Module 4: Configuring and Troubleshooting DHCP

8/14/2019 Module 4: Configuring and Troubleshooting DHCP

1/46

Module 4: Configuring

and TroubleshootingDHCP


2/46

Module 4: Configuring and Troubleshooting DHCP

Overview of the DHCP Server Role

Configuring DHCP Scopes and Options

Managing a DHCP Database

Monitoring and Troubleshooting DHCP

Securing DHCP


3/46

Lesson 1: Overview of the DHCP Server Role

Benefits of Using DHCP

New DHCP Features in Windows Server 2008

How DHCP Allocates IP Addresses

How DHCP Lease Generation Works

How DHCP Lease Renewal Works DHCP Server Authorization

Demonstration: Adding the DHCP Server Role


4/46

Benefits of Using DHCP

DHCP reduces the complexity and amount of administrative workby using automatic TCP/IP configuration

DHCP reduces the complexity and amount of administrative workby using automatic TCP/IP configuration

Manual TCP/IP Configuration

IP addresses are enteredmanually

IP address could be enteredincorrectly

Communication and networkissues can result

Frequent computer movesincrease administrative effort

Automatic TCP/IP Configuration

IP addresses are suppliedautomatically

Correct configurationinformation is ensured

Client configuration is updatedautomatically

A common source of networkproblems is eliminated


5/46

New DHCP Features in Windows Server 2008

New DHCP features include:

Windows Server 2008 Support for DHCPv6

Support for advanced network securityconfiguration using NAP

DHCP on Server Core


6/46

How DHCP Allocates IP Addresses

DHCP Server

DHCP

Database

IP Address1: Leased to DHCP Client1

IP Address2: Leased to DHCP Client2

IP Address3: Available to be leased

DHCP Client2:IP configuration

from DHCP server

Non-DHCP Client:Static IP

configuration

DHCP Client1:

IP configurationfrom DHCP server

Lease Renewal

Lease Generation


7/46

DHCP client broadcasts a DHCPDISCOVER packet1

DHCP servers broadcast a DHCPOFFER packet2

DHCP client broadcasts a DHCPREQUEST packet3

DHCP Server1 broadcasts a DHCPACK packet4

How DHCP Lease Generation Works

DHCPClient

DHCPServer1

DHCP

Server2

DHCP client broadcasts a DHCPDISCOVER packet1

DHCP servers broadcast a DHCPOFFER packet2

DHCP client broadcasts a DHCPREQUEST packet3

DHCP Server1 broadcasts a DHCPACK packet4

DHCPClient

DHCPServer1

DHCP

Server2


8/46

DHCP Client sends a DHCPREQUEST packetDHCP Client sends a DHCPREQUEST packet1

DHCP Server1 sends a DHCPACK packetDHCP Server1 sends a DHCPACK packet2

If the client fails to renew its lease, after 50% of the leaseduration has expired, then the DHCP lease renewal process willbegin again after 87.5% of the lease duration has expired

If the client fails to renew its lease, after 50% of the leaseduration has expired, then the DHCP lease renewal process willbegin again after 87.5% of the lease duration has expired

If the client fails to renew its lease, after 87.5% of the leasehas expired, then the DHCP lease generation process startsover again with a DHCP client broadcasting a DHCPDISCOVER

How DHCP Lease Renewal Works

DHCP ClientDHCP ClientDHCP

Server1DHCP

Server1

DHCPServer2

DHCPServer2

50% of leaseduration has

expired


expired

87.5% oflease duration

has expired

87.5% oflease durationhas expired


expired

DHCP Client

DHCPServer1

DHCPServer2

DHCP client sends a DHCPREQUEST packet1

DHCP Server1 sends a DHCPACK packet2

50% of leaseduration hasexpired


9/46

DHCP Server2 checks with thedomain controller to obtain a list of

authorized DHCP servers

If DHCP Server2 does not find its IPaddress on the list, the service does not

start and support DHCP clients

DHCP client receives IP addressfrom authorized DHCP Server1

DHCP Server1 checks with the domaincontroller to obtain a list of authorized

DHCP servers

If DHCP Server1 finds its IP addresson the list, the service starts and

supports DHCP clients

Domain

Controller

DomainController

ActiveDirectoryActiveDirectory

DHCP ClientDHCP Client

DHCP Server Authorization

Unauthorized

Does not serviceDHCP requests

Authorized

Services DHCPrequests

DHCP Server1DHCP Server1

DHCP Server2DHCP Server2

DHCP authorization is the process of registering the DHCP Server servicein the Active Directory domain to support DHCP clients

DHCP authorization is the process of registering the DHCP Server servicein the Active Directory domain to support DHCP clients


10/46

Demonstration: Adding the DHCP Server Role

In this demonstration, you will see how to add and

authorize the DHCP Server role


11/46

Lesson 2: Configuring DHCP Scopes and Options

What Are DHCP Scopes?

What Are Superscopes and Multicast Scopes?

Demonstration: Configuring DHCP Scopes

What Are DHCP Options?

What Are DHCP Class-Level Options? What Is a DHCP Reservation?

DHCP Sizing and Availability

How DHCP Options Are Applied

Demonstration: Configuring DHCP Options


12/46

What Are DHCP Scopes?

A scope is a range of IP addresses that are available to be

leased

A scope is a range of IP addresses that are available to beleased

Scope Properties

Scope name

Exclusion range

Lease duration

Network IPaddress range

Network ID

Subnet mask

LAN A LAN B

DHCP ServerDHCP Server

Scope BScope BScope AScope A


13/46

What Are Superscopes and Multicast Scopes?

LAN A LAN B

DHCP Server

Scope A and Scope B

LAN A LAN B

DHCP Server

Scope BScope A


14/46

Demonstration: Configuring DHCP Scopes

In this demonstration, you will see how to:

Create and authorize a DHCP scope

Configure a DHCP superscope


15/46

WINS Servers

Common scope options are:

What Are DHCP Options?

DHCP options are values for common configuration data thatapplies to the server, scopes, reservations, andclass options

DHCP options are values for common configuration data thatapplies to the server, scopes, reservations, andclass options

DNS Servers

DNS Name

WINS Servers

Default Gateway


16/46

What Are DHCP Class-Level Options?

DHCP class-level options are scope options that apply to aspecific type of deviceDHCP class-level options are scope options that apply to aspecific type of device

DHCP class-level

option

Description

Vendor-class Configured by vendors such asMicrosoft, HP, and Sun

User-class Set and viewed by the user


17/46

What Is a DHCP Reservation?

A reservation is a specific IP address, within a scope, that isreserved permanently for lease to a specific DHCP clientA reservation is a specific IP address, within a scope, that isreserved permanently for lease to a specific DHCP client

Subnet ASubnet A Subnet BSubnet B

Workstation 1

DHCP ServerWorkstation 2

File and PrintServer

IP Address1: Leased to Workstation 1IP Address2: Leased to Workstation 2IP Address3: Reserved for File and PrintServer


18/46

DHCP Sizing and Availability

DHCPClients

DHCPServer1

192.168.1.2

DHCPServer2

192.168.1.1

DHCPClients

DHCP Server1 has 20% of addresses as follows:

Scope range: 192.168.1.10-192.168.1.254Excluded addresses: 192.168.1.10-192.168.1.205

DHCP Server2 has 80% of addresses as follows:

Scope range: 192.168.1.10-192.168.1.254

Excluded addresses: 192.168.1.26-192.168.1.254


19/46

How DHCP Options Are Applied

DHCP options can be applied at various levels:

Server

Scope

Reserved client

Class


20/46

Demonstration: Configuring DHCP Options

In this demonstration, you will see how to configure DHCP

server, scope, and class options


21/46

Lesson 3: Managing a DHCP Database

Overview of DHCP Management Scenarios

What Is a DHCP Database?

How a DHCP Database Is Backed Up and Restored

How a DHCP Database Is Reconciled

Moving a DHCP Database

DHCP Server Configuration Options

Demonstration: Managing a DHCP Database


22/46

Scenarios for managing DHCP:

Overview of DHCP Management Scenarios

The DHCP service needs to be managed to respond to network

changes

The DHCP service needs to be managed to respond to network

changes

Managing DHCP database growth

Protecting the DHCP database

Ensuring DHCP database consistency

Adding clients

Adding new network service servers

Adding new subnets


23/46

What Is a DHCP Database?

Windows Server 2003 stores the DHCP database in the%Systemroot%\System32\Dhcp folder

The DHCP database files include:

Dhcp.mdb Tmp.edb

J50.log and J50*.log

Res*.log

J50.chk

The DHCP database is a dynamic database that contains configurationinformation

The DHCP database is a dynamic database that contains configurationinformation

The DHCP database contains DHCP configuration data such as:

Scopes

Address leases

Reservations


24/46

DHCP

Server

DHCP

DHCP

Offline

Storage

The DHCP service automatically backs up the DHCPdatabase to the backup directory on the local drive

If the original database is unable to load, the DHCP serviceautomatically restores from the backup directory on thelocal drive

The administrator moves a copy of the backed up DHCPdatabase to an offline storage location

In the event that the server hardware fails, theadministrator can restore only from the offline storagelocation

How a DHCP Database Is Backed Up and Restored

Back up Restore

Back up

Restore


25/46

How a DHCP Database Is Reconciled

Example

Registry DHCP Database After Reconciliation

Client has IP address

192.168.1.34

IP address 192.168.1.34

is available

Lease entry is created in

DHCP Database

DHCP Server

DHCPDatabase

Registry Summary IPaddress leaseinformation

Detailed IPaddress leaseinformation

Compares andreconciles

inconsistencies in theDHCP Database


26/46

Moving a DHCP Database

DHCPDatabase

Old DHCPServer

New DHCPServer

DHCPDatabase

Backup

Media


27/46

DHCP Server Configuration Options


28/46

Demonstration: Managing a DHCP Database

In this demonstration, you will see how to manage a DHCP

database


29/46

Lesson 4: Monitoring and Troubleshooting DHCP

Overview of Monitoring DHCP

Common DHCP Issues

What Are DHCP Statistics?

What Is a DHCP Audit Log File?

Monitoring DHCP Server Performance

Demonstration: Monitoring DHCP


30/46

Overview of Monitoring DHCP

Why monitor DHCP?

To observe the dynamic DHCP environment

To determine DHCP server performance

To facilitate planning for current and future needs

DHCP data includes:

DHCP statistics

DHCP events

DHCP performance data


31/46

Common DHCP Issues

Address conflicts

Failure to obtain a DHCP address

Address obtained from incorrect scope

DHCP database suffered data corruption or loss

DHCP server has exhausted its IP address pool


32/46

What Are DHCP Statistics?

DHCP statistics are collected at either the server level or scope

level

DHCP statistics are collected at either the server level or scope

level

DHCP Server


33/46

What Is a DHCP Audit Log File?

A DHCP audit log is a log of service-related eventsA DHCP audit log is a log of service-related events


34/46

Create a DHCP performance baseline

Check the standard counters forserver performance

Review DHCP server counters for significantchanges in DHCP traffic

Monitoring DHCP Server Performance

Performance

counters

What to look for after a

baseline is established

Packetsreceived/second

Monitor for sudden increases or decreases, whichcould reflect network problems

Requests/second Monitor for sudden increases or decreases, whichcould reflect network problems

Active queuelength

Monitor for both sudden and gradual increases,which could reflect increased load or decreasedserver capacity

Duplicatesdropped/second

Monitor for any activity that could indicate thatmore than one request is being transmitted onbehalf of clients


35/46

Demonstration: Monitoring DHCP

In this demonstration, you will see how to monitor DHCP

statistics and performance


36/46

Lesson 5: Securing DHCP

Securing DHCP

Preventing an Unauthorized User from Obtaining a Lease

Restricting Unauthorized, Non-Microsoft DHCP Serversfrom Leasing IP Addresses

Restricting DHCP Administration


37/46

Securing DHCP

Reasons for securing DHCP include:

Preventing an unauthorized user fromobtaining a lease

Restricting unauthorized, non-Microsoft DHCPservers from leasing IP addresses

Restricting DHCP administration

Preventing an Unauthorized User from Obtaining


38/46

Preventing an Unauthorized User from Obtaininga Lease

To prevent an unauthorized user from obtaining

a lease:

Ensure that unauthorized persons do not havephysical or wireless access to your network

Enable audit logging for every DHCP server

on your network

Regularly check and monitor audit log files

Use 802.1X-enabled LAN switches or wirelessaccess points to access the network

Configure NAP to validate users and security policycompliance

Restricting Unauthorized, Non-Microsoft DHCP


39/46

Restricting Unauthorized, Non Microsoft DHCPServers from Leasing IP Addresses

To restrict an unauthorized, non-Microsoft DHCP serverfrom leasing IP addresses, ensure that unauthorizedpersons do not have physical or wireless access to your

network

To restrict an unauthorized, non-Microsoft DHCP serverfrom leasing IP addresses, ensure that unauthorizedpersons do not have physical or wireless access to your

network

DHCP authorization

Available on Windows 2000 andWindows Server 2003

Authorization not required on other

DHCP implementations


40/46

Restricting DHCP Administration

To restrict who can administer the DHCP service:

Limit the members of the DHCP Administrators group

Add users needing read-only access to theDHCP Users group

Account Permissions

DHCP Administrators group Can view and modify any data about theDHCP server

DHCP Users group Has read-only DHCP console access to theserver

Lab: Configuring and Troubleshooting the DHCP


41/46

g g gServer Role

Exercise 1: Installing and Authorizing the DHCP ServerRole

Exercise 2: Configuring a DHCP Scope

Exercise 3: Troubleshooting Common DHCP Issues

Logon information

Virtual machine NYC-DC1, NYC-CL1

User name AdministratorPassword Pa$$w0rd

Estimated time: 30 minutes


42/46

Lab Review

What kind of account is necessary to authorize a DHCPserver?

Why is it important to define an exclusion range whenconfiguring the DHCP scope?

What is the consequence of not providing a defaultgateway when configuring DHCP scope options?


43/46

Module Review and Takeaways

Review Questions

Common Issues and Troubleshooting Tips

Best Practices

Tools

Notes Page Over-flow Slide. Do Not Print Slide.


44/46

gSee Notes pane.



45/46

gSee Notes pane.



46/46

gSee Notes pane.

Module 4: Configuring and Troubleshooting DHCP

Documents

Transcript of Module 4: Configuring and Troubleshooting DHCP