Contents

Overview 1
Introducing DHCP 2
Designing a Functional DHCP Solution 8
Securing a DHCP Solution 18
Enhancing a DHCP Design for Availability 23
Enhancing a DHCP Design for
Performance 28
Lab A: Designing a DHCP Solution 32
Review 40 Module 3: DHCP as a
Solution for IP
Configuration
Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.


Lead Product Manager, Development Services: Bo Galford
Lead Product Manager: Ken Rosen
Group Product Manager: Robert Stewart

Other product and company names mentioned herein may be the trademarks of their respective
owners.
Module 3: DHCP as a Solution for IP Configuration iii Instructor Notes
This module provides students with the information and decision-making
experiences needed to design an Internet Protocol (IP) configuration service by
using the DHCP service in Microsoft® Windows® 2000. Students will evaluate
and create DHCP solutions to support the IP configuration requirements of an
organization.
At the end of this module, students will be able to:
 Recognize DHCP as a solution for the IP configuration needs of an
organization.
 Evaluate and create a DHCP solution for nonrouted networks, routed
networks, and various client types.
 Select the appropriate strategies to secure a DHCP solution.
 Select the appropriate strategies to enhance the availability of a DHCP
design.
 Select the appropriate strategies to enhance the performance of a DHCP
design.

Upon completion of the lab, students will be able to analyze and design a

 Understand how and why to create user or vendor options within DHCP
scopes.
 Review the discussion material and be prepared to lead class discussions on
the topics.
 Complete the lab and be prepared to elaborate beyond the solutions found
there.
 Read the review questions and be prepared to elaborate beyond the answers
provided in the text.
Module Strategy
Use the following strategy to present this module.
 Introducing DHCP
The DHCP service in Windows 2000 provides an automated and centrally
managed Transmission Control Protocol/Internet Protocol (TCP/IP)
configuration scheme. For IP configuration management, a DHCP solution
provides automation for hosts on single or multiple subnets.
In this section:
• Explain that the network designer needs to determine the host
population, the subnet configuration, and the network topology. This
information provides the basis for defining the subnets and the options
for the DHCP Client.
• Emphasize the message-driven protocol of requests and responses
between the DHCP Server and the DHCP Client. Explain that Scopes,
Superscopes, and TCP/IP options are the three management features
supported by DHCP.
• Make sure the students understand that DHCP Server and DHCP Client,
with capital S and capital C, respectively, are used throughout the
module to indicate a server or client running the DHCP Server service in
Windows 2000 or a Microsoft Windows–based DHCP Client.
• Point out that, to extend service capabilities and reduce network
management, the DHCP service integrates with other Windows 2000

™
directory
service. Describe how to use Windows 2000 groups to provide either
administrative or read-only access to DHCP configuration information.
• Describe the problems that are caused by the use of unauthorized DHCP
Servers in a network. Point out that the exclusive use of Windows 2000–
based DHCP Servers, and the authorization of the DHCP Servers in
Active Directory, prevents the use of unauthorized DHCP Servers in the
network.
• Emphasize that there are risks of unauthorized access when using the
DHCP service in screened subnets. Describe the methods available to
deal with these risks.
 Enhancing a DHCP Design for Availability
A highly available DHCP solution ensures that the DHCP service is
available whenever required.
In this section:
• Describe the use of distributed scopes to provide DHCP Server
redundancy, and to share the DHCP Client load.
• Describe how the use of Windows Clustering increases the availability
of an individual DHCP Server. Point out that the benefits that are
achieved by using Windows Clustering must be weighed against the
additional hardware requirements.
• Make sure students understand the illustration, scenario description, and
directions for the Discussion. Direct them to read through the scenario
and answer the questions. Be prepared to clarify if necessary. Lead a
class discussion on the students’ responses.
 Enhancing a DHCP Design for Performance
The performance of the DHCP service can be optimized to provide the
fastest possible response to DHCP Client requests.
In this section:

 Allow some time to discuss the solutions after the lab is completed. A
solution is provided on the Instructor CD to help you review the lab results.
Encourage students to critique each other’s solutions and to discuss any
ideas for improving their designs. Module 3: DHCP as a Solution for IP Configuration 1 Overview
 Introducing DHCP
 Designing a Functional DHCP Solution
 Securing a DHCP Solution
 Enhancing a DHCP Design for Availability
 Enhancing a DHCP Design for PerformanceThe increasing complexity of network infrastructures demonstrates the need for
an automated and centrally managed Internet Protocol (IP) configuration
scheme. The DHCP service in Microsoft
® Windows® 2000 provides an
automated IP addressing service and centralized management of Transmission
Control Protocol/Internet Protocol (TCP/IP) configuration parameters.
At the end of this module, you will be able to:
 Recognize DHCP as a solution for the IP configuration needs of an
organization.
 Evaluate and create a DHCP solution for nonrouted networks, routed
networks, and various client types.
 Select the appropriate strategies to secure a DHCP solution.
 Select the appropriate strategies to improve the availability of a DHCP

The Dynamic Host Configuration Protocol (DHCP) is a message-driven
protocol that allows hosts on the network to acquire an IP address and TCP/IP
client option information from a DHCP server. There are two components to
DHCP in Windows 2000, a DHCP Server service and a DHCP Client.

DHCP Server and DHCP Client, with capital S and capital C,
respectively, are used throughout the module to indicate a server or client
running the DHCP Server service in Windows 2000 or a Microsoft Windows–
based DHCP Client.

When designing a DHCP solution, the network designer must:
 Define the requirements for a DHCP solution for the network.
 Identify the features provided by DHCP and how these features support the
design requirements for the DHCP solution.
 Identify the benefits of integration between DHCP and other Windows 2000
services.

Slide Objective
To introduce DHCP as a
solution for IP configuration.
Lead-in
The DHCP service provides
TCP/IP configuration
management to hosts on an
IP network segment or
group of segments.
Emphasize that DHCP is a
message-driven protocol of
requests and responses
between the DHCP Client

To introduce the decisions
required in a DHCP solution.
Lead-in
To design a DHCP solution,
you must determine the
number of hosts, the
number of subnets, and the
configuration of the network.
4 Module 3: DHCP as a Solution for IP Configuration
DHCP Features
 RFC Compliance
 Scopes
 Superscopes
 TCP/IP Options
 DNS Integration
 Active Directory Integration
 Microsoft’s Vendor-Specific Options
 Microsoft Support for Multicast IP Address AllocationTo design an effective DHCP service infrastructure, you must understand the
features of the DHCP service and how these features solve the IP configuration
requirements of an organization.
RFC Compliance
The DHCP service in Windows 2000 complies with RFCs 951, 2131, and 2132.
The three primary management features that DHCP supports are:
 Scopes. A range of IP address that are offered on any particular subnet.

these features support the
IP configuration
requirements of an
organization.
For Your Information
The IETF draft cited in the
student notes is subject to
change. Refer to the IETF
documents to ensure that
the latest revision is
communicated to the
students.
Note
Module 3: DHCP as a Solution for IP Configuration 5 Microsoft’s Vendor-Specific Options
In addition to RFC 2131-compliant DHCP options, Microsoft supports several
vendor-specific options. Defined in RFC 2132, these vendor options in the
DHCP service in Windows 2000 include:
 Disable NetBIOS over TCP/IP (NetBT). Used to enable or disable NetBT
on Windows 2000 DHCP Clients. Earlier Windows clients require NetBT;
therefore, they do not support this option.
 Release DHCP lease on shutdown. Used to control whether DHCP Server–
enabled computers send a release for their current DHCP lease to the DHCP
Server when the computer shuts down.
 Default Router Metric base. If set, the DHCP client uses the value
configured here as the base metric for its default gateways.
IP Address
Server Authorization
Name Registration
DHCP
Server
Active
Directory
Routing
and Remote
Access Server
 Routing and Remote Access
 DNS
 Active DirectoryTo extend service capabilities and reduce network management, the DHCP
service integrates with other Windows 2000 networking services.
Routing and Remote Access Integration
The integration of Routing and Remote Access and DHCP allows a remote
access server to obtain IP address leases from DHCP. These address leases are
then assigned to remote access clients connecting to the server. Upon
initialization, the remote access server contacts the DHCP Server and requests
IP addresses—one used internally and ten for issue to clients. As the number of
simultaneous remote access clients increases, the server requests additional IP
addresses from the DHCP Server in blocks of ten.
If the remote access server is configured to use the DHCP Relay Agent, all
DHCP configuration information is provided to the remote access clients. If the
DHCP Relay Agent is not configured on the remote access server, the remote
access clients receive only the IP address and subnet mask provided by the
DHCP Server.

be authorized within Active Directory. Non-authorized Windows 2000–based
DHCP Servers will not start, which eliminates the potential for disruption of IP
address leases on a network.

The authorization of DHCP servers in Active Directory functions only
with Windows 2000–based DHCP Servers. At least one DHCP Server must be
installed on an Active Directory domain controller, or server, to allow
authorization to work.

Note
8 Module 3: DHCP as a Solution for IP Configuration


 Designing a Functional DHCP Solution
 Designing a DHCP Service for a LAN
 Designing a DHCP Service for a Routed Network
 Providing DHCP Service to Non-Microsoft Hosts
 Discussion: Evaluating DHCP Functional Requirements You can design an IP configuration service by using DHCP to support various
types of hosts in simple, routed, and dial-up networks. You can design the
DHCP service to integrate with other Windows 2000 services, such as DNS, to
simplify the name registration of hosts that have dynamically allocated IP
addresses.
Slide Objective
To describe the various host

Options
“Portable”
Reserved
Class
Scope
Global
“Desktop”
 Server Placement
 LAN TCP/IP OptionsA single DHCP Server can potentially support the DHCP service for several
thousand DHCP clients in a nonrouted local area network (LAN). Many small
to medium-sized LANs are built by using ISO layer 2 switches, thereby
allowing large client counts on a single logical subnet.

A DHCP service for switched environments with multiple broadcast
domains may require DHCP Relay Agents even though the network is not
routed.

Placement of DHCP Servers
With a single DHCP Server, DHCP Client requests are allocated from a single
scope. This single scope defines all addresses and TCP/IP options offered for
the LAN.
With multiple DHCP Servers, it is unknown which server will answer a DHCP
Client broadcast first. In this case, share the IP address range equally between
the DHCP scopes. For each server, define a superscope that includes all scopes
for the subnet. Scopes are enabled only in the server issuing IP addresses from
that scope.
Slide Objective

Designing a DHCP Service for a Routed Network
DHCP Client
DHCP
Client
With BOOTP
Forwarding
No BOOTP
Forwarding
DHCP
Relay Agent
DHCP
Server
Non-DHCP
Client
Subnet 1
Subnet 2
Subnet 3
DHCP
Clients
 DHCP Relay Agent
 DHCP Server Placement
Router RouterIn a routed network, the broadcast domains are restricted. As such, any DHCP
solution must allow the broadcast traffic from the DHCP Clients on the subnets
to reach a DHCP Server. Windows 2000 provides a DHCP Relay Agent to

Servers.
Caution
12 Module 3: DHCP as a Solution for IP Configuration
For a routed network, use DHCP Relay Agents on each subnet if:
 There is no DHCP Server with an interface on the subnet.
 There are computers available to use as DHCP Relay Agents.
 There are no routers that support DHCP/BOOTP forwarding.

You can design a solution that does not require DHCP Relay Agents
by turning on BOOTP/DHCP forwarding on the network routers. You can configure the DHCP Relay Agent to delay forwarding requests to a
DHCP Server so that local DHCP Servers can respond to the request. You can
also configure the DHCP Relay Agent to forward requests to multiple DHCP
Servers. To prevent multiple requests from flooding the DHCP Servers,
configure the forwarding delay if using multiple DHCP Relay Agents, or if
including relay agents on a subnet with a DHCP Server.
DHCP Server Placement
DHCP Servers need to be placed in a way that provides the best client
performance and service availability. The decision to use single or multiple
server solutions depends on the routing configuration, the network
configuration, and the server hardware architecture.
Single Server DHCP Solution
You must place a single server on the subnet with the largest client population.
All other subnets will use either DHCP Relay Agents, or have BOOTP/DHCP
forwarding activated on the routers. The following table lists the considerations

servers and subnets.
Network configuration Permits a DHCP Server at each location. This allows you
to service DHCP Clients locally if you have slower WAN
links, dial-up links, or a geographically dispersed
network.
Server hardware
architecture
Allows you to scale the design to support any number of
clients and subnets.

14 Module 3: DHCP as a Solution for IP Configuration
Providing DHCP Service to Non-Microsoft Hosts
 Non-Microsoft DHCP Clients
 BOOTP Clients
 Non-DHCP Clients
Non-DHCP
Client
DHCP
Server
Non-Microsoft
DHCP Client
Diskless
Workstation
BOOTP Client
DHCP Database
IP Address1
IP Address2

created IP address management problems.
Slide Objective
To describe how a DHCP
Server services non-
Microsoft hosts.
Lead-in
In a heterogeneous network,
you may have to support
non-Microsoft hosts that
require dynamic IP
addresses.
Key Points
Non-Microsoft clients may
require support for non-
mandatory features or for
vendor-specific options.

In previous implementations
of DHCP, you could not
reclaim reserved IP
addresses.
Note
Module 3: DHCP as a Solution for IP Configuration 15
The DHCP service in Windows 2000 supports RFC 951-compliant BOOTP
clients and can be configured to reclaim the IP addresses when you remove
clients from the network or turn them off. BOOTP clients are assigned dynamic
IP addresses from a pool of addresses designated specifically for BOOTP

Scenario
An organization has decided to restructure an existing network to include
DHCP services. You are assigned the task of evaluating how DHCP can
provide an automated solution for host IP configuration.
The current network configuration provides:
 Intranet access to all shared folders and Web-based applications at all
locations.
 Access to the Internet from all locations.
 Support for the existing infrastructure by using the manual allocation of host
IP addresses.
 DHCP/ BOOTP forwarding enabled on all routers.
 Support for a mission-critical Web-based application that requires 24-hours-
a-day, 7-days-a-week operation.
 Isolation of the organization’s network from the Internet by using a firewall
and proxy server.

Slide Objective
To evaluate the functional
requirements of a DHCP
solution.
Lead-in
To design a functional
DHCP solution, you must
decide how many servers
are needed, whether relay
agents are required, and
where to use scopes and
superscopes.
Delivery Tip
Read the scenario to the

scopes required for a DHCP solution?
a. One scope.
b. Three scopes.
c. Four scopes.
d. Five scopes.
The correct answers are b and c. There are four subnets that require
dynamic addressing, but students may note that Subnet B1 has no
DHCP clients on it.
4. Given the number of subnets, what is the minimum number of superscopes
required for a DHCP solution?
a. None.
b. One superscope.
c. Unknown, superscopes may be required for any subnet to extend address
ranges in the future.
d. None, superscopes will never be required.
The correct answer is c. It is unknown if any superscopes are required.
Future requirements may allocate non-contiguous address ranges to a
subnet, so it is possible that a superscope could be used.

18 Module 3: DHCP as a Solution for IP Configuration 

 Securing a DHCP Solution
 Securing the DHCP Service
 Preventing Unauthorized DHCP Servers
 Using DHCP in Screened Subnets
Windows 2000
DHCP
Server
DHCP
Server
ADSI
Authorized
List
 Authorize DHCP Servers in Active Directory
 Using Windows 2000 Groups to Secure ManagementThe security of the DHCP service in Windows 2000 is achieved through the
integration of the DHCP service with Active Directory. The DHCP service is
secured by:
 Authorizing DHCP Servers in Active Directory.
 Using Windows 2000 groups to control access to DHCP Server
configuration.

Authorizing DHCP Servers in Active Directory
Implementing DHCP Server authorization mandates the use of all
Windows 2000–based DHCP Servers. At least one Active Directory–enabled
DHCP Server must exist to allow access to the server authorization list, which
is stored within Active Directory in the DHCPServer object. For example, if a
network is using non-Windows 2000–based DHCP servers, these servers do not
request the authorized list of servers, and they start whether authorized or not.
Using Windows 2000 Groups to Secure Management
DHCP in Windows 2000 supports a secure management strategy. Only
accounts with membership in special Windows 2000 groups can reconfigure or
view a DHCP Server configuration. DHCP Administrators is a special local