For more information, seewww.metainfo.com/products/metaip.cfm.Address Conflicts with Computers Using DHCP If you receive a message that you have an IP address conflict at bootupand the m
Trang 1whose IP does match the one in the ARP message first puts the sendingcomputer’s IP/MAC address information in its own ARP cache, thensends a response to the sending computer with the information about itsMAC address.
When the sending computer gets the response, it adds the destinationcomputer’s IP/MAC address information to its cache, and can now senddata to the destination computer
IP Communications on a Routed Network
(to a Remote Subnet)
If the destination computer is not on the same local subnet, it worksslightly differently In this case, ARP will resolve the remote IP address tothe physical address of the router that can forward the message on to thesubnet on which the destination computer resides
The IP protocol again checks the IP addresses and subnet mask andthis time determines that the destination computer is not on the localsubnet IP determines the IP address of the default gateway (router), andthe sending computer checks the ARP cache for a physical address thatmatches the router’s IP address
IP Addresses and the Internet
As we all know by now, TCP/IP is the protocol suite used for munications over the vast global network of networks that we callthe Internet We also know that in order for communications to takeplace on a TCP/IP network, every network ID on the internetworkmust be unique, and every Host ID must be unique to that network
com-In theory, this means that of the millions of computers
connect-ed to the Internet, there should be no two with the same IP address
In practice, however, this is not strictly true Due to the shortage ofavailable IP addresses, and also because registering multiple address-
es adds to the cost of running a network, many companies and homenetworks use some method of connecting many computers to theInternet through a single IP address There are two popular types ofsoftware designed to accomplish this: Network Address Translation(NAT) and Proxy Services
Network Address Translation (NAT) This is a means of
config-uring one computer, which has a dial-up or dedicated connection to
For IT Professionals
Continued
Trang 2the Internet through an ISP, to serve as a gateway through whichother computers on the LAN can obtain Internet access withoutbeing assigned separate “public” addresses With NAT, these clientcomputers use “internal” addresses from the private address range,which are not visible to systems outside the local network To theInternet, there appears to be only one computer connected—andindeed, only the “gateway” computer (sometimes called the NAT orICS host computer) is actually connected to the Internet There arethird-party software implementations of NAT, such as Sygate andNAT32 A new feature in Windows 2000 is built-in support for NAT.
Windows 2000 Professional includes Internet Connection Sharing,which is a somewhat limited form of NAT that is simple to configureand administer Windows 2000 Server includes ICS too, but it alsoprovides for a more flexible form of NAT through RRAS (Routing andRemote Access Service), which allows for changing the IP addressrange, use of multiple public addresses, and multiple LAN interfaces
ICS does not support these advanced features Both ICS and NATinclude components for address assignment, translation of the pri-vate internal addresses to the public external address(es), and nameresolution services
Proxy Services A proxy server is a more sophisticated means of
providing a shared connection to the Internet, which provides forgreater security through complex filtering Proxy software, such asMicrosoft Proxy Server or Winproxy, requires a higher level of config-uration and contains other features in addition to address transla-tion For example, proxy servers can be set up to cacheoften-accessed Web sites so that performance will be optimized andless actual access to the Internet is required Generally, however,proxy servers use the same address translation technique as NAT—
requests for Internet access go through the server, which maps eachclients’ internal IP address and the application making the request to
a port on the server The proxy then presents the request to the side world” as if it came directly from the server itself, and the inter-nal machines’ addresses are hidden from the Internet
“out-The result is that there are many, many more individual ers “on the Net” than it would appear from the number of public IPaddresses visible to the outside network What appears to be onecomputer, with one IP address, may be a NAT host or proxy serverthat is forwarding requests and responses for dozens or even hun-dreds of computers on its local network
Trang 3comput-If it doesn’t find one, it broadcasts an ARP message to find the router’sphysical address, using the same process as in the previous example.When the router, which is attached to the local subnet, receives the ARPmessage and determines the IP matches its own, it responds with itsphysical address after putting the sender’s IP/MAC information into itscache The sender updates its own cache with the router’s information,and now will send any messages addressed to the remote destinationcomputer through the router The router will forward the message to thedestination computer (or another router, if it is not directly connection tothe destination computer’s subnet) using the same process.
Overview: IP Addressing
Configuration Errors
A large percentage of TCP/IP connectivity problems can be traced to IPaddressing configuration errors Thus, one of the first things you shouldcheck, if your TCP/IP-based computer is not able to communicate on thenetwork, is the TCP/IP Properties sheet Ensure that if you have manual-
ly assigned the IP address, it is a valid address for the subnet Also checkthe address of the default gateway, DNS and WINS servers, and the sub-net mask Simply making this quick check can eliminate many problems Common errors include transposing two digits within an address andswitching two addresses between fields (such as entering the computer’saddress in the default gateway field, and vice versa) It sounds elemen-tary, but remember one important rule of troubleshooting is to alwayscheck the “simple stuff” first
Microsoft documentation attributes the majority of TCP/IP connectivityproblems to incorrectly entered IP address information This is one case
where typos do count.
Duplicate IP Addresses
Duplicate addresses can be a problem in a network where some or all ofthe IP addresses are manually assigned, especially if there is more thanone administrator or other personnel are responsible for configuringTCP/IP properties on computers
NOTE
Trang 4If this happens, the following situation may occur: When a Windows
2000 computer comes online (or when its IP address is changed), and itsTCP/IP stack is initialized, it sends a “gratuitous” ARP message, request-ing the hardware address associated with its own IP address If anothercomputer responds, thus claiming the IP address as its own, the newlyinitialized computer will stop using IP If there is another network protocolinstalled, it may be able to continue communicating on the network usingthe other protocol If TCP/IP is the only network protocol installed, it willnot be able to communicate on the network
Windows 2000 tries to prevent duplicate address errors in several ways
If you change the TCP/IP settings and enter an IP address that is already inuse on the network, you will get a message indicating the address is takenand instructing you to change your settings If you change the settingswhile offline and then come back onto the network, you will receive a mes-sage informing you that there is an IP address conflict The computer that
is already using the address will also display an error message (see Figure8.8) indicating that there is an address conflict, although it will be able tocontinue communicating via TCP/IP using the address
Figure 8.8 Windows 2000 displays an error message when a duplicate address
is detected
One way to track down this problem is by checking the System Log inthe Windows 2000 Event Viewer An error message will appear, indicatingthat the system detected an IP address conflict
Locating the Other Computer that Is Using the Address
There are several ways to locate which other computer on the network isusing the address If it is a Windows 2000 or NT computer, there will be
an event entered in its System Log reporting the conflict, although thecomputer that “got there first” will be able to go on using the address
You can also use the tracert command on the address to find out thename of the computer using it, or you can use arp –a to find out thephysical address of the computer using the IP address, as long as theother computer is on your local subnet
Trang 5There is third-party IP management software that will do sophisticatedtracking and auditing of IP address information One such product that iscompatible with Windows 2000 is Meta IP For more information, seewww.metainfo.com/products/metaip.cfm.
Address Conflicts with Computers Using DHCP
If you receive a message that you have an IP address conflict at bootupand the machine is using DHCP, you can release the address so theDHCP server will assign a new address To release the address, use theipconfig /release command
Invalid IP Addresses
If the computer is given an IP address that is “illegal” or just invalid foruse on that particular network, it will not be able to communicate withother computers over TCP/IP
As mentioned earlier, if you are running a private network that has noconnection to the “cloud” (as many books and illustrations represent theInternet), you can use any IP addresses you wish, including those thathave already been assigned for public use This will not cause a prob-lem—unless you later decide to connect your network to the Internetwithout changing the addressing scheme At that point, your addressesmay conflict with those of another organization that has registered thataddress space Packets intended for computers on your network will berouted to the “legal” holder of the addresses
An invalid address may not be illegal, but does not “fit” into the localnetwork’s addressing scheme If the LAN is using the network ID of
192.168.1.0 with a subnet mask of 255.255.255.0, then the computersthat are on that network must have IP addresses that use 192.168.1 forthe first three octets If you assign one of the computers an address that
is not on that network (or if it is assigned an address with a different work ID by APIPA because a DHCP server could not be contacted), when
net-IP attempts to contact another computer on the same segment it willidentify the address as belonging to a remote host and will send the pack-
et to its default gateway
Also remember that Host IDs of all 0s or all 1s are not valid forassignment as a computer’s IP address A Host ID of all 0s is used to
TIP
Trang 6identify the network, and a Host ID of all 1s is used as the broadcastaddress, for messages to be sent to all computers on the network.
Thus, on a class B network using the default subnet mask of255.255.0.0, both the addresses 138.21.0.0 and 138.21.255.255 would
be unavailable for Host IDs On a class C network using the default net mask of 255.255.255.0, the same would be true of the addresses201.45.3.0 and 201.45.3.255
sub-DHCP Configuration Problems
The Dynamic Host Configuration Protocol runs on a Windows 2000 Serverand automatically assigns IP addresses to computers configured to beDHCP clients
DHCP originated as a derivative of BOOTP, the Bootstrap Protocolused in earlier networks to assign IP addresses dynamically, usually inthe context of booting diskless workstations from the network
The specifications for BOOTP are defined in RFCs 951 and 1084
How DHCP Works: Condensed Version
Most network administrators are familiar with DHCP and aware of thefour-step process required for a DHCP client to obtain a “lease” on an IPaddress We will briefly review those steps to identify the points in theprocess where things can go wrong
DHCP is not a Microsoft-specific feature UNIX, NetWare, and other networkoperating systems (server software programs) also use DHCP
The four steps in the lease process involve the sending of four specialmessages between the DHCP client and a DHCP server These messages arecalled:
■ DHCP Discover
■ DHCP Offer
NOTE
NOTE
Trang 7■ DHCP Request
■ DHCP AcknowledgmentThe process is relatively simple
DHCP Discover
When a computer that is configured to be a DHCP client comes onlineand its TCP/IP stack is initialized, it accesses the Registry settings per-taining to TCP/IP parameters and recognizes that it must obtain an IPaddress from a DHCP server It does not, however, know how to reach aDHCP server Unlike DNS and WINS servers addresses, the IP address of
a DHCP server is not entered in the TCP/IP configuration properties Thatmeans the computer must broadcast for a DHCP server The client sends
a broadcast message (addressed to the broadcast address
255.255.255.255) called a DHCP Discover message, which essentially asks
DHCP to come to its aid and assign it an IP address
Since the client does not have an IP address at this point, it uses theaddress 0.0.0.0 as its source address The server would not be able toidentify the client that sent the request from this address, so the messagealso includes the client computer’s name and its physical MAC address
DHCP Offer
If there is an authorized DHCP server on the network, it hears the client’s
plea for help and responds with a message called a DHCP Offer This
mes-sage contains an IP address from its predefined scope of addresses thatcan be allocated, as well as other information such as duration of thelease This message is also sent as a broadcast, since the client computerdoesn’t yet have an IP address to which the server can send the messagedirectly
The Offer message includes the IP address that is available (and theserver temporarily reserves it during the extension of the offer), a subnetmask, a lease duration (which is specified by the administrator in config-uring DHCP), and the server’s IP address
DHCP Request
The client will receive “offers” from more than one source if there are tiple DHCP servers on the network that have available addresses Theclient will accept the first offer that arrives, and will send back a message
mul-NOTE
Trang 8called a DHCP Request This is also a broadcast—so the other servers who
made offers will know that they’ve been “rejected” and will release theaddresses they had temporarily reserved for the client—which we mightthink of as a formal acceptance of the first server’s offer It includes the IPaddress of the server whose offer is being accepted
DHCP AcknowledgmentThe final message, the one that “clinches the deal,” comes from the DHCPserver It acknowledges the acceptance of its offer and assigns the IPaddress to the client for it to use for the duration of the lease period Italso includes other TCP/IP configuration information, such as the defaultgateway and subnet mask, and the addresses of DNS and WINS servers,
if the client is configured to get this information through DHCP Afterreceiving this message, the client will be able to use the IP address forTCP/IP communications over the network
This last message is called an ACK If the server is for some reason unable to complete the transaction, it sends instead a NACK, or negative
acknowledgment
A NACK occurs when a client attempts to lease an IP address it heldpreviously, which has become unavailable, or if the client has relocated to adifferent subnet and the address it is trying to lease is now invalid
Common DHCP Problems
Next, we will look at some of the problems that can occur as this scenarioplays out
Windows 2000 Pro cannot be a DHCP server, although it can serve as a
DHCP allocator, performing somewhat the same function, when set up to
share its Internet connection as an ICS host
Traditionally, most problems with DHCP fall into a few broad categories:
■ Server configuration problems
■ Client configuration problems
NOTE
NOTE
Trang 9■ Unauthorized DHCP servers
■ Unavailable DHCP server
We will discuss each of these, how Windows 2000’s TCP/IP ments help to reduce the frequency of these problems, and best practicesfor optimizing DHCP performance and decreasing the chances of problems
enhance-Server Configuration Problems
As might be expected, the majority of DHCP problems stem from incorrectinitial configuration or failure to update the configuration on the DHCPserver(s)
Remember that the DHCP server itself cannot be a DHCP client; it must bemanually configured with a static IP address and other TCP/IP configurationinformation
In Windows 2000, Microsoft has incorporated the management of theDHCP server services into the Microsoft Management Console (MMC), pro-viding a new, more standardized look and feel for administrators SeeFigure 8.9 for an example of the DHCP management console snap-in
TIP
Figure 8.9 The DHCP server is configured from the MMC.
You can access the DHCP MMC via Start | Programs | AdministrativeTools | DHCP on the server
If DHCP is not performing as expected across the network, the firstthing you should check is the configuration on the DHCP server
Trang 10If DHCP is not functioning at all, one thing to check is whether the DHCPservice has been stopped Windows NT administrators are used to stoppingand starting services from the Services applet in Control Panel, but youwon’t find that applet in Windows 2000 Server Instead, right-click MyComputer, choose Manage, and navigate down the tree in the left panel toexpand Services and Applications Select DHCP, right-click (or choose theAction menu), and select All Tasks Here you can start, stop, pause, resume,
or restart the service, as shown in Figure 8.10
Trang 11These tasks can also be performed from the DHCP MMC accessed
through Administrative Tools; this can be confusing when you first startworking with Windows 2000
Scopes and Address Pools
In the context of DHCP, a scope is a group of consecutive IP addresses
that can be allocated to clients on a subnet For example, a scope might
be defined as 192.168.1.140 through 192.168.1.160 Note that theseaddresses are contiguous To define a scope, simply click DHCP in
Computer Management, and on the Action menu, select New Scope Thiswill start the New Scope Wizard, which walks you painlessly through theprocess
A scope must have a name, a range of IP addresses, and a subnetmask You can also define the lease duration, reserve certain addressesfor certain DHCP clients, and define options
After you define the scope, you must activate it before it will be used byDHCP
In some cases, you may want to exclude certain addresses within thescope’s range from being offered to DHCP clients, such as those used byrouters or computers with manually configured static addresses Forinstance, if you have three DNS servers on the network with manuallyconfigured IP addresses that fall within the scope, you would excludethose addresses (another option is to reserve addresses for those comput-ers, so that DHCP will assign them the same addresses each time theyrequest a lease, as we will discuss a little later in the chapter)
Suppose the manually assigned IP addresses of the three DNS serversare:
192.168.1.150192.168.1.151192.168.1.152You don’t want DHCP handing out those addresses to its clients, oryou will end up with an IP address conflict You can define an exclusionrange of 192.168.1.150 through 192.168.1.152, and those addresses will
be excluded from the DHCP scope You can choose to exclude a range ofaddresses during the creation of the scope, using the New Scope Wizard
To exclude a range of addresses after the scope has been created, ply expand the Scope object in the left panel of the MMC, and right-click
sim-NOTE
Trang 12Address Pool Choose New Exclusion Range, as shown in Figure 8.11, andthe Exclusion Range dialog box will be displayed.
Enter the first and last address in the range of addresses that youwish to exclude, or to exclude just one address, enter it in the Start field(not in both fields)
Figure 8.11 You can exclude a range of IP addresses from the DHCP scope.
Common Problems Associated with Scopes and Address PoolsCommon problems that arise in relation to DHCP scopes include:
■ Not excluding the addresses within the scope range that havebeen assigned to routers, network print devices, or computerswhose IP addresses were configured manually
■ Specifying an incorrect subnet mask
■ Defining too small a scope so that the DHCP server does nothave enough IP addresses to assign to all requesting DHCPclients
■ Not activating the scope after defining it To activate the scope,right-click the scope you want to activate under DHCP in ComputerManagement, and select Activate, as shown in Figure 8.12
Trang 13Note in Figure 8.12 that Windows 2000 places a warning icon by thescope name to notify you that it has not yet been activated.
Figure 8.12 After creating the scope, you must activate it before DHCP can use it.
Superscopes
When a single physical network segment consists of more than one logical
IP subnet, and when two DHCP servers are tasked with managing rate logical subnets on the same physical network, Microsoft recommends
sepa-that you implement a superscope This allows DHCP servers to assign
addresses from more than one scope to the same subnet
Without superscopes, this situation may cause DHCP clients toreceive NACKS when they come online and attempt to renew their previ-ous leases, and/or when a new address is obtained, it might put theclient on a different subnet from the one for which it had been configuredbefore Superscopes prevent these problems by allowing each of the twoDHCP servers to recognize and “respect” addresses assigned by the other
To configure superscopes, all of the DHCP servers on the segment areset up to recognize all subnets on the segment Exclusion ranges are used
on each server to prevent their address ranges from overlapping In otherwords, you configure each server so that its superscope includes all the
Trang 14subnets, including those whose addresses are allocated by other DHCPservers You then set up exclusion ranges for the addresses that are allo-cated by the other servers This way, each server will recognize all theaddresses in the superscope as valid, but will only allocate those address-
es that are not excluded in its configuration
Lease Duration
As we already learned, when a DHCP server allocates an IP address to aclient, it does not grant permission to use that address permanently
Instead, it “leases” the use of the address for a specified period of time,
called the lease duration During the creation of a new scope, the
Windows 2000 New Scope Wizard allows you to change the default leaseduration of eight days, as shown in Figure 8.13
Figure 8.13 The New Scope Wizard allows you to change the duration of DHCP
leases
You are not, however, stuck with the lease duration that is set during thescope creation You can change the duration of leases handed out by theserver at any time, by editing the Properties page for the scope Right-clickthe name of the scope for which you wish to change the lease duration, andselect Properties You will see the dialog box shown in Figure 8.14
As you can see, the duration can be set to the number of days, hours,and minutes desired, just as could be done during the creation of the
Trang 15scope Another option you have, which was not given by the New ScopeWizard, is to choose not to limit the duration of the DHCP leases In thatcase, clients will retain their leases until the lease is manually released.
It is usually not desirable to set the lease duration to unlimited, becausethis means that even if the computer holding the lease goes offline forever,that IP address cannot be reused until or unless the lease is manuallyreleased
If a DHCP client goes down, the administrator can force the lease to
be released by right-clicking Address Leases under the Scope name in theconsole, selecting the IP address/computer name combination for thelease to be released in the right pane, right-clicking and selecting Delete,
as shown in Figure 8.15
This will free the IP address to be allocated to another DHCP client
Figure 8.14 You can change the lease duration for DHCP clients through the
Scope Properties sheet
WARNING
Trang 16If you find that all of the IP addresses in the scope are being used eventhough you have fewer computers on the network than the number ofaddresses to be allocated, check the Address Leases to determine if RRAS isassigning multiple DHCP addresses to the same computer(s) In Figure 8.15,those IP address leases that have icons showing a telephone beside thecomputer are assigned by RRAS.
The Lease Renewal Process
If you sign a one-year lease for a house, and you wish continue living onthe property, you probably will not wait until the day the lease is up tonegotiate a renewal of the lease with the landlord If you did, you mightfind yourself out on the streets with no place to live Similarly, DHCPclients “think ahead” to ensure that they aren’t left high and dry without
an IP address when their leases expire
Figure 8.15 You can manually force a DHCP to be released by deleting the lease in
the management console
NOTE
Trang 17When the lease period, as set in the lease duration configuration, ishalfway expired, the DHCP client will send a message to the DHCP serverrequesting a renewal of the lease (as you can see, DHCP clients plan fur-ther ahead than do most residential tenants) Normally, the DHCP serverthen renews the lease But what if the server from which the lease wasobtained has gone down? The client will try again when 87.5 percent ofthe lease has expired The first renewal attempt is made by sending aDHCP Request directly to the DHCP server holding the lease If no
response is received, the client tries to obtain a lease from any availableDHCP server, broadcasting a DHCP Request
If the client doesn’t get a response from any DHCP server (or if it gets
a negative response) before the expiration time is up, it cannot continue
to use the address At that point, it must start all over with the leasingprocess in order to be assigned a new IP address
You can force the client to manually request a renewal of its lease at anytime by using the ipconfig /renew command
Common Problems Associated with Lease Duration
The network problems commonly associated with lease duration can besolved or reduced by taking advantage of Windows 2000’s option to changethe duration as shown in the foregoing section These problems include:
Network slowdown caused by excessive lease renewal traffic.
Looking back at the process for obtaining and renewing DHCPleases, you can see how DHCP is capable of adding a lot ofnetwork traffic This is especially true if the network is large, withmany DHCP clients You can alleviate some of the congestion byextending the lease period beyond the default if there are plenty of
IP addresses available and the clients are stable In this case, youmight consider increasing lease duration to 21 or even 30 days
Inefficient use of DHCP addresses resulting in server(s) not having enough addresses for all requesting clients This
problem can occur when there is a limited number of IP addresses
in the DHCP scope and you have an unstable client situation; that
is, computers configured to use DHCP that move on and off thenetwork, as with laptop/notebook systems DHCP client computersrunning Microsoft operating systems do not release their leaseswhen they shut down, so if laptops are removed from the network,
TIP
Trang 18their leases will still be assigned to them for the duration of thelease even though they are not being used If this happens, youmay find it beneficial to decrease the lease duration to a shorterperiod than the default, so addresses will be more quickly returned
to the pool of available addresses to be assigned to other clients
Reserved AddressesSome computers—primarily servers—need to always have the same IPaddress One way to accomplish this is to manually configure theirTCP/IP properties, but this means that if other TCP/IP configurationinformation changes (for instance, the address of the WINS server), theywill all have to be manually changed There’s a way to allow these com-puters to enjoy the benefits of DHCP, such as the ability to make thosechanges on the DHCP server and have it automatically disseminated tothe clients, and still ensure that the computers that need to always have
the same address can This is accomplished by assigning reserved
addresses to those computers.
Adding a reserved address is easy in Windows 2000 Right-clickReservations under the Scope in the MMC, and select New Reservation
You will see a dialog box, as shown in Figure 8.16
Figure 8.16 You can make an address reservation for a client that needs to
always have the same address
Trang 191 Type in a name for the reservation, the IP address to bereserved, and the physical (MAC) address of the computer forwhich you are reserving the address
2 The Description field is optional
3 You must choose the allowed client type (DHCP, BOOTP, orboth)
4 Click ADDto enter the new reservation into the DHCP database
The MAC address must be entered correctly or the DHCP server will notassign the reserved address to the computer Although the reservationname can be the name of the client computer, the DHCP server uses thehardware address to recognize the computer for which an addressreservation is made Unlike when you enter the MAC address to configure astatic arp cache entry, you must NOT put dashes in the MAC address whenyou configure a client reservation at the DHCP server
Determining the Physical Address of a Computer
To find the hardware address of a computer while sitting at the computer
itself, type ipconfig /all at the command line.
To find the hardware address of another computer on the network, firstping the computer name if you don’t know its IP address When you have the
IP address, type arp –a at the command line to find its physical address If
you have the Windows 2000 Resource Kit, you can use the getmac utility
Although the MAC address is displayed in the ipconfig and arp utilities withdashes between each pair of hexadecimal digits, do not use dashes whenyou enter the MAC address in the New Reservation dialog box
Trang 20■ Client options
■ Class options
Server options These are the default options that are applied to
all scopes configured on a particular DHCP server You can usethem to define configuration information used by all the clientcomputers, such as the address of the WINS or DNS server
Scope options As the name implies, these apply only to clients
whose addresses are leased from the specified scope This allowsyou to set information specific to a particular subnet (when there
is a separate scope for each subnet) such as the default gatewayaddress
Client options In some cases, you may need to define options
that apply only to a specific client or clients These are used forclients with reserved addresses
Class options When you use the Server, Scope, or Client Options
dialog boxes, you can use the Advanced tab to configure andenable options for clients that are members of a specified user orvendor class Only the DHCP clients that identify themselvesaccording to the criteria for the selected class will be given theoptions data you have set up for that class
How to Configure Options
To configure the Server options, right-click Server Options in the left pane
of the console, and select Configure Options To configure Scope options,right-click Scope Options and do the same Configuration of client options
is a little trickier First, you must have a client reservation Expand theReservations container, select the client reservation for which you wish toconfigure client options, right-click it, and select Configure Options(shown in Figure 8.17)
Some Microsoft documentation refers to the Server options as “Global”
options
Class options are new to Windows 2000 Microsoft provides three defined classes: a default user class, the Microsoft Dynamic BOOTP class,and the Microsoft RRAS class, as shown in Figure 8.18
pre-Options are applied in the following order of priority:
1 Specific client options are used before scope or global options
2 Scope options are used before Server options
NOTE
Trang 21Figure 8.17 Client options can only be configured for clients with address
reservations
■ IP addresses of routers
■ IP addresses of DNS servers
■ DNS domain name
■ NetBIOS node type
■ IP addresses of WINS server
3 Class options can override values assigned and set at the samecontext (server, scope, or client options) or the values that areinherited from options at a higher context
Class options are divided into two types: user class and vendor class.The most commonly used options include:
Trang 22Class-based options only apply to DHCP clients that are identified asmembers of the specified user or vendor class.
Monitoring the DHCP ServerAnother improvement that Microsoft has made in Windows 2000 includesenhancements to the ability to monitor and provide statistical informationfor the DHCP server(s) A common DHCP-related problem is the depletion
of available IP addresses, so Windows 2000 allows you to set up a fined point at which an alert will be sent informing you that the specifiedpercentage of available IP addresses has been used (you can also config-ure a second notice to be sent when the addresses are all gone)
prede-The Windows 2000 DHCP management tool supports the SimpleNetwork Management Protocol (SNMP), as discussed in Chapter 5, “UsingNetwork Monitoring and Troubleshooting Tools in Windows 2000,” for
Figure 8.18 Class options apply only to members of specified classes
NOTE
Trang 23To access the statistical information, go to Start | Programs |Administrative Tools | DHCP.
In the DHCP Manager, right-click the DHCP server name, and selectDisplay Statistics
As you can see, the statistical summary provides you with the number
of scopes configured, total addresses allocated for assignment, how many
of those are in use, and how many are still available
Another source of information about DHCP activities is the Event Viewer,which logs informational, warning, and error messages, and DHCP auditlogs if you have logging enabled
Trang 24The database files are stored in <systemroot>\System32\DHCP andinclude the following files:
Windows 2000 backs up the DHCP database by default at one-hourintervals You can edit the Registry to change the backup interval To do
so, use a Registry editor to open the key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP
\Parameters
Always back up the Registry before making changes Editing the Registryshould always be done with care, as incorrect entries could cause thesystem to become unbootable
Edit the value BackupInterval by entering the number of minutesdesired between database backups, as shown in Figure 8.20
By default, the value is shown in hexadecimal, but you can convert it
to decimal by selecting the appropriate radio button
The DHCP database backup files are stored on the DHCP server in the
<systemroot>\System32\DHCP\Backup\Jet directory A copy of theDCHP\Parameters subkey of the Registry is stored in the Backup directorywith the file name DHCPCFG
NOTE
WARNING
NOTE
Trang 25If the operating system detects that the DHCP database has becomecorrupt, it will automatically restore from backup when the service
restarts To manually restore the database from the backup files, youmust edit the Registry Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters and set the
Trang 26If you are unable to edit the Registry entry, another way to restore thedatabase is by copying the <systemroot>\System32\DHCP\Backup\Jetfolder to <systemroot>\System32\DHCP Be sure you stop the DHCPservice before copying the files After you have copied the files, restart theDHCP service to restore the database.
Client Configuration Problems
A number of problems can affect a DHCP client’s ability to use the ice If other DHCP clients on the subnet are having no problems obtainingand using IP addresses, and if you have checked and determined that theserver’s address allocation has not been depleted, this indicates the prob-lem is related to the configuration or operation of the client computer
serv-Client Cannot Obtain an IP AddressThis indicates that the client machine was not able to reach a DHCP serv-
er There could be many causes for this, including a hardware problem
Be sure the client has a network connection to the server by pinging theserver from the client computer If you cannot, check cables, NICs, andother hardware devices
If you can ping the server from other computers on the same subnet,check the client computer’s protocol configuration Be sure TCP/IP isinstalled and functioning by pinging the loopback address (127.0.0.1)
If you are using a DHCP Relay Agent, make sure that the machine isfunctioning and that its IP configuration parameters are correct A commonerror is adding the DHCP Relay Agent service and then failing to configure aDHCP server for it to contact
Client Has an Invalid IP Address
If the client is unable to communicate with other computers on the work, and ipconfig indicates that the client is using an address that isinvalid for the subnet (from the 169.254.0.1 through 169.254.255.254range), this indicates that the client was unable to contact a DHCP serverand assigned itself an address via APIPA
net-Try to ping the server If you are able to do so, try manually renewing
the lease To disable APIPA, see the section Automatic Private IP
Addressing earlier in this chapter.
TIP
Trang 27Client Is Missing Configuration Information
If the client was assigned an IP address by the DHCP server but did notproperly receive additional configuration information, such as the DNSserver address, ensure that the client supports the options and that theoptions have been properly configured at the server
Multiple Clients Are Suddenly Unable to Obtain IP Addresses
If many clients become unable to obtain leases for IP addresses, checkthe following:
■ Ensure that the DHCP server is up, and that its IP address hasnot been changed
■ Ensure that the DHCP server’s IP address is in the samenetwork range as the scope it is servicing
■ Be sure that you don’t configure multiple DHCP servers on thesame subnet with overlapping scopes
■ If you are using Active Directory domains, be sure that theDHCP server has been authorized in the Active Directory
If one of the DHCP servers is running Microsoft Small Business Server, beaware that the DHCP Server service in the SBS will automatically stop if itdetects that there is another DHCP server on the local subnet
Other Common DHCP Problems
Most of the time, DHCP works well, saving administrators a lot of timeand headaches However, as with any other service, things can go wrong.Microsoft has attempted to address and prevent potential problems asmuch as possible in Windows 2000, but you should be aware of some ofthe common DHCP-related problems that can occur
Unauthorized (“Rogue”) DHCP Servers
Problems can occur on a network when there are unauthorized DHCPservers Perhaps someone configured a server as a DHCP server by mis-take, or in order to practice with the service The “rogue” server couldbegin handing out IP addresses—perhaps in a range that is invalid for thesubnet—when DHCP clients broadcast a Discover message This wouldresult in those clients being unable to communicate with other clients onthe subnet whose addresses were allocated by the authorized server
NOTE
Trang 28Windows 2000 attempts to prevent this situation by building in a ture to disallow address allocation by DHCP servers that have not beenauthorized by an administrator in the Active Directory No responses will
fea-be returned to DHCP inform messages sent by unauthorized servers
When a Windows 2000 DHCP server comes online, it attempts to checkthe Directory to determine if it is authorized If not, it does not respond toDHCP client requests
Unfortunately, this detection/prevention of “rogue” DHCP servers onlyworks with Windows 2000 servers A Windows NT 4.0 DHCP server will not
be detected as a “rogue.”
DHCP Clients and Server on Different Subnets
In order for a DHCP server to provide IP addresses to clients across arouter, the router must be able to act as a DHCP relay agent, or theremust be a machine that is running the DHCP relay service on the clientsubnet
A Windows NT 4.0 or Windows 2000 server can be configured to run
as a DHCP relay agent However, most modern routers are able to port DHCP/BOOTP relay
sup-DHCP/BOOTP relay agent specifications are described in RFC 1542
Multiple DHCP ServersThe Microsoft documentation suggests that if you have multiple DHCPservers, you should put them on different subnets for fault-tolerance pur-poses The servers should not have common IP addresses in their scopes(each server should have a unique pool of addresses)
With the routers configured for relay or a DHCP relay agent on eachsubnet, if the DHCP server on the local subnet goes down, requests will
be relayed to a remote subnet Then, the DHCP server on the remote net can respond to DHCP requests—if it contains a scope of IP addressesthat are valid for the requesting subnet
sub-NOTE
NOTE
Trang 29If the remote server does not have a scope defined for the requestingsubnet, it won’t be able to provide IP addresses to the requesting clientseven if it has addresses available for other scopes
By configuring each DHCP server with a pool of addresses for eachsubnet, each will be able to provide IP addresses for remote clients whoseown DHCP server is offline
Automatic Addressing (APIPA)
The automatic addressing feature in Windows 2000 (first introduced inWindows 98) was designed to solve a common problem with DHCP: Inearlier Microsoft operating systems, when a computer that was configured
to be a DHCP client came online and no DHCP server was available, ithad no way of obtaining an IP address and thus could not communicateusing IP
APIPA circumvents this situation by giving DHCP clients a gency plan.” When the computer comes online, it will first attempt toreach a DHCP server to obtain an address, but if it fails to do so, usingAPIPA it can assign itself a temporary IP address to use until the DHCPserver is back up
“contin-This is all well and good, but not always as useful as it sounds Theproblem is that the addresses assigned by APIPA come from a rangereserved for that purpose, the class B 169.254.0.0 network with a subnetmask of 255.255.0.0 This means the computer will only be able to com-municate with other computers whose addresses were also assigned byAPIPA, or that were manually configured to use 169.254.x.x addresses.Assuming your network uses a different network ID, the APIPA computerwon’t be able to communicate over IP with the rest of your network, andautomatic addressing serves little purpose
Use the ipconfig command to determine whether a computer is using anAPIPA address If the IP address being used by the computer is in the169.254.x.x range, an APIPA-assigned address is being used
WARNING
NOTE
Trang 30You may wish to disable APIPA, especially if your network usesrouters, and/or the computers on your network are all connected directly
to the Internet without going through a proxy server or a NAT gateway
See the following section for instructions
APIPA can also be used during the Windows 2000 setup process toautomatically assign temporary addresses in order to get the servers up andrunning quickly This is an option in the Networking Settings dialog boxwhen you select Typical settings
How to Disable APIPA
To disable automatic address configuration, you have to edit theRegistry
1 Use a Windows 2000 registry editor (Regedt32 or Regedit) toopen the Registry
2 Locate the following Registry key:
it does not exist, the default value of 1 is in effect)
You should always back up the Registry before making any changes
NOTE
WARNING
Trang 31If you have more than one network adapter and you wish to disable APIPA
on all of them, you don’t have to individually edit each adapter’sparameters Instead, you do it in one fell swoop by creating theIPAutoconfigurationEnabled entry and setting it to 0 in the following key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
Tcpip\Parameters
Hardware Address Problems
The ARP command-line utility is your best starting place for troubleshootingproblems related to hardware addresses Use the arp –a command to view thecurrent ARP cache If IP addresses have been reassigned, it is possible that thecache contains the old IP-to-MAC address mapping Although dynamic entriesare cleared from the cache within 10 minutes, this problem would be morelikely to occur if a static entry had been made, since it would then remain inthe cache until the computer was rebooted
If you want to remove a static entry from the arp cache, use the arp –d
<ip_address> command
Duplicate MAC Addresses
In theory, this problem should never occur Each network card manufacturer
is allocated a range of hardware addresses to be assigned to the computers itmanufactures, and there should be no two NICs in the world with the samehardware address However, like IP addresses, MAC addresses have becomeless plentiful, and some manufacturers have started to reuse addresses.Additionally, errors do occur in the manufacturing process, and cards have
shipped accidentally with duplicate addresses This is not a problem if the two
NICs with identical addresses end up on separate networks
Troubleshooting Subnetting Problems
Let’s now delve into the subject of subnet masking We are going to use
the principle of reserving or masking bits as we did with the Net ID
TIP
NOTE
Trang 32portion of the address earlier, but this is going to be a little more cated.
compli-Subnetting a network means dividing it into two or more smaller
net-works (called, appropriately enough, subnets) There are several reasons
why you might want to subnet your network ID When you receive agroup of IP addresses to use on the Internet, you are assigned a network
ID and a subnet mask Of course, most people get their IP addresses fromtheir ISPs, who have already assigned you a subnet mask for the group
Assignment of public IP addresses to internal network clients isn’t as big
an issue for medium to large companies now as it once was, becausemost of them are using proxy servers and NAT But whether you areusing private or public IP addresses, the principles we discuss in this sec-tion will apply; they just are not as stringent when working with private
IP address classes
Why Divide the Network?
A network ID is typically subnetted to allow for multiple physical ments Each physical segment should have its own network ID If youhave 10,000 computers and are given the network ID 12.0.0.0 with asubnet mask of 255.0.0.0, this would work—in theory However, all themachines would be on the same physical network, and it is likely that thebroadcast traffic would be so intense that no communication could takeplace
seg-If you were given a class B network ID of 169.254.0.0 and a subnetmask of 255.255.0.0, you could likewise put all your hosts on the samenetwork ID, but then again, the amount of broadcast traffic that would begenerated makes this a bad idea
Even if you only have 120 clients and are given the class C network ID
of 206.136.88.0 and a subnet mask of 255.255.255.0, you still would end
up with all 120 clients on the same network Because of the nature ofEthernet and Windows networking’s NetBIOS traffic, that is still too manyfor good performance The maximum number of clients on a single seg-ment is optimally less than 50
Networks that use private address classes don’t have as much of a lem, since they are free to use whatever private network IDs they want If youchoose to use the private address class 192.168.0.0 with a subnet mask of255.255.255, you could theoretically create 256 networks with 256 clientseach, which would be the same as a single class B network You just configureyour routing tables to accommodate each network
prob-Those using public IP addresses don’t have this luxury, though, andthey have to learn how to subnet the network IDs they are provided with
by either IANA or their ISP
Trang 33Subnetting Scenario 1
Let’s say we were given a class C Net ID How many Host IDs are able in a class C network? How many bits are used for the Net ID? Aclass C Net ID uses the first three octets, so it uses 24 bits, leaving only 8bits for Host IDs How many Host IDs for each class C Network then? Theanswer is 28=256, and then subtract two for the all 0s and all 1s, whichgives us 254 Host IDs per class C network
avail-We certainly don’t want 256 hosts on a single network for our ness Also, we might want to have some hosts on a network in anotherstate What we could do is “split” up the Net ID in such a manner that wecan have some of our hosts on a different physical network in anotherstate, and some in our local office Breaking up a Net ID into multiple
busi-“subnetworks” is called “subnetting.”
us with 16 bits to use for Host IDs How many Host IDs can we have?
216=65536 and then subtract two for the all 0s and all 1s, which gives us65,534
Now, if the InterNIC gives us a class B Net ID, do we really want all65,000 hosts on the same subnet? The broadcast traffic would be so badthat no useful network activity could take place
So, we definitely have to break up those Net IDs into smaller chunks
so that we can get a reasonable number of hosts on each physical ment, or subnet
seg-Subnets
Remember that IP determines whether a message is for the local or
remote host If the destination is local, IP will have ARP broadcast for thedestination host’s MAC address If it is remote, IP will ARP broadcast forthe default gateway, and then send the message to the default gateway
So, IP is like the post office employee, who first checks the ZIP code to see
if it is local before bothering to check the house number and street
address
Each subnet is like a different ZIP code within the same city If theNet ID represents the city, then each neighborhood has its own ZIP code,
or subnet
Trang 34Subnet Masks
How does IP figure out what your Net ID and Host ID are? Well, IP isn’t assmart as we are, because it doesn’t know about the rules regarding thehigh order bits and their connection to the IP address class Rather, IP
has to use something called a subnet mask to tell it which part of the IP
address is the Net ID and which part is the Host ID
The subnet mask “masks” the Net ID portion of the IP address Itdoes this by covering up with 1s the Net ID and leaving “open” the Host
ID with 0s
The default subnet masks are:
Class A: 255.0.0.0Class B: 255.255.0.0Class C: 255.255.255.0
Or in binary:
Class A: 11111111.00000000.00000000.00000000Class B: 11111111.11111111.00000000.00000000Class C: 11111111.11111111.11111111.00000000How does IP use the subnet mask? All IP really cares about is whetherthe destination IP address is local or remote, so that it will know whether
to broadcast or send the request to the default gateway
ANDing
The process that IP uses to determine whether the destination host is
local or remote is called bitwise ANDing In bitwise ANDing, the rules are:
1 AND 1 = 1
1 AND 0 = 0
0 AND 0 = 0This is how it’s done:
IP Address: 192.168.1.1Subnet Mask: 255.255.255.0
In binary:
IP Address: 11000000.10101000.00000001.00000001Subnet Mask: 11111111.11111111.11111111.00000000ANDed: 11000000.10101000.00000001.00000000This will be the ANDed result of the machine originating a message
Let’s suppose this computer wants to send a message to:
IP Address: 192.168.3.1Subnet Mask: 255.255.255.0
Trang 35In binary:
IP Address: 11000000.10101000.00000011.00000001Subnet Mask: 11111111.11111111.11111111.00000000ANDed: 11000000.10101000.00000011.00000000Now, we compare the ANDed results of the originating and destinationhosts:
Sender: 11000000.10101000.00000001.00000000Destination: 11000000.10101000.00000011.00000000
If the results are the same, IP will use a local subnet ARP broadcastbecause the two computers are on the same subnet If the results are dif-ferent, it will forward the request to the default gateway In the precedingexample, the ANDed results are different IP will forward the message tothe default gateway
Tricking IP
It is by manipulating the subnet mask that we can “trick” IP into ing that there are more digits in the Net ID than the default number ofdigits defined by each class Remember the default number of binary dig-its for the Net ID in each IP address class?
think-Class A: 8Class B: 16Class C: 24
By manipulating the subnet mask, we can allow for more digits to be
used for the Net ID by stealing some digits from the Host ID portion of the
IP address
We can use the subnet mask to break up a Net ID into several works, and in that way trick IP into sending the message to the router sothat it can get to the destination subnet The routers will have the routinginformation to guide the packet to its correct location
subnet-Making the Mask
When we use a subnet mask other than the default subnet mask, it is
often called a custom or variable-length subnet mask.
Subnet Masking for a Class A Network
Let’s look at the example of a class A network The Net ID will be 75.0.0.0and we’ll use the default subnet mask of 255.0.0.0
In binary:
Trang 36NetID: 01001011.00000000.00000000.00000000Mask: 11111111.00000000.00000000.00000000How could we break up this giant network into two separate subnet-works?
Well, in binary, the number 2 is represented as 10 Therefore, it takestwo bits to get the number 2 What we’ll do in order to get those two sub-nets we want is “steal” two bits from the Host ID portion of the IP
(The masked bits are in parentheses.)
1 (01)000000 to (01)111111
2 (10)000000 to (10)111111
3 (11)000000 to (11)111111
4 (00)000000 to (00)111111However, we have to view the Subnet ID in isolation The Subnet IDincludes those bits reserved by the subnet mask to be used for the net-work ID that have been “stolen” from the Host ID The Subnet ID must
comply with the same rules as the Net ID and the Host ID: No all 0s or all
1s So, we have to cross out the last two ranges because their Subnet ID
indicating that we are taking two bits from the Host ID portion in the
sec-ond octet The all 0s or all 1s rule doesn’t apply to the subnet mask,since the 1s in the subnet mask just represent which bits in the IPaddress will represent the Net ID
We have broken up the entire network into two subnetworks, one withthe Subnet ID of 64 and one with the Subnet ID of 128
How many Host IDs can we have on each subnet? How many bits areavailable for Host IDs after we’ve stolen two of them for the Net ID? Before
Trang 37subnetting we had 24, but now we only have 22 after losing two of them
to the subnet mask That would be 222, which is 4,194,304, and thensubtract 2 for the all 0s and all 1s, and that gives us 4,194,302 per sub-net
Hey! What happened? If I use all the Host IDs for both subnets I ated, I’ll have:
cre-4,194,302 x 2 = 8,388,608 Host IDs
If I hadn’t subnetted my network, I would have had:
224= 16,777,216The moral of the story? The more subnets you create, the more HostIDs you’re going to lose
So, for our class A network with a Net ID of 75.0.0.0 and subnet mask
of 255.192.0.0, our two subnet address ranges are:
From: 01001011.(01)000000.00000000.00000001 (75.64.0.1)To: 01001011.(01)111111.11111111.11111110 (75.127.255.254)And the second range:
From: 01001011.(10)000000.00000000.00000001 (75.128.0.1)To: 01001011.(10)111111.11111111.11111110 (75.192.255.254)
Remember that the more subnets you create, the fewer hosts you will beable to have on the networks
By using the custom subnet mask of 255.192 on the class A network,
we see that we stole two bits from the second octet to give to the Net ID,
and that those two digits actually represent something called the subnet
ID What is the significance of 192? 192 in binary is 11000000, which
indicates that two digits will be used for the Net ID that would have erwise been used for the Host ID
oth-What if our subnet mask were 224? oth-What is 224 in binary?
(111)00000
A subnet mask of 224 would indicate that we would be taking threedigits from the Host ID portion and giving them to the Net ID How manysubnets could we create with a subnet mask of 224? What is the number
of possible combinations that we can create from three bits?
NOTE