Module 4: Configuring

and Troubleshooting
DHCP
Module 4: Configuring and Troubleshooting DHCP
• Overview of the DHCP Server Role

• Configuring DHCP Scopes and Options

• Managing a DHCP Database

• Monitoring and Troubleshooting DHCP

• Securing DHCP
Lesson 1: Overview of the DHCP Server Role
• Benefits of Using DHCP

• New DHCP Features in Windows Server 2008

• How DHCP Allocates IP Addresses

• How DHCP Lease Generation Works

• How DHCP Lease Renewal Works

• DHCP Server Authorization

• Demonstration: Adding the DHCP Server Role

Benefits of Using DHCP

DHCP reduces the complexity and amount of administrative

work by using automatic TCP/IP configuration

Manual TCP/IP Configuration Automatic TCP/IP Configuration

• IP addresses are entered • IP addresses are supplied

manually
• IP address could be entered
incorrectly
• Communication and network
issues can result
• Frequent computer moves
increase administrative effort
automatically
• Correct configuration
information is ensured
• Client configuration is updated
automatically
• A common source of network
problems is eliminated
New DHCP Features in Windows Server 2008

New DHCP features include:

• Windows Server 2008 Support for DHCPv6

• Support for advanced network security

configuration using NAP

• DHCP on Server Core

How DHCP Allocates IP Addresses

DHCP Client2:
Non-DHCP Client: IP configuration
Static IP from DHCP server
configuration

Lease Renewal

Lease Generation

DHCP Server

DHCP Client1: DHCP

IP configuration Database
from DHCP server
IP Address1: Leased to DHCP Client1
IP Address2: Leased to DHCP Client2
IP Address3: Available to be leased
How DHCP Lease Generation Works

DHCP
Server2

DHCP DHCP
Server1 Client

DHCP client broadcasts a DHCPDISCOVER

1 packet

2 DHCP servers broadcast a DHCPOFFER packet

3 DHCP client broadcasts a DHCPREQUEST packet

4 DHCP Server1 broadcasts a DHCPACK packet

How DHCP Lease Renewal Works

DHCP
DHCP
Server2
Server2

DHCP Client
DHCP Client
DHCP
DHCP
Server1
Server1

100% of
87.5% of
50% of
lease
50%lease lease
of lease
duration
duration has
has
expired
expired

If11 DHCP
theDHCP client
clientClient sends
sends
fails to renew a DHCPREQUEST
a DHCPREQUEST
its lease,
it’s packet
afterpacket
lease,after 50%
87.5%of of
thethe
lease has
duration
expired,
has then
expired,
the DHCP
then the
lease
DHCP
generation
lease
renewal starts
process processover
willagain
beginwith
againa DHCP
after 87.5%
client of the
22 DHCP Server1
DHCP Server1 sends
sends aa DHCPACK
DHCPACK packet
packet
lease durationa has
broadcasting DHCPDISCOVER
expired
 DHCP Server Authorization

DHCP authorization is the process of registering the DHCP Server

service in the Active Directory domain to support DHCP clients

DHCP
If DHCP
Server1
Server1
checks
finds
with
its IP
the
domain
addresscontroller
on the list,
to the
obtain
service
a list
starts
of authorized
and supports
DHCP DHCP
servers
clients

Domain
Controller DHCP Server1

Authorized
Active Services DHCP
Directory
requests

DHCP Server2
DHCP Client
Unauthorized
Does not service
If DHCP
DHCP Server2
Server2 does
checks notwith
findthe
its IP DHCP requests
DHCP client receives IP address
address
domain controller
on the list,to
the
obtain
service
a list
does
of
from authorized DHCP Server1
not start
authorized
and support
DHCP DHCP
servers
clients
Demonstration: Adding the DHCP Server Role

In this demonstration, you will see how to add and

authorize the DHCP Server role
Lesson 2: Configuring DHCP Scopes and Options
• What Are DHCP Scopes?

• What Are Superscopes and Multicast Scopes?

• Demonstration: Configuring DHCP Scopes

• What Are DHCP Options?

• What Are DHCP Class-Level Options?

• What Is a DHCP Reservation?

• DHCP Sizing and Availability

• How DHCP Options Are Applied

• Demonstration: Configuring DHCP Options

What Are DHCP Scopes?

A scope is a range of IP addresses that are available

to be leased

DHCP Server

LAN A LAN B

Scope A Scope B

Scope Properties

• Network ID • Lease duration • Scope name

• Subnet mask • Network IP • Exclusion range

address range
What Are Superscopes and Multicast Scopes?

DHCP Server

LAN A LAN B
Scope A and Scope B

DHCP Server

LAN A LAN B

Scope A Scope B
Demonstration: Configuring DHCP Scopes
In this demonstration, you will see how to:
• Create and authorize a DHCP scope

• Configure a DHCP superscope

What Are DHCP Options?

DHCP options are values for common configuration data

that applies to the server, scopes, reservations, and
class options

Common scope options are:

• DNS Servers

• DNS Name

• Default Gateway
• WINS Servers
• WINS Servers
What Are DHCP Class-Level Options?

DHCP class-level options are scope options that apply to a

specific type of device

DHCP class-level
Description
option
Configured by vendors such as
Vendor-class
Microsoft, HP, and Sun

User-class Set and viewed by the user

What Is a DHCP Reservation?

A reservation is a specific IP address, within a scope, that

is reserved permanently for lease to a specific DHCP client

Workstation 1 File and Print

Server

Subnet A Subnet B

DHCP Server
Workstation 2

IP Address1: Leased to Workstation 1

IP Address2: Leased to Workstation 2
IP Address3: Reserved for File and
Print Server
DHCP Sizing and Availability
DHCP
Clients

DHCP
Server1
192.168.1.2

DHCP
Clients
DHCP DHCP Server1 has 20% of addresses as follows:
Server2
192.168.1.1 • Scope range: 192.168.1.10-192.168.1.254
• Excluded addresses: 192.168.1.10-192.168.1.205

DHCP Server2 has 80% of addresses as follows:

• Scope range: 192.168.1.10-192.168.1.254
• Excluded addresses: 192.168.1.26-192.168.1.254
How DHCP Options Are Applied

DHCP options can be applied at various levels:

• Server

• Scope

• Class

• Reserved client
Demonstration: Configuring DHCP Options

In this demonstration, you will see how to configure

DHCP server, scope, and class options
Lesson 3: Managing a DHCP Database
• Overview of DHCP Management Scenarios

• What Is a DHCP Database?

• How a DHCP Database Is Backed Up and Restored

• How a DHCP Database Is Reconciled

• Moving a DHCP Database

• DHCP Server Configuration Options

• Demonstration: Managing a DHCP Database

Overview of DHCP Management Scenarios

The DHCP service needs to be managed to respond to

network changes

Scenarios for managing DHCP:

• Managing DHCP database growth

• Protecting the DHCP database

• Ensuring DHCP database consistency

• Adding clients

• Adding new network service servers

• Adding new subnets

 What Is a DHCP Database?

The DHCP database is a dynamic database that contains

configuration information

• The DHCP database contains DHCP configuration data such as:

• Scopes
• Address leases
• Reservations

• Windows Server 2003 stores the DHCP database in the

%Systemroot%\System32\Dhcp folder

• The DHCP database files include:

• Dhcp.mdb
• Tmp.edb
• J50.log and J50*.log
• Res*.log
• J50.chk
How a DHCP Database Is Backed Up and Restored

DHCP Offline
Server Storage
Restore

DHCP

Back up Restore

DHCP Back up

In the
If the original
event that
database
the server
is unable
hardware
to load,
fails,
thethe
DHCP
The administrator
DHCP service automatically
moves a copy backs
of the up
backed
the DHCP
up
service automatically
administrator can restore
restores
only from
from the
the backup
offline
database
DHCP database
to the to
backup
an offline
directory
storage
on the
location
local drive
directorylocation
storage on the local drive
How a DHCP Database Is Reconciled

DHCP Detailed IP
address lease Compares and
Database
information reconciles
inconsistencies in
Registry Summary IP the DHCP Database
address lease
information

DHCP Server

Example

Registry DHCP Database After Reconciliation

Client has IP address IP address 192.168.1.34 Lease entry is created in

192.168.1.34 is available DHCP Database
Moving a DHCP Database

DHCP
Database

Backup
Media

DHCP
Database
Old DHCP
Server

New DHCP
Server
DHCP Server Configuration Options
Demonstration: Managing a DHCP Database

In this demonstration, you will see how to manage a

DHCP database
Lesson 4: Monitoring and Troubleshooting DHCP
• Overview of Monitoring DHCP

• Common DHCP Issues

• What Are DHCP Statistics?

• What Is a DHCP Audit Log File?

• Monitoring DHCP Server Performance

• Demonstration: Monitoring DHCP

Overview of Monitoring DHCP

Why monitor DHCP?

• To observe the dynamic DHCP environment

• To determine DHCP server performance
• To facilitate planning for current and future needs

DHCP data includes:

• DHCP statistics
• DHCP events
• DHCP performance data
Common DHCP Issues

• Address conflicts

• Failure to obtain a DHCP address

• Address obtained from incorrect scope

• DHCP database suffered data corruption or loss

• DHCP server has exhausted its IP address pool

What Are DHCP Statistics?

DHCP statistics are collected at either the server level or

scope level

DHCP Server
What Is a DHCP Audit Log File?

A DHCP audit log is a log of service-related events

Monitoring DHCP Server Performance

Performance What to look for after a

counters baseline is established
• Create a DHCP performance baseline
Packets Monitor for sudden increases or decreases, which
• Check the
received/second standard
could reflect counters for
network problems
server performance
Monitor for sudden increases or decreases, which
Requests/second
• Review DHCP servernetwork
counters for significant
could reflect problems
changes in DHCP traffic
Monitor for both sudden and gradual increases,
Active queue
which could reflect increased load or decreased
length
server capacity
Monitor for any activity that could indicate that
Duplicates
more than one request is being transmitted on
dropped/second
behalf of clients
Demonstration: Monitoring DHCP

In this demonstration, you will see how to monitor

DHCP statistics and performance
Lesson 5: Securing DHCP
• Securing DHCP

• Preventing an Unauthorized User from Obtaining a Lease

• Restricting Unauthorized, Non-Microsoft DHCP Servers

from Leasing IP Addresses
• Restricting DHCP Administration
Securing DHCP

Reasons for securing DHCP include:

• Preventing an unauthorized user from

obtaining a lease

• Restricting unauthorized, non-Microsoft DHCP

servers from leasing IP addresses

• Restricting DHCP administration

Preventing an Unauthorized User from Obtaining
a Lease

To prevent an unauthorized user from obtaining

a lease:

• Ensure that unauthorized persons do not have

physical or wireless access to your network

• Enable audit logging for every DHCP server

on your network

• Regularly check and monitor audit log files

• Use 802.1X-enabled LAN switches or wireless

access points to access the network

• Configure NAP to validate users and security

policy compliance
Restricting Unauthorized, Non-Microsoft DHCP
Servers from Leasing IP Addresses

DHCP authorization

• Available on Windows 2000 and

Windows Server 2003

• Authorization not required on other

DHCP implementations

To restrict an unauthorized, non-Microsoft DHCP

server from leasing IP addresses, ensure that
unauthorized persons do not have physical or
wireless access to your network
Restricting DHCP Administration

To restrict who can administer the DHCP service:

• Limit the members of the DHCP Administrators group

• Add users needing read-only access to the

DHCP Users group

Account Permissions
Can view and modify any data about the
DHCP Administrators group
DHCP server
Has read-only DHCP console access to
DHCP Users group
the server
Lab: Configuring and Troubleshooting the DHCP
Server Role
• Exercise 1: Installing and Authorizing the DHCP Server
Role
• Exercise 2: Configuring a DHCP Scope

• Exercise 3: Troubleshooting Common DHCP Issues

Logon information
Virtual machine NYC-DC1, NYC-CL1

User name Administrator

Password Pa$$w0rd

Estimated time: 30 minutes

Lab Review
• What kind of account is necessary to authorize a DHCP
server?
• Why is it important to define an exclusion range when
configuring the DHCP scope?
• What is the consequence of not providing a default
gateway when configuring DHCP scope options?
Module Review and Takeaways
• Review Questions

• Common Issues and Troubleshooting Tips

• Best Practices

• Tools