Solved

Window DHCP Services

Posted on 2014-01-21
15
818 Views
Last Modified: 2014-01-21
A DHCP new services have been setup on my Window server to lease different subnets but the workstations in different subnet can't be leased the IP successfully,  Network switch has been setup with DHCP relay for these subnets.

Is there any software installed on the server or client such that I can see the DHCP request and response between the server and client ?

To clarify my understanding, for a DHCP server (leasing 3 different subnets) and a Window 7 (DHCP client) sitting on the same 'physical network'. When the client request a IP address, will the DHCP server reply to the client with a IP address from each subnet ? When will the DHCP server release a IP subnet that do not belong to the IP subnet of the server ?

Tks



Tks
0
Comment
Question by:AXISHK
  • 6
  • 5
  • 2
  • +1
15 Comments
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 166 total points
ID: 39797112
Under normal circumstances, the DHCP server will only reply with one address. By default, the address will be from the scope with the same subnet as the NIC that the DHCP server is bound to. It will only reply with an address from another scope if it gets a request from a DHCP relay agent. In that circumstance, the relay agent include the subnet that it belongs to as part of the request, so even then only one lease would need to be returned. One from the scope matching the relay request.
0
 

Author Comment

by:AXISHK
ID: 39797150
So, on a simple switch connecting to a DHCP server and a single workstation, I can' t test the other DHCP scope to see whether it can successfully lease out or not.

How can I check the DHCP handshaking between server and client to see how it goes ?

Tks
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39797155
Not without changing your NIC settings, no.

Wireshark or NetMon will both let you capture and analyze DHCP requests  and responses.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 167 total points
ID: 39797196
You can hand-out multiple subnets from a single DHCP server. The way the DHCP server knows which IP to hand-out is based on the VLAN ID Scope Option.

You need to do the following...
- for each subnet (vlan) on your switch add the IP Helper address of the DHCP server
- create each scope on your DHCP server and use the VLAN ID option to identify each Subnet

Example below...
VLAN1 = 192.168.1.x
VLAN2 = 192.168.2.x
VLAN3 = 192.168.3.x

DHCP server resides on VLAN1 has an IP of 192.168.1.10
Create a new scope on the DHCP server for 192.168.2.x
Add the VLAN ID option value = 2
Do the same for VLAN3 etc...

When users from VLAN 2 request an IP Address they will use the IP Helper address (192.168.1.10) and the scope VLAN ID option has a value of 2 it will then hand-out the address for the client of 192.168.2.x.

I have this exact setup done in our environment for Guest Wifi and also Production Wifi so that we can manage the lease times separately for wireless.

You need to specify the VLAN ID option because this is the only way the DHCP server knows what scope to use for each clinet connection based on the VLAN they are requesting from.

Will.
0
 

Author Comment

by:AXISHK
ID: 39797200
But in case the server IP address has bind two more IP subnet (ie, .10 & .20) beside the existing IP address (.30), can it help ?

To clarify my understanding, for the DHCP relay, does it mean DHCP relay will have two legs one on .20 and one on .30. From the workstation, it doesn't know what subnet it will request. It only send out DHCP request which is received by DHCP relay. And DHCP relay will release a .20 subnet from the DHCP server on .30 subnet. DHCP server will release a IP from .20 subnet to DHCP relay and DHCP relay will then reply this address to workstation, correct ?

.30.0 subnet --------- DHCP relay ( .20 subnet) -------- workstation on (.20 subnet)
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39797206
Is there any software installed on the server or client such that I can see the DHCP request and response between the server and client ?
You can install Wireshark on the client to capture the packets and diagnose the DORA packets. There are many good video on this in Youtube.

When the client request a IP address, will the DHCP server reply to the client with a IP address from each subnet ?
When the clients send DHCP "Discovery" message to a DHCP server, the DHCP server check its own interface where the request is received from. It then matches the DHCP pool on that subnet and sends DHCP "Offer" with a single IP on that DHCP pool. If the DHCP server receives the Discovery request from a relay agent, it considers the source to be the DHCP relay subnet.
If there are multiple DHCP servers in the network, multiple servers might offer IPs to the client. Its the DHCP client that decides which IP to accept, by confirming the choosen DHCP server with a DHCPRequest. A server then confirms with a DHCPACK.
Request for IP from DHCP Client and Initial offer is transmitted as broadcast. and last two process is Unicasted.

When will the DHCP server release a IP subnet that do not belong to the IP subnet of the server ?
Do you mean DHCP relay, typically a router blocks broadcast packets. When IP Helper is enabled, DHCP broadcasts are directed to the specific DHCP server by the router.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39797207
The DHCP server does NOT require to be dual home to 2 different networks. As long as it can talk (ping) to another subnet it will work without isuse. You just need VLAN ID and IP helpers in place.

Will.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 11

Expert Comment

by:Miftaul
ID: 39797224
DHCP relay doesn't necessarily have to have two legs, it needs to have IP reachablity to the DHCP server. A router blocks any broadcast packets, but when DHCP relay is configured with IP Helper, these DHCP broadcast "Discovery" packets are forwarded by the default gateway to the DHCP server configured using IP Helper.
0
 

Author Comment

by:AXISHK
ID: 39797244
WHAT IS THE different between relay and helper ? FORMER CAN TREAT AS A lp device while the other is a service ?
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39797309
DHCP relay is enabled using IP Helper. Other than enabling DHCP relay, IP helper also enables other services.
0
 

Author Comment

by:AXISHK
ID: 39798838
So, actually IP helper is used and one of the service enabled is DHCP relay. With IP binded on DHCP relay, it can forward the DHCP request for that subnet that DHCP relay has binded. Correct.

Tks
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39798902
Yes, exactly.

DHCP discovery messages are broadcast packets, but if the DHCP server is in a different subnet, a router will not broadcast them. What IP helper does is, forward those DHCP requests and unicast them to the configured DHCP server.

In a cisco router, IP-helper also enables some additional services.

When you enable the IP Helper address, all traffic for the UDP ports are automatically forwarded to the address specified.

UDP Traffic Forwarded by IP Helper Address
UDP PORT      Common Name
69      TFTP
67      BOOTP Client
68      BOOTP Server
37      Time Protocol
49      TACACS
53      DNS
137      NetBios
138      NetBios Datagram

Source - Link
0
 

Author Comment

by:AXISHK
ID: 39798918
"You need to specify the VLAN ID option because this is the only way the DHCP server knows what scope to use for each clinet connection based on the VLAN they are requesting from. "


Are you talking about the setting on the DHCP server, or the ports configuration on the switch ?

Tks
0
 
LVL 11

Accepted Solution

by:
Miftaul earned 167 total points
ID: 39798962
"You need to specify the VLAN ID option because this is the only way the DHCP server knows what scope to use for each client connection based on the VLAN they are requesting from. "

This is a partial truth. We might not have VLANs in place at all. VLAD ID option is not a mandatory requirement on a DHCP server address pool configuration.
When a DHCP relay agent unicasts the DHCP broadcast requests to the DHCP server, it actually puts its own interface address in the giaddr field of the request packet. DHCP server checks this GIADDR and determine which pool of addresses to use to service the request with a DHCP Offer.

Are you talking about the setting on the DHCP server, or the ports configuration on the switch ?
No configuration needed on switch ports. Its the VLAN interface or the router interface which will act as the relay.
0
 

Author Closing Comment

by:AXISHK
ID: 39798982
Tks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now