6421 b Module-02
-
Upload
bibekananada-jena -
Category
Education
-
view
289 -
download
1
Transcript of 6421 b Module-02
Module 2Configuring and
Troubleshooting DHCP
Module Overview• Overview of the DHCP Server Role • Configuring DHCP Scopes • Configuring DHCP Options• Managing a DHCP Database• Monitoring and Troubleshooting DHCP• Configuring DHCP Security
Lesson 1: Overview of the DHCP Server Role• Benefits of Using DHCP• New DHCP Features in Windows Server 2008/R2• How DHCP Allocates IP Addresses• How DHCP Lease Generation Works• How DHCP Lease Renewal Works• DHCP Server Authorization• Demonstration: How to add the DHCP Server Role
Benefits of Using DHCP
DHCP reduces the complexity and amount of administrative work by using automatic TCP/IP configuration
Manual TCP/IP Configuration
• IP addresses are entered manually
• IP address could be entered incorrectly
• Communication and network issues can result
• Frequent computer moves increase administrative effort
Automatic TCP/IP Configuration
• IP addresses are supplied automatically
• Correct configuration information is ensured
• Client configuration is updated automatically
• A common source of network problems is eliminated
New DHCP Features in Windows Server 2008
New DHCP features include:
• Windows Server 2008 Support for DHCPv6
• Support for advanced network security configuration using NAP
• DHCP on Server Core
These new features were added with Windows Server 2008
How DHCP Allocates IP Addresses
DHCP Server
DHCP Database
IP Address1: Leased to DHCP Client1IP Address2: Leased to DHCP Client2IP Address3: Available to be leased
DHCP Client2:IP configuration from DHCP server
Non-DHCP Client:Static IP configuration
DHCP Client1:IP configuration from DHCP server
Lease Renewal
Lease Generation
How DHCP Lease Generation Works
DHCP client broadcasts a DHCPDISCOVER packet1
DHCP servers broadcast a DHCPOFFER packet2
DHCP client broadcasts a DHCPREQUEST packet3
DHCP Server1 broadcasts a DHCPACK packet4
DHCP Client
DHCP Server1
DHCP Server2
DHCP client broadcasts a DHCPDISCOVER packet1
DHCP servers broadcast a DHCPOFFER packet2
DHCP client broadcasts a DHCPREQUEST packet3
DHCP Server1 broadcasts a DHCPACK packet4
DHCP Client
DHCP Server1
DHCP Server2
How DHCP Lease Renewal Works
DHCP Client sends a DHCPREQUEST packet1
DHCP Server1 sends a DHCPACK packet2
If the client fails to renew its lease, after 50% of the lease duration has expired, then the DHCP lease renewal process will begin again after 87.5% of the lease duration has expired
If the client fails to renew it’s lease, after 87.5% of the lease has expired, then the DHCP lease generation process starts over again with a DHCP client broadcasting a DHCPDISCOVER
DHCP ClientDHCP Server1
DHCP Server2
50% of lease duration has expired
87.5% of lease duration has expired
100% of lease duration has expired
DHCP ClientDHCP Server1
DHCP Server2
DHCP client sends a DHCPREQUEST packet1
DHCP Server1 sends a DHCPACK packet2
50% of lease duration has expired
DHCP Server Authorization
DHCP Server2 checks with the domain controller to obtain a list ofauthorized DHCP servers
If DHCP Server2 does not find its IP address on the list, the service does not start and support DHCP clientsDHCP client receives IP address from authorized DHCP Server1
DHCP Server1 checks with the domain controller to obtain a list of authorized DHCP servers
If DHCP Server1 finds its IP address on the list, the service starts and supports DHCP clients
DomainController
Active Directory
DHCP Client UnauthorizedDoes not service DHCP requests
AuthorizedServices DHCP requests
DHCP Server1
DHCP Server2
DHCP authorization is the process of registering the DHCP Server service in the Active Directory domain to support DHCP clients
Demonstration: How to Add the DHCP Server RoleThis demonstration shows how to: • Install and authorize the DHCP server role
Lesson 2: Configuring DHCP Scopes• What Are DHCP Scopes?• What Are Superscopes and Multicast Scopes?• Demonstration: How To Configure DHCP Scopes• What Is a DHCP Reservation?• DHCP Sizing and Availability
What Are DHCP Scopes?
A scope is a range of IP addresses that are available to be leased
Scope Properties• Scope name• Exclusion range
• Lease duration• Network IP
address range
• Network ID• Subnet mask
LAN A LAN B
DHCP Server
Scope BScope A
What Are Superscopes and Multicast Scopes?
LAN A LAN B
DHCP Server
Scope A and Scope B
LAN A LAN B
DHCP Server
Scope BScope A
Demonstration: How To Configure DHCP ScopesThis demonstration shows how to: • Create an IPv4 scope
What Is a DHCP Reservation?
A reservation is a specific IP address, within a scope, that is reserved permanently for lease to a specific DHCP client
Subnet A Subnet B
Workstation 1
DHCP Server Workstation 2
File and Print Server
IP Address1: Leased to Workstation 1IP Address2: Leased to Workstation 2 IP Address3: Reserved for File and Print Server
DHCP Sizing and Availability
DHCP Clients
DHCP Server1192.168.0.1
DHCP Server2192.168.1.1
DHCP Clients
DHCP Server1 has 80% of addresses as follows:• Scope range: 192.168.0.2-192.168.0.254• Excluded addresses: 192.168.0.200-192.168.0.254
DHCP Server2 has 20% of addresses as follows:• Scope range: 192.168.0.2-192.168.0.254• Excluded addresses: 192.168.0.2-192.168.0199
Lesson 3: Configuring DHCP Options• What Are DHCP Options?• What Are DHCP Class-Level Options?• How DHCP Options Are Applied• Demonstration: How to Configure DHCP Options
What Are DHCP Options?
• WINS Servers
Common scope options are:
DHCP options are values for common configuration data that applies to the server, scopes, reservations, and class options
• DNS Servers
• DNS Name
• WINS Servers
• Default Gateway
What Are DHCP Class-Level Options?
DHCP class-level options are scope options that apply to a specific type of device
DHCP class-level option Description
Vendor-class Configured by vendors such as Microsoft, HP, and Sun
User-class Set and viewed by the user
How DHCP Options Are Applied
DHCP options can be applied at various levels:
• Server
• Scope
• Reserved client
• Class
Demonstration: How to Configure DHCP OptionsThis demonstration shows how to: • Configure scope options• Configure server options• Create a user class for options• Enable scope and configure client computer user class
Lesson 4: Managing a DHCP Database• Overview of DHCP Management Scenarios• DHCP Server Configuration Options• What Is a DHCP Database?• How a DHCP Database Is Backed Up and Restored• How a DHCP Database Is Reconciled• Moving a DHCP Database• Demonstration: How to Manage a DHCP Database
Overview of DHCP Management Scenarios
Scenarios for managing DHCP:
The DHCP service needs to be managed to respond to network changes
• Managing DHCP database growth
• Protecting the DHCP database
• Ensuring DHCP database consistency
• Adding clients
• Adding new network service servers
• Adding new subnets
DHCP Server Configuration Options
What Is a DHCP Database?
• Windows Server 2003 stores the DHCP database in the %Systemroot%\System32\Dhcp folder
• The DHCP database files include:• Dhcp.mdb• Dhcp.tmp• J50.log and J50*.log• Res*.log• J50.chk
The DHCP database is a dynamic database that contains configuration information
• The DHCP database contains DHCP configuration data such as:• Scopes• Address leases• Reservations
How a DHCP Database Is Backed Up and Restored
DHCP Server
DHCP
DHCP
Offline Storage
The DHCP service automatically backs up the DHCP database to the backup directory on the local driveIf the original database is unable to load, the DHCP service automatically restores from the backup directory on the local driveThe administrator moves a copy of the backed up DHCP database to an offline storage locationIn the event that the server hardware fails, the administrator can restore only from the offline storage location
Back up Restore
Back up
Restore
How a DHCP Database Is Reconciled
Example
Registry DHCP Database After Reconciliation
Client has IP address 192.168.1.34
IP address 192.168.1.34 is available
Lease entry is created in DHCP Database
DHCP Server
DHCPDatabase
Registry Summary IP address lease information
Detailed IP address lease information Compares and
reconciles inconsistencies in the DHCP Database
Moving a DHCP Database
DHCPDatabase
Old DHCP Server
New DHCP Server
DHCPDatabase
BackupMedia
Demonstration: How To Manage a DHCP DatabaseThis demonstration shows how to: • Examine the backup interval• Back up the DHCP database• Reconcile the scope data
Lesson 5: Monitoring and Troubleshooting DHCP• Overview of Monitoring DHCP• Common DHCP Issues• What Are DHCP Statistics?• What Is a DHCP Audit Log File?• Monitoring DHCP Server Performance• Demonstration: How to Monitor DHCP
Overview of Monitoring DHCP
Why monitor DHCP?
• To observe the dynamic DHCP environment• To determine DHCP server performance• To facilitate planning for current and future needs
DHCP data includes:
• DHCP statistics• DHCP events• DHCP performance data
Common DHCP Issues
• Address conflicts
• Failure to obtain a DHCP address
• Address obtained from incorrect scope
• DHCP database suffered data corruption or loss
• DHCP server has exhausted its IP address pool
What Are DHCP Statistics?
DHCP statistics are collected at either the server level or scope level
DHCP Server
What Is a DHCP Audit Log File?
A DHCP audit log is a log of service-related events
Monitoring DHCP Server Performance
• Create a DHCP performance baseline
• Check the standard counters for server performance
• Review DHCP server counters for significant changes in DHCP traffic
Performance counters
What to look for after a baseline is established
Packets received/second
Monitor for sudden increases or decreases, which could reflect network problems
Requests/second Monitor for sudden increases or decreases, which could reflect network problems
Active queue length
Monitor for sudden and gradual increases, which could reflect increased load or decreased server capacity
Duplicates dropped/second
Monitor for any activity that could indicate that more than one request is being transmitted on behalf of clients
Demonstration: How to Monitor DHCPThis demonstration shows how to: • View server statistics• View the log files• Use Network Monitor to monitor DHCP
Lesson 6: Configuring DHCP Security• Preventing an Unauthorized User from Obtaining a Lease• Restricting Unauthorized, Non-Microsoft DHCP Servers
from Leasing IP Addresses• Restricting DHCP Administration
Preventing an Unauthorized User from Obtaining a Lease
To prevent an unauthorized user from obtaining a lease:
• Ensure that unauthorized persons do not have physical or wireless access to your network
• Enable audit logging for every DHCP server on your network
• Regularly check and monitor audit log files
• Use 802.1X-enabled LAN switches or wireless access points to access the network
• Configure NAP to validate users and security policy compliance
Restricting Unauthorized, Non-Microsoft DHCP Servers from Leasing IP Addresses
To eliminate an unauthorized DHCP server, you must locate and disable it from communicating on the network either physically or by disabling the DHCP service
Restricting DHCP Administration
To restrict who can administer the DHCP service:
• Limit the members of the DHCP Administrators group
• Add users needing read-only access to the DHCP Users group
Account Permissions
DHCP Administrators group Can view and modify any data about the DHCP server
DHCP Users group Has read-only DHCP console access to the server
Lab: Configuring and Troubleshooting the DHCP Server Role• Exercise 1: Selecting a Suitable DHCP Configuration• Exercise 2: Implementing DHCP• Exercise 3: Reconfiguring DHCP• Exercise 4: Testing the Configuration • Exercise 5: Troubleshooting DHCP Issues
Estimated time: 75 minutes
Logon information
Virtual machines6421B-NYC-DC16421B-NYC-RTR6421B-NYC-SVR26421B-NYC-CL2
User name Contoso\AdministratorPassword Pa$$w0rd
Lab Scenario
Contoso is deploying DHCP to their branch offices. Fault tolerance is important, and you are tasked with configuring the DHCP services in the head office and branch offices to support the requirements.
Lab Review• In the lab, you configured the router with the DHCP Relay
agent. What does the agent do?• In the lab, you configured a scope for the branch office
computers on each of two DHCP servers to provide for fault tolerance. What would happen to clients that renewed when both DHCP servers were unavailable?
Module Review and Takeaways• Review Questions• Tools