Professional Documents
Culture Documents
Deploying DHCP
Dynamic Host Configuration Protocol (DHCP) in the Microsoft® Windows® Server 2003 family of operating
systems enables centralized automatic management of IP addresses and other TCP/IP settings for network
clients. You can reduce administrative overhead in your organization by designing and implementing a reliable
and scalable DHCP solution.
In This Chapter
Overview of DHCP Deployment................................................................ .............70
Creating Your DHCP Server Design................................................................ ........72
Integrating DHCP with Other Services.......................................................... .........81
Defining Scopes........................................................................... .........................84
Implementing Your DHCP Solution...................................................................... ...95
Example DHCP Implementation.............................................. ............................102
Additional Resources.............................................................................. .............110
Related Information
• For more information about Dynamic Host Configuration Protocol (DHCP), see the
Networking Guide of the Microsoft® Windows® Server 2003 Resource Kit (or see the
Networking Guide on the Web at http://www.microsoft.com/reskit).
• For more information about integrating DHCP with Domain Name System (DNS), see
“Deploying DNS” in this book.
• For more information about integrating DHCP with Windows Internet Name Service (WINS),
see “Deploying WINS” in this book.
70 Chapter 2 Deploying DHCP
If your current systems support Windows Server 2003, but are close to the end of their expected lifecycle,
consider upgrading your hardware at the same time that you upgrade to Windows Server 2003. Upgrading
DHCP servers running Microsoft® Windows NT® Server version 4.0 or earlier to Windows Server 2003 allows
you take advantage of benefits related to the Active Directory directory service, such as integrated secure
dynamic updates of the DNS database.
For information about hardware life expectancy, contact your hardware vendor or refer to any internal metrics
that your organization might have developed. For information about hardware compatibility, see the Windows
Catalog link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
For more information about performing a hardware inventory, see “Planning for Deployment” in Planning,
Testing, and Piloting Deployment Projects of this kit.
For more information about performance monitoring tools, see “Performance Monitoring Tools” in Help and
Support Center for Windows Server 2003.
The primary factors that impact DHCP server performance include:
• The speed of the server disk drives.
• The amount of RAM installed in the DHCP server computer.
The greatest volume of disk usage occurs when the service is started and when the database is backed up. When
planning your DHCP server hardware specifications, evaluate the average time required for disk access and for
disk read/write operations. If necessary, maximize DHCP server performance by increasing RAM and
purchasing high-speed disk drives for the servers.
If your routers cannot be used for DHCP/BOOTP relay and you choose not to configure DHCP/BOOTP relay
agents, you must configure your network so that a DHCP server has a network adapter on each subnet it serves.
You can accomplish this by either placing a DHCP server on each subnet, or by multihoming DHCP servers.
This distributed configuration does not provide fault tolerance. If a DHCP server becomes unavailable, DHCP
clients on the subnet cannot receive IP addresses and options.
Note
The DHCP Relay Agent service is available only on computers running
Windows Server 2003, Microsoft® Windows® 2000, or
Windows NT 4.0. To use the DHCP Relay Agent routing protocol, the
Routing and Remote Access service must be installed and enabled.
For more information about installing and configuring DHCP relay agents, see “Configure the DHCP Relay
Agent” in Help and Support Center for Windows Server 2003. For more information about the DHCP Relay
Agent service, see the Networking Guide of the Windows Server 2003 Resource Kit (or see the Networking
Guide on the Web at http://www.microsoft.com/reskit) or see Help and Support Center for Windows
Server 2003.
It is important to consider the database size when choosing your hardware. Each lease requires
approximately 600 bytes per lease for the database, plus 1200 bytes for backup (600 bytes for
the backup and 600 bytes for the temporary directory). In addition, the audit logs require
approximately 500 bytes per lease transaction and are stored for seven days.
Tip
In general, allow at least 50-70 MB for the audit logs, however the
number of lease transactions depends on the number of leases as well
as the lease duration.
To figure out how much hard disk space is required, first multiply the number of leases by 600
bytes, then multiply the estimated number of lease transactions by 500 bytes, and add these two
results. The sum is the minimum amount of disk space required by the DHCP server.
For example, a DHCP server with 10,000 leases and lease duration of one week requires
approximately 18 MB to store the leases and the backup (6 MB for the database, 6 MB for the
backup, and 6 MB for the temporary database). The audit logs would require an absolute
minimum of 10 MB: 5 MB (500 bytes x 10,000 leases) for startup, and 5 MB when the leases
renew halfway through the week. If the number of leases increases or if lease time is shortened,
this requirement will increase. A company might allocate 100 MB for audit logs to allow for
flexibility in adding leases or reducing lease duration, as well as dealing with any peak-load
events.
In Figure 2.4, DHCP Server 1 has 80 percent of the addresses in the scope and DHCP Server 2 has 20 percent of
the addresses in the scope. Splitting a scope between servers in this way, which is commonly referred to as the
“80/20 rule,” often relies on the proximity of the DHCP servers to the clients it serves. For example, when a
DHCP client that is on the same subnet as DHCP Server 1 sends out a DHCP Discover packet, it takes longer
for DHCP messages from clients to reach the DHCP Server 2 than DHCP Server 1, because DHCP Server 2 is
on the other side of a router from the DHCP client. You can also configure a delay on the DHCP relay agent to
ensure the local DHCP server has adequate time to respond. Because DHCP clients always accept the lease from
the DHCP server that sends the first response, clients normally obtain leases from DHCP Server 1. If DHCP
Server 1 goes offline for any reason, clients accept leases from DHCP Server 2.
Additional Resources 79
If you are configuring the standby server with the identical scope to your primary DHCP server, you must
implement server-side address conflict detection to prevent the assigning of duplicate addresses.
Important
Because server-side conflict detection uses Address Resolution
Protocol (ARP) and Internet Control Message Protocol (ICMP)
messages to detect conflicts, Internet Connection Firewall (ICF) or
other firewalls that are installed on clients on your network might
interfere with conflict detection.
For more information about backing up your DHCP servers, see “Backing Up the DHCP Database” or “Netsh
Commands for DHCP” in Help and Support Center for Windows Server 2003.
Secure dynamic update protects zones and resource records from being modified by unauthorized users by
enabling you to specify the users and groups that can modify zones and resource records. By default, Windows
Server 2003, Windows XP Professional, and Windows 2000 clients attempt unsecured dynamic updates first. If
that request fails, they attempt secure updates.
When using multiple DHCP servers and secure dynamic updates, add each of the DHCP servers as members of
the DnsUpdateProxy global security group so that any DHCP server can perform a secure dynamic update for
any record. Otherwise, when a DHCP server performs a secure dynamic update for a record, that DHCP server
is the only computer that can update the record.
To configure dynamic update for DHCP clients and servers
1. In the DHCP snap-in, select and right-click the DHCP server you want to configure, and then
click Properties.
2. In the server name Properties dialog box, click the DNS tab.
3. On the DNS tab, select the Enable DNS dynamic updates according to the settings below
check box.
4. On the DNS tab, select the dynamic update method you want: either always updating DNS A
and PTR, or only updating the records when requested by the DHCP client.
Use the DNS snap-in to enable secure dynamic update. For more information about dynamic update and secure
dynamic update, see “Deploying DNS” in this book and in Help and Support Center for Windows Server 2003.
84 Chapter 2 Deploying DHCP
Important
If DHCP will perform DNS dynamic updates, do not install it on a
domain controller. Instead, install DHCP on a member server. When
DHCP is installed on a domain controller and is configured to perform
dynamic updates on behalf of clients in DNS zones that are configured
to allow only secure dynamic update, specify a user account to update
the DNS records. For more information about installing DHCP, see
“Checklist: Installing a DHCP server” in Help and Support Center for
Windows Server 2003.
Important
You must be logged in as an enterprise administrator to authorize a
DHCP server.
Note
Detection of unauthorized DHCP servers requires the deployment of
Active Directory and the DHCP service running on Windows 2000 or
Windows Server 2003. Other DHCP servers do not attempt to
determine whether they are authorized by Active Directory before
offering IP address leases.
Defining Scopes
Before DHCP clients can use a DHCP server for dynamic TCP/IP configuration, you must define and activate
scopes for your DHCP clients. A scope is the full, consecutive range of possible IP addresses for a subnet. The
IP addresses in a scope define a single subnet on which DHCP services are offered. DHCP servers use scopes to
manage network IP address distribution and the configuration of DHCP options.
Additional Resources 85
Creating Scopes
You must create a DHCP scope for each subnet in your network. Each subnet has a DHCP scope, with a single
continuous range of IP addresses.
Before you create scopes, you must install DHCP on your server. For more information about installing DHCP,
see “Checklist: Installing a DHCP server” in Help and Support Center for Windows Server 2003.
You can use the DHCP MMC snap-in to create a new scope on your DHCP server.
To create a DHCP scope
1. In the DHCP snap-in, select the name of the DHCP server.
2. Select Action, and then select New Scope. This opens the New Scope Wizard. Complete the
New Scope Wizard by configuring the following properties:
• A scope name and description of the scope.
• A consecutive range of possible IP addresses.
• A unique subnet mask. For more information about defining subnet masks, see “Designing
a TCP/IP Network” in this book.
• The IP addresses that are to be excluded from the scope.
• Lease duration values.
• Options.
For a worksheet to assist you in completing the New Scope Wizard, see the “Scope Data Collection Worksheet”
(DNSDHC_1.doc) on the Windows Server 2003 Deployment Kit companion CD (or see the “Scope Data
Collection Worksheet” on the Web at http://www.microsoft.com/reskit).
After you create the scope, you can set reservations and configure any additional DHCP options. For
information about setting reservations, see “Creating Reservations” later in this chapter. For information about
configuring additional DHCP options, see “Configuring DHCP Options” later in this chapter.
You can set exclusion ranges in the Add Exclusions page of the New Scope Wizard. For more information
about using the New Scope Wizard, see “Creating Scopes” earlier in this chapter.
To set an exclusion range after a scope is created
1. In the DHCP snap-in, expand the scope you want to configure.
2. Select and right-click Address Pool under the appropriate scope.
3. Select New Exclusion Range.
4. In the Add Exclusion dialog box, type the starting and ending IP addresses of the exclusion
range, and then click Add.
Caution
Use caution when configuring unlimited lease durations. Even stable
environments have a certain amount of client turnover. At a minimum,
roving computers might be added and removed, desktop computers
might be moved from one office to another, and network adapters
might be replaced. If a client with an infinite lease is removed from the
network, the DHCP server is not notified, and the IP address cannot be
reused.
Caution
Do not edit the registry unless you have no alternative. The registry
editor bypasses standard safeguards, allowing settings that can
damage your system, or even require you to reinstall Windows. If you
must edit the registry, back it up first and see the Registry Reference
on the Windows Server 2003 Deployment Kit companion CD or at
http://www.microsoft.com/reskit.
You can configure DHCP options for specific values and enable them for assignment and
distribution to DHCP clients based on server, scope, class, or reserved client levels. For example,
you can enable the vendor class option Release on Shutdown for any laptops on your network to
allow IP addresses assigned to mobile clients to be reincorporated into the address pool more
quickly.
You can configure options for an entire server, a scope, or for a single reserved client. The most
specific options (reserved client) take precedence over the least specific options (server). Values
configured manually on a client override any DHCP options of any type and of any level.
Using the New Scope Wizard, you can configure some scope-level options, including router
(default gateway), domain name, DNS servers, and WINS servers. You can also configure options at
the server, scope, and reserved-client levels in the DHCP snap-in.
To configure server-level options
1. In the DHCP snap-in, expand the server for which you want to configure options.
2. Right-click Server Options, and then click Configure Options.
3. In the Server Options dialog box, select the options you want to configure.
4. In the Data Entry section of the Server Options dialog box, type the option parameters, and
then click OK.
To configure scope-level options
1. In the DHCP snap-in, expand the scope for which you want to configure options.
2. Right-click Scope Options, and then click Configure Options.
3. In the Scope Options dialog box, select the options you want to configure.
4. In the Data Entry section of the Scope Options dialog box, type the option parameters, and
then click OK.
To configure options for a reserved client
1. In the DHCP snap-in, expand the scope that holds the reservation for which you want to
configure options, and then expand Reservations.
2. Right-click the reservation for which you want to configure options, and then click Configure
Options.
3. In the Reservation Options dialog box, select the options you want to configure.
4. In the Data Entry section of the Reservation Options dialog box, type the option parameters,
and then click OK.
For more information about configuring reservations, see “Creating Reservations” later in this
chapter.
90 Chapter 2 Deploying DHCP
Many option types are predefined in Windows Server 2003 DHCP. Other standard DHCP option
types can be added as needed to support DHCP client software that recognizes or requires them.
Windows Server 2003 DHCP supports all DHCP options, including those defined in RFC 2132,
although most DHCP clients use or support only a small subset of the available option types.
In general, use the following guidelines when configuring DHCP options for clients on your network:
• Add or define new, custom option types only if you have new software or applications that
require a nonstandard DHCP option.
• If your network is large, be conservative and selective when assigning global options. These
options apply to all clients of a DHCP server, unless more specific options are specified.
• Use scope-level options for most options that clients are assigned. Setting options at the scope
level allows you to take scope-related differences into account, such as different client needs or
the use of a different DNS server from other scopes in the network.
• Use class-level options if you have a large network or diverse groups of clients that are able to
support membership in option classes.
• Use reserved client options only for clients that have special requirements, for example, if your
intranet has a DNS server that performs forwarding for resolving Internet DNS names not
authoritatively managed on your network. In this case, you need to add the IP address of an
external DNS server on your DNS server computer. You can configure your DNS server as a
reserved client in DHCP and set this address as another reserved client option.
Vendor-Defined Classes
DHCP clients can use vendor-defined classes to identify the client’s vendor type and configuration to the DHCP
server when obtaining a lease. For a client to identify its vendor class during the lease process, the client needs
to include the vendor class ID option (option code 60) when it requests or selects a lease from a DHCP server.
When vendor options are specified, the server performs the following additional steps to provide a lease to the
client:
1. The server checks to see that the vendor class identified by the client request is a recognized
class defined on the server.
2. If the vendor class is recognized, the server checks to see whether any additional DHCP options
are configured for this class in the active scope.
3. If the vendor class is not recognized, the server ignores the vendor class identified in the client
request, and returns options allocated to the default vendor class (includes all DHCP Standard
Options).
4. If the scope contains options configured specifically for use with clients in this vendor-defined
class, the server returns those options and uses the vendor-specific option type (option code 43)
as part of its acknowledgment message.
In most cases, the default vendor class — DHCP Standard Options — provides a default grouping for any
Windows Server 2003 DHCP clients or other DHCP clients that do not specify a vendor class ID. In some cases,
you might define additional vendor classes for other DHCP clients, such as printers or some types of UNIX
clients. When you add other vendor classes for these purposes, be sure that the vendor class identifier that you
use to configure the class at the server matches the identifier used by clients for your third-party vendor.
User-Defined Classes
User-defined classes allow DHCP clients to specify what type of client they are, such as a remote access client
or a desktop computer. For Windows Server 2003 clients, you can define specific user class identifiers to relate
information about a client’s software configuration, its physical location in a building, or its user preferences. If
user-defined option classes are not specified, default settings are assigned.
Information Options
Use the MMC DHCP snap-in to explicitly configure information options and any associated values provided to
clients. These options are not required and can be assigned at your discretion. Use information options to assign
values, such as DNS servers, WINS servers, and domain name.
Creating Reservations
For clients that require a constant IP address, you can either manually configure a static IP address, or assign a
reservation on the DHCP server. Reservations are permanent lease assignments that are used to ensure that a
specified client on a subnet can always use the same IP address. You can use DHCP reservations for hosts that
require a consistent IP address, but do not need to be statically configured. Reserved IP addresses differ from
statically configured IP addresses in one significant manner: when network parameters are changed at the DHCP
server, the device configured with a reserved IP address receives the new network parameters when the device
requests renewal of its lease. To change network parameters on a device configured with a static IP address, the
changes must be made manually to the device.
Determine the clients for which you need to manually configure an IP address — such as DHCP server, DNS
servers, WINS servers, routers, and domain controllers — and which clients can receive addresses from DHCP.
Keep in mind that for clients for which you manually configure static IP addresses, you must insert all
configuration parameters that the client requires in order to interact with the network. This includes IP
addresses, DNS and WINS parameters, and default gateway information. Clients that have reserved IP addresses
always have the same IP address, but still receive updated configuration information from the DHCP server.
You might want to assign network printers and certain servers DHCP reservations to ensure that they always
have the same IP address, but continue to receive updated configuration information from the DHCP server. For
example, create reservations for servers that must always have the same IP address, such as:
• Windows Internet Name Service (WINS) and Domain Name System (DNS) servers
• Print servers that use TCP/IP print services
• Firewalls
• Routers
Additional Resources 93
DHCP-enabled clients receive any available options, such as DNS server or router (default gateway), from the
DHCP server when they renew their leases. If these devices are manually configured, an administrator must
reconfigure each device individually when a change occurs.
To create a reservation
1. In the DHCP snap-in, expand the scope for which you want to create a reservation.
2. Select and right-click Reservations, and then click New Reservation.
3. In the New Reservation dialog box, enter the Reservation name, IP address, MAC address,
and Description of the reservation.
4. Select the appropriate Supported types: DHCP only, BOOTP only, or Both.
5. Click Add.
Creating Superscopes
A superscope is an administrative grouping of scopes that can support multiple logical IP subnets on the same
physical subnet. Superscopes contain a list of member scopes that can be activated together. You cannot
configure scope-level properties on superscopes; you must configure these on the member scopes. A superscope
allows a DHCP server to provide leases from more than one scope to clients on a single physical network.
You can use superscopes to resolve DHCP service issues for the following situations:
• DHCP clients are located on a single physical network segment that includes multiple logical IP
subnets.
• Multiple DHCP servers manage separate logical subnets on the same physical subnet.
• The available address pool for an active scope is nearly depleted and more computers must be
added to the physical network segment.
• Clients are migrating to a new scope.
• You need to support DHCP clients on a network that has multiple logical subnets in one
physical subnet on the other side of a BOOTP/DHCP relay agent.
Before you create a superscope, you must use the DHCP MMC snap-in to define at least one scope to be
included in the superscope. Scopes added to a superscope are called member scopes. You can add additional
member scopes either from the superscope menu, or from the individual scope menus.
To create a new superscope
1. In the DHCP snap-in, create at least one scope to be included in the superscope. For
information about creating scopes, see “Creating Scopes” earlier in this chapter.
2. Select and right-click the DHCP server, and then select New Superscope. This opens the New
Superscope Wizard.
94 Chapter 2 Deploying DHCP
3. On the Superscope Name page of the New Superscope Wizard, type a name for the
superscope.
4. On the Select Scopes page of the New Superscope Wizard, in the Available Scopes list, select
one or more scopes to include in the superscope.
To add scopes to an existing superscope
1. In the DHCP snap-in, select and right-click the superscope, and then select New Scope. This
opens the New Scope Wizard.
2. Complete the New Scope Wizard. For information about creating scopes, see “Creating
Scopes” earlier in this chapter.
–or–
3. Create a new scope, right-click the new scope, and then select Add to Superscope.
4. In the Add Scope name to a Superscope dialog box, in the Available superscopes list, select
the superscope.
Note
Deleting the superscope does not delete the member scopes.
Important
In all TCP/IP networks, each computer requires a unique primary
computer IP address from one of the standard address classes used
for building the network (Class A, B, or C range). You must assign this
required primary computer IP address before you can configure a
computer to support and use secondary IP addresses such as
multicast IP addresses.
Although the Windows Server 2003 DHCP service supports both DHCP and MADCAP, the services function
independently; clients that do not obtain IP addresses from the DHCP service can still obtain MADCAP
addresses from the DHCP service. DHCP scopes are used to allocate IP address ranges from Class A, B, or C
addressing schemes, which enable unicast for point-to-point communication between networked computers.
MADCAP scopes allocate Class D IP addresses to enable point-to-multipoint communication.
To configure a MADCAP scope
1. In the DHCP snap-in, select and right-click the DHCP server you want to configure. The New
Multicast Scope Wizard appears.
2. In the New Multicast Scope Wizard, type a name and description for this multicast scope.
3. Set the multicast IP address range and Time to Live (TTL).
4. Add any exclusion ranges and the lease duration, then activate the multicast scope.
Tip
Clients that use MADCAP must be configured to use the MADCAP API.
For more information about writing or programming applications that
use the MADCAP API, see the MSDN Online link on the Web
Resources page at
http://www.microsoft.com/windows/reskits/webresources.
Removing Scopes
Remove DHCP scopes when a subnet is no longer in use or when you need to renumber your network to use a
different IP address range.
Do not remove a scope while it has active leases. Before you remove a scope, deactivate the scope until all
client leases expire or all lease renewal requests are denied. When you have confirmed that the scope no longer
contains active leases, you can remove it by using the DHCP snap-in. For more information about deactivating
scopes, see Deactivate a scope in Help and Support Center for Windows Server 2003.
Figure 2.8 shows the process for implementing your DHCP solution.
Figure 2.8 Implementing Your DHCP Solution
The following procedures migrate lease, scope, and option information, including reservations and exclusions. If
you have changed any registry settings from their defaults on the existing server, you must manually make these
changes on the new Windows Server 2003–based server for them to take effect.
Caution
The registry editor bypasses standard safeguards, allowing settings
that can damage your system, or even require you to reinstall
Windows. If you must edit the registry, back it up first and see the
Registry Reference on the Windows Server 2003 Deployment Kit
companion CD or at http://www.microsoft.com/reskit.
Tip
This step might take several minutes to complete, and there is no
dialog box to indicate the progress of the export. You can view the
process running on the Processes tab of the Windows Task
Manager.
5. Click OK when a message appears that says “The operation was completed successfully.”
6. Copy the exported file to a location where you can access it from the new Windows
Server 2003–based server.
98 Chapter 2 Deploying DHCP
This imports the configurations of all scopes that you exported from the server running
Windows NT 4.0 or Windows 2000.
For more information about the Netsh command-line tool, see “Netsh” in Help and Support Center for Windows
Server 2003.
Note
You can override DHCP information by configuring the individual client.
Any information entered manually into a client’s TCP/IP configuration
overrides dynamic settings.
Note
DNS and WINS addresses obtained from DHCPInform packets
override DNS and WINS addresses obtained from the remote access
server.
For more information about using DHCP for remote access clients, see “Using Routing and Remote Access
servers with DHCP” in Help and Support Center for Windows Server 2003 and article Q216805, “RAS Server
Behavior When Configured to Use DHCP to Assign IP Addresses,” in the Microsoft Knowledge Base. For more
information about configuring a DHCP relay agent to provide DHCP options to remote access clients, see article
Q232703, “How to Use DHCP to Provide RAS Clients with DHCP Options,” in the Microsoft Knowledge Base.
To find these articles, see the Microsoft Knowledge Base link on the Web Resources page at
www.microsoft.com/windows/reskits/webresources.
For more information about BOOTP options, see the Networking Guide of the Windows Server 2003 Resource
Kit (or see the Networking Guide on the Web at http://www.microsoft.com/reskit).
Important
DHCP options can apply to both DHCP and BOOTP clients. Therefore,
you must configure your scopes to ensure that DHCP options are
applied correctly.
The company has divided the main office into two Class C subnets:
• Subnet A — Floors 1 and 2
• Subnet B — Wireless subnet with wireless access points installed in conference rooms
The branch office houses 450 employees, dispersed throughout a three-story building. Over 200 users also have
portable computers that they frequently take to meetings in conference rooms, all of which are configured for
wireless networking.
The company has divided the branch office into four Class C subnets:
• Subnet C — Wireless subnet for conference rooms
• Subnet D — Floor 3
• Subnet E — Floor 2
• Subnet F — Floor 1
Table 2.1 Address Range and Clients per Subnet
Address Range Approximate Number of
Subnet
Clients
A 192.168.0.1/24 to 192.168.0.254/24 150
B 192.168.1.1/24 to 192.168.1.254/24 Up to 225
C 192.168.2.1/24 to 192.168.2.254/24 Up to 225
D 192.168.3.1/24 to 192.168.3.254/24 150
E 192.168.4.1/24 to 192.168.4.254/24 150
F 192.168.5.1/24 to 192.168.5.254/24 150
Before creating and activating scopes on the DHCP server, the company plans IP address ranges, exclusion
ranges, and reservations (where applicable) for each subnet. The company uses Class C IP address ranges on
every subnet, as each Class C address range provides 254 IP addresses when the subnet mask is defined as
255.255.255.0.
Because the client count per non-wireless subnet is 150 or fewer clients, 254 IP addresses per subnet allow the
company to provide static address assignments for any servers that require them, and dynamic assignments to all
clients on the network — with plenty of IP addresses remaining to provide for future network expansion.
The wireless subnets are configured with a lease duration of 15 minutes. Because of the short lease time, 254 IP
addresses per subnet is a sufficient amount for the wireless subnets, even though these subnets experience
substantial traffic, with portable computers joining and leaving the subnet at high volume during a typical day.
These short leases expire soon after the portable computer is disconnected from the network, and the IP address
used by that computer becomes available for lease to other DHCP clients as they connect to the wireless subnet.
Additional Resources 105
Exclusion Ranges
Some network devices need to use statically assigned IP addresses rather than addresses dynamically assigned
through DHCP. For example, DHCP servers must have statically configured IP addresses. Also, some devices
(such as legacy network printers) do not support DHCP.
For the devices that need static IP assignments, the company creates an exclusion range from each IP address
range. Creating one or more exclusion ranges prevents the DHCP server from assigning a client lease with any
address in the exclusion range, thereby protecting it for use as a static IP address and preventing address
conflicts between statically configured devices and dynamically configured devices.
Although any addresses in the address range can be excluded, the company chooses to exclude the first 20
addresses from each address range for non-wireless subnets, and the first five IP addresses from each address
range for wireless subnets. The company uses additional exclusion ranges to configure load balancing and fault
tolerance using the 80/20 rule. For more information about DHCP scopes, see “Scope Configuration” later in
this chapter.
Address Pools
After the address range and exclusion ranges are defined, the remaining addresses form the available address
pool within the scope. These addresses are eligible for dynamic assignment by the server to DHCP clients on the
network. Table 2.2 shows the address pool for each subnet prior to adding the exclusion ranges used to apply the
80/20 rule.
Table 2.2 DHCP Address Pools per Subnet
Subnet Address Pool
A 192.168.0.21/24 to 192.168.0.254/24
B (wireless) 192.168.1.6/24 to 192.168.1.254/24
C (wireless) 192.168.2.6/24 to 192.168.2.254/24
D 192.168.3.21/24 to 192.168.3.254/24
E 192.168.4.21/24 to 192.168.4.254/24
F 192.168.5.21/24 to 192.168.5.254/24
For more information about DHCP scopes and the 80/20 rule, see “Scope Configuration” later in this chapter.
106 Chapter 2 Deploying DHCP
Reservations
The company uses IP address reservations for file and print servers on their network. Reservations are used to
create a permanent IP address lease assignment by the DHCP server. Reservations ensure that a specified
hardware device on the subnet can always use the same IP address.
When using the 80/20 rule and splitting a scope’s IP address pool between two servers for load balancing and
fault tolerance, identical reservations must be made at both DHCP servers. When reservations are made at both
servers, neither server assigns the reserved IP address to another client, assuring that the intended device
receives the address reserved for its use.
Table 2.3 shows two example address reservations. For more information about the 80/20 rule and for an
example of how these reservations are created in specific scopes at each DHCP server, see “Scope
Configuration” later in this chapter.
Table 2.3 Example Address Reservations
Device Subnet Reserved IP Address
Application server A 192.168.0.21/24
File server D 192.168.3.68/24
Note
Reservations can be created using any IP address in the scope’s
address range, even if the IP address is also within an exclusion range.
Because of this design, when the 80/20 rule is implemented and some
addresses in the scope are excluded (80 percent at one server, 20
percent at the other), reservations still function properly.
Message Routing
The company uses DHCP relay agents to relay DHCP messages between subnets and sites. To support and use
DHCP across multiple subnets, routers connecting each subnet should comply with DHCP/BOOTP relay agent
capabilities described in RFC 1542. To cut the cost of expensive network hardware such as routers, the company
uses the Windows Server 2003 Routing and Remote Access service including, DHCP relay agents, to forward
DHCP/BOOTP messages between subnets. Because the VPN servers act as routers for network traffic, the
DHCP relay agents are configured on the VPN servers.
For more information about installing and configuring DHCP relay agents, see “Configure the DHCP Relay
Agent” in Help and Support Center for Windows Server 2003.
Additional Resources 107
Scope Configuration
By using the 80/20 split-scope configuration for fault tolerance and availability, scopes for all six subnets on the
company network are defined on both DHCP servers. Exclusion ranges are used to allocate available addresses
per scope, per server, as follows:
• The main office DHCP server is configured with 80 percent of the IP addresses available for
lease to clients in each scope serving subnets A and B and 20 percent of the IP addresses
available for lease to clients located at the branch office (subnets C through F).
• The branch office DHCP server has 80 percent of all addresses in all scopes available for lease
to clients in the branch office (subnets C through F) and 20 percent of all addresses in all scopes
available for lease to clients located in the main office (subnets A and B).
Thus, if either server suffers a hard-disk failure or other failure, the alternate server is available to assign and
renew leases on all subnets.
To achieve the 80/20 rule, each Class C IP address range of 254 IP addresses available in each non-wireless
scope is divided in the following manner:
• 20 IP addresses for static assignments.
• 187 IP addresses, or 80 percent of the addresses for lease, in the address pool of the DHCP
server at the same site.
• 47 IP addresses, or 20 percent of the addresses for lease, in the address pool of the DHCP server
at the other site.
108 Chapter 2 Deploying DHCP
Table 2.5 shows the address pools and exclusion ranges configured on the branch office DHCP server.
Table 2.5 Scope Configurations on the DHCP Server at the Branch Office
Scope Name Address Range Exclusion Ranges Address Pool
A 192.168.0.1 to 192.168.0.1 to 192.168.0.20, 192.168.0.21 to
192.168.0.254 192.168.0.68 to 192.168.0.254 192.168.0.67
B (wireless) 192.168.1.1 to 192.168.1.1 to 192.168.1.203 192.168.1.204
192.168.1.254 to
192.168.1.254
(continued)
Additional Resources 109
Table 2.5 Scope Configurations on the DHCP Server at the Branch Office (continued)
Scope Name Address Range Exclusion Ranges Address Pool
C (wireless) 192.168.2.1 to 192.168.2.1 to 192.168.2.5, 192.168.2.6 to
192.168.2.254 192.168.2.204 to 192.168.2.203
192.168.2.254
D 192.168.3.1 to 192.168.3.1 to 192.168.3.20, 192.168.3.68 to
192.168.3.254 192.168.3.21 to 192.168.3.67 192.168.3.254
E 192.168.4.1 to 192.168.4.1 to 192.168.4.20, 192.168.4.68 to
192.168.4.254 192.168.4.21 to 192.168.4.67 192.168.4.254
F 192.168.5.1 to 192.168.5.1 to 192.168.5.20, 192.168.5.68 to
192.168.5.254 192.168.5.21 to 192.168.5.67 192.168.5.254
Lease Duration
Subnet B in the main office and Subnet C in the branch office are both wireless subnets. Because wireless
clients (portable computers and other portable devices) are connected to and disconnected from the network in
large numbers and for short intervals throughout the average day, lease duration on these two subnets is set for
15 minutes. These short lease times help to ensure that the maximum number of IP addresses are available in the
scope as clients connect to the network.
Lease time for all other (nonwireless) subnets is eight days.
Scope Options
Each scope is configured with option 249, classless static routes. Using classless static routes, each DHCP client
can be easily configured with the route to any destination on the network, and the subnet mask can be specified.
Because each scope represents a physical subnet, the scope can be viewed as the start location for any message
that is to be sent by a client to another subnet. The parameters used to configure option 249 are Destination,
Mask, and Router. One or more static routes can be configured with option 249; the company provides all
DHCP enabled clients on the network with routes to all other subnets using option 249.
This option is not configured as a server option because it maps routes between subnets, so no one set of values
for the required parameters of Destination, Mask, and Router is always correct. For example, subnets A and D
each use a router (that is, a VPN server configured with the Routing and Remote Access service and DHCP
Relay Agent service enabled) to communicate with each other. Of course, the routers they use are different, and
the destination is different in each case.
110 Chapter 2 Deploying DHCP
Server Options
The DHCP standard options shown in Table 2.6 are configured as server options at the main office DHCP
server.
Table 2.6 Example DHCP Options
Option Description Value
Number
006 DNS servers 192.168.0.3, 192.168.3.3
044 WINS/NBNS servers 192.168.0.4, 192.168.3.4
132 Enable NBT hostname resolution Byte: 0x1 (1=on)
133 Enable gethostbyname() WINS Byte: 0x1 (1=on)
resolution
Other Settings
Scopes on both DHCP servers are configured with the same reservations, lease durations, scope options, and
server options.
Additional Resources
These resources contain additional information and tools related to this chapter.
Related Information
• The Networking Guide of the Windows Server 2003 Resource Kit (or see the Networking Guide
on the Web at http://www.microsoft.com/reskit) for more information about Dynamic Host
Configuration Protocol (DHCP).
• “Dynamic Host Configuration Protocol” in the TCP/IP Core Networking Guide of the
Microsoft® Windows® 2000 Server Resource Kit.
• “Deploying DNS” in this book.
• “Deploying IPSec” in this book.
• “Designing an Authentication Strategy” in the Designing and Deploying Directory and Security
Services book of this kit for more information about using a certification authority.
• DHCP for Windows 2000, by Neall Alcott, 2001, Sebastopol, CA: O’Reilly & Associates.
• RFC 1542: Clarifications and Extensions for the Bootstrap Protocol.
• RFC 2131: Dynamic Host Configuration Protocol.
• RFC 2132: DHCP Options and BOOTP Vendor Extensions.
Additional Resources 111
Related Tools
• DHCPExim tool
For more information about DHCPExim, see the Resource Kit Tools link on the Web Resources
page at http://www.microsoft.com/windows/reskits/webresources.
• Netsh
For more information about Netsh, in Help and Support Center for Windows Server 2003, click
Tools, and then click Command-line reference A-Z.
Related Help Topics
For best results in identifying Help topics by title, in Help and Support Center, under the Search box, click Set
search options. Under Help Topics, select the Search in title only checkbox.
• “Checklist: Installing a DHCP server” in Help and Support Center for Windows Server 2003.
• “Checklist: Installing a DHCP Service resource” in Help and Support Center for Windows
Server 2003.
• “Checklist: Installing a MADCAP server” in Help and Support Center for Windows
Server 2003.
• “Cluster support for DHCP servers” in Help and Support Center for Windows Server 2003.
• “Configure the DHCP Relay Agent” in Help and Support Center for Windows Server 2003.
• “Netsh” and “Netsh commands for DHCP” in Help and Support Center for Windows
Server 2003.
• “Add Dynamic BOOTP Client Support to a Scope” in Help and Support Center for Windows
Server 2003.
• “Using Routing and Remote Access servers with DHCP” in Help and Support Center for
Windows Server 2003.