Links and LANs 2004-04-06. Link between two computers via cross cable The most simple way to connect...
25
Links and LANs Links and LANs 2004-04-06 2004-04-06
-
Upload
kenneth-martin-grant -
Category
Documents
-
view
214 -
download
0
Transcript of Links and LANs 2004-04-06. Link between two computers via cross cable The most simple way to connect...
Links and LANsLinks and LANs
2004-04-062004-04-06
Link between two Link between two computers via cross cablecomputers via cross cable The most simple way to connect two hosts is The most simple way to connect two hosts is
to link the two hosts with a cross cable.to link the two hosts with a cross cable.
Work in group of 4 people.Work in group of 4 people.
Configure IP adressesConfigure IP adresses
Configure the IP adresses according to values Configure the IP adresses according to values in the picture.in the picture.
-Ifconfig [-Ifconfig [interfaceinterface] [] [IP-adressIP-adress] / [] / [netmasknetmask]]
Use the ping command to verify your set up, Use the ping command to verify your set up, try to ping from one host to another.try to ping from one host to another.
Link between two Link between two computers via a hubcomputers via a hub Another way to connect two computers is to Another way to connect two computers is to
use a hub. use a hub. A hub is a simple network device A hub is a simple network device providing a common point of connection to providing a common point of connection to
all other devices in the networkall other devices in the network Use a straight cable to connect a computer to Use a straight cable to connect a computer to
the hub.the hub.
Configure the IP adresses according to the Configure the IP adresses according to the picturepicture
Ping from one host to another. Does it Ping from one host to another. Does it work?work?
Start ethereal or tcpdump on one of the Start ethereal or tcpdump on one of the hosts and capture traffic on the Ethernet hosts and capture traffic on the Ethernet interface. What do you see from ethereal? interface. What do you see from ethereal?
Connect two hubs togetherConnect two hubs together
Group A and B should work together and Group A and B should work together and connect their hubs together.connect their hubs together.
Try to ping from one host in group A to one Try to ping from one host in group A to one host in group B. Does it work? Explain what host in group B. Does it work? Explain what you see. you see.
Try to configure IP address of H3 and H4 to Try to configure IP address of H3 and H4 to 10.0.0.3/24 and 10.0.0.4/24 respectively. 10.0.0.3/24 and 10.0.0.4/24 respectively.
Try to ping from one host in A to one host Try to ping from one host in A to one host
in B. Does it work? Explain what you see.in B. Does it work? Explain what you see.
DHCPDHCP
(Dynamic Host Configuration (Dynamic Host Configuration Protocol)Protocol)
DHCPDHCP
In stateful address assignment there is a In stateful address assignment there is a server that keeps track of what addresses server that keeps track of what addresses that are currently in use and which addresses that are currently in use and which addresses that could be assigned to new hosts. that could be assigned to new hosts.
DHCP is an example of a stateful address DHCP is an example of a stateful address
assignmentassignment
Getting started – Getting started – server and clientserver and client Work in group of 2, where one is the DHCP Work in group of 2, where one is the DHCP
server and one is the client.server and one is the client.
Start with configuring the server:Start with configuring the server:
-Your DHCP server should hand out -Your DHCP server should hand out addresses in the range 10.0.0.10-10.0.0.20 addresses in the range 10.0.0.10-10.0.0.20 (netmask 255.255.255.0). (netmask 255.255.255.0).
- Although we neither have a router nor any - Although we neither have a router nor any DNS server in this setup, make sure that any DNS server in this setup, make sure that any DHCP client will get default router 10.0.0.1 DHCP client will get default router 10.0.0.1 and name server 10.0.0.5. and name server 10.0.0.5.
-Let th domain name be dhcp.lab. Set the -Let th domain name be dhcp.lab. Set the default lease time to 2 minutes (very short). default lease time to 2 minutes (very short).
Dhcp.conf fileDhcp.conf file
Create the dhcp.conf file Create the dhcp.conf file - vi /etc/dhcpd.confvi /etc/dhcpd.conf
Should look like this:Should look like this:# This is a very basic subnet declaration. # This is a very basic subnet declaration.
subnet 10.0.0.0 netmask 255.255.255.0 { subnet 10.0.0.0 netmask 255.255.255.0 { range 10.0.0.10 10.0.0.20; range 10.0.0.10 10.0.0.20; option routers 10.0.0.1; option routers 10.0.0.1; option domain-name-servers 10.0.0.5; option domain-name-servers 10.0.0.5; option domain-name "dhcp.lab"; option domain-name "dhcp.lab"; default-lease-time 120; default-lease-time 120; max-lease-time 120; max-lease-time 120; } }
Start the DHCP serverStart the DHCP server
/usr/sbin/dhcpd/usr/sbin/dhcpd
You may first have to do:You may first have to do: touch /var/lib/dhcp/dhcpd.leasestouch /var/lib/dhcp/dhcpd.leases
To make sure that the DHCP server started To make sure that the DHCP server started without any errors check the without any errors check the /var/log/messages file with:/var/log/messages file with:
tail /var/log/messagestail /var/log/messages
Start the DHCP clientStart the DHCP client
dhclient [dhclient [interfaceinterface] (the interface that the ] (the interface that the clients use to connect to the LAN)clients use to connect to the LAN)
What IP address were assigned to the What IP address were assigned to the clients?clients?
To verify that default gateway and name-server were To verify that default gateway and name-server were configured correctly inspect the routing table with:configured correctly inspect the routing table with:
route –nroute –n
and view the resolver file:and view the resolver file:
cat /etc/resolv.confcat /etc/resolv.conf If you are not getting an IP address via dhclient even If you are not getting an IP address via dhclient even
you have configured everything correctly, run: you have configured everything correctly, run:
iptables –Fiptables –F
killall dhclientkillall dhclient
This command flushes the firewall rules.This command flushes the firewall rules. Use ethereal or tcpdump to check the trafficUse ethereal or tcpdump to check the traffic
Duplicate address Duplicate address detection in DHCPdetection in DHCP Duplicate Address Detection (DAD) is useful in stateful Duplicate Address Detection (DAD) is useful in stateful
address assignment schemes such as DHCP, even address assignment schemes such as DHCP, even though the DHCP server keeps track of the addresses though the DHCP server keeps track of the addresses that are supposed to be free. The reason is that some that are supposed to be free. The reason is that some other machine could have been configured with one of other machine could have been configured with one of these addresses (perhaps manually) without asking the these addresses (perhaps manually) without asking the DHCP server for permission! DHCP server for permission!
Two groups should now work together to establish the Two groups should now work together to establish the setup. One machine can monitor the network traffic with setup. One machine can monitor the network traffic with Ethereal, and one machine will be the bad guy (B). You Ethereal, and one machine will be the bad guy (B). You will need a hub to connect all machines on the same will need a hub to connect all machines on the same
LAN.LAN.
Before you attach the bad guy machine (B) to the network, stop dhclient Before you attach the bad guy machine (B) to the network, stop dhclient on the client (C) as usual with on the client (C) as usual with
For client For client #killall dhclient#killall dhclient Configure (manually) the IP address of machine (B) to be the address that Configure (manually) the IP address of machine (B) to be the address that
the client (C) earlier leased the client (C) earlier leased ifconfig eth0 <ipAddressOfC>ifconfig eth0 <ipAddressOfC> route –nroute –nIn the DHCP server (S), delete any remaining entry of ipAddressOfC in the In the DHCP server (S), delete any remaining entry of ipAddressOfC in the
ARP cache with ARP cache with arp -d <ipAddressOfC> arp -d <ipAddressOfC> Then run Then run dhcpcd eth0 dhcpcd eth0 on the client (C) again, and observe the messages exchanged on the LAN. on the client (C) again, and observe the messages exchanged on the LAN.
Also observe the /var/log/messages file on the DHCP server with Also observe the /var/log/messages file on the DHCP server with tail /var/log/messages tail /var/log/messages
Will (C) get the same address again, or will it be assigned Will (C) get the same address again, or will it be assigned some other address? some other address?
Using DHCP relay agentsUsing DHCP relay agents
Having a DHCP server present on every sub network Having a DHCP server present on every sub network may be result in lots of machines and servers for the may be result in lots of machines and servers for the system administrators to maintain. system administrators to maintain.
In order to serve DHCP clients although no DHCP In order to serve DHCP clients although no DHCP server is present, one could make the routers (or even server is present, one could make the routers (or even some other machine on the link) act as DHCP relay. some other machine on the link) act as DHCP relay. Then you can centralize the DHCP server and simplify Then you can centralize the DHCP server and simplify management. management.
1. Configure the two routers (R1 and R2) with appropriate IP 1. Configure the two routers (R1 and R2) with appropriate IP addresses for both of their addresses for both of their
Ethernet interfaces (use ifconfig as usual). Ethernet interfaces (use ifconfig as usual).
2. Enable routing on both R1 an R2 by writing the following 2. Enable routing on both R1 an R2 by writing the following command in a shell. command in a shell.
sysctl -w net.ipv4.ip forward=1sysctl -w net.ipv4.ip forward=1 # vi /etc/sysctl.conf# vi /etc/sysctl.conf(If you want routing to be enabled at startup you could edit the (If you want routing to be enabled at startup you could edit the
file /etc/sysctl.conf .) file /etc/sysctl.conf .)
3. Add routes to the networks behind the other router, i.e., on R1 do 3. Add routes to the networks behind the other router, i.e., on R1 do route add -net 10.0.2.0 netmask 255.255.255.0 gw 10.0.0.4 route add -net 10.0.2.0 netmask 255.255.255.0 gw 10.0.0.4 and on R2 do and on R2 do route add -net 10.0.1.0 netmask 255.255.255.0 gw 10.0.0.3route add -net 10.0.1.0 netmask 255.255.255.0 gw 10.0.0.3
4. On the DHCP server, add routes to both networks in the 4. On the DHCP server, add routes to both networks in the same way earlier.same way earlier.
5. Verify your setup by letting the DHCP server ping both 5. Verify your setup by letting the DHCP server ping both
10.0.1.1 and 10.0.2.1, let R1ping 10.0.2.1 and let R2 ping 10.0.1.1 and 10.0.2.1, let R1ping 10.0.2.1 and let R2 ping 10.0.1.1 . 10.0.1.1 .
6. Now, if routing seems to work alright, it is time to configure 6. Now, if routing seems to work alright, it is time to configure the DHCP server and DHCP relay agents. the DHCP server and DHCP relay agents. - Update the dhcpd.conf file to assign address on the - Update the dhcpd.conf file to assign address on the 10.0.1.0/24 and 10.0.2.0/24 networks as well.10.0.1.0/24 and 10.0.2.0/24 networks as well.
Example of addition to /etc/dhcpd.conf fileExample of addition to /etc/dhcpd.conf file
subnet 10.0.1.0 netmask 255.255.255.0 { subnet 10.0.1.0 netmask 255.255.255.0 { range 10.0.1.30 10.0.2.40; range 10.0.1.30 10.0.2.40; option routers 10.0.1.1; option routers 10.0.1.1; option domain-name-servers 10.0.1.5; option domain-name-servers 10.0.1.5; option domain-name "dhcp.1.lab"; option domain-name "dhcp.1.lab"; default-lease-time 180; default-lease-time 180; max-lease-time 180; max-lease-time 180; } } subnet 10.0.2.0 netmask 255.255.255.0 { subnet 10.0.2.0 netmask 255.255.255.0 { range 10.0.2.50 10.0.2.60; range 10.0.2.50 10.0.2.60; option routers 10.0.2.1; option routers 10.0.2.1; option domain-name-servers 10.0.2.5; option domain-name-servers 10.0.2.5; option domain-name "dhcp.2.lab"; option domain-name "dhcp.2.lab"; default-lease-time 240; default-lease-time 240; max-lease-time 240; max-lease-time 240; }}
Make sure that the host on each of the subnet are assigned a Make sure that the host on each of the subnet are assigned a default router appropriate for that network, with default router appropriate for that network, with
route add default gw [route add default gw [ip address of default routerip address of default router] ] Start the DHCP relay agent on both R1 and R2 Start the DHCP relay agent on both R1 and R2 dhcrelay [dhcrelay [ip address of DHCP serverip address of DHCP server]] 7. Hopefully everything should work now. Please attach a host to 7. Hopefully everything should work now. Please attach a host to
each of the two network with DHCP relay support. Did they get each of the two network with DHCP relay support. Did they get appropriate addresses? Are they able to ping each other? appropriate addresses? Are they able to ping each other?
Inspect the routing table again with Inspect the routing table again with route –n route –n and then view the resolver file and then view the resolver file cat /etc/resolv.conf cat /etc/resolv.conf to verify that default gateway and name-server were configured to verify that default gateway and name-server were configured
correctly for the hosts. correctly for the hosts.
