CHAPTER 10
IMPLEMENTING DYNAMIC HOST
CONFIGURATION PROTOCOL (DHCP)
Lesson 1:
Introducing and Installing DHCP
DHCP automatically assigns IP addresses to computers. DHCP overcomes the limitations
of configuring TCP/IP manually.
DHCP Overview
DHCP is an extension of the Boot Protocol (BOOTP). BOOTP enables diskless clients
(or dumb terminals) to start up and automatically configure TCP/IP. DHCP centralizes and
manages the allocation of TCP/IP configuration information by automatically assigning IP
addresses to computers configured to use DHCP.
When a DHCP server receives a request, it selects IP addressing information from a pool
of addresses defined in its database and offers it to the DHCP client. If the client accepts
the offer, the IP addressing information is leased to the client for a specified period of time.
If there is no available IP addressing information in the pool to lease to a client, the client
cannot initialize TCP/IP.
CLASSROOM NOTES:
BOOTP (diskless or dumb terminals)
DHCP uses (BOOTP Protocol)
You should have static IP addresses for the following:
administration. DHCP very hardy (WINS can become corrupted!
that. Collision avoidance, but can take a long time. Ethernet 10 or 100 can have problems,
too much traffic.
=====================================================================
wininf10.html PAGE 2 2002/03/30
******* page 235 learn this
chart *******
When you configure a DHCP you must authorize it, and it must be performed on the server,
or in our classroom setting on the Instructor 9 server.
You can have the DHCP relay agent and the DHCP as the same machine.
Manual vs. Automatic Configuration
To understand why DHCP is beneficial in configuring TCP/IP on client computers, it is useful
to contrast the manual method of configuring TCP/IP with the automatic method of DHCP.
Configuring TCP/IP Manually
Configuring TCP/IP manually means that users can easily pick a random IP address instead of
getting a valid IP address from the network administrator.
In addition, typing the IP address, subnet mask, or default gateway can lead to problems
ranging from trouble communicating if the default gateway or subnet mask is wrong to
problems associated with a duplicate IP address.
TCP/IP configured manually has large administrative overhead on computers that are moved
frequently. For example, when a workstation is moved to a different subnet, the IP address
and default gateway must be changed for the workstation to communicate from its new location.
Configuring TCP/IP Using DHCP
Using DHCP to automatically configure IP addressing information means that uses no longer
need to acquire IP addressing information from an administrator to configure TCP/IP). The
DHCP server supplies all of the necessary configuration information to all of the DHCP
clients.
=====================================================================
wininf10.html PAGE 3 2002/03/30
TCP/IP configuration parameters that can be assigned by the
DHCP server include:
IP addresses for each network adapter in a client computer.
Subnet masks that are used to identify the IP network portion from the host portion of the IP
address.
Default gateways (routers) that are used to connect a single network segment to others.
Additional configuration parameters that can optionally be assigned to DHCP clients (such as
IP addresses for DNS or WINS servers a client may use).
How DHCP Works
DHCP uses a four-phase process to configure a DHCP client. If a computer has multiple
network adapters, the DHCP process occurs separately over each adapter. All DHCP
communication is done over UDP ports 67 and 68.
Most DHCP messages are sent by broadcast. Use the DORA process, see page 230 chart.
Discover, Offer, Request, Acknowledgement.
IP Lease Discover
During the boot process of a client, it requests to lease an IP address by broadcasting a
request to all DHCP servers. Because the client does not have an IP address or know the
P address of a DHCP server, it uses 0.0.0.0 as the source address and 255.255.255.255
as the destination address.
IP Lease Offer
All DHCP servers that receive the request and have a valid configuration for the client
broadcast can offer with the following information:
A broadcast is used because the client does not yet have an IP address.
=====================================================================
wininf10.html PAGE 4 2002/03/30
When no DHCP servers are Online:
The DHCP clients waits 1 seconds for an offer. If an offer is not received, the client will
not be able to initialize and will rebroadcast the request three times (at 9-, 13, and 16-second
intervals, plus a random length of time between 0 and 1000 milliseconds). If an offer is not
received after four requests, the client will retry every 5 minutes.
IP Lease Request
After the client receives an offer from at lease one DHCP server, it broadcasts to all DHCP
servers that it have made a selection by accepting an offer.
A. IP Lease
Acknowledgement (Successful)
The DHCP server with the accepted offer broadcasts a successful acknowledgement to the
client in the form of a DHCPACK message. This message contains a valid lease for an IP
address and possibly other configuration information. When the DHCP client receives the
acknowledgement, TCP/IP is completely initialized and is considered a bound DHCP client.
Once bound, the client can use TCP/IP to communicate on the internetwork.
B. IP
Lease Acknowledgement (Unsuccessful)
An unsuccessful acknowledgement (DHCPNACK) is broadcast if the client is trying to lease
its previous IP address and the IP address is no longer available. When the client receives an
unsuccessful acknowledgement, it returns to the process of requesting an IP lease.
Installing a DHCP Server
Ensure you have the hardware and storage requirements for DHCP
Which computers you can immediately configure as DHCP clients
The DHCP option types and their values to be predefined for DHCP clients.
NOTE: It is strongly recommended that you manually configure the DHCP server computer to
use a static IP address. The DHCP server cannot be a DHCP client. It must have a static IP
address, subnet mask, and default gateway address.
=====================================================================
wininf10.html PAGE 5 2002/03/30
Ipconfig
on a networked computer.
/all switch. Produces a detailed configuration report for all interfaces
/displaydns. Displays the contents of the DNS resolver cache.
*** See the switches
on page 235 ***
NOTE: Output can be redirected to a file and pasted into other documents.
DHCP Relay Agent
A relay agent is a small program that relays DHCP/BOOTP message between clients and
servers on different subnets. The DHCP Relay Agent component provided with the
Windows 2000 router is a BOOTP relay agent that relays DHCP messages between
DHCP clients and DHCP servers on different IP networks.
Lesson Summary:
DHCP was developed to solve configuration problems by centralizing IP configuration
information for allocation to clients.
The phases are, in order: Lease Discover, Lease Offer, Lease Request, and Lease
Acknowledgment. In addition to verifying a computer’s IP configuration, you can use the
Ipconfig utility to renew options, lease time, and relinquish a lease.
Lesson 2:
Configuring DHCP
Using DHCP on a Network
Configuring DHCP servers for a network provides the following benefits:
centrally for use throughout the entire network.
=====================================================================
wininf10.html PAGE 6 2002/03/30
When a client computer moves between subnets, its old IP address is freed for reuse.
The client reconfigures its TCP/IP settings automatically when the computer is restarted
in its new location.
Most routers can forward DHCP and BOOTP configuration requests, so DHCP servers
are not required on every subnet in the network.
How Clients Use DHCP Servers
A computer running Windows 2000 becomes a DHCP client if Obtain an IP Address is
selected in its TCP/IP properties.
How DHCP Servers Provide Optional Data
In addition to an IP address, DHCP servers can be configured to provide optional data to
fully configure TCP/IP for clients. Some of the most common DHCP option types
configured and distributed by the DHCP server during leases include:
Default gateways (routers), which are used to connect a network segment to other network
segments. Other optional configuration parameters to assign to DHCP clients, such as IP addresses
for the DNS servers or WINS servers that the client can use in resolving network host names.
Authorizing a DHCP Server
When configured correctly and authorized for use on a network, DHCP servers provide
a useful and intended administrative service. However, when a misconfigured or
unauthorized DHCP server is introduced into a network, it can cause problems.
How DHCP Servers are Authorized
The process of authorizing DHCP servers is useful or needed for DHCP servers running
Windows 2000 Server. For the directory authorization process to work properly, it is
assumed and necessary that the first DHCP server introduced onto your network
participate in the Active Directory service.
The authorization process for DHCP server computers in Active Directory depends on
the installed role of the server on your network. For Windows 2000 Server (as in earlier
versions) there are three roles or server types for which each server computer can be
installed:
=====================================================================
wininf10.html PAGE 7 2002/03/30
Domain controller. The computer keeps and maintains a copy of the Active Directory
service database and provides secure account management for domain members users
and computers.
Member Server. The computer is not operating as a domain controller but has joined a
domain in which it has a membership account in the Active Directory service database.
Stand-alone server. The computer is not operating as a domain controller or a member
server in a domain. Instead, the server computer is made known to the network through
a specified workgroup, which can be shared by other computers, but is used only for
browsing purposes and not to provide secured logon access to shared domain resources.
To authorize a computer as a DHCP server in Active Directory
Logon to the network using either an account that has enterprise administrative privileges
or one that has been delegated authority DHCP servers for your enterprise.
Install the DHCP service
Protecting Against Unauthorized DHCP Servers
Active Directory is now used to store records of authorized DHCP servers. When a DHCP
server comes up, the directory can now be used to verify the status of that server.
When it first comes up, the DHCP server tries to find out if it is part of the directory domain.
If it is, it tries to contact the directory to see if it is in the list of authorized servers.
Creating a DHCP Scope
Before a DHCP server can lease an address to DHCP clients, you must create a scope. A
cope is a pool of valid IP address available for lease to DHCP clients.
=====================================================================
wininf10.html PAGE 8 2002/03/30
assign
multiple DHCP servers, ensure that the same IP addresses do not exist in more than one
scope to prevent duplicate IP addressing.
After Scopes are Added
After you define a scope, you can additionally configure the scope by performing the
following tasks:
Set additional exclusion ranges. You can exclude any other IP addresses that must be
leased to DHCP clients.
Create reservations. You can choose to reserve some IP addresses for permanent lease
assignment to specified computers or devices on your network. To make this happen on
a system running Windows 2000, at the command prompt type ipconfig/release.
Then ipconfig/renew. Adjust the length of lease durations. You can modify the lease duration
to be used for assigning IP address leases. The default lease duration is eight days.
Configure options and classes to be used with the scope. To provide full configuration
for clients, DHCP options need to be configured and enabled for the scope.
DHCP Scope Configuration Options
====================================================================
Option Description
=====================================================================
003 Router Specifies IP address of a router.
006 DNS Servers IP address of DNS servers.
015 DNS Domain Name The DNS domain name for client resolutions.
056 WINS/NBT node type NetBIOS over TCP/IP name resolution 1 = B-node
(broadcast); 2 = P-node (peer); 4 = M-node (mixed);
8
= H-node (hybrid).
044 WINS/NBNS servers Specifies the IP address of a WINS server available
to clients.
047 NetBIOS Scope ID Specifies the local NetBIOS scope ID. NetBIOS
over TCP/IP will communicate only with other
NetBIOS hosts using the same scope ID.
=====================================================================
wininf10.html PAGE 9 2002/03/30
Implementing Multiple DHCP Servers
If your internetwork requires multiple DHCP servers, it is necessary to create a unique
scope for each subnet.
Each DHCP server should have a scope containing approximately 75% of the available
IP addresses for the local subnet.
Each DHCP server should have a scope for each remote subnet containing approximately
25% of the available IP addresses for a subnet.
Lesson Summary:
A scope is a range of IP addresses that are available to be leased or assigned to clients.
Multiple scopes and separate scopes for each subnet can be created to allow DHCP
clients to obtain a valid IP address from any DHCP server.
Lesson 3: Integrating
DHCP with Naming Services
With Windows 2000, a DHCP server can enable dynamic updates in the DNS name
space for any of its clients that support these updates. Scope clients can then use DNS
dynamic update protocol to update their host name-to-address mapping information
(which is stored in zones on the DNS server) whenever changes occur to their DHCP-
assigned address.
DNS and DHCP
Although DHCP provides a powerful mechanism for automatically configuring client IP
addresses, until recently DHCP did not notify the DNS service to update the DNS records
on the client, specifically, updating the client name to an IP address, and IP address-to-name
mappings maintained by a DNS server.
Registering for Dynamic DNS updates
Windows 2000 supports Dynamic DNS updates. A Windows 2000 DHCP server can
register with a DNS server and update pointer (PTR) and address (A) resource records
(RRs) on behalf of its DHCP enabled clients using the Dynamic DNS update protocol.
DHCP and static DNS service are not compatible for keeping name-to-address mapping
information synchronized. This might cause problems with using DHCP and DNS together
on a network if you are using older, static DNS servers, which are incapable or interacting
dynamically when DHCP client configurations change.
=====================================================================
wininf10.html PAGE 10 2002/03/30
To avoid failed DNS lookups for DHCP-registered clients when static DNS service is in
effect:
NetBIOS.
DNS only and do not support NetBIOS.
servers supporting updates. Dynamic updates are supported by the Microsoft DNS,
included in Windows 2000.
DHCP/DNS Update Interaction for Windows 2000 DHCP Clients
Windows 2000 DHCP clients interact with DNS dynamic update protocol as follows:
The client initiates a DHCP request message (DHCPREQUEST) to the server.
The server returns a DHCP acknowledgement (DHCPACK) to the client, granting an
IP address lease.
By default, the client sends a DNS update request to the DNS server for its own forward
lookup record, a host (A) RR.
The server sends updates for the DHCP client’s reverse lookup record, a PTR RR
using the process defined by the DNS dynamic update protocol.
DHCP/DNS Update Interaction for DHCP Clients Prior to
Windows 2000
Earlier versions of Windows DHCP clients do not support the DNS dynamic update
process directly and therefore cannot directly interact with the DNS server
IP address lease.
=====================================================================
wininf10.html PAGE 11 2002/03/30
The server then sends updates to the DNS server for the client’s forward lookup record,
which is a host (A) RR. The server also sends updates for the client’s reverse lookup
record, which is a PTR RR.
Lesson Summary:
With Windows 2000, a DHCP server can enable dynamic updates in the DNS name
space for any of its clients that support these updates.
With dynamic update, the primary server for a zone can also be configured to support
updates that are initiated by another computer or device that supports dynamic update.
Lesson 4:
Using DHCP with Active Directory
Microsoft DHCP provides integration with the Active Directory service and DNS service,
enhanced monitoring and statistical reporting for DHCP servers, vendor specific options
and user-class support, multicast address allocation, and rogue DHCP server detection.
Windows 2000 Integrated IP Management
Windows 2000 Server naming and address services offer the flexibility to manage networks
more easily and interoperate with other address and naming systems.
Support for Legacy Servers
Interoperability with other DHCP and DNS services helps preserve investment in existing
services. Customers have the option to use legacy IP address and naming management
systems using the Windows 2000 Server DHCP, DHCP relay agent, and/or the DNS
service.
Rouge DHCP Server Detection Feature
The Windows 2000 DHCP service provides a rogue DHCP server detection feature.
This prevents rogue (unauthorized) DHCP servers from joining an existing DHCP network
in which Windows 2000 Server and Active Directory are deployed.
=====================================================================
wininf10.html PAGE 12 2002/03/30
Lesson Summary:
IP address and naming management is simplified through Active Directory integration.
The authorization process for DHCP server computers in Active Directory depends on
whether the server is a domain controller, member server or stand-alone server.
The list of authorized DHCP servers can be created in the Active Directory through the
DHCP snap-in.
Lesson 5:
Troubleshooting DHCP
The most common DHCP client problem is a failure to obtain an IP address or other
configuration parameters from the DHCP server during setup.
Preventing DHCP Problems
Many DHCP problems involve incorrect or missing configuration details. To help
prevent the most common types of problems, you should do the following:
reserved client. This is used for Laptops.
with optimal disk performance characteristics. DHCP causes frequent and intensive activity
on server hard disks. To provide the best performance, consider RAID 0 or RAID 5
solutions when purchasing hardware for your server computer.
of DHCP server for the number of DHCP-enabled clients on your network.
=====================================================================
wininf10.html PAGE 13 2002/03/30
Troubleshooting DHCP Clients
Most DHCP-related problems start as failed IP configuration as a client, so it is a good
practice to start there. After you have determined that a DHCP-related problem does not
originate at the client, check the system event log and DHCP server audit logs for possible
clues.
Troubleshooting DHCP Servers
When a server fails to provide leases to its clients, the failure most often is discovered by
clients in one of three ways:
To restart a DHCP server that is stopped: Start Windows 2000 Server and log on as
administrator. At the command prompt, type net^start^dhcpserver, enter.
DHCP Relay Agent Service is Installed But
Not Working
The DHCP Relay Agent service is running on the same computer as the DHCP service.
Because both service listen for and respond to BOOTP and DHCP messages sent using
UDP ports 67 and 68, neither service works reliably if both are installed on the same
computer. The lease expires in a finite length of time such as (8 days).
=====================================================================
wininf10.html PAGE 14 2002/03/30
DHCP Server Uses Broadcast to Respond to All Client Messages
The DHCP server uses broadcast to respond to all client configuration request messages,
regardless of how each DHCP client has set the broadcast bit flag.
Lesson Summary:
configuration parameters from the DHCP server during startup.
practice to start there.