Managing DHCP

2

DHCP Overview

• Is a protocol that allows client computers to automatically receive an IP address and TCP/IP settings from a Server

• Reduces the amount of time you spend configuring computers on your network

• Is the default configuration for clients.• The ipconfig /all command will indicate whether the

configuration came from a DHCP server computer

3

DHCP Overview (continued)

4

DHCP Overview (continued)

5

Leasing an IP Address

• An IP address is leased during the boot process• The overall process is composed of four broadcast

packets:• DHCPDISCOVER

• DHCPOFFER

• DHCPREQUEST

• DHCPACK

6

Leasing an IP Address (continued)

• Any DHCP server that receives the DHCPDISCOVER packet responds with a DHCPOFFER packet

• The DHCP client responds to the DHCPOFFER packet it receives with a DHCPREQUEST packet

• A DHCPACK packet indicates confirmation that the client can use the lease

• Once DHCPACK is received, the client can start using the IP address and options in the lease

7

Leasing an IP Address (continued)

8

Renewing an IP Address• The IP address can either be permanent or timed• A permanent address is never reused for another

client• Timed leases expire after a certain amount of time• Windows clients attempt to renew their lease after

50% of the lease time has expired. If the renewal process fails, it attempts again after 87.5% of the lease time has expired.

• Renewing the lease involves the client sending a DHCP Request packet to DHCP Server

9

Renewing an IP Address (continued)

10

More on the Renewal Process…

• DHCP Client, at startup, attempts to reach the DHCP Server Server Available:. • If the server is available and the lease has not yet

expired, the client retains the IP address• If the server is available and the lease has expired,

the client attempts to renew the lease.

11

More on the Renewal Process…

• DHCP Client, at startup, attempts to reach the DHCP Server Server Unavailable:• If the server is unavailable, the client will ping the

previously assigned default gateway to determine if it’s on the same network.

• If the gateway responds and the lease hasn’t expired, the client retains the IP address

• If the gateway doesn’t respond the client will send a DISCOVER packet to begin the lease process over

12

Autoconfiguration• When a DHCP Server does not respond to a Client’s

call for an IP Address, the client will autoconfigure itself• The client selects an IP address from the

169.254.0.0 subnet • The client will attempt to contact a DHCP server

using DISCOVER packets every 5 minutes

13

Installing the DHCP Service

• When placing a DHCP Service on a Server in a Domain:• Install the DHCP Server Service• Authorize DHCP Server in Active Directory• Configure DHCP Server with appropriate scopes, exclusions,

reservations and options• Activate the DHCP Server’s Scopes

• When placing a DHCP Service on a Server in a Workgroup:• Install the DHCP Server Service• Configure DHCP Server with appropriate scopes, exclusions,

reservations and options• Activate the DHCP Server’s Scopes

14

Authorizing the DHCP Service

• A server that is a member of a domain can be authorized • During the installation of the service: the Install Wizard

provides an option to authorize the server • Using the DHCP management snap-in• Only members of the Enterprise Admins group can

authorize a server

• A server that is a member of a workgroup does not need to be authorized.

15

Configuring DHCP Scopes• Scope defines a range of IP addresses • Each scope is configured with:

• Description• Starting IP address• Ending IP address• Subnet mask• Exclusions• Lease duration

• Two strategies exist for defining the starting and ending IP addresses• Allow all and exclude the few static addresses• Reserve a range of addresses at beginning or end of range

that can be used for static addresses

16

Configuring DHCP Scopes (continued)

• Lease duration defines how long client computers are allowed to use an IP address

• Default lease duration varies based on the network type and the DHCP Server version

• A scope must be activated before the DHCP service can begin using it

17

Creating DHCP Reservations

• Reservations are used to hand out a specific IP address to a particular client

• Useful when delivering IP addresses to devices that would normally use static addresses

• Reservations are created based on MAC addresses

18

Creating DHCP Exclusions

• Exclusions are IP Addresses that are within the subnet defined within the scope but that should not be assigned to a dhcp client

19

Configuring DHCP Options

• DHCP can hand out a variety of other IP configuration options

• It is common that all workstations within an entire organization use the same DNS servers

• DNS is often configured at the server level

20

DHCP Relay Agent

• DHCP packets cannot travel across a router• A relay agent is necessary in order to have a single DHCP

server handle all leases on both network segments• This can be a Windows 2003/2008 server with DHCP

Relay Agent protocol installed or a router that is configured as a relay

• Relay agents receive broadcast DHCP packets and forward them as unicast packets to a DHCP server

• The relay agent must be configured with the IP address of the DHCP server

• The DHCP relay cannot be installed on the same server as the DHCP service

21

Configuring a DHCP Relay (continued)

22

Superscopes

• Used to combine multiple scopes into a single logical scope

• Allows multiple scopes to be treated as a single scope• Useful when a single physical network segment

contains more than one logical subnet• If a superscope is used, then the DHCP server offers

only one lease as opposed to multiple leases

23

Example 1: No Superscope

• One physical network segment

• One logical subnet (192.168.1)

• One DHCP Server

• Single scope is used to service all DHCP clients on Subnet A

24

Example 2: Superscope• One physical network segment

• Multiple logical subnets • 192.168.1• 192.168.2• 192.168.3

• Three single scopes created and joined into one superscope

• One DHCP Server services all clients on Subnet A with an IP address from the superscope

• Router configured with multiple addresses to allow packets to move from one logical network to another

25

Example 3: Superscope Implemented across a Router

• Two physical network segments: Subnet A and Subnet B

• One DHCP Server• Router configured with

Relay Agent• Something that will pass

Discover Packets back and forth from DHCP Clients and DHCP Server

26

Example 3: Superscope Implemented across a Router

• Subnet A: • One physical segment• One logical subnet (192.168.1)• One single scope defined • DHCP server distributes

addresses to clients on Subnet A using addresses in single scope

• Subnet B:• One physical segment• Two logical subnets (192.168.2

& 192.168.3)• Two single scopes defined and

joined into one Superscope• DHCP server distributes

address to clients on Subnet B using addresses in superscope

27

Vendor and User Classes

• Used to differentiate between clients within a scope • Vendor classes are based on the operating system• User classes are defined based on network

connectivity or the administrator• You can use the ipconfig /setclassid command to set

the DHCP user class ID

28

DHCP Audit Logging• DHCP audit logs keep detailed information about

DHCP server activity• The logs are used to troubleshoot a DHCP server • They are stored in the C:\WINDOWS\system32\dhcp

directory. There’s a file for each day of the week.• Each line contains an event ID that states the nature

of the event• The Header of the log file provides a summary of

events and their meanings• Auditing can be disabled

29

Configuring DHCP Bindings

• The DHCP service will bind automatically to the first network card on the server

• You can choose which network card the DHCP Service is bound to

• The server only hands out IP addresses through a network card that has the DHCP Service bound

Integrating DHCP and DNS

• DNS Dynamic Update protocol allows clients running Windows 2000 or later to automatically update records in the DNS database

• The default DHCP configuration has this protocol enabled and will update clients only if requested

• DHCP server can be configured to dynamically update older clients

30

31

Conflict Detection

• Using DHCP does not prevent static IP configuration• A DHCP server may hand out an IP address that was

already statically assigned• Conflict detection prevents a DHCP server from

creating IP address conflicts• A DHCP server pings an IP address before it is leased

to a client computer• This can be configured from the GUI as well as well

as with the netsh command

Saving and Restoring DHCP Configuration

• DHCP Server configurations can be saved to a file• These saved settings can then be used to restore the

server to a known state OR to use the same settings on another server

• To store the configuration while logged on locally:netsh dhcp server dump > filename

• To restore the configuration:Netsh exec filename

32

33

Managing and Maintaining the DHCP Database

• The default location of the DHCP database is %systemroot%\system32\dhcp

• The DHCP server service performs 2 routine actions to maintain the database. The actions are performed every 60 minutes:

• Checks and cleans up expired leases and leases that no longer apply

• Database backup – the backup files are automatically stored in the %systemroot%\system32\dhcp\backup directory

• To view the current configuration:

netsh dhcp server show dbproperties

34

Managing and Maintaining the DHCP Database

• The netsh command can be used to change the values of the database properties

Netsh dhcp server set PropertyName NewPropertyValue

• When changing the database name or folder locations you must stop and start the dhcp server service

Net stop “dhcp server”

Net start “dhcp server”

• The database can be manually backed up and/or restored

• The database files can be moved to another server

35

Viewing DHCP Statistics

• Windows Server 2008 DHCP Service automatically tracks statistics

• Statistics are viewable as a whole or by scope

DHCP Availability and Fault Tolerance

• Multiple DHCP servers on the network increases reliability and allows fault tolerance

• In a server cluster DHCP server service can be failed over to another server – this is costly

• Simpler and less expensive approaches• 50/50 failover approach• 80/20 failover approach• 100/100 failover approach

36