Dynamic Host Configuration Protocol (DHCP)
Port: 67 Server and 68 client. Both UDP.
DHCP DORA – Discover, Offer, Request and Acknowledge.
Reservation: A reservation ensures a DHCP client is always assigned the same IP address. We add reservation post DHCP installation.
Exclusion: Exclusions are address which we can add an IP or set of IP addresses.
DHCP lease through conditional MAC:
DHCP can distribute IP address lease based on MAC address.
DHCP console -> Double click DHCP server -> Right click IP v4 and select properties
To configure, IP v4 -> Filters -> Right click Allow or deny -> New filter and type MAC address
Automatic Private IP Addressing [ APIPA ]
169.254.1.1 to 169.254.255.254
For APIPA, clients will be assigned with Class B subnet mask [255.255.0.0]. If a client has APIPA address it will check for DHCP server every 5 minutes. If available it will get a DHCP IP address.
APIPA is assigned the client itself. In order not to get duplicate APIPA, clients will broadcast itself (IP address etc) in the network.
DHCP relay agent:
A relay agent is a program that relays DHCP / BOOTP messages between clients and servers on different subnets.
Default: 8 days
Min: 15 minutes
Max: 1000 days
|Bootstrap protocol||Dynamic Host configuration protocol|
|Assigns IP v4 address to clients||Assigns IPv4 and IP v6 address to clients|
|BOOTP clients needs to be restarted to bind or renew configuration||Restart not required|
|No IP leasing feature||Has IP leasing feature|
A Reservation ensures a DHCP client always assigned the same IP address.
Reservation can be done once DHCP is installed.
Exclusion can be made to an IP address or a range of addresses. These address(es) will not be distributed by DHCP server to clients.
Exclusion is configured during DHCP scope creation / DHCP installation.
Distributing DHCP based on MAC address:
DHCP console -> Double click the DHCP server -> Right-click IPv4 and select properties -> Click Filters and select Enable allow list
IPv4 -> Filters -> Right click allow or deny -> New filter and type MAC address
A scope contains scope name, Range of IP, Subnet mask and lease duration values.
A Superscope is a group of multiple scopes. A superscopes is used in the following situations:
- If the available IP pool is depleted
- Clients need to be migrated over a new network
DHCP Scope options
DHCP lease process
Before a lease expire, a DHCP client must renew the lease or obtain a new lease. Once the lease is expired, in Windows 2008, lease DB retain the expired system details for 4 hours. After that the entry will be removed.
DHCP DB Cleanup occurs every one hour.
DHCP IP address conflict detection
Once a client receive an IP from the DHCP server it will send an ARP request to the address in the Network. If a reply to the ARP request is received, the client has received a conflict and sends a DHCP decline message to the DHCP server.
The client then begins the DORA process again. DHCP server marks that IP as BAD address. Old systems don’t have conflict detection. We need to enable this at the server end.
DHCP in Windows 2008 and above server:
Supports IPv6, Stateful and Stateless configuration.
Client gets IPv6 address through Router – Router
How it works?
- When a client is connected to IPv6 DHCP network, it will first check for discovering the network.
- Router in the IPv6 network provides network prefix to the client.
- Client then inturn combines the Network prefix with the client ID to form a complete IP address.
- Then the client checks with the DHCP server for other configuration data such as DHCP server etc
Note: Stateless configuration needs IPv6 compatible version router. If the Router does not support then we need to use Stateful configuration.
Network Access Protection
Windows 2008 DHCP server would not allow client if it does not compliant with internal security policies, Windows update or if it does not have Anti-virus installed
Windows 2008 supports Server Core DHCP server
Configuring DHCP in Windows server 2008
- Two sections in DHCP console – IPv4 and IPv6.
- We can authorize or unauthorize the DHCP server. If unauthorized, the DHCP server would not give IP to clients.
- After creating a scope, it needs to be activated. Otherwise the DHCP server would not issue IP address that is configured in that scope.