DHCP ipv4 lease negotiation:
client DHCPDISCOVER
server DHCPOFFER
client accepts DHCPREQUEST
server accepts DHCPACK or not DHCPNAK.
client tests address with and fails DHCPDECLINE
DHCPRELEASE client releases lease
DHCPINFORM client requests more options
Client will attempt to renew lease starting at 50% of lifetime via DHCPREQUEST messages.
at 87.5% of lease and no responses, client will DHCPREQUEST broadcast for any dhcp server.
releases lease at 100% of no response, or a DHCPNAK response.
Install role DHCP Server (DHCP) and DHCP tools(RSAT-DHCP). When you install from the Gui Add Roles and Features, you will have a task for "complete DHCP configuration" in Server Manager. This wizard will prompt you to authorize the DHCP server,
Bind server to the NIC's that you want to use for DHCP: IPv4, or IPv6 properties, Advanced, Bindings.
4.2.1 Create and configure scopes
v4
DHCP manager, right click IPv4 and select New Scope.
Give the scope a name and description
Put in a start and end ip address for the scope. Then configure the subnet mask.
Add an exclusion range for ip's you do not want to be given out.
Set a lease duration.
You will be prompted to configure DHCP options(see 4.2.3)
Once created, you should right click the scope and select "Activate"
v6
DHCP manager, right click ipv6 and select new scope
Give the scope a name and description
Enter the prefix for the scope. Enter a preference, which determines which dhcp server has preference when
client receives messages from multiple dhcp servers(highest value is preferred). set to
255 for immediate use.
Add exclusion ranges, if necessary.
Configure lease durations. preferred determines how long an interface should consider address usable. valid
lifetime is how long the address is valid.
You are prompted to activate the scope, or you can manually activate it later.
Powershell:
v4
add-dhcpserverv4scope -name "192.168.11.0 scope" -startrange 192.168.11.1 -endrange
192.168.11.254 -subnetmask 255.255.255.0
add-dhcpserverv4exclusionrange
other commands:
get-dhcpserverv4scope, get-dhcpserverv4exclusionrange, remove-dhcpserverv4scope, remove-dhcpserverv4exclusionrange, set-dhcpserverv4scope
extra note:
superscope: container for ipv4 scopes, and can be used to distribute addresses from multiple logical ip networks in the same physical segment
multicast scope: class D network
failover scope: 2012 mode that automatically splits scopes between two dhcp servers
v6
add-dhcpserverv6scope -name "0200 scope" -prefix fc00:0:0:0200:0:0:0:0
add-dhcpserverv6exclusionrange -prefix fc00:0:0:200:: -startrange fc00:0:0:200::1 -endrange fc00:0:0:200:0:0:3:ffff
other commands:
get-dhcpserverv6scope, get-dhcpserverv6exclusionrange, remove-dhcpserverv6scope, remove-dhcpserverv6exclusionrange, set-dhcpserverv6scope
use -state active|inactive parameter with set-dhcpserverv#scope command to activate/deactivate scope
extra note: split-scope is where a scope is split between dhcp servers as a failover. you can right click the scope and advanced/split-scope to bring up the wizard. In 2012 should probably use the failover option instead.
4.2.2 configure a DHCP reservation
DHCP reservations are ip addresses that will always be assigned to a machine's interface when it requests an ip.
v4
Requires the mac address of the interface on the computer that will be assigned a reservation
Under the appropriate scope, right click reservations and new reservation.
give it a name, enter the ip address, then the mac address, and finally a description. specifiy dhcp if you wish
to only support dhcp for this reservation
After creation, you can right click the ip and specify specific dhcp options for this address.
v6
v6 reservation is similar to v4 except for v6 you will need the following from the interface, instead of a mac address. You can get both with ipconfig /all
DHCP Unique Identifier(DUID): This uniquely identifies a client or server
IAID: a unique id part of the Identity Association(IA) that identifies a specific interface.
powershell
v4
add-dhcpserverv4reservation -scopeid 192.168.10.0 -ipaddress 192.168.10.8
-clientid 00155d017506
v6
add-dhcpserverv6reservation -prefix fc00::200:0:0:0:0 -ipaddress fc00::200:0:0:0:6
-clientduid 0001000117d29a2e00155d017500 -iaid 536876381
other commands: get-dhcpserverv4reservation, remove-dhcpserverv4reservation, get-dhcpserverv6reservation, remove-dhcpserverv6reservation
4.2.3 configure
DHCP options
options are sent to the client. They can be configured for all scopes on server, a specific scope, or a single reservation.
You configure options for one scope under Scope options.
v4
common v4 options.
001-Subnet mask(sent by default from the scope)
003-Router: default gateway
006-DNS Servers
015- DNS name
044 Wins Server
v6
common v6 options
0023 DNS Recursive Name Server
0024 Domain Search List.
powershell
list all options available
get-dhcpserverv4optiondefinition
get-dhcpserverv6optiondefinition
show current values assigned to a specific scope:
get-dhcpserverv4optionvalue -scopeid 192.168.10.0
get-dhcpserverv6optionvalue -prefix fc00:0:0:200::
set new option values for a specific scope
set-dhcpserverv4optionvalue -scopeid 192.168.10.0 -optionid 6 -value 192.168.10.1, 192.168.10.2
set-dhcpserverv6optionvalue -prefix fc00:0:0:200:: -optionid 23 -value fc00:0:0:200::5
extra note: for dns server options. use -force to skip checking if they exist
extra note: you can define classes to assign options to a group of computers. right click ipv4 or ipv6 select define user classes. create a new ClassID. Use ipconfig /setclassid "LAN" ClassID on the client interfaces that will be in that class
4.2.4 configure client and server for PXE boot
if DHCP server is on same machine as WDS, set custom option 60 to PXECLIENT
if they are on separate servers on same subnet, use:
option 66: boot server host name
option 67: boot file name
Extra note: MS recommends using a router to ip-helper address to the DHCP and WDS servers on different subnet for all dhcp requests
4.2.5 configure DHCP
relay agent
If you aren't using a router to do DHCP relay, you can install RRAS role to get DHCP relay setup on a server:
add role Remote Access(RemoteAccess) and check Directaccess and VPN, as well as Routing
once installed, go into computer management, and go under Services and Applications
Right click Routing and Remote access and select "Configure and enable Routing and remote access"
select custom configuration, and then LAN Routing
Expand Ipv4 or Ipv6.
Go to general and right click the pane and "New Routing Protocol". Select DHCP Relay Agent
right click Dhcp Relay Agent and "New Interface"
Select options: Relay DHCP Packets(enabled), Hop-count threshold, Boot threshold(this delay is so local DHCP servers will respond first)
Right click DHCP Relay Agent, properties. Enter the IP address for the server to forward to.
IPv6 is similar except Boot threshold is called Elapsed-time threshold. Also, properties has Server tab for ipv6 servers. General tab is for event logging options.
extra note:
install-windowsfeature remoteaccess -includeallsubfeatures -includemanagementtools
4.2.6 authorize DHCP server
As stated above, you are prompted with a task to authorize the DHCP server when you first install the role. However, if you need to Unauthorize/Authorize the server, you can right click the server in DHCP Manager and select authorize/unauthorize.
Powershell:
If installed in powershell, the DHCP server is not automatically authorized. Use get-dhcpserverindc to see authorized DHCP servers. Then authorize the server with cmdlet:
add-dhcpserverindc -dnsname 'dc.contoso.com' -ipaddress 192.168.10.1.
command line:
netsh dhcp server \\dhcpsrv01 initiate auth
No comments:
Post a Comment