Docstoc

NW_Week03

Document Sample
NW_Week03 Powered By Docstoc
					Week #3: Configuring and Troubleshooting DHCP
• Overview of the DHCP Server Role

• Configuring DHCP Scopes and Options

• Managing a DHCP Database

• Monitoring and Troubleshooting DHCP

• Securing DHCP
Benefits of Using DHCP


  DHCP reduces the complexity and amount of administrative
  work by using automatic TCP/IP configuration


Manual TCP/IP Configuration        Automatic TCP/IP Configuration


• IP addresses are entered         • IP addresses are supplied
  manually                           automatically
• IP address could be entered      • Correct configuration
  incorrectly                        information is ensured
• Communication and network        • Client configuration is updated
  issues can result                  automatically
• Frequent computer moves          • A common source of network
  increase administrative effort     problems is eliminated
New DHCP Features in Windows Server 2008



 New DHCP features include:

   • Windows Server 2008 Support for DHCPv6

   • Support for advanced network security
     configuration using NAP

   • DHCP on Server Core
How DHCP Allocates IP Addresses


                                                          DHCP Client2:
 Non-DHCP Client:                                         IP configuration
     Static IP                                          from DHCP server
   configuration


                                                Lease Renewal

                          Lease Generation

                                                       DHCP Server

       DHCP Client1:                                  DHCP
       IP configuration                              Database
     from DHCP server
                                      IP Address1: Leased to DHCP Client1
                                      IP Address2: Leased to DHCP Client2
                                      IP Address3: Available to be leased
How DHCP Lease Generation Works

            DHCP
           Server2




  DHCP                                                        DHCP
 Server1                                                      Client




                DHCP client broadcasts a DHCPDISCOVER
            1   packet

            2   DHCP servers broadcast a DHCPOFFER packet

            3   DHCP client broadcasts a DHCPREQUEST packet

            4   DHCP Server1 broadcasts a DHCPACK packet
How DHCP Lease Renewal Works


          DHCP
          DHCP
         Server2
         Server2




                                                      DHCP Client
                                                      DHCP Client
    DHCP
    DHCP
   Server1
   Server1


                                                        100% of
                                                        87.5% of
                                                      50%of lease
                                                      50% of lease
                                                          lease
                                                      duration has
                                                      duration has
                                                      expired
                                                         expired


                                  its lease, after packet
         1 DHCP client renew DHCPREQUEST packet the
       If1 DHCP Client sends a DHCPREQUEST 50% of of the
         the client fails to      it’s lease, after 87.5%
             has expired, expired, then the DHCP lease renewal
       lease duration hasthen the DHCP lease generation
                starts over sends a DHCPACK client
                    begin again after a DHCP packet
       process willServer1again with87.5% of the lease
         2 DHCP expired
         2 DHCP Server1 sends a DHCPACK packet
       broadcasting
       duration has a DHCPDISCOVER
DHCP Server Authorization

DHCP authorization is the process of registering the DHCP Server
service in the Active Directory domain to support DHCP clients

                 If DHCP Server1 finds its the
               DHCP Server1 checks with IP
               address on the list, obtain a list
              domain controller to the service
                 of authorized DHCP servers
              starts and supports DHCP clients

     Domain
    Controller                                        DHCP Server1

                                                       Authorized
 Active                                                Services DHCP
 Directory
                                                       requests

                                                      DHCP Server2
  DHCP Client
                                                       Unauthorized
                                                       Does not service
                 DHCP Server2 checks with its
             If DHCP Server2 does not findthe IP       DHCP requests
                DHCP client receives IP address
             domain on the list, the service does
             address controller to obtain a list of
                from authorized DHCP Server1
                   authorized DHCP servers
              not start and support DHCP clients
What Are DHCP Scopes?

   A scope is a range of IP addresses that are available
   to be leased

                          DHCP Server




          LAN A                                    LAN B

                     Scope A          Scope B



   Scope Properties

     • Network ID      • Lease duration    • Scope name

     • Subnet mask     • Network IP        • Exclusion range
                        address range
DHCP Sizing and Availability
                     DHCP
                     Clients




                            DHCP
                           Server1
                         192.168.1.2



 DHCP
 Clients
              DHCP             DHCP Server1 has 20% of addresses as follows:
             Server2
           192.168.1.1         •Scope range: 192.168.1.10-192.168.1.254
                               •Excluded addresses: 192.168.1.10-192.168.1.205


                               DHCP Server2 has 80% of addresses as follows:
                               •Scope range: 192.168.1.10-192.168.1.254
                               •Excluded addresses: 192.168.1.206-192.168.1.254
Securing DHCP

 • Preventing an unauthorized user from obtaining a lease
    • Enable and monitor Audit log
    • Configure NAP
    • Use 802.11x LAN switch or Wireless Access Point
    • Control Physical Access as well as Wireless Access


• Restricting unauthorized DHCP servers from leasing
  IP addresses
    • Use only Microsoft DHCP Server in order to be authorized
      by Active Directory


• Restricting DHCP administration
    • DHCP Users Group: Read-only access to DHCP Console
    • DHCP Administrators Group: Limit members

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:2/16/2012
language:English
pages:25