Course Transcript

Server 2016: IPv4 and IPv6 Address

Management
Implement IPv4 and IPv6 Addressing
1. Course Introduction

2. Configuring an IPv4 Host

3. IPv4 Address Ranges

4. IPv6 Address Configuration

5. IPv6 Address Ranges

6. Implement IPv6 Options: Stateful vs Stateless

7. IPv4 to IPv6 Transition Technologies

8. Border Gateway Protocol (BGP)

9. Configuring Windows 2016 Routing

Overview of the DHCP Server Role

1. Install the DHCP Server Role

2. Authorize a DHCP Server

3. DHCP Scopes

4. DHCP Superscopes

5. DHCP Multicast Scopes

6. DHCP Reservations and Exclusions

7. DHCP Options

8. DHCP Lease Period

9. DHCP and DNS Integration

Practice: Configure DHCP

1. Exercise: Correctly Configure Basic DHCP
Course Introduction
Learning Objective
After completing this topic, you should be able to
◾ start the course

1.
[Course title: Server 2016: IPv4 and IPv6 Address Management.] Hi, I'm Jacob Moran. And, in
this course, I'm going to cover both IPv4 and IPv6 as well as DHCP deployments with
Windows Server 2016 for automated IP address assignment.
Configuring an IPv4 Host
Learning Objective
After completing this topic, you should be able to
◾ configure IPv4 addresses and options

1.
[Topic title: Configuring an IPv4 Host. The presenter is Jacob Moran.] Hey gang, we're going to
take a look at the process of setting up your IP configuration, IPv4, in Windows Server 2016.
Now, I like starting off with the network interface icon down here at the bottom. I give it a right-
click and we can go to Open Network and Sharing Center. [The shortcut menu displays two
options, Troubleshoot problems and Open Network and Sharing Center.] Of course, we can go
there by other mechanisms as well, it's just a control panel. [The network and Sharing Center
window opens. The first section of the window displays subsections such as Control Panel
Home, Change adapter settings, and Change advanced sharing settings. The View your basic
network information and set up connections section is displayed in the second section.] And
we can see our current adapters, we can go to Change adapter settings. [The Network
Connections window opens.] We can see our various different functioning adapters, I've got
one right here, Storage Network. [The Storage Network Status dialog box opens.] Let's say we
wanted to look at the properties there, we can go into the Properties of the properties. [He
clicks the Properties button.] And that takes us to our list of protocols, which use IP Version 4.
Open up Properties there, [The Internet Protocol Version 4 (TCP/IPv4) Properties dialog box
opens.] and here we see a static configuration. [The IP address is 172.16.0.205. The Subnet
mask is 255.255.255.255.] So you can see, it's easy enough to put in the IP configurations that
you'd like. Just type them in according to appropriate values. Let's say I set that to
172.16.0.206. [The IP address.] 255.255.255.0. [The subnet mask.]

And then, if we got a gateway to get out, [He changes the Default gateway to 172.16.0.1.] we
can identify that. And of course the DNS server, which may or may not be in the same subnet.
[He edits the Preferred DNS server to 192.168.5.254.] That's not a requirement by any means.
[He clicks the OK button.] Again, this is reminding me, [The Microsoft TCP/IP warning error
message box opens.] because I have multiple interfaces, that multiple default gateways are
actually not a good idea. That tends to confuse servers. So, you don't need that [He deletes
the values for Default gateway.] if you have a goal of identifying one best path, to leave
anything that's other than a local subnet. So we can close that up, and then we can check out
our properties via PowerShell as well. [He opens the Windows PowerShell ISE.] So here in
PowerShell, of course we've got the ability to run things like ipconfig, and we can see our
current configuration. But let's take a look at our cmdlets that are available to help us out here.
Get-NetAdapter will show us that network adapters and their interface index. That's going to be
an important property to remember, as well as MAC addresses and their identifiers. Set-
NetAdapter can change some of those properties.

Get-NetIPInterface actually gives us the quick rundown on the, again, indexes, the IP address
families that are here, and IP related properties. Are they using DHCP or not? Are they
connected or not? What's their maximum transmission unit? If you really want to get down to
the IP addresses, that's Get-NetIPAddresses. And here we see each IP, so there's interface 7
has 172.16.0.206 on it. Let's say you want to change some of those properties. Set-
NetIPInterface reference the interface number, and then DHCP enabled for example, will set
that to a DHCP enabled interface. If we do an ipconfig, you'll notice, though, that nothing is
currently set. So that changes the configuration, but it does not immediately call for a change
of function, [He executes the command ipconfig /renew.] to tell it to actually go get an IP
address. So ipconfig renew for example, will do that. Again, let's take a look though.

If you want to go the other route and go static, New-NetIPAddress over on a particular
InterfaceIndex AddressFamily, reference IPV4, and then we can set an IP address. [He
highlights the command: New-NetIPAddress -InterfaceIndex 7 -AddressFamily IPv4 -
IPAddress 172.16.0.205.] Okay, well that seems pretty good. And you can see, there we go,
now I've got 172.16.0.205 assigned here. But, I want you to notice something here, and it
might not be obvious from [He executes ipconfig.] what we just presented there. But if you
don't identify a subnet mask, it gives you a default subnet mask of all 255's, which is not
available. So if you ever need to change the properties of an address, you use Set-
NetIPAddress. You can't use this to actually define a new IP address. In this case, the switch -
AddressFamily IPv4 identifies our scope of properties. -IPAddress is used to find a particular
IP address that you want to change the properties of. And then we're going to change, in this
case, the prefix length, which is how we define a subnet mask, is by the number of bits in it. So
we can do that, and if we do, for example, down here, an ipconfig one more time, we can see
the updated properties, there we go, triple 255. Or, of course, if we do Get-NetIPAddress, [He
clicks the Run Selection button.] once again we'll see right there, /24 is the prefix length, which
is the equivalent of a subnet mask.
IPv4 Address Ranges
Learning Objective
After completing this topic, you should be able to
◾ understand IPv4 addresses and subnets

1.
[Topic title: IPv4 Address Ranges. The presenter is Jacob Moran.] Networking your Windows
Server 2016 box requires a good understanding of IP addressing and, specifically, subnetting.
It's what we're going to look at right now. So every box, every tablet, every server needs an IP
address, why? [A diagram displays three PCs connected to each other and a server. The IP
address displayed is 172.16.0.0/16.] Well, we need to have an endpoint, a way to reach it in
order to send it a message. So that that device knows, it's a message for me. Now you may be
thinking, but wait, doesn't everything already have a MAC address because of its network card
over Ethernet? It's true they do, but I need a way to reach it a device based upon where it is
right now. A MAC address is like a Social Security number. It uniquely identifies each device,
but it doesn't tell you where it is. Whereas, IP addresses are like street addresses. They give
you a very specific context that is routable. And just like mail can be delivered through the
postal system, routed through the postal system to reach you, network packets can be routed
through physical routers to reach you in an IPv4 system. So this means that we don't have to
purchase one big network to cover everything.

We can have individual subnets and within a subnet we can isolate broadcasts and multicasts.
We can set up quality of service. We can set up access control lists to limit who can talk to
whom over the network, it's great stuff. So subnetting's very practical and is going to be the
way that we organize our networks with laptops and servers and different departments,
different regions being able to talk to each other and all the reasons that we set up security.
Now our IP addresses are based upon, originally, a classful system. And the classful system
indicates how much of an IP address by default is going to be associated with the network. In
other words, when we look at a 4-byte IP address, how many of those bytes are associated
with the network and how many are associated with the host? [A table displaying the IPv4
classes and ranges is displayed. The table includes four columns. The first column displays
the ranges as 1 to 126, 128 to 191, 192 to 223, 224 to 239, and 240 to 254. The remaining
three columns display either the Host or the network.] With a Class A address, recognizable
because the first number in the address is between 1 and 126, only the first portion refers to
the network. The last three are all used to talk about a specific host. With a Class B address,
it's half and half. If it begins with a number between 128 and 191, the first half of the IP
address is the network, the last half is the host.

With a Class C, the first three bytes are in fact fixed. They're associated with the network, so if
it begins with 192 through 223, that is the case, only the last block belongs to the host. Now
Class D and E are very different. Now Class D addresses, recognizable from 224 to 239, are
assigned in addition to an A, B, or C address that a client might have in order to support
multicasting. So in other words, you might have three devices. They might all have their own IP
address, 192.168.1.1, 1.2, and 1.3. But then they also share, temporarily, a multicast address
like 230.1.4.1. And they do that so that they can all receive a same message, a one-to-many
message that might be sent out to perform imaging or video streaming or something like that.
The Class E range is experimental and you'll never see it in use. Now we talk about these and
we say, okay, a certain portion of the IP address refers to the network or to the host. What
we're talking about is, in fact, the subnet mask.

And whenever you do an ipconfig, don't you always see a subnet mask underneath it? In a
subnet mask, you have a binary reference where for each octet or byte, the number of binary
1s are used to flag the network portion. [Three classes, Class A, Class B, and Class C are
displayed. The three addresses are: 255.0.0.0 or/8, 255.255.0.0 or/16, and 255.255.255.0
or/24.] Notice, as we look at these, the portion that is 255, with a classful subnet mask, is used
to indicate everything in an IP address, relative to that 255 is the network. So if I had an
address like 10.1.4.60, which is a Class A address, then when we apply that subnet mask,
what we get is 10, because that portion is the network portion. And everything above the 0s
gets zeroed out, 10.0.0.0 is the network ID. And by the way, a network ID can never be
assigned to a host, neither can the broadcast ID, which is the last IP address in any range. So
we've got these default classes, like I said, these reference binary values.

And so 255 really means that there are 8 binary 1s in the subnet mask. Or if you look at an IP
address, it means pay attention to the first 8 bits in order to know what network you're on. And
so, that would give us the decimal value of 10. With a Class B, pay attention to the first 16 bits.
With a Class C, pay attention to the first 24 bits. But subnet masks, or the prefix notation, can
adjust. We can borrow bits in order to create a different subnet mask, which means that we
can actually partition our networks. We could start off with an A, B, or C network, but then we
could divide it into smaller networks. And so, notice [A chart displaying different subnet masks
for the three types of classes is displayed.] that we have all these different values. Because a
subnet mask is always contiguous 1s followed by contiguous 0s, the translation to decimal
results in values that are very consistent. We see 0, 128, 192, right? 224, 240, 248, 252, 254,
255. And then, we move over an octet and there are the numbers again, right? 0, 128, 192,
224, 240, 248, 252, 254. So those are the only values you ever need to memorize with regard
to subnet masks. So when you think about an IP address, remember that what we're going to
see is a network portion and a host portion, right? With a dividing line between them. But that
network portion may consist of two pieces. The original fixed network value that you got
because of your original assignment.

And then the subnet value, what you have borrowed from the host bit in order to create
subnets, in order to create partitions within that network. Everybody on the same side of a
router needs to have the same network or subnet ID. So the left-hand portion must be the
same. And everyone on the left side, by the way, or right here at the top and bottom, [A
diagram displaying a set of devices connected to each other on the either side of a router is
displayed. For the first set of devices, the IP addresses are: 172.16.2.200, 172.16.2.2, and
172.16.2.160. The IP addresses of the second set of devices are: 172.16.3.100, 172.16.3.5,
and 172.16.3.150.] everyone here can communicate directly. They don't need any routing.
They can just talk directly to each other through the switches. However, any time we cross,
when my network ID doesn't match your network ID, then I have to ask for my default gateway,
which you must have programmed in in order to reach, and then that default gateway will route
that to the remote destination. [The router.] And a default gateway, by the way, has to have an
IP address in every subnet that it is directly connected to. So this process means that we can
take one network, [A diagram displays the original IP addresses as 192.168.0.0/24 and
192.168.0.0/27. The subnet masks are: 255.255.255.0 and 255.255.255.224.] here's a Class C
network where we have borrowed three bits moving from /24 to /27. And that has generated
eight subnets that all are going to use a new subnet mask 255.255.255.224. And so, instead of
one grouping of 254 addresses, we now have eight groupings that each have 32 addresses
each. So let's look at this process of subnetting.

We're going to borrow bits. And borrowing bits means that we are going to reassign host bits
as network bits that then can be used to partition. And like a partitioned wall, they're much
more flexible than the actual foundation walls that you have. So let's look at the example,
gang. If you've got 172.16.0.0, that's a Class B address. Class B means /16, the first two
octets are network, the last two octets are host. If we borrow 4 bits, that'll move us to a /20,
right? So 4 borrowed bits is /20, the current subnet mask minus the classful original subnet
mask. Now, why is that important? Glad you asked. 4 borrowed bits is going to be what we use
to calculate the number of subnets. So because we borrowed 4 bits, each one of those bits
has 2 possibilities. So 2 raised to the 4th power is 16 subnets. That's how many actual
partitions or networks we've created, if we borrow 4 bits. Now that would be true, gang, if we
went from an A /8 and moved to /12, that's borrowing 4 bits, right? That would be 16 subnets. If
we go from 16 to 20, that is 4 bits, 16 subnets. If we go from /24 to /28, right? With a Class C
example, yes, that's going to be 16 subnets, so that doesn't change.

But something's going to be different, right? [A diagram displays the Hosts per Network for
each class of networks.] And that's because if we move from an A or a B or a C and borrow 4
bits, what we're going to change is the number of hosts that are available per network. Hosts
are based on the 0s that are left over in a subnet mask. So you can think of your prefix
notation, if you've got for example /20, if you subtract that /20 from 32, the total number of bits
you have in a subnet mask, then what you're left with as a remainder is a value that can be
used to calculate the number of hosts per network. It works like this. 2 to the h where h is the
number of host bits, or 0s in the subnet mask, minus 2. So for example, 2 to the 12th, would be
4096 minus 2, 4094 hosts. And that's what we see right here in this little table. If for example
though, I had taken 24 and borrowed 4 bits in order to get to 28, well, 32 minus 28 is only 4, 2
to the 4th power is 16 minus 2 is 14 hosts. So, because we start off with a smaller network and
we borrow bits, we have fewer leftover. So, gang, that is the process that we use. Everything
has to have an IP address and we can subnet in order to create more efficient spaces in our
network.
IPv6 Address Configuration
Learning Objective
After completing this topic, you should be able to
◾ determine and configure appropriate IPv6 addresses

1.
[Topic title: IPv6 Address Configuration. The presenter is Jacob Moran.] Networking Server
2016 in the modern age means understanding IP version 6 addresses, as well as IP version 4.
So let's take a look. IP version 6 is still just a binary number that represents a unique host on a
particular network. And what really makes it different? Well, there's a lot of things under the
hood, but first and foremost, an IPv4 version address is only 32 bits long. [An IPv4 address
192.168.100.50 is displayed. The Network portion is 192.168.100 and the Host portion is 50.]
And as such, that represents 4.3 billion addresses, which means that it was able to support
more than the population of the Earth at its inception. With the population of the Earth currently
being over 7 billion, it really didn't keep up with the times, did it? [The IPv6 is displayed as
A524:72D3:2C80:DD02:0029:EC7A:002B:EA73. The Network portion is
A524:72D3:2C80:DD02 and the host portion is: 0029:EC7A:002B:EA73.] So IP version 6 is
based upon 128 bits for its addressing scheme. As such, that means it has the potential for
340 undecillion. That's trillion, trillion, trillion addresses. That's a lot of addresses. And because
of that, we see it has a different format. It's referenced in hexadecimal, rather than decimal,
and has some different properties for how it works. But overall, the same core purpose. So,
let's look at it. [The IPv6 is displayed in the binary format.] IP version 6 is based upon eight
groups or chunks of four hexadecimal digits that are colon separated. So we see A524:72D3:,
and of course, underneath it all it's based upon still ones and zeros. And each host must have
a unique collection of 128 bits that identify that particular host.

So, with that in place, keep in mind that the actual creation was based upon this specification,
the first half is the network. The last half is the interface identifier, the device ID, what needs to
be unique to the host. So, instead of worrying about all sorts of different subnet mass and
things like that, the last half is always the host portion. The first half is always the network. The
network portion must match for local traffic. If it's different, then we will route, just like in IP
version 4. That hasn't changed. So, we can think of it as this, /64 is really the way that we're
going to network, right? That's our prefix that we think of. But notice that, actually, the first
three chunks of an IPv6 are associated with a network. And then the fourth chunk is actually
predefined for subnetting. So that has already been pre-allocated. So that when you purchase
from a particular Internet service provider, your network prefix that you're going to use for your
company. You already have a portion designated for subnets, so you're never borrowing from
the device ID range like you do in IPv4. It's always working in this predefined range that has
been set aside for that exact purpose.

So there are no need for subnet masks. Like I said, you acquire a 48 bit public IPv6 address.
And then you have that subnet ID to divide into 65,536 subnets as necessary. And every host
is going to get a unique device identifier at the end of that. Because these are so long in
referencing, right? Based on hexadecimal, there's some shorthand annotation that is used. In
many situations, like for example this subnet portion right here, it defaults to all zeros. So any
time you have all zeros in a chunk, you can shorten that and simplify it to a single zero. In fact,
any time there's even just leading zeros, like this one right here inside of an IPv6 address. You
can shorten it by removing that leading zero. Three leading zeros, we can just remove all of
those, not trailing zeros, but leading zeros, right? So, that's one way to simplify. We can also
remove inline zeros by using the double colon substitution, sound like a painful operation,
right? A double colon substitution is referenced right here, where I have two contiguous chunks
of all zeros. And I can replace them with the double colon, where mathematically, the system
will recognize. Okay, so I've got one, two, three, four, five, six chunks that have been spelled
out for me.

Therefore, this double colon must represent two inline chunks that have been replaced by the
double colon itself, right? And it is only used to replace all zeros. So we can use that as a
shorthand, and it works very well. But you can only use it once. Imagine if we use double colon
substitution twice for, get rid of all of this. If we use that double colon here and here, as you
see in this case here. Well then it would be very difficult for it to know, since there's one, two,
three, four, five explicitly defined chunks. Well then, what is this chunk? Is this 1 and that's 2?
Or is this 1 and that 2? Right, there's no way to know, you have two variables in the equation.
So, the double colon substitution is allowed only once. But we can use both double colon
substitution and drop the leading zeros as we see here. So this is the most compressed way to
express the IP address up at the top. 2031, drop the leading 0, so we're left just one 0 in this
junk, 130F:: substitution for the two contiguous all zero chunks. Drop the leading zero, so it's
9C0. Drop the leading zeros, just an A:130B, that is very efficient.

[A diagram displaying Unicast, Multicast, and Anycast addresses is displayed.] When we think
about our IPv6 addresses, we actually have several different address types. Just like we had
based upon the communication process in IP version 4. We have unicast from one explicitly
defined unicast address to another. Just like with IPv4, we have a range of addresses that are
set aside for multi-casting. And that allows multiple devices to share a common address in
order to have a single message go out from a particular source once. But then be received
multiple times, but not by everyone. Now you might be thinking I know what the third one is.
The third one is used for broadcasting, right? Nope, there's no broadcast in IPv6. But there is
something that was available in IPv4, but really only capitalized on in IPv6, and that's the
anycast. The anycast is a way to actually have a way to connect to the closest interface
associated with multiple interfaces that are associated with the device. So this is a one to
nearest communication path, and it's used in some routing constructs.

How does a device get its IPv6 address? Well, like IPv4, you can type it in into the properties.
Or you can actually allow it to receive it dynamically through a random generation process or
EUI-64. So EUI-64 converts the MAC address and stretches the 48-bit MAC address into a 64-
bit device identifier. Microsoft started off using EUI-64, like Cisco and others. But then moved
to a random generator in an effort to be more secure when using the dynamic process.
Manually, you can type in whatever you'd like. Let's take a look at that process of configuring
an IPv6 identifier. [He opens the Network and Sharing Center window.] So here we are looking
at Server 2016 in the Network and Sharing Center here. Going to open up this interface for
Storage Network and head to the Properties. And here in the properties of the adapter, we're
going to head to IP Internet protocol version 6 and bring up its properties. We can see right
now it's set to get an IPv6 address automatically. And IPv6 actually gets that through its router
and or through DHCP, but we can customize and say we'd like to have a manual IPv6 address.
And let me go ahead and enter one in here. So here's an address, 2001:db8::205.

So we could expand that out, right? That would be the full IPv6 address. [He edits the address
to 2001:db8:0000:0000:0000:0000:0000:205.] We could also add some leading zeros if we
really wanted to just express every single bit, and that would be fine. But again, that double
colon substitution certainly makes that much easier when we just reference it like this. [He
changes the address to 2001:db8::205.] So again, that means that I am on the network
2001:db8:0000; on the subnet 0000. And that my device identifier is all zeros, following with
the 205. This kind of configuration is very normal when we are referencing the idea of IPv6
addresses that we're configuring often to match the values that we already have in IPv4. So
my IP address in IPv4 is 172.16.0.205. So I've done something similar here for IPv6 to make it
easy to remember. Your default gateway will need to be identified as well, and your router
typically will also have a static IP address. And may well be something like the value of one,
[He enters 2001:db8::1 as the Default gateway.] that'll be used to get out. That kind of
configuration works just great. Let's just hop over here to the command line [He opens the
command prompt.] and do a little ipconfig. And there we can see a static address,
[2001:db8::205.] and our default gateway, [2001:db8::1.] here for IPv6. And the link local
address that we see right here is a built-in address. [fe80::351c:1072:f0c4:cc40%14.] And this
would be an example where here's the network prefix, fe80, automatically used for link local
addresses for default communication. And then here's my randomly generated device
identifier. The %14 just represents which interface it's associated with. So gang, hopefully this
gives you a better understanding of IPv6 configuration.
IPv6 Address Ranges
Learning Objective
After completing this topic, you should be able to
◾ understand IPv6 addresses and subnets

1.
[Topic title: IPv6 Address Ranges. The presenter is Jacob Moran.] IPv6, like IPv4, has many
different types of addresses. And I just want you to get a good, solid understanding so you
understand exactly how these different IP addresses fit. Even simply starting off here with
unicast addresses, the simple address assigned to a host. You actually have multiple types of
unicast addresses available to us. So we see the global address, still used for one-to-one, this
is specifically one-to-one that is scalable to the entire Internet. This is what you acquire from
your ISP, or indirectly from IANA, the Internet Assigned Numbers Authority, and they let you
communicate with everything. You're going to assign these to nearly everything in your
network because there is no network address translation with IPv6. So everything that's going
to access the Internet will need a global address. We also have link-local addresses. These
are automatically assigned without any DHCP or router specification or manual configuration.
These link-local addresses are used only locally, and they are simply used to communicate on
the local subnet, usually for things like discovering your router or discovering DHCP. You also
can have unique local IPv6 addresses which are like private IP addresses. They're not coming
from an Internet authority, but they are not able to be routed out to the Internet. So simply for
local communication.

The all-zeros address in IPv4 and IPv6 is a way to say unspecified, to I don't know what the
network or what the IP address is. For example, when used in the DHCP process. And like
127.0.0.1, the loop back address of IPv4, the address simply, 1, in IPv6 is used to validate that
the local IPv6 stack is functioning correctly. So again, global addresses used for Internet
routability, and you can recognize them because they will begin with 2000::/3. Again, specified
according to RFC 4291. And these are maintained, like I said, by IANA, [A diagram displaying
the Allocates prefix is displayed.] which then delegates them to a regional registry for North
America or Asia, which then delegates them to ISPs which is usually where you'll purchase
your global address from. So actually, it's based upon the first 12 bits are assigned to a registry
such as North America. The registry then gives a 32 bit prefix to an ISP. The ISP will then have
a particular prefix that they can break down and an order to hand out to customers. Again,
remember, 48 to 64 is the subnet range the prefix. So a particular customer could purchase a
48 and have 65,536 subnets they could divide their network into internally. Or they could
purchase a /64 which would mean they had no subnets left with which to divide out their
network.

They have only one single network to work with. So that's what gets handed out by the ISP. So
again, it's that process of divide and divide and divide and divide. All right, so like subnetting,
but really designed to make this so that routing is very efficient with IPv6, working its way back
up through the IPv6 address space. Again, when we look at any particular IPv6 address, it still
breaks down to the left half is the network, the right half is the host. But again, how much of
that left half as an administrator can I configure, depends on what I've purchased and how
much of that Subnet ID portion has already been used up. The link-local addresses, we said,
are used for local communication only. Again, you'll recognize those because they begin with
FE80::/10. First ten bits are used to identify, hey, here's a link-local address. They are not
routable. They are only used, actually, to discover routers or DHCP servers, or other local
services on a subnet. There's something called link-local multi-cast name resolution which is
used instead of DNS to turn names into IPv6 addresses. That is based upon link-local
addresses. So they're automatically generated, you don't have to worry about them. Don't be
surprised when you see them, but don't expect them to serve any purpose, such as routing,
because they don't. RFC 4291 provides their specification.

Unique local addresses, there's actually a range dedicated for them. Its FD00 would be an
example, or FC00, depending on whether they are globally or locally managed. And again,
they are not routable. They are designed to only be used within the bounds of your company.
But essentially, you can come up with your own unique global ID. You can have your subnet
ID, and then your host can still be specified according to either DHCP, manual configuration or
a network router-defined specification. 4193 is the RFC for that. Then we have multicast
addresses. Remember, multicast addresses are one to many, and so there's a prefix for those
as well. We see that if we want to do video streaming or routing protocols or imaging, that we
can use the prefix of FF00::/8. So that's how you recognize a multicasted address, FF00. Like
we said, there is no broadcast, no broadcast communications.

So things like DHCP, and IPV version 4, which begins with a discovery broadcast, has actually
been replaced in DHCP version 6, with the equivalent of a discovery multicast. So DHCP
servers know to listen at a predefined, service specific multicast address that will be used to
allow clients to discover the DHCP server in the network. So we see here, the different
references here for some different multicast addresses. In other words, certain services are
used. So we can reference all nodes, all routers, all RIP-specific routers, a solicited node,
network time protocol servers, and there at the bottom we see DHCP servers. So again, just
showing this idea that there are different pre-defined multicast ranges that serve a purpose.
And we are going to see a lot more multicasting because there is no broadcasting with IPv6.
All right, so that's the breakdown on IPv6 addresses in the unicast and multicast space.
Implement IPv6 Options: Stateful vs Stateless
Learning Objective
After completing this topic, you should be able to
◾ understand IPv6 stateless/stateful addressing options

1.
[Topic title: Implement IPv6 Options: Stateful vs Stateless. The presenter is Jacob Moran.] One
of the very interesting things about IPv6 is something called stateless address allocation. It's
autoconfiguration, like DHCP, or like, in some ways like Link-local autoconfiguration. But it's
different because with stateless IPv6 address allocation I can get a valid global Internet
routable address without ever getting plugged into a DHCP database. There's no database
that handed out a particular IP address. I self-generated an IP address, but it was valid. And I
have all of the information I need for working on my network. Wow, that sounds pretty cool,
right? So it uses something called neighbor discovery to track down a router, which will tell me
about my network. And then, I'm configured, I'm ready to go. And it's very plug-and-play, no
DHCP servers needed at all. So if I'm self-assigned with, maybe, I already know an Internet
DNS server for example, and I now have a global Internet address and I know where my router
is, I'm generally ready to rock and roll. I don't really need anything else. So very scalable, no
database processing needed, enables me to quickly get up and running with IPv6. It was
definitely designed to support modern global datacenter networks. The neighbor discovery
works like this. The client asks, is there a router in the house? It's called a router solicitation.
It's an ICMP message, and the source is double colon.

I don't have an IPv6 address yet, right? The destination is FF02::2, which is the router
solicitation multicast endpoint, and the data says send me a router advertisement. So the
router gets that and says that's what I do, I am an IPv6 router. So it sends out a message from
its Link-local Address, remember that's, for example, FE80:: and then its unique device ID. Its
destination is FF02::1 which honestly, gang, looks a lot like a broadcast. It's to all nodes in the
subnet. That's a multicast address intended for everyone on the subnet. The data includes its
own information, and it includes Options, Prefix, Lifetime, and the Autoconfiguration Flag. From
that information the client is able to learn, the network that we're on is, let's say, 2001:db8::,
because that information is in the router advertisement. From that information, I can now start
with that as my prefix and then come up with a unique device ID suffix. I can self-generate a
unique suffix either using a random determination, or a process called EUI64, which converts a
48-bit Mac address into a 64-bit device ID.

[A diagram showing the flow between a Client and a Server is displayed.] So this
autoconfiguration includes a reference, let me point it out actually once more, to the
Autoconfiguration Flag, right there. That Autoconfiguration Flag tells me whether or not I
should use DHCP. So during this process, we get the routing advertisement, we determine if
DHCP can be used. Now you might be thinking, wait, I thought the whole thing was I didn't
need to use DHCP. Well, what if you use DHCP, but you didn't use any scope properties, you
just used server properties. If I have a DHCP server with server properties and the router has
told me to go ask for those server properties, what could I learn? I could learn about DNS
servers, my domain suffix, network time services, PXE configuration, whatever configuration I
would like to make available, I could provide through DHCP because the client is able to reach
it. It already has an IPv6 address. It already has the IPv6 default gateway. So everything else
of material information for IPv6 could be provided through the DHCP process. So DHCP goes
through a four-step process.

We solicit DHCP, the server advertises back to us, we request information now that we know I
have a DHCP server local, and it's available and it's running, and then it replies with the
information necessary. So this process ends up giving the client the rest of anything it might
need, and, again, like I said, we don't have to have DHCPv6 in a stateless configuration. We
could also have it as we see it here in a stateful configuration. In other words, I could be
configured not to use routing advertisements but to specifically go through the DHCP process
and get an IP address.

And once again, my MAC address will be tied to an IPv6 address that is registered in the
server database. So DHCPv6 can work essentially just like it does with scopes that are
associated with a particular range. Or DHCPv6 could work in a stateless configuration, where
server options are used to supplement stateless configuration that is learned by router
advertisements obtained by soliciting those from the client. So those are kind of the different
options for getting an IPv6 address automatically. Stateless configuration, router, or router and
stateless DHCP, or stateful, just like we do in IPv4, where we get a particular IP address and
all the supplementary information such as your default gateway and other services directly
from the DHCP server.
IPv4 to IPv6 Transition Technologies
Learning Objective
After completing this topic, you should be able to
◾ configure IPv4 and IPv6 interoperability using ISATAP, 6to4, and Teredo transition
technologies

1.
[Topic title: IPv4 to IPv6 Transition Technologies. The presenter is Jacob Moran.] Working with
IPv4 and IPv6 usually is going to involve some sort of transition time where you're running
some IPv4 and some IPv6. And that's a real challenge, because we need to ensure end-to-end
connectivity for all of our devices, but we may end up with certain IPv6 only networks that need
to be able to communicate through an IPv4 medium. We have devices that are dual stacked
that support both protocols at the IP layer, and we need to make sure that both sets of
information can be addressed and routed appropriately. And when we have a large contingent
of IPv4 based networks out there, but then we move to IPv6 to support better addressing and a
lot of the new support that IPv6 brings us. Again, we've got to have this transition technology in
order to get us there. So, we're thinking about IPv4 networks, the IPv6 networks and the fact
that we're going to have some dual stacked environments that can be used in order to enable
connections between the IPv4 and IPv6 networks, okay? So, we've got to have things that can
play on both teams, essentially, in order to be able to enable the hand-off between our different
environments. Let's think about some of our core protocols. The first protocol we're going to
look at is ISATAP. [A diagram displaying an ISATAP router connecting an IPv6 capable
network and an IPv4 Intranet is displayed.] All right, so an ISATAP involves the use of what's
called an ISATAP router for intra-site automatic tunnel addressing.

And that ISATAP router is actually discovered through DNS, the ISATAP host is actually going
to over here, let's say we have a host over here and it's a dual stacked, it supports v4 and v6,
but it's in an IPv4 Intranet. What it can do is actually make a DNS query. And that DNS query
can be used to discover the ISATAP router. The ISATAP router then can be used, and what
will happen is the client will build their IPv6 packet intended for a destination host over here in
the IPv6 native network. It'll wrap it in an IPv4 header and forward that to specifically the
ISATAP router. Again, possibly there could be other routers in between. But it will eventually
get to the ISATAP router whose job it is to decapsulate that message revealing the IPv6
message that was encapsulated inside of the IPv4 header, and then forward it the rest of the
way into the IPv6 capable network. So, this may remind you a little bit of something like
network address translation or a VPN encapsulation, and certainly there are some things in
common. It has probably the most in common really with a VPN connection in the way that it
performs its encapsulation. So, it's IPv6 communication available over this IPv4 network that
you see on the right side.

The host communicates using IPv6 but immediately encapsulates it with IPv4, and then the
ISATAP router de-encapsulates it. Again, think of it in terms of a public and private address
format, where the information is hidden with that private format. So, in terms of configuration,
there's a couple of ways that we can set this. Like we said, we can actually use DNS, and
there's a search process that'll be used to search for the ISATAP router. We can also manually
configure this with NetShell with a Set-NetIsatapConfiguration PowerShell cmdlet. Or Group
Policy can be used to identify the IPv4 address of the ISATAP router that can then forward our
ISATAP messages. Okay, so that'll allow us to configure our tunnel endpoint. And if we have a
client that natively supports ISATAP, then whenever we try and address any IPv6 message,
then it will automatically be delivered through the ISATAP process. So again, the client
essentially is going to have a private address that is used just between it and the ISATAP
router which then is forwarded on. [A diagram displays two IPv6 networks on two sides of a
network, connected to each other through an IPv4 network and two 6to4 routers. The IP
addresses of the two routers are 192.0.2.1/24 and 192.51.100.2/24.] Now, let's look at another
protocol, 6to4 tunneling. The idea of 6to4 tunneling we can see here is used so that we can
have a whole IPv6 network connecting to another IPv6 network. And so, I've got all sorts of
simply native IPv6 clients, they've been addressed as they normally would be. And again, we
can see here that these are in different subnets, [He points to the two Network Prefixes:
2002:c0a8:6301::/48 and 2002:c0a8:1e01::/48.] okay, or actually in this case, just different
networks.

We've got different networks purchased here, but they're going to communicate to each other
through an IPv4 connection. Maybe this is a wide area network connection that is still based on
IPv4 for consistency to various different branch offices, for example. But the point being, we
need our IPv6 packet to go from a host on one side, potentially to a server on the other. [He
draws a host and a server at the two ends of the network.] But they don't have IPv6 routing
end to end, there's at least some routing that is going to be done in some delivery mechanism
that's going to be done here through an IPv4 network. So, the message is delivered to 6to4
router, and the 6to4 router, like demand dial routing, essentially knows that in order to reach
this particular network [2002:c0a8:1e01::/48.] prefix that it must encapsulate the IPv6 message
in an IPv4 header. And specifically send it to this destination router. So, it has an end
destination of IPv4 in mind. To get to that end destination, it may end up having to go through
multiple IPv4 routers. That's fine. It gets to that final destination, which de-encapsulates the
four, IPv4 base message and then forwards on the original IPv6 message coming from the
client in its original network. So this is network to network tunneling rather than a client to
network tunneling that we saw with ISATAP.

So, it requires these 6to4 boundary routers for the IPv6 networks, and these routers are dual-
stacked, right? They're IPv6 on one side, IPv4 on the other. It does require public IPv4
addresses on the 6to4 routers. This does not work with network address translation. But, we
will be able to, throughout typically our intranet, be able to provide this mechanism. Or, if we
have boundary routers that are specifically on the Internet that already have public addresses,
then 6to4 tunneling can work in that case. But it does not support network address translation.
Then we have Teredo. And Teredo is built into the Windows host environment, and it's similar
to a 6to4 basis, but it supports network address translation. That is key to how it's going to
function. And so, it's going to let our hosts that our running inside of an IPv4 environment
behind network address translation to be able to access IPv resources on the Internet
whenever they make that request for an IPv6 address. Now, let's look at the picture of how this
works. [A diagram displays a Teredo client, a Teredo server, and a IPv6 host server connected
to each other through two IPv4 networks, one IPv6 network and a Teredo relay router.
Between the two IPv4 networks is the IPv4 NAT.] So, we start off down here with the Teredo
client. The Teredo client's in and IPv4 network, but it needs to be able to communicate with an
IPv6 host that's on the Internet. So, the Teredo client does not have to be configured with a
LAN IPv6 address, but it has a Teredo adapter, a virtual adapter that we'll see. And whenever
we attempt to reach an IPv6 address, it will do a default lookup for a Teredo server, and there's
actually Internet Teredo servers supported by Microsoft or you can build your own within your
infrastructure.

And those Teredo servers are then going to forward that message to a Teredo relay, which will
then convert our IPv4 packet and deliver it into the IPv6 Internet. So the relay really is the
router that is performing the de-encapsulation to allow an IPv6 message to be delivered across
this IPv4 intranet, even with network address translation in place. So, it's very cool in the way
that it supports that. Like I said, and Microsoft is already hosting Teredo servers to make that
easier for you. Again, those Teredo servers providing the pointers to find the correct Teredo
relay that will enable us to bridge from the IPv4 Internet to an ISP that supports the IPv6
Internet to get to the IPv6 host. And so this could be used for any type of IPv6 network,
whether we're dealing with accessing the IPv6 address of an Internet search engine or social
network provider or website of any type, whatever it is we are trying to reach. So in terms of
our configuration, we do have Set-NetTeredoConfiguration which we can use to establish
exactly where our Teredo server is or netsh interface teredo set state also can be used to
enable or disable this, and set the end point. And like we said, Teredo clients are going to look
at teredo.ipv6.Microsoft.com by default, out of the box, but we can override that if we want, and
configure that. Our own DNS name, and our own Teredo server to provide that resolution. So
gang, these are different transition technologies, and you definitely want to think about the
case situation, what services they support, and when we would want to call upon some of
these different translation technologies.
Border Gateway Protocol (BGP)
Learning Objective
After completing this topic, you should be able to
◾ implement Border Gateway Protocol (BGP)

1.
[Topic title: Border Gateway Protocol (BGP). The presenter is Jacob Moran.] Gang, if you're
like most Windows Server administrators, you have not had to do much with the Border
Gateway Protocol before. But starting with 2012 R2, we've seen BGP start to become a big
deal when it comes to Microsoft support for routing. So let's take a look at BGP, and how it's
going to fit into the Server 2016 scenario. BGP is a dynamic routing protocol, meaning it's a
protocol that will share the routes that it learns with other routers so that endpoint network
destinations do not have to be identified manually on each and every router. But instead, the
routers can share what they know and automatically learn routes, become smarter, forward
packets intelligently, do the job that we expect routers to do. So this could be between our
various physical networks, as we of course originally started off with, with BGP routing, with
VM networks, and for site-to-site remote routing. So several different scenarios, all of which
are associated with the idea of using BGP, which is defined as an exterior gateway protocol as
opposed to OSPF, EIGRP or RIP version 2, all of which are interior gateway protocols. So this
was designed to be able to support routing throughout the Internet. But we're going see that it
can support situations of site-to-site routing, of being able to support a multitenant solution,
especially with the virtualized environment. A lot of good things we can do with BGP in
Windows Server 2016.

Now taking a quick look at the features, it supports both internal and external peering. In other
words, finding partners to share information with. That includes connecting up to third-party
devices, like Cisco or Juniper. It supports IPv4 and IPv6. For a quite a few generations BGP
has had the extensibility to support IPv6. The peering modes can be mixed, which both
actively solicits BG peers and responds to their solicitations, or passive, where it is simply
waiting for solicitation from another device. So depending on your environment, what other
devices are out there, you may choose one or the other. We can add static routes and we can
transit between our interior gateway environment and our exterior gateway environment, so the
tables that are managed for the inside and for the outside. We can do route aggregation,
where multiple network endpoints are summarized with a single-line entry that aggregates
those individual routes into a single line. So that, for example, 254 subnets could all be
aggregated as a single subnet simply by modifying the subnet mass that is used for routing,
even though that's not the subnet mass that's necessarily used by the clients. So all great
features. So support for BGP comes through the Remote Access Service gateway. All right, so
the RAS gateway is going to be able to support that.

And again, we can configure that for a multitenant mode which provides that dynamic routing
using BGP to support individual clients. We can also use that within a single tenant by simply
configuring our LAN router configurations. So we can use that for a single tenant, not for
multitenant mode. So again, it can work either way depending on our goals. We can install the
routing service in the Remote Access server role. And that can now be done without adding
the rest of Remote Access service. In other words, if I don't want direct access or VPN support,
I don't have to install all of that if I just want the core routing functionality. [A diagram displaying
a Customer Site connected to a Cloud Service Provider through a S2SGW server, an Edge
router, and a S2S GW+BGP Router is displayed. The ASN for the Customer Site is ASN-
64001 and the ASN for the Cloud Service Provider is ASN-64002.] So when we think about a
deployment scenario and what this might look like, we see here a RAS VPN Gateway with a
BGP edge router. So notice we have up at the top, one particular site. We have another site
here, and we're designed to focus as a Cloud Service Provider. We've got our site-to-site
gateway endpoints here that are being connected through a site-to-site VPN. We're using an
exterior border gateway protocol configuration [e(BGP)] here in order to be able to supply the
information to our two endpoints about the networks that are maintained here and here, [The
Cloud Service Provider and the Customer Site.] those individual subnets. So that we can route
back and forth between them, so a dynamic routing protocol. Again, when we configure this
eBGP, we'll be exchanging the routing information.

So I've got a network, here's how you get there. Each site has to have a unique Autonomous
System Number. And the ASN is going be used for our aggregation to say these individual
subnets, route them through this ASN. [The two ASNs are ASN-64001 and ASN-64002.] All
right, so that's essentially identifying the ownership of a particular location. So the edge router
is going to run BGP with the internal router to learn internal routes, OSPF, RIP, things like that,
to distribute those. But the border gateway protocol is what's being used to convey that on the
outside over this VPN connection. So through that, we end up being able to easily and with a
high degree of compression and granularity, be able to support pushing out these VPN
configurations. So let's look at the actual, some of the setup that we would use. So there's a
whole set of PowerShell commandlets that are going to be used in order to facilitate BGP
deployment. So we install the Remote Access service, and if we want, like I said, we can say
RoutingOnly.

We just want to have a BGP-enabled LAN router and we're not trying to support the
multitenant capabilities that come with RAS, so that's an option there. And then when we want
to install RAS in multitenancy mode, then we install Remote Access, and this is after adding
the feature, of course. This is what actually configures the initialization of remote access. We
can install Remote Access for MultiTenancy and then we define Remote Access Routing
Domains. They indicate the protocols that'll be supported. [Enable-
RemoteAccessRoutingDomain -Name RD01-Type All, Enable-RemoteAccessRoutingDomain -
Name RD02-Type All.] And so with this we will actually have BGP support across both of these
different domains, and then we can start filling in some additional properties. Well gang,
hopefully that gives you a good perspective on BGP, an exterior gateway protocol, now
supported in Windows Server 2016, providing edge support for multitenancy, or single tenancy
environments, to be able to get our routing information across from one network to another
safely and securely.
Configuring Windows 2016 Routing
Learning Objective
After completing this topic, you should be able to
◾ configure IPv4 and IPv6 routing

1.
[Topic title: Configuring Windows 2016 Routing. The presenter is Jacob Moran.] So you'd like
your Windows server to function as a router, no problem. [The Server Manager window is
open. The Dashboard section is displayed and it displays buttons such as manage, Tools,
View, and Help.] In Windows Server 2016, we can head to Manage and Add Roles and
Features. [He clicks the Manage button.] Click Next a few times to select the current server
that we're managing. [He runs the Add Roles and Features Wizard.] And add the role under
Remote Access of Routing. [Under the Remote Access (2 of 3 installed) node, there are
subnodes named DirectAccess and VPN (RAS) (Installed), Routing (Installed), and Web
Application Proxy.] I've already done that to speed up the process. Of course, we could use
PowerShell and use Install-WindowsFeature with the name of routing and include the
management tools to accomplish the same goal.

Once we've done that, we can head to the Tools menu or to Start and fire up Routing and
Remote Access. This tool will give us everything we need, [The Routing and Remote Access
window opens. The window is divided into two sections and the first section displays the
Routing and Remote Access node. This includes subnodes such as Server Status and
STORAGE205 (local). The second section displays information related to the selection made
in the first section.] but you'll notice that the service is not even started. [He right-clicks the
subnode STORAGE205 (local).] You must first right-click and choose Configure and Enable
Routing and Remote Access to begin the process. [The Routing and Remote Access Server
Setup Wizard opens. Many options for Configuration are displayed, some of which are Remote
access (dial-up or VPN) and Custom configuration. Remote access (dial-up or VPN) is
selected by default.] If you're looking for standard routing, rather than routing with network
address translation, you're actually going to choose a Custom configuration. And simply select
LAN routing, which means it will route between multiple interfaces that it supports. [The
Routing and Remote Access dialog box opens.]

While it's doing that, I'll go ahead and let it start the service. [He clicks the Start service button.]
I'm going to right-click open my Network and Sharing Center so you can see I do, in fact, have
two network connections. [Storage Network and vEthernet (External).] And that's generally
what you would want, is an expectation of a situation where you have both a left and a right
side relative to this specific box. [He draws two boxes to explain the two sides. The two IP
addresses are 172.16.0.0 and 192.168.5.0.] In my case, I have access to the 172.16.0.0
network in one area, and I have direct access to the 192.168.5.0 network in the other. And so
as something that lives in both networks, I have the ability to support routing between them.
[He switches to the Routing and Remote Access window. The STORAGE205 (local) subnode
displays subnodes such as Network Interfaces, Remote Access Logging, IPv4, and IPv6.] So
now that I've enabled that support, let me go ahead and expand this out. [He expands the
subnodes IPv4 and IPv6. Both the subnodes display subnodes named General and Static
Routes.] If we take a look at IPv4 and we look at General, we can see all of our interfaces, and
again the IP addresses and the bytes going in and out of them. And if I right-click on General, I
can actually specifically take a look at, I can add dynamic routing protocols, if I would like. [He
clicks New Routing Protocol from the shortcut menu.] Adding dynamic routing protocols
enables you to support protocols like RIP, [The New Routing Protocol dialog box opens.] the
Routing Information Protocol. [He selects the RIP Version 2 for Internet Protocol option.] Which
enables support for the ability for other routers that support RIP to share the networks that they
already know about. But to do that we have to kind of put an ear and a mouth on the network.
[The RIP subnode is created under the IPv4 subnode and he right-clicks it and selects New
Interface from the shortcut menu to open the new Interface for RIP Version 2 for Internet
Protocol dialog box.] We right-click and add an interface [vEthernet (External)] that will speak
the RIP protocol to its adjacent neighbors. [The RIP Properties - vEthernet (External)
Properties dialog box opens. It includes tabs such as General, Security, Neighbors, and
Advanced.] And we can use a broadcast or multicast, backwards compatible to RIP version 1 if
we'd like. [He clicks the Security tab.]

We can filter which routes we accept, [He clicks the Neighbors tab.] we can have an explicit list
of neighbors that we trust rather than trusting all of them. [He clicks the Advanced tab.] And we
can control the time frame parameters as well. I'm going to click OK. Also we can configure
static routes, we right-click on Static Routes. And I can view the current routing table, [He
clicks Show IP Routing Table in the shortcut menu.] which is important to know, okay, how am
I routing right now? [The STORAGE205 - IP Routing Table opens.] Which is, by default, based
upon essentially the network interfaces that I participate in. Notice I have two IP addresses that
it routes directly, and therefore it knows how to route into those networks. But there's also this
all zeros route, now that all zeros route is the default gateway that's in my standard TCP/IP
properties. Just so you know, [He right-clicks the Network icon and clicks Open Network and
Sharing Center in the shortcut menu.] the standard practice and best practice is to remove any
default gateway from the normal TCP/IP properties that you would have. So I'm going to
remove that route there [Internet Protocol Version 4 (TCP/IPv4) Properties.] that was kind of in
the routing table but not where I expected. And instead I'm going to configure a static route.
[He switches to the Routing and Remote Access window. He right-clicks the Static routes
subnode and clicks New Static Route in the shortcut menu.] So the equivalent of a default
gateway would look like this.

I'll say here is the interface to use, [vEthernet (External)] the destination is all zeros. That
means any network will work with any subnet mask, because I put all zeros there. And then I
indicate the specific router to go to, so in this case, 5.1 [192.168.5.1] is the director. Metric is
used if there are competing values to use. [The Metric value is 256.] Now I could also put in
static routes that are more specific, maybe in the other direction. I have access to the
172.17.0.0 network, and I want to indicate that that network Class B style Subnet mask is
available off of 172.16.0.01. So I'm indicating essentially if you're looking for that network, don't
go to the default gateway, go the other direction. And it'll be behind this router here.
[172.16.0.1.] So that's there for IPv4, we can do the equivalent over here in IPv6. There's no
dynamic routing protocols to support in Windows for IPv6. But we can head to our static
routes, right-click and add a new static route in the same way. And indicate off of whatever
interface is appropriate that there's a destination network, let's say it was something like this,
[2001:100B::] slash 64, standard first half is network, second half of the IPv6 address is host.
And then the gateway might be 2001. I'm in the 1001 network and my router is address 1
there. So IPv4 or IPv6 routes can easily be added.
Install the DHCP Server Role
Learning Objective
After completing this topic, you should be able to
◾ install and configure DHCP servers

1.
[Topic title: Install the DHCP Server Role. The presenter is Jacob Moran.] The process of
installing DHCP in Windows Server 2016 is an easy one. [The Server Manager window is
open.] Whether or not we use the graphical or a PowerShell based instruction set, if you will,
the steps that you're going to follow through. In the graphical environment we'd head to
Manage to Add Roles and Features, click Next and Next. [He clicks the Manage button and
clicks the Add Roles and Features option from the flyout menu.] Pick those specific server, the
default local server's all I need. [He clicks through the Add Roles and Features Wizard.]

Click Next, and then we'll add a check mark to DHCP and let it add the role administrative
tools. Under an administrative PowerShell prompt, we could get the equivalent set of
instructions in place [He opens Windows PowerShell.] by using the Install-WindowsFeature
cmdlet with the name of DHCP and remembering to include management tools. So we'll go
ahead and execute that and DHCP will soon be installed. Once that's in place, we will have a
set of DHCP tools and DCHP cmdlets. All right, as you can see, we now have Success. Life is
good, let's take a look. If we do a Get-Command and reference *dhcp*, we can see, wow, look
at all the cmdlets we have to manage our DHCP Server.

Now notice there is DHCP Server cmdlets that are all listed out here, and those are the ones
that we're going to want to use to manage DHCP as a process, all right. So again, lot of great
cmdlets available to us. We can go back to our graphical environment where we cancel out
here, [He switches to the Server Manager window.] and here inside of Server Manager, notice
we have a flag telling us [The Flag icon adjacent to the Manage button.] that we need to
complete our DHCP configuration. When we do that, we'll be able to then [He clicks the Tools
button.] start using our DHCP tool, [He clicks DHCP from the flyout menu.] our MMC, that will
be available to us by default, focusing on the local system.
Authorize a DHCP Server
Learning Objective
After completing this topic, you should be able to
◾ authorize a DHCP server

1.
[Topic title: Authorize a DHCP Server. The presenter is Jacob Moran. The Server Manager
window is open.] One thing you may not know about DHCP is that after the initial installation of
the DHCP service on a server, there's another step. [He clicks the flag icon.] A post-
deployment configuration that we must complete, that certainly the Server Manager makes
very apparent to us, [He clicks the Complete DHCP configuration link and the DHCP Post-
Install configuration wizard opens.] and that is authorization. So you can see, it tells us that it's
going to create a couple of localized groups, DHCP Administrators and Users for delegation,
and that we must authorize DHCP in Active Directory.

Now, why is that the case? Well, DHCP requires that we actually be, DHCP limits itself and
actually will ignore incoming clients that are requesting a DHCP IP address. [He draws a
diagram depicting incoming clients into the DHCP.] Unless DHCP can validate with its Active
Directory forest that it is trusted to hand out IP addresses. And so that helps to prevent any
accidental rogue installations of DHCP. So that process is done here inside of DHCP [In the
Authorization tab.] but it requires an Active Directory administrator who is a member of the
Enterprise Administrators group. So you must be an Enterprise Administrator in Active
Directory in order to perform this action. Once that is the case, then you'll be authorized and be
able to have this server do that. And again, it's Enterprise Administrator because this list of
trusted DHCP servers is actually maintained in the configuration partition of Active Directory,
which is shared forest-wide.

Forest-wide, right? You don't want an administrator in a different domain suddenly firing up
DHCP in your subnet, causing you to no longer be able to have correct IP configurations, so
it's an Enterprise Administrator action. I am a member of the Enterprise Administrators group,
this account right here [EARTHFARM\jacob] will work fine, so we can use these credentials
and click Commit. And it has created the groups, again, it's failed this because I've already
actually added this prior. So therefore, it is already present in the directory service. But again,
the first time through it'll tell you it's authorized, unless it fails because you aren't a member of
the Enterprise Administrators group.

In which case, you'll need to find someone who is to complete this action. If you need to
complete it after the fact, let me show you that inside of the DHCP management console, [He
clicks Tools and clicks DHCP.] we can select a particular server. [The DHCP window opens
and he expands the storage205.earthfarm.com subnode to display the two subnodes IPv4 and
IPv6.] And you'll notice that we can right-click it to Unauthorize a server, easy enough. That
removes it from the administrative support of Active Directory, removes it from that list that's
managed in the configuration partition. And then once that has committed, then we can
actually reverse that process right there and authorize the server. [He right-clicks
storage205.earthfarm.com and clicks Authorize from the shortcut menu.] There we go, right-
click and Authorize. Again, that only will work if I am an Enterprise Administrator here, just like
in the earlier wizard. Notice that we have the down turned red arrows while we are in an
unauthorized state. Because, although I can build and manage DHCP services, the service is
up and running, it is ignoring clients until it is authorized. Okay, we're back to an authorized
state and we're ready to respond. If you're looking for the PowerShell equivalent of
authorization, [He switches to the Windows PowerShell.] it's actually an odd little set of
cmdlets, it's actually, it's Add, Get, and Remove-DhcpServerInDC, all right? As in, what DHCP
servers are in domain controller services? So for example, we can do get-dhcpserverindc, and
you can see the list of all my currently authorized servers to provide DHCP services in Active
Directory. And if I wanted to add an additional one, again, we could do Add-DhcpServerInDC.
And we can actually reference it by IP address or by DNS name, depending on how we'd like
to call for it. And it will invoke that and add it to that environment. Once again, remember you
must be a member of the Enterprise Administrators group in order to commit this, whether
you're in PowerShell environment or in the graphical environment.
DHCP Scopes
Learning Objective
After completing this topic, you should be able to
◾ create and configure scopes

1.
[Topic title: DHCP Scopes. The presenter is Jacob Moran.] The purpose of DHCP is to hand
out IP addresses. [The DHCP window is open. The window is divided into two sections. The
first section displays the DHCP node. The second section displays two networks IPv4 and
IPv6. The DHCP node displays subnodes such as IPv4 and IPv6. The IPv4 subnode displays
subnodes such as Server Options, Policies, and Filters. The IPv6 subnode displays the Server
Options subnode.] And in Server 2016, in the DHCP console, we can do that by defining
scopes of IP addresses we want to hand out. We'll right-click IPv4 and choose New Scope,
which takes us to the New Scope Wizard. And then we need to define some basic properties,
like a Name, [He enters TestScope as the name.] Description, if needed.

Then the first and last IP addresses that we're going to be handing out. So let's say, from
192.168.5.150 to 5.199. [Till 192.168.5.199.] We'll define the CIDR notation, the length of the
subnet mask, here. Again, we can define it that way, or we can simply type out the subnet
mask. [255.255.255.0] And then, if there are any IP addresses we should not hand out that are
within the range, we can exclude those here. [In the Add Exclusions and Delay page.] So for
example, if I knew that maybe there was a static assignment already handed out for
192.168.5.155 as a particular address, I could hand that out. Then we have the Lease
Duration, how long will the lease be good for in this scope for clients, and the default is 8 days.
And remember, they'll renew and half the lease and every time they reboot, automatically.
Then additional options can be configured. [In the Configure DHCP Options page.] And the
basic options that we usually configure are the router, how do I get out of here? So, whatever
the correct IP address is of a default gateway, [192.168.5.1] and then, the domain information.
Which, it will actually automatically insert in the wizard from the DHCP server's properties,
which is why it has earthfarm.com and my current DNS server.

If you use WINS servers, you can put their IP address in as well. We're going to activate this
scope, which means it's ready to respond to clients immediately. And we can see the scope
has now been built. [The subnode Scope open square bracket 192.168.5.0 close square
bracket TestScope has been created and it includes subnodes such as Address Pool, Address
leases, Reservations, Scope Options, and Policies.] We can see the pool of addresses and
exclusions. Any current leases, no one's using an address yet. Reservations, and scope
options that have now been defined. To build out scopes in PowerShell, [He opens the
Windows PowerShell.] we can launch an administrative PowerShell prompt. And then we can
add a DhcpServerv4Scope. So what things will we need to provide? Things like a name,
PSTestScope. We'll give it a starting IP address. So start the range at 192.168., we'll say
7.150, and the end of the range, 192.168.7.199. We'll define its state is active. And we'll define
its SubnetMask as 255.255.255.0. So we've got a beginning and end SubnetMask, and its
current state is Active. So that's a great start. All right, so now that's added, no errors, good
sign. Let's get back over here [He switches to the DHCP window.] and refresh. And we can
see, there's our PSTestScope. And we see the pool of addresses. Now, when we build it in
PowerShell, it does not have the ability to define exclusions on the fly there, [He switches to
Windows PowerShell.] addresses that it avoids handing out. To do that, it's Add-
DhcpServerv4ExclusionRange, and we will reference the ScopeId, in other words, what subnet
is it associated with, 7.0. And then again, the start range, 192.168.7.155, and the end of the
range, 192.168.7.155, make it the same address if there's only one IP address you're
excluding. And there you go. In fact, you can get all of the DhcpServerv4Scope exclusion
ranges that apply for any of those particular subnets that we have right there. And if we head
over here to the graphical environment and refresh, [He switches to the DHCP window.] you
can see the exclusion. Additionally, any scope options are also not defined when we build out
our scopes using PowerShell, those will have to be defined separately. We'll look at that
separately, as well.
DHCP Superscopes
Learning Objective
After completing this topic, you should be able to
◾ create and configure superscopes

1.
[Topic title: DHCP Superscopes. The presenter is Jacob Moran.] If you have a multinet, which
is basically an environment where I have a network that has a router attached to it, there's a
little router icon. And I've got various different clients and servers that are participating in that,
maybe printers and other devices. Maybe even wireless devices are part of this, [He draws a
network consisting of many devices and a router.] again that's all layer two questions of how
they physically and logically get attached. But they're all on this side of the router, right? On the
other side of the router, there are other networks.

But what happens when I define something like this? Here we see 192.168.5.0, which is a
class C network, which means it only has room for 254 addresses. What happens when this
side of the router now needs to be able to support 300 addresses? Well potentially, you could
change the subnet mask, and modify all of these clients to get a new lease with new
properties, or you could potentially setup a multinet. A multinet is when multiple subnets live on
the same side of the router. It requires that the router actually support multiple IP addresses
assigned to that same interface. So maybe a 192.168.5.1 address and maybe a 192.168.7.1
address. And then when a client gets an IP address, it could get from DHCP, we could set it up
so that it could ask for an IP address. And could receive an IP address in either the
192.168.5.0 scope here, or in this case, the 7 scope. [192.168.7.0.]

You could make both pools available to it. Now this does not, in any way, reference VLANs.
VLANs would isolate. The whole point of a multinet is that we have two subnets that are not
isolated from each other, but they coexist in the same network. With a router that supports
being able to ingress and egress and even deliver the traffic back and forth between clients in
the different subnets. It's not an efficient way to run a network because broadcasts from one
network will affect the other. But it is certainly, at least a temporary solution. For DHCP to
participate in this kind of multinet solution, what we need to do is right-click on IPv4 and
choose New Superscope. [The New Superscope Wizard opens.] The Superscope is the tool
that allows you to have multiple networks, multiple individual scopes participate as a single
scope as far as DHCP is concerned. So we're going to call this SuperTest1. We need to pick at
least two scopes to be a part of it. Well one or more, but really, two to make it effective, and
you can see now over here on the left hand side, these are grouped together. Now the
Superscope itself doesn't really have any properties [He right-clicks Superscope Supertest1
and clicks Properties in the shortcut menu.] other than its name. But when a client receives a
broadcast, and it knows that it's possible to respond to that broadcast with an IP address from
either five or seven, then it will participate by handing out one of those available addresses. Six
of one, half a dozen another, it's very even between the two, and it will distribute the load
between the two. In PowerShell, [He switches to Windows PowerShell.] We take a look here.
Look, we have Add-DhcpServerv4Superscope and Get-DhcpServerv4Superscope as well as
remove and rename. So and we can even see the statistics to see what IP addresses are
being handed out. So, Serverv4Superscope. All right, so there's our existing Superscope. And
if we look at statistics, we can actually see the number of scopes, [The number of scopes is 2,
the available scopes are 98.] how many are available, what's in use and the percentage in use
across the Superscope. Because the whole thing is increasing the potential availability to hand
out IP addresses beyond the initial subnet defined maximum number of clients that are
potentially available.
DHCP Multicast Scopes
Learning Objective
After completing this topic, you should be able to
◾ create and configure multicast scopes

1.
[Topic title: DHCP Multicast Scopes. The presenter is Jacob Moran.] In addition to being able
to build standard scopes and super scopes, [The DHCP window is open. The window is
divided into three sections. The first section displays many nodes and subnodes. The second
section displays information related to the selection made in the first section. The third section
is titled Actions.] I want to also talk about multicast scopes. So you'll remember that we have
our class A, B, C, and D addresses. That A, B and C are all four unicast, but class D
addresses are for multicast. In the multicast range in IPv4 goes from 224.0.0.0 to
239.255.255.255. And every one of those stands alone as a unique address. What is
interesting is that you can have what is known as a MADCAP application that contacts DHCP
and says, [He draws a diagram of a MADCAP application connected to a DHCP.] hey, I need
to set up some video conferencing, or some teleconferencing, or something that uses
multicast, maybe imaging, and so I need an available multicast address that no one else is
using.

The application contacts DHCP, gets the address, and then that is what it will share with all of
the clients that participate in that video teleconference or audio teleconference or imaging,
whatever it might be. [He draws many participants connected to the application.] And
therefore, these folks will be able to engage in a multicast communication, because they have
an acceptable, unique multicast IP address to work with. So, we said that to say this, we can
build that in DHCP. First, I'm just going to go ahead and delete this super scope. Just you
know, deleting a super scope does not get rid of the contents, only of the overarching
framework. In other words, you'll notice that the original scopes are still here.

All right, let's talk about multicast scopes, then. We're going to select IPv4, and just for fun,
we'll go over to more actions on the right this time, [In the Actions section.] same thing as right-
clicking, and choose New Multicast Scope here in the DHCP console. That'll launch the wizard,
[The New Multicast Scope Wizard.] you can't go wrong. Click Next. And we're going to call this
Test for Imaging. Let's say I wanted to test multicast out over imaging. And then there are the
ranges that are available. So 224.0.0.1, [The Start IP address.] again, 224.0.0.255 [The End IP
address.] for example. Notice, I even could use zero. [He changes the Start IP address to
224.0.0.0.] Every one of these addresses stands alone. If you were to think of a subnet mask
that goes along with them, it's 255.255.255.255. They stand alone, but are shared in addition
to the unicast addresses owned by a client. So we can use that. We can add exclusions just
like we would with IPv4. We can define the lease duration, how long these are going to be kept
by the MADCAP application server. And we can activate it. [He closes the wizard by clicking
the Finish button.] And so that's easy enough to build one of these out. And so now if you have
that type of application, including, by the way, that could be for a multicast services such as the
Windows deployment services, that would use that as well. Then, again, we've got our pool
and our current active leases, which there aren't any. Can I do it in PowerShell? Of course you
can. [He opens Windows PowerShell.] As you can see, I've already typed this out to save
ourselves a little time. [Add-DhcpServerv4MulticastScope -ComputerName "storage205" -
Name "TESTMulticast_AudioConference" -StartRange 225.0.0.0 -EndRange 225.0.0.30 -State
active -Ttl 20 -LeaseDuration 20.]

Add-DhcpServerv4MulticastScope. ComputerName is the local computer in this case. The

Name, TESTMulticast_AudioConference. Then the starting range, [225.0.0.0.] again, need to
work with class D addresses. [225.0.0.30.] Here's a block from 0 to 30 beginning with 225.
Active to say that it's, [-State active.] again, an active scope. Time to live, [-Ttl 20.] and the
LeaseDuration. [-LeaseDuration 20.] All right, with that in place, we'll go ahead and execute
that. And took it just fine. Again, if we need to add any exclusions, that would be Add-
DhcpServerv4MulitcastExclusionRange, just like it is with standard scopes, it's in a separate
cmdlet to define exclusions. But we can head back here and refresh. [He switches to the
DHCP window.] And here in IPv4, notice we have the two Multicast Scopes now. [Multicast
Scope open square bracket TESTMulticast_AudioConference close square bracket and
Multicast Scope open square bracket Test for Imaging close square bracket.] Got this new one
available with an address pool in the 225.0.0.0 to 225.0.0.30. All right, so that's just how hard it
is to set up multicasting in DHCP.
DHCP Reservations and Exclusions
Learning Objective
After completing this topic, you should be able to
◾ configure DHCP reservations and exclusions

1.
[Topic title: DHCP Reservations and Exclusions. The presenter is Jacob Moran.] As a DHCP
administrator, [The DHCP window is open.] one of your key jobs definitely is to know the
difference and to know how to manage both your reservations and exclusions. So when we
talk about a reservation, we're saying that there is a particular pool of IP addresses managed
by DHCP, and a reservation ensures that there is a particular address that is guaranteed when
a particular client makes that request. [He draws a diagram displaying a pool of addresses
managed by the DHCP. This pool includes a specific address connected to a specific client.]
That's very different though from exclusion. And exclusion says that within the pool of IP
addresses that begins at one address and ends at another, where's basically a number line
there, that there is a particular address or set of addresses that will never be handed out. Why,
because those are probably statically handed out to particular devices or managed by another
DHCP server.

So, with that said, how do we manage the reservations and exclusions in Windows Server
2016 DHCP? Well, we can take a look at our scopes here, [In the IPv4 subnode.] and when we
go to the Address Pool, remember, we can see our various different exclusions. Now we can
create exclusions when we first build our DHCP environment. We can always right-click and
create a New Exclusion Range, [The Add Exclusion dialog box opens.] for example,
192.168.5., let's say 190 [Start IP address.] through 192.168.5, let's say 191, [End IP address.]
all right. Easy enough to add a range of IP addresses to ensure that we never hand those out,
because they're assigned to static devices. The PowerShell equivalent, I'm going to open up
the PowerShell ISE here, and I've got a script already lined up to make this easy. Add-
DhcpServerv4ExclusionRange is the cmdlet. You reference the ScopeId to define the pool of
addresses you're talking about. Then you define the start range and end range to identify the
IP addresses you want to ensure that you never hand out.

So let's say it was from 5.192 to 5.193. We'll execute that, [He clicks the Run selection button.]
great. Range is built and if we head back over here and refresh. We can see, sure enough that
was added. Now, reservation is a little different. When we talk about reservations, [He expands
the Reservations subnode.] we're talking about insuring that a particular IP address is handed
out to a particular device. Now I've got some existing reservations. I'm going to get rid of those
so we can start it from scratch. So in reservations all we need to do is right-click and say New
Reservation and then we can define it. [In the New Reservation dialog box.] So we're going to
go call this TestRes, you identify the specific IP address within the pool that you would like to
be able to offer out, let's say it was 192.168.5.160. And then you identify the MAC address that
is bound to that. I'm making one up. Remember, that's the hexadecimal value. You can find
that in a lot of different ways, depending on the client, to identify its MAC address ahead of
time if you would like. [0011223344aa] And then you can identify the description of what it's for.
So then maybe this is an Admin Laptop. And the protocol typically going to support DHCP in
BOOTP.

Although, really 99% of everything is DHCP. BOOTP is very legacy at this point. So that's a
reservation. Now it inherits the same options, but you can customize them. But at this point,
the key thing to note is that MAC address will always get the same IP address. Can we do the
same thing in PowerShell? Of course, let's take a look in the PowerShell ISE. The cmdlet Add-
DhcpServerv4Reservation. Then reference the ScopeId to build the reservation in, the IP
address you want to reserve, and then once again the MAC address, right? Whatever is that
MAC address that you need to ensure is created. All right, so that allows us to build that
reservation. And interesting, if we do Get DhcpServerv4Lease and then identify the scope that
we would like to observe, 5.0, we can see all of our leases, including inactive reservations.
Basically showing me these IP addresses are least, at least in the sense that they are no
longer available in the pool for just anyone else to get. Only for these specific MAC addresses
to make requests for. We can see that also if we were to go here to leases, but let me show
you something also very cool. If I right-click on an existing lease we can instantly add them to a
reservation so as to make that a much easier process. I don't have to go look up the MAC
address, that guy now has a reservation and it automatically pulled in the MAC address
immediately. We can do the same thing in PowerShell if we'd like. For example, I could get a
DHCP lease for a particular scope like we just looked at. Here's a particular MAC address that
I would like to be able to bring in. Let's say it was this one right here for the SQL1 device, so I
can take that and if we make that the MAC address, and we execute that, that allows me to
find just one lease. And I can pipe that to Add-DhcpServerv4Reservation to essentially create
the equivalent of right-clicking and generating a brand new reservation based upon an existing
MAC address.
DHCP Options
Learning Objective
After completing this topic, you should be able to
◾ configure DHCP options

1.
[Topic title: DHCP Options. The presenter is Jacob Moran.] In DHCP, we see options in many
places. [The DHCP window is open.] They're at the server level to define options that will apply
across the board for all devices, no matter what particular pool that they are in, whatever
scope might apply to them. [He right-clicks Server options and clicks Configure Options.] A
great example for that might be your option number 6, your DNS server.

To indicate that there's a particular IP address of a DNS server that you want to reference that
people use, no matter what subnet they belong to, right? Because DNS is not something that
needs to be local. However, there are other options that you'll define at the scope level. Notice
at the scope level, we have Scope Options. And we can receive options from a higher level. If
we refresh that, there's that inherited option, server option 6. [006 DNS Servers.] You can see
the server icon there along with these particular options that are at the scope level. Now these
were built when I first managed and created this scope. If we go right-click and choose
Configure Options, you can see things that need to be localized might include your Router,
right, to make sure that that is a local router. [In the Scope Options dialog box.] We have all
sorts of different options that are available to us to manage different settings, most of which,
honestly, are not configured most of the time. Most of our devices do not need these special
options that are all identified by their unique option number. [He scrolls up and down all the
options in the Available Options section.]

But, for example, if you wanted to specify everyone's Time Server is at a particular IP address,
[He adds the IP address 192.168.5.254.] assuming you had setup the NTP protocol, port 123,
you could easily do so with that IP address configuration there. And now that will apply to
everyone who receives an IP address in the 192.168.5.0 scope. If I right-click and go to, well
actually I'm going one more level deep. If we go to Reservations, all reservations inherit the
server and the scope level options. But we can configure their options as well. [He clicks the
subnode open square bracket 192.168.5.160 close square bracket Testres under the
Reservations subnode. He then right-clicks in the second sections and selects Configure
Options. The Reservation Options dialog box opens.] And anything at a child level is going to
override anything at a higher level. So scope options override the server options. Reservation
options override both server and scope options.

So if this device needs to have a different DNS Domain Name, [He selects the checkbox 015
DNS Domain Name.] we can easily specify [He enters brocadero.com in the String value
textbox.] that just for that one reservation without affecting everyone else that's receiving
options from that scope. In addition to these standard options, should be noted that on the
Advanced tab at every level, we have the ability to see the user class and vendor class
options. Vendor class options, what I want to point your attention to right now, the defaults are
Microsoft based options. But programmatically, additional vendor classes can be added for
things like Cisco phones or other types of devices. And these are essentially recognizing flags
that identify the operating system that's making an IP request, and then giving them options
that apply based upon that OS. If you're Microsoft, you can disable NetBIOS with this check
mark. If you're Microsoft, you could automatically release your lease on shutdown. That could
be a built-in property that you support. And DHCP can trigger that.

And both of these have default values that essentially turn those features on, by the way. So if
we Apply that and click OK, you can see we have this reservation because that's where I was
configuring options. Now has a couple of specific DHCP options to disable NetBIOS and
release its DHCP lease on shutdown, which can be great for laptops to ensure that the IP
address goes back into the pool every time there is a shutdown process. Now if we head over
to our PowerShell environment, of course, we'll see that we have the ability to go ahead let's
try that again. [He executes the command get -command *dhcp*option*.] We have quite a few
cmdlets that work with setting those DHCP values so we have add, get, remove, and set
DHCP server v4 and v6 option definitions. That's when you actually define what options are
available when you need to customize it from the ground up and setting the values, which is
how we apply those values in context. So if we take a look here, we could get our option
values for a particular scope. [He executes the command Get-DhcpServerv4OptionValue -
ScopeId 192.168.5.0.] And there we have it. All right, so we see option 51, 3, 15 and 4 have
been set up for the 192.168.5.0 scope. And so, again, those are the important properties,
option 51, you may not have noticed, that's your lease time. That's how long you have that. So
that's not usually viewed as a lease option in the graphical environment, but here in
PowerShell, we can see it defined there. If you're wondering, again, what is the list of all the
options that you can set, [He executes the command Get-DhcpServer4OptionDefinition.] here
they all are, all defined. So, for example, there's option 42. Let's scroll up there. Option 42, our
network time server, NTP server. And then you've got standard options like option 6 for your
DNS server, option 15 for your domain name, option 3 for your router. [He scrolls through the
output.] To set those values, again, we have Set-DhcpServerv4OptionValue. Reference the
scope ID. And then, we'll find that there are some switches for common things we might like to
be able to manage, like DNS domain, DNS server, your router. So there's built in switches for a
lot of things like that. But then you could always use the option ID switch, in order to setup
other values and again, customize options [He clicks the Run selected button to execute the
command: Set-DhcpServerv4OptionValue -ScopeId 192.162.5.0 -DnsDomain brocadero.com -
OptionId 42 -Value 192.168.5.254.] within our network. Just make sure that you don't try and
execute multiple values on the same line. So, -dnsdomain brocadero that would be one
command and -OptionId 42 that would be a separate command to get those values in place.
DHCP Lease Period
Learning Objective
After completing this topic, you should be able to
◾ configure a lease period

1.
[Topic title: DHCP Lease Period. The presenter is Jacob Moran.] One of the things to make
sure that you get right for any particular scope is the lease time. [The DHCP window is open.]
We can see that if we bring up the properties of the lease that was defined when we first set it
up, [He right-clicks the subnode Scope open square bracket 192.168.5.0 close square bracket
TestScope and clicks Properties in the shortcut menu.] how long is this available for. And the
default is actually eight days and zero hours when we build a lease using the scope wizard
that's inside of Windows Server 2016. And eight days is relatively stable, though if you have a
stable environment with plenty of IP addresses and a lot of desktops that aren't going
anywhere, or servers and printers that aren't going anywhere, you might extend that out to
even 14, 16 days, something like that.

So that clients don't even attempt to renew their lease except when they reboot, and at half of
the lease interval. If for some reason DHCP is not available, at half the lease interval, they will
still have a lease, but they will try again at seven-eighths of the lease interval to renew their
lease and get things up and rolling again. So that's built-in to DHCP, it works great. Keep in
mind, if you have a more dynamic environment, you might prefer to have something like
maybe only 30 minutes, so that clients keep their IP address and check every 15 minutes, is it
okay to keep this IP address? Should I change, is this still okay, boss? And if DHCP's not
available, or they move out of that range, then they will release that lease.

And DHCP knows if the client disappears and it hasn't heard from it in half an hour, go ahead
and make that IP address available for new clients. That's great when I have a relatively small
pool of addresses that I need to share amongst a larger number of clients, lots of wireless, lots
of bring your own devices, and things like that. So easy enough to change that here in the
properties. [He sets the Days spinbox to zero.] Behind the scenes, you're actually changing an
option. All right, so that's a hidden option, so we can use Set-DhcpServerv4OptionValue for a
particular scope. The OptionId 51 is the lease time, and you set it as a value in seconds. So, if
I set it to 3,600 seconds, [He clicks the Run selected button to execute the command Set-
DhcpServerv4OptionValue -ScopeId 192.168.5.0 -OptionId 51 -Value 3600.] that's an hour.
We can see that enabled right there. And if we head back and refresh, [He switches to the
DHCP window.] we should see instead of 30 minutes, there it is, [He right-clicks the subnode
Scope open square bracket 192.168.5.0 close square bracket TestScope.] set for one hour.
So, again, just another way to manage that particular property, and ensure that your DHCP
environment is as responsive as you'd like in making unused IP addresses available for new
clients.
DHCP and DNS Integration
Learning Objective
After completing this topic, you should be able to
◾ configure DNS options from within DHCP

1.
[Topic title: DHCP and DNS Integration. The presenter is Jacob Moran.] DHCP as a service
provides a function that you may not be aware of, [The DHCP window is open.] and that is this.
When a client connects to our DHCP server, [He draws a diagram of a client connected to a
DHCP server.] the client normally would have a process of dynamic registration with DNS. But
instead, DHCP is actually able to perform that registration of the client's IP address and name
values that it has learned through that process, allowing the client to move on to bigger and
better things. That process is run right here in the properties of, for example, a Scope. Look at
the Properties, we have a DNS tab. [He opens the Scope open square bracket 192.168.5.0
close square bracket TestScope Properties dialog box.] You'll see that out of the box, by
default, we are enabled to perform DNS dynamic updates, to put the A and PTR records into
the DNS server on behalf of our DHCP clients. Again, we can dynamically update only if
requested, [He selects the Dynamically update DNS records for DHCP clients that do not
request updates (for example, clients running Windows NT 4.0).] or we could perform that for
all records, whether requested or not, as long as the client supports dynamic update in the first
place.

You have an option for legacy clients that do not have the flag that indicates that they're aware
of dynamic update. And you can register for them as well. But again, if you want to populate
that information and put it in place. You can disable the PTR support if you aren't concerned
about reverse lookup records, where people look up IP addresses to find out names. So these
are the key properties there. [He deselects the previous selections.] I'm a big fan of discarding
those records when the lease is deleted. So we don't have old legacy information tied up in
DNS. Where it thinks that certain host names are associated with IP addresses that have now
moved on to other clients, right? You don't want that in place. So discarding is definitely a good
thing to do to make sure that everything is set up correctly. And of course, we can manage this
in PowerShell just as easily. [He opens Windows PowerShell ISE.] If you run get-command
*DHCP*DNS*, you're wondering are there any commands that involve DHCP and DNS?
There's actually quite a few. But specifically, we're wanting to look at the
DhcpServerv4DnsSetting. So if we get that setting, [He clicks the Run selection button to
execute the command Get -DhcpServerv4DNSSetting.] we'll see, look there it is.
DynamicUpdates OnClientRequest, delete on release is True, and the other set values are
False. So we can use Set-DhcpServerv4DnsSetting and put in things like update for older
records is True, as an example of changing those values. Make sure that you use the Boolean
value of $true so that it can commit that setting. I need to identify the scopeid as well,
192.168.5.0, all right.

So let's try that again, with an appropriate minus sign before the switch, just to make sure that
works correctly. [He executes the command Set -DhcpServer4DnsSetting -ScopeId
192.168.5.0 -UpdateDnsRRForOlderClients $true.] And there we go, all right. It's in place. And
if we head back here and refresh, take a look at our Properties > DNS. And there's the
checkmark [The checkbox Dynamically update DNS records for DHCP clients that do not
request updates (for example, clients running Windows NT 4.0) is selected.] to support legacy
clients created from the PowerShell environment.
Exercise: Correctly Configure Basic DHCP
Learning Objective
After completing this topic, you should be able to
◾ configure DHCP for a given scenario

1.
[Topic title: Exercise: Correctly Configure Basic DHCP. The presenter is Jacob Moran.] So
gang, we're going to work through a little scenario here. You have a new network of wireless
clients that need DHCP support. You're going to need to use PowerShell to configure DHCP
so that you're supporting the 192.168.50.0/24 network. Ensuring that 50.1 is assigned to the
router correctly, that 50.254 also is already statistically assigned and is associated with the
DNS server. And that earthfarm.com is defined as the domain name. And we need to ensure
that an administrative workstation that has the MAC address of 00-11-22-33-44-FF is given the
IP address 192.168.50.100 in order to be able to utilize its firewall exception.

So do you know what you would need to do to make that happen? And that's great if you know
how to do that using the graphical environment, using the MMC, but remember, in this case,
we're looking at PowerShell. So what I'd like for you to do is pause the video, and then when
you've kind of figured out what steps you would go through, what cmdlets you would execute
to make that happen, then unpause and we will go through the process together. All right, let's
take a look at the process and the answer together. As you can see we're looking in the
PowerShell ISE, where we will execute these commands.

And the first one, of course, to be to build the scopes, so Add-DhcpServerv4Scope we give it a
name and the starting range and end range. Notice, I'm going ahead and using the entire
50.0/24 range, by indicating the first and last IP address in the range with a class C style
subnet mass, that's /24. I'm going ahead and starting it as active because I'm just going to run
through these commands one after another. But if I was going to be building this in stages, I
might start it with a state of inactive and then later on set the DhcpServerv4Scope for that
particular scope ID to be active later on. Then we'll need to exclude the static IP addresses
that are assigned to the router and DNS server, so we add a DhcpServerv4ExclusionRange in
our 50.0 scope.

In this case we're excluding from 50.1 through 50.1. Right, just one IP address and the same
thing for 50.254, beginning and end. Then, separately, we've got defining our options. So for
we'll use the Set-DhcpServerv4OptionValue and we'll define the ScopeId to reference again,
the same scope that we're working with. Defining our router as 50.1, defining our DnsServer
and our DnsDomain, Alright, using those three switches on separate lines. Then we need a
reservation for our administrative work station, so adding a DhcpServerv4Reservation within
that scope once again. We don't reference it by MAC address, it's called ClientID, and use
dashes to separate in this context. And specifying the IPAddress of 50.100 that we'd like to
assign. So we can actually execute this in bulk, all the items line up and should work great. But
only if I correctly throw that switch in there, somehow I deleted that. Let's try that again.
There we go, now life is good. Now I want you to notice something here. Right now it is
validating the DNS servers, Alright. That's part of the process when we assign the DNS server
value that we see right here. And just so you know, if that DNS server is not online, then this
particular line item will fail, that's part of the validation process. And sure enough, I get
everything created, everything went through except for that option value. If we go back to our
graphical environment and simply review, we'll see okay, I've got my pool of addresses from 1
to 254 with the first and last IP addresses excluded. We have our reservation in place, we can
see our scope options, but notice option six, the DNS Server is not there. If you need to go
ahead and set up a DNS server that's not currently online in PowerShell, you can always use
the -Force switch to skip the validation step. So that will ensure that that line gets in there, and
if we come back here and refresh, you can see, it's right where it should be. Okay, so great
work, hopefully that made sense, and you're able to get most of that yourself. Again, that's
exactly the kind of process we go through in order to set up DHCP in a basic configuration
using PowerShell.

© 2018 Skillsoft Ireland Limited