Understanding DHCP

DHCP allows individual computers on a TCP/IP network to obtain their configuration information — in particular, their IP address — from a server. The DHCP server keeps track of which IP addresses are already assigned so that when a computer requests an IP address, the DHCP server offers it an IP address that’s not already in use.

Configuration information provided by DHCP

Although the primary job of DHCP is to dole out IP addresses and subnet masks, DHCP actually provides more configuration information than just the IP address to its clients. The additional configuration information consists of DHCP options. The following is a list of some common DHCP options that can be configured by the server:

The router address, also known as the Default Gateway address
The expiration time for the configuration information
Domain name
Domain Name Server (DNS) server address
Windows Internet Name Service (WINS) server address

DHCP servers

A DHCP server can be a server computer located on the TCP/IP network. All modern server operating systems have a built-in DHCP server. To set up DHCP on a network server, all you have to do is enable the server’s DHCP function and configure its settings. In the upcoming section, “Working with a DHCP Server,” I show you how to configure a DHCP server for Windows Server 2016. (The procedure for Windows Server 2012 and 2008 is similar.)

A server computer running DHCP doesn’t have to be devoted entirely to DHCP unless the network is very large. For most networks, a file server can share duty as a DHCP server. This is especially true if you provide long leases for your IP addresses. (Lease is the term used by DHCP to indicate that an IP address has been temporarily given out to a particular computer or other device.)

Many multifunction routers also have built-in DHCP servers. If you don’t want to burden one of your network servers with the DHCP function, you can enable the router’s built-in DHCP server. An advantage of allowing the router to be your network’s DHCP server is that you rarely need to power-down a router. In contrast, you occasionally need to restart or power-down a file server to perform system maintenance, apply upgrades, or perform troubleshooting.

Most networks require only one DHCP server. Setting up two or more servers on the same network requires that you carefully coordinate the IP address ranges (known as scopes) for which each server is responsible. If you accidentally set up two DHCP servers for the same scope, you may end up with duplicate address assignments if the servers attempt to assign the same IP address to two different hosts. To prevent this from happening, just set up one DHCP server unless your network is so large that one server can’t handle the workload.

How DHCP actually works

You can configure and use DHCP without knowing the details of how DHCP client configuration actually works. However, a basic understanding of the process can help you to understand what DHCP is actually doing. Not only is this understanding enlightening, but it can also help when you’re troubleshooting DHCP problems.

The following paragraphs contain a blow-by-blow account of how DHCP configures TCP/IP hosts. This procedure happens every time you boot up a host computer. It also happens when you release an IP lease and request a fresh lease.

When a host computer starts up, the DHCP client software sends a special broadcast packet, known as a DHCP Discover message.

This message uses the subnet’s broadcast address (all host ID bits set to one) as the destination address and 0.0.0.0 as the source address.

The client has to specify 0.0.0.0 as the source address because it doesn't yet have an IP address, and it specifies the broadcast address as the destination address because it doesn’t know the address of any DHCP servers. In effect, the DHCP Discover message is saying, “Hey! I’m new here. Are there any DHCP servers out there?”
The DHCP server receives the broadcast DHCP Discover message and responds by sending a DHCP Offer message.

The DHCP Offer message includes an IP address that the client can use.

Like the DHCP Discover message, the DHCP Offer message is sent to the broadcast address. This makes sense because the client to which the message is being sent doesn’t yet have an IP address and won’t have one until it accepts the offer. In effect, the DHCP Offer message is saying, “Hello there, whoever you are. Here’s an IP address you can use, if you want it. Let me know.”

What if the client never receives a DHCP Offer message from a DHCP server? In that case, the client waits for a few seconds and tries again. The client will try four times — at 2, 4, 8, and 16 seconds. If it still doesn’t get an offer, it will try again after five minutes.
The client receives the DHCP Offer message and sends back a message known as a DHCP Request message.

At this point, the client doesn’t actually own the IP address: It’s simply indicating that it’s ready to accept the IP address that was offered by the server. In effect, the DHCP Request message says, “Yes, that IP address would be good for me. Can I have it, please?”
When the server receives the DHCP Request message, it marks the IP address as assigned to the client and broadcasts a DHCP Ack message.

The DHCP Ack message says, in effect, “Okay, it’s all yours. Here’s the rest of the information you need to use it.”
When the client receives the DHCP Ack message, it configures its TCP/IP stack by using the address it accepted from the server.

Understanding Scopes

A scope is simply a range of IP addresses that a DHCP server is configured to distribute. In the simplest case, where a single DHCP server oversees IP configuration for an entire subnet, the scope corresponds to the subnet. However, if you set up two DHCP servers for a subnet, you can configure each with a scope that allocates only one part of the complete subnet range. In addition, a single DHCP server can serve more than one scope.

You must create a scope before you can enable a DHCP server. When you create a scope, you can provide it with the following properties:

A scope name, which helps you to identify the scope and its purpose
A scope description, which lets you provide additional details about the scope and its purpose
A starting IP address for the scope
An ending IP address for the scope
A subnet mask for the scope

You can specify the subnet mask with dotted-decimal notation or with network prefix notation.
One or more ranges of excluded addresses

These addresses won’t be assigned to clients. For more information, see the section “Feeling excluded?” later in this chapter.
One or more reserved addresses

These are addresses that will always be assigned to particular host devices. For more information, see the section “Reservations suggested” later in this chapter.
The lease duration, which indicates how long the host will be allowed to use the IP address

The client will attempt to renew the lease when half of the lease duration has elapsed. For example, if you specify a lease duration of eight days, the client will attempt to renew the lease after four days. This allows the host plenty of time to renew the lease before the address is reassigned to some other host.
The router address for the subnet

This value is also known as the Default Gateway address.
The domain name and the IP address of the network’s DNS servers and WINS servers

Feeling excluded?

Everyone feels excluded once in awhile. With a wife, three daughters, and a female dog, I know how it feels. Sometimes, however, being excluded is a good thing. In the case of DHCP scopes, exclusions can help you to prevent IP address conflicts and can enable you to divide the DHCP workload for a single subnet among two or more DHCP servers.

An exclusion is a range of addresses that are not included in a scope. The exclusion range falls within the range of the scope’s starting and ending addresses. In effect, an exclusion range lets you punch a hole in a scope. The IP addresses that fall within the hole won’t be assigned.

Here are a few reasons for excluding IP addresses from a scope:

The computer that runs the DHCP service itself must usually have a static IP address assignment. As a result, the address of the DHCP server should be listed as an exclusion.
Some hosts, such as a server or a printer, may need to have a predictable IP address. In that case, the host will require a static IP address. By excluding its IP address from the scope, you can prevent that address from being assigned to any other host on the network.

Reservations suggested

In some cases, you may want to assign a particular IP address to a particular host. One way to do this is to configure the host with a static IP address so that the host doesn’t use DHCP to obtain its IP configuration. However, here are two major disadvantages to that approach:

TCP/IP configuration supplies more than just the IP address. If you use static configuration, you must manually specify the subnet mask, the Default Gateway address, the DNS server address, and other configuration information required by the host. If this information changes, you have to change it not only at the DHCP server, but also at each host that you configured statically.
You must remember to exclude the static IP address from the DHCP server’s scope. Otherwise, the DHCP server won’t know about the static address and may assign it to another host. Then, you’ll have two hosts with the same address on your network.

A better way to assign a fixed IP address to a particular host is to create a DHCP reservation. A reservation simply indicates that whenever a particular host requests an IP address from the DHCP server, the server should provide it the address that you specify in the reservation. The host won’t receive the IP address until the host requests it from the DHCP server, but whenever the host does request IP configuration, it will always receive the same address.

WHAT ABOUT BootP?

BootP — Bootstrap Protocol — is an Internet protocol that enables diskless workstations to boot themselves over the Internet or local network. Like DHCP, BootP allows a computer to receive an IP address assigned from a server. However, unlike DHCP, BootP also enables the computer to download a boot image file, which the computer can then use to boot itself from. A significant difference between BootP and DHCP is that BootP comes into play before the computer actually loads an operating system. In contrast, DHCP is used after an operating system has been loaded, during the configuration of network devices.

Most DHCP servers can also support BootP. If your network has diskless workstations, you can use the DHCP server’s BootP support to boot those computers. At one time, diskless workstations were all the rage because network administrators thought they’d be easier to manage. Users hated them, however. Most diskless workstations have now been buried in landfills, and BootP isn’t used much.

To create a reservation, you associate the IP address that you want assigned to the host with the host’s Media Access Control (MAC) address. As a result, you need to get the MAC address from the host before you create the reservation. You can get the MAC address by running the command ipconfig /all from a command prompt.

If you set up more than one DHCP server, each should be configured to serve a different range of IP addresses. Otherwise, the servers might assign the same address to two different hosts.

How long to lease?

One of the most important decisions that you’ll make when you configure a DHCP server is the length of time to specify for the lease duration. The default value is eight days, which is appropriate in many cases. However, you may encounter situations in which a longer or shorter interval may be appropriate:

The more stable your network, the longer the lease duration can safely exist. If you only periodically add new computers to the network or replace existing computers, you can safely increase the lease duration past eight days.
The more volatile the network, the shorter the lease duration should be. For example, a wireless network in a university library is used by students who bring their laptop computers into the library to work for a few hours at a time. For this network, a duration such as one hour may be appropriate.

Don’t configure your network to allow infinite duration leases. Some administrators feel that this cuts down the workload for the DHCP server on stable networks. However, no network is permanently stable. Whenever you find a DHCP server that’s configured with infinite leases, look at the active leases. I guarantee you’ll find IP leases assigned to computers that no longer exist.

Working with a DHCP Server

Usually, the best way to understand abstract concepts is to see how they work in the real world. To that end, the next few sections show you a brief overview of how DHCP is managed in a Windows network. First, you see how a DHCP server is installed in Windows Server 2016. Then you see how a DHCP server is configured.

Installing a Windows Server 2016 DHCP server

To install the DHCP server role on Windows Server 2016, follow these steps:

Click Server Manager in the taskbar.

The Server Manager application appears.
Click Manage Roles & Features.

The Before You Begin page of the Add Roles and Features Wizard appears.
Click Next.

The Installation Type page appears.
Choose Role-Based or Feature-Based Installation and then click Next.

The wizard displays a list of available servers.
Select the server on which you want to install the DHCP role on; then click Next.

The wizard displays a list of available server roles.
Select DHCP Server from the list of roles and then click Next.

The wizard displays a list of required features that must also be installed to support DHCP.
Click Add Features, and then click Next.

The wizard displays a page describing what the DHCP role entails.
Click Next.

The wizard displays a list of available server features; the features required to support the DHCP role are already selected.
Click Next.

The wizard displays a summary of what the DHCP role does.
Click Next.

The wizard displays a confirmation page.
Click Install.

The wizard installs the DHCP role, which may take a few minutes. When the installation completes, a results page is displayed to summarize the results of the installation.
Click Close.

You’re done!

Configuring a new scope

After you install the DHCP role on Windows Server 2016, you’ll need to create at least one scope so the server can start handing out IP addresses. Here are the steps:

In Server Manager, choose Tools⇒ Serve

This brings up the DHCP management console, shown in Figure 5-1.
Select the DHCP server you want to define the scope for, click IPv4, and then click the New Scope button on the toolbar.

This brings up the New Scope Wizard dialog box, as shown in Figure 5-2.
Click Next.

You’re prompted for the name of the scope, as shown in Figure 5-3.
Enter a name and optional description, and then click Next.

The wizard asks for information required to create the scope, as shown in Figure 5-4.
Enter the information for the new scope.

You must enter the following information:
- Start IP Address: This is the lowest IP address that will be issued for this scope.
- End IP Address: This is the highest IP address that will be issued for this scope.
- Subnet Mask: This is the subnet mask issued for IP addresses in this scope.
Click Next.

The wizard asks whether you want to exclude any ranges from the scope range, as shown in Figure 5-5.
(Optional) To create an exclusion, enter the IP address range to exclude and then click Add.

You can repeat this step as many times as necessary to add any excluded addresses.
Click Next.

The wizard asks for the lease duration, as shown in Figure 5-6.
(Optional) Change the lease duration; then click Next.

When the wizard asks whether you want to configure additional DHCP options, leave this option set to Yes to complete your DHCP configuration now.
Click Next.

The wizard asks for the default gateway information, as shown in Figure 5-7.
Enter the address of your network’s router and click Add; then click Next.

The wizard now asks for additional DNS information, as shown in Figure 5-8.
(Optional) If you want to add a DNS server, enter its address and then click Add.

Repeat this step as many times as necessary to add any additional DNS servers.
Click Next.

The wizard next asks for WINS configuration information.
(Optional) If you want to enable WINS, enter the WINS server configuration.

WINS isn’t required for most modern networks, so you can usually just leave this page blank.
Click Next.

The wizard now asks whether you want to activate the scope.
Select Yes, I Want to Activate This Scope and then click Next.

A final confirmation page is displayed.
Click Finish.

The scope is created.

FIGURE 5-1: The DHCP management console.

FIGURE 5-2: The New Scope Wizard comes to life.

FIGURE 5-3: The wizard asks for a name for the new scope.

FIGURE 5-4: The wizard asks for scope information.

FIGURE 5-5: Do you want to create exclusions?

FIGURE 5-7: Provide the Default Gateway address.

FIGURE 5-8: Provide additional DNS information.

How to Configure a Windows DHCP Client

Configuring a Windows client for DHCP is easy. The DHCP client is automatically included when you install the TCP/IP protocol, so all you have to do is configure TCP/IP to use DHCP. And in nearly all cases, DHCP is configured automatically when you install Windows.

If you must configure DHCP manually, bring up the Network Properties dialog box by choosing Network or Network Connections from Control Panel (depending on which version of Windows the client is running). Then, select the Internet Protocol Version 4 and click the Properties button. This brings up the dialog box shown in Figure 5-9. To configure the computer to use DHCP, select the Obtain an IP Address Automatically option and the Obtain DNS Server Address Automatically option.

FIGURE 5-9: Configuring a Windows client to use DHCP.

Automatic private IP addressing

If a Windows computer is configured to use DHCP but the computer can’t obtain an IP address from a DHCP server, the computer automatically assigns itself a private address by using a feature called Automatic Private IP Addressing (APIPA). APIPA assigns a private address from the 169.254.x.x range and uses a special algorithm to ensure that the address is unique on the network. As soon as the DHCP server becomes available, the computer requests a new address, so the APIPA address is used only while the DHCP server is unavailable.

Renewing and releasing leases

Normally, a DHCP client attempts to renew its lease when the lease is halfway to the point of being expired. For example, if a client obtains an eight-day lease, it attempts to renew the lease after four days. However, you can renew a lease sooner by issuing the ipconfig /renew command at a command prompt. You may want to do this if you changed the scope's configuration or if the client’s IP configuration isn’t working correctly.

You can also release a DHCP lease by issuing the ipconfig /release command at a command prompt. When you release a lease, the client computer no longer has a valid IP address. This is shown in the output from the ipconfig /release command:

C:\>ipconfig /release

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

IP Address… … … … : 0.0.0.0

Subnet Mask … … … . . : 0.0.0.0

Default Gateway … … … :

Here, you can see that the IP address and subnet masks are set to 0.0.0.0 and that the Default Gateway address is blank. When you release an IP lease, you can't communicate with the network by using TCP/IP until you issue an ipconfig /renew command to renew the IP configuration or restart the computer.