Dynamic Host Configuration Protocol (DHCP) is a standard used on IP networks for distributing “dynamically” network configuration parameters, such as IP addresses. In other words, DHCP allows computers to join an IP-based network without a pre-configured IP address, a DHCP server will assign unique IP addresses to the computers (DHCP clients), then releases and renews these addresses as computers leave and re-join the network.

The DHCP process works as follow:

  1. When your computer (DHCP client) in turned on to connect to the Internet, it will send a DHCP Discover message to requests an IP address.
  2. The DHCP server will answer this request with DHCP Offer message, allocating (leases) an IP address to your computer.
  3. Your computer will take the first IP address offer that comes along. Then it will respond with a DHCP Request message, to let the DHCP server know that the offered IP address was accepted.
  4. The DHCP server then updates the appropriate network servers with the IP address and other configuration information for your computer, and send a DHCP Acknowledgment message to the client.
  5. Your computer accepts the IP address.

Installing DHCP server

To install the DHCP server, open Server Manager, then on the Manage menu, click Add Roles and Features. Follow the instructions previously mentioned, then on Select server roles page, select DHCP server and continue with the installation.


DHCP Authorization in AD DS

If you deploying AD DS, you must authorize the DHCP server. In a domain joined environment, if the DHCP server is not authorized, it will not lease IP addresses to any DHCP clients. Only after the DHCP server is authorized, it will start serving the DHCP client requests.

Before the DHCP server can be authorized, all computers operating as DHCP servers must be either domain controllers or domain member servers. Authorization of DHCP server can only be performed by a domain user that has permissions to create objects in the Net services container in Active Directory.

To authorize a DHCP server in AD DS

  1. On server manager, click on Tools and then select DHCP. DHCP windows opens.
  2. Select DHCP in the console tree
  3. On the Action menu, click Manage authorized servers. The Manage Authorized Servers dialog box appears.
  4. Click Authorize.
  5. Then type the name or IP address of the DHCP server to be authorized, and click OK.

DHCP Scope

A scope is a range of valid IP addresses which are then assigned to client computers on a particular subnet that uses DHCP. The administrator first creates a scope for each subnet, then uses the scope to define the parameters used by clients.

You can create a scope after installing DHCP server on your computer:

  1. On server manager, click on Tools and then select DHCP. DHCP windows opens.
  2. On the console tree, select the DHCP server and right click on IPv4 or IPv6 and select New Scope. The New Scope Wizard will open (click Next).
  3. On the Scope Name page, write the name and an optional description of your scope and click Next.
  4. On the IP Address Range page, write the range of IP addresses and a subnet mask to be distributed by the server. Click Next.
  5. On the Add Exclusions and Delay page, you can add IP addresses (within the range previously assigned of IP addresses) that you do not want to be distributed by the server. Click Next.
  6. On Lease Duration page, select the duration for scope leases when distributed by the server. Click Next.
  7. On Configure DHCP Options page, select Yes, … or No, … and click Next.
  8. If you selected Yes, you will see the Router (Default Gateway) page, write the IP address or addresses of the router. Click Next.
  9. On the Domain Name and DNS Servers page, you can specify the parent domain and write the IP address/es of the DNS server/s. Click Next.
  10. On the WINS Servers page, enter the IP address of any WINS server if any. Click Next.
  11. On the Activate Scope page, select whether you want to activate the scope now or later. Click Next.
  12. Click Finish.

DHCP Split Scope

A quick way to provide redundancy and load balancing for DHCP is Split Scope.

Split scope mechanism relies on configuring identical scopes on two independent DHCP servers. Usually, 70%-80% of the addresses in the scope are assigned to a primary DHCP server, the remaining 30%-20% are assigned to a secondary DHCP server. The secondary server is often configured to respond to clients with a delayed response so that clients will use IP addresses from the primary server whenever it is available. If clients cannot reach the primary server then they will get an IP configuration from the secondary server.

Note that split scope does not provide IP address continuity for clients if the primary server and fails. This is because the IP address given obtained from the primary DHCP server would be in the exclusion range of the secondary server. Another problem is that split scope is not effective in scenarios where the utilization rates above 70%-80%, which is very common with Internet Protocol version 4 (IPv4).

DHCP Reservations

If your DHCP client requires a constant IP address, you can assign a reservation on the DHCP server. With DHCP reservations, you can reserve an IP address for permanent use by a DHCP client.

Note that if multiple DHCP servers are configured with the same scope, the client reservation must be made and duplicated at each of these DHCP servers. Otherwise, the reserved client computer can receive a different IP address, depending on the responding DHCP server.

To add a client reservation:

  1. On server manager, click on Tools and then select DHCP. DHCP windows opens.
  2. On the console tree, click Reservations.
  3. On the Action menu (or right click on Reservations), select New Reservation. The New Reservation windows will open.
  4. In New Reservation, type the information required to complete the client reservation (Reservation name, IP address to be assigned to the client, MAC address of the client computer), click Add.

DHCP Options

Server options are additional configurations parameters that can be assigned to DHCP clients. Server Options, provide various information to clients in the scopes to be created.

DHCP administrator can manage options at 5 levels within the DHCP server configuration:

  1. Predefined Level
    Use these to specify the way in which options are used, and to create new options types.
  2. Server Level
    Use these to configure options that are assigned to all scope created on the DHCP server. They are like global options assigned to all clients.
  3. Scope Level
    Use these to configure options that are assigned to all clients using a particular scope.
  4. Class Level
    Use these to configure options that are assigned to all clients of a particular class.
  5. Reservation Level
    Use these to set options for individual clients using reservations.

The most common DHCP options include the default gateway IP address (003), the DNS server IP address (006), and the domain name (015).

Settings in Server Options apply to all scopes by default. However, other settings can be applied at the scope level and would then take precedence over the settings inherited from Server Options.

To configure DHCP Options:

  1. On server manager, click on Tools and then select DHCP. DHCP windows opens.
  2. On the console tree, click Server Options.
  3. On the Action menu (or right click on Server Options), select Configure Options…. The Server Options windows will open.
  4. On Server Options, Select the option you want to configure, and type the information required (IP address, etc.).

DHCP Relay Agent

A DHCP Relay Agent enables DHCP clients to obtain DHCP addresses from a DHCP Server in a remote Subnet.

For DHCP to operate, all of client computers should be able to contact the DHCP server. DHCP relies on the network topology, and is in turn relied on by all TCP/IP based hosts within your networking environment. Therefore, if your network has multiple segments, you have to perform either of the following:

  • Place a DHCP server on each segment.
  • Place a DHCP Relay Agent on each segment.

DHCP Relay agent is configured in the Routing and Remote Access Server (RRAS) found under the Remote Access Role:

  1. In Server Manager, click Manage and click Add Roles and Features.
  2. On the Before you begin page, click Next.
  3. On the Select installation type page, click Role/Feature Based Install and then click Next.
  4. On the Select destination server page, click Select a server from the server pool, click the names of the server where you want to install RRAS and then click Next.
  5. On the Select server roles page, click Remote Access. Then click Next three times.
  6. On the Select role services page, click Routing (Direct Access and VPN (RAS) will be selected automatically), and then click Next.
  7. On the Confirm installation selections page, review your role, feature, and server selections. If you are ready to install, click Install.
  8. On the Results page, verify Installation succeeded.

To start Routing and Remote Access Server (RRAS):

  1. Open Computer Management
  2. Under Services and Applications, right click to Routing and Remote Access and select Configure and Enable Routing and Remote Access. The Routing and Remote Access Server Setup Wizard will open.
  3. On the Configuration page. Select the Custom configuration radio button. Then click Next.
  4. On the Custom Configuration page, select the LAN routing check box. Click Next.
  5. Click Finish and Start service.
  6. On Computer Management, select IPv4 (or IPv6) under Routing and Remote Access.
  7. Under IPv4 (or IPv6), Right click on General, and select New Routing Protocol.
  8. On the New Routing Protocol windows, select DHCP Relay Agent and click OK.
  9. A new DHCP Relay Agent node is added under IPv4 (or IPv6). Right click the node and select New Interface. Choose the interface for the Relay Agent and click OK.
  10. Right click to the DHCP Relay Agent node and select Properties. Configure the IP of the DHCP server/s the agent will send the request, click OK.

DHCP Filter

MAC address filtering also called link-layer filtering was introduced in Windows Server 2008 R2, it enables you to include (Allow) or exclude (Deny) computers and devices based on their MAC address. You can create a list of computers that are allowed to obtain DHCP addresses from the server by adding the client MAC address to the list of allowed client computers.

To enable MAC address filtering:

  1. Open the DHCP Console.
  2. On the console tree, right click the IPv4 node, and then click Properties.
  3. Click on the Filters tab. There you will see the current filter configuration. Then select the Enable Allow List or Enable Deny List check box.

You should be careful, by enabling the allow list, you automatically deny access to the DHCP server addresses to any client computer not on the list. Therefore you have to add MAC addresses to the list. On the other hand, when you enable the deny list, all client computers will receive DHCP settings from the DHCP server except those clients which MAC addresses has been added to the Deny list.

After enabling the MAC filters you can configure the filters to allow or deny the DHCP client computers from receiving the DHCP services from the server as follow:

  1. Open the DHCP console.
  2. On the console tree, expand the IPv4 node, then expand the Filters node.
  3. Right click on Deny and select the New Filter option.
  4. On the New Filter windows type the MAC address you want to prevent from receiving DHCP settings. Optionally you can add a brief description. Click Add, and close the windows.
  5. You just added the first MAC address to the deny list.

For more information regarding DHCP refer to Windows Server 2012 Inside Out


One thought on “DHCP

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s