Lesson 2: Configuring DHCP

Once you have installed DHCP on a server, you will need to configure the server to meet specific needs. This lesson will show you have how DHCP is used on a network (by the clients and server) and explain how DHCP can be configured. Configuring includes setting the appropriate authorization and scope for the server.

After this lesson, you will be able to

  • Identify the benefits of using DHCP on a network
  • Configure a DHCP server and clients

Estimated lesson time: 10 minutes

Using DHCP on a Network

Configuring DHCP servers for a network provides the following benefits:

  • The administrator can assign and specify global and subnet-specific TCP/IP parameters centrally for use throughout the entire network.
  • Client computers do not require manual TCP/IP configuration.

    When a client computer moves between subnets, its old IP address is freed for reuse. The client reconfigures its TCP/IP settings automatically when the computer is restarted in its new location.

  • Most routers can forward DHCP and BOOTP configuration requests, so DHCP servers are not required on every subnet in the network.

How Clients Use DHCP Servers

A computer running Windows 2000 becomes a DHCP client if Obtain An IP Address is selected in its TCP/IP properties, as illustrated in Figure 11.5.

When a client computer is set to use DHCP, it accepts a lease offer and can receive the following benefits from the server:

  • Temporary use of an IP address known to be valid for the network it is joining
  • Additional TCP/IP configuration parameters for the client to use in the form of options data

In addition, if conflict detection is configured, the DHCP server attempts to ping each available address in the scope prior to presenting the address in a lease offer to a client. This ensures that each IP address offered to clients is not already in use by another non-DHCP computer that uses manual TCP/IP configuration. Scopes are discussed in more detail later in this lesson.

Figure 11.5 Setting a client to obtain an IP address from a DHCP server

How DHCP Servers Provide Optional Data

In addition to an IP address, DHCP servers can be configured to provide optional data to fully configure TCP/IP for clients. Some of the most common DHCP option types configured and distributed by the DHCP server during leases include:

  • Default gateways (routers), which are used to connect a network segment to other network segments
  • Other optional configuration parameters to assign to DHCP clients, such as IP addresses for the DNS servers or WINS servers that the client can use in resolving network host names

Installing and Configuring a DHCP Server

The DHCP Server service must be running in order to communicate with DHCP clients. Once DHCP Server is installed and started, several options must be configured. The following are the general steps for installing and configuring DHCP:

  1. Install the Microsoft DHCP Server service.
  2. Authorize the DHCP server.
  3. Configure a scope or pool of valid IP addresses. This must be done before a DHCP server can lease IP addresses to DHCP clients.
  4. Configure global scope and client scope options for a particular DHCP client.
  5. Configure the DHCP server to always assign the same IP address to the same DHCP client.

Authorizing a DHCP Server

When configured correctly and authorized for use on a network, DHCP servers provide a useful administrative service. However, when a misconfigured or unauthorized DHCP server is introduced into a network, it can cause problems. For example, if an unauthorized DHCP server starts, it might begin either leasing incorrect IP addresses to clients or negatively acknowledging DHCP clients, thus attempting to renew current address leases. Either of these configurations can produce further problems for DHCP-enabled clients. For example, clients that obtain a configuration lease from the unauthorized server can fail to locate valid domain controllers, which prevents clients from successfully logging on to the network.

To avoid these problems in Windows 2000, servers are verified as legal in the network before they can service clients. This avoids most of the accidental damage caused by running DHCP servers with incorrect configurations or correct configurations on the wrong network.

How DHCP Servers Are Authorized

The process of authorizing DHCP servers is useful or in some cases necessary for DHCP servers running Windows 2000 Server. For the directory authorization process to work properly, it is assumed and necessary that the first DHCP server introduced onto your network participate in the Active Directory service. This requires that the server be installed as either a domain controller or a member server. When you are either planning for or actively deploying Active Directory service, it is important that you do not elect to install your first DHCP server computer as a standalone server. Windows 2000 Server provides some integrated security support for networks that use Active Directory. This avoids most of the accidental damage caused by running DHCP servers with wrong configurations or on the wrong networks.

The authorization process for DHCP server computers in Active Directory depends on the installed role of the server on your network. For Windows 2000 Server (as in earlier versions), there are three possible roles or server types for each server:

  1. Domain controller. The computer keeps and maintains a copy of the Active Directory service database and provides secure account management for domain member users and computers.
  2. Member server. The computer is not operating as a domain controller but has joined a domain in which it has a membership account in the Active Directory service database.
  3. Standalone server. The computer is not operating as a domain controller or a member server in a domain. Instead, the server computer is made known to the network through a specified workgroup name, which can be shared by other computers, but is used only for browsing purposes and not to provide secured logon access to shared domain resources.

If you deploy Active Directory, all computers operating as DHCP servers must be either domain controllers or domain member servers before they can be authorized in the directory service and provide DHCP service to clients.

Follow these steps to authorize a computer as a DHCP server in Active Directory:

  1. Log on to the network using either an account that has enterprise administrative privileges or one that has been delegated authority to authorize DHCP servers for your enterprise.

    In most cases, it is simplest to log on to the network from the computer from which you want to authorize the new DHCP server. This ensures that other TCP/IP configuration of the authorized computer has been set up correctly prior to authorization. Typically, you can use an account that has membership in the Enterprise Administrators group. The account you use must allow you to have Full Control rights to the NetServices container object as it is stored in the enterprise root of the Active Directory service.

  2. Install the DHCP service on this computer if necessary.
  3. Click Start, point to Programs, point to Administrative Tools, then click DHCP.
  4. On the Action menu, click Manage Authorized Servers, as illustrated in Figure 11.6.

    The Manage Authorized Servers dialog box appears.

  5. Click Authorize.
  6. When prompted, type the name or IP address of the DHCP server to be authorized, and then click OK.

Figure 11.6 Authorizing a DHCP server

Protecting Against Unauthorized DHCP Servers

Active Directory is now used to store records of authorized DHCP servers. When a DHCP server comes up, the directory can be used to verify the status of that server. If that server is unauthorized, no response is returned to DHCP requests. A network manager with the proper access rights must respond. The domain administrator can assign access to the DHCP folder holding configuration data to allow only authorized personnel to add DHCP servers to the approved list.

The list of authorized servers can be created in Active Directory through the DHCP snap-in. When it first comes up, the DHCP server tries to find out if it is part of the directory domain. If it is, it tries to contact the directory to see if it is in the list of authorized servers. If it succeeds, it sends out DHCPINFORM to find out if there are other directory services running and makes sure that it is valid in others as well. If it cannot connect to the directory, it assumes that it is not authorized and does not respond to client requests. Likewise, if it does reach the directory but does not find itself in the authorized list, it does not respond to clients. If it does find itself in the authorized list, it starts to service client requests.

Creating a DHCP Scope

Before a DHCP server can lease an address to DHCP clients, you must create a scope. A scope is a pool of valid IP addresses available for lease to DHCP clients. After you have installed the DHCP service and it is running, the next step is to create a scope.

When creating a DHCP scope, consider the following points:

  • You must create at least one scope for every DHCP server.
  • You must exclude static IP addresses from the scope.
  • You can create multiple scopes on a DHCP server to centralize administration and to assign IP addresses specific to a subnet. You can assign only one scope to a specific subnet.
  • DHCP servers do not share scope information. As a result, when you create scopes on multiple DHCP servers, ensure that the same IP addresses do not exist in more than one scope to prevent duplicate IP addressing.
  • Before you create a scope, determine starting and ending IP addresses to be used within it.

    Depending on the starting and ending IP addresses for your scope, the DHCP console suggests a default subnet mask useful for most networks. If you know a different subnet mask is required for your network, you can modify the value as needed.

Follow these steps to create a new scope:

  1. Click Start, point to Programs, point to Administrative Tools, and then click DHCP.
  2. In the console tree, click the applicable DHCP server.
  3. On the Action menu, click New Scope.
  4. Follow the instructions in the New Scope wizard.

    When you finish creating a new scope, you might need to complete additional tasks, such as activating the scope for use or assigning scope options.

After Scopes Are Added

After you define a scope, you can configure the scope by performing the following tasks:

  • Set additional exclusion ranges. You can exclude any other IP addresses that must not be leased to DHCP clients. You should use exclusions for all devices that must be statically configured. The excluded ranges should include all IP addresses that you assigned manually to other DHCP servers, non-DHCP clients, workstations without disks, or Routing and Remote Access and Point-to-Point (PPP) clients.
  • Create reservations. You can choose to reserve some IP addresses for permanent lease assignment to specified computers or devices on your network. You should make reservations only for devices that are DHCP-enabled and that must be reserved for specific purposes on your network (such as print servers).

    If you are reserving an IP address for a new client or an address that is different from its current one, you should verify that the address has not already been leased by the DHCP server. Reserving an IP address in a scope does not automatically force a client currently using that address to stop using it. If the address is already in use, the client using the address must first release it by issuing a DHCP release message. To make this happen on a system running Windows 2000, at the command prompt type ipconfig /release. Reserving an IP address at the DHCP server also does not force the new client for which the reservation is made to immediately move to that address. In this case, too, the client must first issue a DHCP request message. To make this happen on a system running Windows 2000, at the command prompt type ipconfig /renew.

  • Adjust the length of lease durations. You can modify the lease duration to be used for assigning IP address leases. The default lease duration is eight days. For most local area networks (LANs), the default value is acceptable but can be further increased if computers seldom move or change locations. Infinite lease times can also be set, but should be used with caution. For information about circumstances under which modifying this setting is most useful, see "Managing Leases."
  • Configure options and classes to be used with the scope. To provide full configuration for clients, DHCP options need to be configured and enabled for the scope. For more advanced discrete management of scope clients, you can add or enable user- or vendor-defined option classes.

Table 11.3 describes some of the available options in the Configure DHCP Options: Scope Properties dialog box and includes all of the options supported by Microsoft DHCP clients.

Table 11.3 DHCP Scope Configuration Options

003 RouterSpecifies the IP address of a router, such as the default gateway address. If the client has a locally defined default gateway, that configuration takes precedence over the DHCP option.
006 DNS serversSpecifies the IP address of a DNS server.
015 DNS Domain NameThe DNS domain name for client resolutions.
044 WINS/NBNS serversThe IP address of a WINS server available to clients. If a WINS server address is configured manually on a client, that configuration overrides the values configured for this option.
046 WINS/NBT node typeSpecifies the type of NetBIOS over TCP/IP name resolution to be used by the client. Options are: 1 = B-node (broadcast); 2 = P-node (peer); 4 = M-node (mixed); 8 = H-node (hybrid)
044 WINS/NBNS serversSpecifies the IP address of a WINS server available to clients. If a WINS server address is manually configured on a client, that configuration overrides the values configured for this option.
047 NetBIOS Scope IDSpecifies the local NetBIOS scope ID. NetBIOS over TCP/IP will communicate only with other NetBIOS hosts using the same scope ID.

Implementing Multiple DHCP Servers

If your internetwork requires multiple DHCP servers, it is necessary to create a unique scope for each subnet. To ensure that clients can lease IP addresses in the event of a server failure, it is important to have multiple scopes for each subnet distributed among the DHCP servers in the internetwork. For example:

  • Each DHCP server should have a scope containing approximately 75 percent of the available IP addresses for the local subnet.
  • Each DHCP server should have a scope for each remote subnet containing approximately 25 percent of the available IP addresses for a subnet.

When a client's DHCP server is unavailable, the client can still receive an address lease from another DHCP server on a different subnet, assuming the router is a DHCP relay agent.

As illustrated in Figure 11.7, Server A has a scope for the local subnet with an IP address range of through, and Server B has a scope with an IP address range of through Each server can lease IP addresses to clients on its own subnet.

Additionally, each server has a scope containing a small range of IP addresses for the remote subnet. For example, Server A has a scope for Subnet 2 with the IP address range of through Server B has a scope for Subnet 1 with the IP address range of through When a client on Subnet 1 is unable to lease an address from Server A, it can lease an address for its subnet from Server B, and vice versa.

Figure 11.7 Scope and IP address ranges for Server A and Server B

Lesson Summary

A scope is a range of IP addresses that are available to be leased or assigned to clients. Multiple scopes and separate scopes for each subnet can be created to allow DHCP clients to obtain a valid IP address from any DHCP server. To implement DHCP, software is required on both the client and the server. Every DHCP server requires at least one scope.

MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
Year: 2004
Pages: 244

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net