|
|
Dynamic Host Configuration Protocol (DHCP) is an industry-standard protocol for automatic assignment of IP addresses and configuration information to computers. DHCP uses a client/server model for address allocation. As administrator, you can configure one or more DHCP servers to provide IP address assignment and other TCP/IP-oriented configuration information to your computers. DHCP frees you from having to assign an IP address to each client manually.
DHCP is specified by Internet Engineering Task Force (IETF) Requests for Comments RFC 1542, RFC 2131, and RFC 2132.
This chapter describes the following topics:
The Network Registrar DHCP server provides you with a reliable method for automatically assigning IP addresses to hosts on your network. You can define DHCP client configurations, and use the Network Registrar database to manage assignment of client IP addresses and other optional TCP/IP and system configuration parameters. The TCP/IP parameters that can be assigned include:
The Network Registrar database is automatically created when you install the DHCP server software. You add data to the Network Registrar database through the graphical user interface (GUI), ntwkreg, or the command line interface (CLI), nrcmd, as you define DHCP scopes and policies.
To create a scope, supply the following information:
Every scope must have a policy. Policies are the way you define lease duration and other configuration parameters, called DHCP options. You can define specific policies for specific scopes or you can use the system default policy. For more information about the system default policy, see the "DHCP Policies" appendix.
Policies are especially useful if you have multiple scopes, because you need only define a policy once and then you can use it for all the similar scopes in your network.
There are two types of policies: the system default policy and user-defined policies.
Network Registrar checks the policies when a client requests an option. It begins with the user-defined policy associated with the scope, and if it has not found the answer it checks the system default policy. For more information about how Network Registrar determines options at run-time, see the "Creating a New Policy" section later in this chapter.
Configure DHCP options to supply configuration parameters automatically, such as the name of your domain, the name and IP address of your domain name server, the IP addresses for routers on the client's subnet, and other attributes to DHCP server clients. For more information about DHCP options, see the "DHCP Options" appendix.
Use the Network Registrar client or client-class facility to provide differentiated services to users accessing a common network. You can group your user community based on administrative criteria to ensure that each group of users receives the appropriate class of service when they access the network.
Although the Network Registrar client-class facility can be used to control any configuration parameter, it is most commonly used to control the following:
In order to understand how to apply client-class processing, it is helpful to know how the DHCP server handles client requests.
When a client requests an IP address from its DHCP server, the server performs three tasks:
To choose an address for the client, the DHCP server determines the client's subnet (based on the request packet contents), and finds an appropriate scope for that subnet.
If you have multiple scopes on one subnet, or multiple scopes on several IP subnets (multinetting), the DHCP server may choose among these scopes in a round-robin fashion. After the server has selected a scope, it then chooses an available IP address from that scope.
DHCP provides a framework for passing configuration information to hosts on a TCP/IP network. These configuration parameters are called DHCP options.
After the DHCP server has selected an IP address for the requesting host, it needs to supply the appropriate options. Network Registrar uses policies to group options. There are two types of policies: scope-specific and system default.
For each DHCP option the client requests, the DHCP server searches for the value of that option. If the scope-specific policy contains the option, it returns the value to the host and stops searching. If the scope-specific policy does not contain the option, the DHCP server looks in the system default policy. If the system default policy contains a value for that option, it returns the value and stops searching. If neither policy contains the option, the DHCP server returns no value to the client and logs an error. The DHCP server repeats this process for each of the requested options.
For example, if a host requests options A, B, and C, and the scope-specific policy contains a value for option A and the system default contains a value for option A and B, the host gets the value for option A from the scope policy, the value for option B from the system policy, and an error because there is no value for option C.
If you have enabled dynamic DNS update, Network Registrar enters the client's name and address in the DNS host table. The client's name can be one of the following:
You can accept the default client name, or configure another. For more information about using a prefix, see the "Configuring for the Scope" section later in this chapter.
With normal DHCP processing, you cannot ensure that requesting hosts receive the appropriate class of service. You only can provide them with a suitable IP address based on their subnet. The Network Registrar client-class facility allows you to fine-tune host access.
Use the client-class facility to control the IP address a client receives, the type of DHCP options, the policy, or the FQDN. You can configure any of these features independently or in conjunction with each other.
To use the client-class facility for IP address selection, first create scope selection tags. These are text strings that you use to distinguish types of service. For example, if you wanted to divide your user community into users who could access the Internet (who receive valid IP addresses) and users who are restricted to the in-house network (who receive private IP addresses, such as net10 addresses), you could create the scope selection tags internal and external. For more information about defining scope selection tags, see the "Defining Scope Selection Tags" section later in this chapter.
After you create scope selection tags, associate them with the corresponding scopes. To continue the above example, you would associate the internal scope selection tag with scopes that contained private addresses, and the external scope selection tag with scopes that contained valid IP addresses. For more information about how to add selection tags to scopes, see the "Choosing Scope Selection Tags" section later in this chapter.
You then could assign all your clients to either include or exclude the appropriate selection tags or you could create two classes of users to group your user community into categories. For example, you could create a client-class called internal-users and include the scope selection tag internal and exclude the tag external, and the client-class external-users and include the scope selection tag external and exclude the tag internal. For more information about how to apply the scope selection, see the "Editing Scope Selection Criteria" section later in this chapter.
If you are using client-classes, the next step is to assign clients to these classes. For example, you would enter the names (MAC addresses) of all the users who were restricted to the internal network into the client-class internal-users, and all the users who could access the Internet into the client-class external-users. For more information about how to add clients, see the "Adding a Client" section later in this chapter.
When you have enabled the client-class facility for the Network Registrar DHCP server, the request processing performs the same three tasks of assigning IP addresses, options, and domain names, but with differences.
To choose an address for the client, the DHCP server determines the client's subnet just as in regular DHCP processing. The DHCP server then checks to see if there is a client entry for the user in its database:
The scopes must have addresses on the client's subnet, and can include secondary subnets. The scopes must have all the selection tags in the inclusion list, and have none of the selection tags in the exclusion list. The DHCP server assigns an available IP address from an appropriate scope, and uses a round-robin approach if there are several appropriate scopes.
In regular DHCP processing there were two policies to check, with client-class there may be as many as four:
The DHCP server checks each of these policies and uses the first value it finds. If the DHCP server cannot find the value for the requested option in any of these policies, it returns an error.
The DHCP server repeats this process for each client-requested option.
If you have enabled dynamic DNS updates, Network Registrar updates the DNS server with the client's host name and IP address. When using the client or client-class facility, specify one of the following options:
For more information about the different types of host names that you can specify, see the "Adding a Client-Class" section later in this chapter.
The DHCP Server Properties dialog box (Figure 3-1) allows you to configure server properties, which include policies and dynamic DNS updates.
The General tab (Figure 3-1) in the DHCP Server Properties dialog box specifies general information about the DHCP server.
In order to configure the DHCP server, allow the Network Registrar DHCP to supply the information or you can supply it explicitly:
If you click Discover interfaces, the DHCP server finds all the interface cards on the host and processes DHCP requests that it receives from any of them. It will, however, only offer addresses to requests from subnets in which you have defined a valid scope with available addresses.
Click Use interface only if you want Network Registrar to use one interface address in a multihomed system.
The DHCP Server Properties dialog box (Figure 3-1) displays the cluster name, which is the name of the cluster to which this server belongs. You can change the internal name of the DHCP server by deleting the current name and typing in a new name. The version number is the software release number of the Network Registrar DHCP server software.
DHCP policies are a way of grouping attributes. Use the Policies tab in the DHCP Server Properties dialog box (Figure 3-2) to create a policy at the DHCP-server level and then allow a specific scope or scopes to reference it. In other words, you can have a separate policy for each scope or several scopes can share the same policy.
A policy consists of the following components:
To define appropriate values for lease times, you should consider the required network configuration information as well as the frequency of the following events for your network:
All of these events can cause IP addresses to be released by the client or can cause the leases to expire at the DHCP server. Consequently, the IP addresses are returned to the free-address pool to be reused.
If many changes occur on your network, you should assign a short lease time, such as four days (but you do not want to have the lease expire over a weekend which causes the DNS name to disappear and might cause performance problems). With a short lease time, the address assigned to a client that leaves the subnet can be reassigned quickly to new DHCP client computers requesting TCP/IP configuration information.
Another important factor is the ratio between connected computers and available IP addresses. For example, the demand for reusing addresses is low in a network where 40 systems share a C class address (with 254 available addresses). A long lease time, such as two months, would be appropriate in such a situation. If 240 to 260 computers can be connected at one time, the demand for leases will be high. In this situation you should try to configure more addresses. Until you do, keep the DHCP lease time to under a hour.
Although you can create policies that have permanent leases, you should use them carefully. Even in a relatively stable environment, there is a certain amount of turnover among clients. At a minimum, portable computers might be added and removed; desktop computers might be moved from one office to another; and network adapter cards might be replaced. If a client with a permanent lease is removed from the network, the IP address cannot be reused until the server is reconfigured. A better option would be to create a lease with a long duration, such as six months. A long lease duration ensures that addresses are ultimately recovered without administrator intervention.
Network Registrar has a system default policy that applies to all scopes. You get the default policy when you create a scope, unless you select or create your own policy. You can override the default policy's parameters in your own policy, that is, the more specific (scope) policy takes precedence when it contains information that is also in the more general (system default) policy. For more information about the system and scope default policies, see the "DHCP Policies" appendix.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server for which you want to create a policy.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DHCP Server Properties dialog box, click the Policies tab (Figure 3-2).
Step 4 Click New.
Step 5 In the New Policy dialog box, enter the policy's name.
Step 6 Do one of the following:
Step 7 Click OK.
Step 8 In the Policies tab (Figure 3-2), configure the lease duration and grace period and select any options.
Step 9 Click OK.
Step 10 Click Close.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server whose policy you want to delete.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DHCP Server Properties dialog box, click the Policies tab (Figure 3-2).
Step 4 Select the name of the policy you want to delete.
You should only delete a policy that is no longer in use.
Step 5 Click Delete.
Step 6 Click OK.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server whose policy you want to edit.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DHCP Server Properties dialog box, click the Policies tab (Figure 3-2).
Step 4 Select the name of the policy you want to edit.
Step 5 Change the lease time, grace period, and click Edit options.
Step 6 In the Edit options dialog box, either add new options or edit existing options.
Step 7 If necessary, enter the option value.
Step 8 Continue adding or editing options.
Clicking another option submits the value of the current option.
Step 9 When you have made all the changes, click OK to save the changes.
Step 10 Click OK.
Step 11 Click Close.
Network Registrar DHCP options are grouped into categories to aid you in identifying options that you must set in various usage contexts. The categories are:
For more information about DHCP options, see the "Option Tables" section in the "DHCP Options" appendix.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server to whose policy you want to add options.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DHCP Server Properties dialog box, click the Policies tab (Figure 3-2).
Step 4 Select the policy you want to edit.
Step 5 Click Edit options.
Step 6 From the Available column, expand the category that contains the options you want to add.
Step 7 Select the option you want to add.
Step 8 Click Add.
When you add an option to the Active column, Network Registrar displays that option in bold in the Available column to indicate that is in use.
Step 9 Enter the appropriate value in the Option value(s) field.
Step 10 Repeat this procedure to continue adding options.
Step 11 Click OK.
Step 12 Click Yes to commit the changes to options for this policy to the database.
Step 13 Click Close.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server whose policy contains the options you want to edit.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DHCP Server Properties dialog box, click the Policies tab (Figure 3-2).
Step 4 Select the policy you want to edit.
Step 5 Click Edit options.
Step 6 From the Active column, select the option you want to edit.
Step 7 Click Edit.
Step 8 Enter the new value in the Option value(s) field.
Step 9 Repeat this procedure to continue editing options.
Step 10 Click OK.
Step 11 Click Yes to commit the changes to options for this policy to the database.
Step 12 Click Close.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server whose policy contains the options you want to remove.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DHCP Server Properties dialog box, click the Policies tab (Figure 3-2).
Step 4 Select the policy you want to remove.
Step 5 Click Edit options.
Step 6 From the Active column, select the option you want to remove from the policy.
Step 7 Click Remove.
Step 8 Repeat this procedure to continue editing options.
Step 9 Click OK.
Step 10 Click Yes to commit the changes to options for this policy to the database.
Step 11 Click Close.
If you plan to use dynamic DNS update, you must configure both the DHCP and DNS servers. For more information about dynamic DNS update, see the "Configuring Dynamic DNS Update" section later in this chapter. The Advanced DNS tab (Figure 3-3) contains information that rarely needs to be modified from the system defaults.
You do not need to change the following parameters; they are described here for your reference:
The Scope Selection Tags tab (Figure 3-4) allows you to enable or disable client-class processing for the DHCP server, display the list of defined scope selection tags, and create new tags.
You use client-classes by doing the following tasks:
To use client-class, you must enable it for the DHCP server (Figure 3-4). Enabling client-class processing causes the DHCP server to assign the client to an IP address from a matching scope. For every DHCP packet the server receives, it examines the client and the client-class information, and determines if this client has any stored information. If it does, the server acts on the information. If not, the processing continues just as if it were not enabled.
If you do not enable client-class processing, the Network Registrar DHCP server provides client leases based solely on their location in the network.
Type the name of the selection tag and click Add (Figure 3-4).
When you add new selection tags, Network Registrar displays them in the list of selection tags field.
You can only add selection tags, you cannot delete them from the GUI. If you change your mind before you click OK, click Cancel to rename any selection tag you have just typed. After you click OK, the newly added selection tags become confirmed.
To debug selection tags you can use the nrcmd dhcp log-settings properties, particularly client-criteria-processing and unknown-criteria. For more information, see the Network Registrar CLI Reference Guide.
The Client-Classes tab (Figure 3-5) displays the client-class name, the domain name, the policy name, the scope selection tags to include (Includes), and the scope selection tags to exclude (Excludes) for each of the client-classes that you have defined.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server for which you want to create a client-class.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DHCP Server Properties dialog box, click the Client-Classes tab (Figure 3-5).
Step 4 In the Client-Classes tab, click Add.
Step 5 In the Add Client-Class dialog box, enter or select the following:
Step 6 Click OK to finish or Apply to continue adding client-classes.
Step 1 From the Add Client-Class dialog box, click Edit Criteria.
Step 2 From the Edit Scope Selection Criteria dialog box, select the check boxes for the scope selection tags that you want included and excluded in this client-class.
Step 3 Click OK.
Network Registrar handles inclusion and exclusion for the applicable subnet in the following manner:
For example, assume three scopes, A, B, and C, with the following attributes A/red, B/blue, C/blue,green. If a client-class specified inclusion of red, then the client would get an address from scope A. If a client-class specified inclusion of blue, then the client would get an address from either scope B or C. If a client-class specified inclusion of blue and exclusion of green, then the client would get an address from scope B.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server from which you want to remove a client-class.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DHCP Server Properties dialog box, click the Client-Classes tab (Figure 3-5).
Step 4 In the Client-Classes tab, select the client-class you want to remove.
Step 5 Click Remove.
To debug client problems, you can use the nrcmd dhcp command log-settings properties, particularly client-detail. For more information, see the Network Registrar CLI Reference Guide.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server on which you want to edit a client-class.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DHCP Server Properties dialog box, click the Client-Classes tab (Figure 3-5).
Step 4 In the Client-Classes tab, select the client-class you want to edit.
Step 5 Click Edit.
Step 6 In the Edit Client-Class dialog box, click the field you want to edit.
Step 7 Type or select the new field information.
Step 8 Click OK.
The Clients tab (Figure 3-6) displays the MAC address, the client-class, the host name, the domain name, the policy, and the action properties for all the clients in the cluster.
A client inherits the properties from its client-class, which you may choose to override or supplement by specifying different ones for the client.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server for which you want to create a class.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DHCP Server Properties dialog box, click the Clients tab (Figure 3-6).
Step 4 In the Clients tab, click Add.
Step 5 In the Add Client dialog box, enter or select the following:
Step 6 Click OK to finish or Apply to continue adding clients.
Step 1 From the Add Client dialog box, click Edit Criteria.
Step 2 From the Edit Scope Selection Criteria dialog box, select the check boxes for the scope selection tags that you want included and excluded for this client.
Step 3 Click OK.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server on which you want to edit a client.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DHCP Server Properties dialog box, click the Clients tab (Figure 3-6).
Step 4 In the Clients tab, select the client you want to edit.
Step 5 Click Edit.
Step 6 In the Edit Clients dialog box, click the field you want to edit.
Step 7 Type or select the new field information.
Step 8 Click OK.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server from which you want to remove a client.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DHCP Server Properties dialog box, click the Clients tab (Figure 3-6).
Step 4 In the Clients tab, select the client you want to remove.
Step 5 Click Remove.
If you move a DHCP client machine from one subnet to another, you need either to reboot the machine when it arrives on the new subnet, or explicitly release and reacquire a lease using winipcfg.exe (for Windows 95), or ipconfig /release and ipconfig /renew (for Windows NT). You must do this because until the lease expires on the machine that was moved, it will be using an IP address that is incorrect for the network on which it is placed. You are most likely to see this situation when you move laptop computers.
The Advanced tab contains the fields as shown in Figure 3-7.
You can set the following parameters:
In addition to assigning values to pre-defined DHCP options, you can create your own options. These options are called custom options.
You can add, edit, or delete a custom option. After you have defined a custom option, Network Registrar displays it in the Policies tab, Edit Options window under the Custom category. To add a custom option to a specific policy, and to assign or edit its value in that policy, follow the same procedure as for other DHCP options. For more information about adding DHCP options to policies, see the "Adding Options" section earlier in this chapter.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server for which you want to create a custom option.
Step 2 Click the Show Properties toolbar button.
Step 3 From the Advanced tab, click Custom Options.
Step 4 Click Add.
Step 5 In the Add Custom Option dialog box, select an option number.
Step 6 Type a name in the Option Name field.
Step 7 From the drop-down list box, select an option type.
Step 8 Check the Data is Array? check box if applicable.
Step 9 Type an optional description in the Option Description box.
Step 10 Click OK to finish or Apply to continue adding custom options.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server whose custom option you want to edit.
Step 2 Click the Show Properties toolbar button.
Step 3 From the Advanced tab, click Custom Options.
Step 4 From the Custom Options dialog box, select the option number that you want to edit.
Step 5 Click Edit.
Step 6 From the Edit Custom Option dialog box, make any changes to the Option Name, Option Type, and/or Option Description.
Exercise caution when changing any properties except the description. Changing an option's properties can have unexpected side-effects if the option is used in any existing policies.
Step 7 Click OK.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server whose custom option you want to remove.
Step 2 Click the Show Properties toolbar button.
Step 3 From the Advanced tab, click Custom Options.
Step 4 From the Custom Options dialog box, select the option number that you want to remove.
Step 5 Click Remove.
Network Registrar removes the option name for that option, which indicates that the option is unassigned. Exercise caution when removing an option, because doing so does not remove an option from existing policies. To remove an option from a policy, see the "Removing Options" section earlier in this chapter.
The Debug Settings option lets you collect debug information about the server. You should only need to set debug settings if you have been instructed by Technical Support.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server for which you want to set debug.
Step 2 Click the Show Properties toolbar button.
Step 3 From the Advanced tab, click Debug Settings (Figure 3-7).
Step 4 From the Debug settings dialog box, click Enable Debug.
Step 5 Type in the category as supplied by Technical Support.
Step 6 Select the output destination: console sends the output to the server console, and MLOG sends the output to the Network Registrar's logging facility.
MLOG is the recommended choice.
Step 7 Click OK.
You probably should install more than one DHCP server so that if one server fails, the DHCP clients can continue to obtain IP addresses. Because the DHCP protocol does not provide a way for DHCP servers to cooperate in ensuring that assigned addresses are unique, you must divide the IP address pool among the DHCP servers to prevent duplicate address assignment.
You can configure two DHCP servers to distribute the load and handle the leases if the first DHCP server goes down. You must configure the second DHCP server on a different cluster than the first server.
After you have set up both servers, the local DHCP server will respond to requests from local DHCP clients most of the time, while the remote DHCP server will assign addresses to clients on the other subnet only when the local server is unavailable or without addresses.
Any router that supports BOOTP relay usually has an IP address that points to the DHCP server. For example, if you are using a Cisco router, it uses the term ip helper address, which contains an IP address for a specific machine. In this case, you would use this address to forward all BOOTP (and therefore DHCP) broadcast packets. You should make sure that you have configured this address on the router closest to your desktop machine.
A scope is an administrative grouping of TCP/IP addresses. You create one or more scopes for each subnet on the network to pool addresses for that subnet.
The first step in setting up a scope is to supply the appropriate information to the fields in the General tab of the DHCP Scope Properties dialog box (Figure 3-8).
Each scope needs to have the following information:
You can configure multiple scopes (with disjoint ranges of IP addresses) that have the same network number and subnet mask. The DHCP server pools together the available leases from all of the scopes on the same subnet together and offers them, in a round-robin fashion, to any client that requests a lease (that is, for which there is no reservation or previous lease information available).
You might want to configure the addresses for a single subnet into multiple scopes to increase the speed of the GUI update for the Leases tab. Another reason might be to organize the addresses in a more natural way for administration---although remember that unless the client has a reservation or is a member of a client-class there is no way to control from which scope a client will obtain a lease.
Because each scope can have a separate reservation list, you might want to organize the leases in multiple scopes on the same subnet. You could put all the dynamic leases in one scope, with a policy with one set of options and lease times, and all the reservations in another scope, with a different policy of options or lease times.
You can also have multiple scopes for different subnets and some of the scopes may not be locally connected to your computer. If this is the case, you should ensure that the router (with BOOTP Relay Support) is configured with the appropriate helper address.
When multiple scopes are available on a particular subnet (through the use of secondary subnet), the DHCP server searches through all of them looking for a scope that meets the needs and requirements of an incoming DHCP client request. For instance, if a subnet has three scopes, only one of which supports dynamic BOOTP, any BOOTP request for which there is not a reservation in another scope is automatically satisfied from the scope that supports dynamic BOOTP.
In addition, you can configure a scope to disallow DHCP requests (the default is to allow DHCP requests). By using these capabilities together, you can easily configure the addresses on a subnet so that all of the DHCP requests are satisfied from one scope (and address range), all of the reserved BOOTP requests come from a second scope, and all of the dynamic BOOTP requests come from a third scope. This allows you to support dynamic BOOTP while minimizing the impact on the address pools that support DHCP clients.
In addition, you can now configure a scope to disallow DHCP requests (the default is to allow DHCP requests). By using these capabilities together, you can now easily configure the addresses on a subnet so that all of the DHCP requests are satisfied from one scope (and address range), all of the reserved BOOTP requests come from a second scope, and all of the dynamic BOOTP requests come from a third scope. This allows you to support dynamic BOOTP while minimizing the impact on the address pools that support DHCP clients.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP server to which you want to add a scope.
Step 2 Click the Add toolbar button.
Step 3 In the Add Scope dialog box, enter the name of the scope.
Step 4 In the Policy box, do one of the following:
For more information, see the "Configuring Policies" section earlier in this chapter.
Step 5 Enter the network number for the subnet.
Step 6 Enter the subnet mask.
Step 7 Specify the scope address range by typing a series of single addresses and/or address ranges.
Specify the full address, for example, 192.168.1.100, 192.168.1.200, or only the relative addresses, for example, 100, 200.
Step 8 Click OK.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP scope you want to edit.
Step 2 Click the Show Properties toolbar button.
Step 3 Change any of the parameters by entering or by selecting different values.
Step 4 Click OK.
Although removing a scope from the configuration of a DHCP server is easy to do, you should be very careful whenever you perform this operation. The DHCP protocol, as defined by the IETF, provides a lease to a client for a particular IP address for a specific amount of time (defined by the administrator of the server). Until that time has elapsed, the client is free to use the IP address it has been leased. There is no defined way for the server to revoke a lease, and to cause a client to stop using an IP address. As a result, while you can easily remove a scope from a DHCP server, the clients who have obtained leases on IP addresses from this scope will continue to use them until the expiration of the lease. This is true even if the server does not respond to their attempts to renew the lease (as is the case if the scope has been removed from the server).
If the addresses from the scope that you have removed are not configured into another DHCP server or reused in any way, then this is not a problem. If, however, the addresses contained in this scope are placed into another DHCP server before to the expiration of the last lease, the same IP address might be in use by two different clients. This situation can cause serious errors in operation.
In other words, do not simply remove a scope from one DHCP server and add the addresses into another scope in a different DHCP server. Doing so compromises the integrity of your network. There are several ways to accomplish the operation of removing a scope from a DHCP server.
If you do not plan to reuse the addresses from the scope, you can remove the scope from the DHCP server.
Step 1 From the Server Manager window (Figure 4-10), select the scope you want to remove.
Step 2 Click the Remove toolbar button.
Step 3 Click Yes in the Confirmation dialog box.
If you do want to reuse the addresses, you have two options:
After you have established a scope, you can monitor lease activity and view lease attributes from the Leases tab (Figure 3-9).
The Leases tab (Figure 3-9) displays:
Before you delete a lease, first deactivate it, and then wait for it to become available. If the lease is currently available, the wait is instantaneous; otherwise, it may be as long as the lease time plus the grace period. If you delete a lease that is not available, Network Registrar displays a warning. Make sure this is what you want to do, because deleting an active client's lease could result in a duplicate IP address on the network if the deleted address is later assigned to a new active client.
Step 1 From the Server Manager window (Figure 4-10), select the scope that contains the lease you want to delete.
Step 2 Click the Show Properties toolbar button.
Step 3 From the DHCP Scope Properties dialog box, click the General tab (Figure 3-8).
Step 4 Specify the address pool, omitting the address of the lease that you want deleted.
Step 5 Click OK.
Step 6 Reload the DHCP server.
The reason you would choose to deactivate a lease is to move a client off of a lease. If the lease is available, deactivating the lease prevents Network Registrar from giving the lease to a client. If the lease is leased (held by a client), deactivating the lease prevents the client from renewing the lease, and Network Registrar from giving it to another client. You can only deactivate a lease if the server is running. Network Registrar deactivates the lease immediately; you do not need to reload the DHCP server.
Step 1 From the Server Manager window (Figure 4-10), select the scope that contains the lease you want to deactivate.
Step 2 Click the Show Properties toolbar button.
Step 3 From the DHCP Scope Properties dialog box, click the Leases tab (Figure 3-9).
Step 4 Select the lease you want to deactivate.
Step 5 Click Lease properties.
Step 6 In the Lease Properties dialog box, select the Deactivate Lease check box.
Step 7 Click OK.
To deactivate all the leases in a single scope, disable BOOTP and DHCP. For more information see the "Deactivating a Scope" section later in this chapter.
The Force Available check box allows you to make a lease currently held by a host available. If the lease is currently held, you should request that the user release the lease, or do so yourself, before selecting this option. You do not need to reload the DHCP server to make the change take effect.
Step 1 From the Server Manager window (Figure 4-10), select the scope that contains the lease you want to make available.
Step 2 Click the Show Properties toolbar button.
Step 3 From the DHCP Scope Properties dialog box, click the Leases tab (Figure 3-9).
Step 4 Select the lease you want to force available.
Step 5 Click Lease Properties.
Step 6 In the Lease Properties dialog box, click Force Available.
From the Leases tab, click Refresh List (Figure 3-9).
Use the Refresh List button to update the display with the latest lease information.
To ensure that a client always gets the same lease, reserve the lease. You reserve a lease by using the Reservations tab (Figure 3-10) to pair an IP address with the host's MAC address. You can choose any valid IP address that is within your network number. The IP address does not have to be one that is listed in the scope's range of addresses. In fact, you can use the scope's range of IP numbers for dynamic leases, and use other addresses for reserved leases.
The leases should have the same network number and subnet mask as the scope. Network Registrar displays the current network number and subnet mask in noneditable fields above the lease reservation grid.
You must reserve leases for DHCP clients whose addresses must remain constant.
Network Registrar provides two ways to make reservations. If you want to reserve several leases, use the Reservations tab of the DHCP Scope Properties dialog box. If you want to reserve a lease that is currently held or available, you can do so from the Leases tab.
Step 1 From the Server Manager window (Figure 4-10), select the scope that uses the policy you want applied to the reserved lease.
Step 2 Click the Show Properties toolbar button.
Step 3 Click the Reservations tab (Figure 3-10).
Step 4 Click Add.
Step 5 In the Add Reservations dialog box, enter the Lease and MAC addresses.
Step 6 Click Apply to continue adding reservations, or OK to finish.
Step 7 Reload the DHCP server.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP scope that contains the address or addresses you want to reserve.
Step 2 Click the Show Properties toolbar button.
Step 3 Click the Leases tab (Figure 3-9).
Step 4 Select the address of the lease you want to reserve.
Step 5 Click Lease properties.
Step 6 Select the Reserve lease check box.
Step 7 Click OK.
Step 8 Reload the DHCP server to make the reservations take effect.
Although you can remove reservations at anytime, if the lease is still held, the client will continue to use the lease until the lease expires. If you reserve this lease for someone else, Network Registrar displays a message to that effect when you start the DHCP server.
Step 1 From the Server Manager window (Figure 4-10), select the scope that contains the lease reservation you want to cancel.
Step 2 Click the Show Properties toolbar button.
Step 3 From the DHCP Scope Properties dialog box, click the Reservations tab (Figure 3-10).
Step 4 Select the IP address.
Step 5 Click Remove.
Step 6 Reload the DHCP server.
The Scope Selection tab (Figure 3-4) allows you to associate scope selection tags that you defined for clients or client-classes with this scope. For more information, see the "Defining Scope Selection Tags" section earlier in this chapter.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP scope you want to associate with a selection tag.
Step 2 Click the Show Properties toolbar button.
Step 3 Click the Selection Tags tab.
Step 4 In the Selection Tags tab (Figure 3-11), click Edit Tags.
Step 5 In the Choose Scope Selection Tags dialog box, choose the tag you want associated with this scope.
Repeat steps 1 through 5 for additional tags.
Step 6 Click OK.
The Selection Tags dialog box displays the scope's tags.
Step 7 Click OK.
Figure 3-12 shows the fields in the Advanced tab.
The DHCP server makes use of the ICMP echo request and echo reply packets to determine whether a particular IP address is currently in use. If a computer responds to the ping, the DHCP server marks that address as unavailable and offers a different IP address to the client.
Step 1 In the Advanced tab of the DHCP Scope Properties dialog box (Figure 3-12), select the Ping address before offering it check box and select a time interval in milliseconds to wait before assuming that no client will answer.
The default is 300 milliseconds.
Step 2 Click OK.
Network Registrar supports multiple logical subnets on the same physical network segment, which are called secondary subnets. If you have several logical subnets on the same physical network, for example, 192.168.1 and 192.168.46, you might want to configure DHCP so that it will offer addresses from both pools. By pooling addresses this way, you can combine two class C networks or a Class B and Class C network.
To join two logical subnets, create two scopes, and elect one to be primary and the other secondary. After you have configured the secondary subnet, any client on this physical network will obtain a lease from one or the other scope, on a round-robin basis (as long as the client does not have a reservation or previous lease information).
To join the secondary scope to the primary scope, follow these steps:
Step 1 From the Server Manager window (Figure 4-10), select the secondary scope.
Step 2 Click the Show Properties toolbar button.
Step 3 Click the Advanced tab.
Step 4 From the Advanced tab, select the Make this scope a secondary check box (Figure 3-12).
Step 5 In the Primary scope box, select the scope that you want to designate as the primary scope.
Step 6 Click OK.
Step 7 Repeat steps 1 through 6 for each scope that you want to attach to this group.
Step 8 Reload the DHCP server.
BOOTstrap Protocol (BOOTP) was originally created for loading diskless computers. This protocol was later used to allow a host to obtain all the required TCP/IP information to be able to use the Internet. BOOTP functions by allowing a host to broadcast a request onto the network, and obtains information required from a BOOTP server. The BOOTP server is a computer that listens for incoming BOOTP requests and generates responses from a configuration database for the BOOTP clients on that network. BOOTP differs from DHCP in that it has no concept of lease or lease expiration. All IP addresses allocated by a BOOTP server are permanent.
You can configure Network Registrar to act like a BOOTP server. In addition, although BOOTP normally requires static address assignments, you can choose to either reserve IP addresses (and therefore use static assignments) or have IP addresses dynamically allocated. When you need to move or decommission a BOOTP client, you can reuse its lease simply by selecting Force Available from the Leases dialog box.
Step 1 In the Policies tab of the DHCP Server Properties dialog box (Figure 3-2), configure a policy to contain the information that BOOTP requires.
Step 2 In the Edit Options dialog box, select the options you want.
Step 3 Click the Send to BOOTP clients check box.
Step 4 If you select the Always send to DHCP clients check box, the DHCP server sends an option back in the DHCP reply packet regardless of whether the client requested the option.
Step 5 Click OK.
Step 6 In the Advanced tab of the DHCP Scope Properties dialog box (Figure 3-12), select the Enable BOOTP check box.
Step 7 If you want dynamic IP address assignment, select the check box, otherwise create reservations.
For more information about making reservations, see the "Reserving a Lease" section earlier in this chapter.
Step 8 Click OK.
Step 9 Reload the DHCP server.
You can disable DHCP for this scope if you want to use the scope only for BOOTP.
To deactivate all the leases in a scope, disable BOOTP and disable DHCP.
Network Registrar's dynamic DNS update allows the DHCP server to tell the DNS server or servers when a name-to-address association has been created or changed. When a host obtains a lease for an address, Network Registrar tells DNS to add it to its database. When the lease expires, or when the client gives up an address, Network Registrar tells DNS to remove the association. In normal operation you, as administrator, do not have to reconfigure DNS, no matter how frequently the clients' addresses change through the use of DHCP. Network Registrar uses the host name that the client computer provides. If you choose, Network Registrar can automatically create names for clients who have not provided one.
The Network Registrar dynamic DNS update is used for individual hosts instead of the DNS servers themselves. DNS servers' addresses are entered into the DHCP client information database and should therefore only be changed infrequently. DNS servers' addresses are often known to one another for backup or performance reasons, so changing their addresses in a mixed environment is not very useful. For security, the DHCP servers must know the addresses of the DNS servers that they update, and the DNS servers must know the addresses of the DHCP servers from which they are authorized to accept updates.
The Network Registrar DHCP server stores all pending DNS update information on disk. If DHCP cannot communicate with a particular DNS server, it periodically tests if communications have been reestablished, and submits all pending updates when they have been updated. This test typically occurs once every 40 seconds until communication with DNS is reestablished.
The DNS tab allows you to configure the DHCP server to perform dynamic DNS updates.
Step 1 From the Server Manager window (Figure 4-10), select the DHCP scope you want to associate with dynamic DNS update.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DNS tab of the DHCP Scope Properties dialog box (Figure 3-13), select the Perform dynamic DNS updates check box.
Step 4 Enter the forward DNS zone name.
This is the name of the DNS zone to which a DHCP client's host name should be added (A record)
Step 5 Enter the forward DNS Server's IP address.
This is the IP address of the primary DNS server on which the forward zone resides.
Step 6 Enter the reverse DNS zone name.
This is the name of the inverse (in.addr.arpa) zone that is updated with the PTR and TXT records.
Step 7 Enter the Reverse DNS Server's IP address.
Step 8 Select whether to update DNS before or after providing a lease.
The default is After responding to client. Do not choose Before responding to client if you have Windows 95 clients, because updating DNS before responding to a lease can cause delays which then cause problems with Windows 95 DHCP clients.
Step 9 If you want Network Registrar to create host names for hosts that do not supply names, select the Create host names for hosts that do not supply one check box.
If you select this check box, Network Registrar will create a unique host name by prepending the word dhcp to the server's ID within the cluster followed by a number, such as dhcp-1-1...dhcp-1-n.
Step 10 If you want Network Registrar to use a specific host name prefix, enter one.
Step 11 Click OK.
Step 1 From the Server Manager window (Figure 4-10), select the DNS zone that you want to configure for dynamic DNS updates.
Step 2 Click the Show Properties toolbar button.
Step 3 From the DNS Zone Properties dialog box, click the DHCP tab (Figure 2-13).
Step 4 Select the Enable dynamic DHCP updates check box.
Step 5 Specify the address of the DHCP server from which DNS allows updates.
If you do not list a DHCP server, dynamic updates will not occur.
Step 6 Repeat steps 1 through 5 for both the primary and reverse DNS zones.
For example, the primary zone example.com and the reverse zone 1.168.192.in-addr.arpa.
After you have configured the DNS and DHCP servers, you must reload them to write the configuration information to the Network Registrar database.
Step 1 From the Server Manager window (Figure 4-10), select the first server you want to reload, for example the DNS server.
Step 2 Click the Control toolbar button.
Step 3 From the Control dialog box, click Reload.
Step 4 Click OK.
Step 5 Repeat steps 1 through 4 for the second server; for example, the DHCP server.
Posted: Thu Jul 13 11:30:07 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.