Windows Server 2012 DHCP (Part 1)
If you would like to read the next part of this article series please go to Windows Server 2012 DHCP (Part 2).
Dynamic host configuration protocol (DHCP) is one of the most commonly implemented network services in today’s network environments. In this article I will review the deployment and configuration of the DHCP server role in Windows Server 2012. We will revise the DHCP leasing process, DHCP options, DHCPv4 and DHCPv6 scopes, and auto configuration.
The Case for DHCP
DHCP is primarily used to automatically distribute critical IP configuration settings to network clients, eliminating the tedious and burdensome task of manually configuring hosts on TCP/IP-based networks. It also provides configuration information and interacts with other networking services such as domain name system (DNS), windows deployment services (Windows DS) and network access protection (NAP).
Without DHCP service, you have to individually configure each network client with the correct internet protocol settings, including the IP address, the network’s subnet mask, the default gateway, and the DNS server address. These settings are necessary for the network clients to communicate within and outside their network locations. You have to repeat this manual configuration process any time you bring a new device to the network or you move one to a different subnet.
Many organizations manage hundreds or thousands of network client devices, including smart phones, tablets, desktop computers, and laptops. The DHCP service helps to ensure that all network clients have correct configuration settings, eliminating fat fingers and other human errors that may occur when we have to enter the information manually. Network configuration changes can be updated on the DHCP server without having to change the information directly on each client computer.
DHCP Server Authorization
In an active directory infrastructure, to prevent an incorrectly configured DHCP server or a rogue DHCP server from distributing IP addresses, DHCP servers are not allowed to start servicing clients before they are authorized to operate in the network. DHCP authorization is the process of registering the DHCP Server in the active directory database to service DHCP clients. An enterprise administrator account is necessary to authorize Windows Server 2012 DHCP servers; once it is authorized, the DHCP server can support multiple domains in the same active directory forest.
A standalone (no domain member) Windows Server 2012 DHCP server can detect an authorized DHCP server in a domain. When that happens, the standalone DHCP server does not lease IP addresses and shuts down automatically.
Deploying the DHCP Server Role
These are the steps necessary to add the DHCP server role to a Windows Server 2012 computer:
- In Server Manager, click Add roles and features.
- In the Add Roles and Features Wizard, click Next.
- On the Select installation type page, click Next.
- On Select destination server page, click Next.
- On the Select server roles page, select the DHCP Server check box.
- In the Add Roles and Features Wizard, click Add Features, and then click Next.
- On the Select features page, click Next.
- On the DHCP Server page, click Next.
- On the Confirm installation selections page, click Install.
- On the Installation progress page, wait until the Installation succeeds.
Once the installation completes, you can proceed to authorize the DHCP server or start configuring the DHCP scopes.
By configuring DHCP scopes, you make IP addresses available to the DHCP clients. A DHCP scope is a pool or range of IP addresses that are available for lease from the DHCP server. Usually a DHCP scope is limited to the IP addresses in a prearranged IP subnet. DHCP scopes must be activated before their IP addresses become available in the network.
On Windows Server 2012, you configure a DHCP scope along with the following settings:
Name and description. This is used to identify the scope. The name is mandatory, the description is optional.
IP address range. This is the starting pool of IP addresses that are available for lease. This pool usually lists the entire range of addresses for a defined IP subnet.
Subnet mask. This property provides space to configure the bit length and the decimal notation for the subnet mask.
Both fields are automatically filled when you enter the IP address range. You may need to change those values when using non default class A, B, or C networks. The subnet mask is used to separate the network ID from the host ID component in the IP address; this allows TCP/IP hosts to determine their location in the network.
Exclusions. Here you list single addresses or range of addresses that belong to the IP address pool, but that will not be offered for lease usually because they have been manually assigned to servers in the network. For example, if the DHCP server is deployed to the same subnet, it will need at least one IP address from the pool. That IP address should be excluded from the scope.
Subnet Delay. This is the amount of time in milliseconds that the DHCP server waits before sending a DHCPOFFER. The default value is 0; when having two DHCP servers servicing the same IP subnet, you may change the default settings on your lower-priority DHCP server by increasing the subnet delay value.
Lease duration. This is the amount of time for which clients are allowed to use the IP addresses without renewal. It is recommended to use shorter durations for scopes with limited IP addresses or a significant number of mobile clients, and longer durations for more static networks.
A DHCP reservation is a given IP address from within a scope that is set aside for lease to a specific DHCP client. DHCP reservation ensures that the IP addresses that you reserve from a configured scope are not leased to any other device in the network. A DHCP reservation also ensures that devices with reservations are certain to have their IP address even if a scope runs out of available IP addresses. The device’s network interface media access control (MAC) address or physical address is necessary to configure a reservation. If the client is already leasing an IP address from a Windows Server 2012 DHCP server, its MAC address will be available from the DHCP management console.
DHCP options are configuration settings that are applied to the DHCP clients when they lease or renew their IP addresses from a DHCP server. An option code identifies the DHCP options; many DHCP options are available, among the most common ones are:
- * Option 003 – Router (the default gateway for the subnet)
- * Option 006 – Domain Name System (DNS) servers
- * Option 015 – DNS suffix
On a Windows Server 2012, you can configure DHCP options at the server, scope, reserved client, and class levels. When troubleshooting the DHCP service, it is critically important that you understand the order in which DHCP applies these options to client computers. DHCP options are applied in the following order:
- Server level. A server-level option is assigned to all DHCP clients of the DHCP server. Server options can be superseded by scope, class, and client-assigned options.
- Scope level. These settings are applied to clients that obtain a lease within that specific scope. Scope options consistently apply to all computers acquiring a lease from a given scope unless they are superseded by class or reserved client options.
- Class level. Client class can be user-defined or vendor-defined. A class-level option is assigned to all clients that identify to the DHCP server as members of a class. Class options can be superseded by reserved client level options.
- Reserved client level. This is a reservation-level option that is assigned to one DHCP client. If DHCP option settings are configured at each level and they conflict, then the option that is applied last overrides the previously applied setting. Because the reserved client options are the last one to apply, they will override all the previous levels in case of conflicting settings.
DHCP Lease Generation Process
Understanding the steps involved in the lease and renewal of IP addresses helps you troubleshoot problems when clients cannot obtain their configuration from a DHCP server. There are four steps in the DHCP lease process:
- DHCPDISCOVER. The DHCP client broadcasts a DHCPDISCOVER packet in the subnet. All computers in the subnet receive this packet; however, only the DHCP server responds. If there is no DHCP server in the subnet, then a computer or router configured as DHCP Relay agent forwards the message to a DHCP server located in another subnet
- DHCPOFFER. All DHCP servers that receive the client DHCPDiscover packet reply with a DHCPOffer packet. This packet contains IP configuration settings including an available IP address and subnet mask.
- DHCPREQUEST. The client might receive DHCPOFFER packets from more than one DHCP server; if that is the case, the DHCP client typically selects the DHCP server that responded first to its DHCPDISCOVER packet. The client then broadcasts a DHCPREQUEST identifying the DHCP server from which is willing to lease the IP settings. This broadcast reaches all other the DHCP servers so they know which server’s DHCPOFFER the client has accepted.
- DHCPACK. The selected DHCP server stores the IP address client information in the DHCP database and sends back a DHCPACK message and any optional configuration parameters. It is possible for the DHCP server to send a DHCPNAK message; this may happen if the IP address is invalid or it is being used by another computer. In this case the client begins the lease process again.
DHCP clients try to renew their leases after every reboot or startup. This is a great feature, especially for mobile devices since users may move their laptops or tables to different locations or subnets and those devices can automatically obtain the right IP configuration to operate in the new environment. The lease period is reset after each renewal. You can force a renewal by executing the following command: ipconfig /renew. If a device stays on, it will attempt to renew its lease when 50% of its lease time has elapsed. This is a transparent background process in which the DHCP client broadcasts a DHCPREQUEST message. If the DHCP server that leased the IP addresses is available, it will send a DHCPACK message back to the client. If some options have changed since the original lease, the DHCP server includes the new values with the DHCPACk message.
If the DHCP client cannot talk with the DHCP server, then the client waits until 87.5 percent of the lease time passes and then tries to renew again. If 100 percent of the lease time has expired and the renewal is unsuccessful, the client goes into autoconfiguration mode.
If a DHCP server is not available and the previous lease has expired, the client computer executes an automatic private IP addressing (APIPA) process to assign itself a valid IPv4 address from the 169.254.0.0 subnet with a mask of 255.255.0.0. Before it starts using the new IPv4 address, the client performs an address resolution protocol (ARP) test to ensure that the selected IP address is not being used by any other client in that network. After it configures itself with its new APIPA address, the client keeps sending broadcasts every five minutes to the network, trying to contact a DHCP server. Whenever a DHCP server responds, the client negotiates a new lease, and configures the NIC with the new IPv4 address obtained from the DHCP server.
On Windows Server 2012, DHCPv6 scopes are created and configured separately from IPv4 scopes. Let’s review the step-by-step configuration of a DHCPv6 scope.
- On the DHCP Server console, right click IPv6 and select New Scope.
- On the Welcome to the New Scope Wizard, click Next
- On the Scope Name, enter Name and Description information.
- On the Scope Prefix, enter the corresponding prefix for your IPv6 network. If you have multiple DHCPv6 servers, the preference value can be modified to indicate your priority among the servers. The lower this value, the higher the priority.
- On the Add Exclusions, enter any IPv6 address that belongs to that scope but has been manually assigned to other devices in the network. This includes the IPv6 address that is manually configured on the DHCPv6 server itself. Additional exclusion can be added after the initial DHCPv6 scope has been configured.
- On the Scope Lease, configure two settings:
- Preferred Life Time is the length of time that a valid IPv6 address is preferred. When this time expires, the address becomes deprecated but it is still valid.
- Valid Life Time is the length of time that an IPv6 is in the valid state. The address becomes invalid after the valid life time expires. The valid life rime must be equal or greater than the preferred life time.
- On the Completing the New Scope Wizard, click Finish to activate the scope.
As on IPv4 scopes, you can configure exclusions, reservations, and DHCP options on IPv6 scopes. However, DHCPv6 clients do not use their MAC addresses when contacting a DHCP server. Instead a device unique identifier (DUID) is used by clients to get an IP address from a DHCPv6 server.
IPv6 supports both stateful address configuration and stateless address configuration. Stateful address configuration happens when a DHCPv6 server assigns the IPv6 address to the DHCPv6 client in conjunction with additional DHCP configuration options.
Stateless address configuration is an autoconfiguration process by which IPv6 clients assign themselves IPv6 address without ever talking to a DHCPv6 server. It is possible to use a combination of both. For example, you may configure your DHCPv6 client in stateless mode so that they don’t need a DHCPv6 server to obtain an IP address, but you may assign the DNS server address to the same clients using a DHCPv6 server.
Even though routers play an important role in the aotuconfiguration process of DHCPv6 clients, even without a router present, hosts in the same subnet can automatically configure themselves with IPv6 addresses based on the link-local prefix of FE80::/64; this allows the clients to communicate in the local subnet without manual configuration. Before using an auto-selected link-local unicast IPv6 address, a duplicate address detection process is performed to ensure that the select IP address is not being used by another host in the subnet. If the duplicate address detection is successful, the link-local address is initialized for the interface.
In this article we concentrated on the deployment of the DHCP server role on Windows Server 2012 and how the DHCP server scopes and autoconfiguration play an important role for IPv4 and IPv6 clients in the network. In our next article we will focus on the DHCP service availability and some of the new features on Windows Server 2012.
This article was originally published by Intense School.
If you would like to read the next part of this article series please go to Windows Server 2012 DHCP (Part 2).