Transcript Example Title with Registration Microsoft® and

Week #3: Configuring and Troubleshooting DHCP
• Overview of the DHCP Server Role
• Configuring DHCP Scopes and Options
• Managing a DHCP Database
• Monitoring and Troubleshooting DHCP
• Securing DHCP
Benefits of Using DHCP
DHCP reduces the complexity and amount of administrative
work by using automatic TCP/IP configuration
Manual TCP/IP Configuration
Automatic TCP/IP Configuration
• IP addresses are entered
manually
• IP addresses are supplied
automatically
• IP address could be entered
incorrectly
• Correct configuration
information is ensured
• Communication and network
issues can result
• Client configuration is updated
automatically
• Frequent computer moves
increase administrative effort
• A common source of network
problems is eliminated
New DHCP Features in Windows Server 2008
New DHCP features include:
• Windows Server 2008 Support for DHCPv6
• Support for advanced network security
configuration using NAP
• DHCP on Server Core
How DHCP Allocates IP Addresses
DHCP Client2:
IP configuration
from DHCP server
Non-DHCP Client:
Static IP
configuration
Lease Renewal
Lease Generation
DHCP Server
DHCP Client1:
IP configuration
from DHCP server
DHCP
Database
IP Address1: Leased to DHCP Client1
IP Address2: Leased to DHCP Client2
IP Address3: Available to be leased
How DHCP Lease Generation Works
DHCP
Server2
DHCP
Server1
DHCP
Client
1
DHCP client broadcasts a DHCPDISCOVER
packet
2
DHCP servers broadcast a DHCPOFFER packet
3
DHCP client broadcasts a DHCPREQUEST packet
4
DHCP Server1 broadcasts a DHCPACK packet
How DHCP Lease Renewal Works
DHCP
DHCP
Server2
Server2
DHCP
DHCP
Server1
Server1
DHCP Client
Client
DHCP
100% of
87.5%
of
50%
of
lease
lease
50% of lease
duration
duration has
has
expired
expired
DHCP
client
sends
a DHCPREQUEST
DHCPREQUEST
packet
sends
a
If11
theDHCP
clientClient
fails to
renew
its lease,
it’s
lease,after
afterpacket
50%
87.5%
of of
thethe
lease has
duration
expired,
has then
expired,
the DHCP
then the
lease
DHCP
generation
lease renewal
process starts
will begin
overagain
againafter
with87.5%
a DHCPofclient
the lease
DHCP Server1
Server1 sends
sends aa DHCPACK
DHCPACK packet
packet
22 DHCP
duration
broadcasting
has expired
a DHCPDISCOVER
DHCP Server Authorization
DHCP authorization is the process of registering the DHCP Server
service in the Active Directory domain to support DHCP clients
DHCP
If DHCP
Server1
Server1
checks
finds
with
its IP
the
domain
addresscontroller
on the list,
to the
obtain
service
a list
starts
of authorized
and supports
DHCP
DHCP
servers
clients
Domain
Controller
DHCP Server1
Authorized
Active
Directory
Services DHCP
requests
DHCP Server2
DHCP Client
If DHCP
DHCP Server2
Server2 does
checks
notwith
findthe
its IP
DHCP client receives IP address
address
domain controller
on the list,to
the
obtain
service
a list
does
of
from authorized DHCP Server1
not start
authorized
and support
DHCP DHCP
servers
clients
Unauthorized
Does not service
DHCP requests
What Are DHCP Scopes?
A scope is a range of IP addresses that are available
to be leased
DHCP Server
LAN A
LAN B
Scope A
Scope B
Scope Properties
• Network ID
• Lease duration
• Scope name
• Subnet mask
• Network IP
• Exclusion range
address range
What Are DHCP Options?
DHCP options are values for common configuration data
that applies to the server, scopes, reservations, and
class options
Common scope options are:
• DNS Servers
• DNS Name
• Default Gateway
• WINS Servers
• WINS Servers
What Are DHCP Class-Level Options?
DHCP class-level options are scope options that apply to a
specific type of device
DHCP class-level
option
Description
Vendor-class
Configured by vendors such as
Microsoft, HP, and Sun
User-class
Set and viewed by the user
What Is a DHCP Reservation?
A reservation is a specific IP address, within a scope, that
is reserved permanently for lease to a specific DHCP client
Workstation 1
Subnet A
File and Print
Server
Subnet B
DHCP Server
IP Address1: Leased to Workstation 1
IP Address2: Leased to Workstation 2
IP Address3: Reserved for File and
Print Server
Workstation 2
DHCP Sizing and Availability
DHCP
Clients
DHCP
Server1
192.168.1.2
DHCP
Clients
DHCP
Server2
192.168.1.1
DHCP Server1 has 20% of addresses as follows:
• Scope range: 192.168.1.10-192.168.1.254
• Excluded addresses: 192.168.1.10-192.168.1.205
DHCP Server2 has 80% of addresses as follows:
• Scope range: 192.168.1.10-192.168.1.254
• Excluded addresses: 192.168.1.206-192.168.1.254
How DHCP Options Are Applied
DHCP options can be applied at various levels:
• Server
• Scope
• Class
• Reserved client
Overview of DHCP Management Scenarios
The DHCP service needs to be managed to respond to
network changes
Scenarios for managing DHCP:
• Managing DHCP database growth
• Protecting the DHCP database
• Ensuring DHCP database consistency
• Adding clients
• Adding new network service servers
• Adding new subnets
What Is a DHCP Database?
The DHCP database is a dynamic database that contains
configuration information
• The DHCP database contains DHCP configuration data such as:
• Scopes
• Address leases
• Reservations
• Windows Server 2003 stores the DHCP database in the
%Systemroot%\System32\Dhcp folder
• The DHCP database files include:
• Dhcp.mdb
• Tmp.edb
• J50.log and J50*.log
• Res*.log
• J50.chk
How a DHCP Database Is Backed Up and Restored
DHCP
Server
Restore
Offline
Storage
DHCP
Back up
Restore
DHCP
Back up
In the
If
the original
event that
database
the server
is unable
hardware
to load,
fails,
the
the
DHCP
The administrator
DHCP service automatically
moves a copy backs
of the up
backed
the DHCP
up
service automatically
administrator
can restore
restores
only from
from the
the backup
offline
database
DHCP
database
to the to
backup
an offline
directory
storage
on location
the local drive
directorylocation
storage
on the local drive
How a DHCP Database Is Reconciled
DHCP
Database
Detailed IP
address lease
information
Registry
Summary IP
address lease
information
Compares and
reconciles
inconsistencies in
the DHCP Database
DHCP Server
Example
Registry
Client has IP address
192.168.1.34
DHCP Database
After Reconciliation
IP address 192.168.1.34
is available
Lease entry is created in
DHCP Database
Moving a DHCP Database
DHCP
Database
Backup
Media
DHCP
Database
Old DHCP
Server
New DHCP
Server
DHCP Server Configuration Options
Overview of Monitoring DHCP
Why monitor DHCP?
• To observe the dynamic DHCP environment
• To determine DHCP server performance
• To facilitate planning for current and future needs
DHCP data includes:
• DHCP statistics
• DHCP events
• DHCP performance data
Common DHCP Issues
• Address conflicts
• Failure to obtain a DHCP address
• Address obtained from incorrect scope
• DHCP database suffered data corruption or loss
• DHCP server has exhausted its IP address pool
What Are DHCP Statistics?
DHCP statistics are collected at either the server level or
scope level
DHCP Server
What Is a DHCP Audit Log File?
A DHCP audit log is a log of service-related events
Monitoring DHCP Server Performance
Performance
counters
What to look for after a
baseline is established
• Create a DHCP performance baseline
Packets
Monitor for sudden increases or decreases, which
• Check the
standard
for
received/second
could
reflect counters
network problems
server performance
Monitor for sudden increases or decreases, which
Requests/second
• Review DHCP
servernetwork
counters
for significant
could reflect
problems
changes in DHCP traffic
Monitor for both sudden and gradual increases,
Active queue
which could reflect increased load or decreased
length
server capacity
Duplicates
dropped/second
Monitor for any activity that could indicate that
more than one request is being transmitted on
behalf of clients
Securing DHCP
• Preventing an unauthorized user from obtaining a lease
• Enable and monitor Audit log
• Configure NAP
• Use 802.11x LAN switch or Wireless Access Point
• Control Physical Access as well as Wireless Access
• Restricting unauthorized DHCP servers from leasing
IP addresses
• Use only Microsoft DHCP Server in order to be authorized
by Active Directory
• Restricting DHCP administration
• DHCP Users Group: Read-only access to DHCP Console
• DHCP Administrators Group: Limit members