Once you have installed DHCP on a server, you will need to configure the server to meet specific needs. This lesson will show you have how DHCP is used on a network (by the clients and server) and explain how DHCP can be configured. Configuring includes setting the appropriate authorization and scope for the server.
After this lesson, you will be able to
Estimated lesson time: 10 minutes
Configuring DHCP servers for a network provides the following benefits:
When a client computer moves between subnets, its old IP address is freed for reuse. The client reconfigures its TCP/IP settings automatically when the computer is restarted in its new location.
A computer running Windows 2000 becomes a DHCP client if Obtain An IP Address is selected in its TCP/IP properties, as illustrated in Figure 11.5.
When a client computer is set to use DHCP, it accepts a lease offer and can receive the following benefits from the server:
In addition, if conflict detection is configured, the DHCP server attempts to ping each available address in the scope prior to presenting the address in a lease offer to a client. This ensures that each IP address offered to clients is not already in use by another non-DHCP computer that uses manual TCP/IP configuration. Scopes are discussed in more detail later in this lesson.
Figure 11.5 Setting a client to obtain an IP address from a DHCP server
In addition to an IP address, DHCP servers can be configured to provide optional data to fully configure TCP/IP for clients. Some of the most common DHCP option types configured and distributed by the DHCP server during leases include:
The DHCP Server service must be running in order to communicate with DHCP clients. Once DHCP Server is installed and started, several options must be configured. The following are the general steps for installing and configuring DHCP:
When configured correctly and authorized for use on a network, DHCP servers provide a useful administrative service. However, when a misconfigured or unauthorized DHCP server is introduced into a network, it can cause problems. For example, if an unauthorized DHCP server starts, it might begin either leasing incorrect IP addresses to clients or negatively acknowledging DHCP clients, thus attempting to renew current address leases. Either of these configurations can produce further problems for DHCP-enabled clients. For example, clients that obtain a configuration lease from the unauthorized server can fail to locate valid domain controllers, which prevents clients from successfully logging on to the network.
To avoid these problems in Windows 2000, servers are verified as legal in the network before they can service clients. This avoids most of the accidental damage caused by running DHCP servers with incorrect configurations or correct configurations on the wrong network.
The process of authorizing DHCP servers is useful or in some cases necessary for DHCP servers running Windows 2000 Server. For the directory authorization process to work properly, it is assumed and necessary that the first DHCP server introduced onto your network participate in the Active Directory service. This requires that the server be installed as either a domain controller or a member server. When you are either planning for or actively deploying Active Directory service, it is important that you do not elect to install your first DHCP server computer as a standalone server. Windows 2000 Server provides some integrated security support for networks that use Active Directory. This avoids most of the accidental damage caused by running DHCP servers with wrong configurations or on the wrong networks.
The authorization process for DHCP server computers in Active Directory depends on the installed role of the server on your network. For Windows 2000 Server (as in earlier versions), there are three possible roles or server types for each server:
If you deploy Active Directory, all computers operating as DHCP servers must be either domain controllers or domain member servers before they can be authorized in the directory service and provide DHCP service to clients.
Follow these steps to authorize a computer as a DHCP server in Active Directory:
In most cases, it is simplest to log on to the network from the computer from which you want to authorize the new DHCP server. This ensures that other TCP/IP configuration of the authorized computer has been set up correctly prior to authorization. Typically, you can use an account that has membership in the Enterprise Administrators group. The account you use must allow you to have Full Control rights to the NetServices container object as it is stored in the enterprise root of the Active Directory service.
The Manage Authorized Servers dialog box appears.
Figure 11.6 Authorizing a DHCP server
Active Directory is now used to store records of authorized DHCP servers. When a DHCP server comes up, the directory can be used to verify the status of that server. If that server is unauthorized, no response is returned to DHCP requests. A network manager with the proper access rights must respond. The domain administrator can assign access to the DHCP folder holding configuration data to allow only authorized personnel to add DHCP servers to the approved list.
The list of authorized servers can be created in Active Directory through the DHCP snap-in. When it first comes up, the DHCP server tries to find out if it is part of the directory domain. If it is, it tries to contact the directory to see if it is in the list of authorized servers. If it succeeds, it sends out DHCPINFORM to find out if there are other directory services running and makes sure that it is valid in others as well. If it cannot connect to the directory, it assumes that it is not authorized and does not respond to client requests. Likewise, if it does reach the directory but does not find itself in the authorized list, it does not respond to clients. If it does find itself in the authorized list, it starts to service client requests.
Before a DHCP server can lease an address to DHCP clients, you must create a scope. A scope is a pool of valid IP addresses available for lease to DHCP clients. After you have installed the DHCP service and it is running, the next step is to create a scope.
When creating a DHCP scope, consider the following points:
Depending on the starting and ending IP addresses for your scope, the DHCP console suggests a default subnet mask useful for most networks. If you know a different subnet mask is required for your network, you can modify the value as needed.
Follow these steps to create a new scope:
When you finish creating a new scope, you might need to complete additional tasks, such as activating the scope for use or assigning scope options.
After you define a scope, you can configure the scope by performing the following tasks:
If you are reserving an IP address for a new client or an address that is different from its current one, you should verify that the address has not already been leased by the DHCP server. Reserving an IP address in a scope does not automatically force a client currently using that address to stop using it. If the address is already in use, the client using the address must first release it by issuing a DHCP release message. To make this happen on a system running Windows 2000, at the command prompt type ipconfig /release. Reserving an IP address at the DHCP server also does not force the new client for which the reservation is made to immediately move to that address. In this case, too, the client must first issue a DHCP request message. To make this happen on a system running Windows 2000, at the command prompt type ipconfig /renew.
Table 11.3 describes some of the available options in the Configure DHCP Options: Scope Properties dialog box and includes all of the options supported by Microsoft DHCP clients.
Table 11.3 DHCP Scope Configuration Options
|003 Router||Specifies the IP address of a router, such as the default gateway address. If the client has a locally defined default gateway, that configuration takes precedence over the DHCP option.|
|006 DNS servers||Specifies the IP address of a DNS server.|
|015 DNS Domain Name||The DNS domain name for client resolutions.|
|044 WINS/NBNS servers||The IP address of a WINS server available to clients. If a WINS server address is configured manually on a client, that configuration overrides the values configured for this option.|
|046 WINS/NBT node type||Specifies the type of NetBIOS over TCP/IP name resolution to be used by the client. Options are: 1 = B-node (broadcast); 2 = P-node (peer); 4 = M-node (mixed); 8 = H-node (hybrid)|
|044 WINS/NBNS servers||Specifies the IP address of a WINS server available to clients. If a WINS server address is manually configured on a client, that configuration overrides the values configured for this option.|
|047 NetBIOS Scope ID||Specifies the local NetBIOS scope ID. NetBIOS over TCP/IP will communicate only with other NetBIOS hosts using the same scope ID.|
If your internetwork requires multiple DHCP servers, it is necessary to create a unique scope for each subnet. To ensure that clients can lease IP addresses in the event of a server failure, it is important to have multiple scopes for each subnet distributed among the DHCP servers in the internetwork. For example:
When a client's DHCP server is unavailable, the client can still receive an address lease from another DHCP server on a different subnet, assuming the router is a DHCP relay agent.
As illustrated in Figure 11.7, Server A has a scope for the local subnet with an IP address range of 18.104.22.168 through 22.214.171.124, and Server B has a scope with an IP address range of 126.96.36.199 through 188.8.131.52. Each server can lease IP addresses to clients on its own subnet.
Additionally, each server has a scope containing a small range of IP addresses for the remote subnet. For example, Server A has a scope for Subnet 2 with the IP address range of 184.108.40.206 through 220.127.116.11. Server B has a scope for Subnet 1 with the IP address range of 18.104.22.168 through 22.214.171.124. When a client on Subnet 1 is unable to lease an address from Server A, it can lease an address for its subnet from Server B, and vice versa.
Figure 11.7 Scope and IP address ranges for Server A and Server B
A scope is a range of IP addresses that are available to be leased or assigned to clients. Multiple scopes and separate scopes for each subnet can be created to allow DHCP clients to obtain a valid IP address from any DHCP server. To implement DHCP, software is required on both the client and the server. Every DHCP server requires at least one scope.