Escolar Documentos
Profissional Documentos
Cultura Documentos
More
Follow Tina
Tina FAVS
Next Blog
Contact
Home
Search
The solution is DHCP (Dynamic Host Configuration Protocol). The DHCP server maintains a pool
of IP addresses and DHCP leases out an IP address for a period of time to DHCP-enabled host
machines on the network. DHCP provides the IP address along with the subnet mask and default
gateway (router). The IP addresses are returned to the pool to be reallocated, when they are
no longer in use. DHCP waits for the client to request an IP address using network
Broadcasts.
SHARE
Computer Repair
0
Configure and
Manage
Distributed
File System
(DFS)
Internet
Explorer
encountered a
problem and
needs to close
Tips on How to
Configure DNS
Zones
Windows Hang
and Crash Dump
Analysis
Webcast Review
About Routing
and Remote
Access in
Server 2008
Quick Check
Facts for
Microsoft
Windows Server
2008 Active
Directory,
The IP addresses are allocated dynamically by DHCP. Using the Windows Server Role, DHCP ensures that clients
have the correct configuration.
The default in Windows Server 2008, is to lease IP addresses for eight hours for wired clients and three
hours for wireless clients. The lease duration can be changed by modifying the DHCP server scope properties
of a specific subnet.
A series of messages, known as DHCP conversations or DHCP transactions, are provided to the DHCP client from
the DHCP server. The messages are based on the message format used with BOOTP. RFC2131 defines the format
for each message sent between the DHCP client and DHCP server.
The DHCP relay agent is
servers, if they are in
agent. Relay agents can
subnets need to support
RFC 1542, and most do.
a small program that forwards the DHCP messages between the DHCP clients and
another subnet. The server then sends the address back to the client via the relay
be used to reduce the number of DHCP servers needed. Routers that connect the
DHCP relay as described in Clarifications and Extensions for the Bootstrap Protocol
Configuring
SQL Subqueries
Access-Based Enumeration
(2)
Active Directory (31)
ActiveX (3)
Address Labels (1)
AOL (1)
Backup (4)
Beep codes (1)
BitLocker (3)
Blogger (4)
cabling (7)
Certificates (6)
CMAK (1)
DORA:
Discovery
Offer
Request
Acknowledgement
1. The DHCP client broadcasts a DHCPDISCOVER packet. The broadcast goes to every host on that particular
subnet. The only computer that will respond is one that has a DHCP server role configured or has a DHCP
relay agent running. The relay agent forwards the packet to the DHCP server for which it is configured.
2. The DHCP server(s) will broadcast back a DHCPOFFER packet with a potential IP address.
3. The DHCP client broadcasts a DHCPREQUEST packet. If there are multiple servers, the server requested is
the one that responded first with the DHCPOFFER packet.
4. DHCP Server (the server that responded first) broadcasts a DHCPACK packet (acknowledgement). Now the DHCP
client has an IP address. If the server is unable to provide the initial address in the DHCPOFFER packet,
then it will respond with a DHCPNAK message.
converted by Web2PDFConvert.com
All of the packets contain the MAC address of the client computer and when the client is responding back to
the fastest responding DHCP server with a DHCPREQUEST packet, it includes the MAC address of the fastest
responding DHCP server.
Dynamic Host Configuration Protocol
Windows Server 2008 R2 and Windows Server 2008
DHCP Lease Renewal
When 50% of the lease duration has expired, the DHCP client sends a DHCPREQUEST packet back to the DHCP
server that leased the IP address.
If the DHCP server is running and responding to DHCPREQUESTs, it will send a DHCPACK packet that allows the
client to continue with the lease of the IP address.
If the server has a network or server problem and fails to respond to the client with a renewal, the client
will wait until 87.5% of the lease duration has expired. The client will then retry with the same server,
again.
If the renewal fails after 87.5% of the lease expired and 100% of the lease has expired, the client must go
through the entire process again by broadcasting a DHCPDISCOVER packet.
Note: Computers may have the same IP address for a long period of time if the network is not shut down.
Computers attempt to renew the address at startup. The reason for this is the computer may have moved while
it was offline and plugged into a new subnet. If the renewal is unsuccessful, the client computer tries to
contact the Default Gateway. If the gateway is not responding, the client computer enters the Discovery
phase, and attempts to obtain an IP configuration from any DHCP server.
DHCP Server Authorization
DHCP authorization is the process of registering the DHCP Server service in the Active Directory domain to
support DHCP clients. A DHCP server must be authorized because a DHCP server configured incorrectly can
provide invalid information.
You must be a member of Enterprise Administrators because the DHCP service can span multiple subnets and
domains.
DHCP Server checks with the domain controller to obtain a list of authorized DHCP servers.
DHCP Server will see that it is authorized with AD and therefore allowed to service DHCP requests.
Routers can act as a DHCP server. If a client gets its IP address from a rogue DHCP server, you
will need a protocol analyzer such as Network Monitor Version 3.4, a free download from
Microsoft. The download process adds the Network Monitor Driver to each network adapter,
including VPN and remote access adapters. You must install and then enable the driver before
Network Monitor collects data from the network adapter. The protocol analyzer will analyze where
the IP address is coming from and can then be tracked and eliminated from the network.
Example: Your network is configured as an Active Directory domain with multiple subnetworks. Each
subnetwork has a least one domain controller. You are experiencing intermittent communication
problems across some of the remote links.
You want to determine bandwidth use and the types of network traffic on each of the remote link
and collect detailed network traffic information for analysis.
What should you do?
Use Network Monitor. Network Monitor is a protocol analyzer and lets you collect and save
detailed network usage statistics, including individual packets transmitted across the network.
You can use Network Monitor to determine bandwidth usage and how the bandwidth is being used to
troubleshoot applications on the network.
Start\All Programs\Microsoft Network Monitor 3.4 (or whatever is the current version), and choose
Microsoft Network Monitor.
converted by Web2PDFConvert.com
All computers connected to a hub can see all other computers' communications.
If a standalone DHCP server detects an authorized DHCP server in the domain, it will shut down. A DHCP
standalone server cannot coexist with an authorized DHCP server on the same subnet. When a DHCP standalone
server detects the existing DHCP server, the DHCP standalone server will stop leasing IP addresses. The
standalone DHCP server needs to be authorized in Active Directory.
note: Enterprise Administrators permission in all domains is required to authorize a DHCP server, except for
the root domain which requires the Domain Admins group permission.
Question: Your network has a server with Windows Server 2008 R2 installed and runs the DHCP service. Your
network has both desktop computers and wireless laptops that run Windows 7. You also have three wireless
access points (WAP). The wireless access points are configured with these settings:
DHCP server is enabled
SSID broadcast is enabled
Firewall is enabled
The wireless security key is disabled
The desktop computers are receiving IP addresses from the DHCP server. The wireless laptops are receiving IP
address from the wireless access points. A wireless laptop user wants to access a document from one of the
desktop computers.
Followers (12)
You need to make sure that the wireless laptop users and the desktop users are able to share documents in
the same network and that the wireless laptop users are only able to connect to specific network SSIDs. What
do you need to do to accomplish this?
Answer: First, you need to disable the DHCP server in the wireless access points. If the DHCP server is
enabled in both the wireless access points and Windows Server 2008, the WAP will get its IP address from
Windows Server 2008 and the WAP will provide a different range of IP addresses to the wireless
clients, causing the desktop computers and the wireless clients to be on two different networks. If you
disable the DHCP server on the WAP, the problem will be resolved.
Second, you should configure a GPO in Windows Server 2008 to control wireless access, so that the wireless
clients connect only to the allowed SSIDs. Windows Server 2008 allows you to configure an allowed and denied
list of SSIDs within the wireless range.
note: you can modify any of the information provided during the installation wizard, by using the DNS Manager console.
DAISY
1.
2.
3.
4.
DANNY
11. In the Specify the IPV4 DNS Server Settings dialog box, in the Parent Domain box, verify the DNS domain
name that will be used for name resolution.
In the Preferred DNS server IPv4 address box, type the IPv4 address of your preferred DNS server, and click
Validate.
If needed, type in the IPv4 address in the Alternate DNS server IPv4 address box and Validate. Click Next.
Like
12
12. In the Specify IPv4 WINS Server Settings dialog box, either select WINS is not required for applications
on the network or select WINS is required for applications on this network. Click Next. In this example, we
will choose WINS is not required for applications on the network.
13. In the Add or Edit DHCP Scopes, click Add and the Add Scope dialog box appears. If you want to add
scopes later, click Next (see Configuring a DHCP Scope), below this section.
14. In the Add Scope dialog box, type values for the required items and in the Subnet Type box, select Wired
or Wireless. Then, either Activate this scope to automatically activate the scope after DHCP installation is
complete, or you can manually activate the scope later using the DHCP MMC. Click OK.
15. This returns you to the Add or Edit DHCP Scopes page. If you have multiple subnets with this DHCP
server, repeat the steps to Add Scope (#13 and #14). Click Next.
NEW WORLD TRADE CENTER
16. In the Configure DHCPv6 Stateless Mode dialog box, select whether you want to configure the DHCP server
for DHCPv6 stateless operation and click Next. In this example, we will choose to Disable DCPv6 stateless
mode for this server. The option must match the IPv6 router configuration on the network.
17. In Authorize DHCP Server, specify credentials to be used to authorize the DHCP server in AD DS. Click
Next. note: the DHCP server must be authorized in Active Directory before it can lease IP addresses. In this
example, we will choose to Skip authorization of this DHCP server in AD DS.
18. On the Confirm Installation Selections page, review and click Install.
19. On the Installation Results page, review and click Close.
20. Close Server Manager
21. Open DHCP: START | Administrative Tools | DHCP
22. In the list pane on the left hand side of the DHCP dialog box, expand and highlight the domain and
right-click. Click Authorize. To authorize, you need to be an Enterprise Administrator. Press F5 to refresh.
converted by Web2PDFConvert.com
2013 (9)
2012 (18)
2011 (68)
12/18/11 - 12/25/11 (1)
23. In the list pane, expand IPv4 and you will see the IPv4 server icon with a green up arrow meaning this
server is authorized in Active Directory.
Configuring DHCP Scopes and Options
A DHCP scope is a range of IP addresses available to be leased. Remember, the DHCP server has an IP address
and thus should be listed in Add Exclusions when defining the DHCP scope.
Scope Properties:
Network ID
Subnet Mask (for IPv4 scopes only)
Lease duration
Network IP address range
Scope name
Exclusion range
What is a Superscope?
A superscope is a collection of scopes that we group together as a single unit for administrative purposes.
This allows clients to receive an IP address from multiple logical subnets, even if they are on the same
physical subnet.
Superscopes are good for situations where the number of IP addresses in a scope are nearing the end and more
IP addresses are needed for expansion purposes.
If you have two DHCP servers on a network for redundancy purposes, superscopes would help.
A multicast scope gives a collection of class D addresses or multicast addresses that a multicast group will
share, IP address range of 224.0.0.0 239.255.255.255. Applications can request these addresses to send
data out to multiple hosts without having to send out to each host, individually. Multicast Address
Allocation Protocol Scopes (MADCAP). Applications that use these addresses must support the MADCAP API.
Steps to Configuring a DHCP Scope
1. Right-click Ipv4.
2. Select New Scope and the New Scope Wizard appears.
3.
4.
5.
6.
6.
Type PcRepair Office Scope into the Name: text box and demo into the Description: text box.
Input 192.168.0.1 into the Start IP address.
Input 192.168.0.254 into the End IP address.
Input 16 into the Length text box. 255.255.0.0 will display.
Click Next.
7. In the Add Exclusions dialog box, click Next. (An exclusion is a range of IP addresses the DHCP server is
not allowed to hand out. Exclusions can be active on the network. The DHCP server just will not hand it out.
You should indicate exclusions for any address that must be statically configured.)
9. In the Configure DHCP Options dialog box, click No, I will configure these options later, and click Next.
We will configure the DHCP Options in another section.
10. Click Finish.
TINYURL
11. Click on Scope in the list pane. The scope appears with a red "down" arrow, and right-click. Click
Activate.
12. Close the DHCP console.
Make TinyURL!
Steps to Configure a Superscope
SUPPORT WIKIPEDIA
Subscribe in a reader
8. In the Configure DHCP Options dialog box, select No, I will configure these options later. Click Next.
9. Click Finish.
10. In the list pane, you will see a red down arrow beside the scope. Select the Scope, right-click and
Activate.
11. Right click Ipv4 and select New Superscope...
12. The New Superscope Wizard displays. Click Next.
13. In the Name: text box, type: PcRepairSuper. Click Next.
14. On the Select Scopes dialog box, select the Available scopes: you want by holding down the CNTL key.
Click Next. Review and click Finish.
converted by Web2PDFConvert.com
ITALIAN ALPS
DHCP options are values for common configuration data that applies to the server, scopes, reservations, and
class options. Most option codes come from the Request for Comments (RFC) documentation on the Internet
Engineering Task Force (IETF) website.
Common scope options are:
DNS Servers
DNS Name
Default Gateway
WINS Servers
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Expand Scope.
Select Scope Options and right-click.
Click Configure Options.
In the Scope Options dialog box, select 003 Router. note: Normally, you will configure option 003 Router (default gateway), 006 - DNS Servers, and option 015 - DNS suffix.
In the IP address: box, type: 192.168.1.1, and click Add. Click OK.
Switch to Client CL1.
START | All Programs | Accessories
Right click Command Prompt and click Run as administrator.
At the command prompt, type: ipconfig /release, press Enter.
At the command prompt, type: ipconfig /renew, press Enter.
At the command prompt, type: ipconfig /all, press Enter.
Notice the default gateway is now listed.
DHCP class-level options are scope options that apply to a specific type of device.
Vendor-class: configured by vendors such as Microsoft, HP, and Sun
User-class: Set and viewed by the user with the ipconfig /set classid command
Example: Suppose you want to be able to differentiate among users across different floors in the same
building and among remote users. You want to assign a shorter lease duration for some users and specific DNS
settings to users on different floors. A method for accomplishing this using minimum administrative effort
is to create user classes on the DHCP server. User classes are created to differentiate specific DHCP
configurations from the default DHCP configuration. When a client computer sends a request to the DHCP
server for an IP address, the DHCP server checks for user class information and assigns an IP address to the
client. If the client does not carry any user class information, the DHCP server assigns the default IP
configuration to the client.
Assign a specific DHCP class ID for a client computer:
KILLINGTON, VERMONT
converted by Web2PDFConvert.com
A DHCP Reservation is a specific IP address, within a scope, that is reserved permanently for lease to a
specific DHCP client. Many times printers and servers will have a reserved IP address. The reservation ties
the MAC address of the computer into the IP address, and is actually made on the network card. So, if you
need to change the network card, you need to recreate the reservation.
Configuring reservations allows you to centralize management of fixed IP addresses. Custom DHCP options for
reservations will override all other DHCP options configured at a higher level.
When DHCP scopes are configured, the scope needs to include IP address for all clients. Typically, you configure 20% above
the physical amount of clients.
DHCP availability is mission critical. If the leases are approaching the expiration date and the number of leases are
exhausted, there could be serious problems
The recommendation is to have some type of fault tolerance by using multiple DHCP servers. On the servers, there is
commonly an 80/20 rule.
On the first DHCP server, you would have 20% of the addresses:
Scope range: 192.168.1.10 192.168.1.254
Excluded addresses: 192.168.1.10 192.168.1.205 (the first 80% of the addresses)
On the second DHCP server, you would have 80% of the addresses:
Scope range: 192.168.1.10 192.168.1.254
Excluded addresses: 192.168.1.26 192.168.1.254 (20% of addresses leased from server
Server
Scope
Class
Reserved client
This example assumes you have SVR1 and the scope has already been configured.
Server Options:
Scope Options:
Click Apply.
Option Classes:
Reservations:
converted by Web2PDFConvert.com
THE DHCP DATABASE IS COMPARED TO THE REGISTRY AND INCONSISTENCIES ARE RECONCILED IN THE DHCP DATABASE.
CONFIGURE DNS AND WHETHER OR NOT TO ENABLE DNS DYNAMIC UPDATES ON THE DNS TAB
CONFIGURE NETWORK ACCESS PROTECTION (NAP) SETTINGS ON THE NETWORK ACCESS PROTECTION TAB
CONFIGURE WHAT WOULD HAPPEN IF A NETWORK POLICY SERVER (NPS) IS UNREACHABLE ON THE NETWORK PROTECTION TAB
MODIFY SERVER CONNECTION BINDINGS AND DNS REGISTRATION CREDENTIALS ON THE ADVANCED TAB
converted by Web2PDFConvert.com
DHCP STATISTICS
DHCP STATS ARE COLLECTED AT THE SERVER LEVEL OR AT THE SCOPE LEVEL TO DETERMINE IF THERE IS A PROBLEM WITH THE DHCP SERVICE OR
WITH THE NETWORKS DHCP CLIENTS.
THE DHCP AUDIT LOG IS A LOG OF SERVICE-RELATED EVENTS. THE LOG FILE CAN BE USED TO TRACK LEASE
REQUEST, GRANTS, OR DENIALS AND TO TROUBLESHOOT DHCP SERVER ISSUES, AND IS STORED IN THE
%WINDIR%\SYSTEM32\DHCP FILE. THE NAME IS BASED ON DAY OF THE WEEK, AN EXAMPLE IS DHCPSRVLOGMON.LOG.
MORE ABOUT DHCP AUDIT AND EVENT LOGGING
HOW TO MONITOR DHCP SERVER PERFORMANCE
USE THE BUILT-IN SERVER 2008 UTILITY, PERFORMANCE MONITOR. OBJECTS AND COUNTERS ARE ADDED AUTOMATICALLY WHEN A
NEW SERVER ROLE IS INSTALLED.
CHECK THE COUNTERS AND MONITOR SERVER PERFORMANCE. TEST AGAINST THE BASELINE, VERY IMPORTANT.
REVIEW THE COUNTERS FOR SIGNIFICANT CHANGES IN DHCP TRAFFIC. IF THERE ARE HIGH VALUES, THEN CHECK THE SERVER FOR
BOTTLENECKS.
converted by Web2PDFConvert.com
MAKE SURE UNAUTHORIZED PERSONS DO NOT HAVE PHYSICAL OR WIRELESS ACCESS TO THE NETWORK. UNPLUG WIRING THAT IS NOT
NEEDED. DO NOT BROADCAST SSID. USE WPA ENCRYPTION.
USE 802.1X-ENABLED LAN SWITCHES OR WIRELESS ACCESS POINTS TO ACCESS THE NETWORK.
DHCP AUTHORIZATION BEGAN WITH WINDOWS SERVER 2000, WINDOWS SERVER 2003, AND MOST RECENTLY WINDOWS SERVER 2008.
AUTHORIZATION IS NOT REQUIRED ON OTHER DHCP IMPLEMENTATIONS. EITHER DECOMMISSION THE SERVER OR DISABLE THE DHCP SERVICE.
TO RESTRICT UNAUTHORIZED, NON-MICROSOFT DHCP SERVERS FROM LEASING IP ADDRESSES, ENSURE THAT UNAUTHORIZED PERSONS
DO NOT HAVE ACCESS TO THE NETWORK.
ADD USERS THAT NEED READ-ONLY ACCESS TO THE DHCP USERS GROUP.
No comments:
Post a Comment
"Comment As:" anonymous if you would rather not sign into an account!
Publish
Preview
Home
Older Post
converted by Web2PDFConvert.com
TOTAL PAGEVIEWS
Like
208,388
12
Computer Repair
Powered by Blogger.
converted by Web2PDFConvert.com