Download - dynamic host configuration protocol
![Page 1: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/1.jpg)
Dynamic Host Configuration
Protocol
BY kinish kumarwww.kinishcybersec.blogspot.inhttps://www.facebook.com/kinishkumar
![Page 2: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/2.jpg)
Objectives
• Outline the benefits of using DHCP• Describe the DHCP lease and renewal process• Install and authorize the DHCP service• Configure DHCP scopes• Create DHCP reservations for client computers• Configure DHCP options• Understand and describe the purpose of a DHCP
relay• Install and configure a DHCP relay
![Page 3: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/3.jpg)
DHCP Overview
• Used to automatically deliver IP addressing • Reduces the amount of time you spend configuring
computers on your network• Used by default unless you specify otherwise• The ipconfig /all command will indicate whether
the configuration came from a DHCP server computer
![Page 4: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/4.jpg)
DHCP Overview (continued)
TCP/IP Properties
![Page 5: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/5.jpg)
DHCP Overview (continued)
The ipconfig /all command
![Page 6: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/6.jpg)
Leasing an IP Address
• An IP address is leased during the boot process• The overall process is composed of four broadcast
packets:– DHCPDISCOVER
– DHCPOFFER
– DHCPREQUEST
– DHCPACK
![Page 7: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/7.jpg)
Leasing an IP Address (continued)
• Any DHCP server that receives the DHCPDISCOVER packet responds with a DHCPOFFER packet
• The DHCP client responds to the DHCPOFFER packet it receives with a DHCPREQUEST packet
• A DHCPACK packet indicates confirmation that the client can use the lease
• Once DHCPACK is received, the client can start using the IP address and options in the lease
![Page 8: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/8.jpg)
Leasing an IP Address (continued)
The four packets in the DHCP lease process
![Page 9: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/9.jpg)
Renewing an IP Address
• The IP address can either be permanent or timed• A permanent address is never reused for another
client• Timed leases expire after a certain amount of time• Windows clients attempt to renew their lease after
50% of the lease time has expired• A DHCP server may either honor or reject a renew
request
![Page 10: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/10.jpg)
Renewing an IP Address (continued)
The DHCP lease renewable process
![Page 11: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/11.jpg)
Installing and Authorizing the DHCP Service
• A DHCP service must be authorized after installation
![Page 12: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/12.jpg)
Installing the DHCP Service
• DHCP is a standard service • It is included in Windows Server 2003• It is not installed as part of a default installation
![Page 13: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/13.jpg)
Installing the DHCP Service (continued)
Installing DHCP
![Page 14: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/14.jpg)
Installing DHCP
• Objective: Install DHCP on Windows Server 2003• Make sure your network connection is statically
configured• Install the service using the Add/Remove Windows
Components utility
![Page 15: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/15.jpg)
Authorizing the DHCP Service
• Unauthorized DHCP servers can hand out bad information
• DHCP will not start unless authorized• If Active Directory is used, authorization takes place
in Active Directory• DHCP servers are automatically authorized under
certain conditions
![Page 16: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/16.jpg)
Authorizing the DHCP Service (continued)
Unauthorized DHCP server error in Event Viewer
The DHCP management snap-in
![Page 17: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/17.jpg)
Authorizing the DHCP Service (continued)
Authorized DHCP server information in Event Viewer
![Page 18: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/18.jpg)
Starting an Authorized DHCP Server
• Objective: View the results of starting a DHCP server that does not participate in an Active Directory domain
• Check to make sure the service is running• Check out any relevant events using the System Log
![Page 19: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/19.jpg)
Installing the Active Directory Service
• Objective: Install the Active Directory service on your computer and participate in an Active Directory domain
• Use the dcpromo utility• Select “domain controller for a new domain”• Select “domain in a new forest”• Continue through the resulting dialogs
![Page 20: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/20.jpg)
Starting an Unauthorized DHCP Server
• Objective: View the results of starting an unauthorized DHCP server
• View the System Log to see the result of starting an unauthorized DHCP server
![Page 21: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/21.jpg)
Authorizing a DHCP Server
• Objective: Authorize a DHCP server in Active Directory
• Go to the DHCP snap-in and choose the activate option
![Page 22: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/22.jpg)
Configuring DHCP Scopes
• Scope defines a range of IP addresses • Each scope is configured with:
– Description– Starting IP address– Ending IP address– Subnet mask– Exclusions– Lease duration
• Two strategies exist for defining the starting and ending IP addresses– Allow all and exempt the few static addresses– Use only the addresses not already in use
![Page 23: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/23.jpg)
Configuring DHCP Scopes (continued)
Scope Settings
![Page 24: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/24.jpg)
Configuring DHCP Scopes (continued)
• Exclusions are used to prevent some IP addresses from being handed out dynamically
• Lease duration defines how long client computers are allowed to use an IP address
• Default lease duration is eight days• A scope must be activated before the DHCP service
can begin using it
![Page 25: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/25.jpg)
Creating a Scope
• Objective: Create a scope to distribute IP addresses to client computers
• Manually enter the IP configuration settings as directed by the text
• Create a new scope using the configuration settings provided
![Page 26: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/26.jpg)
Activating and Testing a Scope
• Objective: Activate a DHCP scope, and then test it with a partner
• One person will activate the scope created in the previous activity
• Another person will try to obtain an automatic IP address from the server
![Page 27: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/27.jpg)
Superscopes
• Used to combine multiple scopes into a single logical scope
• Allows multiple scopes to be treated as a single scope
• If a superscope is used, then the DHCP server offers only one lease as opposed to multiple leases
![Page 28: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/28.jpg)
Superscopes (continued)
A superscope containing two scopes
![Page 29: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/29.jpg)
Configuring a Superscope
• Objective: Combine two scopes into a single logical unit using a superscope
• First, create a second scope in addition to the scope already created in a previous activity
• Create a superscope to encompass the two scopes• Use the DHCP snap-in for this activity
![Page 30: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/30.jpg)
Deleting a Superscope
• Objective: Delete a superscope, leaving each scope independent
• Make sure you delete the superscope without deleting the subscopes
![Page 31: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/31.jpg)
Multicast Scopes
• Used to deliver multicast addresses to applications that require it
• Multicast addresses are used to deliver packets to groups of computers
• Start and end IP addresses define the range of addresses that can be handed out by DHCP servers
• TTL defines the number of routers through which a multicast packet can move
![Page 32: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/32.jpg)
Multicast Scopes (continued)
• Exclusions define addresses that should not be handed out
• Lease duration defines the length of time that an application can use a multicast address
• Default lease length is 30 days
![Page 33: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/33.jpg)
Creating a Multicast Scope
• Objective: Create a multicast scope to deliver multicast addresses to applications
• Setting up a multicast scope is very similar to setting up any other scope
• Set the scope configuration to that specified in the text
![Page 34: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/34.jpg)
Deleting a Multicast Scope
• Objective: Delete a multicast scope• Right click on the scope and issue the delete
command
![Page 35: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/35.jpg)
Creating DHCP Reservations
• Reservations are used to hand out a specific IP address to a particular client
• Useful when delivering IP addresses to devices that would normally use static addresses
• Can also be beneficial when firewalls are in place• Reservations are created based on MAC addresses
![Page 36: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/36.jpg)
Creating DHCP Reservations (continued)
Creating Reservation
![Page 37: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/37.jpg)
Creating and Testing a Reservation
• Objective: Create a DHCP reservation, and test it with a client
• Configure the server to reserve an IP address for a client machine
• Test to see if the client machine picks up the reserved address
![Page 38: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/38.jpg)
Configuring DHCP Options
• DHCP can hand out a variety of other IP configuration options
• It is common that all workstations within an entire organization use the same DNS servers
• DNS is often configured at the server level
![Page 39: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/39.jpg)
Configuring DHCP Options (continued)
Server setting options
![Page 40: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/40.jpg)
Configuring DHCP Options (continued)
Settings Scope Options
![Page 41: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/41.jpg)
Setting Server Options
• Objective: Set the DNS server option for a DHCP server
• Check 006 DNS servers option• Add the IP address x.0.0.250
![Page 42: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/42.jpg)
Setting Scope Options
• Objective: Set the default gateway in the scope options
• Use the DHCP snap-in to complete this activity
![Page 43: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/43.jpg)
Testing Server & Scope Options
• Objective: Activate a DHCP scope, and then test it with a partner to ensure that scope options are handed out
• Activate a DHCP scope• Configure a client to access the server• Check the default gateway and DNS settings to find
out whether or not the configurations entered in previous activities were done correctly
![Page 44: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/44.jpg)
Vendor and User Classes
• Used to differentiate between clients within a scope • Vendor classes are based on the operating system• User classes are defined based on network
connectivity or the administrator• You can use the ipconfig /setclassid command to set
the DHCP user class ID
![Page 45: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/45.jpg)
Vendor and User Classes (continued)
Vendor Classes
Setting a class ID
![Page 46: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/46.jpg)
Vendor and User Classes (continued)
User classes
![Page 47: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/47.jpg)
Configuring a DHCP Relay
• DHCP packets cannot travel across a router• A relay agent is necessary in order to have a
single DHCP server handle all leases• Relay agents receive broadcast DHCP packets
and forward them as unicast packets to a DHCP server
• The DHCP relay cannot be installed on the same server as the DHCP service
![Page 48: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/48.jpg)
Configuring a DHCP Relay (continued)
Using DHCP relay agents on a routed network
![Page 49: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/49.jpg)
Configuring a DHCP Relay (continued)
The Routing and Remote Access tool
![Page 50: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/50.jpg)
Configuring a DHCP Relay
• Objective: Uninstall the DHCP service from your computer and configure it as a DHCP relay
• Uninstall the DHCP service• Configure the computer as a relay by using the
Routing and Remote Access tool provided in Windows
![Page 51: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/51.jpg)
Summary
• DHCP dynamically assigns IP address information to clients on a network
• The DHCP lease process is composed of four packets: – DHCPDISCOVER– DHCPOFFER– DHCPREQUEST– DHCPACK
• A DHCP client attempts to renew its lease at 50%, 87.5%, and 100% of the lease time
• The commands ipconfig /release and ipconfig /renew can be used to release and renew DHCP leases
![Page 52: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/52.jpg)
Summary (continued)
• If the Active Directory service is present on your network, each DHCP server must be authorized in Active Directory to lease addresses to clients
• A scope defines a range of IP addresses that are leased to clients
• A superscope combines two scopes into a single logical unit to service network segments with two subnets
![Page 53: dynamic host configuration protocol](https://reader036.vdocuments.us/reader036/viewer/2022081413/5495e992b47959566f8b456a/html5/thumbnails/53.jpg)
Summary (continued)
• An exclusion in a scope can stop a DHCP server from handing out specific addresses
• A reservation allows you to give a specific workstation a defined IP address by tying the DHCP lease to the MAC address of the client
• Vendor and user classes can be used to configure some client computers with different options, depending on the class to which they belong
• A DHCP relay agent is required on each network that requires IP configuration from a DHCP server across a router