DHCP Theory and Configure DHCP Server in Server 2008

Saturday, July 20, 2013

Configure DHCP Server in Server 2008

Configure DHCP Server in Windows

(DYNAMIC HOST CONFIGURATION PROTOCOL)

DHCP is a protocol in the TCP/IP suite of protocols. A computer running DHCP service is called DHCP server.DHCP is used to give ip addresses to the computers automatically. It also gives other networking details like default gateway address, DNS server address and WINS server address to the computers automatically. A client PC can obtain ip address automatically using DHCP server.

DHCP is useful in large networks as it help in ip address management. It is also helpful in remote connectivity of computers by allocating ip address automatically to the clients.

The process of obtaining ip address by the client from the DHCP server is called ROSA process.

SOME TERMS

Static Address: - It is the address given to a computer manually by the user.

Dynamic Address: - It is the address obtained by the client automatically from the DHCP server.

Scope: - It is the range of addresses defined for distribution to the clients in the network.

Super scope: - It is a group of scopes and may contain multiple scopes.

Lease Duration: - It is the period for which a client can keep or use the ip address obtained from the DHCP server. When lease time finishes, the client again request for the ip.

Reservation: - In a DHCP server, an ip address can be reserved for a client so that the client always gets the same address from the DHCP. This is called Reservation.

HOW TO INSTALL DHCP?

Go to server manager and select add roles then select DHCP then follow steps and install it

HOW TO CONFIGURE DHCP SERVER?

1. Open all programs>   administrative tools > DHCP.
   
   
2. Right-click IPv4 > new scope. (as shown in figure).
   

3. Click next. Give a name to the scope and click next.
   
   
4. Define range for the addresses and click next.

5. Give addresses which you don't want to give to clients if necessary, and click next.
   
   
6. Click next > Select Yes > next.
   
   
7. Give address of router if necessary and click next.
   
   
8. In the parent domain, type DNS domain name and in the server name, type name of your DNS server. Click on resolve and click next.
   
   
9. Type WINS server address if necessary and click next.
   
   
10.  Click next > finish and activate it.
    Now you have successfully configured you DHCP Server. 
    
    
    Go to the client computers and open TCP/IP properties: Select 'obtain an ip address automatically' and also Select 'obtain a DNS server address automatically'. Click O.K. > Close.

Ofter some time check obtained ip address from cmd by using ipconfig /all command

Some usefull Commands

You can use the following commands to troubleshoot ip address assignment on a client PC. These commands must be given in the MS-DOS mode:

Ipconfig /release

This command is used to release the ip from the client and set the ip to 0.0.0.0.

Ipconfig /renew

This command is used to obtain ip address again from the DHCP server and to renew the ip address.

APIPA address

APIPA stands for Automatic Private IP address Assignment. If a client is not able to obtain ip from the DHCP server, it assigns ip automatically to itself in the range: 169.254.0.0. - 169.254.255.255

Above rage of addresses are private addresses and are called APIPA addresses.

RESERVATION

If you want assign a specific ip address for particular system you can do this by reservation but you need to know about MAC address of that system.

1. Open DHCP management and create a scope.

2. Click on the scope and right-click on 'Reservations' > New Reservation.

3. In the Reservation Name, type any name.

4. Type the ip address which you want to reserve for a client PC.

5. Also type MAC address of that client PC.

6. Click on Add and then click on Close.

SUPERSCOPE

Super scope is a group of scopes and can be used to create logical sub networks or subnets within a single physical network. It also helps in making administration of many scopes easier. The process of creating logical sub networks in a single physical network is called Multi-netting. You can also use super scope if a single scope is providing insufficient addresses.

For example, in a company, there are 500 PCs. The company policy is to use only Class C addresses with default subnet mask. But a given Class C address range can have only 254 addresses .In such a situation ,we create two scopes having Class C address range with different Network IDs.The scopes will generate 254+254 = 508 addresses for our clients.

The two scopes will be put in a super scope and we will have two logical sub networks in a single physical network.

DHCP RELAY AGENT

DHCP Relay Agent is a protocol which help in passing DHCP broadcast messages made by the clients, through the router, so that clients in the subnets which don't have DHCP server can obtain ip address from the DHCP server present in the other subnet(sub network).

Contents

Overview 1

Overview of DHCP 2

Authorizing the DHCP Service 14

Creating and Configuring a Scope 19

Configuring DHCP in a Routed Network 29

Supporting DHCP 34

Best Practices 41

Review 43

Module 20: Implementing and Managing DHCP

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, places or events is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

 2001-2002 Microsoft Corporation. All rights reserved.

Microsoft, MS-DOS, Windows, Windows NT, Active Desktop, Active Directory, FrontPage, MSDN, NetMeeting, PowerPoint, Visual Basic, Win32, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Special thanks to Kimborly A. Ditto-Ehlert of Net Wave Training, Matthew Duncan of the Dana Corporation, and Thomas Lee of PS Partnership for technical review of the course content.

Overview

Depending on the size of your network, the management and assignment of Internet Protocol (IP) addresses to client computers can require a significant amount of time and effort. But with a Microsoft® Windows® 2000 network, you can enable dynamic IP addressing by using the Dynamic Host Configuration Protocol (DHCP) on a DHCP server to automate the assignment and management of network IP addresses.

After completing this module, you will be able to:

Define DHCP and describe how to use it on a network.

Install the DHCP service.

Authorize the DHCP service.

Create and configure a scope.

Configure DHCP in a routed network.

Support DHCP on a network.

Apply best practices to implementing and managing DHCP.

 Overview of DHCP

A DHCP server uses a lease generation process to assign IP addresses to client computers for a specific period of time. IP address leases are normally temporary, so DHCP clients must periodically attempt to renew their leases with the DHCP server. Understanding the details of the DHCP lease generation and renewal process provides a foundation for effectively implementing dynamic IP addressing in your network environment.

Manual vs. Automatic TCP/IP Configuration

To understand why DHCP is useful for configuring Transmission Control Protocol/Internet Protocol (TCP/IP) on client computers, it helps to compare manual TCP/IP configuration with automatic configuration by using DHCP.

Manual TCP/IP Configuration

When you configure TCP/IP manually on your network, you must enter an IP address on each client computer. In some cases, users enter an incorrect or invalid IP address. Using an incorrect address can cause network problems that are difficult to trace.

Typographical errors in the IP address, subnet mask, or default gateway can result in an incorrect default gateway or subnet mask, or duplicate IP addresses, which cause communication problems. Moreover, on networks where computers frequently move from one subnet to another, manually entering IP addresses can take valuable time.

Automatic TCP/IP Configuration

By using DHCP to automatically configure TCP/IP, users no longer need to acquire an IP address from an administrator. Instead, the DHCP server automatically supplies all of the necessary configuration information to DHCP clients. The DHCP server also ensures that network clients use correct configuration information, thereby eliminating a common source of network problems. Finally, DCHP automatically updates client configuration information to reflect changes in network structure and the relocation of users to other physical networks, without manually reconfiguring client IP addresses.

DHCP Operation

Each time that a DHCP client starts, it requests an IP address from a DHCP server. When the DHCP server receives the request, it selects an IP address from a range of addresses defined in its database. The DHCP server offers this address to the DHCP client.

If the client accepts the offer, the DHCP server leases the IP address to the client for a specified period of time. The default duration of an IP address lease is eight days, but this duration is configurable. The client then uses the IP address to access the network.

The IP addressing information sent by the DHCP server to the DHCP client can contain several elements, including:

An IP address.

A subnet mask.

Optional values, such as:

A default gateway address.

The IP addresses of Domain Name System (DNS) servers.

The IP addresses of Windows Internet Name Service (WINS) servers.

A domain name.

Note

For more information about DHCP, see RFC 2131, Dynamic Host Configuration Protocol, and RFC 2132, DHCP Options and BOOTP Vendor Extensions, under Additional Reading on the Web page on the Student Materials compact disc.

For more information about the Bootstrap Protocol (BOOTP) and how it interacts with DHCP, see RFC 951, Bootstrap Protocol (BOOTP), RFC 1534, Interoperation Between DHCP and BOOTP, and RFC 1542, Clarifications and Extensions for the Bootstrap Protocol, under Additional Reading on the Web page on Student Materials compact disc.

The DHCP Lease Generation Process

DHCP uses a four-step process to lease IP addressing information to DCHP clients:

1. IP lease discovery (DHCPDISCOVER)
2. IP lease offer (DHCPOFFER)
3. IP lease request (DHCPREQUEST)
4. IP lease acknowledgement (DHCPACK)

The complete process is sometimes referred to as DORA: Discovery, Offer, Request, and Acknowledgment.

Note

If a computer has multiple network adapters that are bound to TCP/IP, the DHCP process occurs separately over each adapter. The DHCP server assigns a unique IP address to each adapter that is bound to TCP/IP.

IP Lease Discovery

The lease generation process begins when a client computer either starts or initializes TCP/IP for the first time. The lease process also begins when a client computer attempts to renew its lease and is denied, such as when you move a client computer to another subnet.

The process starts when the client initializes a limited version of TCP/IP and broadcasts a DHCP discovery (DHCPDISCOVER) message for IP addressing information. The client does not yet have an IP address, so it uses 0.0.0.0 as the source address. And because the client does not know the IP address of a DHCP server, it uses 255.255.255.255 as the destination address. This broadcasts the DHCPDISCOVER message to the entire subnet.

The DHCPDISCOVER message also contains the media access control (MAC) address, which is the hardware address of the client’s network adapter. The DHCPDISCOVER message also contains the client’s computer name so that DHCP servers can determine which client sent the DHCPDISCOVER message.

IP Lease Offer

All DHCP servers that have an IP address that is valid for the network segment to which the client is connected respond with a DHCP offer (DHCPOFFER) message, which includes the following information:

The client’s hardware address.

An offered IP address.

A subnet mask.

The length of the lease.

A server identifier, which is the IP address of the offering DHCP server.

Each responding DHCP server reserves the offered IP address so that it does not offer it to another DHCP client before the requesting client accepts the address.

The DHCP client waits one second for an offer. If it does not receive an offer, it rebroadcasts the request four times at 2-, 4-, 8-, and 16-second intervals, plus a random length of time between 0 and 1,000 milliseconds.

If the client does not receive an offer after four requests, and it is running Windows 2000, Microsoft Windows 98 Second Edition or Microsoft Windows XP, it uses an IP address in the reserved Automatic Private IP Address (APIPA) range from 169.254.0.1 through 169.254.255.254.

Using APIPA, a client assigns itself an IP address from the range reserved for authorized private class B network addresses, with a subnet mask of 255.255.0.0. It does not assign a default gateway or the IP address of a DNS or a WINS server. A computer with an APIPA address cannot directly communicate with hosts outside its subnet, including Internet hosts. APIPA is most suitable for small, single-subnet networks, such as a home or small office.

The DHCP client continues in an attempt to find a DHCP server every five minutes. When a DHCP server becomes available, clients receive valid IP addresses, allowing them to communicate with hosts both on and off their subnet.

IP Lease Request

The DHCP client waits for a response from the server that gave it its last IP address. If none is forthcoming, the DHCP client responds to the first offer that it received, by broadcasting a DHCP request (DHCPREQUEST) message to accept the offer. The DHCPREQUEST message includes the server identification of the server whose offer it accepted. All other DHCP servers then retract their offers and retain their IP addresses for other IP lease requests.

IP Lease Acknowledgement

The DHCP server that issues the accepted offer broadcasts a DHCP acknowledgement (DHCPACK) message to acknowledge the successful lease. This message contains a valid lease for the IP address and other configuration information.

When the DHCP client receives the acknowledgment, TCP/IP initializes by using the configuration information that the DHCP server provides. The client also binds the TCP/IP protocol to the network services and network adapter, permitting the client to communicate on the network.

Important

All communication between a DHCP server and a DHCP client uses User Datagram Protocol (UDP) ports 67 and 68. Some switches and routers do not properly forward DHCP broadcasts by default. For DHCP to function correctly, you may need to configure switches to forward broadcasts over these ports and configure routers as RFC 1542 compliant DHCP Relay Agents.

The DHCP Lease Renewal Process

At specific intervals, a DHCP client attempts to renew its lease to ensure that it has up-to-date configuration information.

Automatic Lease Renewal

A DHCP client automatically attempts to renew its lease when 50 percent of the lease duration expires. To attempt a lease renewal, the DHCP client sends a DHCPREQUEST message directly to the DHCP server from which it obtained the lease.

If the DHCP server is available, it renews the lease and sends the client a DHCPACK message with the new lease duration and any updated configuration parameters. The client updates its configuration when it receives the acknowledgment. If the DHCP server is unavailable, the client continues to use its current configuration parameters.

If a DHCP client cannot renew its lease at the 50 percent interval, the client continues to use its current configuration parameters. It then broadcasts a DHCPDISCOVER message to update its address lease when 87.5 percent of the current lease duration expires. At this stage, the DHCP client accepts a lease that is issued by any DHCP server.

Note

If a client requests an invalid or duplicate address for the network, a DHCP server can respond with a DHCP denial (DHCPNACK) message. This message forces the client to release its IP address and obtain a new, valid address.

If a DHCP server responds with a DHCPOFFER message to update the client’s current lease, the client can renew its lease based on the server that offered the message and continue operation.

If the lease expires, the client must immediately discontinue its use of the current IP address. The DHCP client then begins the DHCP lease process in an attempt to lease a new IP address.

Note

When you restart a DCHP client, it automatically attempts to renew the IP address lease that it had when it shut down. If the lease request is unsuccessful, the client attempts to contact the configured default gateway. If the default gateway responds and lease time is still available, the DHCP client uses the same IP address until its next lease renewal attempt. If the DHCP client cannot renew the lease or contact the default gateway, it stops using the current IP address. The client then uses an IP address in the reserved range from 169.254.0.1 through 169.254.255.254 and tries to contact a DHCP server every five minutes.

Manual Lease Renewal

You can renew an IP lease manually if you need to update DHCP configuration information immediately. For example, if you want DHCP clients to immediately obtain the address of a newly installed router from a DHCP server, renew the lease from the client to change this configuration.

To renew the lease manually, use the ipconfig command with the /renew switch. This command sends a DHCPREQUEST message to the DHCP server to update configuration options and to renew the lease time. One of the actions taken by using the Windows XP repair option on a Local Area Network Connection is the equivalent of an ipconfig /renew. To use the Windows XP repair command, right-click the network connection and click repair.

Clients using Microsoft Windows 3.51, Microsoft Windows NT® version 4.0, Windows 2000, and Microsoft Windows XP can use the ipconfig command with the /release switch to release a lease (for example, if you are relocating a client from one subnet to another). This command sends a DHCPRELEASE message to the DHCP server to release a client lease. After you issue this command, the client can no longer communicate on the network by using TCP/IP. Clients using Microsoft Windows 95 or Microsoft Windows 98 must use the winipcfg command to release an IP lease.

Requirements for DHCP Servers and Clients

The Windows 2000 DHCP service has specific software requirements for the server and client computers.

Windows 2003 DHCP Server Requirements

A server running any of the Windows 2000 Server family of operating systems can serve as a DHCP server.

A computer running Windows 2000 Server and acting as a DHCP server requires:

Installation of the DHCP service.

A static IP address, a subnet mask, and if needed, a default gateway.

A range of valid IP addresses for lease or assignment to clients.

DHCP Clients

You must configure client computers to automatically obtain IP addresses from a DHCP server. Client computers running any of the following operating systems can be DHCP clients:

Windows 2000 Professional, Windows 2000 Server, and Windows XP.

Microsoft Windows NT Server version 3.51 or later, or Windows NT Workstation version 3.51 or later.

Windows 95 or Windows 98.

Windows for Workgroups version 3.11 with TCP/IP-32 installed.

Microsoft MS-DOS® with the Microsoft Network Client version 3.0 for MS-DOS installed, and using the real-mode TCP/IP driver.

Microsoft LAN Manager version 2.2c (LAN Manager 2.2c for OS/2 is not supported).

Many non-Microsoft operating systems and network devices.

Enabling DHCP Clients

To enable DHCP support on a client computer that is running Windows 2000 and Windows XP, you must configure the TCP/IP properties on that computer so that the computer obtains an IP address automatically.

To configure clients running Windows 2000 and Windows XP to obtain IP addresses automatically:

5. Open the Properties dialog box for the network connection that you are configuring.
6. Click Internet Protocol (TCP/IP), and then click Properties.
7. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, click Obtain an IP address automatically.
8. If you assign DNS server addresses by using DHCP, click Obtain DNS server address automatically.
9. Click OK twice.

Installing the DHCP Service

To create a DHCP server, you must install the DHCP service on a computer running Windows 2000 Server.

Important

Before you can install the DHCP service on the computer that you want to designate as the DHCP server, you must specify a static IP address, subnet mask, and default gateway address for the network adapter that is bound to TCP/IP.

For more information about configuring these parameters, see “Configure TCP/IP for Static Addressing” in Windows 2000 Server Help.

To install the DHCP service:

1. In Control Panel, double-click Add/Remove Programs.
2. In Add/Remove Programs, click Add/Remove Windows Components.
3. In the Windows Components Wizard, on the Windows Components page, under Components, click Networking Services, and then click Details.
4. In the Networking Services dialog box, under Subcomponents of Networking Services, select the Dynamic Host Configuration Protocol (DHCP) check box, and then click OK.
5. Click Next.

Authorizing the DHCP Service

You must authorize a DHCP server before the server can issue leases to DHCP clients. By requiring authorization of the DHCP servers, you can prevent unauthorized DHCP servers from offering potentially invalid IP addresses to clients. This requirement provides a network administrator a great degree of control over IP lease assignments in a Windows 2000 network.

Note

Only DHCP servers running Windows 2000 Server check for authorization. Other DHCP servers can still operate even though they are not authorized.

Detection of Unauthorized DHCP Servers

For DHCP authorization to work correctly, you must configure your network so that when the DHCP service starts, it sends out a DHCP informational (DHCPINFORM) message to the local broadcast address, which is 255.255.255.255. When this message is sent, other DHCP servers reply with DHCP acknowledgement (DHCPACK) messages, which contain information about any Active Directory^® directory service root domain identified by each DHCP server.

The server that is attempting to initialize the DHCP service then contacts a domain controller in each of the domains that it identifies. This server queries Active Directory for a list of DHCP servers that are currently authorized to operate on the network.

If the DHCP server is authorized, the DHCP service starts and can start releasing IP addresses to computers on the network. If the DHCP server is not authorized, the DHCP service starts, logs an error in the system log, and ignores all client requests.

Note

A DHCP server broadcasts a DHCPINFORM message every five minutes in an attempt to detect other DHCP servers on the network. This repeated broadcast of messages enables the server to determine changes in its authorization status and to update its status.

Authorizing a DHCP Server

To authorize a DHCP server:

1. On the Administrative Tools menu, open DHCP.
2. In the console tree, right-click DHCP, and then click Manage authorized servers.
3. In the Manage Authorized Servers dialog box, click Authorize.
4. In the Authorize DHCP Server dialog box, type the name or IP address of the DHCP server to authorize, and then click OK.
5. In the DHCP message box, click Yes to confirm the authorization.

Important

To authorize a DHCP server, you must be a member of the Enterprise Admins group. This group has network-wide administrative privileges.

For more information about delegating the ability to authorize DHCP servers to a user who is not a member of the Enterprise Admins group, see “To Delegate Ability to Authorize DHCP servers to a Non-Enterprise Administrator” in Windows 2000 Server Help.

 Creating and Configuring a Scope

To enable dynamic IP addressing, you must enter a range of valid IP addresses that the DHCP server can use to issue leases to clients. You perform this task after you install the DHCP service and authorize the DHCP server on the network.

Understanding how to create and configure this IP address pool enables you to configure DHCP clients automatically with IP addressing information and to minimize the administrative overhead associated with maintaining that information.

Note

You can use the netsh command to configure DHCP from a command prompt or to script DHCP commands for automatic DHCP configuration.

For more information about how to use the netsh command for DHCP administration, see “Use DHCP Command-line Tools” in Windows 2000 Server Help.

Overview of Scopes

A scope is a range of valid IP addresses that are available for lease or assignment to client computers on a particular subnet. You configure a scope on the DHCP server to determine the pool of IP addresses that the server can assign to DHCP clients.

Scope Options

You also configure a scope with options so that the DHCP server can provide additional information with an IP address lease. For example, you can configure a scope to provide the default gateway to client computers. This variable information is called a scope option.

DHCP applies scope options to client computers in a specific order. As a result, you can define DHCP-assigned options with varying levels of authority so that certain options take precedence over other options.

Client Reservations

You can also configure a scope so that the DHCP server always provides the same IP address to a particular host. For example, you can reserve an IP address for a computer that requires a permanent IP address, such as a DNS server, because other computers are configured to connect to it by using its IP address. These permanent IP address assignments are called client reservations. When you configure client reservations, you type a unique identifier into the scope. The identifier is known by the client, and presented to a DHCP server in the DHCPDISCOVER packet. The DHCP server knows to send the right DHCPOFFER to a client because it reads the unique identifier. The unique identifier is the hosts network card address, commonly known as the Media Access Control (MAC) address.

Using the New Scope Wizard

In Windows 2000, you create a scope by using the New Scope Wizard. To start the New Scope Wizard, on the Administrative Tools menu, open DHCP, right-click the name of the DHCP server on which you want to create the new scope, and then click New Scope.

Scope Parameters

The following table describes the parameters that you specify when creating a new scope by using the New Scope Wizard.

Parameter	Description
Name	The name of the scope.
Description	An optional description of the scope to help you keep track of the purpose of the scope.
Start IP address and End IP address	Specify the range of addresses that the DHCP server can assign from this scope. To prevent problems with duplicate IP addressing, do not use the same IP addresses in more than one scope.
Length of Subnet mask	The subnet mask to assign to DHCP clients. To configure this parameter, enter the number of bits that make up the subnet mask, or type the required subnet mask address.
Exclusion address range (optional)	You can specify one or more ranges to exclude from the scope. Excluded addresses are not assigned to DHCP clients. To avoid duplicate IP addressing, exclude any statically assigned IP addresses on your network, such as computers acting as print servers.
Lease duration	The length of the IP address lease, in number of days, hours, and minutes. The default duration is eight days. To set the lease duration to unlimited, configure the scope properties after you create the scope. The wizard does not provide the option to configure an unlimited scope.

Important

After you create a scope, you cannot change the subnet mask that the scope assigns. To change this scope information, you must delete the scope and create a new scope with the correct information.

Changing the Default Lease Duration

The following describes the options for changing the default lease duration, and their benefits and drawbacks.

Decreasing Lease Duration

When you decrease lease durations, clients obtain leases even if only a few IP addresses are available. In addition, leases expire shortly after computers are turned off or removed from the network, allowing their IP addresses to be assigned to other computers. Clients also obtain newly assigned settings quickly. However, this short lease duration generates more network traffic due to lease renewals, and leases can expire if a DHCP server is temporarily unavailable.

Increasing Lease Duration

Increasing lease durations reduces network traffic caused by lease renewals. In addition, clients tend to retain IP addresses even if a DHCP server is temporarily unavailable. However, if only a few IP addresses are available, client computers may not be able to obtain a lease. In addition, it can take longer for client computers to receive newly assigned settings.

Unlimited Lease Duration

With unlimited lease duration, DHCP generates network traffic only when a computer is started. Clients retain IP addresses even if a DHCP server is unavailable for extended periods. However, if only a few IP addresses are available, client computers may not be able to obtain a lease. IP addresses that are used by computers that you have removed from the network do not become available to other clients unless you manually remove the lease. Finally, clients receive newly assigned settings only when you restart the client computers or manually renew the lease.

Activating a Scope

After you create a scope, you must activate it to make it available for lease assignments. To activate a scope, in DHCP, right-click the entry for the scope, and then click Activate.

Important

To ensure that all client computers receive complete configuration information, make sure that you set the scope options that you want before you activate the scope.

Configuring a Scope with Options

You can configure a scope to provide a variety of information along with a DHCP lease. For example, you can configure the DHCP server to issue the address of a router to enable clients to communicate across subnets.

Important

The networking software running on the client computer determines whether a client computer recognizes an option that a DHCP server supplies.

Common Scope Options

You can use the New Scope Wizard to configure common scope options to provide additional IP addressing configuration information with the client lease. The following table describes the options that you can configure.

Option	Description
Default Gateway (Router)	The addresses of any default gateway, for the scope
Domain name	The DNS domain to which the client computer belongs
DNS and WINS servers	The addresses of any DNS and WINS servers for clients to use for network communication

Scope Options Supported by DHCP

The following list describes the additional scope options supported by DHCP clients running Microsoft operating systems. You can use any of these options if clients require additional information for proper network operations.

Note

Windows 2000 and later DHCP clients support more options than those listed here. For a full list of DHCP options supported by clients, see the specific operating system’s Resource Kit.

The IP address of a default gateway. To issue this information, configure the 003 Router option with the IP address of a default gateway.

The IP address of one or more DNS name servers available to clients. To issue this information, configure the 006 DNS Servers option with the IP address of one or more DNS servers.

The DNS domain name. A DNS domain name defines the domain to which a client computer belongs. The client computer can use this information to update a DNS server so that other computers can locate the client. To issue this information, configure the 015 DNS Domain Name option with the proper DNS domain name.

The IP address of one or more WINS servers available to clients. The client uses a WINS server for network basic input/output system (NetBIOS) name resolution. To issue this parameter, configure the 044 WINS/NBNS Servers option with the IP address of one or more WINS servers.

The type of NetBIOS over TCP/IP name resolution. To issue this information, configure the 046 WINS/NBT node type option with the appropriate NetBIOS node type. The type of name resolution determines the order in which a client uses NetBIOS name servers and broadcasts to resolve NetBIOS names to IP addresses.

The NetBIOS scope ID. Configure the 047 NetBIOS Scope ID with an appropriate NetBIOS scope name if you plan to append NetBIOS scope IDs to NetBIOS names. NetBIOS scope IDs can be used to segment any NetBIOS traffic. Only hosts with the same NetBIOS scope ID appended to their NetBIOS name can communicate with each other using the NetBIOS protocol.

Note

For information about NetBIOS node types, see RFC 1001, Protocol Standard for a NetBIOS Service on a TCP/UDP Transport: Concepts and Methods, and RFC 1002, Protocol Standard for a NetBIOS Service on a TCP/UDP Transport: Detailed Specifications, under Additional Reading on the Web page on the Student Materials compact disc.

A complete list of the standard options that DHCP supports is currently defined in RFC 2132, DHCP Options and BOOTP Vendor Extensions, under Additional Reading on the Web page on the Student Materials compact disc. However, most DHCP clients can accept only a few of the full set of standard, defined option types.

Configuring Additional Scope Options

To configure a scope with additional options:

10. On the Administrative Tools menu, open DHCP.
11. In the console tree, click the name of the DHCP server on which you want to configure additional scope options, and then wait for the server status to update.
12. In the console tree, expand the DHCP server, expand the scope entry, click Scope Options, right-click Scope Options, and then click Configure Options.
13. In the Scope Options dialog box, on the General tab, in the Available Options box, select the check box to the left of the option that you want.
14. In the Data entry box, specify the appropriate configuration information for the option.

Customizing the Use of Scope Options

You can configure scope options so that they apply to all DHCP clients, to a group of clients, or to a single client. You can configure scope options at four levels: server, scope, class, and reserved client.

Note

TCP/IP properties that are specified on the client computer take precedence over any information that a DHCP server provides.

Server Level

Server-level options apply to all DHCP clients that lease an IP address from the DHCP server. You must configure options at the server level if all clients on all subnets require the same configuration information. For example, you might want to configure all clients to use the same DNS server or WINS server.

To configure options at the server level, in DHCP, expand the server that you are configuring, right-click Server Options, and then click Configure Options.

Scope Level

Scope-level options are available only to clients that lease an address from that scope. For example, each subnet requires a different scope, and you can define a unique default gateway address for each scope. Options that you configure at the scope level take precedence over options that are configured at the server level.

To configure options at the scope level, in DHCP, expand the scope that you are configuring, right-click Scope Options, and then click Configure Options.

Class Level

Options that you configure at the class level are available only to clients that identify themselves to the DHCP server as belonging to a particular class. For example, client computers running Windows 2000 can receive options that are different from all other clients on a network. Options that you configure at the class level take precedence over options that you configure at either the scope or server level.

To configure options at the class level, in the Server Options or Scope Options dialog box, on the Advanced tab, select the vendor class or user class, and then under Available Options, configure the appropriate options.

Reserved Client Level

Options that you configure at the reserved client level apply to specific clients. For example, you can configure an option at the reserved client level so that a particular DHCP client uses a specific router to access resources outside its subnet. Options that you configure at the reserved client level take precedence over options that you configure at any other level.

To configure options at the reserved client level, in DHCP, expand the scope that contains the client’s address, click Reservations, right-click the entry for the client, and then click Configure Options.

Reserving IP Addresses for Client Computers

You configure a client reservation to reserve a specific IP address for use by a DHCP client computer so that the client computer always has the same address. For example, the ability to configure a client reservation is useful if you have an application that authenticates a user by IP address.

Note

If your network structure allows a client to receive an IP address from multiple DHCP servers, you must configure a client reservation at each of the servers. No matter which DHCP server responds, the client will then always get the correct address.

To configure a client reservation:

1. On the Administrative Tools menu, open DHCP.
2. In the console tree, expand the server that you are configuring, expand the scope where you want to add a reservation, and then click Reservations.
3. Right-click Reservations, and then click New Reservation.
4. In the New Reservation dialog box, in the Reservation name box, type a name to identify the client.

The name associates the hardware address of the network adapter to a client.

5. In the IP address box, type the IP address that you want to reserve for a specific client.
6. 
   
   In the MAC address box, type the hardware address (MAC address) of the host’s network adapter. Do not use dashes in the hardware address.
   

Important

Type the hardware address carefully. If you type a value in the MAC Address box incorrectly, it will not match the value that the DHCP client sends, and the DHCP server will assign to the client any available IP address instead of the IP address that is reserved for that client.

Note

To obtain your network adapter MAC address, use one of the following options; at a command prompt, type ipconfig /all or click Start, click Run, and then type winmsd and then expand Components, expand Network, and then click Adapter, or open the Computer Management console from the Administrative Tools menu, click System information, expand Components, expand Network, and then click Adapter.

7. In the Comment box, type an optional comment for the client.
8. Under Supported types, click which method the client uses, and then click Add.

Some older client computers that are running a non-Microsoft operating system may use the older BOOTP instead of DHCP. Also, Windows 2000 Remote Installation Services (RIS) clients use the BOOTP when they initialize. Click Both, unless you want the client computers to be limited to a specific protocol to receive an IP address.

 Configuring DHCP in a Routed Network

Routers separate subnets in networking environments. One of the functions of a router is to keep broadcast traffic within a given subnet. As a result, routers are typically configured to not forward broadcast messages to other subnets.

Because DHCP is a broadcast-based service, DHCP communication is limited to a single subnet unless you configure it to function in a routed network environment.

Routed Network Configuration Options

You configure DHCP functionality in a routed network in one of three ways:

Include at least one DHCP server on each subnet. This method supplies DHCP functionality to each subnet. However, it requires additional equipment and also requires you to configure scopes on each DHCP server. In addition, you must configure at least two DHCP servers per subnet for fault tolerance. Placing two DHCP servers on each subnet is often too expensive.

Configure an RFC 1542–compliant router to forward DHCP messages between subnets. An RFC 1542–compliant router that is configured for BOOTP forwarding selectively forwards DHCP broadcasts to another subnet, but it does not forward other broadcast messages. Although this option is preferable to using DHCP servers on each subnet, it can complicate router configuration, and DHCP communication across multiple subnets is slow.

Configure a DHCP relay agent on each subnet to forward DHCP messages between subnets. Configuring a DHCP relay agent on each subnet has several advantages over the other options. Configuring a DHCP relay agent is generally easier than configuring other options, and using a DHCP relay agent limits broadcasts to the subnet in which they originate. By adding DHCP relay agents to multiple subnets, a single DHCP server can provide IP addresses to multiple subnets more efficiently than when it uses RFC 1542–compliant routers. Configuring DHCP relay agents can also provide fault tolerance, by specifying multiple DHCP servers on the relay agents.

Using a DHCP Relay Agent

On a local subnet, a DHCP relay agent intercepts address request broadcast messages from the DHCP client and forwards them to a DHCP server on another subnet. The DHCP server responds to the relay agent by using a directed packet. The relay agent then broadcasts the response on the local subnet for the requesting client to use.

Installing a DHCP Relay Agent

To install a DHCP relay agent:

1. On the Administrative Tools menu, open Routing and Remote Access.
2. In the console tree, expand the server icon, and then click IP Routing.
3. In the details pane, right-click General, and then click New Routing Protocol.
4. In the New Routing Protocol dialog box, click DHCP Relay Agent, and then click OK.
5. Open the Properties dialog box for the DHCP relay agent. In the Server Address box, type the IP address of a DHCP server, and then click Add.

Configuring a DHCP Relay Agent

Before a DHCP relay agent forwards DHCP requests from clients on any of its network interfaces, you must configure the relay agent to respond to these requests. When enabling relay agent functionality, you can also specify time-out values for a hop count threshold and a boot threshold.

The hop count threshold determines the number of subnets on which the packet can exist as a broadcast before being discarded. If you set this number too high, relay agents can be incorrectly configured and excess network traffic can result.

The boot threshold determines how many seconds the DHCP relay agent will wait for a local DHCP server to respond to client requests before forwarding the request. If you have a DHCP server on the local subnet, the boot threshold must be long enough so that the local DHCP server responds to client broadcasts before the DHCP relay agent forwards client requests. Then, the DHCP relay agent contacts a remote DHCP server only if the local DHCP server is not available.

The boot threshold mechanism provides fault tolerance because a correctly configured DHCP relay agent on a network segment with a DHCP server contacts a DHCP server on a remote network only when the local DHCP server does not respond. If the DHCP relay agent forwards client requests even when there is a DHCP server on the local network, increase the boot threshold.

Important

When you configure a DHCP relay agent to provide fault tolerance, the DHCP on the remote network must configure a scope that is valid for the subnet on which the DHCP clients are located. For more information about configuring DHCP for fault tolerance, see “Planning for DHCP” and “DHCP Scenarios” in the Windows 2000 Server Resource Kit.

To configure a DHCP relay agent:

1. On the Administrative Tools menu, open Routing and Remote Access.
2. In the console tree, expand the server icon, expand IP Routing, and then expand General.
3. Right-click DHCP Relay Agent, and then click New Interface.
4. Click the interface that you want to add, and then click OK.
5. In the DHCP Relay Properties dialog box, on the General tab, verify that the Relay DHCP packets check box is selected.
6. If needed, in the Hop-count threshold and Boot threshold (seconds) dialog box, click the arrows to modify the thresholds, and then click OK.

Note

Routing and Remote Access must be enabled to configure a DHCP relay agent. For more information about enabling Routing and Remote Access, see Module 11, “Managing Remote Access,” in Course 2126B, Managing a Microsoft Windows 2000 Network Environment.

Enhancing DHCP Availability with Distributed Scopes

To increase DHCP availability for a subnet, you can use multiple DHCP servers to provide IP addresses to the subnet. Using distributed scopes to share the available address range for a subnet that is between multiple servers enhances DHCP service availability.

Multiple servers with distributed scopes provide DHCP Server redundancy and share the DHCP Client load. You must distribute the address range between the servers based on their network location.

If multiple DHCP Servers provide service to a network segment, or if all subnets use DHCP Relay agents, you can allocate equal portions of the address range for the subnet to each server.

If one server is on the subnet, and the other servers are accessed by clients by using a DHCP Relay Agent, you can distribute the address range to provide the best DHCP Client performance while minimizing traffic across subnets.

For example, if you have two DHCP Servers, one on the subnet and the other accessed by using a DHCP Relay Agent, allocate between 50 and 80 percent of the IP address range to the DHCP Server on the subnet, and the remaining addresses to the other server. Because one DHCP Server resides directly on the network segment, allocating the majority of addresses to that server reduces DHCP traffic across subnets. If either server fails, the remaining server continues to respond to DHCP requests.

 Supporting DHCP

You can configure the DHCP service to log events on the server. You can then monitor these event logs for errors or potential problems. Understanding how to use these event logs will help you support DHCP on your network.

Monitoring the DHCP Server Service

The DHCP server records service startup and shutdown events in addition to critical errors in the Windows system log. You can monitor the operation of DHCP by reviewing the system log regularly by using Event Viewer.

In the event that more detailed logs are necessary, you must enable DHCP audit logging. When you enable audit logging, the DHCP server creates detailed logs of its activity in files called DhcpSrvLog.xxx (where xxx represents the first three letters of the day of the week), which it places in the DHCP database directory. You can review these files to view errors that the DHCP server may have encountered. Audit logging is enabled by default. To enable detailed logging, it is necessary to edit settings in the registry.

Important

Due to the drop in system performance levels caused by detailed logging, enable the detailed logging setting when you need to troubleshoot DHCP.

To enable or disable audit logging in DHCP:

1. Right-click the server that you are configuring, and then click Properties.
2. In the Server name Properties dialog box, on the General tab, click Enable DHCP audit logging.

Note

For more information about DHCP audit logging, see “Audit Logging” in Windows 2000 Server Help.

Detecting Unauthorized DHCP Servers

Incorrectly configuring DHCP servers can cause many network problems, including the inability of clients to connect to network recourses. The Windows 2000 Resource Kit provides a useful tool for detecting DHCP servers on the network, the DHCP Server Locator Utility (Dhcploc.exe).

Dhcploc.exe displays active DHCP servers on a subnet. If any unauthorized DHCP servers are detected, Dhcploc.exe sends alert messages to administrators.

Note

You must not run the DHCP Server Locator Utility from a DHCP server. The utility searches for DHCP servers by taking DHCP packets from the IP stack. Therefore, running this tool on a DHCP server will intercept the DHCP requests, and the DHCP server will appear to not respond.

Using Dhcploc.exe

To help you locate DHCP servers that are sending unauthorized IP addresses on your network, Dhcploc.exe provides a number of switch options to query the network traffic. After you locate the DHCP server, DHCPloc.exe sends a message to the system administrator for repair. The syntax for using Dhcploc.exe is as follows.

dhcploc [-p] [-a:"alertname_list"] [-i:alertinterval] computer_ip_address [valid_dhcp_server_list]

You can use the following switches independently or together, depending on the type of information you are trying to collect.

Switch	Description
-p	This switch prevents Dhcploc.exe from displaying detected packets from any of the authorized DHCP servers that are specified in valid_dhcp_server_list.
-a:"alertname_list"	This switch sends alert messages to the names in alertname_list if any unauthorized DHCP servers are found.
-i:alertinterval	This switch allows you to set an alert frequency in seconds.
computer_ip_address	This switch sets the IP address of the computer from which you are running Dhcploc.exe. You use it when the computer has multiple adapters. You specify the IP address of the adapter that is connected to the subnet that you want to test.
valid_dhcp_server_list	This switch allows you to type the IP addresses of any number of authorized DHCP servers. Dhcploc.exe will not send alerts when it detects packets from the servers in this list. However, it will display those packets unless you also use the -p option.

Sample Output

Below is a sample output from Dhcploc.exe.

Note

*** indicates a packet from an unauthorized server.

17:34:58 (IP)0.0.0.0 NACK (S)11.11.31.84 ***

17:36:38 (IP)11.101.190.130 OFFER (S)11.101.12.226 ***

17:36:38 (IP)11.101.196.231 ACK (S)11.101.13.53

17:36:53 (IP)11.101.196.231 ACK (S)11.101.13.53

17:37:05 (IP)11.101.196.234 OFFER (S)11.101.13.53

17:37:05 (IP)11.101.193.232 OFFER (S)11.101.12.198

17:37:06 (IP)11.101.190.132 OFFER (S)11.101.12.226 ***

Troubleshooting DHCP Database Problems

Windows stores the DHCP database in the directory systemroot\System32\Dhcp. By default, the database is automatically backed up to the systemroot\System32\Dhcp\Backup\Jet\New directory. When the DHCP service starts, and periodically thereafter, DHCP performs a consistency check of its database and attempts to fix any errors that it encounters.

If the event log contains Jet database messages that indicate corruption of the DHCP database, you can repair the database by using the Jetpack.exe command-line utility that is included with Windows 2000 Server. On busy DHCP servers with large databases, you should also perform this procedure once a month to compact the database thoroughly.

To run the Jetpack.exe utility:

1. Stop the DHCP service.
2. At a command prompt, change to the directory where the DHCP database is located (by default, systemroot\System32\Dhcp).
3. Type jetpack dhcp.mdb tmp (where tmp is a file name for a temporary database location that is used during repair), and then press ENTER.
4. Start the DHCP service.

Important

Before running the Jetpack.exe utility, eliminate other possible sources of the errors, such as disk problems, and back up the DHCP database files to a separate location.

If the Jetpack.exe utility does not repair the database, you can restore the database from the backup directory. If restoring the DHCP database from these backup files is unsuccessful, you must restore the files from a recent backup tape.

Note

For more information about how to force the DHCP server to load the database from the backup directory, see “Restoring Server Data” in Windows 2000 Server Help.

Removing a DHCP Server from Service

When you remove a DHCP scope from a server or remove a DHCP server from service, you must take the following steps to ensure that clients can still connect to network resources:

Set a short lease duration for clients. To prepare to remove a DHCP scope, set the lease duration for the scope to a short period. This ensures that clients receive only a short lease, which expires soon after the scope is removed.

Ensure that clients have received a new lease. Ensure that all clients have received a lease with the new period by waiting until the previous lease period has expired.

Record any reserved addresses. Record any reserved addresses so that you can re-create them on another DHCP server that will assign addresses for the subnet.

Verify that the new DHCP server has a sufficiently large address pool. Ensure that another DHCP server that assigns addresses for the subnet has a large enough address pool to assign IP addresses to all clients on the subnet.

Transfer IP addresses to the new scope. Before allocating any IP addresses of the current scope to another scope, wait until the lease period has expired. This ensures that no DHCP server assigns addresses that are still used by clients that received the address from the scope that you are removing.

Best Practices

Determine the Number of DHCP Servers Needed.

It is important to carefully determine how many DHCP servers are needed to service all DHCP-enabled clients on the network. In a small LAN, such as one physical subnetwork without routers, a single DHCP server may service all DHCP-enabled clients. However, routed networks may require several DHCP servers.

Upgrade Routers.

Where routers connect multiple physical networks, it is useful to configure them to relay BOOTP/DHCP messages if possible. If a router upgrade is not possible, an additional Windows 2000based platform can be configured to serve as a DHCP relay agent for its network segment.

Use more than one DHCP server on the same subnet.

Using more than one DHCP server on the same subnet, where possible, will provide increased fault tolerance for servicing DHCP clients located on it. With two DHCP servers, if one server is unavailable, the other server can take its place and continue to lease new addresses or renew existing clients. However, make sure the scopes do not overlap each other, or a duplicate address could be given.

A common practice when balancing a single network and scope range of addresses between two DHCP servers is to have 80 percent of the addresses distributed by one DHCP server and the remaining 20 percent provided by a second.

Deactivate a scope only when removing it permanently from service.

After a scope is deactivated, the DHCP server no longer accepts those scope addresses as valid addresses. This is useful when the intention is to permanently retire a scope from use. Otherwise, deactivating a scope causes undesired DHCP negative acknowledgement messages (DHCPNACKs) to be sent to clients. If the intent is only to affect temporary deactivation of scope addresses, editing or modifying exclusion ranges in an active scope achieves the intended result.

Reserve addresses on all DHCP servers that can potentially service the reserved client.

If you have more than one DHCP server reachable by a reserved client, add the reservation at each of your other DHCP servers. Although the client reservation is only acted upon by the DHCP server where the reserved address is part of the available address pool, you can create the same reservation on other DHCP servers that exclude this address.

Integrate DHCP with other services, such as WINS and DNS.

WINS and DNS can both be used for registering dynamic name-to-address mappings on your network. To provide name resolution services, you must plan for interoperability of DHCP with these services. Most network administrators implementing DHCP also plan a strategy for implementing DNS and WINS servers.

Review

15. What are the steps in the DHCP lease process?

16. What must you configure on a computer running Windows 2000 Server before you can install the DHCP service?

17. How does a DHCP server in a Windows 2000 network determine its authorization status, and what are the possible results of that determination?

18. 
    
    After you create a scope, how can you modify the subnet mask in the scope?
    

19. What types of option classes does Windows 2000 support, and how are they different?

20. Your network consists of multiple network segments that are connected by routers. How will you configure the network so that all client computers can receive IP addresses by using DHCP?