Configuring and

Troubleshooting DHCP
 Outline
1. Overview of the DHCP Server Role

2. Configuring DHCP Scopes

3. Configuring DHCP Options

4. Managing a DHCP Database

5. Monitoring and Troubleshooting DHCP

6. Configuring DHCP Security

 Overview of the DHCP
Server Role
• Benefits of Using DHCP

• New DHCP Features in Windows Server 2008/R2

• How DHCP Allocates IP Addresses

• How DHCP Lease Generation Works

• How DHCP Lease Renewal Works

• DHCP Server Authorization

 Benefits of
Using DHCP
DHCP reduces the complexity and amount of administrative
work by using automatic TCP/IP configuration

Manual TCP/IP Configuration Automatic TCP/IP Configuration

• IP addresses are entered • IP addresses are supplied

manually
• IP address could be
entered
incorrectly
• Communication and network
issues can result
• Frequent computer moves
increase administrative effort
automatically
• Correct configuration
information is ensured
• Client configuration is updated
automatically
• A common source of network
problems is eliminated
 New DHCP Features in
Windows Server 2008
New DHCP features include:

• Windows Server 2008 Support for DHCPv6

• Support for advanced network security

configuration using NAP

• DHCP on Server Core

These new features were added with Windows Server 2008

How DHCP Allocates
IP Addresses
DHCP Client2:
Non-DHCP Client: IP configuration
Static IP from DHCP server
configuration

Lease Renewal

Lease Generation

DHCP Server

DHCP Client1: DHCP

IP configuration Database
from DHCP server
IP Address1: Leased to DHCP Client1
IP Address2: Leased to DHCP
Client2 IP Address3: Available to be
leased
 How DHCP Lease
Generation Works
DHCP
Server2

DHCP DHCP
Server1 Client

DHCP client broadcasts a DHCPDISCOVER

1
1 packet
packet

2 DHCP
DHCP servers
servers broadcast
broadcast a
a DHCPOFFER
DHCPOFFER packet
packet
2

3 DHCP client broadcasts a DHCPREQUEST packet

3 DHCP client broadcasts a DHCPREQUEST packet

4 DHCP Server1 broadcasts a DHCPACK packet

4 DHCP Server1 broadcasts a DHCPACK packet
How DHCP Lease Renewal Works
 DHCP Server
Authorization
DHCP authorization is the process of registering the DHCP Server
service in the Active Directory domain to support DHCP clients

DIfHDCHPCSPeSrveerrv1erc1heficnkdss witisthIPthe
addodmraeisnscoonntrhoellleisrtt,othoebtsaeirnviacelist
sotfaarutsthaonrdizseudpDpHorCtPs
sDeHrCvePrsclients
Domain
Controller DHCP Server1

Authorized
Active Services DHCP
Directory
requests

DHCP Server2
DHCP Client
Unauthorized
Does not service
DIDfHDCHPCScPleeiSrvneetrrvr2e DHCP requests
cc2ehiedvco
tHto
, CthPoebStseaerrinvvea i rc1es ildtooefs
ke
e uot s
s
shsoI w
trairzP noi
teadn t
h
aDdH f
dsCd t
i
n h d e i t
s
uPprpsoeertvesDrsHsCP IPclients
DHCP Server Authentication
 Configuring DHCP
Scopes
• What Are DHCP Scopes?

• What Are Superscopes and Multicast Scopes?

• Demonstration: How To Configure DHCP Scopes

• What Is a DHCP Reservation?

• DHCP Sizing and Availability

 What Are
DHCP Scopes?
A scope is a range of IP addresses that are available
to be leased

DHCP Server

LAN A LAN B

Scope A Scope B

Scope Properties

• Network ID • Lease duration • Scope name

• Subnet mask • Network IP • Exclusion range

address range
What Are Superscopes and
Multicast Scopes?
DHCP Server

LAN A LAN B
Scope A and Scope B

DHCP Server

LAN A LAN B

Scope A Scope B
 What Is a DHCP
Reservation?
A reservation is a specific IP address, within a scope, that
is reserved permanently for lease to a specific DHCP client

Workstation 1 File and Print

Server

Subnet A Subnet B

DHCP Server
Workstation 2

IP Address1: Leased to Workstation 1

IP Address2: Leased to Workstation 2
IP Address3: Reserved for File and
Print Server
DHCP Sizing and
Availability DHCP
Clients

DHCP
Server1
192.168.0.1

DHCP
Clients
DHCP
DHCP Server1 has 80% of addresses as follows:
Server2
192.168.1.1 • Scope range: 192.168.0.2-192.168.0.254
• Excluded addresses: 192.168.0.200-192.168.0.254

DHCP Server2 has 20% of addresses as follows:

• Scope range: 192.168.0.2-192.168.0.254
• Excluded addresses: 192.168.0.2-192.168.0199
 Configuring DHCP options

• DNS Servers • Default Gateway

DHCP options are
values for common
configuration data that
applies to the server,
scopes, reservations,
• DNS Name and class options • WINS Servers
 Configuring DHCP options

• Server • Class
DHCP options
can be applied at
various levels
• Scope • Reserved client
 Configuring DHCP options

DHCP class-level
Description
option
Configured by vendors such as
Vendor-class
Microsoft, HP, and Sun

User-class Set and viewed by the user

Managing a DHCP Database
• Managing DHCP database growth

• Protecting the DHCP database

• Ensuring DHCP database consistency

• Adding clients

• Adding new network service servers

• Adding new subnets

 Managing a DHCP Database
The DHCP database is a dynamic database
that contains configuration information

• The DHCP database contains • Windows Server 2003 • The DHCP database
DHCP configuration data stores the DHCP files include:
such as: database in the • Dhcp.mdb
• Scopes %Systemroot%\
System32\Dhcp folder • Dhcp.tmp
• Address leases • J50.log and J50*.log
• Reservations • Res*.log
• J50.chk
 Managing a DHCP Database
Offline
DHCP Server
Storage
Restore

Back up
Restore

k up
Bac

DHCP
Managing a DHCP Database

DHCP Detailed IP
Database address lease
information Compares and reconciles
inconsistencies in the
Summary IP DHCP Database
Registry address lease
information
 Managing a DHCP Database

DHCP
Database

Backup
Media

DHCP
Database
Old DHCP
Server
 Monitoring and Troubleshooting DHCP
Why monitor DHCP? DHCP data includes: Common DHCP Issues:

• DHCP statistics • Address conflicts

• To observe the • Failure to obtain a DHCP
dynamic DHCP • DHCP events
address
environment • DHCP performance data • Address obtained from
• To determine DHCP incorrect scope
server performance • DHCP database suffered
• To facilitate planning data corruption or loss
for current and future • DHCP server has
needs exhausted its IP address
pool
Monitoring and Troubleshooting DHCP
 Monitoring and Troubleshooting DHCP
Performance What to look for after abaseline is
• Create a DHCP counters established
performance baseline Packets Monitor for sudden increases or decreases, which
• Check the standard received/second could reflect network problems
counters for server
performance Requests/second Monitor for sudden increases or decreases, which
could reflect network problems
• Review DHCP
server counters for Active queue Monitor for sudden and gradual increases, which
length could reflect increased load or decreased server
significant changes in
capacity
DHCP traffic
Duplicates Monitor for any activity that could indicate that
dropped/second more than one request is being transmitted on
behalf of clients
Configuring DHCP Security
To prevent an unauthorized user from obtaining a
lease:

• Ensure that unauthorized persons do not have

physical or wireless access to your network
• Enable audit logging for every DHCP server on
your network
• Regularly check and monitor audit log files
• Use 802.1X-enabled LAN switches or wireless
access points to access the network
• Configure NAP to validate users and security
policy compliance
 Configuring DHCP Security
To restrict who can administer the DHCP
To eliminate an unauthorized DHCP
server, you must locate and disable it service:
from communicating on the network • Limit the members of the DHCP
either physically or by disabling the DHCP Administrators group
service • Add users needing read-
only access to the DHCP
Users group

Account Permissions
Can view and modify any data about the
DHCP Administrators group
DHCP server
Has read-only DHCP console access to
DHCP Users group
the server