Configure Dynamic Host Configuration Protocol on Windows 2000 Server

Materials: Working complete PC Blank Diskette Student Diskette, "New Boot A Ver 2.0+" Student CD-ROM, "Windows 2000 Server OEM" Objectives: The student will become familiar with: Installation of the DHCP Service on Windows 2000 Server, Configuration of the DHCP Service on the WIndows 2000 Server, The definition, role and function of the DHCP Service on the network. Competency: The student will learn how to install and configure the Dynamic Host Configuration Protocol service on a Windows 2000 Server. The student will also become familiar with the nature and role of the DHCP service within the network.

The DHCP service must first be installed on the server. (It is in the same location as the installation of the DNS and WINS services). Once this is done then the configuration procedures below may be undertaken.

This tutorial is an integral component of the installation of a single standalone Windows 2000 Domain Controller as the first server of a new network. This series of tutorials will take the student through the process from start to finish:

• Clean Installation of Windows 2000 Advanced Server
• Installation of the DHCP, DNS and WINS Server services
• Configuration of the DNS server service
• Configuration of the DHCP server service (This module)
• Promotion of the Windows 2000 Advanced Server to a Domain Controller

DHCP evolved out of the BOOTP protocol used to boot up diskless workstations and also issue them TCP/IP configuration information automatically as they started up (See Installation of 3rd party PXE Services on Windows 2000 Server for details on how to setup a PXE server and diskless workstation). It was found that the network administrator would configure a BOOTP server one time and then workstations could come and go from then on and function on the TCP/IP network with no additional configuration required. Yet on "diskfull" stations the network administrator would have to manually configure TCP/IP on each client; an endless task in huge fast growing or changing networks. In order to automate the TCP/IP configuration of regular network clients the BOOTP technology was used as the basis for this new technology: DHCP.

As such DHCP still uses UDP Ports 67 and 68 just like the BOOTP protocol. This means that the network cannot have both a BOOTP and a DHCP server running at the same time and in fact it simply should not have both types of server. This is one of the reasons that Windows 2000 Server products do not natively include BOOTP. The Windows 2000 DHCP service does support functioning as a BOOTP Forwarding Agent. However, if this is activated the DHCP server will no longer function as a DHCP server. Again due to the fact that both technologies use the same UDP ports to communicate over the network.

When a workstation starts up and has been configured to use DHCP, then that system does not have any TCP/IP configuration information: it does not have an IP address, subnet mask or default gateway (amongst the many other configurable parameters of the TCP/IP protocol on the workstation, but these are critical to basic functionality). It therefore cannot use TCP/IP yet, but it must still locate a DHCP server and request the TCP/IP configuration parameters from that server and receive them. Furthermore, since the server is sending out IP addresses to be used by workstations, called leases, it must also be able to receive DHCP server location attempts by the workstation and be able to communicate the configuration information to that workstation. The DHCP server must also record the IP addresses that it has already leased out to prevent IP address duplication on the network which will cause one or both workstations TCP/IP connectivity to fail (this is designed into the workstation TCP/IP protocol suite stack drivers).

The workstation transmits a DHCPDISCOVER packet to initiate a lease dialog with the DHCP server which will ultimately end up configuring the workstation to use TCP/IP on the network. The DHCPDISCOVER packet is a simple Ethernet frame containing a very simple IP packet. The Ethernet frame contains the source MAC address of the workstation (obtained from the physical NIC drivers) and the destination MAC address is FF-FF-FF-FF-FF-FF which in Ethernet frames means "This is a broadcast" and all machines on the network that receive the frame will accept it (though non-DHCP servers will not understand it and throw it away). The source IP address in the IP packet carried by the Ethernet frame is 0.0.0.0 (since the workstation does not have an IP address yet) and the destination IP address of the IP packet is 255.255.255.255 which in IP packets means: "This is a broadcast" The transaction ID of the packet is unique to DHCPDISCOVER packets which is how the packet will ultimately end up being discarded by non-DHCP servers who do not know what the packet is for. DHCP servers will recognize the packet and will respond with a DHCPOFFER.

The DHCPOFFER packet is an Ethernet frame transmitted by the server in response to the DHCPDISCOVER packet. The packet contains the Ethernet source MAC address of the DHCP server. The destination MAC address is the workstation's MAC address which the DHCP server got from the original DHCPDISCOVER packet transmitted by the workstation. This is how the DHCPOFFER can be directed at this PC only and is not an Ethernet broadcast. The source IP address of the IP packet that the DHCPOFFER Ethernet frame carries is the IP address of the DHCP server (since it already has one) and the destination IP address of the packet is 255.255.255.255: a broadcast. This must be done because the workstation does not have its own unique IP address yet.

At this point the workstation will transmit a DHCPREQUEST packet back to the DHCP server. The Ethernet source MAC is the workstation's and the destination MAC is still a broadcast. The IP source address is still 0.0.0.0 because now the workstation is actually requesting the IP address that the server just offered in the DHCPOFFER packet. The IP destination address is still 255.255.255.255 also. This is done for two reasons: 1) The original broadcast made it to the DHCP server so in all likelihood this packet will make it to the server as well, 2) if there is a second DHCP server on the network it will immediately see that the workstation has made the request to the other DHCP server which means that the workstation has rejected its offer and it can lease that IP address to the next requesting PC. So the fact that the workstation broadcasts back to the server even though it knows its MAC and IP addresses is done for reliability of the transmission and to inform other DHCP server's that their requests were rejected.

Upon receipt of the DHCPREQUEST the DHCP server will transmit a DHCPACK (ACKnowledge) packet. The Ethernet frame source MAC is the server's, the destination MAC is the workstation's (directed, also called unicast) The IP packet the frame carries has the source IP address of the server and the destination IP is 255.255.255.255: a broadcast. This is done because the workstation does not know that the server has accepted the request yet, so it cannot assume that the IP address belongs to it until after it receives and interprets this packet. The contents of this packet contain all of the TCP/IP configuration information including the IP address, subnet mask, and default gateway and any other parameters that have been configured for the workstations to use.

At this point the TCP/IP protocol stack of the workstation loads these values and begins full operation on the network.

Making a Windows 2000 server into a DHCP server is simply a matter of installing the DHCP service which is not an operating system default, and then configuring the server by informing it what IP address pool it is allowed to lease and what subnet mask and default gateway and other TCP/IP paramaters it is supposed to give to the workstations. The procedures below outline the most basic DHCP configuration so that it will work with the workstations in the lab. DHCP can be incredibly complex and difficult to configure in some environments; in these situations a much stronger knowledge of the operating system will be needed: an MCSE.

1. Once DHCP has been installed on the server it can be configured. To begin configuration of DHCP open Start > Programs > Administrative Tools > DHCP:

   
   
   

2. This opens the Microsoft Managenment Console DHCP snap-in. The service already knows that it needs to be setup and indicates this in the main window pane with an invitation to "Add a Scope". A DHCP server must be given the range of TCP/IP addresses that it is allowed to lease to the DHCP clients when the ask for IP addresses. Under normal circumstances the DHCP server will lease addresses from its own subnet but this is probably not necessary. In enterprise level networks DHCP servers could possibly service multiple address ranges even ones to which the server does not actually belong. However, for this exercise the DHCP server will be the one setup in the Installation of DNS, DHCP, and WINS tutorial and it will be a member of the 200.200.200.0 class "C" network. The server can be manually configured to use either 200.200.200.1 or 200.200.200.2 and it will service the entire 200.200.200.0 network. That is, it will be the only DHCP (and DNS) server on the network and all addresses of this network other than its own and some reserved addresses will be under its control to lease to all clients of the network. The little green arrow icon overlay on the server indicates that it is up and running:

   
   
   

3. Now click Action > New Scope...:

   
   
   

4. This opens the Add New Scope Wizard, click Next:

   
   
   

5. In this exercise a scope will be created for the planned installation of the Remote Installation Service module, but their are no functional differences in this scope. Name the Scope and include a description then click Next:

   
   
   

6. In this screen the New Scope Wizard needs the address range or the scope itself. Enter a starting address of 200.200.200.1 and the ending address of 200.200.200.254. Remember that the address 200.200.200.255 is NOT a host address, but is the broadcast address of this network and therefore is not a valid host address that the DHCP should be allowed to assign to a client and is therefore not included within the scope. Windows 2000 should automatically fill in the boxes at the bottom, click Next:

   
   
   

7. In this screen address exclusions can be placed on the scope including single addresses and ranges. Type in the starting and ending addresses of 200.200.200.1 to 200.200.200.49 and click the Add button. The DHCP server will not lease these addresses to any DHCP client and this range includes the server's address so it will not make the mistake of duplicating its own address on the network. The reserved range is large enough so that other fixed address nodes can be added safely at a future time such as additional servers, network printers, etc:

   
   
   

8. To exclude a single address enter it in the start address, in this case 200.200.200.200 which will be reserved for testing and experimentation on the network, and click the Add button, then click Next:

   
   
   

9. This screen is used to specify the duration of a lease. When a client accepts the lease from the server, the server makes a notation that the address is in use. It will consider it in use for the amount of time indicated here and will not offer the address to any other client, even if the client that received the address has logged of and shutdown. This allows systems to retain their lease for conveniently long periods of time and reduces lease renewal DHCP activity on the network. Accept the 8 day offer and click Next:

   
   
   

10. The minimal TCP/IP functional configuration is the IP address, subnet mask, and default gateway. So far the only TCP/IP parameter that has been dealt with in this wizard is the IP address. In order to configure more parameters for the clients click the "Yes..." radio button then click Next:

    
    
    

11. This screen configures the default gateway for the client. That is, when the client requests its IP address from the DHCP server, the server will send it the next unused one from the scope range, it will also send it the address of the default gateway that will be entered here at this screen. There are a large number of TCP/IP configuration settings that can be configured at the server to be forwarded to the clients, but this wizard only covers the essential ones to get the client functioning properly, enter the address of the server and click the Add button, then click Next:

    
    
    

12. In this screen the client can be given the network Domain name and the address of the DNS server for that domain. Enter the name of the domain that the server is the domain controller of (See Installing Active Directory on the Windows 2000 Server) Note that the server has not been promoted to a domain controller yet, so use the name of the domain that will be used in the future when the system is promoted to Domain controller. DNS should have been configured already so enter the server's name in the server name box and click Resolve. If the address does not resolve then either DNS has not been installed, configured, or it is not working. (See Installing DNS and Configuring DNS). Click the Add button then click Next:

    
    
    

13. When WINS is installed it pretty much should work automatically upon reboot. Since it was installed when the DNS and DHCP services were chosen (See Installing DNS, DHCP and WINS enter the server name and click Resolve then click Add. Now click Next:

    
    
    

14. Click "Yes..." to activate the scope now, this is giving the server permission to begin DHCP server operations immediately at the conclusion of the wizard:

    
    
    

15. Click the Finish button:

    
    
    

16. The display may take a few minutes to refresh but will end up showing the new scope and server as up and running like this:

    
    
    

17. At this point both DNS and DHCP should be up and running. Be sure of this before attempting to startup a client that will depend on both services. Once both services have been configured and confirmed that they are up and running then attach a Windows 2000 client PC to the room hub using a standard straight-through UTP cable attached to the 3COM NIC of the client. Be sure that the client is set to use DHCP by checking the Network properties. Restart the system and it should receive the address 200.200.200.50 (the first one available from the scope. Use IPCONFIG /ALL to determine all of the other settings that the DHCP server has provided the client: do they all match the choices made in the DHCP server configuration settings made in the above exercise?

Copyright©2000-2004 Brian Robinson ALL RIGHTS RESERVED