Rather than manually reconfiguring networksettings at several hundred or more workstations when a network change occurs,you can simply change the settings at the server and either push t
Trang 1This chapter covers configuring and managing a Windows
2000 Server-based Dynamic Host Configuration Protocol(DHCP) server and DHCP clients
Overview of DHCP
The TCP/IP protocol, which is required for Internet connectivityand is rapidly becoming a protocol of choice for many intranets,requires that each node on the network have a unique IPaddress This includes any individual network object such as
a server, workstation, printer, router, and so on You can assign
IP addresses to network nodes either statically or dynamically.
With a statically assigned address, you specify a fixed addressfor a given node, and that address never changes unless youmanually change it Static assignment is the option to use whenthe network node must have the same IP address all the time
Web and FTP servers or devices such as printers that don’t port anything other than static assignments are prime examples
sup-of such situations
You also can assign IP addresses dynamically through theDynamic Host Configuration Protocol DHCP enables networknodes to take IP address assignments from a DHCP serverautomatically at startup Although dynamic assignmentmeans that IP addresses for network nodes can and do typi-cally change each time the node is restarted, that poses aproblem only in those situations in which a computer needsthe same IP address for every session In all other situations,including for most workstations and many servers, dynamicassignment enables you to manage a pool of IP addressesmore effectively to prevent address conflicts DHCP also letsyou allocate a smaller number of IP addresses than the num-ber of computers using them, provided the maximum number
of live nodes at any given time doesn’t exceed the number ofavailable addresses An example of such a situation is whenyou’re using a server to provide dial-up access for multipleusers You might allocate 20 IP addresses to accommodate
50 dial-in users Each user would receive a unique IP addressassignment from the DHCP server at connection time, to amaximum of 20 concurrent connections
13C H A P T E R
In This Chapter
Overview of DHCPInstalling andConfiguring theDHCP ServerDefining andImplementing User and Vendor ClassesCreating and Using SuperscopesCreating
Multicast ScopesConfiguringWindows 2000DHCP Clients
Trang 2Perhaps the most important benefit to DHCP is in the area of administration DHCPmakes it much easier to manage the IP address configuration of clients, since youcan affect all changes from a central server, rather than requiring changes on indi-vidual clients The more computers on the network, the greater the advantageDHCP brings to address management Rather than manually reconfiguring networksettings at several hundred (or more) workstations when a network change occurs,you can simply change the settings at the server and either push the changes trans-parently to the user or allow the changes to take place when the clients restart.
The Windows 2000 DHCP Server
Windows 2000 Server includes a built-in DHCP service that offers excellent tionality for allocating and managing addresses The DHCP Server service is built
func-on industry standards (Request for Comments or RFCs) defined by the InternetEngineering Task Force (IETF) This adherence to standards ensures that the DHCPservice will accommodate not only Windows 2000 clients but other clients as well,including UNIX, Macintosh, and so on
As with other Windows 2000 services, you manage DHCP on a Windows 2000 serverthrough the Microsoft Management Console (MMC) The DHCP service consolesnap-in enables you to create DHCP scopes (a range of addresses and correspond-ing properties), assign global properties, view current assignments, and perform allother DHCP administration tasks
In addition to supporting the IETF standards, the Windows 2000 DHCP serviceextends the functionality of DHCP to include logging, monitoring, and other featuresthat integrate DHCP with the Windows 2000 operating system In addition, severalnew features were added in Windows 2000 to improve DHCP’s usefulness, adminis-tration, and integration with other services such as DNS These features are dis-cussed in the following sections
Support for Dynamic DNS
DHCP provides for dynamic address assignment and therefore can make it difficult
to maintain accurate name-to-address mapping in DNS servers As soon as a nodechanges its address, records in the DNS database become invalid Windows 2000DHCP integrates with DNS by enabling the DHCP server and clients to requestupdates to the DNS database when address or host names change This capabilityenables the DNS database to remain up-to-date even for clients with dynamicallyassigned IP addresses
Dynamic DNS (DDNS) functions through a client-server mechanism Windows 2000DHCP clients support DDNS and can directly request that a Windows 2000 DNSserver update their host resource records (also called A records) when the clients’
IP addresses or host names change Windows 2000 DHCP servers can also submitrequests on behalf of clients, although a DHCP server can request an update to
Trang 3both the clients’ host and pointer (PTR) records Host records are used for to-address mapping, and pointer records are used for reverse lookup.
host-A Windows 2000 DHCP server also can act as a proxy for non-Windows 2000 DHCPclients to perform dynamic DNS updates For example, a Windows 2000 DHCP servercan perform updates for Windows 95/98 and Windows NT clients, which do notnatively support dynamic DNS and are therefore unable to submit requests to eitherthe DHCP server or DNS server to update their resource records Figure 13-1 illus-trates how DHCP and DNS interact
Figure 13-1: DHCP supports automatic updates to DNS when host name or IP address
changes occur
See the section “Configuring Windows 2000 DHCP Clients” later in this chapterfor an explanation of how to configure clients to use DDNS
Vendor and User Classes
Vendor classes enable you to define a set of DHCP settings for a specific equipmentvendor and apply those settings to any node falling into that class User classes enableyou to do much the same thing, defining DHCP settings to apply to a specific group ofnodes Vendor and user classes offer enhanced flexibility in assigning custom settings
to individual nodes or groups of nodes without affecting others on the same network
Cross-Reference
Windows 95/98 ClientWindows 2000 Client
Request to update Aand PTR records
Request to update Aand PTR records
Windows 2000 DHCP Server
Windows 2000 DNS Server
Update A Record
DHCP Server requestsupdates for W2Kand W9x clients
DHCP Server requestsupdates for Windows 2000and Windows 95/98 Clients
No updaterequests
No updaterequests
Trang 4Through a vendor or user class, a node can request a custom set of DHCP settings tosuit its configuration For example, you might assign shorter lease durations to note-book PCs because they leave the network frequently You define a user class calledNotebook and assign to it a shorter lease period The client, which presents the userclass to the server, receives the shorter lease based on that user class.
Multicast Address Allocation
Multicast addresses enable IP traffic to be broadcast to a group of nodes and
is most commonly used in audio or video conferencing A standard IP address
is also known as a unicast address because traffic is broadcast to a single address
A multicast address, however, enables a group of computers to receive the samedata packets with a single broadcast This is different from a situation in which the same traffic is sent using multiple broadcasts to a group of unicast addresses.The use of multicasting enables a group of computers to receive the same datawithout duplicating the packets and thereby reducing packet traffic
Unauthorized DHCP Server Detection
Unauthorized DHCP servers can cause real problems in a network by allocating rect or conflicting configuration information to clients For example, an administrator
incor-or power user might install and start a DHCP server, unaware that one incor-or mincor-ore DHCPservers already exist on the network There was previously nothing to prevent this
“rogue” DHCP server from starting Windows 2000 addresses that potential problem.The Active Directory stores a list of authorized DHCP servers When a Windows
2000 DHCP server in a domain starts, it attempts to determine if it is listed as anauthorized server in the AD If it is unable to connect to the AD or does not finditself listed in the AD as an authorized server, it assumes it is unauthorized and the service does not accept DHCP client requests If the server does find itself
in the AD, it begins processing client requests
Workgroup DHCP servers (standalone servers not belonging to a domain) behavesomewhat differently When a workgroup DHCP server starts, it broadcasts aDHCPINFORM message Any domain-based DHCP servers on the network respondwith DHCPACK and provide the name of the directory domain of which they are apart If the workgroup DHCP server receives any DHCPACK messages from domainDHCP servers, the workgroup server assumes it isn’t authorized and does not ser-vice client requests If a workgroup DHCP server detects no other servers or detectsonly other workgroup DHCP servers, it begins processing client requests Therefore,workgroup DHCP servers will not operate on a network where domain-based DHCPservers are active, but can coexist with other workgroup DHCP servers
Trang 5Automatic Client Configuration
Windows 2000 DHCP clients attempt to locate a DHCP server at startup and renewany unexpired leases (a lease is an IP address and the associated data allocatedfrom a DHCP server) If no DHCP server is found, the client pings the default gate-way defined by the lease If the ping succeeds, the client continues to use the leaseand automatically attempts to renew the lease when half the lease time expires
If the client is unable to locate a DHCP server and pinging the default gateway fails, the client assumes that it is on a network without DHCP services, automati-cally assigns itself an IP address, and continues checking for a DHCP server everyfive minutes The client assigns itself an address in the class B subnet 169.254.0.0(subnet mask 255.255.0.0), but prior to assigning, the address tests to determinethat the address is valid and doesn’t conflict with other nodes
Automatic address assignment is a useful feature, particularly for small peer works in which there is no DHCP server (such as a home network) It enables users
net-to move between networks with relative ease and eliminates the need net-to reconfiguretheir systems For example, a user can move his notebook from the office to homeand have a valid address within the current network without having to reconfigureTCP/IP each time
Improved Monitoring and Reporting
The DHCP service performs its own monitoring and logs events to the System log,which you can view with the Event Viewer console DHCP has also been enhanced
in Windows 2000 to provide additional monitoring and statistical reporting Forexample, you can configure DHCP to generate alerts when the percentage of avail-able addresses in a given scope drops below a certain point
Installing and Configuring the DHCP Server
The process of installing DHCP is relatively simple Configuring a server and putting
it into service is much more complex, however, particularly if you are new to DHCP
The following sections explain how to install the DHCP service and configure globaland scope-specific settings
Installing DHCP
As with other services, you add DHCP through the Add/Remove Programs object in the Control Panel Open Add/Remove Programs and click Add/RemoveWindows Components Open the Networking Services item and select DynamicHost Configuration Protocol, click OK, and then click Next Follow the prompts tocomplete the software installation After the software is installed, you can beginconfiguring and using DHCP without restarting the server
Trang 6Using the DHCP Console
Windows 2000 provides an MMC console to enable you to manage DHCP serversboth locally and on remote computers (Figure 13-2) You can perform all DHCPadministrative functions through the DHCP console To open the DHCP console,choose Start ➪ Programs ➪ Administrative Tools ➪ DHCP
Figure 13-2: The DHCP console
By default, the DHCP console connects to the local DHCP server, showing theserver’s IP address in the left pane You can use the console to manage DHCPservers both locally and remotely To connect to a different server, right-click the DHCP node (the top-most node) in the left pane and choose Add Server Type the name or IP address of the server you want to manage and click OK DHCP adds the server to the list
Like most MMC consoles, DHCP functions as a two-pane console with the tree pane
to the left and the contents pane to the right The following sections explain how toconfigure DHCP using the console
Creating Scopes
A DHCP scope is a set of properties that define a range of IP addresses and related
settings such as DNS servers, default gateway, and other information that the clientneeds to obtain from the DHCP server Before you can begin using DHCP to assignaddresses, you need to create at least one scope Scopes can be active or inactive,
so you also need to make the scope active before the server can allocate addressesfrom the scope to clients This chapter assumes you’re going to fully define thescope before activating it
Trang 7DHCP provides a wizard to take you through the process of creating a scope To create a scope, right-click the server in the tree and choose New Scope Or, selectthe server and choose Action ➪ New Scope The wizard prompts for the followinginformation:
✦ Name: This is the friendly name that appears in the DHCP console for the
scope An example might be “Houston Office scope.”
✦ Description: This optional description appears on the scope’s General property
page (right-click the scope and choose Properties to view) Assign a description
to help you recognize the purpose of the scope For example, you might use theaddress range in the description
✦ Start IP address: Specify the beginning address of the range of IP addresses
you want to assign to the scope using dotted octet format
✦ End IP address: Specify the ending address of the range of IP addresses you
want to assign to the scope using dotted octet format
✦ Length or Subnet mask: You can specify the subnet mask for the address
range using either the address length or subnet mask in dotted octet format
✦ Exclusions, Start address and End address: Use this page to specify one or
more ranges of addresses to be excluded from the scope Addresses in anexcluded range are not used by DHCP or allocated to clients If the addressesyou want to exclude fall outside of the address range defined for the scope, youdon’t have to explicitly define an exclusion For example, assume you create ascope with the included range 192.168.0.100 through 192.168.0.254 You do nothave to create an exclusion for 192.168.0.1 through 192.168.0.99, which areimplicitly excluded However, using this same example, you would need to create
an exclusion if you wanted to prevent the address range 192.168.0.150 through192.168.0.160 from being allocated to clients If, however, you do choose anexclusion range, it must fall within the scope created on the previous page
✦ Lease duration: This property defines the length of time an IP address
assign-ment is valid and is applicable to all clients unless modified by a user or vendorclass assignment (in effect, it is the default lease period) When the lease dura-tion expires, the client must request a renewal of the address, and failing that(because the address might already have been reassigned while the client wasoffline, for example), request a new address lease The default is eight hours
See the section, “Defining and Implementing User and Vendor Classes,” later inthis chapter for additional information
✦ Configure other options: The wizard gives you the option of configuring the
default gateway and DNS server properties to assign to the scope See the tion “Setting General Scope Options” later in this chapter for more information
sec-✦ Activate the scope: Although you can activate the scope immediately after
cre-ating it, you should make sure you’ve fully defined all required scope propertiesprior to activation to ensure that clients receive all necessary DHCP properties
You can activate the scope later after fully defining the scope
Trang 8After you create a scope, it shows up in the DHCP console as a branch under theserver’s node in the tree pane, as shown in Figure 13-2 You’ll see multiple scopebranches if the server hosts more than one scope Each scope branch includes the following objects:
✦ Address Pool: This branch lists the included address pool for the scope along
with any exclusion ranges Each scope has only one inclusion range, but cancontain multiple exclusion ranges
✦ Address Leases: This branch lists current client address leases, including the
IP address, name, and lease expiration
✦ Reservations: This branch lists address reservations, which reserve specific
IP addresses for specific users based on the user’s MAC address (physical network adapter address) See the section “Creating Reservations” later inthis chapter for more information
✦ Scope Options: This branch lists additional properties passed to clients
when they receive address leases from this scope Typical properties includedefault router, DNS name server assignments, time server, and time offset The following section explains how to configure these settings
Setting General Scope Options
You can specify a wide range of scope properties in addition to those discussed sofar These properties are given to clients when they receive a lease from the server.For example, the scope’s properties can assign the default gateway and DNS serversthe client should use, a time server for synchronizing the client’s internal clock withthe network or server, and many other properties In most situations, you’ll only need
to configure the default gateway and DNS servers, although some situations mightwarrant configuring other properties as well
To configure general scope options, open the DHCP console and then open the scopeyou want to modify properties for Right-click Scope Options and choose ConfigureOptions to display the Scope Options property sheet, shown in Figure 13-3
The General tab enables you to configure properties that apply to all clients ing address leases through the scope As Figure 13-3 shows, you select an item byclicking it, and then you specify the value(s) for the item in the lower half of theproperty sheet Enable or disable properties by selecting or deselecting theircheckboxes in the list Set the value for each one and then click OK
receiv-The Advanced tab (Figure 13-4) lets you configure global properties for specific vendor and user classes The default vendor classes are as follows:
✦ DHCP standard options: These are the same options that appear on the
General tab by default and apply to all client connections for which no vendor or user class is specified
Trang 9Figure 13-3: The Scope Options
property sheet
✦ Microsoft options: These options define Microsoft-specific DHCP properties
for Microsoft clients
✦ Microsoft Windows 2000 options: These options define Microsoft Windows
2000-specific properties for Windows 2000 clients
✦ Microsoft Windows 98 options: This selection can be used to define Windows
98-specific options, although by default none are defined
Figure 13-4: The Advanced tab
Trang 10By default, there are three user classes defined:
✦ Default BOOTP Class: These properties apply to clients that receive a lease
via BOOTP BOOTP enables clients to retrieve a valid address along with aboot image that enables the computer to boot BOOTP is typically used as
a mechanism to boot diskless workstations
✦ Default Routing and Remote Access Class: These properties apply to clients
that receive a lease through RRAS connections
✦ Default User Class: These properties apply to all clients not handled by a
different user class
See the section “Defining and Implementing Vendor and User Classes” later in thischapter for detailed information on configuring and using vendor and user classes
to customize lease properties for specific systems and users
dot-Domain name and DNS servers
In addition to assigning one or more gateways, you will probably also want toassign at least one DNS server Select 006 DNS Servers in the list and then add the IP addresses of the DNS servers to the list, just as you would when adding
a router to the router list The order of servers in the list defines the order in which the client will attempt to resolve names to addresses Use the Up and Down buttons to change the order
Domain name
Another property you should consider setting is the domain name This propertydefines the client’s domain and is used to create the user’s fully qualified domainname (FQDN) The client appends its host name to the domain name to create theFQDN You can specify the domain name within the client’s DNS properties, but set-ting it through DHCP instead enables the domain name to be changed dynamicallywhen the client is granted a lease If all the systems on the network use DHCP, this
Note
Trang 11enables you to change your entire organization’s domain without changing anyclient settings — you simply change the domain name property in the DHCP server.
Because of potential unseen pitfalls (clients with statically assigned domain names,for example), this isn’t the recommended way of changing domain names
Other scope properties
You can configure a wide range of other properties that are passed to the DHCPclient when a lease is granted Review the list of properties and configure those that apply to your network and client needs
Configuring Global DHCP Options
Within each scope, you can configure properties such as domain name, gateway,and DNS servers, as explained in the previous section These properties apply to allleases granted through the selected scope You also can configure these properties
to apply globally to all scopes defined on the server These global options are usedunless overridden by a scope-assigned property
To configure global DHCP options, open the DHCP console, right-click the ServerOptions node, and choose Configure Options The DHCP console displays the same property sheet you use to assign properties for a scope Select and configureproperties as needed
Creating Reservations
A reservation assigns a specific IP address to a specific MAC address The MAC
address is a unique hardware-based address that uniquely identifies a networkadapter (NIC) on the network Reservations enable a specific adapter to receive the same IP address assignment from the DHCP server and prevent the addressfrom being leased to any other adapter In effect, leases let you enjoy the flexibilityoffered by DHCP while still enabling you to assign a static IP address Throughreservations, you ensure that the NIC always has the same IP address, but enableother configuration changes to be applied dynamically (such as domain name,router, DNS servers, and so on)
Reservations do not assign the same IP address to a computer per se, because thereservation is associated with the NIC’s MAC address, not the computer name This
is only a real distinction in multi-homed systems (those containing multiple NICs)
Before creating a reservation for an NIC, you need to know the NIC’s MAC address
On Windows NT and Windows 2000 systems, you can use the ipconfigcommand
at a console prompt to view MAC addresses for NICs in the computer Open a sole prompt on the system and issue the command ipconfig /all The commandlists network configuration data for each NIC, including the MAC address
con-Note
Trang 12When you have the MAC address of the client’s NIC, open the DHCP console andthen open the scope where you want to create the reservation Right-click theReservations node and choose New Reservation to open the New Reservation dia-log box (Figure 13-5) Use the following list as a guide to configure the reservation:
✦ Reservation name: This name appears in the DHCP console next to the
reserva-tion IP address (left pane) You can specify the computer’s name, user name, orother information to help you identify the NIC for which the address is reserved
✦ IP address: Specify the IP address within the scope to reserve for the
✦ Supported types: You can designate the type of client (DHCP, BOOTP, or both)
that can use the reservation
Figure 13-5: Reservations assign an IP
address to a specific network adapter
Setting Global Scope Properties
Before you activate a scope and begin using it, there are a handful of properties youshould configure that apply to the scope on a global basis To set these properties,open the DHCP console, right-click the scope, and choose Properties to display theScope Properties sheet The General tab lets you modify the scope-friendly name, IPaddress range, lease period, and description These options are self-explanatory.The DNS tab determines how DHCP integrates with DNS You’ll find an explanation
of how to configure DHCP clients to use DDNS in the section “Configuring Windows