-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
1/46
Ing. Rayner Durango E. MsigMCSE, MCT
Module 4 Allocating IPAddressing by Using Dynamic
Host Configuration Protocol
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
2/46
Overview
Adding and Authorizing the DHCP ServerService.
Configuring a DHCP Scope.
Configuring DHCP Reservations andOptions.
Configuring a DHCP Relay Agent.
Configuring DHCP Policies.
IP Address Management
Fuente: Microsoft Official Curriculum Course 2277
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
3/46
Adding and Authorizing the DHCP Server Service
Why Use DHCP? What Is Automatic Private IP Addressing?
How DHCP Allocates IP Addresses
How the DHCP Lease Generation ProcessWorks
How the DHCP Lease Renewal ProcessWorks
How a DHCP Server Service Is Authorized
Fuente: Microsoft Official Curriculum Course 2277
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
4/46
Why Use DHCP?
Fuente: Microsoft Official Curriculum Course 2277
DHCP reduces the complexity and amount of administrative work by usingautomatic TCP/IP configuration
Manual TCP/IP Configuration
IP addresses are entered manuallyIP address could be enteredincorrectly
Communication and networkissues can result
Frequent computer movesincrease administrative effort
Automatic TCP/IP Configuration
IP addresses are supplied
automatically
Correct configuration informationis ensured
Client configuration is updatedautomatically
A common source of networkproblems is eliminated
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
5/46
What Is Automatic Private IP Addressing?
Fuente: Microsoft Official Curriculum Course 2277
APIPA automatically self-configures addresses when there is noDHCP server available
Advantages
Serves as a DHCP server failovermechanism for small networks
Automatically assigns an IPaddress in a specific range
Disadvantages
Forces assignment of addressestypically not used
Conceals possible connectivityproblems
Does not work outside 169.254.x.xsubnet
Is not routable
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
6/46
How DHCP Allocates IP Addresses
Fuente: Microsoft Official Curriculum Course 2277
DHCP Server
DHCPDatabase
IP Address1: Leased to DHCP Client1
IP Address2: Leased to DHCP Client2
IP Address3: Available to be leased
DHCP Client2:IP configurationfrom DHCP server
Non-DHCP Client:Static IPconfiguration
DHCP Client1:IP configurationfrom DHCP server
Lease Renewal
Lease Generation
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
7/46
How the DHCP Lease Generation Process Works
Fuente: Microsoft Official Curriculum Course 2277
DHCP client broadcasts a DHCPDISCOVER
packet1
DHCP servers broadcast a DHCPOFFER packet2
DHCP client broadcasts a DHCPREQUESTpacket3
DHCP Server1 broadcasts a DHCPACK packet4
DHCPClient
DHCPServer1
DHCPServer2
DHCP client broadcasts a DHCPDISCOVER packet1
DHCP servers broadcast a DHCPOFFER packet2
DHCP client broadcasts a DHCPREQUEST packet3
DHCP Server1 broadcasts a DHCPACK packet4
DHCPClient
DHCPServer1
DHCPServer2
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
8/46
How the DHCP Lease Renewal Process Works
Fuente: Microsoft Official Curriculum Course 2277
DHCP ClientDHCPServer1
DHCPServer2
DHCP Client sends a DHCPREQUEST packet1
DHCP Server1 sends a DHCPACK packet2
50% of leaseduration hasexpired
87.5% oflease durationhas expired
100% oflease durationhas expired
If the client fails to renew its lease, after 50% ofthe lease duration has expired, then the DHCPlease renewal process will begin again after87.5% of the lease duration has expired
If the client fails to renew its lease, after 87.5%of the lease has expired, then the DHCP leasegeneration process starts over again with aDHCP client broadcasting a DHCPDISCOVER
DHCP ClientDHCPServer1
DHCPServer2
DHCP client sends a DHCPREQUEST packet1
DHCP Server1 sends a DHCPACK packet2
50% of leaseduration hasexpired
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
9/46
How a DHCP Server Service Is Authorized
Fuente: Microsoft Official Curriculum Course 2277
DomainController
ActiveDirectory
DHCP Client
DHCP Server1 checks with thedomain controller to obtain a listof authorized DHCP servers
Unauthorized
Does not service
DHCP requests
Authorized
Services DHCP
requests
DHCP Server1
DHCP Server2
If DHCP Server1 finds its IPaddress on the list, the servicestarts and supports DHCP clients
DHCP Server2 checks with thedomain controller to obtain a list ofauthorized DHCP servers
If DHCP Server2 does not find its IPaddress on the list, the service doesnot start and support DHCP clientsDHCP client receives IP addressfrom authorized DHCP Server1
DHCP authorization is the process of registering the DHCP Server servicein the Active Directory domain to support DHCP clients
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
10/46
Configuring a DHCP Scope
Fuente: Microsoft Official Curriculum Course 2277
What Are DHCP Scopes? What Are Superscopes and MulticastScopes?
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
11/46
What Are DHCP Scopes?
Fuente: Microsoft Official Curriculum Course 2277
A scope is a range of IP addresses that are available to be
leased
Scope Properties
Scope name
Exclusion range
Lease duration
Network IP addressrange
Network ID
Subnet mask
LAN A LAN B
DHCP Server
Scope BScope A
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
12/46
What Are DHCP Scopes?
Fuente: Microsoft Official Curriculum Course 2277
Example:netsh dhcp server 10.10.0.2 add scope 10.10.0.0 255.255.255.0 FirstScopeNewscope1
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
13/46
What Are Superscopes and Multicast Scopes?
Fuente: Microsoft Official Curriculum Course 2277
LAN A LAN A
DHCP Server
Scope A and Scope B
SuperscopeA superscope is used for environments in which multiple subnets make up a network
segment. In these cases, you can create a superscope to contain multiple scopes. Theindividual scopes are in turn dependent on the master superscope. When more than onelogical IP network is used on each physical subnet or network, the configuration is oftencalled a multinet.For example, suppose you have a large research and development company that occupiesthree floors. Each of the floors contains 300 to 400 people. All of these users share the same
gigabit Ethernet segment. Traditionally, each floor would be on its own IP subnet, with a
routed backbone running between the floors. This is impossible in the current scenario,however, because a single Class C subnet cannot handle so many users on each floor.To alleviate this problem you would need to place multiple IP subnets on the same segmentby creating a DHCP superscope. This would allow more than one Class C address to servethe same segment, thereby providing enough addresses to handle all of the machines on the
physical segment.
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
14/46
What Are Superscopes and Multicast Scopes?
Fuente: Microsoft Official Curriculum Course 2277
Multicast ScopeA multicast scope allows multicast addresses to be assigned in addition to unicast (single-
computer) addresses. A multicast address is one in which destination hosts can each havethe same IP address, which is useful in one-to many forms of communications, such asmedia streaming. Multicasting is the act of transmitting a message to a select group ofrecipients.Computers join and leave a multicast group by using a protocol known as MulticastAddress Dynamic Client Allocation Protocol (MADCAP). A MADCAP client is allocated aprimary IP Address either statically or through DHCP prior to being allocated a multicast
address by a MADCAP server. The multicast client, in turn, might also be a multicastserver used to support IP multicasting. The multicast server manages the use of themulticast IP address and streams data traffic to members that share the specified scopeaddress.
LAN A LAN B
DHCP Server
Scope BScope A
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
15/46
Configuring DHCP Reservations and Options
Fuente: Microsoft Official Curriculum Course 2277
What Is a DHCP Reservation? What Are DHCP Options?
How DHCP-Server, Scope, and Reserved-
Client Options Are Applied How DHCP Class-Level Options AreApplied
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
16/46
What Is a DHCP Reservation?
Fuente: Microsoft Official Curriculum Course 2277
A reservationis a specific IP address, within a scope, that is permanentlyreserved for lease to a specific DHCP client
Subnet A Subnet B
Workstation 1
DHCP Server
Workstation 2
File andPrint Server
IP Address1: Leased to Workstation 1IP Address2: Leased to Workstation 2IP Address3: Reserved for File and Print Server
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
17/46
What Is a DHCP Reservation?
Fuente: Microsoft Official Curriculum Course 2277
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
18/46
What Are DHCP Options?
Fuente: Microsoft Official Curriculum Course 2277
DHCP optionsare configuration parameters that a DHCP server assigns toclients
DHCP Client
DHCP Server
DHCP Client IP Configuration Data
Clients IP address
Clients subnet mask
DHCP options
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
19/46
What Are DHCP Options?
Fuente: Microsoft Official Curriculum Course 2277
How DHCP Server Scope and Reserved Client
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
20/46
How DHCP-Server, Scope, and Reserved-ClientOptions Are Applied
Fuente: Microsoft Official Curriculum Course 2277
DHCP option applied at theserver levelDHCP option applied at thescope levelDHCP option applied at thereserved-client level
Scope A Scope B
Windows XP
DHCP ServerWindows 98
Windows XP
Router
File and PrintServer
Scope A Scope B
Windows XP
DHCP ServerWindows 98
Windows XP
Router
File and PrintServer
How DHCP Server Scope and Reserved Client
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
21/46
How DHCP-Server, Scope, and Reserved-ClientOptions Are Applied
Fuente: Microsoft Official Curriculum Course 2277
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
22/46
How DHCP Class-Level Options Are Applied
Fuente: Microsoft Official Curriculum Course 2277
DHCP option applied at theclass level
Scope A Scope B
DHCP ServerWindows 98
Windows XP Windows XP
Router Router
File andPrint Server
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
23/46
How DHCP Class-Level Options Are Applied
Fuente: Microsoft Official Curriculum Course 2277
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
24/46
How DHCP Class-Level Options Are Applied
Fuente: Microsoft Official Curriculum Course 2277
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
25/46
Configuring a DHCP Relay Agent
What Is a DHCP Relay Agent? How a DHCP Relay Agent Works
How a DHCP Relay Agent Uses Hop
Count How a DHCP Relay Agent Uses BootThreshold
Fuente: Microsoft Official Curriculum Course 2277
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
26/46
What Is a DHCP Relay Agent?
Fuente: Microsoft Official Curriculum Course 2277
A DHCP relay agent is a computer or router that listens forDHCP/BOOTP broadcasts from DHCP clients and then relays thosemessages
DHCP Server
Client
DHCP Relay Agent
Client Client Client
Routers
(NonRFC 1542Compliant)
Unicast
Broadcast
Subnet A Subnet B
Broadcast
l k
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
27/46
How a DHCP Relay Agent Works
Fuente: Microsoft Official Curriculum Course 2277
RouterNon-RFC 1542 CompliantClient1
DHCP Relay Agent
Client2
DHCP Server
Client3Router(NonRFC 1542 Compliant)Client1
DHCP Relay Agent
Client2
DHCP Server
Client3
Client1 broadcasts a DHCPDISCOVER packet1
Relay agent forwards the DHCPDISCOVER message to the DHCP server2
Server sends a DHCPOFFER message to the DHCP relay agent3
Relay agent broadcasts the DHCPOFFER packet4
Client1 broadcasts a DHCPREQUEST packet5
Relay agent forwards the DHCPREQUEST message to the DHCP server6
Server sends a DHCPACK message to the DHCP relay agent7
Relay agent broadcasts the DHCPACK packet8
l
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
28/46
How a DHCP Relay Agent Uses Hop Count
Fuente: Microsoft Official Curriculum Course 2277
The hop count threshold is the number of routers through whichthe packet can be transmitted before it is discarded
DHCP Relay Agent 2
DHCP Server
Hop Count = 2
DHCP Relay Agent 1
H DHCP R l A U B Th h ld
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
29/46
How a DHCP Relay Agent Uses Boot Threshold
Fuente: Microsoft Official Curriculum Course 2277
DHCP Server 2
DHCP Server 3
DHCP Relay Agent
Boot Threshold = 10 seconds
Local DHCPServer
Theboot thresholdis the time the DHCP relay agent will wait fora DHCP server response before forwarding the request
C fi i DHCP P li i
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
30/46
Configuring DHCP Policies
What Is DHCP Policies? Policy Based Assignment (PBA)
How DHCP PBA works
How DHCP PBA processing
Fuente: Microsoft Official Curriculum Course 2277
Wh t I DHCP P li i ?
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
31/46
What Is DHCP Policies?
Fuente: http://technet.microsoft.com/en-us/library/dn425039.aspx
DHCP Policies
Allows you to create IPv4 policies that specify custom IP address andoption assignments for DHCP clients based on a set of conditions.
The Policy Based Assignment (PBA) feature allows you to groupDHCP clients by specific attributes based on fields contained in the
DHCP client request packet. PBA enables targeted administration andgreater control of the configuration parameters delivered to networkdevices with DHCP.
P li B d A i t (PBA)
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
32/46
Policy Based Assignment (PBA)
Fuente: http://technet.microsoft.com/en-us/library/dn425039.aspx
PBA
1. A subnet has a mix of different types of clients: desktop computers, printers,IP phones, and other devices. You want different types of clients to get IPaddresses from different IP address ranges within the subnet. This is possibleusing DHCP policies if the devices have different vendors. For example:
Printers can get IP addresses from 10.10.10.1 to 10.10.10.9.
IP phones can get IP addresses from 10.10.10.10 to 10.10.10.49.
Desktop computers can be assigned IP addresses from 10.10.10.50 to10.10.10.239.
Additional devices can be assigned IP addresses of 10.10.10.240 to10.10.10.254.
By specifying a different IP address range for different device types, you canmore easily identify and manage devices on the network.
P li B d A i t (PBA)
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
33/46
Policy Based Assignment (PBA)
Fuente: http://technet.microsoft.com/en-us/library/dn425039.aspx
PBA
2. In a subnet which has a mix of wired and mobile computers, you might wantto assign a shorter, 4 hour lease duration to mobile computers and longer, 4 daylease duration to wired computers.
3. You want to control who gets access to the network by providing a DHCP
lease to only a known set of clients based on MAC address.
4. Employees bring in their own devices such as smartphones and tablets towork and you want to manage network traffic or control network access basedon device type.
5. You want to provide a different set of scope options to different types ofdevices. For example, IP phones can get a different Boot Server Host Name(TFTP server) and Bootfile Name option.
P li B d A i t (PBA)
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
34/46
Policy Based Assignment (PBA)
Fuente: http://technet.microsoft.com/en-us/library/dn425039.aspx
PBA
In this example:
Subnet A contains DHCP client devices of several different types includingworkstations, printers, and IP phones.
A DHCP server on another subnet is configured to provide leases to thesedevices from scope A.
Polices are configured at the scope level to control IP address range and at theserver level to specify lease duration.
P li B d A i (PBA)
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
35/46
Policy Based Assignment (PBA)
Fuente: http://technet.microsoft.com/en-us/library/dn425039.aspx
PBA Works
DHCP client requests are processed as follows:
1. A client on subnet A submits a DHCPREQUEST that is sent to the DHCP servervia DHCP relay.
2. The clientsvendor class and MAC prefix are included in the DHCPREQUEST
packet along with theGateway IP Address(GIADDR).
3. The DHCP server uses the GIADDR to determine that the client requires alease from scope A, and begins processing policies in that scope.
4. Since scope B does not apply, these policies are ignored.
5. Based on the vendor class and MAC prefix values provided, the client requestmatches conditions of policy A3.
6. After all scope polices are processed, server level policies are processed andthe client also matches conditions of policy 1.
7. After all policies are processed, the DHCP server returns an IP addressconfiguration to the client using the settings specified in policies A3 and 1.
H DHCP PBA k
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
36/46
How DHCP PBA works
Fuente: http://technet.microsoft.com/en-us/library/dn425039.aspx
PBA Works
DHCP policies are rules that you can define for DHCP clients. You can define a singlepolicy, or several. Characteristics of DHCP policies include:
Policy level: Polices can apply at the server level or the scope level. Server levelpolicies are processed for all DHCP client requests received by the server. Scope levelpolicies are processed only for DHCP client requests that apply to a specific scope.
Processing order: Each policy has an associated processing order that is uniquewithin a server or scope. Policies with a lower numbered processing order are
evaluated before higher number policies. If both scope and server level policiesapply to a client, the scope level policies are always processed before any server levelpolicies.
Conditions: The conditions specified in a policy enable you to evaluate clientsbased on fields that are present in the DHCP client request. If a client requestmatches the conditions in the policy, the settings associated with a policy will beapplied to the client by the DHCP server when it responds to the DHCP request.
Settings: Settings are network configuration parameters (ex: IP address, options,lease duration) that are provided to DHCP clients in the DHCP server response.Settings enable you to group clients by applying the same set of network parametersto them.
Enabled/Disabled: Policies at the scope or server level can also be enabled ordisabled. A policy that is disabled is skipped when processing incoming DHCP clientrequests.
H DHCP PBA i
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
37/46
How DHCP PBA processing
Fuente: http://technet.microsoft.com/en-us/library/dn425039.aspx
PBA Processing
Since you can configure multiple policies at both the scope level and server level,each policy is assigned a processing order. The processing order can also bemodified, assuming more than a single policy exists. The following conditions exist:
1. When processing DHCP client requests, the DHCP server evaluates each clientrequest against the conditions in all applicable policies, based on their processingorder.
2. Scope level policies are processed first by the DHCP server, followed by server widepolicies. Theoretically, a client can match the conditions of several scope policies andalso several server policies.
3. If a client satisfies the conditions of more than 1 policy, it will get the combined
settings from all policies that it matched. If the same option setting is provided inmultiple policies, the client will use the setting from the first policy that is processed.
H DHCP PBA i
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
38/46
How DHCP PBA processing
Fuente: http://technet.microsoft.com/en-us/library/dn425039.aspx
PBA Processing
For example, assume that policy-1 has an option value for 003 Router and policy-2 hasan option value for 006 DNS Servers, and a client request matches both policies. TheDHCP server will assign a default gateway value (003 Router) using policy-1 and a DNSserver value using policy-2. However, if policy-1 has the higher processing priority (avalue of 1)and also has an option value for DNS server, the client will get both therouter and DNS server option values from policy-1. The DNS server option value in
policy-2 is ignored because policy-2 has a lower processing priority (a value of2).
A policy does not need to be configured with all option values that you have alreadyconfigured at the scope or server level. If a policy client has requested an optionwhich is not present in the policy but has been configured in scope level or serverlevel options, these options are applied to the client in the server response. However,if you wish to specify options for certain clients, you can include these option settingsin policies and they will have a higher priority than scope or server level options. Theonly type of option setting that has a higher priority than those configured in policesare options that you configure for a reservation.
IP Address Management
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
39/46
IP Address Management
Overview IPAM IPAM Modules
IPAM Arquitecture
Fuente: Microsoft Official Curriculum Course 2277
IP Address Management
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
40/46
IP Address Management
Fuente: http://technet.microsoft.com/en-us/library/hh831622.aspx
IPAM
IP Address Management (IPAM) in Windows Server 2012 is a framework fordiscovering, monitoring, managing and auditing IP address space on a corporatenetwork. IPAM provides the following features:
Automatic IP address infrastructure discovery.
Highly customizable IP address space display, reporting, and management.
Configuration change auditing for DHCP and IPAM services.
Monitoring and management of DHCP and DNS services.
IP address lease tracking.
IPAM Modules
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
41/46
IPAM Modules
Fuente: http://technet.microsoft.com/en-us/library/hh831622.aspx
IPAM Modules
The IPAM feature consists of four primary modules. The following sections provide a briefdescription of these modules.
IPAM discovery
IPAM discovery requires access to Active Directory in order to discover networkinfrastructure servers. This discovery is necessary to enable IPAM services. Discovery
allows administrators to enumerate servers running Windows Server 2008 or later withthe DNS Server, DHCP Server and AD DS role services installed. Administrators can alsomanually add or delete servers to define a custom scope of administrative control. Thescope of discovery can be modified in real-time by selecting or removing domains andspecific server roles.
IPAM Modules
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
42/46
IPAM Modules
Fuente: http://technet.microsoft.com/en-us/library/hh831622.aspx
IPAM Modules
IP address space management
The IPAM address space management (ASM) feature provides the ability to efficiently view,monitor, and manage IP address space on the network. ASM supports IPv4 public andprivate addresses, and IP addresses can be dynamically issued on the network or providedas static IP addresses. Sorting can be based on custom fields, such as region, Regional
Internet Registries (RIR), device type, or customer name. A network administrator can trackIP address utilization and threshold-crossing status, or display utilization trends. IPAMASM tools address the IP address space management problem in a growing distributedenvironment by ensuring better planning, accountability, and control. IPAM also enablesan administrator to detect overlapping IP address ranges defined on different DHCPservers, find free IP addresses within a range, create DHCP reservations, and create DNSrecords.
IPAM Modules
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
43/46
IPAM Modules
Fuente: http://technet.microsoft.com/en-us/library/hh831622.aspx
IPAM Modules
Multi-server management and monitoringIPAM enables administrators to monitor and manage multiple DHCP servers and monitormultiple DNS servers spread across various regions from a centralized console.Administrative tasks are frequently repetitive across multiple servers. The ability to executethese tasks uniformly across servers reduces both the effort involved as well as theprobability of error. The multi-server management (MSM) feature enables an administratorto easily edit and configure key properties of multiple DHCP servers and scopes across theorganization. IPAM also facilitates monitoring and tracking of DHCP service status andutilization of DHCP scopes. IPAM also enables tagging of servers with built-in and user-defined custom field values and to visualize these servers and group them into logicalgroups and sub-groups. IPAM helps to monitor the health of a DNS zone on multiple DNSservers by displaying the aggregated status of a zone across all authoritative DNS servers.IPAM also tracks the service status of the DNS and DHCP servers on the network.
IPAM Modules
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
44/46
IPAM Modules
Fuente: http://technet.microsoft.com/en-us/library/hh831622.aspx
IPAM Modules
Operational auditing and IP address tracking
Auditing tools enable tracking potential configuration problems on IP infrastructureservers. IPAM provides the ability to view consolidated configuration changes on managedDHCP servers and the IPAM server. Details are tracked such as server name, user name,and the date and time a configuration change was made. IP address lease tracking isavailable to aid forensics investigations by collecting lease logs from DHCP, DC and NPSservers. IPAM enables history tracking for IP address leases and user logins. This enables
tracking of IP address activity correlated with MAC addresses, user names, host names andother parameters.
IP Address Arquitecture
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
45/46
IP Address Arquitecture
Fuente: http://technet.microsoft.com/en-us/library/hh831622.aspx
IPAM Arquitecture
An IPAM server is a domain member computer. You cannot install IPAM on an ActiveDirectory domain controller.
There are three general methods to deploy IPAM servers:
1. Distributed: An IPAM server is deployed at every site in the enterprise.
2. Centralized: One IPAM server is deployed in the enterprise.Hybrid: A central IPAM server deployed with dedicated IPAM servers at each site.
There is no communication or database sharing between different IPAM servers in theenterprise. If multiple IPAM servers are deployed, you can customize the scope ofdiscovery for each IPAM server, or filter the list of managed servers. A single IPAM server
might manage a specific domain or location, perhaps with a second IPAM serverconfigured as a backup.
IP Address Arquitecture
-
8/12/2019 Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)
46/46
IP Address Arquitecture
IPAM Arquitecture
IPAM will periodically attempt to locate network policy servers, domain controllers, DNSservers, and DHCP servers on the network that are within the scope of discovery that youspecify. You must choose whether these servers are managed by IPAM or unmanaged. Inthis way, you can select different groups of servers that are managed or not managed byIPAM. To be managed by IPAM, server security settings and firewall ports must beconfigured to allow the IPAM server access to perform required monitoring andconfiguration functions. You can choose to configure these settings manually, orautomatically using Group Policy Objects (GPOs). If you choose the automatic method,then settings are applied when a server is marked as managed and settings are removedwhen it is marked as unmanaged. The IPAM server will communicate with managedservers using an RPC or WMI interface. IPAM monitors domain controllers and NPSservers for IP address tracking purposes. In addition to monitoring functions, severalDHCP server and scope properties can be configured from using IPAM. Zone statusmonitoring and a limited set of configuration functions are also available for DNS servers.