
Phakathi kweengxaki zayo: ukuba kukho iseva enye kwaye yehla, Abathengi abanakukwazi ukuhlaziya umnyinyiva waboKwakhona, ukhetho olungachazwanga kakuhle lunokusasazeka kuye wonke umntu, kwaye ubukhulu becala, iinethiwekhi eziyilwe kakubi, unokulugqiba uluhlu. Yiyo loo nto kubalulekile ukucwangcisa ngononophelo imida, ukukhutshwa, kunye nokufumaneka okuphezulu.
Uyivula nini kwaye ungayivulwa nini
Yivule nanini na ufuna iinkqubo izenzekelayo kwaye iyahambelana: iiofisi, iikhampasi, amakhaya anezixhobo ezininzi, uthungelwano lweendwendwe, okanye iindawo eziphathwayo.
Yiphephe okanye uyidibanise ne-IPs engatshintshiyo xa usebenzisana nayo iiseva ezibalulekileyo, izixhobo zokhuseleko, iirotha, iindonga zomlilo, okanye iimeko ezineemfuno zolawulo oluneenkcukachaKuthungelwano oluncinci, olungatshintshiyo, isixokelelwano samanani esisisigxina esilula sinokwanela.
Imposiso yokuKhangela yeDHCP kwiWindows: Izisombululo eziKhawulezayo
Ukuba ufumana impazamo yokuJonga i-DHCP xa uqala iPC yakho kwaye ulahlekelwe yidilesi yakho ye-IP, zama oku kulandelayo: ipconfig / vuselela kwi-CMD (iya kunyanzela ukuqeshisa okutsha) kwaye, ukuba kuyimfuneko, ipconfig / ukukhululwa kulandelwa ngu / hlaziya ukuqala kwakhona umjikelo.
Hlaziya i abaqhubi iadaptha yenethiwekhi (Uhlaziyo lweWindows, uMphathi weSixhobo okanye iwebhusayithi yomenzi), phinda uqalise irutha ngokufanelekileyo (yicime imizuzwana engama-30) kwaye usebenzise solucionador de problemas yeNethiwekhi kunye ne-Intanethi.
Ukuba ingxaki iyazingisa, kwizicwangciso ⇢ Umsebenzi womnatha & Internet ⇢ Ubume, sebenzisa Ukuseta kwakhona inethiwekhi (Phinda ubuyisele abaqhubi kwaye ubuyisele useto). Kuthungelwano olunamakhulukhulu ekhompyuter, jonga ukuba ufuna ukutshintsha imaski ye-subnet iye kwenye into. uhlobo /16 okanye /8; emakhayeni akudli ngokuba yimfuneko.
Uluhlu lokujonga uxilongo: iseva kunye nabaxhasi
Kwiseva, qinisekisa: Inkonzo ye-DHCP iqalile, iseva igunyaziswe, irenti yasimahla, ukungabikho kwe-BAD_ADDRESS, ukuba i-NIC yokubopha ikwi-subnet echanekileyo (Get-DhcpServerv4Binding/ v6) kwaye kuphela inkonzo ye-DHCP iphulaphula kwi-UDP 67/68 (netstat -anb).
Ukuba usebenzisa i-IPsec, yongeza i Ukukhululwa kwi-DHCPJonga ukufikelela kwii-arhente zokudlulisa kunye nokuhlaziya izihluzi / imigaqo-nkqubo. Kwicala lomxhasi: i-cabling, i-MAC yokucoca kwiiswitshi, iadaptha esebenzayo, Inkonzo yoMxumi yeDHCP iyaqhuba kunye ne-firewall ngaphandle kokuvala i-UDP 67/68.
Hlalutya iDORA ngeWireshark
Thatha umxhasi kunye nomncedisi, phinda uvelise ingxaki (umzekelo, ipconfig / vuselela) kunye necebo lokucoca nge-DHCP. Khangela imiyalezo emine (FUMANA, BONISA, SICELA, ACK). Ukuba kukho abalahlekileyo, Uya kuwa endleleni.
Iimpawu eziqhelekileyo: umxhasi ubonisa i-DISCOVER kodwa umncedisi akayiboni (ibhloko ye-server-side block), okanye iseva ithumela i-OFFER kwaye umxhasi akayifumani (ibhloko yokubuyisela). Xa uqinisekisa ilahleko, ibandakanya iqela lenethiwekhi ukujonga ACLs, VLANs, snooping, DAI okanye firewall.
Iirekhodi kunye nokuqokelelwa kwedatha
Jonga ifayile Inkonzo ye-DHCP kunye neelogi zenkqubo (Usetyenziso kunye neelog zenkonzo ⇢ Microsoft ⇢ Windows ⇢ DHCP Server). Sebenzisa i Umbukeli weMnyhadala weWindowsIilog zedebug zihlala kwi% windir%\System32\Dhcp kunye neenkcukacha zokuqeshisa kwe-DNS kunye nohlaziyo.
Ukuba uza kuvula itikiti, unokuqokelela umkhondo usebenzisa izixhobo zenkxaso ezisebenzayo (TSS). ngamalungelo omphathi, ukwamkela i-EULA kunye nokuvelisa kwakhona ingxaki ukupakisha ubungqina kwi-C:\MS_DATA.
Iindawo: iintlobo, ukhetho kunye nocwangciso
Umda yibhloko yeedilesi ezinokuthi umncedisi anike ngaphakathi kwesubnet. Ezona zixhaphakileyo zezi: umda omnye (uluhlu oludibeneyo), i-multicast domain (i-MADCAP, i-RFC 2730) kunye ne-superiannounces (eliphi iqela leendawo ezininzi zolawulo kunye nothungelwano olunee-subnets ezininzi kwindawo efanayo yomzimba).
Xa uyila, chaza uluhlu olupheleleyo, emva koko udale okungabandakanywayo kwii-IPs ezingatshintshiyo (iirutha, abancedisi, abashicileli), kwaye ulungiselele ugcino kubaxhasi abafuna ukugcina idilesi yabo ye IP. Kwakhona lungelelanisa iinketho zomda: isango, i-DNS, kwaye, ukuba usebenzisa i-WINS okanye umboneleli othile/iiklasi zabasebenzisi, zisebenzise apho kufanelekileyo.
Las ukubhuka Bahlala benika idilesi ye-IP efanayo kwi-NIC (ngedilesi ye-MAC). Ziluncedo kakhulu ekutshintsheni iidilesi ngaphandle kokufikelela kwisixhobo ngasinye. Khumbula ukuba ukuba i-DHCP iyasilela, ezo zixhobo ziya kuxhomekeka kumncedisi ukuba ahlaziye iidilesi zabo ze-IP.
Los amathuba okukhutshelwa Banqanda iingxabano xa unikezela ngee-IP ezingatshintshiyo phakathi koluhlu. Ungalibali ukushiya indawo yokukhula kwexesha elizayo kwaye ubhale ngokufanelekileyo ukuba ingakanani indawo ehleli kwi-IP nganye.
Imeko ye-EAP kunye neenethiwekhi ze-Wi-Fi: ngubani obonelela ngee-IPs
Ukusasazwa ngeendawo zokungena kwishishini (EAPs), ezi Ayenzi njengomncedisi we-DHCP.I-router idla ngokunika iidilesi ze-IP, kwaye i-PoE switch inika amandla amanqaku okufikelela. Qinisekisa ukuba iseva yeDHCP iyasebenza kwiVLAN echanekileyo kwaye ujongano lwendawo yofikelelo lubunjwe ngokuchanekileyo. ube nomda wenkonzo.
Kumxhasi weWindows, kwiiPropati ze-IPv4, yiyeke yenziwe Fumana idilesi ye-IP ngokuzenzekelayo Kwaye, ukuba kuyimfuneko, qwalasela iDNS ukuba izenzekele ngokunjalo. Ukuba akukho DHCP kuloo VLAN, sebenzisa enye indlela engatshintshiyo ekhankanywe ngaphambili.
Iindlela ezizezinye kunye nobuchwephesha obunxulumeneyo
Ngaphambi kweDHCP kwakukho IBHOOTPNgelixa iseluncedo ekuqaliseni idiskless, inqongophele kakhulu kuthungelwano lwangoku. I-Zeroconf yenza lula iindawo ezincinci ngaphandle komncedisi ophakathi. nangona ingalinganisi okanye inike ukulungiswa kakuhle..
Kwi-IPv6, SLAAC kunye I-DHCPv6 Ziyancedisana ukuphucula ulawulo nokusasazwa kokhetho. Kwaye ngenxa yothungelwano olukhulu, izisombululo ze Ulawulo lwedilesi ye-IP (IPAM) Babonelela ngokubonakala, ukuzenzekelayo, kunye nophicotho-zincwadi, ngaphandle kokuthatha indawo yeDHCP kodwa ukudibanisa nayo.
Ukufumaneka okuphezulu kunye nokuqwalaselwa kwenethiwekhi
Ixabiso le ukuphumelela phakathi kweeseva ze-DHCP okanye umda wokwahlula ukunciphisa impembelelo yokucima. Kwinethiwekhi, ukuba usebenzisa iVRRP/HSRP, DHCP Snooping kunye neDAI kufuneka zilungelelaniswe ngokufanelekileyo ukuphepha ukubhloka. iimpendulo ezisemthethweni.
Okokugqibela, ijonga ukuba akukho sixhobo esinedilesi ye-IP engatshintshiyo esihlasela uluhlu lomda kwaye sibangela i-BAD_ADDRESS, kwaye ii-relay agents Kufuneka ziqwalaselwe kuzo zonke iiVLAN eziyimfuneko. Ngaloo nto, i-concessions kufuneka ihambe kakuhle.
Ukuqonda ukuba iWindows iyifumana njani idilesi ye-IP, ukusuka kwi-DHCP kunye nogcino ukuya kwi-APIPA okanye kwi-SLAAC, ikuvumela ukuba uyile uthungelwano olucocekileyo nolukhuselekileyo: Qwalasela imida ngokufanelekileyo, zenzele ngokweeparamitha ezibalulekileyo, qinisa ngeSnooping/IPSG, kunye nokukhutshelwa ngaphandle kwamaxwebhu kunye nogcino.Kwaye uthembele kwizigodo kunye nescreenshots xa kukho into engadibanisiyo; ngaloo nto, inethiwekhi iyaphefumla kwaye wenze njalo nawe.
