Documente Academic
Documente Profesional
Documente Cultură
Press Finish
Using the 80/20 Rule for Servers and Scopes
To provide fault tolerance for the DHCP service within a given subnet, you can configure two
DHCP servers to assign addresses on the same subnet. Here if one server fails then the other can
take over. For balancing DHCP server use in this case, a good practice is to use the 80/20 rule to
divide the scope addresses between the two DHCP servers. Server 1 is configured to assign 80%
of the total addresses and server 2 is assigned the other 20%. Both servers have the same IP
range but exclude each others portion of that range.
Configure the First Scope
Open the DHCP Management Console from Administrative Tools
The console with nothing configured, you should create a scope before you authorize the server.
Give the scope a relevant name, perhaps an indication of the location or purpose of the scope.
The IP Address range is important, dont use too many address in one scope when those extra
addresses can be used somewhere else. If you only need one scope and you have less that 254
computers and network components then use the 192.168.x.y range with a Length of 24. With
this configuration every separate subnet will increment the value of x. Example: 192.168.0.254 is
the last IP address of the first subnet and 192.168.1.1 is the first IP address of the next subnet.
Once the IP range has been configured press Next
Here you can decide what IP address that are within the scope are not to be used for DHCP
clients. The common standard as I know it is to use the first IP address for the Router or Default
Gateway of the subnet. The next 10 or 20 IP Addresses are to be used for any Servers that you
have on the subnet, although not necessary Domain Controllers, DNS servers, etc should use
static IP addresses and hence these addresses should be excluded or not included within the
DHCP scope. #
The lease duration is the length of time that a computer can use the IP address that it was
assigned from the DHCP server. Unless you have a specific reason to change it just leave it as it
is.
Select Yes and press next.
Add the IP address of the subnets router (Default Gateway). Dont use more than one.
Add the IP addresses of the DNS servers to be used by the DHCP clients. DNS servers do not
have to be on the same subnet, they clients will attempt to contact the servers in the order that
they are appear in this list. If you have a dns server on the local subnet then put that at the top.
Much the same as DNS servers but used for pre-windows 2000 name resolution. Do not
configure if you have no Windows 9x/ME clients
Unless you have a reason not to, Select Yes and press next
Press Finish
The scope is shown and further configuration is possible from this window
Only Domain Controllers and Domain member servers can be authorized in Active Directory.
Stand-alone DHCP servers or workgroup DHCP servers running windows 2000 or 2003 cannot
be authorized in Active Directory but can coexist on the network as long as they are not
deployed on the same subnet as an authorized DHCP server.
All working now.
Further Reservation options that are independent of the scope options can be configured here.
Reservation Complete.
Troubleshooting DHCP
Address Conflicts
If a client has been assigned an address that is already in use, a warning will appear in the system
tray. The system log will also shown address conflict info.
This conflict can be a sign of a DHCP scope error or rogue DHCP Server. The windows support
tools includes dhcploc.exe which can be used to locate rogue DHCP servers. The Conflict
Detection option from the DHCP server properties can be used to detect scope conflicts.
The shutdown /I command can be used to shutdown remote computers.
Using the Repair Button
Clicking the Repair button on the Support Tab of the Status dialog box performs the following
actions:
1 – Broadcasts a DHCP request message to renew the current DHCP lease. Similar to the
ipconfig /renew function except that ipconfig function sends the request by unicast – to the
DHCP servers IP address - whereas the repair function uses a broadcast.
2 – Flush the ARP cache, similar to the arp –d * command.
3 – Flush the NetBIOS cache. Similar to the nbtstat –R command.
4 – Flush the DNS cache similar to the ipconfig /flushdns command.
5 – Register the client’s NetBIOS name and IP address with a WINS server, similar to the nbtstat
–RR command.
6 – reregister the client’s computer name and IP address with DNS, similar to the
ipconfig /registerdns command.
Failure to obtain a DHCP address
If the client has assigned itself an APIPA or alternate configuration address, the ipconfig /renew
command or repair function can be used to correct the problem. If the problem exists then this
indicates a problem connecting to the DHCP server or DHCP agent. Verifying the configuration
of the DHCP server and agent.
The netsh dhcp show server command will show the names and addresses of all DHCP servers in
Active Directory.
Verifying the TCP/IP installation and network hardware can be done by the ping localhost
command, if this command returns a reply these two components are working. Pinging other
hosts will verify network cables and switches etc.
Address Obtained from Incorrect Scope
DHCP request messages contain a field named Giaddr that informs the DHCP server of the
originating subnet of the request. When the field is empty, the client is assigned an address from
the local scope. When the Giaddr field contains an address the DHCP server will assign an
address that is on the same subnet.
Verifying the Scope Configuration
First, verify that the scope is activated and make sure that the address range for the scope has
been properly configured. For scopes that assign addresses for the server’s local subnet, ensure
that the network id of the scope is the same as the local subnet, especially if the subnet id is not
the usual /8 /16 /24. As an alternative, you can accommodate more computers within your
current available address space simply by decreasing the lease duration in the scope properties.
When the lease duration is shortened, computers that are shutdown, or removed from the
network, do not keep their addresses for long and hence the address can be available for other
hosts.
Next, check the exclusions for any static IP’s that might not be included. Move on to reservations
and check that a reservation is not excluded, also check that the reserved address is within the
scope. Also check the MAC address entry is correct. For network that use multiple DHCP
servers, check that each server does not use address on the other servers.
Reconciling the DHCP Database
If you detect that DHCP database info is missing or inconsistent, you can attempt to resolve the
problem by reconciling DHCP data for all or any scopes.
Scope IP lease info is stored in two forms by the DHCP server service:
1 – Detailed IP address lease info, stored in the DHCP database
2 – Summary IP address lease info, stored in the DHCP database
When the reconciling scopes, the detail and summary entries are compared to find
inconsistencies.
In this process, the DHCP server either returns the addresses in question to their original owners
or creates a temporary reservation for these addresses. These reservations are valid for the lease
time assigned to the scope. When the lease time expires, the addresses are recovered for future
use.
Subnetting
What is Subnetting
Subnetting refers to the practice of logically dividing a network address space by extending the
string of 1 – bits used in the subnet mask of a network.
For Example, when the default subnet mask of 255.255.0.0 is used for hosts within the Class B
network of 131.107.0.0, the IP address 131.107.0.1 and 131.107.255.254 are found on the same
subnet, and these hosts communicate with each other by means of a broadcast. However if the
subnet mask is extended to 255.255.255.0 the two IP address are then placed on different
subnets. In order to communicate a default gateway must be used.
This process decreases the size of the broadcast domain, but reduces the number of hosts allowed
per network subnet.
Subnetting also increases security by restricting network traffic behind routers.
Restricting Broadcast Traffic
A broadcast is a network message sent from a single host and distributed to all other network
devices on the same physical network segment. Broadcasts use network bandwidth and every
host that receives it must determine if it is destined for them and reply if necessary.
Routers block broadcasts.
Determining Host Capacity for Networks
For any specific network address, you can determine the quantity of host addresses available
within that network by raising 2 to the number of bits used for the Host ID, and then subtracting
2. The network address 192.168.0.0./24 uses 8 bits for the host, therefore the number of hosts
available is 2^8 – 2 = 254.
Excluding All 0’s and All 1’s Host ID’s
The value 2^x gives the total number of bit combinations for a binary number of x bits. 2^3
gives:
000 = 0
001 = 1
010 = 2
011 = 3
100 = 4
101 = 5
110 = 6
111 = 7
Not all combinations can be used, The All 0’s host ID is used for the local subnet. The All 1’s
host ID is used for the broadcast address, hence when calculating the number of available hosts
on a network you must subtract these 2.
Determining Subnet Capacity
When the string of 1’s in the subnet mask is extended beyond the default to create multiple
subnets within an address space, The Host ID is shortened. And a new address space for the
subnet ID’s is created.
To determine the number of subnets available within an address space, simply calculate the value
of 2^y, where y is the number of bits in the Subnet ID. For Example, when the network address
space 172.16.0.0/16 is subnetted to /24, 8 bits are left for the subnet ID. Therefore the number of
available subnets is 2^8 = 256. you do not have to subtract 2 because modern routers including
MS RRAS can accept subnets made up of all 1’s or 0’s.
Hosts per Subnet
The number of hosts available on a subnet is 2^x – 2. To calculate the number of hosts available
to the entire subnetted network, simply multiply the number of hosts per subnet by the number of
subnets.
Subnet Examples
The subnet mask does not need to be extended by a full octet. For the address space 10.0.0.0/12,
the default subnet mask is 255.0.0.0 but it has been extended by 4 bits. Thus 4 bits have been
borrowed from the Host ID and given to the Subnet ID.
Network ID Subnet ID Host ID
8 Bits 4 Bits 20 Bits
00001010 0000 0000 00000000
Number of subnets Number of Hosts per Subnet Total number
of Hosts
2^4 = 32 2^20 – 2 = 1048574 32 * 1048574 =
33554368
The range of IP address available in the first subnet is 10.0.0.1 – 10.15.255.254
Estimating Subnet Address Ranges
You can estimate the IP range in each subnet by subtracting from 256 the value of the relevant
octet in the subnet mask. For Example, for a Class C network such as 207.209.68.0 with a subnet
mask of 255.255.255.192, subtracting 192 from 256 results in a value of 64. Hence the network’s
subnet ranges are grouped in segments of 64 hosts. The first subnet range would then be
207.209.68.0 – 207.209.68.63.
For the Class B network 131.107.0.0 with a subnet mask of 255.255.240.0, subtracting 240 from
256 gives 16. Hence the subnets are grouped into segments of 16. Therefore the subnet addresses
ranges reveal groupings of 16 in the third octet. The fourth octet still ranges as normal from 0 –
255, giving the first IP range as: 131.107.0.0 – 131.107.15.255.
Remember that hosts cannot be assigned an all 1’s or all 0’s address so those addresses of each
subnet cannot be assigned.
Supernetting
Summarizing Routes Through Supernetting
To prevent depletion of higher-class network ID’s, the Internet Authority devised a scheme
called Supernetting, which allows many networks (routes) to be grouped together (or
summarized) in a single larger network.
For Example, suppose an organization needs to accommodate 2000 hosts. This number is too
large for a Class C network ID. A Class B network can be used but there will be 63,534 unused
addresses. Supernetting allows the organization to be assigned a block of Class C addresses that
can be treated as a single network somewhere between a Class C and Class B address.
How Supernetting Works
Supernetting borrows bits from the network ID and masks them as part of the Host ID. Suppose
you had a block of Class C addresses ranging from 207.46.168.0 to 207.46.175.0, by assigning a
subnet mask of /21 instead of the default /24 to your routers and hosts results with your entire
network being seen as a single network segment, because now that the Network ID has been
shortened, the network ID of each host is now seen as being identical.
Below is a supernetted block of Class C addresses
Class C Networks Supernet ID Host ID
21 bits 11 bits
207.46.168.0 11001111 00101110 10101 000 00000000
207.46.169.0 11001111 00101110 10101 001 00000000
207.46.170.0 11001111 00101110 10101 010 00000000
207.46.171.0 11001111 00101110 10101 011 00000000
207.46.172.0 11001111 00101110 10101 100 00000000
207.46.173.0 11001111 00101110 10101 101 00000000
207.46.174.0 11001111 00101110 10101 110 00000000
207.46.175.0 11001111 00101110 10101 111 00000000
Subnet Mask
255.255.248.0 11111111 11111111 11111 000 00000000