HandsOn Microsoft Windows Server 2003 Networking Chapter 5

Hands-On Microsoft Windows Server 2003 Networking Chapter 5 Dynamic Host Configuration Protocol

Objectives • Describe the DHCP lease and renewal process • Understand describe the purpose of a DHCP relay • Install DHCP • Configure DHCP scopes, superscopes, reservations, vendor classes, and user classes • Manage and monitor DHCP • Troubleshoot DHCP • Install and configure a DHCP relay 2

The DHCP Process • Used to automatically deliver IP addressing information to client computers on a network • Can also deliver IP address information to servers and other devices such as printers • Use of DHCP reduces time spent configuring computers on network • Client computers use DHCP by default unless static IP address is specified during installation 3

Windows XP TCP/IP Properties 4

Leasing an IP Address • Process to lease an address is composed of four packets – DHCPDISCOVER: sent from the client computer to the broadcast IP address 255 – DHCPOFFER: response sent after receiving DHCPDISCOVER packet – DHCPREQUEST: response of DHCP client after receiving DHCPOFFER packet – DHCPACK: response sent by chosen DHCP server indicating confirmation that lease has been chosen and client can now use the lease 5

The Four Packets in the DHCP Lease Process 6

Renewing an IP Address • An IP address leased using DHCP can be either permanent or timed • Permanent address – DHCP server never reuses the address for another client • Timed lease – Allows clients to use an IP address for a specified period of time – Windows clients attempt to renew their lease after 50% of lease time has expired – ipconfig /release command is used to force the release of a DHCP address 7

The DHCP Lease Renewal Process 8

DHCP Relay • DHCP packets – Are broadcast packets during the leasing process – Cannot travel across a router • DHCP relay – Receives broadcast DHCP packets from clients and forwards them as unicast packets to a DHCP server – Must be configured with IP address of the DHCP server to deliver unicast packets – DHCP Relay Service cannot be installed on the same server as the DHCP Service 9

Installing DHCP 10

Authorization • Control over DHCP is very important • An unauthorized DHCP server can quickly hand out incorrect IP addressing information to hundreds of client computers • To exercise control over DHCP – Windows Server 2003 must be authorized to start DHCP Service – Authorization of a DHCP server takes place in Active Directory 11

Authorization (Continued) • To authorize DHCP server – Must be a member of Enterprise Admins group or – Member of Enterprise Admins group must delegate permissions to you 12

Unauthorized DHCP server error in Event Viewer 13

The DHCP Management Snap-In 14

Authorized DHCP server information in Event Viewer 15

Configuring DHCP • Normally accomplished with the DHCP management snap-in • NETSH – Command used to configure DHCP – Used in larger organizations where there is a need to make changes programmatically using batch files 16

Configuring DHCP (Continued) • DHCP elements that can be configured include – Scopes – Superscopes – Multicast scopes – Reservations – Vendor and user classes – Scope, server, and reservation options 17

Scopes • Used to define a range of IP addresses for the DHCP server to hand out to client computers • Each scope is configured with – Name – Description – Starting IP address – Ending IP address – Subnet mask – Exclusions – Lease duration 18

Scopes (Continued) • Name and description – Appears in the DHCP management snap-in • Starting and ending IP addresses – Define range of IP addresses that can be handed out by the DHCP server • Strategies when defining starting and ending IP addresses – Configure scope to use all available addresses on a subnet, then exclude the static IP addresses being used by hosts – Configure scope to use addresses that are not already in use 19

Scopes (Continued) • Exclusions – Used to prevent some IP addresses in a scope from being handed out dynamically • Lease duration – Defines how long client computers are allowed to use an IP address – Default lease duration used by Windows Server 2003 is eight days • DHCP server – Does not begin using a scope immediately after creation – Scope must be activated before DHCP Service can begin using the scope 20

Scope Settings 21

Superscopes • Used to combine multiple scopes into a single logical scope • Used when a single physical part of the network has two subnets 22

A Superscope Containing Two Scopes 23

Multicast Scopes • Used to deliver multicast addresses to applications that require it • Time To Live (TTL) – Defines the number of routers through which a multicast packet can move • Exclusions – Define addresses between the start and end IP addresses that are not handed out • Lease duration – The length of time that an application can use a multicast address – Default lease length is 30 days 24

Reservations • Used to hand out a specific IP address to a particular client computer or device on the network • Can also be beneficial when firewalls are in place • Created based on the MAC address of the network card 25

Creating a Reservation 26

Configuring Options • DHCP can hand out the following IP configuration options – Default gateway – DNS server – WINS server • DNS is often configured at the server level 27

Setting Server Options 28

Setting Scope Options 29

Vendor and User Classes • Vendor classes predefined within the DHCP server of Windows Server 2003 – DHCP Standard Options: used by all clients regardless of operating system – Microsoft Options: used by Windows 2000/XP/2003 and Windows 98 clients – Microsoft Windows 2000 Options: used only by Windows 2000/XP/2003 clients – Microsoft Windows 98 Options: used only by Windows 98 clients 30

Vendor and User Classes (Continued) • Predefined user classes – Default User Class: used for all clients – Default Routing and Remote Access: used by clients that are assigned an IP address through DHCP when remotely accessing the network through a dial-up or VPN connection – Default BOOTP Class: used by clients using older BOOTP protocol rather than DHCP 31

Vendor Classes 32

Setting a Class ID 33

User Classes 34

Managing and Monitoring DHCP • • • Backing up and restoring DHCP databases Reconciling scopes Viewing statistics Enabling DHCP Audit logging Enabling Conflict Detection Modifying file paths Changing bindings Viewing DHCP events in Event Viewer Viewing DHCP statistics in the Performance snap-in 35

Back up and Restore DHCP Databases • Dhcp. mdb – The database holding the addressing information that has been assigned to client computers • Dhcp. tmp – Temporary database file only present during maintenance operations • J 50. log and J 50#####. log – Transaction logs of changes to the DHCP database • J 50. chk – A checkpoint file that keeps track of which entries in the log files have been applied to the database • By default, DHCP database is backed up every 60 minutes 36

DHCP Backup Option 37

Managing and Monitoring DHCP (Continued) • Reconcile Scopes – DHCP database holds a summary version and a detailed version of server IP address lease information – If there is discrepancy between the two versions of information, then you must reconcile the scope to synchronize the information • View Statistics – Windows Server 2003 DHCP Service automatically tracks statistics that you can view 38

Managing and Monitoring DHCP (Continued) • Enable DHCP Logging – Audit logs keep detailed information about DHCP server activity – Audit logs are named Dhcp. Srv. Log-XXX. log, where XXX is the day of the week – Logs can be used to troubleshoot why a DHCP server is not functioning as you would expect 39

Enable Audit Logs 40

Conflict Detection • Prevents a DHCP server from creating IP address conflicts • Possible to configure how many ping attempts are made before an IP address is leased 41

File Paths • Possible to control the location of – The audit log file – The DHCP database – The automatic backup directory • By default – Audit log file and DHCP database are located in C: WINDOWSsystem 32dhcp – Path used for automatic backups of DHCP database is C: WINDOWSsystem 32dhcpbackup 42

File Paths 43

Bindings • Controlled in the Advanced tab of the server Properties in the DHCP management snap-in • DHCP server only hands out IP addresses through a network card that has the DHCP Service bound 44

DHCP Bindings 45

View DHCP Statistics in the Performance Snap-in • DHCP performance counters that can be monitored – Discovers/sec: indicates how many new clients are being added to the network – Declines/sec: indicates that some computers are using dynamic IP addresses not assigned by the DHCP server 46

DHCP Performance Counters 47

TCP Troubleshooting • All computers are unable to lease addresses – Confirm that DHCP Service is running and authorized • A single computer is unable to lease an address – Confirm that cabling is correct and proper network driver is loaded • Some computers have incorrect address information – Confirm that the DHCP server is functional 48

TCP Troubleshooting (Continued) • A single computer has incorrect address information – If computer has a reservation, check configuration of the reservation • A rogue DHCP server is leasing addresses – Windows 2000 and Windows Server 2003 must be authorized to function as DHCP servers • Two DHCP servers configured to be redundant on a network segment are leasing the same range of IP addresses and causing conflicts – Cluster your DHCP Service 49

TCP Troubleshooting (Continued) • IP address conflicts are created when the DHCP server hands out addresses already used by hosts with static IP addresses – Create exclusions in the scope for the IP addresses used by hosts that are statically configured • A client is using an APIPA address – Command ipconfig /renew allows clients to reattempt leasing an address 50

Summary • DHCP – Dynamically assigns IP addresses – Can assign multicast IP addresses • DHCP lease process – Composed of DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, and DHCPACK – DHCPNAK: used by DHCP servers to decline renewal of lease – DHCPRELEASE: used by clients to inform DHCP server that lease is no longer required 51

Summary (Continued) • Renewing lease – Clients attempt to renew at 50%, 87. 5%, and 100% of lease time • Commands ipconfig /release and ipconfig /renew – Can release and renew DHCP leases • DHCP server – Must be authorized in Active Directory to lease addresses – Must be member of Enterprise Admins to authorize DHCP 52

Summary (Continued) • Scope – Defines range of IP addresses that are leased to clients – Must be activated before DHCP server leases addresses in the scope • Superscope – Combines two scopes into single scope • Exclusion in scope – Used to stop a DHCP server from handing out specific addresses or range of addresses within a scope 53

Summary (Continued) • Reservation – Can give a specific workstation a defined IP address • Vendor and user classes – Used to configure some client computers with different options • Audit logging – Enables you to view DHCP Service operation information • Conflict detection – Sends ping packet before leasing an IP address • DHCP relay – Required to communicate with a DHCP server across a router 54