With a DHCP server running Windows Server 2012,
administrators can define an address assignment policy at the server
level or scope level. A policy contains a set of conditions to evaluate
when processing client requests. Policy based assignment enables
flexibility for some common scenarios, including:
-
Multiple device types: A network includes
many different DHCP client devices, such as printers, IP phones, and
desktops. Administrators need the ability to classify these devices
using different IP address ranges. This enables router policies and
quality of service (QoS) based on IP address range policies to control
network access or traffic. For example, you can add a vendor class of
“Hewlett-Packard JetDirect” or Cisco Systems, Inc. IP Phone CP-7940G and
configure printer and IP-phone policies to assign a specific IP address
range to these devices.
-
Multiple roles: A network includes
different types of computers, such as laptops, desktops, and servers in
the same subnet. Depending on the type of client, the administrator
might wish to provide different lease duration settings. All the
wireless clients that connect via a specific relay agent can be assigned
a four-hour lease duration. DNS dynamic update protocol can be disabled
for clients matching this policy. Similarly, a server policy can be
created using a list of server MAC addresses. Servers can be assigned a
12-day lease duration
-
Virtualization: A data center network
employs virtualization for different workloads and applications. Virtual
machines are added and removed dynamically depending upon load
requirements at a given time. An administrator wishing to route traffic
on the network differently for VMs can create a policy based on MAC
address prefix to assign a short lease duration, specific IP address
range, and different default gateway.
-
Vendor Class
-
User Class
-
MAC address
-
Client Identifier
-
Relay Agent Information
Policy settings can be of three types.
-
IP address range: The IP address range
within a scope from which to assign an IP address to a client. A server
level policy cannot have a setting for an IP address range.
-
Standard DHCP options: One or more
standard DHCP options to send to a client in the response based on the
options requested by the client in the parameter request list.
-
Vendor specific DHCP options: One or more vendor specific DHCP options to send to the client based on the vendor class field in the client request.
The DHCP server determines the scope to which a DHCP
client belongs based on the gateway IP address of the relay agent or the
interface of the DHCP server on which it receives the DHCP client
packet. Once the server determines the client scope, the server
evaluates the DHCP packet against the policies applicable for the scope
in the processing order specified. The policies applicable at a scope
are those configured at the scope and those inherited from the server. A
single client request can match multiple policies.
If a client request matches the conditions of a policy for which a specific IP address range is associated, the server will assign the first free IP address from the range as determined by the rule. If a policy is associated with multiple address ranges, the server will assign IP addresses by first attempting to assign an IP from the lowest address range. If no IP addresses are available to use from the lower address range, the server will then look for a free IP address from the higher address ranges. If no IP addresses are free from any of the address ranges associated with the policy, the server will process the next matched policy as defined by the processing order.
If none of the matched policies has a free IP address, the server will drop the client packet and log an event. If a DHCP client packet does not match any of the policies applicable for the scope, or none of the matched policies for a client packet is associated with an IP address range, the server will lease the client an IP address from the IP address range configured for the scope exclusive of any policy-specific IP address ranges.
If a client request matches the conditions of a policy for which a specific IP address range is associated, the server will assign the first free IP address from the range as determined by the rule. If a policy is associated with multiple address ranges, the server will assign IP addresses by first attempting to assign an IP from the lowest address range. If no IP addresses are available to use from the lower address range, the server will then look for a free IP address from the higher address ranges. If no IP addresses are free from any of the address ranges associated with the policy, the server will process the next matched policy as defined by the processing order.
If none of the matched policies has a free IP address, the server will drop the client packet and log an event. If a DHCP client packet does not match any of the policies applicable for the scope, or none of the matched policies for a client packet is associated with an IP address range, the server will lease the client an IP address from the IP address range configured for the scope exclusive of any policy-specific IP address ranges.
A DHCP client uses the parameter request list field in a
DHCP packet to request a list of standard options from the server. The
option assignment processing for a client is similar to that of IP
address assignment. The DHCP server evaluates the fields in the client
request against each policy applicable for the scope in the processing
order specified. If the client request matches the conditions of any of
the policies applicable for the scope, and its settings include specific
options, the server returns these options to the client. If multiple
policies match the client request, the server returns the sum of the
options specified for each of the matched policies. The DHCP server
sends vendor class options to the client based on the vendor class
contained in the DHCP client request.
This test lab demonstrates new DHCP functionality in Windows
Server 2012. One server computer and two client computers are used. See
the following figure.
One server computer and two client computers are required to complete the test lab.
The following are required components of the test lab:
The following are required components of the test lab:
-
The product disc or other installation media for Windows Server 2012.
-
One computer that meets the minimum hardware requirements for Windows Server 2012.
-
At least one DHCP client computer is required.
Note The lab uses two computers running Windows® 8. If only one client computer is available, or clients are not running Windows 8, you must alter some of the procedures in the test lab accordingly.
The following procedures are used to configure computers for the demonstration portion of the test lab:
-
Configure DHCP1: DHCP1 is a domain controller, DNS server, and DHCP server for the contoso.com Active Directory domain.
-
Configure Client1: Client1 is a DHCP client computer.
-
Configure Client2: Client2 is a DHCP client computer.
DHCP1 is a computer running Windows Server 2012, providing the following services:
-
A domain controller for the contoso.com Active Directory domain.
-
An authoritative DNS server for the contoso.com DNS zone.
-
A DHCP server.
-
Install the operating system and configure TCP/IP on DHCP1
-
Install AD DS, DNS Server, and DHCP Server
-
Create a domain administrator account
-
Create a DHCP scope on DHCP1
-
Start your computer using the Windows Server 2012 product disc or other digital media.
-
When prompted, enter a product key, accept license
terms, configure clock, language, and regional settings, and provide a
password for the local Administrator account.
-
Press Ctrl+Alt+Delete and sign-in using the local Administrator account.
-
If you are prompted to enable Windows Error Reporting, click Accept.
-
Click Start, type ncpa.cpl, and then press ENTER. The Network Connections control panel will open.
Tip The previous step demonstrates new functionality in Windows Server 2012 that enables you to search and run applications, settings, and files by clicking Start and then typing a search term. You can also open the Network Connections control panel by clicking next to Wired Ethernet Connection in Server Manager using the Local Server view. For more information, see Common Management Tasks and Navigation in Windows Server 2012 (http://go.microsoft.com/fwlink/p/?LinkId=242147).
-
In Network Connections, right-click Wired Ethernet Connection and then click Properties.
-
Double-click Internet Protocol Version 4 (TCP/IPv4).
-
On the General tab, choose Use the following IP address.
-
Next to IP address type 10.0.0.1 and next to Subnet mask type 255.255.255.0. It is not necessary to provide an entry next to Default gateway.
-
Next to Preferred DNS server, type 10.0.0.1.
-
Click OK twice, and then close the Network Connections control panel.
DHCP1 will serve as a domain controller, DNS server, and DHCP server for the contoso.com Active Directory domain.
-
The Server Manager Dashboard is displayed by default. In the navigation pane, click Configure this local server.
-
Under PROPERTIES, click the name next to Computer name. The System Properties dialog box will open.
-
On the Computer Name tab, click Change and then type DHCP1 under Computer name.
-
Click OK twice, and then click Close.
-
When you are prompted to restart the computer, click Restart Now.
-
After restarting the computer, sign-in using the local Administrator account.
-
In Server Manager, under Configure this local server, click Add Roles and Features.
-
In the Add Roles and Features Wizard, click Next three times, and then on the Select server roles page select the Active Directory Domain Services checkbox.
-
When you are prompted to add required features, click Add Features.
-
Select the DHCP Server checkbox.
-
When you are prompted to add required features, click Add Features.
-
Select the DNS Server checkbox.
-
When you are prompted to add required features, click Add Features.
-
Click Next five times, and then click Install.
-
Wait for the installation process to complete, verify on the Installation progress page that Configuration required. Installation succeeded on DHCP1 is displayed, and then click Close.
-
Click the Notification flag and then click Promote this server to a domain controller. See the following example.
-
In the Active Directory Domain Services Configuration Wizard, on the Deployment Configuration page, choose Add a new forest and then next to Root domain name, type contoso.com.
-
Click Next, and then on the Domain Controller Options page, under Type the Directory Services Restore Mode (DSRM) password, type a password next to Password and Confirm password. Confirm that Domain Name System (DNS) server and Global Catalog (GC) are selected, and then click Next.
-
Click Next four times, verify that All prerequisite checks passed successfully is displayed, and then click Install.
-
The computer will restart automatically to complete the installation process.
-
Sign in using the local Administrator account.
A domain administrator account is required to configure settings in the test lab.
Tip |
---|
You can use the CONTOSO\Administrator account in this test lab and skip creation of a domain administrator account if desired. This account has domain administrator privileges, and other privileges. However, it is a best practice to disable or rename this account. For more information, see Active Directory Best Practices(http://go.microsoft.com/fwlink/p/?LinkID=243071). |
-
On the Server Manager menu bar, click Tools, and then click Active Directory Users and Computers.
-
In the Active Directory Users and Computers console tree, double-click contoso.com, right-click Users, point to New, and then click User.
-
In the New Object – User dialog box, type user1 under User logon name and next to Full name, then click Next.
-
Next to Password and Confirm password, type a password for the user1 account.
-
Clear the checkbox next to User must change password at next logon, select the Password never expires checkbox, click Next, and then click Finish.
-
Double-click user1 and then click the Member Of tab.
-
Click Add, type domain admins under Enter the object names to select, click OK twice, and then close the Active Directory Users and Computers console.
-
Click Start, click Administrator, and then click Sign out.
-
Sign in to the computer using the user1 credentials by clicking the left arrow next to CONTOSO\Administrator and then clicking Other user.
Next, create a DHCP scope on DHCP1.
-
On the Server Manager menu bar, click Tools and then click DHCP. THE DHCP console opens.
-
In the DHCP console tree, navigate to IPv4. Right-click IPv4 and then click New Scope. The New Scope Wizard opens.
-
Click Next and then type a name for the new scope next to Name (ex: Contoso-scope1).
-
Click Next and then in IP Address Range, type 10.0.0.1 next to Start IP address, type 10.0.0.254 next to End IP address, and type 24 next to Length. The value of Subnet mask will change automatically to 255.255.255.0.
-
Click Next, and then in Add Exclusions and Delay type 10.0.0.1 under Start IP address, type 10.0.0.10 under End IP address, and then click Add. This allows the first ten IP addresses in the 10.0.0.0/24 subnet to be used for static addressing of servers on the network.
-
Click Next and then in Lease Duration under Limited to enter 0 Days, 0 Hours, and 2 Minutes. This very short lease duration will simplify the DHCP demonstration.
-
Click Next three times, and then in Domain Name and DNS Servers, verify that the Parent domain is contoso.com and 10.0.0.1 is listed as the only DNS server.
-
Click Next twice, and then in Activate Scope select Yes, I want to activate this scope now.
-
Click Next, and then click Finish.
-
In the DHCP console tree, right-click dhcp1.contoso.com, and then click Authorize.
-
Refresh the view in the DHCP console and verify that DHCP1 is authorized and that the Contoso-scope1 is active.
Note: To review scopes on the current server using Windows PowerShell, right-click Windows PowerShell, click Run as Administrator, click Yes in the User Account Control alert that appears, and then type the following command at the Windows PowerShell prompt, and then press ENTER.
get-dhcpserverv4scope
PS C:\Windows\system32> get-dhcpserverv4scope ScopeId SubnetMask Name State StartRange EndRange LeaseDuration ------- ---------- ---- ----- ---------- -------- ------------- 10.0.0.0 255.255.255.0 Contoso-scope1 Active 10.0.0.1 10.0.0.254 00:02:00
Client1 is a computer running Windows® 8 that is acting as a DHCP client.
Configuration of Client1 consists of the following steps:
During the demonstration portion of the test lab, Client1 will be used as a DHCP client.
Configuration of Client1 consists of the following steps:
During the demonstration portion of the test lab, Client1 will be used as a DHCP client.
-
Start your computer using the Windows 8 product disc or other digital media.
-
When prompted, enter a product key and accept license terms.
-
When prompted to enter a computer name, type Client1 and click Next.
-
Click Use express settings.
-
On the Sign in to your PC page, click Don’t want to sign in with a Microsoft account and then click Local account.
-
Next to User name, type user1, enter a password and password hint, and then click Finish.
The DHCP failover demonstration on Client1 makes use of
Windows PowerShell to verify DHCP lease information. To make Windows
PowerShell more easily accessible, it will be pinned to the taskbar.
-
The Start menu is displayed by default. If Start is not displayed, move the mouse cursor to the lower left corner of the screen until Start is displayed, and then click Start.
-
Type powershell and then under Results for “powershell” right-click Windows PowerShell and then click Pin to taskbar.Confirm that Windows PowerShell is pinned to the taskbar.
Note |
---|
Client1 can also be joined to the contoso.com domain; however this is not required to complete the test lab. |
Client2 is a computer running Windows 8 that is acting as a DHCP client.
Configuration of Client2 is nearly identical to Client1. To configure Client2, repeat the identical procedures used to configure Client1, except when you enter a computer name, type Client2 instead of Client1.
Configuration of Client2 is nearly identical to Client1. To configure Client2, repeat the identical procedures used to configure Client1, except when you enter a computer name, type Client2 instead of Client1.
For the DHCP policy based assignment demonstration portion of
the test lab, a MAC address based policy will be configured to assign
unique DHCP options and IP address ranges to Client1 and Client2.
A demonstration of DHCP policy based assignment on Windows Server 2012 consists of the following procedures:
A demonstration of DHCP policy based assignment on Windows Server 2012 consists of the following procedures:
Unique MAC addresses on Client1 and Client2 will be used to match different DHCP policies.
-
On DHCP1, open the DHCP console and navigate to IPv4\Scope [10.0.0.0] Contoso-scope1\Address Leases.
-
Click Address Leases and then in the details pane write down the MAC addresses listed for Client1 and Client2 under Unique ID.
The DHCP Policy Configuration Wizard will be used to create
a unique policy for Client1 and another policy for Client2. A policy
configured for an individual computer is not typical and is only
configured for demonstration purposes. On a corporate network, you can
us wildcards and other conditions to match multiple DHCP client devices.
-
Right-click Policies and then click New Policy.
-
Next to Policy Name, type Client1 Policy, and then click Next.
-
On the Configure Conditions for the policy page, click Add.
-
In the Add/Edit Condition dialog box, choose MAC Address next to Criteria, type the MAC address for Client1 next to Value (001DB7A63D in this example), and then click OK.
-
Click Next, and then in Configure settings for the policy, type 10.0.0.100 next to Start IP address and type 10.0.0.199 next to End IP address.
-
Click Next, and then under Available Options, select 003 Router, type 10.0.0.7 under IP address, and click Add.
-
Click Next, and then click Finish.
-
Repeat the previous steps for Client2 using the following conditions, IP address ranges, and options:
-
Policy Name: Client2 Policy
-
Condition: MAC Address equals (in this example) 00155DB7A63E.
-
Start IP address: 10.0.0.200
-
End IP address: 10.0.0.254
-
003 Router: 10.0.0.8
-
Policy Name: Client2 Policy
Next, review the effect that these policies have on the IP address configuration of Client1 and Client2.
-
In the details pane, under Policy Name, right-click one of the two policies you just created.
-
Note that you can move the policy up or down in the processing order, delete the policy, or disable the policy.
-
Click Properties.
-
Review the available parameters that you can edit on the General, Conditions, IP Address Range, Options, and DNS tabs.
-
Click OK, and then on Client1 type ipconfig /all at the Windows PowerShell prompt.
-
Client1 has been assigned the first IP address in the
10.0.0.100 – 10.0.0.199 range, and a default gateway of 10.0.0.7, as
determined by the policy based assignment.
Repeat the previous step on Client2.
-
Client2 has been assigned the first IP address in the 10.0.0.200 – 10.0.0.254 range, and a default gateway of 10.0.0.8.
0 comments:
Post a Comment