Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)

Ing. Rayner Durango E.
Msig
MCSE, MCT
Module 4 Allocating IP
Addressing by Using Dynamic
Host Configuration Protocol
Overview
Adding and Authorizing the DHCP Server
Service.
Configuring a DHCP Scope.
Configuring DHCP Reservations and
Options.
Configuring a DHCP Relay Agent.
Configuring DHCP Policies.
IP Address Management
Fuente: Microsoft Official Curriculum Course 2277
Adding and Authorizing the DHCP Server Service
Why Use DHCP?
What Is Automatic Private IP Addressing?
How DHCP Allocates IP Addresses
How the DHCP Lease Generation Process
Works
How the DHCP Lease Renewal Process
Works
How a DHCP Server Service Is Authorized
Why Use DHCP?
DHCP reduces the complexity and amount of administrative work by using
automatic TCP/IP configuration
Manual TCP/IP Configuration
IP addresses are entered manually
IP address could be entered
incorrectly
Communication and network
issues can result
Frequent computer moves
increase administrative effort
Automatic TCP/IP Configuration
IP addresses are supplied
automatically
Correct configuration information
is ensured
Client configuration is updated
automatically
A common source of network
problems is eliminated
What Is Automatic Private IP Addressing?
APIPA automatically self-configures addresses when there is no
DHCP server available
Advantages
Serves as a DHCP server failover
mechanism for small networks
Automatically assigns an IP
address in a specific range
Disadvantages
Forces assignment of addresses
typically not used
Conceals possible connectivity
problems
Does not work outside 169.254.x.x
subnet
Is not routable
How DHCP Allocates IP Addresses
DHCP Server
DHCP
Database
IP Address1: Leased to DHCP Client1
IP Address2: Leased to DHCP Client2
IP Address3: Available to be leased
DHCP Client2:
IP configuration
from DHCP server
Non-DHCP Client:
Static IP
configuration
DHCP Client1:
IP configuration
from DHCP server
Lease Renewal
Lease Generation
How the DHCP Lease Generation Process Works
DHCP client broadcasts a DHCPDISCOVER
packet
1
DHCP servers broadcast a DHCPOFFER packet
2
DHCP client broadcasts a DHCPREQUEST
packet
3
DHCP Server1 broadcasts a DHCPACK packet
4
DHCP
Client
DHCP
Server1
DHCP
Server2
DHCP client broadcasts a DHCPDISCOVER packet
1
DHCP servers broadcast a DHCPOFFER packet
2
DHCP client broadcasts a DHCPREQUEST packet
3
DHCP Server1 broadcasts a DHCPACK packet
4
DHCP
Client
DHCP
Server1
DHCP
Server2
How the DHCP Lease Renewal Process Works
DHCP Client
DHCP
Server1
DHCP
Server2
DHCP Client sends a DHCPREQUEST packet
1
DHCP Server1 sends a DHCPACK packet
2
50% of lease
duration has
expired
87.5% of
lease duration
has expired
100% of
lease duration
has expired
If the client fails to renew its lease, after 50% of
the lease duration has expired, then the DHCP
lease renewal process will begin again after
87.5% of the lease duration has expired
If the client fails to renew its lease, after 87.5%
of the lease has expired, then the DHCP lease
generation process starts over again with a
DHCP client broadcasting a DHCPDISCOVER
DHCP Client
DHCP
Server1
DHCP
Server2
DHCP client sends a DHCPREQUEST packet
1
DHCP Server1 sends a DHCPACK packet
2
50% of lease
duration has
expired
How a DHCP Server Service Is Authorized
Domain
Controller
Active
Directory
DHCP Client
DHCP Server1 checks with the
domain controller to obtain a list
of authorized DHCP servers
Unauthorized
Does not service
DHCP requests
Authorized
Services DHCP
requests
DHCP Server1
DHCP Server2
If DHCP Server1 finds its IP
address on the list, the service
starts and supports DHCP clients
DHCP Server2 checks with the
domain controller to obtain a list of
authorized DHCP servers
If DHCP Server2 does not find its IP
address on the list, the service does
not start and support DHCP clients
DHCP client receives IP address
from authorized DHCP Server1
DHCP authorization is the process of registering the DHCP Server service
in the Active Directory domain to support DHCP clients
Configuring a DHCP Scope
What Are DHCP Scopes?
What Are Superscopes and Multicast
Scopes?
A scope is a range of IP addresses that are available to be
leased
Scope Properties
Scope name
Exclusion range
Lease duration
Network IP address
range
Network ID
Subnet mask
LAN A LAN B
DHCP Server
Scope B
Scope A
Example:
netsh dhcp server 10.10.0.2 add scope 10.10.0.0 255.255.255.0 FirstScope
Newscope1
What Are Superscopes and Multicast Scopes?
LAN A LAN A
DHCP Server
Scope A and Scope B
Superscope
A superscope is used for environments in which multiple subnets make up a network
segment. In these cases, you can create a superscope to contain multiple scopes. The
individual scopes are in turn dependent on the master superscope. When more than one
logical IP network is used on each physical subnet or network, the configuration is often
called a multinet.
For example, suppose you have a large research and development company that occupies
three floors. Each of the floors contains 300 to 400 people. All of these users share the same
gigabit Ethernet segment. Traditionally, each floor would be on its own IP subnet, with a
routed backbone running between the floors. This is impossible in the current scenario,
however, because a single Class C subnet cannot handle so many users on each floor.
To alleviate this problem you would need to place multiple IP subnets on the same segment
by creating a DHCP superscope. This would allow more than one Class C address to serve
the same segment, thereby providing enough addresses to handle all of the machines on the
physical segment.
What Are Superscopes and Multicast Scopes?
Multicast Scope
A multicast scope allows multicast addresses to be assigned in addition to unicast (single-
computer) addresses. A multicast address is one in which destination hosts can each have
the same IP address, which is useful in one-to many forms of communications, such as
media streaming. Multicasting is the act of transmitting a message to a select group of
recipients.
Computers join and leave a multicast group by using a protocol known as Multicast
Address Dynamic Client Allocation Protocol (MADCAP). A MADCAP client is allocated a
primary IP Address either statically or through DHCP prior to being allocated a multicast
address by a MADCAP server. The multicast client, in turn, might also be a multicast
server used to support IP multicasting. The multicast server manages the use of the
multicast IP address and streams data traffic to members that share the specified scope
address.
LAN A LAN B
DHCP Server
Scope B
Scope A
Configuring DHCP Reservations and Options
What Is a DHCP Reservation?
What Are DHCP Options?
How DHCP-Server, Scope, and Reserved-
Client Options Are Applied
How DHCP Class-Level Options Are
Applied
A reservation is a specific IP address, within a scope, that is permanently
reserved for lease to a specific DHCP client
Subnet A Subnet B
Workstation 1
DHCP Server
Workstation 2
File and
Print Server
IP Address1: Leased to Workstation 1
IP Address2: Leased to Workstation 2
IP Address3: Reserved for File and Print Server
DHCP options are configuration parameters that a DHCP server assigns to
clients
DHCP Client
DHCP Server
DHCP Client IP Configuration Data
Clients IP address
Clients subnet mask
DHCP options
How DHCP-Server, Scope, and Reserved-Client
Options Are Applied
DHCP option applied at the
server level
scope level
reserved-client level
Scope A Scope B
Windows XP
DHCP Server
Windows 98
Windows XP
Router
File and Print
Server
Scope A Scope B
Windows XP
DHCP Server
Windows 98
Windows XP
Router
File and Print
Server
How DHCP-Server, Scope, and Reserved-Client
Options Are Applied
How DHCP Class-Level Options Are Applied
class level
Scope A Scope B
DHCP Server
Windows 98
Windows XP Windows XP
Router Router
File and
Print Server
Configuring a DHCP Relay Agent
What Is a DHCP Relay Agent?
How a DHCP Relay Agent Works
How a DHCP Relay Agent Uses Hop
Count
How a DHCP Relay Agent Uses Boot
Threshold
What Is a DHCP Relay Agent?
A DHCP relay agent is a computer or router that listens for
DHCP/BOOTP broadcasts from DHCP clients and then relays those
messages
DHCP Server
Client
DHCP Relay Agent
Client Client Client
Routers
(NonRFC 1542
Compliant)
Unicast
Broadcast
Subnet A Subnet B
Broadcast
How a DHCP Relay Agent Works
Router
Non-RFC 1542 Compliant
Client1
DHCP Relay Agent
Client2
DHCP Server
Client3 Router
(NonRFC 1542 Compliant)
Client1
DHCP Relay Agent
Client2
DHCP Server
Client3
Client1 broadcasts a DHCPDISCOVER packet 1
Relay agent forwards the DHCPDISCOVER message to the DHCP server 2
Server sends a DHCPOFFER message to the DHCP relay agent 3
Relay agent broadcasts the DHCPOFFER packet 4
Client1 broadcasts a DHCPREQUEST packet 5
Relay agent forwards the DHCPREQUEST message to the DHCP server 6
Server sends a DHCPACK message to the DHCP relay agent 7
Relay agent broadcasts the DHCPACK packet 8
How a DHCP Relay Agent Uses Hop Count
The hop count threshold is the number of routers through which
the packet can be transmitted before it is discarded
DHCP Relay Agent 2
DHCP Server
Hop Count = 2
DHCP Relay Agent 1
How a DHCP Relay Agent Uses Boot Threshold
DHCP Server 2
DHCP Server 3
DHCP Relay Agent
Boot Threshold = 10 seconds
Local DHCP
Server
The boot threshold is the time the DHCP relay agent will wait for
a DHCP server response before forwarding the request
Configuring DHCP Policies
What Is DHCP Policies?
Policy Based Assignment (PBA)
How DHCP PBA works
How DHCP PBA processing
What Is DHCP Policies?
Fuente: http://technet.microsoft.com/en-us/library/dn425039.aspx
DHCP Policies
Allows you to create IPv4 policies that specify custom IP address and
option assignments for DHCP clients based on a set of conditions.
The Policy Based Assignment (PBA) feature allows you to group
DHCP clients by specific attributes based on fields contained in the
DHCP client request packet. PBA enables targeted administration and
greater control of the configuration parameters delivered to network
devices with DHCP.
PBA
1. A subnet has a mix of different types of clients: desktop computers, printers,
IP phones, and other devices. You want different types of clients to get IP
addresses from different IP address ranges within the subnet. This is possible
using DHCP policies if the devices have different vendors. For example:
Printers can get IP addresses from 10.10.10.1 to 10.10.10.9.
IP phones can get IP addresses from 10.10.10.10 to 10.10.10.49.
Desktop computers can be assigned IP addresses from 10.10.10.50 to
10.10.10.239.
Additional devices can be assigned IP addresses of 10.10.10.240 to
10.10.10.254.
By specifying a different IP address range for different device types, you can
more easily identify and manage devices on the network.
PBA
2. In a subnet which has a mix of wired and mobile computers, you might want
to assign a shorter, 4 hour lease duration to mobile computers and longer, 4 day
lease duration to wired computers.
3. You want to control who gets access to the network by providing a DHCP
lease to only a known set of clients based on MAC address.
4. Employees bring in their own devices such as smartphones and tablets to
work and you want to manage network traffic or control network access based
on device type.
5. You want to provide a different set of scope options to different types of
devices. For example, IP phones can get a different Boot Server Host Name
(TFTP server) and Bootfile Name option.
PBA
In this example:
Subnet A contains DHCP client devices of several different types including
workstations, printers, and IP phones.
A DHCP server on another subnet is configured to provide leases to these
devices from scope A.
Polices are configured at the scope level to control IP address range and at the
server level to specify lease duration.
PBA Works
DHCP client requests are processed as follows:
1. A client on subnet A submits a DHCPREQUEST that is sent to the DHCP server
via DHCP relay.
2. The clients vendor class and MAC prefix are included in the DHCPREQUEST
packet along with the Gateway IP Address (GIADDR).
3. The DHCP server uses the GIADDR to determine that the client requires a
lease from scope A, and begins processing policies in that scope.
4. Since scope B does not apply, these policies are ignored.
5. Based on the vendor class and MAC prefix values provided, the client request
matches conditions of policy A3.
6. After all scope polices are processed, server level policies are processed and
the client also matches conditions of policy 1.
7. After all policies are processed, the DHCP server returns an IP address
configuration to the client using the settings specified in policies A3 and 1.
How DHCP PBA works
PBA Works
DHCP policies are rules that you can define for DHCP clients. You can define a single
policy, or several. Characteristics of DHCP policies include:
Policy level: Polices can apply at the server level or the scope level. Server level
policies are processed for all DHCP client requests received by the server. Scope level
policies are processed only for DHCP client requests that apply to a specific scope.
Processing order: Each policy has an associated processing order that is unique
within a server or scope. Policies with a lower numbered processing order are
evaluated before higher number policies. If both scope and server level policies
apply to a client, the scope level policies are always processed before any server level
policies.
Conditions: The conditions specified in a policy enable you to evaluate clients
based on fields that are present in the DHCP client request. If a client request
matches the conditions in the policy, the settings associated with a policy will be
applied to the client by the DHCP server when it responds to the DHCP request.
Settings: Settings are network configuration parameters (ex: IP address, options,
lease duration) that are provided to DHCP clients in the DHCP server response.
Settings enable you to group clients by applying the same set of network parameters
to them.
Enabled/Disabled: Policies at the scope or server level can also be enabled or
disabled. A policy that is disabled is skipped when processing incoming DHCP client
requests.
PBA Processing
Since you can configure multiple policies at both the scope level and server level,
each policy is assigned a processing order. The processing order can also be
modified, assuming more than a single policy exists. The following conditions exist:
1. When processing DHCP client requests, the DHCP server evaluates each client
request against the conditions in all applicable policies, based on their processing
order.
2. Scope level policies are processed first by the DHCP server, followed by server wide
policies. Theoretically, a client can match the conditions of several scope policies and
also several server policies.
3. If a client satisfies the conditions of more than 1 policy, it will get the combined
settings from all policies that it matched. If the same option setting is provided in
multiple policies, the client will use the setting from the first policy that is processed.
PBA Processing
For example, assume that policy-1 has an option value for 003 Router and policy-2 has
an option value for 006 DNS Servers, and a client request matches both policies. The
DHCP server will assign a default gateway value (003 Router) using policy-1 and a DNS
server value using policy-2. However, if policy-1 has the higher processing priority (a
value of 1) and also has an option value for DNS server, the client will get both the
router and DNS server option values from policy-1. The DNS server option value in
policy-2 is ignored because policy-2 has a lower processing priority (a value of 2).
A policy does not need to be configured with all option values that you have already
configured at the scope or server level. If a policy client has requested an option
which is not present in the policy but has been configured in scope level or server
level options, these options are applied to the client in the server response. However,
if you wish to specify options for certain clients, you can include these option settings
in policies and they will have a higher priority than scope or server level options. The
only type of option setting that has a higher priority than those configured in polices
are options that you configure for a reservation.
Overview IPAM
IPAM Modules
IPAM Arquitecture
Fuente: http://technet.microsoft.com/en-us/library/hh831622.aspx
IPAM
IP Address Management (IPAM) in Windows Server 2012 is a framework for
discovering, monitoring, managing and auditing IP address space on a corporate
network. IPAM provides the following features:
Automatic IP address infrastructure discovery.
Highly customizable IP address space display, reporting, and management.
Configuration change auditing for DHCP and IPAM services.
Monitoring and management of DHCP and DNS services.
IP address lease tracking.
IPAM Modules
IPAM Modules
The IPAM feature consists of four primary modules. The following sections provide a brief
description of these modules.
IPAM discovery
IPAM discovery requires access to Active Directory in order to discover network
infrastructure servers. This discovery is necessary to enable IPAM services. Discovery
allows administrators to enumerate servers running Windows Server 2008 or later with
the DNS Server, DHCP Server and AD DS role services installed. Administrators can also
manually add or delete servers to define a custom scope of administrative control. The
scope of discovery can be modified in real-time by selecting or removing domains and
specific server roles.
IPAM Modules
IPAM Modules
IP address space management
The IPAM address space management (ASM) feature provides the ability to efficiently view,
monitor, and manage IP address space on the network. ASM supports IPv4 public and
private addresses, and IP addresses can be dynamically issued on the network or provided
as static IP addresses. Sorting can be based on custom fields, such as region, Regional
Internet Registries (RIR), device type, or customer name. A network administrator can track
IP address utilization and threshold-crossing status, or display utilization trends. IPAM
ASM tools address the IP address space management problem in a growing distributed
environment by ensuring better planning, accountability, and control. IPAM also enables
an administrator to detect overlapping IP address ranges defined on different DHCP
servers, find free IP addresses within a range, create DHCP reservations, and create DNS
records.
IPAM Modules
IPAM Modules
Multi-server management and monitoring
IPAM enables administrators to monitor and manage multiple DHCP servers and monitor
multiple DNS servers spread across various regions from a centralized console.
Administrative tasks are frequently repetitive across multiple servers. The ability to execute
these tasks uniformly across servers reduces both the effort involved as well as the
probability of error. The multi-server management (MSM) feature enables an administrator
to easily edit and configure key properties of multiple DHCP servers and scopes across the
organization. IPAM also facilitates monitoring and tracking of DHCP service status and
utilization of DHCP scopes. IPAM also enables tagging of servers with built-in and user-
defined custom field values and to visualize these servers and group them into logical
groups and sub-groups. IPAM helps to monitor the health of a DNS zone on multiple DNS
servers by displaying the aggregated status of a zone across all authoritative DNS servers.
IPAM also tracks the service status of the DNS and DHCP servers on the network.
IPAM Modules
IPAM Modules
Operational auditing and IP address tracking
Auditing tools enable tracking potential configuration problems on IP infrastructure
servers. IPAM provides the ability to view consolidated configuration changes on managed
DHCP servers and the IPAM server. Details are tracked such as server name, user name,
and the date and time a configuration change was made. IP address lease tracking is
available to aid forensics investigations by collecting lease logs from DHCP, DC and NPS
servers. IPAM enables history tracking for IP address leases and user logins. This enables
tracking of IP address activity correlated with MAC addresses, user names, host names and
other parameters.
IP Address Arquitecture
IPAM Arquitecture
An IPAM server is a domain member computer. You cannot install IPAM on an Active
Directory domain controller.
There are three general methods to deploy IPAM servers:
1. Distributed: An IPAM server is deployed at every site in the enterprise.
2. Centralized: One IPAM server is deployed in the enterprise.
Hybrid: A central IPAM server deployed with dedicated IPAM servers at each site.
There is no communication or database sharing between different IPAM servers in the
enterprise. If multiple IPAM servers are deployed, you can customize the scope of
discovery for each IPAM server, or filter the list of managed servers. A single IPAM server
might manage a specific domain or location, perhaps with a second IPAM server
configured as a backup.
IP Address Arquitecture
IPAM Arquitecture
IPAM will periodically attempt to locate network policy servers, domain controllers, DNS
servers, and DHCP servers on the network that are within the scope of discovery that you
specify. You must choose whether these servers are managed by IPAM or unmanaged. In
this way, you can select different groups of servers that are managed or not managed by
IPAM. To be managed by IPAM, server security settings and firewall ports must be
configured to allow the IPAM server access to perform required monitoring and
configuration functions. You can choose to configure these settings manually, or
automatically using Group Policy Objects (GPOs). If you choose the automatic method,
then settings are applied when a server is marked as managed and settings are removed
when it is marked as unmanaged. The IPAM server will communicate with managed
servers using an RPC or WMI interface. IPAM monitors domain controllers and NPS
servers for IP address tracking purposes. In addition to monitoring functions, several
DHCP server and scope properties can be configured from using IPAM. Zone status
monitoring and a limited set of configuration functions are also available for DNS servers.

Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)

Enviado por

Dados do documento

Descrição original:

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Module 4 - Assign IP Address Using Dynamic Host Configuration Protocol (DHCP)

Enviado por

Direitos autorais:

Formatos disponíveis

Ing. Rayner Durango E.

Você também pode gostar