Managing DHCP

1
Managing DHCP
2
DHCP Overview

• Is a protocol that allows client computers to
  automatically receive an IP address and TCP/IP
  settings from a Server
• Reduces the amount of time you spend configuring
  computers on your network
• Is the default configuration for clients.
• The ipconfig /all command will indicate whether
  the configuration came from a DHCP server computer

3
DHCP Overview (continued)
4
DHCP Overview (continued)
5
Leasing an IP Address

• An IP address is leased during the boot process
• The overall process is composed of four broadcast
  packets
• DHCPDISCOVER
• DHCPOFFER
• DHCPREQUEST
• DHCPACK

6
Leasing an IP Address (continued)

• Any DHCP server that receives the DHCPDISCOVER
  packet responds with a DHCPOFFER packet
• The DHCP client responds to the DHCPOFFER packet
  it receives with a DHCPREQUEST packet
• A DHCPACK packet indicates confirmation that the
  client can use the lease
• Once DHCPACK is received, the client can start
  using the IP address and options in the lease

7
Leasing an IP Address (continued)
8
Renewing an IP Address

• The IP address can either be permanent or timed
• A permanent address is never reused for another
  client
• Timed leases expire after a certain amount of
  time
• Windows clients attempt to renew their lease
  after 50 of the lease time has expired. If
  the renewal process fails, it attempts again
  after 87.5 of the lease time has expired.
• Renewing the lease involves the client sending a
  DHCP Request packet to DHCP Server

9
Renewing an IP Address (continued)
10
More on the Renewal Process

• DHCP Client, at startup, attempts to reach the
  DHCP Server Server Available.
• If the server is available and the lease has not
  yet expired, the client retains the IP address
• If the server is available and the lease has
  expired, the client attempts to renew the lease.

11
More on the Renewal Process

• DHCP Client, at startup, attempts to reach the
  DHCP Server Server Unavailable
• If the server is unavailable, the client will
  ping the previously assigned default gateway to
  determine if its on the same network.
• If the gateway responds and the lease hasnt
  expired, the client retains the IP address
• If the gateway doesnt respond the client will
  send a DISCOVER packet to begin the lease process
  over

12
Autoconfiguration

• When a DHCP Server does not respond to a Clients
  call for an IP Address, the client will
  autoconfigure itself
• The client selects an IP address from the
  169.254.0.0 subnet
• The client will attempt to contact a DHCP server
  using DISCOVER packets every 5 minutes

13
Installing the DHCP Service

• When placing a DHCP Service on a Server in a
  Domain
• Install the DHCP Server Service
• Authorize DHCP Server in Active Directory
• Configure DHCP Server with appropriate scopes,
  exclusions, reservations and options
• Activate the DHCP Servers Scopes
• When placing a DHCP Service on a Server in a
  Workgroup
• Install the DHCP Server Service
• Configure DHCP Server with appropriate scopes,
  exclusions, reservations and options
• Activate the DHCP Servers Scopes

14
Authorizing the DHCP Service

• A server that is a member of a domain can be
  authorized
• During the installation of the service the
  Install Wizard provides an option to authorize
  the server
• Using the DHCP management snap-in
• Only members of the Enterprise Admins group can
  authorize a server
• A server that is a member of a workgroup does not
  need to be authorized.

15
Configuring DHCP Scopes

• Scope defines a range of IP addresses
• Each scope is configured with
• Description
• Starting IP address
• Ending IP address
• Subnet mask
• Exclusions
• Lease duration
• Two strategies exist for defining the starting
  and ending IP addresses
• Allow all and exclude the few static addresses
• Reserve a range of addresses at beginning or end
  of range that can be used for static addresses

16
Configuring DHCP Scopes (continued)

• Lease duration defines how long client computers
  are allowed to use an IP address
• Default lease duration varies based on the
  network type and the DHCP Server version
• A scope must be activated before the DHCP service
  can begin using it

17
Creating DHCP Reservations

• Reservations are used to hand out a specific IP
  address to a particular client
• Useful when delivering IP addresses to devices
  that would normally use static addresses
• Reservations are created based on MAC addresses

18
Creating DHCP Exclusions

• Exclusions are IP Addresses that are within the
  subnet defined within the scope but that should
  not be assigned to a dhcp client

19
Configuring DHCP Options

• DHCP can hand out a variety of other IP
  configuration options
• It is common that all workstations within an
  entire organization use the same DNS servers
• DNS is often configured at the server level

20
DHCP Relay Agent

• DHCP packets cannot travel across a router
• A relay agent is necessary in order to have a
  single DHCP server handle all leases on both
  network segments
• This can be a Windows 2003/2008 server with DHCP
  Relay Agent protocol installed or a router that
  is configured as a relay
• Relay agents receive broadcast DHCP packets and
  forward them as unicast packets to a DHCP server
• The relay agent must be configured with the IP
  address of the DHCP server
• The DHCP relay cannot be installed on the same
  server as the DHCP service

21
Configuring a DHCP Relay (continued)
22
Superscopes

• Used to combine multiple scopes into a single
  logical scope
• Allows multiple scopes to be treated as a single
  scope
• Useful when a single physical network segment
  contains more than one logical subnet
• If a superscope is used, then the DHCP server
  offers only one lease as opposed to multiple
  leases

23
Example 1 No Superscope

• One physical network segment
• One logical subnet (192.168.1)
• One DHCP Server
• Single scope is used to service all DHCP clients
  on Subnet A

24
Example 2 Superscope

• One physical network segment
• Multiple logical subnets
• 192.168.1
• 192.168.2
• 192.168.3
• Three single scopes created and joined into one
  superscope
• One DHCP Server services all clients on Subnet A
  with an IP address from the superscope
• Router configured with multiple addresses to
  allow packets to move from one logical network to
  another

25
Example 3 Superscope Implemented across a Router

• Two physical network segments Subnet A and
  Subnet B
• One DHCP Server
• Router configured with Relay Agent
• Something that will pass Discover Packets back
  and forth from DHCP Clients and DHCP Server

26
Example 3 Superscope Implemented across a Router

• Subnet A
• One physical segment
• One logical subnet (192.168.1)
• One single scope defined
• DHCP server distributes addresses to clients on
  Subnet A using addresses in single scope
• Subnet B
• One physical segment
• Two logical subnets (192.168.2 192.168.3)
• Two single scopes defined and joined into one
  Superscope
• DHCP server distributes address to clients on
  Subnet B using addresses in superscope

27
Vendor and User Classes

• Used to differentiate between clients within a
  scope
• Vendor classes are based on the operating system
• User classes are defined based on network
  connectivity or the administrator
• You can use the ipconfig /setclassid command to
  set the DHCP user class ID

28
DHCP Audit Logging

• DHCP audit logs keep detailed information about
  DHCP server activity
• The logs are used to troubleshoot a DHCP server
• They are stored in the C\WINDOWS\system32\dhcp
  directory. Theres a file for each day of the
  week.
• Each line contains an event ID that states the
  nature of the event
• The Header of the log file provides a summary of
  events and their meanings
• Auditing can be disabled

29
Configuring DHCP Bindings

• The DHCP service will bind automatically to the
  first network card on the server
• You can choose which network card the DHCP
  Service is bound to
• The server only hands out IP addresses through a
  network card that has the DHCP Service bound

30
Integrating DHCP and DNS

• DNS Dynamic Update protocol allows clients
  running Windows 2000 or later to automatically
  update records in the DNS database
• The default DHCP configuration has this protocol
  enabled and will update clients only if requested
• DHCP server can be configured to dynamically
  update older clients

31
Conflict Detection

• Using DHCP does not prevent static IP
  configuration
• A DHCP server may hand out an IP address that was
  already statically assigned
• Conflict detection prevents a DHCP server from
  creating IP address conflicts
• A DHCP server pings an IP address before it is
  leased to a client computer
• This can be configured from the GUI as well as
  well as with the netsh command

32
Saving and Restoring DHCP Configuration

• DHCP Server configurations can be saved to a file
• These saved settings can then be used to restore
  the server to a known state OR to use the same
  settings on another server
• To store the configuration while logged on
  locally
• netsh dhcp server dump gt filename
• To restore the configuration
• Netsh exec filename

33
Managing and Maintaining the DHCP Database

• The default location of the DHCP database is
  systemroot\system32\dhcp
• The DHCP server service performs 2 routine
  actions to maintain the database. The actions
  are performed every 60 minutes
• Checks and cleans up expired leases and leases
  that no longer apply
• Database backup the backup files are
  automatically stored in the systemroot\system32\
  dhcp\backup directory
• To view the current configuration
• netsh dhcp server show dbproperties

34
Managing and Maintaining the DHCP Database

• The netsh command can be used to change the
  values of the database properties
• Netsh dhcp server set PropertyName
  NewPropertyValue
• When changing the database name or folder
  locations you must stop and start the dhcp server
  service
• Net stop dhcp server
• Net start dhcp server
• The database can be manually backed up and/or
  restored
• The database files can be moved to another server

35
Viewing DHCP Statistics

• Windows Server 2008 DHCP Service automatically
  tracks statistics
• Statistics are viewable as a whole or by scope

36
DHCP Availability and Fault Tolerance

• Multiple DHCP servers on the network increases
  reliability and allows fault tolerance
• In a server cluster DHCP server service can be
  failed over to another server this is costly
• Simpler and less expensive approaches
• 50/50 failover approach
• 80/20 failover approach
• 100/100 failover approach