ࡱ> zA  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxy{|}~Root Entry     p{;Q@.2  PowerPoint Document+,-./0(56789'@PersistentStorage DirectoryOP8UVWXY>SummaryInformation(M'[',) P Z4(@"@ @ ?       a- "-$OOO "----8'a , - . / 0 1 2 3 4 5 6788999999888766543210/.-,  9#9#8"8"7!7 6 5 %.%/%0%1%1$2$3$4$5$6$7$8$9$:$;$;#<#=#>#>"?"@"@!A!B C CDDEEFFFGGGGHHHHHHHHGG G F F E EDDCBA@?>=<;:9875432  567788 8 9----8e s Q Q Q R S STTTT5T6T7S7R8Q8Q9e9e8d8c8c7b7b6b5b(k(r3r4s4s5s6s7s8r8r99887766554322y(z({({'|'}'~&&%$$#"!! ~ } | { z y x w v u t s blmnopqrstuvwwwwwvvuttsrqponmlbb----8\"!  !"#$%&'())*++,---....//////....--,++*)(('&%%$#"  !"#%&'()+,-./012334566788999:::::::::::999887665433210/.-,+)('&%#"!  ----$      !"#%&'(*+,-./012344566788999:::::;;::::::::999888777666555666'(()**+++,,,----............----,,+**)('&%$#"! ----$C"=>??@AA@@ ? ? ? > =      55677889=9>9>:?:?;@;@<A<A+@+@,?,?-?.>.=."."'2'3'4(4)5)5*6*65544432""----D$ {|   ~}|{{ z y x w v u t s r q p o n m l k j i h f e d c a ` _ ^ ] \ [ Z Y YXWVVUTSSRRRRRRRRRRSST U!V"W#X#Y#Y$Z$[$\%]%^%_%`&a&b&d&e&f&h&i&j&k&l&m&n'o'p'q'r's't(u(u)v)v*v+v,v-v.u.u/t/t0s0r0q1p1o1n1m1l1k1j1i1h1g1f1e1d1c1b1a0`0_0^0]/\/[.Z.Y.Y-X-X,W,W+V+V*W*W)U)O7P8P7Q7Q6R6S6S7T7U7V8W8X8Y8Y9Z9[9\9]9^9_:`:a:b:d:e:f:h:i:k:l:m:o:p:q:s:t9u9v9w8x8y8z7{7|6}6}5~5432110/.-,+*)('&%%$#""!! ~ } |{zyxwvutsqpomlkjihgfedccba`__^^^^^_`aabcdefghijklmnopqrstuvwxyz{{{----@$                                     !!""###$$%%%%&&&&&&&&&&&&'''''''(()**+,--.//000111111111111111110000//..--,,+*))7877667777888899999::::::::::::::::999888776655432110/.-,+*)('&%$#"!!   ----$D!#*((''&%$#"!             !!!!!" " " " """"""""""####$$%%&'()*++,,--..../////// / / / ///.....----,,++**))(('&%67665556667778888899999::: : : :::::::999887 7!6"6#5$4%4&3&2'2(1(0)/*.*-*,+,+++*+),(,',&+%+$+#+"+!* **))(''&%$#"!                                       !!"""!----8ZD"D!D DDEEEFFGGHHIJKKLMNOPQRRSTUVWXYZZ[\\]]]^^ ^!^"^#^$^%]&]'](\)\*[*[+Z+Z,Y,Y-X-W-V.U.T.S/R/Q/P/O/N.M.L.K.K-J-I-I,H,H+G+F*F)E)E(E'D&D%D$D#D"Q O N L K I H G E D C B A@?>=<;::9887766655 5!5"5#5%5&6'6(6)7+7,8-8.9/:0:1;2<3=3>4?5@6A6B7C8D8F9G9H9I:K:L:N:O:Q:R:T:U:W:X:Y9[9\9]8_8`7a6b6c5d4e3f3g2g1h0i/i.j-j,k+k)l(l'l&l%l#l"l!l lllkkkjiihggfedcba` _ ] \ [ Z X W U T R Q ----x$:      x x y z { {{{{5{6{7z7z8y8x8x998877665''''(()**----f$15677888998887765           ----$f345677889988776544 3 4 5!5!6 6 77889292818170706051514<===>>>??@@ A A A 0 0 0 1 2 2221)(##"""## $ $     (          ----8>k R R R S T TTSSSSG0G1G2F2F3F4E5E6D6D7C7C8B8B9T9T8S8R7Q6Q5Q4R4S0i0j4k4k5k6k7j7j8i8i9{9{8z7y7y6y5jjjiiii j k k k V(]e(V(----8c"      567788998877665((33455677889988776544332(('''&&%%$$##""!              ----$E           5677888999:::;<<++,--....''''(()**----$BmCnJ^I^I_H_G_F_E_D_C_C^B^A^@]?]>]=]<\;\:\9\8\7\6\5[4[3[2[0[.[-\+\*\(\']%]$^#^!_ ``abbcdefghijkmnoprstuwxyz|}~ "#$&')*,./1345789:;<=>?@ABCDEFGGHIJKKLCyBzB{B|A}@}@~?~>~=<;:9876543210/.-,+*)~(~'}&}&|%|%{${$z#y#x#w"w"v"u"t"s"r"q#p#o$n$m%l&k'k'j(j)i*i+h,h-h.h/g0g1g2g3g4g5g6g7g8g9h:h;h<h=i>i?i?j@jAkBlBm----8O|xwvutsrqqppooonnnnnnnnnnnooppqqrstuuvwxyz{||}~~~~}||{zyxddddddeeeffgghiijk~k~l}m}n|o{p{qzrzsztzuzvzwzxzyzzz|z}z~{{||}}~~}|zyxwvutsrqponmlkjiihggffeeedddddd----8Xeefffghhi~~}}}}|||{{zyxwvutssrqponmllkjiihhgggfffeeeeeeemmmmmmnnnnoopqrsttuuuuuuuum----8JJmRmSmTmUmVmWnXnYnZnZo[o[p[q[r[sZsZtYtXtXuWuVuUuTuSuRuJuJmJ~S~U~V~W}X}Y}Z}[}\}]}^|_|`|a{b{bzczcydydxexewevfuftfsfrfqfpfofnfmemelekdjdicibhag`g_f^f]f\e[eZeYeXeWeVe<e<f=f=g>g>h>i>>>==<<LLKKJJJJ~----8M|xwvutsrqqppooonnnnnnnnnnooppqqrstuuvwxyz{||}~~~~}||{zyxddddddeeeffgghiijkklmnopqrstuvwxyz|}~~}|zyxwvutsrqponmlkjiihgffeeedddddd----8Weefffghhi    ~~&&%%$#""!! }}}}|| | {!{"z#y$x$w%v%u%t%s&r&q&p%o%n%m%l$l$k#j"i"h!h ggfffeeeeeeemmmmmmnnnnoopqrssttuuuuuuuum----v84xececfdfdgdhdidjZZYYYXXWWVVVddccbbccdvxxxxwwvvwjwiwhwgwfxfxeg}mms}g}----\$,oooooopqqbbcddeeeeddcbbqqpooo----B$!!i!h!g"g"f#f$f$eeffgghi$$##"!!!----8O|cxcwcvcudtdsereqfqfpgpgohoioinjnknlnmnnnonpnqnrnsnsotoupvpvqwqwrxsxtxuyuyvywyxyyyzy{y|x|x}x~w~wvuttsrqqponmlkjihhgfeee~d~d}d|c|c{czcycxndmdkdjdidhdfeeedecfbfag`g_h_i^i]j\k[k[lZmZnYoXpXqWrWsWtWuWvWwWxWyWzW|W}W~WXXYYZZ[\\]^__`abcdeghijkmnoprstuvwxyz{|}~~}|zyxwvutsrqponmlkj~i}i|h{gzfyfweveuetdsdrdpdodnd----$>eefffghhirihggffeeffghhi{jihggffe--T 4 @`@T 4  @@``@T 4@`0@T 4$$GGkkOL <Times New RomanL <"ArialL <Monotype SortsL <Times New RomanL <Times New RomanL <1Courier (W1)$)B* w#,,,,P,P@ddddddddddQ@L:K7I6Iw PPFFUuKdQddQddUuAdQddntxyw    P Pxx@dd@dd@dd@dd@ddXXXXXwPPKLdddddddddd$^ZKWKWLwPPNQ@dd@dd@dd@dd@dd{F}C@?w}%|"{yvusPP#&(06:<FJMOTYZZ}y[s[p[o[nkWhVfSfQew a5a2a-_,_(^&[&PX(V+PU-S2S5S7S<S?S@UUGVLXOYPY--KLLLKIIIHHFFFFwOqRnVmYm^mamcpPfqitPkulzn}noooooppppruxyy|}8|z{wyuyw3tw{~PP|yxvrlihhfccbbbaaaaa___^   (z 800t:'PD$42@dd35//0011 @ p%t} H./04x$a(  (t}  800 (   ( P?7 8}00D   ( PmE  8}00t;'PD$  42@dd3 5//0011 H./04x$'{I  (@ p 800  S  ( P@p` @ 8}00:'P{$z& ##/5DECUS 97 Europe Managing a DHCP Environment // z, z$ z,X0H0/4 z@d0d11 z  z z z z z z R (@`z 800:'P$D-C:R5Bernie Volz, CTO volz@process.com Tuesday, 7 October, 1997 11:00 AM, Bella Vista 2// {  { { 0 {00 04 {TlK0d4 {TlK0d4 {TlK0d4 {TlK0d11! { { { { { { { { { { { { { { { {  {  (P+{ 800D @ p%t} H./04x$a(  (t}  800 (   ( P?7 8}00D   ( PmE  8}00t;'PD$D  42@dd3 5//0011  H./04x$'{I  (@ p 800 h D   ( P8 8}00:'P#l$D#U5Contents</,/{,X0H04{@dd(11{    ( P04  8}00\:'P,$Dj 5DHCP Overview Types of Address Allocation DHCP Operation Configuration Guidelines Security Issues Troubleshooting Tips IP Address Management Products References</,/!{ P0@04!{UuKd4!{UuKd4!{UuKd4!{UuKd4!{UuKd4!{UuKd4!{UuKd 4!{UuKdX1H1v!{!{ !{@ p%t} H./04x$a(  (t}  800 (   ( P?7 8}00D   ( PmE  8}00t;'PD$  42@dd3 5//0011  H./04x$'{I  (@ p 800 0 a   ( P8 8}00:'P#$#U1 5DHCP Overview</,/ 3{,X0H0 43{@dd@1013{ 3{    ( P04  8}00:'P$j '5Dynamic Host Configuration Protocol A tool for centralized management of TCP/IP addresses Address assignment for TCP/IP hosts is often an administrative burden A recent Forrester survey found 72% of respondents were having TCP/IP addressing problems 80% of respondents used manual configuration//$,8{ 6,8{f,8{g,8{00$4,8{UuKd64,8{QddF4,8{Qdd 4,8{Qdd:4,8{UuAd-4,8{UuAd1x1#,8{,8{,8{z,8{,8{M @ p  H./04x$'{I  (@ p 800     ( P8 8}00:'P#$#U~5DHCP Overview (Contd)h/X/B{,B{X0H04B{@ddX1H1B{ B{B{    ( P04  8}00?:'P$j K5Dynamic Host Configuration Protocol Provides configuration parameters to hosts IP address, address mask, router address, host name, and others Extension of the BOOTP protocol Allows use of existing BOOTP relay agents and configuration information Expands functionality of BOOTP which just had support for manual address allocation//$d{ +d{Ad{ d{d{00$4d{UuKd+4d{QddA4d{Qdd 4d{QddH4d{QddS4d{Qddp1`1d{d{d{d{@ p%t} H./04x$a(  (t}  800 (   ( P?7 8}00D   ( PmE  8}00t;'PD$  42@dd3 5//0011  H./04x$'{I  (@ p 800 q S   ( P8 8}00:'P#{$#U#5DHCP Address Allocation</,/{,X0H04{@dd(11{    ( P04  8}00V:'P&$j 25Three mechanisms for IP address allocation Automatic allocation - IP address is permanently assigned to a client Dynamic allocation - IP address is temporarily assigned (leased) to a client Manual allocation - IP address is assigned by a network administrator to a client All three can operate at same time//+Н{ FН{MН{RН{"Н{ x0h0+4Н{UuKdF4Н{QddM4Н{QddR4Н{Qdd"4Н{UuKd11LН{Н{Н{Н{GН{Н{LН{Н{#Н{z@ p%t} H./04x$a(  (t}  800 (   ( P?7 8}00D   ( PmE  8}00t;'PD$  42@dd3 5//0011  H./04x$'{I  (@ p 800  X   ( P8 8}00:'P#$#U(5Automatic Address Allocation</,/{,X0H04{@dd(11{    ( P04  8}00:'P$j b5Once an address is assigned to a client, that client has that same address forever (infinite lease) Assignment is based on clients identifier (name or hardware address) Address can only be reclaimed by modifying configuration file/database and by removing address from client</,/H{ 00f4H{UuKdF4H{UuKdj4H{UuKd11!H{H{H{H{H{H{H{H{H{H{H{H{ H{H{H{>H{ H{H{H{ @ p%t} H./04x$a(  (t}  800 (   ( P?7 8}00D   ( PmE  8}00t;'PD$  42@dd3 5//0011  H./04x$'{I  (@ p 800  V   ( P8 8}00:'P#~$#U&5Dynamic Address Allocation</,/{,X0H04{@dd(11{    ( P04  8}00:'P$j r5Client assigned address when it requests one for a limited time (lease time) Client must renew address request to extend lease (if granted) Addresses can be reclaimed by disallowing leases (new and extensions) after lease time expires Most useful for laptops and temporary users</,/{ 00 0M4{UuKd?4{UuKd_4{UuKd+4{UuKd11{+{{{{{ @ p%t} H./04x$a(  (t}  800 (   ( P?7 8}00D   ( PmE  8}00t;'PD$  42@dd3 5//0011  H./04x$'{I  (@ p 800 Q U   ( P8 8}00:'P#}$D#U%5Manual Address Allocation</,/{,X0H04{@dd(11{    ( P04  8}004:'P$Dj 5Network administrator enters IP address and clients network address in DHCP/BOOTP configuration database Most useful for blackbox devices such as routers, gateways, printers, and terminal servers that need to have fixed and well-known IP addresses</,/{ 00j4{UuKd4{UuKd1x1,{{s{{E{b@ p  H./04x$'{I  (@ p 800  J   ( P8 8}00:'P#r$D#U5DHCP Operation</,/{,X0H04{@dd(11{ `   ( P04  8}00:'P$Dj 05DHCP uses UDP datagrams Client and server use broadcasts to communicate until client has assigned address Basic address assignment takes 5 steps ...</,/{ 004{UuKdR4{UuKd*4{UuKd(11{)"@ p  H./04x$'{I  (@ p 800 ( I   ( P8 8}00:'P#q$D#U 5DHCP Timeline</,/ {,X0H0 4{@dd(11 {    ( P 8}00K :'P $DH 5 Server Client Server (not selected) (selected) v v v | | | | Begins initialization | | | | | _____________/|\_____________ | |/ DHCPDISCOVER | DHCPDISCOVER \| | | | Determines | Determines configuration | configuration | | | |\ | ____________/| | \_________ | /DHCPOFFER | | DHCPOFFER\ |/ | | \ | | | Collects replies | | \| | | Selects configuration | | | | | _____________/|\_____________ | |/ DHCPREQUEST | DHCPREQUEST \| </,/H{ 0x0*4H{@dd-4H{@dd(4H{@dd(4H{@dd(4H{@dd(4H{@dd(4H{@dd(4H{@dd(4H{@dd,4H{@dd.4H{@dd(4H{@dd(4H{@dd(4H{@dd(4H{@dd(4H{@dd(4H{@dd(4H{@dd(4H{@dd(4H{@dd(4H{@dd(4H{@dd4H{@dd(11H{    ( P  8}00 :'P $:Z m 42TuKd3 U5 Server Client Server (not selected) (selected) | | | | | Commits | | | configuration | | | _____________/| | |/ DHCPACK | | | | | Initialization complete | | | | . . . . . . | | | | Graceful shutdown | | | | | |\_____________ | | | DHCPRELEASE \| | | | | | Discards lease | | | v v v </,/Up| 00*4p|@dd-4p|@dd(4p|@dd(4p|@dd(4p|@dd(4p|@dd(4p|@dd(4p|@dd(4p|@dd(4p|@dd(4p|@dd(4p|@dd(4p|@dd(4p|@dd(4p|@dd(4p|@dd(4p|@dd(4p|@dd.4p|@dd(4p|@dd(4p|@dd(11Up| z P`  800 % (@| 86P00:'Pe$P# 51</,/P|X0H04P|@dd(11P| % (| 86P00:'Pe$P 52</,/,|X0H04,|@dd(11,| = (i| 86P00:'P}$PP  53</,/|X0H04|@dd(11| = (& P| 86P00:'P}$`&3` 54</,/|X0H04|@dd(11| = (&y | 86P00:'P}$``` 55</,/x#|X0H04x#|@dd(11x#| % (& 0| 86P00:'Pe$` 58</,/D'|X0H04D'|@dd(11D'| !@ p  H./04x$'{I  (@ p 800  I   ( P8 8}00:'P#q$#U 5DHCP Messages</,/ -|,X0H0 4-|@dd(11 -|    ( P04  8}00p:'P@$j ,5DHCPDISCOVER - Client broadcasts to locate available servers DHCPOFFER - Server sends to client in response to DHCPDISCOVER with offer of configuration parameters DHCPREQUEST - Client broadcasts to servers requesting offered parameters from on server DHCPACK - Server sends to client with configuration parameters, including address DHCPNAK - Server sends to client refusing request for configuration parameters DHCPDCLINE - Client sends to server indicating configuration parameters invalid DHCPRELEASE - Client sends to server to release assigned address</,/,1|00=41|TuKdf41|TuKdX41|TuKdR41|TuKdO41|TuKdP41|TuKd@41|TuKd(11,1| @ p%t} H./04x$a(  (t}  800 (   ( P?7 8}00D   ( PmE  8}00t;'PD$  42@dd3 5//0011  H./04x$'{I  (@ p 800 3    ( P8 8}00:'P#$#US5DHCP Operation - Step 1</,/|C|,X0H04|C|@ddX1H1|C||C||C|    ( P04  8}00:'P$j `5After a client boots, it broadcasts a DHCPDISCOVER message to obtain an IP address and configuration parameters A router configured to be a BOOTP relay agent forwards this request to another network segment to remote serversh/X/pG| pG|00p4G|UuKdp4G|Qdd(11G| @ p%t} H./04x$a(  (t}  800 (   ( P?7 8}00D   ( PmE  8}00t;'PD$  42@dd3 5//0011  H./04x$'{I  (@ p 800     ( P8 8}00:'P#$#US5DHCP Operation - Step 2</,/W|,X0H04W|@ddX1H1W|W|W|    ( P04  8}00B:'P$j 5DHCP servers that receive the DHCPDISCOVER message, allocate an IP address and send a DHCPOFFER message with the allocated address and other information Each server allocates an address and marks the address as temporarily allocated (offered)h/X/[| Y[|004[|UuKdY4[|Qddp1`1J[|[|[|[|@ p  H./04x$'{I  (@ p 800 D    ( P8 8}00:'P#$#UX 5DHCP Operation - Step 2 (Contd)h/X/Dd|,Dd|X0H0 4Dd|@dd(11 Dd|    ( P04  8}00:'P$j l5DHCP servers select a DHCPTAB entry based on: 1. Client identifier, if specified 2. Hardware address 3. Client class, if specified 4. Network class, if relayed packet 5. Else, default class, if configuredh/X/.h| h|00.4h|UuKd#4h|Pdd4h|Pdd4h|Pdd$4h|Pdd%4h|Pdd(11h|@ p  H./04x$'{I  (@ p 800 N    ( P8 8}00:'P#$#UX 5DHCP Operation - Step 2 (Contd)h/X/n|,n|X0H0 4n|@dd(11 n|    ( P04  8}00:'P$j v65DHCP servers then assign an address: 1. If address already assigned to client, use it 2. If client requested address, try to assign it and use it if available 3. Otherwise, allocate an unallocated address from the address range usable for the client (first available address starting with end of range is used)h/X/%0:{ 0:{00 0%40:{UuKd140:{PddI40:{Pdd40:{PddX1H1G0:{0:{0:{  @ p% t} H./04x$a(  (t}  800 (   ( P?7 8}00D    ( PmE  8}00t;'PD$D  42@dd3 5//0011  H./04x$'{I  (@ p 800     ( P8 8}00:'P#$D#US5DHCP Operation - Step 3</,/|,X0H04|@ddX1H1|||    ( P04  8}00D:'P$Dj 5The client awaits DHCPOFFER messages If none received in a short time period, it broadcasts another DHCPDISCOVER message If received, selects one of the offers and broadcasts a DHCPREQUEST message indicating the selected address and server nameh/X/%|| ||00%4||UuKdT4||Qdd{4||Qdd(11||~  @ p% t} H./04x$a(  (t}  800 (   ( P?7 8}00D    ( PmE  8}00t;'PD$D  42@dd3 5//0011  H./04x$'{I  (@ p 800     ( P8 8}00:'P#$#US5DHCP Operation - Step 4</,/@|,X0H04@|@ddX1H1@|@|@| k   ( P04  8}00:'P$j ;+5Servers receive the DHCPREQUEST message The selected server marks the leased address as in use and sends the client a DHCPACK message with the negotiated IP address, lease time, and network configuration parameters Other servers that offered an address now release their earlier temporary allocationh/X/(| |00(4|UuKd4|QddT4|Qddp1`1||g|| @ p%t} H./04x$a(  (t}  800 X   ( P?7 8}00 :'PD   ( PmE  8}00t;'PD$  42@dd3 5//0011  H./04x$'{I  (@ p 800 . S   ( P8 8}00:'P#{$#U#5DHCP Operation - Step 5</,/|,X0H04|@dd(11|    ( P04  8}00:'P$j g5The client receives the DHCPACK message and now has a lease on the address and configuration parameters</,/g| X0H0g4|UuKd@101J||  @ p% t} H./04x$a(  (t}  800 (   ( P?7 8}00D    ( PmE  8}00t;'PD$  42@dd3 5//0011  H./04x$'{I  (@ p 800     ( P8 8}00:'P#$#US5DHCP Operation - Step 6</,/Ļ|,X0H04Ļ|@ddX1H1Ļ|Ļ|Ļ| }   ( P04  8}00:'P$j M%5After about 50% of the lease time has elapsed, the client sends the server a DHCPREQUEST message to renew the lease If server responds with DHCPACK, the lease and configuration parameters are updated If server responds with DHCPNAK message, client must give up address and start over at Step 1h/X/t@| @|00t4@|UuKdT4@|Qdd]4@|Qdd1x1@|@|@| @|5@|  @ p% t} H./04x$a(  (t}  800 (   ( P?7 8}00D    ( PmE  8}00t;'PD$  42@dd3 5//0011  H./04x$'{I  (@ p 800 N    ( P8 8}00:'P#$#US5DHCP Operation - Step 7</,/|,X0H04|@ddX1H1|||    ( P04  8}00:'P$j {5If the client hasnt been able to renew the lease (the server is down), it tries again at 87.5% of the lease time and broadcasts a DHCPREQUEST to all servers Any DHCP server can now return a DHCPACK containing the extended lease and updated parametersh/X/x| ]x|004x|UuKd]4x|Qdd(11x|@ p  H./04x$'{I  (@ p 800 - S   ( P8 8}00:'P#{$#U#5DHCP Operation - Step 8</,/\|,X0H04\|@dd(11\|    ( P04  8}00:'P$j 5If client wasnt able to renew lease, it must give up address when lease time expires and start over at Step 1 OR If client wants to give up address (such as during graceful shutdown), it sends server a DHCPRELEASE</,/p| 00o4p|UuKd4p|TuKdd4p|UuKd@101np|hp|t@ p%t} H./04x$a(  (t}  800 (   ( P?7 8}00D   ( PmE  8}00t;'PD$  42@dd3 5//0011  H./04x$'{I  (@ p 800  T   ( P8 8}00:'P#|$#U$5Configuration Guidelines</,/|,X0H04|@dd(11|    ( P04  8}00:'P$Dj `85Have at least two DHCP servers for redundancy Both cant have same address ranges though! Exception: TCPware for OpenVMS DHCP on VMSclusters Work in progress on server-to-server communication (see draft-ietf-dhc-interserver-02.txt) Configure routers to be a BOOTP relay agent to forward requests between networks//.| |(|P| x0h0.4|UuKd,4|Qdd34|Qdd[4|QddP4|UuKd11l| |3|(||P|a @ p  H./04x$'{I  (@ p 800     ( P8 8}00:'P#$D#U!5Configuration Guidelines (Contd)h/X/},}X0H0!4}@ddX1H1}}}    ( P04  8}00H:'P$Dj 5Many implementations use an extended BOOTPTAB like file (DHCPTAB) No defacto standard for tag names though Make sure your clients behave properly and renew leases and give up addresses if not renewable DNS is usually not updated by DHCP servers (see RFC 2136, Dynamic DNS)//Bl} )l}l} l}00 0B4l}UuKd)4l}Qdd_4l}UuKdF4l}UuKdp1`1jl}_l}+l}l} @ p%t} H./04x$a(  (t}  800 (   ( P?7 8}00D   ( PmE  8}00t;'PD$D  42@dd3 5//0011  H./04x$'{I  (@ p 800  K   ( P8 8}00:'P#s$D#U5Security Issues</,/D},X0H04D}@dd(11D} 1   ( P04  8}00:'PY$j 5Restrict clients that can request addresses by listing hardware addresses of adapters Prevents anyone connecting to the network Increases administrative burden though Not universally supported by servers Unauthorized DHCP servers may easily be set up (intentionally or unintentionally)//VP} vP}QP} x0h0V4P}UuKd*4P}Qdd'4P}Qdd%4P}QddQ4P}UuKd1x1 P}P}P}%P}RP} @ p%t} H./04x$a(  (t}  800 (   ( P?7 8}00D   ( PmE  8}00t;'PD$  42@dd3 5//0011  H./04x$'{I  (@ p 800 T    ( P8 8}00:'P#$#UP5Security Issues (Contd)h/X/\+},\+}X0H04\+}@dd(11\+}    ( P04  8}00 :'P$j 5Dynamic IP address ranges must have same IP address based filtering IP address/host name based authentication may be a problem (NFS, R commands) Consider all dynamic address ranges to be either valid or invalid as a group Cant rely on unique host nameh/X//} k/}00 0D4/}UuKdM4/}UuKdM4/}Qdd4/}Qdd11O/}/}Y/}/})/}/}$@ p  H./04x$'{I  (@ p 800 A    ( P8 8}00:'P#$#UP5Security Issues (Contd)h/X/9},9}X0H049}@dd(119}    ( P04  8}00:'P$j qe5If DHCP servers dynamically update DNS, make sure DNS updates are restricted to specific DHCP servers</,/eT=} X0H0e4T=}UuKd(11eT=}@ p%t} H./04x$a(  (t}  800 (   ( P?7 8}00D   ( PmE  8}00t;'PD$  42@dd3 5//0011  H./04x$'{I  (@ p 800  h   ( P8 8}00:'P#$#U85Troubleshooting Tips</,/DL},X0H04DL}@dd@101DL}DL}    ( P04  8}00:'P$j ^5Error reporting for many clients is very poor or non-existent May silently discard datagrams they dont like Verify hardware address is correct Remember to change it if network cards replaced or upgraded Provide all required information Network mask is typically needed!//>P} /P}#P} <P}!P} !P}00>4P}UuKd/4P}Qdd#4P}UuKd<4P}Qdd!4P}UuKd!4P}Qdd(11P}%@ p  H./04x$'{I  (@ p 800 < Z   ( P8`  8}00:'P#$#U& *5IP Address Management Products</,/Z},X0H04Z}@dd(11Z}    ( P0  8}00:'P$jv 5American Internets Network Registrar MetaInfos Meta IP Microsofts DHCP / DNS Manager Network TeleSystems Shadow Server Quadritek Systems QIP Bay Networks NetID Enterprise Cisco Systems Cisco DNS/DHCP Manager</,/^} 00&4^}UuKd4^}UuKd4^}UuKd#4^}UuKd4^}UuKd4^}UuKd%4^}UuKd(11^}l@ p%t} H./04x$a(  (t}  800 (   ( P?7 8}00D   ( PmE  8}00t;'PD$  42@dd3 5//0011  H./04x$'{I  (@ p 800  F   ( P8 8}00:'P#n$#U 5References</,/ X{,X0H0 4X{@dd(11 X{    ( P04  8}00:'P$j f&5RFC 2131, Dynamic Host Configuration Protocol RFC 2132, DHCP Options and BOOTP Vendor Extensions RFC 1534, Interoperation Between DHCP and BOOTP RFC 951, Bootstrap Protocol (BOOTP) RFC 2136, Dynamic Updates in the Domain Name System DHCP FAQ - http://web.syr.edu/~jmwobus/comfaqs/dhcp.faq.htmlx/h/ p3}#p3} p3})p3}p3} p3}%p3}p3} p3}p3} p3})p3} p3}1p3}00.4p3}UuKd44p3}UuKd04p3}UuKd$4p3}UuKd44p3}UuKd<4p3}UuKd11p3}p3}*p3}p3}p3}5p3}<p3} #@ p  H./04x$'{I  (@ p 800 { E   ( P8 8}00:'P#m$#U 5Questions</,/ x},X0H0 4x}@dd(11 x}    ( P04  8}00n:'P>$j 5Handout available as PowerPoint file http://vms.process.com/ftp/decus/europe_97/ dhcp.ppt Anonymous FTP to ftp.process.com cd decus/europe_97 get dhcp.ppt//%|} V|}|}x0h0%4|}UuKd54|}Qdd !4|}Qdd 4|}UFAd  4|}UFAd 11|}|}|}|}|}!|}|}|}|}|}|}|}|}|}|}|}|}|}|}|} @ p$7̙33$73$73333f$7999MMM$7f$7f3$73 H./04x$'{I  (@ p 800  =  ( Pp  8}00:'Pe$@  5*</,/}X0H04}dd(11} =  ( Pp 8}00:'Pe$@ V 5*</,/}X0H04}dd(11} =  ( P  8}00:'Pe$@ V       !"#$%&'()*+,-./0123456789:;<=>?@CDEFGHIKLMNOPQRSTUVWXYZ[\] 5*</,/}X0H04}dd(11} z   800 \  (8 800:'P#$D#U, 5Click to edit Master title style</,/ 4},X0H0 44}@dd(11 4} 2  (04  800:'PZ$Dj R5Click to edit Master text styles Second Level Third Level Fourth Level Fifth Level//!X}  X} X}X}x0h0!4X}UuKd 4X}Qdd 4X}Qdd 4X}UuAd 4X}Qdd(11RX}  (E} 800:'PO$A3c(C5Managing a DHCP Environment 1997 by Process Software Corporation</,/C}X0H0C4}@dd11 }} }}}}} = (  E} 800:'P}$AJ  ( 5*</,/}X0H04}@dd(11}'t} + PH./04x$a(  (t}  800 ! =   ( Pt| 8}00 'Pe$| 5*</,/ܬ} X0H04ܬ}dd(11ܬ} =  ( P$| 8}00 'Pe$0| 5*</,/ܰ} X0H04ܰ}dd(11ܰ} =  ( Pt]  8}00 'P#e$#]  5*</,/ܴ} X0H04ܴ}dd(11ܴ} =  ( P$]   8}00 'P#e$#0]   5*</,/} X0H04}dd(11}   ( PmE  8}00;'P$  S5Click to edit Master notes styles Second Level Third Level Fourth Level Fifth Level</,/S} x0h0"4}@dd 4}@dd 4}@dd 4}@dd 4}@dd(11S}   ( P?7 8}00 :'PD X (Uy} 800;'P$\(5Process Software Corporation</,/}X0H04}@dd(11} = ( nG } 800;'P}$ 3*   5*</,/}X0H04}@dd(11} = (h aG } 800;'P}$ &*   5*</,/}X0H04}@dd(11}t} 4x$a(  (t}  800  =   ( Pt| 8}00 'Pe$| 5*</,/} X0H04}@dd(11} =  ( P$| 8}00 'Pe$0| 5*</,/} X0H04}@dd(11}   ( Pt]  8}00t 'P#D$#] 42@dd3 5//0011   ( P$]   8}00t 'P#D$#0]  42@dd3 5//0011 A ( }y} 800;'P$B\IE5Managing a DHCP Environment 1997 by Process Software Corporation</,/EX}X0H0E4X}@dd11 X}X} X}X}X}X}X}X}X} = ( h aG } 800;'P}$ &*   5*</,/}X0H04}@dd(11}H./0  D _VBA_PROJECT04sdsdGdGdzD4BdBdBdBd}042d2d2d2d04*d*d2d2d, $de, PowerPoint Document Bernie VolzMicrosoft (R) PowerPoint (R) Windows _Oh+'0|M@ P\    Managing a DHCP EnvironmentDHCPCIRRUSFor European DECUS2f:\msoffice\powerpt\template\sldshow\sidebars.pptCIRRUS41Microsoft PowerPoint 4.0@H@@E+<̻@P!ݔy@\GK1% %&`2 &&TNPP8Q=Py & TNPP &&TNPP  ` j: --  :`Times New Romank~wWw -. Times New Romank~wWwW -.  --"Systemwfb  -@H`-x^xB--'Times New Romank~wWwW -.  xBl2 CManaging a DHCP Environment 1997 by Process Software Corporation2)(% ",* (%Times New Romank~wWw -.   2 K1PTimes New Romank~wWwW -.  <2 FDECUS 97 Europelub,XX,lX:XXNpTimes New Romank~wWw -PTimes New Romank~wWwW - . PTimes New Romank~wWw - .  `02 dManaging a DHCP EnvironmentNXNX1XX,N,va,lXX1:XXOX0PTimes New Romank~wWwW - . PTimes New Romank~wWw - . "ArialW b~wk~wWwW - .  `2 >Bernie Volz, CTOVG*HG$UG@#$\Oc"Arial b~wk~wWw -"ArialW b~wk~wWwW -.  2 volz@process.com060a6 5060006P"Arial b~wk~wWw -"ArialW b~wk~wWwW -.  +2 bTuesday, 7 October, 19971-,(-,(,>(,-,-,-,"Arial b~wk~wWw -.  *2 11:00 AM, Bella Vista 27-,-,5C5-,6(,----[(c-.  --a--$c[[cc----8'a:::::::<<<<==?@@BCEFHHIKKKLLLNNNNNNNNN:v~~||{{yx`````^^^^^^^^^^^]]]][[[ZZXXWWUTRRQOONLKIHFECB@?=<:976443110..--++++******v*v+x+x-y-{-{.{0{x{y{{y{y|x|v|v~----8e 99:<<<==?@xy{{||~~|||{{yxdd u vvxy{| | ~+~+|)|({&{&y%y%x#x#v"u"s sdddccca a"`#^%^%]&[&Z(Z(X(W)W)U)T)R)Q)O)N)L)K)I)H)F(F(E(C&C&B%B%@#@#?"? =<<::::999999HHHHH H H HIIIKLNOQRRTTTUU U U UUUUUUH----8\N[NZNXPWPUPTPRQRQQSOSNTNVLWLWKYKZI\I]I_I`IbHcHeIfIhIiIkIkKlKnKnLoLoNqNqOrOrQtQtRtTuTuUuWuXuZu[u]u^u`uauctdtfrfrgqioiojnlllklkmimhmfmfoeocobo`o_o_m]m\mZmYlWlVjTiSiSgQfQdPdPcPaP`N`N^N]N[b7`7]7\7Y7W9V9S9Q:P:N<K<J=H?G?E@DBBCBEAF?H>I>Km>o?pArBsBuDuEvGxHyJyK{N|P|Q~S~V~WY\]`befikno~q~t~u|w|x{yy{y|x~vuusrpomljifdca`][ZXUTRQONLKIHFECB@~?{?y=x<w<u:t:q9o9n9k7i7f7e7b7----$R<<<====<<<<::::99999777777777777999::<<=??@BCEFHIKLNOQRTUXZ[]`acdgijlmoprsuvvxyy{||~~~~~~|||{{{yyyxxxyyycddfggiiijjjllllmmmmmmmmmmmmlllljjiggfdca`^][ZXWUTRQONNLLLKKKIIIIIIIIIIIIIIIKKKLLNNOQRR----$CK;K=K>K>L@NANA4@4@6>6>7>9=9;99:<<<=??@xxy{{||~;~=~=>>@@AAi@i@j>j>l>m=m;mmc+c,c.d.f/f/g1g1O/O/Q.Q.R.T,T+TTK----D$ NO<<<======<<<<:::9999997777~7}7{7x7w7u9t9q9o9n9l:k:i:h<f<e<e=c=b?`?`@_B]C\E\FZFZHZIZKZLZNZOZQZRZT\U\W]X_Z`[b]c]e]e^f^h^i`k`l`n`oaqarauawaxa{a}a~aaaaccccccddffgijlmmooppprrrrrrr~r}r{rzrxrwrurtrrrqpopnplpkoiohmfmemelclcjbjbi`i`gbgbf_fV{W|W{Y{YyZy\y\{]{_{`|b|c|e|e~f~h~i~k~l~noqruwx{}~~~|||{{yyxxvusrrpomljigfdca``^][[ZZXXXWUUUUTTTTTRRRRRR~R}R{RzRxRwRuRtRtQrQqQoQnQnOlOlNlLlKlInIoHqHqFrFtFuFwExEzE{E}E~EEEEEEFFFFFHHHIIKKLN----@$NO<<<=====<<<<::::99999977777777799999:::<<==?@BCEFHIKLNOQRTTUWXZZ[[]]]^^````aaaaaaaaaaaacccccccddfggijllmooppprrrrrrrrrrrrrrrrrppppoommlljjigff{|{{yy{{{{||||~~~~~~~~|||{{yyxxvusrrpomljigfdca`^][ZZXXXWWUUUUTTTTTRRRRRRRRRRRRRRQQQQONLKKIIHHFFFEEEEEEEEEEEEFFFFFFHHHHIIIKKLN----$DCE.-..000....----++++***~*}*{*z(x(w(u(t(q(o(n(k(i(f(e*b*`*_*\+[+Y+X-V-U.S.R0P1O1M3M4L4J6J7I9G:G<G=G?G@FBFCFEFFGFGHGIGKILINJOLQMROTPTRUSUUWVWXWYX[X\X^Z`ZbZeZfZi[k[n[o[q[r[t[u[w[x[z[{[}[~[~]]]]^^``acdfgiijjllmm~m}m{ozoxowouotoroqooolokoiohofmemcmbm`m_l^l\l[lYjXjViUiSgRgRfPfPdOdOcOaM`AyD{DyFyFxGxIxJyLyMyO{P{R{S|U|V|X|Y|[~\~^~`~b~cfhknoruxz}~~~~||{{yyxvvussrpomljjigfdca`^][ZXWUUTRRQQOONNLLLKKKKII~I}IzIxIuItHrHqHoHnHlHkHiHhHfHeHcHbF`F_F_E^E^C\C\B\@\?^?^=_=_<`<b:c:e:e9f9h9i9k9l9n9o9q9r9t9u9w9x9z9{9}9~99::::<<<===??@@BCC----8Z[ZXWUTRQQOONNLLKKIIIIIHHHIIIIIKKLLNOOQRTUWXZ[]^`acdfggiijjlllmmmooooommmmllljjiigffdca`^][77777999::<<=??@BCEFHIKLNOQRTUXZ[]`acdfijlmoprsuuvxyy{||~~~~~~||{yyxvuusrpomljifdca`][ZXUTRQONLKIHFECB@??=<<::99977777----x$:*KPKRKSKUKULUNXNX4U4U6U7S7S9R9P99:<<<=?@xy{{|||~.~.|-|-{+{+y*y*x*c@cAcCcCdDdDfDgGgGODODQDRCTAT@T*T*K----f$1pKKxy{{||~|~~~|||{{yxKKKKKLNN44677999p9n9m9k7k6j4h4hNjNkNkLkKmKnKpK----$f@uvxy{{||~~||{{yxvvL u v x x y y { { ||~%~%|$|${"{"y"x$x$v4F6E6C6B7B7@7?9?9=:=:<<<<:<9"9":"<$<%<%=%?%@$BdB@ @ ? ==<<99:<<=?@BdB@??==<<::99:<<<=??@----8>z9U9U:U<V<X<X=X?V?V@VBVCEpErEsCsCuCvBxBy@y@{?{?|=|=~X~X|V|U{SySxSvUvVpwpyvzvzxzyz{y{y|w|w~~|{{yxyCyBy@w@w?w=w<y<z<z:z9[deFqd[d----8c"99:<<<=?@xy{{||~~||{{yyxdduuvxxy{{||~~||{{yxvvuusddcccaa``^^]][[ZXXWUUTRQONLKIHFECB@?==<<<:::999999HHHHHHHHIIIIKKLNNOOQRRTTUUUUUUUUUH----$EKCKEKFKHKHLHNKNK4H4H6H7F7F9E9C99:<<<==?@xy{{|||~C~E~EFHHHKKiHiHjHlFlFmEmCmmc3c4c6c6d7d7f7g:g:O7O7Q7R6R6T4T3TTK----$----8O|++++,,..//112335689;<>?ABBDEGGHHJJJKKKKKKKKJJJHHGEDDBA??><;98653221/...,,,+++++;96532/.,+)(&%%#"   "#%%&()+,.123569;<>ABDEGHJKMNPQSTVVWYYZZ\\]]]]]]]]]]]\\\ZYYWVTSQPPNMKHGEDBA><;----8X----8JNZ\]_`bceffhhhhhffeccb`_]\ZNNN\_`bcefhiklnoqrrttuuwwwxxxxxxxxxwwwuutrqonlkihfecb`::;;======;;::QQPPNNNN----8M|----8W~SSUVVVXXXXVVUUSSllkkiihhht}}~~~}}~huwxz{}~~}{zxwuhh----v84   %%$$""" ----\$,n~~~~}}{{nmmkkkhhkkkmn----B$          ----8O|nnnnppqqssttvwwyz|}}|zywvvtsqqqpppnnnnn}zywvsqpnmkjhhgedbbaa_^^\\\\\\\\\\\\\^^__aabddeghhjkmnpqtvwyz}----$> 33110000001133!!"""        --'----'&TNPP &--DocumentSummaryInformation8BText_ContentJ_&Current UserHeader9՜.+,0 `h  HOn-screen Show' #Arial Courier (W1)Monotype SortsTimes New RomanDefault Design0DECUS 97 Europe Managing a DHCP Environment ContentsDHCP OverviewDHCP Overview (Cont'd)DHCP Address AllocationAutomatic Address AllocationDynamic Address AllocationManual Address AllocationDHCP OperationDHCP TimelineDHCP MessagesDHCP Operation - Step 1DHCP Operation - Step 2!DHCP Operation - Step 2 (Cont'd)!DHCP Operation - Step 2 (Cont'd)DHCP Operation - Step 3DHCP Operation - Step 4DHCP Operation - Step 5DHCP Operation - Step 6DHCP Operation - Step 7DHCP Operation - Step 8Configuration Guidelines"Configuration Guidelines (Cont'd)Security IssuesSecurity Issues (Cont'd)Security Issues (Cont'd)Troubleshooting TipsIP Address Management Products References Questions  Fonts UsedDesign Template Slide TitlesDECUS 97 Europe Managing a DHCP Environment Bernie Volz, CTO volz@process.com Tuesday, 7 October, 1997 11:00 AM, Bella Vista 2 Contents DHCP Overview Types of Address Allocation DHCP Operation Configuration Guidelines Security Issues Troubleshooting Tips IP Address Management Products References DHCP Overview Dynamic Host Configuration Protocol A tool for centralized management of TCP/IP addresses Address assignment for TCP/IP hosts is often an administrative burden A recent Forrester survey found 72% of respondents were having TCP/IP addressing problems 80% of respondents used manual configuration DHCP Overview (Contd) Dynamic Host Configuration Protocol Provides configuration parameters to hosts IP address, address mask, router address, host name, and others Extension of the BOOTP protocol Allows use of existing BOOTP relay agents and configuration information Expands functionality of BOOTP which just had support for manual address allocation DHCP Address Allocation Three mechanisms for IP address allocation Automatic allocation - IP address is permanently assigned to a client Dynamic allocation - IP address is temporarily assigned (leased) to a client Manual allocation - IP address is assigned by a network administrator to a client All three can operate at same time Automatic Address Allocation Once an address is assigned to a client, that client has that same address forever (infinite lease) Assignment is based on clients identifier (name or hardware address) Address can only be reclaimed by modifying configuration file/database and by removing address from client Dynamic Address Allocation Client assigned address when it requests one for a limited time (lease time) Client must renew address request to extend lease (if granted) Addresses can be reclaimed by disallowing leases (new and extensions) after lease time expires Most useful for laptops and temporary users Manual Address Allocation Network administrator enters IP address and clients network address in DHCP/BOOTP configuration database Most useful for blackbox devices such as routers, gateways, printers, and terminal servers that need to have fixed and well-known IP addresses DHCP Operation DHCP uses UDP datagrams Client and server use broadcasts to communicate until client has assigned address Basic address assignment takes 5 steps ... DHCP Timeline Server Client Server (not selected) (selected) v v v | | | | Begins initialization | | | | | _____________/|\_____________ | |/ DHCPDISCOVER | DHCPDISCOVER \| | | | Determines | Determines configuration | configuration | | | |\ | ____________/| | \_________ | /DHCPOFFER | | DHCPOFFER\ |/ | | \ | | | Collects replies | | \| | | Selects configuration | | | | | _____________/|\_____________ | |/ DHCPREQUEST | DHCPREQUEST \| Server Client Server (not selected) (selected) | | | | | Commits | | | configuration | | | _____________/| | |/ DHCPACK | | | | | Initialization complete | | | | . . . . . . | | | | Graceful shutdown | | | | | |\_____________ | | | DHCPRELEASE \| | | | | | Discards lease | | | v v v 1 2 3 4 5 8 DHCP Messages DHCPDISCOVER - Client broadcasts to locate available servers DHCPOFFER - Server sends to client in response to DHCPDISCOVER with offer of configuration parameters DHCPREQUEST - Client broadcasts to servers requesting offered parameters from on server DHCPACK - Server sends to client with configuration parameters, including address DHCPNAK - Server sends to client refusing request for configuration parameters DHCPDCLINE - Client sends to server indicating configuration parameters invalid DHCPRELEASE - Client sends to server to release assigned address DHCP Operation - Step 1 After a client boots, it broadcasts a DHCPDISCOVER message to obtain an IP address and configuration parameters A router configured to be a BOOTP relay agent forwards this request to another network segment to remote servers DHCP Operation - Step 2 DHCP servers that receive the DHCPDISCOVER message, allocate an IP address and send a DHCPOFFER message with the allocated address and other information Each server allocates an address and marks the address as temporarily allocated (offered) DHCP Operation - Step 2 (Contd) DHCP servers select a DHCPTAB entry based on: 1. Client identifier, if specified 2. Hardware address 3. Client class, if specified 4. Network class, if relayed packet 5. Else, default class, if configured DHCP Operation - Step 2 (Contd) DHCP servers then assign an address: 1. If address already assigned to client, use it 2. If client requested address, try to assign it and use it if available 3. Otherwise, allocate an unallocated address from the address range usable for the client (first available address starting with end of range is used) DHCP Operation - Step 3 The client awaits DHCPOFFER messages If none received in a short time period, it broadcasts another DHCPDISCOVER message If received, selects one of the offers and broadcasts a DHCPREQUEST message indicating the selected address and server name DHCP Operation - Step 4 Servers receive the DHCPREQUEST message The selected server marks the leased address as in use and sends the client a DHCPACK message with the negotiated IP address, lease time, and network configuration parameters Other servers that offered an address now release their earlier temporary allocation DHCP Operation - Step 5 The client receives the DHCPACK message and now has a lease on the address and configuration parameters DHCP Operation - Step 6 After about 50% of the lease time has elapsed, the client sends the server a DHCPREQUEST message to renew the lease If server responds with DHCPACK, the lease and configuration parameters are updated If server responds with DHCPNAK message, client must give up address and start over at Step 1 DHCP Operation - Step 7 If the client hasnt been able to renew the lease (the server is down), it tries again at 87.5% of the lease time and broadcasts a DHCPREQUEST to all servers Any DHCP server can now return a DHCPACK containing the extended lease and updated parameters DHCP Operation - Step 8 If client wasnt able to renew lease, it must give up address when lease time expires and start over at Step 1 OR If client wants to give up address (such as during graceful shutdown), it sends server a DHCPRELEASE Configuration Guidelines Have at least two DHCP servers for redundancy Both cant have same address ranges though! Exception: TCPware for OpenVMS DHCP on VMSclusters Work in progress on server-to-server communication (see draft-ietf-dhc-interserver-02.txt) Configure routers to be a BOOTP relay agent to forward requests between networks Configuration Guidelines (Contd) Many implementations use an extended BOOTPTAB like file (DHCPTAB) No defacto standard for tag names though Make sure your clients behave properly and renew leases and give up addresses if not renewable DNS is usually not updated by DHCP servers (see RFC 2136, Dynamic DNS) Security Issues Restrict clients that can request addresses by listing hardware addresses of adapters Prevents anyone connecting to the network Increases administrative burden though Not universally supported by servers Unauthorized DHCP servers may easily be set up (intentionally or unintentionally) Security Issues (Contd) Dynamic IP address ranges must have same IP address based filtering IP address/host name based authentication may be a problem (NFS, R commands) Consider all dynamic address ranges to be either valid or invalid as a group Cant rely on unique host name Security Issues (Contd) If DHCP servers dynamically update DNS, make sure DNS updates are restricted to specific DHCP servers Troubleshooting Tips Error reporting for many clients is very poor or non-existent May silently discard datagrams they dont like Verify hardware address is correct Remember to change it if network cards replaced or upgraded Provide all required information Network mask is typically needed! IP Address Management Products American Internets Network Registrar MetaInfos Meta IP Microsofts DHCP / DNS Manager Network TeleSystems Shadow Server Quadritek Systems QIP Bay Networks NetID Enterprise Cisco Systems Cisco DNS/DHCP Manager References RFC 2131, Dynamic Host Configuration Protocol RFC 2132, DHCP Options and BOOTP Vendor Extensions RFC 1534, Interoperation Between DHCP and BOOTP RFC 951, Bootstrap Protocol (BOOTP) RFC 2136, Dynamic Updates in the Domain Name System DHCP FAQ - http://web.syr.edu/~jmwobus/comfaqs/dhcp.faq.html Questions Handout available as PowerPoint file http://vms.process.com/ftp/decus/europe_97/ dhcp.ppt Anonymous FTP to ftp.process.com cd decus/europe_97 get dhcp.ppt