Module 2Configuring and

Troubleshooting DHCP

Module Overview• Overview of the DHCP Server Role • Configuring DHCP Scopes • Configuring DHCP Options• Managing a DHCP Database• Monitoring and Troubleshooting DHCP• Configuring DHCP Security

Lesson 1: Overview of the DHCP Server Role• Benefits of Using DHCP• New DHCP Features in Windows Server 2008/R2• How DHCP Allocates IP Addresses• How DHCP Lease Generation Works• How DHCP Lease Renewal Works• DHCP Server Authorization• Demonstration: How to add the DHCP Server Role

Benefits of Using DHCP

DHCP reduces the complexity and amount of administrative work by using automatic TCP/IP configuration

Manual TCP/IP Configuration

• IP addresses are entered manually

• IP address could be entered incorrectly

• Communication and network issues can result

• Frequent computer moves increase administrative effort

Automatic TCP/IP Configuration

• IP addresses are supplied automatically

• Correct configuration information is ensured

• Client configuration is updated automatically

• A common source of network problems is eliminated

New DHCP Features in Windows Server 2008

New DHCP features include:

• Windows Server 2008 Support for DHCPv6

• Support for advanced network security configuration using NAP

• DHCP on Server Core

These new features were added with Windows Server 2008

How DHCP Allocates IP Addresses

DHCP Server

DHCP Database

IP Address1: Leased to DHCP Client1IP Address2: Leased to DHCP Client2IP Address3: Available to be leased

DHCP Client2:IP configuration from DHCP server

Non-DHCP Client:Static IP configuration

DHCP Client1:IP configuration from DHCP server

Lease Renewal

Lease Generation

How DHCP Lease Generation Works

DHCP client broadcasts a DHCPDISCOVER packet1

DHCP servers broadcast a DHCPOFFER packet2

DHCP client broadcasts a DHCPREQUEST packet3

DHCP Server1 broadcasts a DHCPACK packet4

DHCP Client

DHCP Server1

DHCP Server2

DHCP client broadcasts a DHCPDISCOVER packet1

DHCP servers broadcast a DHCPOFFER packet2

DHCP client broadcasts a DHCPREQUEST packet3

DHCP Server1 broadcasts a DHCPACK packet4

DHCP Client

DHCP Server1

DHCP Server2

How DHCP Lease Renewal Works

DHCP Client sends a DHCPREQUEST packet1

DHCP Server1 sends a DHCPACK packet2

If the client fails to renew its lease, after 50% of the lease duration has expired, then the DHCP lease renewal process will begin again after 87.5% of the lease duration has expired

If the client fails to renew it’s lease, after 87.5% of the lease has expired, then the DHCP lease generation process starts over again with a DHCP client broadcasting a DHCPDISCOVER

DHCP ClientDHCP Server1

DHCP Server2

50% of lease duration has expired

87.5% of lease duration has expired

100% of lease duration has expired

DHCP ClientDHCP Server1

DHCP Server2

DHCP client sends a DHCPREQUEST packet1

DHCP Server1 sends a DHCPACK packet2

50% of lease duration has expired

DHCP Server Authorization

DHCP Server2 checks with the domain controller to obtain a list ofauthorized DHCP servers

If DHCP Server2 does not find its IP address on the list, the service does not start and support DHCP clientsDHCP client receives IP address from authorized DHCP Server1

DHCP Server1 checks with the domain controller to obtain a list of authorized DHCP servers

If DHCP Server1 finds its IP address on the list, the service starts and supports DHCP clients

DomainController

Active Directory

DHCP Client UnauthorizedDoes not service DHCP requests

AuthorizedServices DHCP requests

DHCP Server1

DHCP Server2

DHCP authorization is the process of registering the DHCP Server service in the Active Directory domain to support DHCP clients

Demonstration: How to Add the DHCP Server RoleThis demonstration shows how to: • Install and authorize the DHCP server role

Lesson 2: Configuring DHCP Scopes• What Are DHCP Scopes?• What Are Superscopes and Multicast Scopes?• Demonstration: How To Configure DHCP Scopes• What Is a DHCP Reservation?• DHCP Sizing and Availability

What Are DHCP Scopes?

A scope is a range of IP addresses that are available to be leased

Scope Properties• Scope name• Exclusion range

• Lease duration• Network IP

address range

• Network ID• Subnet mask

LAN A LAN B

DHCP Server

Scope BScope A

What Are Superscopes and Multicast Scopes?

LAN A LAN B

DHCP Server

Scope A and Scope B

LAN A LAN B

DHCP Server

Scope BScope A

Demonstration: How To Configure DHCP ScopesThis demonstration shows how to: • Create an IPv4 scope

What Is a DHCP Reservation?

A reservation is a specific IP address, within a scope, that is reserved permanently for lease to a specific DHCP client

Subnet A Subnet B

Workstation 1

DHCP Server Workstation 2

File and Print Server

IP Address1: Leased to Workstation 1IP Address2: Leased to Workstation 2 IP Address3: Reserved for File and Print Server

DHCP Sizing and Availability

DHCP Clients

DHCP Server1192.168.0.1

DHCP Server2192.168.1.1

DHCP Clients

DHCP Server1 has 80% of addresses as follows:• Scope range: 192.168.0.2-192.168.0.254• Excluded addresses: 192.168.0.200-192.168.0.254

DHCP Server2 has 20% of addresses as follows:• Scope range: 192.168.0.2-192.168.0.254• Excluded addresses: 192.168.0.2-192.168.0199

Lesson 3: Configuring DHCP Options• What Are DHCP Options?• What Are DHCP Class-Level Options?• How DHCP Options Are Applied• Demonstration: How to Configure DHCP Options

What Are DHCP Options?

• WINS Servers

Common scope options are:

DHCP options are values for common configuration data that applies to the server, scopes, reservations, and class options

• DNS Servers

• DNS Name

• WINS Servers

• Default Gateway

What Are DHCP Class-Level Options?

DHCP class-level options are scope options that apply to a specific type of device

DHCP class-level option Description

Vendor-class Configured by vendors such as Microsoft, HP, and Sun

User-class Set and viewed by the user

How DHCP Options Are Applied

DHCP options can be applied at various levels:

• Server

• Scope

• Reserved client

• Class

Demonstration: How to Configure DHCP OptionsThis demonstration shows how to: • Configure scope options• Configure server options• Create a user class for options• Enable scope and configure client computer user class

Lesson 4: Managing a DHCP Database• Overview of DHCP Management Scenarios• DHCP Server Configuration Options• What Is a DHCP Database?• How a DHCP Database Is Backed Up and Restored• How a DHCP Database Is Reconciled• Moving a DHCP Database• Demonstration: How to Manage a DHCP Database

Overview of DHCP Management Scenarios

Scenarios for managing DHCP:

The DHCP service needs to be managed to respond to network changes

• Managing DHCP database growth

• Protecting the DHCP database

• Ensuring DHCP database consistency

• Adding clients

• Adding new network service servers

• Adding new subnets

DHCP Server Configuration Options

What Is a DHCP Database?

• Windows Server 2003 stores the DHCP database in the %Systemroot%\System32\Dhcp folder

• The DHCP database files include:• Dhcp.mdb• Dhcp.tmp• J50.log and J50*.log• Res*.log• J50.chk

The DHCP database is a dynamic database that contains configuration information

• The DHCP database contains DHCP configuration data such as:• Scopes• Address leases• Reservations

How a DHCP Database Is Backed Up and Restored

DHCP Server

DHCP

DHCP

Offline Storage

The DHCP service automatically backs up the DHCP database to the backup directory on the local driveIf the original database is unable to load, the DHCP service automatically restores from the backup directory on the local driveThe administrator moves a copy of the backed up DHCP database to an offline storage locationIn the event that the server hardware fails, the administrator can restore only from the offline storage location

Back up Restore

Back up

Restore

How a DHCP Database Is Reconciled

Example

Registry DHCP Database After Reconciliation

Client has IP address 192.168.1.34

IP address 192.168.1.34 is available

Lease entry is created in DHCP Database

DHCP Server

DHCPDatabase

Registry Summary IP address lease information

Detailed IP address lease information Compares and

reconciles inconsistencies in the DHCP Database

Moving a DHCP Database

DHCPDatabase

Old DHCP Server

New DHCP Server

DHCPDatabase

BackupMedia

Demonstration: How To Manage a DHCP DatabaseThis demonstration shows how to: • Examine the backup interval• Back up the DHCP database• Reconcile the scope data

Lesson 5: Monitoring and Troubleshooting DHCP• Overview of Monitoring DHCP• Common DHCP Issues• What Are DHCP Statistics?• What Is a DHCP Audit Log File?• Monitoring DHCP Server Performance• Demonstration: How to Monitor DHCP

Overview of Monitoring DHCP

Why monitor DHCP?

• To observe the dynamic DHCP environment• To determine DHCP server performance• To facilitate planning for current and future needs

DHCP data includes:

• DHCP statistics• DHCP events• DHCP performance data

Common DHCP Issues

• Address conflicts

• Failure to obtain a DHCP address

• Address obtained from incorrect scope

• DHCP database suffered data corruption or loss

• DHCP server has exhausted its IP address pool

What Are DHCP Statistics?

DHCP statistics are collected at either the server level or scope level

DHCP Server

What Is a DHCP Audit Log File?

A DHCP audit log is a log of service-related events

Monitoring DHCP Server Performance

• Create a DHCP performance baseline

• Check the standard counters for server performance

• Review DHCP server counters for significant changes in DHCP traffic

Performance counters

What to look for after a baseline is established

Packets received/second

Monitor for sudden increases or decreases, which could reflect network problems

Requests/second Monitor for sudden increases or decreases, which could reflect network problems

Active queue length

Monitor for sudden and gradual increases, which could reflect increased load or decreased server capacity

Duplicates dropped/second

Monitor for any activity that could indicate that more than one request is being transmitted on behalf of clients

Demonstration: How to Monitor DHCPThis demonstration shows how to: • View server statistics• View the log files• Use Network Monitor to monitor DHCP

Lesson 6: Configuring DHCP Security• Preventing an Unauthorized User from Obtaining a Lease• Restricting Unauthorized, Non-Microsoft DHCP Servers

from Leasing IP Addresses• Restricting DHCP Administration

Preventing an Unauthorized User from Obtaining a Lease

To prevent an unauthorized user from obtaining a lease:

• Ensure that unauthorized persons do not have physical or wireless access to your network

• Enable audit logging for every DHCP server on your network

• Regularly check and monitor audit log files

• Use 802.1X-enabled LAN switches or wireless access points to access the network

• Configure NAP to validate users and security policy compliance

Restricting Unauthorized, Non-Microsoft DHCP Servers from Leasing IP Addresses

To eliminate an unauthorized DHCP server, you must locate and disable it from communicating on the network either physically or by disabling the DHCP service

Restricting DHCP Administration

To restrict who can administer the DHCP service:

• Limit the members of the DHCP Administrators group

• Add users needing read-only access to the DHCP Users group

Account Permissions

DHCP Administrators group Can view and modify any data about the DHCP server

DHCP Users group Has read-only DHCP console access to the server

Lab: Configuring and Troubleshooting the DHCP Server Role• Exercise 1: Selecting a Suitable DHCP Configuration• Exercise 2: Implementing DHCP• Exercise 3: Reconfiguring DHCP• Exercise 4: Testing the Configuration • Exercise 5: Troubleshooting DHCP Issues

Estimated time: 75 minutes

Logon information

Virtual machines6421B-NYC-DC16421B-NYC-RTR6421B-NYC-SVR26421B-NYC-CL2

User name Contoso\AdministratorPassword Pa$$w0rd

Lab Scenario

Contoso is deploying DHCP to their branch offices. Fault tolerance is important, and you are tasked with configuring the DHCP services in the head office and branch offices to support the requirements.

Lab Review• In the lab, you configured the router with the DHCP Relay

agent. What does the agent do?• In the lab, you configured a scope for the branch office

computers on each of two DHCP servers to provide for fault tolerance. What would happen to clients that renewed when both DHCP servers were unavailable?

Module Review and Takeaways• Review Questions• Tools