module 4: configuring and troubleshooting dhcp. overview of the dhcp server role configuring dhcp...
TRANSCRIPT
Module 4: Configuring and Troubleshooting
DHCP
Module 4: Configuring and Troubleshooting DHCP
• Overview of the DHCP Server Role
• Configuring DHCP Scopes and Options
• Managing a DHCP Database
• Monitoring and Troubleshooting DHCP
• Securing DHCP
Lesson 1: Overview of the DHCP Server Role
• Benefits of Using DHCP
• New DHCP Features in Windows Server 2008
• How DHCP Allocates IP Addresses
• How DHCP Lease Generation Works
• How DHCP Lease Renewal Works
• DHCP Server Authorization
• Demonstration: Adding the DHCP Server Role
Benefits of Using DHCP
DHCP reduces the complexity and amount of administrative work by using automatic TCP/IP configurationDHCP reduces the complexity and amount of administrative work by using automatic TCP/IP configuration
Manual TCP/IP Configuration
• IP addresses are entered manually
• IP address could be entered incorrectly
• Communication and network issues can result
• Frequent computer moves increase administrative effort
Automatic TCP/IP Configuration
• IP addresses are supplied automatically
• Correct configuration information is ensured
• Client configuration is updated automatically
• A common source of network problems is eliminated
New DHCP Features in Windows Server 2008
New DHCP features include:
• Windows Server 2008 Support for DHCPv6
• Support for advanced network security configuration using NAP
• DHCP on Server Core
How DHCP Allocates IP Addresses
DHCP Server
DHCP Databas
e
IP Address1: Leased to DHCP Client1
IP Address2: Leased to DHCP Client2
IP Address3: Available to be leased
DHCP Client2:IP configuration
from DHCP server
Non-DHCP Client:Static IP
configuration
DHCP Client1:IP configuration
from DHCP server
Lease Renewal
Lease Generation
DHCP client broadcasts a DHCPDISCOVER packet1
DHCP servers broadcast a DHCPOFFER packet2
DHCP client broadcasts a DHCPREQUEST packet3
DHCP Server1 broadcasts a DHCPACK packet4
How DHCP Lease Generation Works
DHCP Client
DHCP Server1
DHCP Server2
DHCP client broadcasts a DHCPDISCOVER packet1
DHCP servers broadcast a DHCPOFFER packet2
DHCP client broadcasts a DHCPREQUEST packet3
DHCP Server1 broadcasts a DHCPACK packet4
DHCP Client
DHCP Server1
DHCP Server2
DHCP Client sends a DHCPREQUEST packetDHCP Client sends a DHCPREQUEST packet11
DHCP Server1 sends a DHCPACK packetDHCP Server1 sends a DHCPACK packet22
If the client fails to renew its lease, after 50% of the lease duration has expired, then the DHCP lease renewal process will begin again after 87.5% of the lease duration has expired
If the client fails to renew its lease, after 50% of the lease duration has expired, then the DHCP lease renewal process will begin again after 87.5% of the lease duration has expired
If the client fails to renew it’s lease, after 87.5% of the lease has expired, then the DHCP lease generation process starts over again with a DHCP client broadcasting a DHCPDISCOVER
How DHCP Lease Renewal Works
DHCP ClientDHCP ClientDHCP
Server1DHCP
Server1
DHCP Server2DHCP
Server2
50% of lease duration has
expired
50% of lease duration has
expired
87.5% of lease
duration has expired
87.5% of lease
duration has expired
100% of lease
duration has expired
DHCP ClientDHCP
Server1
DHCP Server2
DHCP client sends a DHCPREQUEST packet1
DHCP Server1 sends a DHCPACK packet2
50% of lease duration has expired
DHCP Server2 checks with the domain controller to obtain a list of
authorized DHCP servers
If DHCP Server2 does not find its IP address on the list, the service does not start and support DHCP clients
DHCP client receives IP address from authorized DHCP Server1
DHCP Server1 checks with the domain controller to obtain a list
of authorized DHCP servers
If DHCP Server1 finds its IP address on the list, the service
starts and supports DHCP clients
DomainControllerDomain
Controller
Active DirectoryActive Directory
DHCP Client DHCP Client
DHCP Server Authorization
Unauthorized
Does not service DHCP requests
Authorized
Services DHCP requests
DHCP Server1DHCP Server1
DHCP Server2DHCP Server2
DHCP authorization is the process of registering the DHCP Server service in the Active Directory domain to support DHCP clientsDHCP authorization is the process of registering the DHCP Server service in the Active Directory domain to support DHCP clients
Demonstration: Adding the DHCP Server Role
In this demonstration, you will see how to add and authorize the DHCP Server role
Lesson 2: Configuring DHCP Scopes and Options
• What Are DHCP Scopes?
• What Are Superscopes and Multicast Scopes?
• Demonstration: Configuring DHCP Scopes
• What Are DHCP Options?
• What Are DHCP Class-Level Options?
• What Is a DHCP Reservation?
• DHCP Sizing and Availability
• How DHCP Options Are Applied
• Demonstration: Configuring DHCP Options
What Are DHCP Scopes?
A scope is a range of IP addresses that are available to be leasedA scope is a range of IP addresses that are available to be leased
Scope Properties
• Scope name
• Exclusion range
• Lease duration
• Network IP address range
• Network ID
• Subnet mask
LAN A LAN B
DHCP ServerDHCP Server
Scope BScope BScope AScope A
What Are Superscopes and Multicast Scopes?
LAN A LAN B
DHCP Server
Scope A and Scope B
LAN A LAN B
DHCP Server
Scope BScope A
Demonstration: Configuring DHCP Scopes
In this demonstration, you will see how to:
• Create and authorize a DHCP scope
• Configure a DHCP superscope
• WINS Servers
Common scope options are:
What Are DHCP Options?
DHCP options are values for common configuration data that applies to the server, scopes, reservations, and class options
DHCP options are values for common configuration data that applies to the server, scopes, reservations, and class options
• DNS Servers
• DNS Name
• WINS Servers
• Default Gateway
What Are DHCP Class-Level Options?
DHCP class-level options are scope options that apply to a specific type of deviceDHCP class-level options are scope options that apply to a specific type of device
DHCP class-level option Description
Vendor-class Configured by vendors such as Microsoft, HP, and Sun
User-class Set and viewed by the user
What Is a DHCP Reservation?
A reservation is a specific IP address, within a scope, that is reserved permanently for lease to a specific DHCP client A reservation is a specific IP address, within a scope, that is reserved permanently for lease to a specific DHCP client
Subnet ASubnet A Subnet BSubnet B
Workstation 1
DHCP ServerWorkstation 2
File and Print Server
IP Address1: Leased to Workstation 1IP Address2: Leased to Workstation 2 IP Address3: Reserved for File and Print Server
DHCP Sizing and Availability
DHCP Clients
DHCP Server1
192.168.1.2
DHCP Server2
192.168.1.1
DHCP Clients
DHCP Server1 has 20% of addresses as follows:
•Scope range: 192.168.1.10-192.168.1.254
•Excluded addresses: 192.168.1.10-192.168.1.205
DHCP Server2 has 80% of addresses as follows:
•Scope range: 192.168.1.10-192.168.1.254
•Excluded addresses: 192.168.1.26-192.168.1.254
How DHCP Options Are Applied
DHCP options can be applied at various levels:
• Server
• Scope
• Reserved client
• Class
Demonstration: Configuring DHCP Options
In this demonstration, you will see how to configure DHCP server, scope, and class options
Lesson 3: Managing a DHCP Database
• Overview of DHCP Management Scenarios
• What Is a DHCP Database?
• How a DHCP Database Is Backed Up and Restored
• How a DHCP Database Is Reconciled
• Moving a DHCP Database
• DHCP Server Configuration Options
• Demonstration: Managing a DHCP Database
Scenarios for managing DHCP:
Overview of DHCP Management Scenarios
The DHCP service needs to be managed to respond to network changesThe DHCP service needs to be managed to respond to network changes
• Managing DHCP database growth
• Protecting the DHCP database
• Ensuring DHCP database consistency
• Adding clients
• Adding new network service servers
• Adding new subnets
What Is a DHCP Database?
• Windows Server 2003 stores the DHCP database in the %Systemroot%\System32\Dhcp folder
• The DHCP database files include:
• Dhcp.mdb
• Tmp.edb
• J50.log and J50*.log
• Res*.log
• J50.chk
The DHCP database is a dynamic database that contains configuration informationThe DHCP database is a dynamic database that contains configuration information
• The DHCP database contains DHCP configuration data such as:
• Scopes
• Address leases
• Reservations
DHCP Server
DHCP
DHCP
Offline Storage
The DHCP service automatically backs up the DHCP database to the backup directory on the local drive
If the original database is unable to load, the DHCP service automatically restores from the backup directory on the local drive
The administrator moves a copy of the backed up DHCP database to an offline storage location
In the event that the server hardware fails, the administrator can restore only from the offline storage location
How a DHCP Database Is Backed Up and Restored
Back up Restore
Back up
Restore
How a DHCP Database Is Reconciled
Example
Registry DHCP Database After Reconciliation
Client has IP address 192.168.1.34
IP address 192.168.1.34 is available
Lease entry is created in DHCP Database
DHCP Server
DHCPDatabase
Registry Summary IP address lease information
Detailed IP address lease information
Compares and reconciles
inconsistencies in the DHCP Database
Moving a DHCP Database
DHCPDatabase
Old DHCP Server
New DHCP Server
DHCPDatabase
BackupMedia
DHCP Server Configuration Options
Demonstration: Managing a DHCP Database
In this demonstration, you will see how to manage a DHCP database
Lesson 4: Monitoring and Troubleshooting DHCP
• Overview of Monitoring DHCP
• Common DHCP Issues
• What Are DHCP Statistics?
• What Is a DHCP Audit Log File?
• Monitoring DHCP Server Performance
• Demonstration: Monitoring DHCP
Overview of Monitoring DHCP
Why monitor DHCP?
• To observe the dynamic DHCP environment
• To determine DHCP server performance
• To facilitate planning for current and future needs
DHCP data includes:
• DHCP statistics
• DHCP events
• DHCP performance data
Common DHCP Issues
• Address conflicts
• Failure to obtain a DHCP address
• Address obtained from incorrect scope
• DHCP database suffered data corruption or loss
• DHCP server has exhausted its IP address pool
What Are DHCP Statistics?
DHCP statistics are collected at either the server level or scope levelDHCP statistics are collected at either the server level or scope level
DHCP Server
What Is a DHCP Audit Log File?
A DHCP audit log is a log of service-related eventsA DHCP audit log is a log of service-related events
• Create a DHCP performance baseline
• Check the standard counters for server performance
• Review DHCP server counters for significant changes in DHCP traffic
Monitoring DHCP Server Performance
Performance counters
What to look for after a baseline is established
Packets received/second
Monitor for sudden increases or decreases, which could reflect network problems
Requests/second Monitor for sudden increases or decreases, which could reflect network problems
Active queue length
Monitor for both sudden and gradual increases, which could reflect increased load or decreased server capacity
Duplicates dropped/second
Monitor for any activity that could indicate that more than one request is being transmitted on behalf of clients
Demonstration: Monitoring DHCP
In this demonstration, you will see how to monitor DHCP statistics and performance
Lesson 5: Securing DHCP
• Securing DHCP
• Preventing an Unauthorized User from Obtaining a Lease
• Restricting Unauthorized, Non-Microsoft DHCP Servers from Leasing IP Addresses
• Restricting DHCP Administration
Securing DHCP
Reasons for securing DHCP include:
• Preventing an unauthorized user from obtaining a lease
• Restricting unauthorized, non-Microsoft DHCP servers from leasing IP addresses
• Restricting DHCP administration
Preventing an Unauthorized User from Obtaining a Lease
To prevent an unauthorized user from obtaining a lease:
• Ensure that unauthorized persons do not have physical or wireless access to your network
• Enable audit logging for every DHCP server on your network
• Regularly check and monitor audit log files
• Use 802.1X-enabled LAN switches or wireless access points to access the network
• Configure NAP to validate users and security policy compliance
Restricting Unauthorized, Non-Microsoft DHCP Servers from Leasing IP Addresses
To restrict an unauthorized, non-Microsoft DHCP server from leasing IP addresses, ensure that unauthorized persons do not have physical or wireless access to your network
To restrict an unauthorized, non-Microsoft DHCP server from leasing IP addresses, ensure that unauthorized persons do not have physical or wireless access to your network
DHCP authorization
• Available on Windows 2000 and Windows Server 2003
• Authorization not required on other DHCP implementations
Restricting DHCP Administration
To restrict who can administer the DHCP service:
• Limit the members of the DHCP Administrators group
• Add users needing read-only access to the DHCP Users group
Account Permissions
DHCP Administrators group Can view and modify any data about the DHCP server
DHCP Users group Has read-only DHCP console access to the server
Lab: Configuring and Troubleshooting the DHCP Server Role
• Exercise 1: Installing and Authorizing the DHCP Server Role
• Exercise 2: Configuring a DHCP Scope
• Exercise 3: Troubleshooting Common DHCP Issues
Logon information
Virtual machine NYC-DC1, NYC-CL1
User name Administrator
Password Pa$$w0rd
Estimated time: 30 minutes
Lab Review
• What kind of account is necessary to authorize a DHCP server?
• Why is it important to define an exclusion range when configuring the DHCP scope?
• What is the consequence of not providing a default gateway when configuring DHCP scope options?
Module Review and Takeaways
• Review Questions
• Common Issues and Troubleshooting Tips
• Best Practices
• Tools