Article directory
1. What is DHCP?
DHCP (Dynamic Host Configuration Protocol) is a standard protocol defined by RFC 2131. This protocol allows the server to dynamically assign IP addresses and configuration information to clients. The popular point is to automatically assign IP addresses . Why should it be automatically allocated? The main reason is that except for professional network engineers, many ordinary people do not know how to configure IP, so with this protocol, it is very convenient for ordinary people to use the Internet.
Two, DHCP related concepts
Address pool/scope : (IP, subnet mask, gateway, DNS, lease), DHCP protocol port is UDP 67/68
3. Advantages of DHCP
Reduce workload, avoid IP conflicts, and improve address utilization
4. Principle of DHCP
The DHCP principle is also called the DHCP lease process , which is divided into 4 steps:
1. The client sends a DHCP Discovery broadcast packet (discover who is the DHCP server)
The client broadcasts the request IP address (including the MAC address of the client)
2. The server responds to the DHCP Offer broadcast packet
The server responds with the provided IP address (but without subnet mask, gateway, etc. parameters)
3. The client sends a DHCP Request broadcast packet
The client selects the IP (it can also be considered as confirming which IP to use)
4. The server sends a DHCP ACK broadcast packet
The server determines the lease and provides detailed network card parameters IP, mask, gateway, DNS, lease, etc.
5. DHCP contract renewal
When 50% of the lease period expires, the client will send a DHCP Request packet again to renew the contract. If the server does not respond, it will continue to use and send a DHCP Request packet again at 87.5% to renew the contract. If there is still no response, the client will release IP address, resend the DHCP Discovery broadcast packet to obtain the IP address
. When there is no server response, automatically assign a 169.254.xx/16 to itself , which belongs to the global unified invalid address and is used for temporary intranet communication.
6. Deploy the DHCP server
1. Fixed IP address (the server must have a fixed IP address)
If you want to set a host as a DHCP server, the IP address must be fixed, otherwise it cannot be set as a DHCP server. In the same way, all server IP addresses must be fixed. Just imagine, if the IP addresses of websites such as Baidu and JD.com we visit often change, can users still use them?
2. Install the DHCP service plug-in
Taking the Windows2003 server as an example, the installation process of the DHCP service plug-in is as follows:
- Double-click to open the 2003 image disc, as shown in the figure below
- Click [ Install Optional Windows Components ] with the mouse, as shown below
- Scroll down to find [ Network Services ], then double-click to open it
- Find [ Dynamic Host Configuration Protocol (DHCP) ], and check it, then click [ OK ], [ Next ] to install it.
5. Verify that the DHCP service plug-in is installed, open the console with the cmd command, and enter the command: netstat - an , and then press Enter, you can see as shown in the figure below, where the port numbers 67 and 68 are the DHCP service port numbers, which proves that the service is enabled
3. New scope and scope options
After the DHCP service is enabled, services cannot be provided to users because there is no IP address pool, and the next step is to create an address pool, that is, a scope (called an address pool in a Linux system, and a scope in a Windows system).
The steps to create a new scope are as follows:
- Click [ Start ] in the lower left corner with the mouse, then click [ Management Tools ], find the [ DHCP ] plug-in installed in the previous step , and click Open
- Enter the DHCP service page, right-click the DHCP server name, and select [ New Scope ] from the drop-down list
- Click [ Next ]
- The function domain name and description here can be written by yourself. If in the actual production scenario, it is usually to write the company name, and then [ Next ]
- Define the address range and prepare the available address range for the client, for example, as shown in the figure below, the range ranges from 10.1.1.21-10.1.1.250. And the subnet mask length is used to determine the network segment. Then click [ Next ]
- The range of IP addresses to exclude, that is, the range of IP addresses that are not used by clients. As shown in the figure below, 10.1.1.222 is excluded, that is, the address is not allocated. Then click [ Next ]
- Define the lease period, that is, the usage time of the IP address, as shown in the figure below, the lease period is set to 1 hour. Then click [ Next ]
- This page is to ask whether you want to configure the corresponding gateway, DNS and other parameters for the IP now, click [ Yes ] here, and then click [ Next ]
- To configure the gateway, you need to consult the company’s engineers for the address of the gateway. If you don’t configure it, you can communicate internally, but you can’t access the Internet. After configuring it, click [Next ] .
- To configure the DNS server, you don’t need to worry about the [Parent Domain] on the page, you only need to configure the IP address of the DNS server. For the DNS IP address, you must first know which network operator your company is, such as China Telecom, China Mobile, etc., and then query the DNS server address of the operator in the city where you are located online, and configure it. You can also configure it as shown in the figure below. Two server IPs, if the first one fails and cannot be used, the second one will be used as a substitute by default. Then click [ Next ]
- As shown in the figure below, the wins server is an early ancient server. It is the previous generation product of the DNS server. Now it has been eliminated in the market and is not used, so skip it here and click [ Next ]
4. Activate
- Do you want to activate the address pool (scope) now, because we are doing experiments now, so just activate it directly. If it is in real work, do not activate it first, you can check whether the scope is configured correctly, and then activate it if there is no problem. If it is not activated, even if it is configured, other clients cannot be used. Once activated, it can be used normally. Then click [ Next ]
- Click [ Finish ] to complete the configuration
- Then go back to the DHCP service page, you can see that there are more scopes under the server name, click to see all the parameters just configured
5. Client Authentication
ipconfig /release to release the IP (cancel the lease, or manually configure the IP, or release the lease)
ipconfig /renew to reacquire the IP (if there is an IP, send a request to renew the contract, and if there is no IP, send a Discovery to reacquire)
7. Address reservation
For the specified MAC address, dynamically assign a fixed IP address . If the boss of the company likes the number 168 and wants the IP of 10.1.1.168, what should he do?
Some friends may say: just manually configure the IP to 10.1.1.168. That's a bad thing. After the boss came home, he found that he couldn't access the Internet, and he was furious when he came back the next day. It's very simple. When I go home, I'm not on the same LAN as the company. I don't have the IP 10.1.1.168 at home, so I can't access the Internet.
So the dynamic address reservation is used here, what does it mean? That is, the IP address is still assigned dynamically, but as long as the computer is connected to the LAN, the IP address 10.1.1.168 will be assigned to him instead of randomly assigned to him. And because it is an automatic allocation mode, you can still surf the Internet when you get home.
The address reservation configuration steps are as follows:
- Right-click [ Reserve ], and then click [ New Reservation ] in the drop-down list
- Reserve the name for any definition, fill in 10.1.1.168 for the IP address, and then fill in the MAC address of the computer whose IP address needs to be fixed for the MAC address, so that the IP address is tied to that computer, such as the boss’s computer MAC address. The MAC address search method is cmd, enter the ipconfig /all command in the console , you can see the MAC address, the description can be left blank, and then click [ Add ]
- After adding, you can see that there is a set reserved address in the reservation option, as shown below
- Verify it, as shown in the figure below
Eight, option priority
In the previous step, we configured the reserved IP address, which is 10.1.1.168, but you should notice that I did not configure parameters such as gateway and DNS for this IP, so does this IP address have these parameters? The answer is yes, we can click on the reserved IP to see as shown in the figure below
So why are there these parameters? In fact, because the reserved IP is also in this scope, all configuration options of this scope will be inherited. For example, we can click on the scope option, as shown in the figure below, which is the same as the reserved IP configuration above.
Now do a small experiment: Suppose the company has two scopes (address pools), such as the scopes at the beginning of network segments 10 and 20. I hope that everyone in the company will get IP from my server, so I will create them here 2 scopes, delete the original scope first, and start creating new ones one by one.
Create the first scope first, and the name is IT, which is the company's IT department
Set the IP range to a network segment beginning with 10, configure as shown in the figure below, and then click [ Next ]
Do not write here if you exclude it, directly [ Next ]
The lease here is also the default, directly [ Next ]
Click [ No ] here for setting options , that is, we will not set gateway, DNS and other parameters for this scope temporarily, and then click [ Next ]
Click【Finish】
Then right-click [ Scope ], click [ Activate ] in the drop-down list to activate the scope
We click on [ Scope Options ], and we can see that there is nothing, because nothing is configured except IP just now. If the client obtains IP from this server, it will only have the IP address and subnet mask, without gateway and DNS, then we must add the gateway and DNS configuration information in the scope option, which will not be added here
Then go back to the server, right-click to create a new scope, the name is Finance, it is the network segment for the finance department, click [ Next ]
The IP address is configured as a network segment beginning with 20, as shown in the figure below, and click [ Next ]
Followed by [ Next ], until the end, the configuration option page, change to [ No ], that is, do not configure the gateway, DNS, etc., then [ Next ], [ Finish ]
Also activate the scope, you can see that the [ Scope Options ] is also empty
You can see that both [ Scope Options ] are empty, and then there is [ Server Options ] below, right-click [ Server Options ], and click [ Configure Options ] in the drop-down list to configure server options
Scroll down, find [ DNS Server ], check it, and then configure the IP address of the DNS server in the IP address, click [ Add ], and click [ OK ]
We can see that a DNS server IP parameter is specified in [ Server Options ], as shown below
Then right-click the [ Scope Options ] of the two scopes, and click [ Refresh ] in the drop-down list , as shown below
After refreshing, you can see that both scope options have the DNS parameters just configured for [ Server Options ]
Seeing this, we can understand that [ Scope Options ] is inherited from [ Server Options ]. That is to say, if there are too many scopes on the server, we don’t have to set parameters for each scope separately, we only need to set the [ Server Options ] once, and the others have these configuration parameters. In fact, these departments are all affiliated to an enterprise, so the DNS servers pointed to are generally the same.
So here comes the question: Can different network segments point to the same gateway? For example, can the network segments beginning with 10 and 20 point to the same gateway? Definitely not, you can only go back to each [ scope option ] to configure the gateway individually. Right-click [ Scope Options ], and click [ Configuration Options ] in the drop-down list
Then check [ Router ], configure the gateway IP address
Now the problem comes again: Suppose the IT department does not want to use the DNS server 222.146.129.80, but wants to use the server 114.114.114.114 for DNS. then what should we do? Then configure [ Scope Options
] separately in the scope of the network segment where the IT department is located , right-click [ Scope Options ], click [ Configuration Options ] in the drop-down list , and then scroll down to find [ DNS Server ] and tick Select, configure the IP as 114.114.114.114, then [ Add ], click [ OK ]
You can see the [ Scope Options ] of the IT department and change it to 114.114.114.114
In other words, if my [ Scope Options ] is not configured, I will directly use the configured [ Server Options ], if my [ Scope Options ] is configured, then I will use my own instead of [ Server Options ] configured. The summary is:[ Scope Options ] has higher priority than [ Server Options ]
Nine, DHCP backup
In enterprise work, it is often unavoidable to configure multiple address pools on DHCP. The configuration parameters in each are different, and the configuration workload is relatively large. If one day the server suddenly breaks down, then we have to reconfigure all address pools, which will be very troublesome. So we can back up the DHCP server. If there is a problem with the server, if you want to fix it, just restore the original backup.
The steps to make a backup are as follows:
1. Right-click the server name, and click [ Backup ] in the drop-down list
- In the [ Browse Folder ] window, select the specified directory to store the backup data. If not, you can also click [ New Folder ] to create a directory, and then click [ OK ]
- Open the corresponding directory and you can see that it has been backed up.
- Right-click [ Scope ], click [ Delete ] in the drop-down list , and then click [ Yes ], click [ Yes ] to delete the scope just configured
- After deletion, as shown in the figure below, the scope is gone
- Right-click the server name, and click [ Restore ] in the drop-down list
- In the folder window, select the directory where the data was backed up just now, and then click [ OK ], click [ Yes ] to start restoring
- You can see that it has been restored, and all configurations are intact
