Loading... # 1 背景 办公内部开始采用的是 H3C 的出口路由器,内部地址网段为 192.168.124.0/24。 随着业务的开展,内部服务器接近 100 个云主机,办公 PC 以及手机终端等也有 100 个左右。因此,原有的 IP 地址段不能够满足需求。 # 2 分析 为了进行地址扩容,大体有如下几种方案。 - 增加掩码。比如将192.168.124.0/24扩展为192.168.124.0/23,或者 192.168.124.0/16。这样的好处是简单,粗暴,但是造成的困难是,需要将固定了 IP 地址的设备也进行掩码的更改。服务器众多,容易出错。 - 增加地址段。将网关从出口路由器下降到核心交换机,并在增加子地址 192.168.125.0/24。如此一来,原有地址可以继续使用,涉及服务器、打印机等,其他设备走新的网段。但是,这种方案,需要注意,dhcp 需要进行分开部署。 # 3 部署 ## 3.1 192.168.124.0/24 dnsmasq dhcp 配置 ``` resolv-file=/etc/dnsmasq/resolv-file addn-hosts=/etc/dnsmasq/addn-hosts cache-size=100000 log-queries log-facility=/var/log/dnsmasq.log conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig,.sh dns-forward-max=5096 rebind-domain-ok= filter-AAAA address=/jnybggfw.cn/192.168.124.198 address=/shandong.chinatax.gov.cn/192.168.124.198 address=/rencheng.gov.cn/192.168.124.198 address=/shuiyou.com.cn/192.168.124.198 #address=/zhipin.com/192.168.124.198 #address=/bosszhipin.com/192.168.124.198 # 新增 DHCP 配置 dhcp-range=192.168.125.50,192.168.125.200,255.255.255.0,12h dhcp-option=option:router,192.168.125.1 dhcp-option=option:dns-server,192.168.125.198 # To deny DHCP for a specific MAC address, use: dhcp-host=XX:XX:XX:XX:XX:XX,ignore dhcp-host=30:66:d0:dc:ff:b8,ignore # dhcp-host=00:80:91:B5:AC:CD,ignore # dhcp-host=00:80:91:f2:6d:a3,ignore # dhcp-host=54:ef:33:77:80:77,ignore # dhcp-host=9c:d3:6d:a1:45:c0,ignore # dhcp-host=2C:D2:6B:D9:DA:10,ignore # dhcp-host=4c:10:d5:8f:04:f3,ignore # dhcp-host=B0:44:14:EE:C8:80,ignore # dhcp-host=EC:3A:52:30:D8:74,ignore # dhcp-host=04:F9:F8:5D:9E:7A,ignore # dhcp-host=D4:DA:21:1C:14:C2,ignore # dhcp-host=04:95:E6:7F:3E:F1,ignore # dhcp-host=00:F7:6F:D5:7C:4F,ignore # dhcp-host=B0:7B:25:25:F5:5B,ignore # dhcp-host=1C:B7:2C:37:35:B8,ignore # dhcp-host=94:65:9C:5B:B2:65,ignore # dhcp-host=74:86:e2:22:35:6f,ignore # dhcp-host=d4:da:21:34:f4:15,ignore # dhcp-host=4c:10:d5:8f:04:f3,ignore # dhcp-host=B0:44:14:EE:C8:80,ignore # dhcp-host=B0:44:14:EE:C6:50,ignore # dhcp-host=90:E7:10:DE:F6:80,ignore # ``` ## 3.2 192.168.125.0/24 dnsmasq dhcp 配置 ``` port=53 listen-address=0.0.0.0 interface=ens18 resolv-file=/etc/dnsmasq/resolv-file addn-hosts=/etc/dnsmasq/addn-hosts cache-size=100000 log-queries log-facility=/var/log/dnsmasq.log conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig,.sh dns-forward-max=5096 rebind-domain-ok= #filter-AAAA address=/jnybggfw.cn/192.168.124.198 address=/shandong.chinatax.gov.cn/192.168.124.198 # 新增 DHCP 配置 dhcp-range=192.168.124.10,192.168.124.200,255.255.255.0,24h dhcp-option=option:router,192.168.124.1 dhcp-option=option:dns-server,192.168.124.198 # Ignore all hosts except those tagged as 'known' dhcp-ignore=tag:!known dhcp-host=30:66:d0:dc:ff:b8,192.168.124.34,set:known # dhcp-host=00:80:91:f2:6d:a3,192.168.124.36,set:known # dhcp-host=54:ef:33:77:80:77,192.168.124.27,set:known # dhcp-host=00:80:91:b5:ac:cd,192.168.124.38,set:known # dhcp-host=2C:D2:6B:D9:DA:10,192.168.124.30,set:known # dhcp-host=9c:d3:6d:a1:45:c0,192.168.124.41,set:known # dhcp-host=EC:3A:52:30:D8:74,192.168.124.252,set:known # dhcp-host=04:F9:F8:5D:9E:7A,192.168.124.130,set:known # dhcp-host=D4:DA:21:1C:14:C2,192.168.124.234,set:known # dhcp-host=04:95:E6:7F:3E:F1,192.168.124.251,set:known # dhcp-host=00:F7:6F:D5:7C:4F,192.168.124.141,set:known # dhcp-host=B0:7B:25:25:F5:5B,192.168.124.129,set:known # dhcp-host=1C:B7:2C:37:35:B8,192.168.124.102,set:known # dhcp-host=94:65:9C:5B:B2:65,192.168.124.93,set:known # dhcp-host=74:86:e2:22:35:6f,192.168.124.114,set:known # dhcp-host=d4:da:21:34:f4:15,192.168.124.7,set:known # dhcp-host=4c:10:d5:8f:04:f3,192.168.124.110,set:known # dhcp-host=B0:44:14:EE:C8:80,192.168.124.37,set:known # dhcp-host=B0:44:14:EE:C6:50,192.168.124.50,set:known # dhcp-host=90:E7:10:DE:F6:80,192.168.124.209,set:known # ``` # 4 总结 从网络结构看,地址不够直接扩容是,对于已经在运行的网络,实施网络割接则面临着向后兼容的困难。需要灵活运行网络技术。 最后修改:2025 年 05 月 06 日 © 允许规范转载 赞 如果觉得我的文章对你有用,请随意赞赏