Dynamic Host Configuration Protocol

1
Chapter 5

• Dynamic Host Configuration Protocol

2
Objectives

• Describe the DHCP lease and renewal process
• Understand and describe the purpose of a DHCP
  relay
• Install DHCP
• Configure DHCP scopes, superscopes, reservations,
  vendor classes, and user classes
• Manage and monitor DHCP
• Troubleshoot DHCP
• Install and configure a DHCP relay

3
The DHCP Process

• Used to automatically deliver IP addressing
  information to client computers on a network
• Can also deliver IP address information to
  servers and other devices such as printers
• Use of DHCP reduces time spent configuring
  computers on network
• Client computers use DHCP by default unless
  static IP address is specified during
  installation

4
Windows XP TCP/IP Properties
5
Leasing an IP Address

• Process to lease an address is composed of four
  packets
• DHCPDISCOVER sent from the client computer to
  the broadcast IP address 255.255.255.255
• DHCPOFFER response sent after receiving
  DHCPDISCOVER packet
• DHCPREQUEST response of DHCP client after
  receiving DHCPOFFER packet
• DHCPACK response sent by chosen DHCP server
  indicating confirmation that lease has been
  chosen and client can now use the lease

6
The Four Packets in the DHCP Lease Process
7
Renewing an IP Address

• An IP address leased using DHCP can be either
  permanent or timed
• Permanent address
• DHCP server never reuses the address for another
  client
• Timed lease
• Allows clients to use an IP address for a
  specified period of time
• Windows clients attempt to renew their lease
  after 50 of lease time has expired
• ipconfig /release command is used to force the
  release of a DHCP address

8
The DHCP Lease Renewal Process
9
DHCP Relay

• DHCP packets
• Are broadcast packets during the leasing process
• Cannot travel across a router
• DHCP relay
• Receives broadcast DHCP packets from clients and
  forwards them as unicast packets to a DHCP server
• Must be configured with IP address of the DHCP
  server to deliver unicast packets
• DHCP Relay Service cannot be installed on the
  same server as the DHCP Service

10
Installing DHCP
11
Authorization

• Control over DHCP is very important
• An unauthorized DHCP server can quickly hand out
  incorrect IP addressing information to hundreds
  of client computers
• To exercise control over DHCP
• Windows Server 2003 must be authorized to start
  DHCP Service
• Authorization of a DHCP server takes place in
  Active Directory

12
Authorization (Continued)

• To authorize DHCP server
• Must be a member of Enterprise Admins group or
• Member of Enterprise Admins group must delegate
  permissions to you

13
Unauthorized DHCP server error in Event Viewer
14
The DHCP Management Snap-In
15
Authorized DHCP server information in Event Viewer
16
Configuring DHCP

• Normally accomplished with the DHCP management
  snap-in
• NETSH
• Command used to configure DHCP
• Used in larger organizations where there is a
  need to make changes programmatically using batch
  files

17
Configuring DHCP (Continued)

• DHCP elements that can be configured include
• Scopes
• Superscopes
• Multicast scopes
• Reservations
• Vendor and user classes
• Scope, server, and reservation options

18
Scopes

• Used to define a range of IP addresses for the
  DHCP server to hand out to client computers
• Each scope is configured with
• Name
• Description
• Starting IP address
• Ending IP address
• Subnet mask
• Exclusions
• Lease duration

19
Scopes (Continued)

• Name and description
• Appears in the DHCP management snap-in
• Starting and ending IP addresses
• Define range of IP addresses that can be handed
  out by the DHCP server
• Strategies when defining starting and ending IP
  addresses
• Configure scope to use all available addresses on
  a subnet, then exclude the static IP addresses
  being used by hosts
• Configure scope to use addresses that are not
  already in use

20
Scopes (Continued)

• Exclusions
• Used to prevent some IP addresses in a scope from
  being handed out dynamically
• Lease duration
• Defines how long client computers are allowed to
  use an IP address
• Default lease duration used by Windows Server
  2003 is eight days
• DHCP server
• Does not begin using a scope immediately after
  creation
• Scope must be activated before DHCP Service can
  begin using the scope

21
Scope Settings
22
Superscopes

• Used to combine multiple scopes into a single
  logical scope
• Used when a single physical part of the network
  has two subnets

23
A Superscope Containing Two Scopes
24
Multicast Scopes

• Used to deliver multicast addresses to
  applications that require it
• Time To Live (TTL)
• Defines the number of routers through which a
  multicast packet can move
• Exclusions
• Define addresses between the start and end IP
  addresses that are not handed out
• Lease duration
• The length of time that an application can use a
  multicast address
• Default lease length is 30 days

25
Reservations

• Used to hand out a specific IP address to a
  particular client computer or device on the
  network
• Can also be beneficial when firewalls are in
  place
• Created based on the MAC address of the network
  card

26
Creating a Reservation
27
Configuring Options

• DHCP can hand out the following IP configuration
  options
• Default gateway
• DNS server
• WINS server
• DNS is often configured at the server level

28
Setting Server Options
29
Setting Scope Options
30
Vendor and User Classes

• Vendor classes predefined within the DHCP server
  of Windows Server 2003
• DHCP Standard Options used by all clients
  regardless of operating system
• Microsoft Options used by Windows 2000/XP/2003
  and Windows 98 clients
• Microsoft Windows 2000 Options used only by
  Windows 2000/XP/2003 clients
• Microsoft Windows 98 Options used only by
  Windows 98 clients

31
Vendor and User Classes (Continued)

• Predefined user classes
• Default User Class used for all clients
• Default Routing and Remote Access used by
  clients that are assigned an IP address through
  DHCP when remotely accessing the network through
  a dial-up or VPN connection
• Default BOOTP Class used by clients using older
  BOOTP protocol rather than DHCP

32
Vendor Classes
33
Setting a Class ID
34
User Classes
35
Managing and Monitoring DHCP

• Backing up and restoring DHCP databases
• Reconciling scopes
• Viewing statistics
• Enabling DHCP Audit logging
• Enabling Conflict Detection
• Modifying file paths
• Changing bindings
• Viewing DHCP events in Event Viewer
• Viewing DHCP statistics in the Performance
  snap-in

36
Back up and Restore DHCP Databases

• Dhcp.mdb
• The database holding the addressing information
  that has been assigned to client computers
• Dhcp.tmp
• Temporary database file only present during
  maintenance operations
• J50.log and J50.log
• Transaction logs of changes to the DHCP database
• J50.chk
• A checkpoint file that keeps track of which
  entries in the log files have been applied to the
  database
• By default, DHCP database is backed up every 60
  minutes

37
DHCP Backup Option
38
Managing and Monitoring DHCP (Continued)

• Reconcile Scopes
• DHCP database holds a summary version and a
  detailed version of server IP address lease
  information
• If there is discrepancy between the two versions
  of information, then you must reconcile the scope
  to synchronize the information
• View Statistics
• Windows Server 2003 DHCP Service automatically
  tracks statistics that you can view

39
Managing and Monitoring DHCP (Continued)

• Enable DHCP Logging
• Audit logs keep detailed information about DHCP
  server activity
• Audit logs are named DhcpSrvLog-XXX.log, where
  XXX is the day of the week
• Logs can be used to troubleshoot why a DHCP
  server is not functioning as you would expect

40
Enable Audit Logs
41
Conflict Detection

• Prevents a DHCP server from creating IP address
  conflicts
• Possible to configure how many ping attempts are
  made before an IP address is leased

42
File Paths

• Possible to control the location of
• The audit log file
• The DHCP database
• The automatic backup directory
• By default
• Audit log file and DHCP database are located in
  C\WINDOWS\system32\dhcp
• Path used for automatic backups of DHCP database
  is C\WINDOWS\system32\dhcp\backup

43
File Paths
44
Bindings

• Controlled in the Advanced tab of the server
  Properties in the DHCP management snap-in
• DHCP server only hands out IP addresses through a
  network card that has the DHCP Service bound

45
DHCP Bindings
46
View DHCP Statistics in the Performance Snap-in

• DHCP performance counters that can be monitored
• Discovers/sec indicates how many new clients are
  being added to the network
• Declines/sec indicates that some computers are
  using dynamic IP addresses not assigned by the
  DHCP server

47
DHCP Performance Counters
48
TCP Troubleshooting

• All computers are unable to lease addresses
• Confirm that DHCP Service is running and
  authorized
• A single computer is unable to lease an address
• Confirm that cabling is correct and proper
  network driver is loaded
• Some computers have incorrect address information
• Confirm that the DHCP server is functional

49
TCP Troubleshooting (Continued)

• A single computer has incorrect address
  information
• If computer has a reservation, check
  configuration of the reservation
• A rogue DHCP server is leasing addresses
• Windows 2000 and Windows Server 2003 must be
  authorized to function as DHCP servers
• Two DHCP servers configured to be redundant on a
  network segment are leasing the same range of IP
  addresses and causing conflicts
• Cluster your DHCP Service

50
TCP Troubleshooting (Continued)

• IP address conflicts are created when the DHCP
  server hands out addresses already used by hosts
  with static IP addresses
• Create exclusions in the scope for the IP
  addresses used by hosts that are statically
  configured
• A client is using an APIPA address
• Command ipconfig /renew allows clients to
  reattempt leasing an address

51
Summary

• DHCP
• Dynamically assigns IP addresses
• Can assign multicast IP addresses
• DHCP lease process
• Composed of DHCPDISCOVER, DHCPOFFER, DHCPREQUEST,
  and DHCPACK
• DHCPNAK used by DHCP servers to decline renewal
  of lease
• DHCPRELEASE used by clients to inform DHCP
  server that lease is no longer required

52
Summary (Continued)

• Renewing lease
• Clients attempt to renew at 50, 87.5, and 100
  of lease time
• Commands ipconfig /release and ipconfig /renew
• Can release and renew DHCP leases
• DHCP server
• Must be authorized in Active Directory to lease
  addresses
• Must be member of Enterprise Admins to authorize
  DHCP

53
Summary (Continued)

• Scope
• Defines range of IP addresses that are leased to
  clients
• Must be activated before DHCP server leases
  addresses in the scope
• Superscope
• Combines two scopes into single scope
• Exclusion in scope
• Used to stop a DHCP server from handing out
  specific addresses or range of addresses within a
  scope

54
Summary (Continued)

• Reservation
• Can give a specific workstation a defined IP
  address
• Vendor and user classes
• Used to configure some client computers with
  different options
• Audit logging
• Enables you to view DHCP Service operation
  information
• Conflict detection
• Sends ping packet before leasing an IP address
• DHCP relay
• Required to communicate with a DHCP server across
  a router