Installing the dhcp server roleDocument Transcript
Installing the DHCP Server RoleThe first step in setting up a DHCP server on a Windows Server 2008 R2 system is to install theDHCP Server feature on any servers which are required to provide the service. Before performingeven this initial task, it is highly recommended that any systems designated to act as DHCPservers are assigned a static IP address. If the server is currently obtaining a dynamic IP addressfrom another DHCP server, begin the installation process by assigning the system a static IPaddress. This can be achieved by launching the Server Manager and clicking View NetworkConnections. Right click on the network adapter on which the DHCP service is to be run andselect Properties where either, or both the IPv4 or IPv6 address may be changed fromautomatically obtaining an IP address to specifying a static address. Once configured, exit fromthe properties dialog and network connections window leaving the Server Manager running.Installation of the DHCP Server Role is performed by selecting Roles from the tree in the lefthand pane of the Server Manager tool. On the Roles page, click on the Add Role link to launchthe Add Roles Wizard. Dismiss the welcome screen if it is displayed, and in the Select ServerRoles screen select the check box next to DHCP Server before clicking the Next button, read theinformation provided and click Next again to proceed to the Network Connection Binding screen.It is within this screen that the DHCP server is associated with specific network adaptersinstalled in the system. Select the network adapters for which the DHCP service will be providedand click Next.DHCP can be used not just to provide clients with an IP address, but also additional informationsuch as the name of the parent domain (for example techotopia.com) and the IP addresses of bothpreferred and alternate DNS servers. If the DHCP server is required to provide these details forIPv4 clients, enter them into the Specify IPv4 DNS Server Settings page and click Next.On the IPv4 WIN Server Settings page, enter addresses of the Preferred and Alternate WINSservers if required. Otherwise, leave the WINS is not required for applications on this networkoption selected and proceed to the next configuration page.The next page allows initial DHCP scopes to be configured. A DHCP scope defines one or moreranges of IP addresses from which an IP address may assigned to a client and the duration of theIP address lease (6 days for wired clients and 8 hours for wireless clients). This may either beconfigured now, or at a later point in the configuration process. The topic of defining DHCPscopes is covered in the Defining DHCP Scopes section of this chapter.With the initial DHCP IPv4 configuration steps completed, the wizard subsequently moves on tothe IPv6 settings. This is where a little background information is useful. Windows Server 2008supports two modes of IPv6 DHCP operation, known as stateless and stateful. In stateful mode,clients obtain both an IP address and other information (such as DNS addresses) through theDHCPv6 server. In stateless mode, the clients receive only the non-IP address information from
the DHCPv6 server. In this case, the IP address must be provided using some other mechanism,either by configuring of static IP addresses or through the implementation of IPv6 auto-configuration.On the Configure DHCPv6 Stateless Mode screen, select either stateful or stateless mode inaccordance with your specific enterprise requirements. If stateless mode is selected the nextscreen will prompt for the IPv6 DNS information to be provided to clients. Enter the informationand click on Next. If the DHCP is part of an Active Directory domain, the Authorize DHCPServer page will appear. Enter the credentials (either your own as shown, or alternatecredentials via the Alternate Credentials button) necessary to authorize the new DHCP server.Alternatively, the authorization may be performed later by skipping this step by clicking on Next.Upon completion of the DHCP server configuration the summary screen will displayed similar tothe one illustrated below:
Assuming that the summarized configuration is correct, click on Install to complete theinstallation process. The wizard will display the progress of the DHCP Server Role installationbefore displaying a results screen confirming the successful installation. Once installation iscomplete, the DHCP Server may be managed locally or remotely using the DHCP console (Start-> All Programs -> Administrative Tools -> DHCP).Authorizing DHCP Servers in Active DirectoryIf a DHCP server is to operate within an Active Directory domain (and is not running on adomain controller) it must first be authorized. This can be achieved either as part of the DHCP
Server role installation, or subsequently using either DHCP console or at the command promptusing the netsh tool.If the DHCP server was not authorized during installation, invoke the DHCP console (Start ->All Programs -> Administrative Tools -> DHCP), right click on the DHCP to be authorized andselect Authorize. To achieve the same result from the command prompt, enter the followingcommand:netsh dhcp server serverID initiate authIn the above command syntax, serverID is replaced by the IP address or full UNC name ofsystem on which the DHCP server is installed.Understanding DHCP Scope TypesDHCP scopes are used to define ranges of addresses from which a DHCP server can assign IPaddresses to clients. Scopes fall into Normal, Multicast and Superscope categories as follows:Normal Scope - Allows A, B and C Class IP address ranges to be specified including subnetmasks, exclusions and reservations. Each normal scope defined must exist within its own subnet.Multicast Scope - Used to assign IP address ranges for Class D networks. Multicast scopes donot have subnet masks, reservation or other TCP/IP options. Multicast scope address rangesrequire that a Time To Live (TTL) value be specified (essentially the number of routers a packetcan pass through on the way to its destination).Superscope - Essentially a collection of scopes grouped together such that they can be enabledand disabled as a single entity.Configuring IPv4 Scopes Using the DHCP ConsoleNew scopes on Windows Server 2008 R2 can either be configured from the graphical DHCPconsole, or from the command prompt using the netsh utility. To create a new scope in theDHCP console (launched from Start -> All Programs -> Administrative Tools -> DHCP) clickon the server name in left hand panel so that IPv4 and IPv6 categories are listed in the mainpanel. Right click on the required IP version and select New scope from the menu top invoke theNew Scope Wizard. Click on Next to skip the welcome screen so that the Scope Name dialog isdisplayed:
Enter a suitable name and description for the scope and press Next to proceed to the IP AddressRange screen. In this screen, enter the start and end addresses of the IP address scope followedby the subnet mask, either in terms of bit length or in IP format (for example 255.255.255.0 or 24bits). Note that when the start and end addresses are entered the subnet mask fields are filled inautomatically, but may be changed manually if required:
If the address range specified encompasses multiple subnets (for example 192.168.2.1 through to192.168.3.254) the wizard will warn that the designated range is too large for a single scope andprovide the option to create a superscope made up of a number of different scopes depending onhow many subnets are contained within the range.Assuming that all addresses in the scope range are on the same subnet, the wizard will providethe option to specify exclusions within the scope. Exclusions are essentially ranges of one ormore IP addresses within the defined scope which are not available for assignment to clients.Multiple exclusion ranges may be defined within a single scope by using the Add button to addnew ranges:
The next screen of the New DHCP Scope wizard relates to the topic of Lease Duration for the IPaddresses in the current scope. Lease duration refers to the amount of time an IP address isassigned to a particular client computer or device. If the subnet on which the DHCP server operateshas a high turnover of clients then a short lease is recommended (since the server will end upholding IP addresses for clients which are no longer connected, potentially exhausting the poolof IP addresses). For subnets where the connected clients are fairly stable, longer leases might bemore appropriate. To define a lease duration use the spin boxes provided, specifying the durationin units of days, hours and even minutes (the default is 8 days):
The next screen provides the option to configure DHCP options (such as default gateway, DNSand WINS servers) which will be provided to clients along with the dynamic IP address. If theyes option is selected, the wizard will present a series of screens where these options may bespecified if required. On each screen enter the appropriate information, or leave the page blank ifthe option is required (for example not all configurations require a WINS server). If "no" isselected the wizard will skip to the Activate Scope screen where, as the name suggests, the newscope may be activated. Once activated the wizard may be closed. The new scope is now definedand active.Configuring DHCP ReservationsDHCP reservations provide a mechanism by which IP addresses may be permanently assigned toa specific client based on the MAC address of that client.The MAC address of a Windows client can be found running the ipconfig /all command. For Linuxsystems the corresponding command is ifconfig -a. Once the MAC address has been identified,the reservation may be configured using either the DHCP console or at the command promptusing the netsh tool. One important point to note is that ifconfig displays the MAC addressdelimited by colons (:), for example 06:EC:E6:11:47:BD. When entering the MAC address intothe New Reservations dialog on Windows the colons will need to be replaced with dashes (-), forexample 06-EC-E6-11-47-BD. Failure to do this will result in a warning dialog stating that theUnique identifier you have entered may not be correct.
To configure reservation using the DHCP console, select Start -> All Programs ->Administration Tools -> DHCP and select the DHCP server and unfold the appropriate scopefrom the tree in the left panel. Within the scope sub-list, select Reservations as illustrated below:Right click on Reservations and choose New Reservation... from the menu to launch the NewReservation dialog:
Begin by entering a name for the reservation followed by the IP address from the currentlyselected scope which is to be reserved for the client together with the MAC address of the client(or more specifically the network adapter of the client). Finally specify whether the reservation isto be made for BOOTP or DHCP clients, or both. Once the information has been entered clickthe Add button. When all reservations have been entered click Cancel to close the dialog.To add a reservation using netsh the following syntax is used:netsh dhcp server servername scope subnetID add reservedip IPaddress MacAddressReservationName CommentFor example the following command reserves an IP address for a specific MAC address (notethat the MAC address must be entered without any delimiters):C:UsersAdministrator>netsh dhcp server winserver-2 scope 192.168.2.0 addreservedip 192.168.2.12 0013720B1457 "CEO Printer" "Printer in Exec Suite"Changed the current scope context to 192.168.2.0 scope.Command completed successfully.To list the current reserved IP addresses for a particular scope the following netsh commandmay be used:C:UsersAdministrator>netsh dhcp server winserver-2 scope 192.168.2.0 showreservedip
Changed the current scope context to 192.168.2.0 scope.=============================================================== Reservation Address - Unique ID=============================================================== 192.168.2.10 - 00-0b-db-18-a0-db- 192.168.2.11 - 06-ec-e6-11-47-bd- 192.168.2.12 - 00-13-72-0b-14-57-No of ReservedIPs : 3 in the Scope : 192.168.2.0.Command completed successfully.