Get documents about "NW_Week03
Document Sample
Week #3: Configuring and Troubleshooting DHCP
• Overview of the DHCP Server Role
• Configuring DHCP Scopes and Options
• Managing a DHCP Database
• Monitoring and Troubleshooting DHCP
• Securing DHCP
Benefits of Using DHCP
DHCP reduces the complexity and amount of administrative
work by using automatic TCP/IP configuration
Manual TCP/IP Configuration Automatic TCP/IP Configuration
• IP addresses are entered • IP addresses are supplied
manually automatically
• IP address could be entered • Correct configuration
incorrectly information is ensured
• Communication and network • Client configuration is updated
issues can result automatically
• Frequent computer moves • A common source of network
increase administrative effort problems is eliminated
New DHCP Features in Windows Server 2008
New DHCP features include:
• Windows Server 2008 Support for DHCPv6
• Support for advanced network security
configuration using NAP
• DHCP on Server Core
How DHCP Allocates IP Addresses
DHCP Client2:
Non-DHCP Client: IP configuration
Static IP from DHCP server
configuration
Lease Renewal
Lease Generation
DHCP Server
DHCP Client1: DHCP
IP configuration Database
from DHCP server
IP Address1: Leased to DHCP Client1
IP Address2: Leased to DHCP Client2
IP Address3: Available to be leased
How DHCP Lease Generation Works
DHCP
Server2
DHCP DHCP
Server1 Client
DHCP client broadcasts a DHCPDISCOVER
1 packet
2 DHCP servers broadcast a DHCPOFFER packet
3 DHCP client broadcasts a DHCPREQUEST packet
4 DHCP Server1 broadcasts a DHCPACK packet
How DHCP Lease Renewal Works
DHCP
DHCP
Server2
Server2
DHCP Client
DHCP Client
DHCP
DHCP
Server1
Server1
100% of
87.5% of
50%of lease
50% of lease
lease
duration has
duration has
expired
expired
its lease, after packet
1 DHCP client renew DHCPREQUEST packet the
If1 DHCP Client sends a DHCPREQUEST 50% of of the
the client fails to it’s lease, after 87.5%
has expired, expired, then the DHCP lease renewal
lease duration hasthen the DHCP lease generation
starts over sends a DHCPACK client
begin again after a DHCP packet
process willServer1again with87.5% of the lease
2 DHCP expired
2 DHCP Server1 sends a DHCPACK packet
broadcasting
duration has a DHCPDISCOVER
DHCP Server Authorization
DHCP authorization is the process of registering the DHCP Server
service in the Active Directory domain to support DHCP clients
If DHCP Server1 finds its the
DHCP Server1 checks with IP
address on the list, obtain a list
domain controller to the service
of authorized DHCP servers
starts and supports DHCP clients
Domain
Controller DHCP Server1
Authorized
Active Services DHCP
Directory
requests
DHCP Server2
DHCP Client
Unauthorized
Does not service
DHCP Server2 checks with its
If DHCP Server2 does not findthe IP DHCP requests
DHCP client receives IP address
domain on the list, the service does
address controller to obtain a list of
from authorized DHCP Server1
authorized DHCP servers
not start and support DHCP clients
What Are DHCP Scopes?
A scope is a range of IP addresses that are available
to be leased
DHCP Server
LAN A LAN B
Scope A Scope B
Scope Properties
• Network ID • Lease duration • Scope name
• Subnet mask • Network IP • Exclusion range
address range
DHCP Sizing and Availability
DHCP
Clients
DHCP
Server1
192.168.1.2
DHCP
Clients
DHCP DHCP Server1 has 20% of addresses as follows:
Server2
192.168.1.1 •Scope range: 192.168.1.10-192.168.1.254
•Excluded addresses: 192.168.1.10-192.168.1.205
DHCP Server2 has 80% of addresses as follows:
•Scope range: 192.168.1.10-192.168.1.254
•Excluded addresses: 192.168.1.206-192.168.1.254
Securing DHCP
• Preventing an unauthorized user from obtaining a lease
• Enable and monitor Audit log
• Configure NAP
• Use 802.11x LAN switch or Wireless Access Point
• Control Physical Access as well as Wireless Access
• Restricting unauthorized DHCP servers from leasing
IP addresses
• Use only Microsoft DHCP Server in order to be authorized
by Active Directory
• Restricting DHCP administration
• DHCP Users Group: Read-only access to DHCP Console
• DHCP Administrators Group: Limit members
