DHCP: Verskil tussen weergawes
Content deleted Content added
Uitleg van bronteks |
|||
Lyn 8:
DHCP is vanaf Oktober 1993 die [[standaard|standaardprotokol]] vir die internet. Die nuutste DHCP-spesifikasie word in RFC 2131 uiteengesit. DHCP is in wese die opvolger van die ouer [[BOOTP]]-protokol wat adresse vir 'n onbeperkte tydperk uitgegee het. Bittermin netwerke gebruik egter nog BOOTP.
== Oorsig ==
DHCP outomatiseer die toeken van IP-adresse. 'n Kliënt op die netwerk stuur 'n versoek uit na 'n DHCP-bediener op 'n plaaslik verbinde netwerk. Die DHCP-bediener stuur dan 'n antwoord aan die kliënt met sy toegekende IP-adres, subnetmasker, DNS-bediener en standaard roetebeheerders.
Die toekenning van IP-adresse verval gewoonlik na 'n voorafbepaalde tydperk, waarna die DHCP-kliënt en -bediener weer 'n ooreenkoms moet bereik oor 'n nuwe IP-adres vanuit die bediener se voorafgedefinieerde adrespoel. DHCP is 'n uitsaai-protokol. Soos met ander uitsaaiverkeer op 'n netwerk gaan dit nie deur 'n [[roetebeheerder]] nie tensy dit spesifiek sodanig opgestel is nie. Gebruikers wat hierdie funksies verlang moet hulle roetebeheerders opstel om DHCP-verkeer oor [[UDP]]-poorte 67 en 68 deur te laat.
== Implementerings ==
[[Microsoft]] het DHCP op hulle [[Windows NT|NT-bedieners]] bekendgestel vanaf weergawe 3.5 in laat 1994. [[Windows 2000]] en [[Windows 2003]] sluit ook DHCP as 'n kenmerk in.
Lyn 20:
[[Novell]] het 'n DHCP-bediener in hulle [[Novell NetWare|NetWare]] bedryfstelsel ingesluit sedert weergawe 5 wat in 1998 vrygestel is. Dit word egter as 'n bykomende diens ingesluit aangesien Netware steeds die [[IPX/SPX]] protokolsuite gebruik en daarom word dit nie gereeld op Novell-netwerke gebruik nie.
== IP-adrestoekenning ==
Afhangende van die implementering, kan die DHCP-bediener drie metodes gebruik om IP-adresse toe te ken:
* '''handmatige toekenning''', waar die DHCP-bediener die toekenning doen aan die hand van 'n tabel met [[MAC-adres]] en IP-adrespare wat per hand deur die [[kliënt-bediener|bediener]] se administrateur ingevul word. Slegs kliënte met 'n MAC-adres wat in die tabel gelys word, word IP-adresse toegestaan.
Lyn 30:
Hierdie besluit bly egter deursigtig vir die kliënte op die netwerk. Sommige DHCP-bedieners kan ook die DNS-naam wat met die kliëntrekenaar verbind word opdateer om die nuwe IP-adres te reflekteer. Hulle maak gebruik van die DNS opdateerprotokol wat in RFC 2136 gedefinieer.
== DHCP en brandmure ==
[[Brandmuur (netwerk)|Brandmure]] moet gewoonlik doelbewus opgestel word om DHCP-verkeer deur te laat. Die spesifikasie van die DHCP kliënt-bediener protokol beskryf verskeie gevalle waar die pakkies die bronadres van <tt>0x00000000</tt> of die teikenadres van <tt>0xffffffff</tt> moet hê. Brandmure wat met streng reëls opgestel is om aanvalle met vervalste IP-adresse af te weer, verhoed dikwels dat sulke pakkies deurgelaat word. DHCP-bedieners met veelvuldige netwerkaansluitings (Engels: multihoming) maak die opstelling nog meer ingewikkeld en vereis 'n omsigtige benadering.
Lyn 40:
where ''dhcp-ip'' represents any address configured on a DHCP server host and ''dhcp-pool'' stands for the pool from which a DHCP server assigns addresses to clients
=== Example in ipfw firewall ===
To give an idea of how a configuration would look in production, the following rules for a server-side [[ipfirewall]] to allow DHCP traffic through. Dhcpd operates on interface rl0 and assigns addresses from 192.168.0.0/24 :
pass udp from 0.0.0.0,192.168.0.0/24 68 to me 67 in recv rl0
Lyn 46:
pass udp from me 67 to 192.168.0.0/24,255.255.255.255 68 out xmit rl0
=== Example in Cisco IOS Extended ACL ===
The following entries are valid on a Cisco 3560 switch with enabled DHCP service. The ACL is applied to a routed interface, 10.32.73.129, on input. The subnet is 10.32.73.128/26.
10 permit udp host 0.0.0.0 eq bootpc host 10.32.73.129 eq bootps
Lyn 52:
30 permit udp any eq bootpc host 255.255.255.255 eq bootps
== Technical details ==
DHCP uses the same two [[IANA]] assigned ports as [[BOOTP]]: 67/udp for the [[server-side|server side]], and 68/udp for the [[client-side|client side]].
Lyn 58:
DHCP operations fall into four basic phases. These phases are IP lease request, IP lease offer, IP lease selection, and IP lease acknowledgement.
=== DHCP discovery ===
The client broadcasts on the local physical subnet to find available servers. Network administrators can configure a local router to forward DHCP packets to a DHCP server on a different subnet. This client-implementation creates a [[User Datagram Protocol|UDP]] packet with the broadcast destination of 255.255.255.255 or subnet broadcast address and also requests its last-known IP address (in the example below, 192.168.1.100) although the server may ignore this optional parameter....
Lyn 89:
</table></td>
=== DHCP offers ===
When a DHCP server receives an IP lease request from a client, it extends an IP lease offer. This is done by reserving an IP address for the client and broadcasting a DHCPOFFER message across the network. This message contains the client's MAC address, followed by the IP address that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP server making the offer.
Lyn 123:
</table></td>
=== DHCP requests ===
Whenever a computer comes on line, it checks to see if it currently has an IP address leased. If it does not, it requests a lease from a DHCP server. Because the client computer does not know the address of a DHCP server, it uses 0.0.0.0 as its own IP address and 255.255.255.255 as the destination address. Doing so allows the client to broadcast a DHCPDISCOVER message across the network. Such a message consists of the client computer's Media Access Control (MAC) address (the hardware address built into the network card) and its [[NetBIOS]] name.
Lyn 154:
</table></td>
=== DHCP acknowledgement ===
When the DHCP server receives the DHCPREQUEST message from the client, it initiates the final phase of the configuration process. This acknowledgement phase involves sending a DHCPACK packet to the client. This packet includes the lease duration and any other configuration information that the client might have requested. At this point, the TCP/IP configuration process is complete.
Lyn 189:
</tr></table>
=== DHCP selection ===
When the client PC receives an IP lease offer, it must tell all the other DHCP servers that it has accepted an offer. To do this, the client broadcasts a DHCPREQUEST message containing the IP address of the server that made the offer. When the other DHCP servers receive this message, they withdraw any offers that they might have made to the client. They then return the address that they had reserved for the client back to the pool of valid addresses that they can offer to another computer. Any number of DHCP servers can respond to an IP lease request, but the client can only accept one offer per network interface card.
=== DHCP information ===
The client sends a request to the DHCP server: either to request more information than the server sent with the original DHCPACK; or to repeat data for a particular application - for example, browsers use ''DHCP Inform'' to obtain web proxy settings via [[Web Proxy Autodiscovery Protocol|WPAD]]. Such queries do not cause the DHCP server to refresh the IP expiry time in its database.
=== DHCP releasing ===
The client sends a request to the DHCP server to release the DHCP and the client unconfigures its IP address. As clients usually do not know when users may unplug them from the network, the protocol does not define the sending of ''DHCP Release'' as mandatory.
=== Client configuration parameters ===
A DHCP server can provide optional configuration parameters to the client. RFC 2132 defines the available DHCP options, which are summarized here.
Lyn 390:
224-254 Private Use
== See also ==
*[[RARP]]
*[[BOOTP]]
*[[Zeroconf]]
== External links ==
*RFC 2131 - Dynamic Host Configuration Protocol
*RFC 2132 - DHCP Options and BOOTP Vendor Extensions
| |||