DHCP T his chapter covers configuring and managing a Windows 2000 Server-based Dynamic Host Configuration Protocol (DHCP) server and DHCP clients. Overview of DHCP The TCP/IP protocol, which is required for Internet connectivity and is rapidly becoming a protocol of choice for many intranets, requires that each node on the network have a unique IP address. This includes any individual network object such as a server, workstation, printer, router, and so on. You can assign IP addresses to network nodes either statically or dynamically. With a statically assigned address, you specify a fixed address for a given node, and that address never changes unless you manually change it. Static assignment is the option to use when the network node must have the same IP address all the time. Web and FTP servers or devices such as printers that don’t sup- port anything other than static assignments are prime examples of such situations. You also can assign IP addresses dynamically through the Dynamic Host Configuration Protocol. DHCP enables network nodes to take IP address assignments from a DHCP server automatically at startup. Although dynamic assignment means that IP addresses for network nodes can and do typi- cally change each time the node is restarted, that poses a problem only in those situations in which a computer needs the same IP address for every session. In all other situations, including for most workstations and many servers, dynamic assignment enables you to manage a pool of IP addresses more effectively to prevent address conflicts. DHCP also lets you allocate a smaller number of IP addresses than the num- ber of computers using them, provided the maximum number of live nodes at any given time doesn’t exceed the number of available addresses. An example of such a situation is when you’re using a server to provide dial-up access for multiple users. You might allocate 20 IP addresses to accommodate 50 dial-in users. Each user would receive a unique IP address assignment from the DHCP server at connection time, to a maximum of 20 concurrent connections. 13 13 CHAPTER ✦✦✦✦ In This Chapter Overview of DHCP Installing and Configuring the DHCP Server Defining and Implementing User and Vendor Classes Creating and Using Superscopes Creating Multicast Scopes Configuring Windows 2000 DHCP Clients ✦✦✦✦ 4667-8 ch13.f.qc 5/15/00 2:05 PM Page 475 476 Part IV ✦ Networking and Communications Services Perhaps the most important benefit to DHCP is in the area of administration. DHCP makes it much easier to manage the IP address configuration of clients, since you can affect all changes from a central server, rather than requiring changes on indi- vidual clients. The more computers on the network, the greater the advantage DHCP brings to address management. Rather than manually reconfiguring network settings at several hundred (or more) workstations when a network change occurs, you can simply change the settings at the server and either push the changes trans- parently to the user or allow the changes to take place when the clients restart. The Windows 2000 DHCP Server Windows 2000 Server includes a built-in DHCP service that offers excellent func- tionality for allocating and managing addresses. The DHCP Server service is built on industry standards (Request for Comments or RFCs) defined by the Internet Engineering Task Force (IETF). This adherence to standards ensures that the DHCP service will accommodate not only Windows 2000 clients but other clients as well, including UNIX, Macintosh, and so on. As with other Windows 2000 services, you manage DHCP on a Windows 2000 server through the Microsoft Management Console (MMC). The DHCP service console snap-in enables you to create DHCP scopes (a range of addresses and correspond- ing properties), assign global properties, view current assignments, and perform all other DHCP administration tasks. In addition to supporting the IETF standards, the Windows 2000 DHCP service extends the functionality of DHCP to include logging, monitoring, and other features that integrate DHCP with the Windows 2000 operating system. In addition, several new features were added in Windows 2000 to improve DHCP’s usefulness, adminis- tration, and integration with other services such as DNS. These features are dis- cussed in the following sections. Support for Dynamic DNS DHCP provides for dynamic address assignment and therefore can make it difficult to maintain accurate name-to-address mapping in DNS servers. As soon as a node changes its address, records in the DNS database become invalid. Windows 2000 DHCP integrates with DNS by enabling the DHCP server and clients to request updates to the DNS database when address or host names change. This capability enables the DNS database to remain up-to-date even for clients with dynamically assigned IP addresses. Dynamic DNS (DDNS) functions through a client-server mechanism. Windows 2000 DHCP clients support DDNS and can directly request that a Windows 2000 DNS server update their host resource records (also called A records) when the clients’ IP addresses or host names change. Windows 2000 DHCP servers can also submit requests on behalf of clients, although a DHCP server can request an update to 4667-8 ch13.f.qc 5/15/00 2:05 PM Page 476 477 Chapter 13 ✦ DHCP both the clients’ host and pointer (PTR) records. Host records are used for host- to-address mapping, and pointer records are used for reverse lookup. A Windows 2000 DHCP server also can act as a proxy for non-Windows 2000 DHCP clients to perform dynamic DNS updates. For example, a Windows 2000 DHCP server can perform updates for Windows 95/98 and Windows NT clients, which do not natively support dynamic DNS and are therefore unable to submit requests to either the DHCP server or DNS server to update their resource records. Figure 13-1 illus- trates how DHCP and DNS interact. Figure 13-1: DHCP supports automatic updates to DNS when host name or IP address changes occur. See the section “Configuring Windows 2000 DHCP Clients” later in this chapter for an explanation of how to configure clients to use DDNS. Vendor and User Classes Vendor classes enable you to define a set of DHCP settings for a specific equipment vendor and apply those settings to any node falling into that class. User classes enable you to do much the same thing, defining DHCP settings to apply to a specific group of nodes. Vendor and user classes offer enhanced flexibility in assigning custom settings to individual nodes or groups of nodes without affecting others on the same network. Cross- Reference Windows 95/98 ClientWindows 2000 Client Request to update A and PTR records Request to update A and PTR records Windows 2000 DHCP Server Windows 2000 DNS Server Update A RecordUpdate A Record DHCP Server requests updates for W2K and W9x clients DHCP Server requests updates for Windows 2000 and Windows 95/98 Clients No update requests No update requests 4667-8 ch13.f.qc 5/15/00 2:05 PM Page 477 478 Part IV ✦ Networking and Communications Services Through a vendor or user class, a node can request a custom set of DHCP settings to suit its configuration. For example, you might assign shorter lease durations to note- book PCs because they leave the network frequently. You define a user class called Notebook and assign to it a shorter lease period. The client, which presents the user class to the server, receives the shorter lease based on that user class. Multicast Address Allocation Multicast addresses enable IP traffic to be broadcast to a group of nodes and is most commonly used in audio or video conferencing. A standard IP address is also known as a unicast address because traffic is broadcast to a single address. A multicast address, however, enables a group of computers to receive the same data packets with a single broadcast. This is different from a situation in which the same traffic is sent using multiple broadcasts to a group of unicast addresses. The use of multicasting enables a group of computers to receive the same data without duplicating the packets and thereby reducing packet traffic. Unauthorized DHCP Server Detection Unauthorized DHCP servers can cause real problems in a network by allocating incor- rect or conflicting configuration information to clients. For example, an administrator or power user might install and start a DHCP server, unaware that one or more DHCP servers already exist on the network. There was previously nothing to prevent this “rogue” DHCP server from starting. Windows 2000 addresses that potential problem. The Active Directory stores a list of authorized DHCP servers. When a Windows 2000 DHCP server in a domain starts, it attempts to determine if it is listed as an authorized server in the AD. If it is unable to connect to the AD or does not find itself listed in the AD as an authorized server, it assumes it is unauthorized and the service does not accept DHCP client requests. If the server does find itself in the AD, it begins processing client requests. Workgroup DHCP servers (standalone servers not belonging to a domain) behave somewhat differently. When a workgroup DHCP server starts, it broadcasts a DHCPINFORM message. Any domain-based DHCP servers on the network respond with DHCPACK and provide the name of the directory domain of which they are a part. If the workgroup DHCP server receives any DHCPACK messages from domain DHCP servers, the workgroup server assumes it isn’t authorized and does not ser- vice client requests. If a workgroup DHCP server detects no other servers or detects only other workgroup DHCP servers, it begins processing client requests. Therefore, workgroup DHCP servers will not operate on a network where domain-based DHCP servers are active, but can coexist with other workgroup DHCP servers. 4667-8 ch13.f.qc 5/15/00 2:05 PM Page 478 479 Chapter 13 ✦ DHCP Automatic Client Configuration Windows 2000 DHCP clients attempt to locate a DHCP server at startup and renew any unexpired leases (a lease is an IP address and the associated data allocated from a DHCP server). If no DHCP server is found, the client pings the default gate- way defined by the lease. If the ping succeeds, the client continues to use the lease and automatically attempts to renew the lease when half the lease time expires. If the client is unable to locate a DHCP server and pinging the default gateway fails, the client assumes that it is on a network without DHCP services, automati- cally assigns itself an IP address, and continues checking for a DHCP server every five minutes. The client assigns itself an address in the class B subnet 169.254.0.0 (subnet mask 255.255.0.0), but prior to assigning, the address tests to determine that the address is valid and doesn’t conflict with other nodes. Automatic address assignment is a useful feature, particularly for small peer net- works in which there is no DHCP server (such as a home network). It enables users to move between networks with relative ease and eliminates the need to reconfigure their systems. For example, a user can move his notebook from the office to home and have a valid address within the current network without having to reconfigure TCP/IP each time. Improved Monitoring and Reporting The DHCP service performs its own monitoring and logs events to the System log, which you can view with the Event Viewer console. DHCP has also been enhanced in Windows 2000 to provide additional monitoring and statistical reporting. For example, you can configure DHCP to generate alerts when the percentage of avail- able addresses in a given scope drops below a certain point. Installing and Configuring the DHCP Server The process of installing DHCP is relatively simple. Configuring a server and putting it into service is much more complex, however, particularly if you are new to DHCP. The following sections explain how to install the DHCP service and configure global and scope-specific settings. Installing DHCP As with other services, you add DHCP through the Add/Remove Programs object in the Control Panel. Open Add/Remove Programs and click Add/Remove Windows Components. Open the Networking Services item and select Dynamic Host Configuration Protocol, click OK, and then click Next. Follow the prompts to complete the software installation. After the software is installed, you can begin configuring and using DHCP without restarting the server. 4667-8 ch13.f.qc 5/15/00 2:05 PM Page 479 480 Part IV ✦ Networking and Communications Services Using the DHCP Console Windows 2000 provides an MMC console to enable you to manage DHCP servers both locally and on remote computers (Figure 13-2). You can perform all DHCP administrative functions through the DHCP console. To open the DHCP console, choose Start ➪ Programs➪ Administrative Tools ➪ DHCP. Figure 13-2: The DHCP console By default, the DHCP console connects to the local DHCP server, showing the server’s IP address in the left pane. You can use the console to manage DHCP servers both locally and remotely. To connect to a different server, right-click the DHCP node (the top-most node) in the left pane and choose Add Server. Type the name or IP address of the server you want to manage and click OK. DHCP adds the server to the list. Like most MMC consoles, DHCP functions as a two-pane console with the tree pane to the left and the contents pane to the right. The following sections explain how to configure DHCP using the console. Creating Scopes A DHCP scope is a set of properties that define a range of IP addresses and related settings such as DNS servers, default gateway, and other information that the client needs to obtain from the DHCP server. Before you can begin using DHCP to assign addresses, you need to create at least one scope. Scopes can be active or inactive, so you also need to make the scope active before the server can allocate addresses from the scope to clients. This chapter assumes you’re going to fully define the scope before activating it. 4667-8 ch13.f.qc 5/15/00 2:05 PM Page 480 481 Chapter 13 ✦ DHCP DHCP provides a wizard to take you through the process of creating a scope. To create a scope, right-click the server in the tree and choose New Scope. Or, select the server and choose Action ➪ New Scope. The wizard prompts for the following information: ✦ Name: This is the friendly name that appears in the DHCP console for the scope. An example might be “Houston Office scope.” ✦ Description: This optional description appears on the scope’s General property page (right-click the scope and choose Properties to view). Assign a description to help you recognize the purpose of the scope. For example, you might use the address range in the description. ✦ Start IP address: Specify the beginning address of the range of IP addresses you want to assign to the scope using dotted octet format. ✦ End IP address: Specify the ending address of the range of IP addresses you want to assign to the scope using dotted octet format. ✦ Length or Subnet mask: You can specify the subnet mask for the address range using either the address length or subnet mask in dotted octet format. ✦ Exclusions, Start address and End address: Use this page to specify one or more ranges of addresses to be excluded from the scope. Addresses in an excluded range are not used by DHCP or allocated to clients. If the addresses you want to exclude fall outside of the address range defined for the scope, you don’t have to explicitly define an exclusion. For example, assume you create a scope with the included range 192.168.0.100 through 192.168.0.254. You do not have to create an exclusion for 192.168.0.1 through 192.168.0.99, which are implicitly excluded. However, using this same example, you would need to create an exclusion if you wanted to prevent the address range 192.168.0.150 through 192.168.0.160 from being allocated to clients. If, however, you do choose an exclusion range, it must fall within the scope created on the previous page. ✦ Lease duration: This property defines the length of time an IP address assign- ment is valid and is applicable to all clients unless modified by a user or vendor class assignment (in effect, it is the default lease period). When the lease dura- tion expires, the client must request a renewal of the address, and failing that (because the address might already have been reassigned while the client was offline, for example), request a new address lease. The default is eight hours. See the section, “Defining and Implementing User and Vendor Classes,” later in this chapter for additional information. ✦ Configure other options: The wizard gives you the option of configuring the default gateway and DNS server properties to assign to the scope. See the sec- tion “Setting General Scope Options” later in this chapter for more information. ✦ Activate the scope: Although you can activate the scope immediately after cre- ating it, you should make sure you’ve fully defined all required scope properties prior to activation to ensure that clients receive all necessary DHCP properties. You can activate the scope later after fully defining the scope. 4667-8 ch13.f.qc 5/15/00 2:05 PM Page 481 482 Part IV ✦ Networking and Communications Services After you create a scope, it shows up in the DHCP console as a branch under the server’s node in the tree pane, as shown in Figure 13-2. You’ll see multiple scope branches if the server hosts more than one scope. Each scope branch includes the following objects: ✦ Address Pool: This branch lists the included address pool for the scope along with any exclusion ranges. Each scope has only one inclusion range, but can contain multiple exclusion ranges. ✦ Address Leases: This branch lists current client address leases, including the IP address, name, and lease expiration. ✦ Reservations: This branch lists address reservations, which reserve specific IP addresses for specific users based on the user’s MAC address (physical network adapter address). See the section “Creating Reservations” later in this chapter for more information. ✦ Scope Options: This branch lists additional properties passed to clients when they receive address leases from this scope. Typical properties include default router, DNS name server assignments, time server, and time offset. The following section explains how to configure these settings. Setting General Scope Options You can specify a wide range of scope properties in addition to those discussed so far. These properties are given to clients when they receive a lease from the server. For example, the scope’s properties can assign the default gateway and DNS servers the client should use, a time server for synchronizing the client’s internal clock with the network or server, and many other properties. In most situations, you’ll only need to configure the default gateway and DNS servers, although some situations might warrant configuring other properties as well. To configure general scope options, open the DHCP console and then open the scope you want to modify properties for. Right-click Scope Options and choose Configure Options to display the Scope Options property sheet, shown in Figure 13-3. The General tab enables you to configure properties that apply to all clients receiv- ing address leases through the scope. As Figure 13-3 shows, you select an item by clicking it, and then you specify the value(s) for the item in the lower half of the property sheet. Enable or disable properties by selecting or deselecting their checkboxes in the list. Set the value for each one and then click OK. The Advanced tab (Figure 13-4) lets you configure global properties for specific vendor and user classes. The default vendor classes are as follows: ✦ DHCP standard options: These are the same options that appear on the General tab by default and apply to all client connections for which no vendor or user class is specified. 4667-8 ch13.f.qc 5/15/00 2:05 PM Page 482 483 Chapter 13 ✦ DHCP Figure 13-3: The Scope Options property sheet ✦ Microsoft options: These options define Microsoft-specific DHCP properties for Microsoft clients. ✦ Microsoft Windows 2000 options: These options define Microsoft Windows 2000-specific properties for Windows 2000 clients. ✦ Microsoft Windows 98 options: This selection can be used to define Windows 98-specific options, although by default none are defined. Figure 13-4: The Advanced tab 4667-8 ch13.f.qc 5/15/00 2:05 PM Page 483 484 Part IV ✦ Networking and Communications Services By default, there are three user classes defined: ✦ Default BOOTP Class: These properties apply to clients that receive a lease via BOOTP. BOOTP enables clients to retrieve a valid address along with a boot image that enables the computer to boot. BOOTP is typically used as a mechanism to boot diskless workstations. ✦ Default Routing and Remote Access Class: These properties apply to clients that receive a lease through RRAS connections. ✦ Default User Class: These properties apply to all clients not handled by a different user class. See the section “Defining and Implementing Vendor and User Classes” later in this chapter for detailed information on configuring and using vendor and user classes to customize lease properties for specific systems and users. Default gateway The Router lease property defines the default gateway assigned to the DHCP client. You can specify an array of addresses, giving the client multiple gateways to use. If the client’s primary gateway fails for some reason, traffic will route through the next available gateway, providing fail-over insurance against a loss of connectivity. To assign a gateway to the array, enter the IP address in the IP address box in dot- ted octet format, then click Add. You can enter a host name in the Server name box and click Resolve if you know the host name of the gateway but not its IP address. Clicking Resolve performs a DNS lookup and returns the IP address in the IP address field if successful. You can specify multiple IP addresses, clicking Add to add each one to the array. Use the Up and Down buttons to change the order of the list. The client then tries the routers in sequence, starting with the top router. Domain name and DNS servers In addition to assigning one or more gateways, you will probably also want to assign at least one DNS server. Select 006 DNS Servers in the list and then add the IP addresses of the DNS servers to the list, just as you would when adding a router to the router list. The order of servers in the list defines the order in which the client will attempt to resolve names to addresses. Use the Up and Down buttons to change the order. Domain name Another property you should consider setting is the domain name. This property defines the client’s domain and is used to create the user’s fully qualified domain name (FQDN). The client appends its host name to the domain name to create the FQDN. You can specify the domain name within the client’s DNS properties, but set- ting it through DHCP instead enables the domain name to be changed dynamically when the client is granted a lease. If all the systems on the network use DHCP, this Note 4667-8 ch13.f.qc 5/15/00 2:05 PM Page 484 [...]... workgroup-based DHCP server queries the network for other DHCP servers; if it identifies any domain-based DHCP servers, it assumes it is not authorized and does not service client requests If no domainbased DHCP servers respond, however, the server starts servicing client requests This means that multiple workgroup-based DHCP servers can operate on the network concurrently When you install the DHCP service... Authorizing the Server An additional step for domain-based DHCP servers is to authorize the server Authorizing a server lists it in the Active Directory as an authorized DHCP server As explained earlier, Windows 2000 DHCP servers attempt to determine if they are authorized at startup and prior to processing client lease requests Domain-based DHCP servers attempt to check the AD to determine if they... the section “Configuring Windows 4667-8 ch13.f.qc 5/15/00 2:05 PM Page 487 Chapter 13 ✦ DHCP 2000 DHCP Clients” later in this chapter For now, you can use the following list as a guide to configuring settings on the DNS page: ✦ Automatically update DHCP client information in DNS: Select this option to direct the DHCP server to attempt to update client DNS information in the DNS server The server will... description are primarily for convenience and identification within the DHCP console The ID uniquely identifies the vendor class Creating a vendor class To create, modify, or remove a vendor class, open the DHCP console Right-click the server on which you want to work with vendor classes and choose Define Vendor Classes DHCP displays a DHCP Vendor Classes dialog box that lists all currently defined vendor... vendor class, you need to specify the DHCP options that will be available to that vendor class To do so, open the DHCP console, right-click the server on which you want to define vendor class options, and choose Set Predefined Options DHCP displays the Predefined Options and Values dialog box Select the option class you want to modify values for and then click Add DHCP displays the Option Type dialog... 2:05 PM Page 491 Chapter 13 ✦ DHCP Creating a user class You define a user class in much the same way that you define a vendor class Open the DHCP console, right-click the server at which you want to define the user class, and then choose Define User Classes Click Add in the DHCP User Classes dialog box As you do with a vendor class, specify a display name to appear in the DHCP console, an optional description,... and few domains) This is discussed in Chapters 8 and 9 You also can use superscopes to support remote DHCP clients located on the far side of a DHCP or BOOTP relay agent This enables you to support multiple physical subnets with a single DHCP server Figure 13-8 illustrates a situation in which a single DHCP server supports multiple logical IP networks on the local physical network, as well as logical... client to obtain its IP address from the DHCP server, obtain DNS server addresses through DHCP, or both The controls on the General tab are self-explanatory Configuring DNS Options for DHCP You can configure a Windows 2000 client to use Dynamic DNS (DDNS) to automatically update its host record when its host name changes or its IP address changes (including through DHCP lease renewal) Click Advanced on... Figure 13-6 4667-8 ch13.f.qc 5/15/00 2:05 PM Page 489 Chapter 13 ✦ DHCP Figure 13-6: The New Class dialog box The Display name is the friendly name for the vendor class within the DHCP console You can include an optional description to further identify the vendor class The ID is the data that clients use to request a specific set of DHCP options based on their vendor class Click in the ID box under... To set these properties, open the DHCP console, right-click the scope, and choose Properties to display the Scope Properties sheet The General tab lets you modify the scope-friendly name, IP address range, lease period, and description These options are self-explanatory The DNS tab determines how DHCP integrates with DNS You’ll find an explanation of how to configure DHCP clients to use DDNS in the section . the DHCP console, choose Start ➪ Programs➪ Administrative Tools ➪ DHCP. Figure 13-2: The DHCP console By default, the DHCP console connects to the local DHCP. differently. When a workgroup DHCP server starts, it broadcasts a DHCPINFORM message. Any domain-based DHCP servers on the network respond with DHCPACK and provide