Windows IT Pro
Windows IT Library
  - Advertise        
Windows IT Pro Logo

  Home  |   Books  |   Chapters  |   Topics  |   Authors  |   Book Reviews  |   Whitepapers  |   About Us  |   Contact Us

search for  on    power search   help
  






Dynamic Host Configuration Protocol
View the book table of contents
Author: Emmett Dulaney
Vijay Sankar
Sharon E. Sankar
Published: June 1999
Copyright: 1999
Publisher: 29th Street Press
 


Configuring the Client
A Microsoft DHCP client may have any of the following operating systems:
  • Windows 95/98
  • Windows for Workgroups 3.11 with Microsoft 32-bit TCP/IP VxD
  • Microsoft Network Client 3.0 for MS-DOS with real-mode TCP/IP driver
  • LAN Manager version 2.2c
However, the following machines should have reserved addresses or manually configured addresses located within the exclusion range of all DHCP servers on the network:
  • NT computers running WINS, DHCP, or DNS
  • Print servers that use TCP/IP print services
  • Clients that receive their IP addresses from non-Microsoft DHCP servers
It’s also important to remember that if you have other DHCP servers on your network that DHCP clients can access, the reserved addresses must be included in the exclusion ranges of those DHCP servers.

Special Note: Using reserved addresses and configuring addresses manually with exclusion ranges are essentially two different ways of accomplishing the same thing. We think that manual configuration is generally better because it’s an extra safeguard if the DHCP server is taken off line. However, if you have many clients, especially if they’re in different geographical areas, you may not wish to sit at each workstation to configure your static addresses — after all, that’s what DHCP is for. Reserved addresses can therefore be configured directly from the DHCP server (although you may spend considerable time on the phone obtaining the MAC addresses of all the clients).

If you want to provide IP addresses to network interfaces through a DHCP server, you can use the reserved addresses that can be set up under DHCP Manager. Double-click the Scope, select Scope, Add Reservations to bring up a dialog box similar to Figure 8.4.

To create a reserved IP address, type the IP address and the Unique Identifier. The Unique Identifier is the client computer’s MAC address (the number of its network card). To find this number, type

ipconfig /all

at the command prompt of an NT client and view the physical address field. (Alternatively, type

net config wksta

at the command prompt.) If the computer is a Windows 95 machine, type

winipcfg.exe

at the command prompt and look at the adapter address field.

You choose the client name. It doesn’t necessarily have to correspond to either a NetBIOS name or a host name, but to avoid more confusion than necessary, make it the same as one or the other. Adding a comment in the Client Comment field is optional.

Special Note: Another method for reserving IP addresses for specific clients will hold the reservation even if the client has a new network adapter card installed. This method is outlined in the Microsoft Technet article entitled “Custom DHCP Client Identifiers for Windows NT,” August 1998 (Q172408). We’ve paraphrased this article below.

Normally, Microsoft DHCP clients use their MAC addresses to identify themselves to the DHCP server. However, the client may instead use a manually configured Client Identifier to identify itself to the server. The following steps configure the Client Identifier:
  1. On the client computer, select the Registry entry


    2. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ {Adapter driver name}{adapter number}\Parameters\Tcpip

  2. Click Add from the Edit menu, and assign the following data to the values:


    3. Value Name: DhcpClientIdentifier
    Value Type: REG_DWORD
    Value Range: 0x0 – 0xFFFFFFFF
    Value Default: 0x0
  3. Click OK, exit the Registry, and restart the system.
  4. From the server, create the reserved IP address. Force the client to release its IP address by typing


    5. ipconfig /release {number of adapter card}

    at the client’s command prompt.

  5. Once the reserved IP address is created and the client has requested the address, any further communication with the server (before the client accepts the server’s IP address) uses the Client ID rather than the MAC address to identify the client to the server. For example, if the client declines the address given, it sends back a DHCP Decline message with its Client ID embedded in the packet instead of its MAC address. For further information about DHCP Decline, see “DHCP Messaging” below.

DHCP Messaging
DHCP messaging has been covered in many different publications and online documents, so much of the following information may not be new to you. However, we include it for the sake of completeness. For further information, see the Microsoft Windows NT Server Networking Guide.

To obtain, renew, rebind, and release an IP address from a Microsoft DHCP server, a client and server exchange the following information:
  1. DHCP Discover — When the client starts for the first time as a DHCP/TCP/IP client, it broadcasts a dhcpdiscover frame of either 342 or 590 bytes. The frame includes
    • the Ethernet header portion (the broadcast address of 255.255.255.255)
    • the IP header portion (source address 0.0.0.0 and destination address 255.255.255.255)
    • the UDP header (contains the UDP source and destination ports — 68 and 67)
    • the DHCP discover packet components (includes Client Identifier, MAC Address, and Host name) in case the server has a reserved address for the client

    The client initially sends four dhcpdiscover messages. If it doesn’t receive a response from the DHCP server, it retries every five minutes until it is successful.

  2. DHCP Offer — When the server receives the dhcpdiscover message, it responds with a dhcpoffer message of 342 bytes. The frame includes
    • the Ethernet header portion (the MAC address of the client)
    • the IP header portion (the source address of the DHCP server and destination address 255.255.255.255)
    • the UDP header
    • the DHCP offer packet components (contains the proposed client address, proposed lease and renewal periods, and the DHCP server IP address)

    The effect of the DHCP offer is to tell the client of the proposed address and lease period. Because the client doesn’t yet have an IP address, the server has no choice but to broadcast the message.

  3. DHCP Request — When the client receives the dhcpoffer message, it examines the parameters and if they are suitable, it sends out a DHCP request of either 342 or 590 bytes. The frame includes
    • the Ethernet header portion (broadcast)
    • the IP header portion (source address 0.0.0.0 and destination address 255.255.255.255)
    • the UDP header portion
    • the DHCP request packet components (contains the requested address and the server identifier — IP address of server from which it is requesting)

    The effect of the DHCP request is to ask a specific server for an IP address; it also tells all other servers that the client is making this request and therefore not to make any more offers. According to the DHCP standards, the client can accept only part of the request — for example, the IP address but not the renewal time. Our experiments have never demonstrated this capability on Microsoft clients, although some of the Unix workstations have demonstrated this ability. Typically, you should consider using Microsoft DHCP servers primarily for Windows clients.

  4. DHCP Acknowledgment — After the server receives the DHCP request, it responds with a dhcpack message of 342 bytes that includes
    • the Ethernet header (the broadcast address)
    • the IP header (the source address of the DHCP server and the destination address, which is again a broadcast)
    • the UDP header
    • the DHCP acknowledgment packets (contains the client IP address, options and leasing, and renewal and rebinding times)

  5. DHCP Decline — After receiving the lease in the dhcpack, NT 4.0 clients with Service Pack 2 or later broadcast an Address Resolution Protocol (ARP) message to see whether another client is currently using the IP address that was obtained from the DHCP server. If another client responds, the original client sends a dhcpdecline message to the server, and the server flags this IP address as a bad address. At this point, the server offers the next IP address in its scope, and steps 2 – 5 are repeated.
    The dhcpdecline message may not be recognized by non-Microsoft DHCP servers. See “Errors in DHCP and How to Correct Them” later in this chapter for more information. Dhcpdecline messages are sent only if conflict detection has been enabled on the server. To enable conflict detection from the DHCP Manager, select the server, click Properties, and check the selection.
Special Note: The following messages are sent from a DHCP server to a DHCP client:
  • dhcpack — DHCP acknowledgment (Yes)
  • dhcpnack — DHCP negative acknowledgment (No)
  • dhcpoffer — Offer of a DHCP address
Typically, you see dhcpnack messages if the DHCP server is asked to provide an IP address that doesn’t belong to its scope on that particular interface. This situation occurs most often when a computer is moved to a different subnetwork. If a different DHCP server is providing IP addresses to the client, it issues a dhcpnack when it receives the moved client’s request for a renewal because the IP address requested by the client is outside its scope. The client sends a dhcpdiscover message and finally gets a valid IP address for that network.

To see the messages sent from server to client and vice versa, check the System log in the Event Viewer under Administrative Tools for NT 4.0.

DHCP may behave strangely under certain circumstances. Let’s say you have a multihomed server with two network cards and two scopes that belong to two different subnetworks. A client may have always used one of the interfaces to get an IP address that belongs to that network. If that client is connected to a network to which the second interface belongs, you will see the server issue dhcpnack messages.

The only solution we have found for this problem is to manually reserve an IP address for the second scope and provide it to the client. Once the client has an address that belongs to the second scope, it is possible to release the IP address and get another address for dynamic configuration.

When the client has a valid IP address, after half of the lease time has expired, the client enters the renewing state, in which it sends a directed (not broadcast) dhcprequest message to its server. If the IP address is still valid, the server responds with a dhcpack message as in step 4.

If the request fails (if the server sends a dhcpnak message — negative acknowledgment), the client makes one more attempt. If unsuccessful, the client sends dhcprequest messages every two minutes until the IP lease time is 87.5 percent expired. If still unsuccessful, the client broadcasts for another DHCP server until the lease expires. If the lease expires before the client receives a a successful acknowledgment, the client releases the IP address and the TCP/IP protocol is disabled.

Special Note: The Address Resolution Protocol (ARP) is used in IP Version 4 networks to find the physical or MAC address of a network card given its IP address. Even though both Unix and NT support RFC 862 for ARP, ARP is implemented differently on the two systems. NT doesn’t broadcast ARP. The ARP cache on an NT system is meant for itself and not for others. On Unix systems, it is possible to use a command like

arp –s ip-address mac-address pub

to broadcast a particular MAC address to the network and then allow the client to keep it permanently. NT doesn’t operate in the same way. As a result, it isn’t possible to get NT to respond to ARP broadcasts with a MAC address that doesn’t belong to itself. This situation is both good and bad — good because it’s more difficult for someone to spoof a MAC address, but bad because if you plan to use NT as a firewall, you can’t implement network address translation without additional software and configuration.


DHCP/BOOTP Relay Agents
For DHCP to be routable, the following requirements must be met:
  • The router must be able to implement the DHCP/BOOTP relay agent (RFC 1542).
  • An NT 4.0 or later computer must be configured as a DHCP/BOOTP relay agent. (To configure a computer to act as a DHCP/BOOTP relay agent, select the DHCP Relay tab on the TCP/IP Protocol Property page. Add the DHCP servers for which this computer will act as a relay agent.)
As we mentioned earlier, for networks using superscopes, DHCP relays are currently the only way of separating two IP pools representing logical subnetworks within one physical subnetwork.

Maintaining DHCP
Under normal circumstances, Microsoft DHCP is relatively maintenance-free. Although compacting the database periodically was necessary in NT 3.51, it is automatic in NT 4.0. However, errors can occur and when they do, you must have the tools to examine and troubleshoot them.

In the following sections, we examine some of the tasks you might perform in troubleshooting the DHCP server. These tasks include managing leases, synchronizing with the Registry, enabling conflict detection, and checking the DHCP server log.

Managing Leases
To find out which IP addresses are available and which aren’t, select a scope and choose Scope/Active Leases from within the DHCP Manager. A dialog box similar to Figure 8.5 appears.

Notice that active and excluded leases are lumped into one category. To see how many leases are excluded, deactivate the scope, then reaccess this screen. To see how many leases are active, subtract the number of excluded leases from the original number of leases shown when the scope was active. Only NetBIOS names are given, not the host name or the fully-qualified domain name. This shortcoming may be reconciled in 2000 Server.

To view client properties, click Properties in the Active Leases dialog box. The dialog box that appears provides the IP address, the unique identifier (MAC address), the client name (which defaults to the NetBIOS name), and the date and time that the lease expires.

To delete a lease, select it from the list, then click Delete. The lease will disappear when you click Refresh. A typical reason for deleting an active lease is to exclude that IP address from a scope or to set it up as a reserved IP address.

Special Note: A deleted lease appears to be a no-man’s land and you should be aware of a potential problem, especially in large, volatile networks. Until a deleted lease is released, the client still has use of it and conflicts can occur if another client successfully obtains the same IP address from the DHCP server. To release the lease, immediately after deleting a client lease, apply an exclusion to the scope (to prevent others from trying to use this lease in the interim), then type

ipconfig /release

at the client’s command prompt to force the client with the deleted lease to actually release its lease. To force the client to obtain a new lease, type

ipconfig /renew

from the client’s command prompt.



Page: 1, 2, 3, 4
next page



ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

EXCHANGE 2007 Mastery Series – May 29, 2008
3 Info-packed eLearning seminars for only $99! Learn the pros and cons of your mailbox high availability options, see real-world examples of Transport Rules, and get started with basic PowerShell commands with Mark Arnold, MCSE+M and Microsoft MVP.

Windows IT Pro Master CD: Take the Experts with You!
Find the solutions you need in thousands of searchable articles, helpful bonus content, and loads of expert advice with the Windows IT Pro Master CD. Order comes with a 1-year subscription to the new, online articles posted every day!

SQL Server Magazine Master CD: Take the Experts with You!
Find the solutions you need in thousands of searchable articles, helpful bonus content, and loads of expert advice with the SQL Server Magazine Master CD. Order comes with a 1-year subscription to the new, online articles posted every day!

Attention User Group Leaders...
Announcing the eNews Generator—a FREE HTML e-newsletter builder for user group leaders. Build your HTML and text e-newsletters in minutes. And add Windows IT Pro & SQL Server Mag articles alongside your own message!.

Become a fan of Windows IT Pro on Facebook
Join the Windows IT Pro fan club on Facebook. Chat with other IT Pros, upload your pictures, check out what's up n' coming in the next issue and more!



Become a Response Point Specialist
Earn more with the small biz phone solution from Microsoft.

Get Started with Oracle on Windows DVD
Learn how Oracle gives you the power to grow by providing a scalable, easy-to-use platform for running your business at a price you can afford.

Agent-less Remote Backup Service, Free 30 Day Trial
Award winning remote backup service at a competitive price with no min GB/month. Sign up Now!
Windows IT Pro Home Register About Us Affiliates / Licensing Press Room Media Kit Contact Us/Customer Service  
SQL Connected Home IT Library SuperSite FAQ Wininfo News
Europe Edition Office & SharePoint Pro Windows Dev Pro Windows Excavator 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing