Dynamic Host Configuration Protocol (DHCP) centralizes IP address assignment management by allowing a server to dynamically assign IP addresses to clients. DHCP also allows users who move from network to network to easily obtain an IP address appropriate for the subnet they are connected to.
The DHCP server and the client use broadcasts to communicate with each other. The table below describes the method clients use to obtain an address from a DHCP server.
Broadcast | Description |
DHCP Discover (D) | The client begins by sending out a DHCP Discover broadcast to identify DHCP servers on the network. |
DHCP Offer (O) | A DHCP server that receives a Discover advertisement from a client responds with a DHCP offer. The offer contains a proposed IP address lease. If more than one DHCP server sends an offer packet, the client usually responds to the first DHCP offer that it receives. |
DHCP Request (R) | The client accepts the offered address lease by responding with a DHCP request broadcast. |
DHCP ACK (A) | The DHCP server responds to the request by sending a DHCP ACK (acknowledgement) broadcast. At this point, the IP address lease is established between the client and server. |
If the DHCP server is separated from the DHCP client by a router, additional implementation steps are required because most routers will not forward broadcasts between segments. One option you can use in this scenario is to implement a DHCP relay agent, which forwards DHCP broadcasts on its segment to a DHCP server on a different network segment.
The following table discusses facts related to the DHCP authorization process.
DHCP Authorization | Description |
Requirements | Authorization requirements for a DHCP server include the following:Authorization is required if you are using Active Directory; no authorization is required for a standalone server.If you use Active Directory, DHCP servers must either be domain controllers or domain member servers to be authorized DHCP.When you authorize a DHCP server, its IP address is added to a list of authorized DHCP servers maintained in Active Directory.To authorize a DHCP server, you must be logged in as a member of the Enterprise Admins group. If you install a DHCP server as an enterprise admin, the server is automatically authorized. |
Verification | Keep in mind the following about DHCP server authorization verification:You can authorize a server before or after DHCP is installed.When a DHCP server starts, its IP address is compared to the Active Directory list. If it is found, the server is allowed to issue IP addresses. If it is not found, the server automatically shuts down before completing the startup process.A Windows DHCP server checks for authorization when it boots and reauthorizes every five minutes.DHCP servers running other operating systems, such as Linux or Unix, do not check for authorization with a domain controller before assigning addresses. |
The DHCP Server role must be installed to set up a DHCP server in Active Directory.
Keep in mind the following when configuring a DHCP Server.
Configure the DHCP service to auto start.
The DHCP Server must have a static IP address assigned.
When you set up DHCP on a member server and add a user to the DHCP Administrators group, that user has DHCP Administrator rights only on the member server. If you delegate administration on a domain controller, the DHCP administrator has rights on all DHCP servers in the domain.
To configure a DHCP server to deliver IP addresses, you must configure the scope. A scope is the range of IP addresses that the DHCP server can assign to clients. Be aware of the following when working with scopes:
There is only one scope allowed per network segment.
The scope must be activated before the DHCP server will assign addresses to clients. After you activate a scope, do not change its range of IP addresses.
A scope has a subnet mask that determines the subnet for a given IP address. You cannot change the subnet mask in an existing DHCP scope. To change the subnet mask used by a scope, you must delete and recreate the scope.
Lease duration values are part of the scope properties and determine the length of time a client can use the IP address leased through DHCP.
In addition to providing an IP address, the DHCP server can also provide DHCP clients with additional IP configuration parameters using options. Commonly used DHCP options include the subnet mask, the default gateway router address, and one or more DNS server addresses. You can configure four option levels:
Server options are applied to all computers that get an IP address from the DHCP server, regardless of which scope they obtain the address from. For example, if your organization has only one DNS server, then all DHCP clients need the same DNS server address. You can do this most efficiently with a server option.
Scope options are applied to all computers that get an IP address from a particular scope on the DHCP server. For example, each scope may need to be configured with a default gateway address option that is appropriate for the scope's subnet.
Class options are applied to all computers that are members of a particular class. To do this, you must first configure the class individually on each computer so the DHCP server knows what class it belongs to. Class options are not commonly implemented.
Client options are applied to a specific DHCP client. The client's MAC address is used to identify which system receives the option.
The DHCP console provides context-sensitive icons to reflect DHCP server status as follows:
A check mark in a green circle indicates that the DHCP server is connected and authorized.
A red down arrow indicates that the DHCP server is connected but not authorized.
A horizontal white line inside a red circle indicates that the DHCP server is connected, but the current user does not have the administrative credentials necessary to manage the server.
An exclamation sign inside a yellow triangle indicates that 90 percent of available addresses for server scopes are either in use or leased.
An exclamation sign inside a blue circle indicates 100 percent of available addresses for server scopes are either in use or leased.
I hope you find it useful, let me know your thoughts on this in the comments. If you have any issues or questions about it, feel free to contact me. Thank you 🌟 for reading! like, share and subscribe to my newsletter for more! 💖