430 likes | 621 Views
Managing DHCP. DHCP Overview. Is a protocol that allows client computers to automatically receive an IP address and TCP/IP settings from a Server Reduces the amount of time you spend configuring computers on your network Is the default configuration for clients.
E N D
DHCP Overview • Is a protocol that allows client computers to automatically receive an IP address and TCP/IP settings from a Server • Reduces the amount of time you spend configuring computers on your network • Is the default configuration for clients. • The ipconfig /all command will indicate whether the configuration came from a DHCP server computer
Leasing an IP Address • An IP address is leased during the boot process • The overall process is composed of four broadcast packets: • DHCPDISCOVER • DHCPOFFER • DHCPREQUEST • DHCPACK
Leasing an IP Address (continued) • Any DHCP server that receives the DHCPDISCOVER packet responds with a DHCPOFFER packet • The DHCP client responds to the DHCPOFFER packet it receives with a DHCPREQUEST packet • A DHCPACK packet indicates confirmation that the client can use the lease • Once DHCPACK is received, the client can start using the IP address and options in the lease
Renewing an IP Address • The IP address can either be permanent or timed • A permanent address is never reused for another client • Timed leases expire after a certain amount of time • Windows clients attempt to renew their lease after 50% of the lease time has expired. If the renewal process fails, it attempts again after 87.5% of the lease time has expired. • Renewing the lease involves the client sending a DHCP Request packet to DHCP Server
More on the Renewal Process… • DHCP Client, at startup, attempts to reach the DHCP Server Server Available:. • If the server is available and the lease has not yet expired, the client retains the IP address • If the server is available and the lease has expired, the client attempts to renew the lease.
More on the Renewal Process… • DHCP Client, at startup, attempts to reach the DHCP Server Server Unavailable: • If the server is unavailable, the client will ping the previously assigned default gateway to determine if it’s on the same network. • If the gateway responds and the lease hasn’t expired, the client retains the IP address • If the gateway doesn’t respond the client will send a DISCOVER packet to begin the lease process over
Autoconfiguration • When a DHCP Server does not respond to a Client’s call for an IP Address, the client will autoconfigure itself • The client selects an IP address from the 169.254.0.0 subnet • The client will attempt to contact a DHCP server using DISCOVER packets every 5 minutes
Installing the DHCP Service • When placing a DHCP Service on a Server in a Domain: • Install the DHCP Server Service • Authorize DHCP Server in Active Directory • Configure DHCP Server with appropriate scopes, exclusions, reservations and options • Activate the DHCP Server’s Scopes • When placing a DHCP Service on a Server in a Workgroup: • Install the DHCP Server Service • Configure DHCP Server with appropriate scopes, exclusions, reservations and options • Activate the DHCP Server’s Scopes
Authorizing the DHCP Service • A server that is a member of a domain can be authorized • During the installation of the service: the Install Wizard provides an option to authorize the server • Using the DHCP management snap-in • Only members of the Enterprise Admins group can authorize a server • A server that is a member of a workgroup does not need to be authorized.
Configuring DHCP Scopes • Scopedefines a range of IP addresses • Each scope is configured with: • Description • Starting IP address • Ending IP address • Subnet mask • Exclusions • Lease duration • Two strategies exist for defining the starting and ending IP addresses • Allow all and exclude the few static addresses • Reserve a range of addresses at beginning or end of range that can be used for static addresses
Configuring DHCP Scopes (continued) • Lease duration defines how long client computers are allowed to use an IP address • Default lease duration varies based on the network type and the DHCP Server version • A scope must be activated before the DHCP service can begin using it
Creating DHCP Reservations • Reservations areused to hand out a specific IP address to a particular client • Useful when delivering IP addresses to devices that would normally use static addresses • Reservations are created based on MAC addresses
Creating DHCP Exclusions • Exclusions are IP Addresses that are within the subnet defined within the scope but that should not be assigned to a dhcp client
Configuring DHCP Options • DHCP can hand out a variety of other IP configuration options • It is common that all workstations within an entire organization use the same DNS servers • DNS is often configured at the server level
DHCP Relay Agent • DHCP packets cannot travel across a router • A relay agentis necessaryin order to have a single DHCP server handle all leases on both network segments • This can be a Windows 2003/2008 server with DHCP Relay Agent protocol installed or a router that is configured as a relay • Relay agents receive broadcast DHCP packets and forward them as unicast packets to a DHCP server • The relay agent must be configured with the IP address of the DHCP server • The DHCP relay cannot be installed on the same server as the DHCP service
Superscopes • Used to combine multiple scopes into a single logical scope • Allows multiple scopes to be treated as a single scope • Useful when a single physical network segment contains more than one logical subnet • If a superscope is used, then the DHCP server offers only one lease as opposed to multiple leases
One physical network segment One logical subnet (192.168.1) One DHCP Server Single scope is used to service all DHCP clients on Subnet A Example 1: No Superscope
One physical network segment Multiple logical subnets 192.168.1 192.168.2 192.168.3 Three single scopes created and joined into one superscope One DHCP Server services all clients on Subnet A with an IP address from the superscope Router configured with multiple addresses to allow packets to move from one logical network to another Example 2: Superscope
Two physical network segments: Subnet A and Subnet B One DHCP Server Router configured with Relay Agent Something that will pass Discover Packets back and forth from DHCP Clients and DHCP Server Example 3: Superscope Implemented across a Router
Subnet A: One physical segment One logical subnet (192.168.1) One single scope defined DHCP server distributes addresses to clients on Subnet A using addresses in single scope Subnet B: One physical segment Two logical subnets (192.168.2 & 192.168.3) Two single scopes defined and joined into one Superscope DHCP server distributes address to clients on Subnet B using addresses in superscope Example 3: Superscope Implemented across a Router
Vendor and User Classes • Used to differentiate between clients within a scope • Vendor classes are based on the operating system • User classes are defined based on network connectivity or the administrator • You can use the ipconfig /setclassidcommand to set the DHCP user class ID
DHCP Audit Logging • DHCP audit logs keep detailed information about DHCP server activity • The logs are used to troubleshoot a DHCP server • They are stored in the C:\WINDOWS\system32\dhcp directory. There’s a file for each day of the week. • Each line contains an event ID that states the nature of the event • The Header of the log file provides a summary of events and their meanings • Auditing can be disabled
Configuring DHCP Bindings • The DHCP service will bind automatically to the first network card on the server • You can choose which network card the DHCP Service is bound to • The server only hands out IP addresses through a network card that has the DHCP Service bound
Integrating DHCP and DNS • DNS Dynamic Update protocol allows clients running Windows 2000 or later to automatically update records in the DNS database • The default DHCP configuration has this protocol enabled and will update clients only if requested • DHCP server can be configured to dynamically update older clients
Conflict Detection • Using DHCP does not prevent static IP configuration • A DHCP server may hand out an IP address that was already statically assigned • Conflict detectionprevents a DHCP server from creating IP address conflicts • A DHCP server pings an IP address before it is leased to a client computer • This can be configured from the GUI as well as well as with the netsh command
Saving and Restoring DHCP Configuration • DHCP Server configurations can be saved to a file • These saved settings can then be used to restore the server to a known state OR to use the same settings on another server • To store the configuration while logged on locally: netsh dhcp server dump > filename • To restore the configuration: Netsh exec filename
Managing and Maintaining the DHCP Database • The default location of the DHCP database is %systemroot%\system32\dhcp • The DHCP server service performs 2 routine actions to maintain the database. The actions are performed every 60 minutes: • Checks and cleans up expired leases and leases that no longer apply • Database backup – the backup files are automatically stored in the %systemroot%\system32\dhcp\backup directory • To view the current configuration: netshdhcp server show dbproperties
Managing and Maintaining the DHCP Database • The netsh command can be used to change the values of the database properties Netshdhcp server set PropertyNameNewPropertyValue • When changing the database name or folder locations you must stop and start the dhcp server service Net stop “dhcp server” Net start “dhcp server” • The database can be manually backed up and/or restored • The database files can be moved to another server
Viewing DHCP Statistics • Windows Server 2008 DHCP Service automatically tracks statistics • Statistics are viewable as a whole or by scope
DHCP Availability and Fault Tolerance • Multiple DHCP servers on the network increases reliability and allows fault tolerance • In a server cluster DHCP server service can be failed over to another server – this is costly • Simpler and less expensive approaches • 50/50 failover approach • 80/20 failover approach • 100/100 failover approach