Add to collection(s) Add to saved
  1. No category
Uploaded by Ahmed Maher Alsisi

CCNA 200-301 - DHCPv4 Zero to Hero - InstructorSlides - Ahmed Elhefny

advertisement 
https://www.youtube.com/c/techvortexx
11/12/2021
DHCP-V4 CONCEPTS
DYNAMIC HOST CONFIGURATIONS PROTOCOL
CCNA ENTERPRISE
Ahmed Elhefny
CCNA Enterprise - 2021-2022
135
HOW TO ASSIGN ADDRESS TO
DEVICES?
• Static assigning
Time consuming, could assign duplicate addresses.
• Automatic Private IP Addressing (APIPA) – Class B - 169.254.0.0/16
You configure address mode to automatic, and dynamic address will be
generated on the network interface
The APIPA address is not randomly chosen. The algorithm used to produce
the IP address factors in the network adapter's MAC address. Since the
MAC address should be unique on each Ethernet adapter, the APIPA
address should be unique as well.
You have no control, APIPA provide limited capabilities, no DNS, no Gateway
Ahmed Elhefny
CCNA Enterprise - 2021-2022
136
https://www.youtube.com/c/techvortexx
1
https://www.youtube.com/c/techvortexx
11/12/2021
WHAT IS DHCP
•
DHCP is an open standard with RFC number 2131 (so it is open standard)
•
The Protocol is distributing network configurations, not just IP addresses
•
DHCP Protocol utilize 4 messages types (DISCOVER, OFFER, REQUEST, ACK)
•
Phases of Acquiring IP Address
1. Client start to send discover message
2. If DHCP server exist within this broadcast domain, the server will reply
with an offer messages containing suggested configurations from the
server
3. Client will reply to the offer message by DHCP request
4. Server reply with ACK confirming that this configurations are assigned to
the MAC originally sent the discover at the beginning of the process.
137
DHCP COMMUNICATION
• DHCP Client uses UDP port 67 for transporting messages from
DHCP client to DHCP server (DISOVER & REQUEST)
• DHCP Server uses UDP port 68 for transporting messages from
DHCP server to the DHCP client (OFFER & ACK)
• Remember UDP is identified by IP Protocol number 17, while TCP
is IP Protocol number 6
138
https://www.youtube.com/c/techvortexx
2
https://www.youtube.com/c/techvortexx
11/12/2021
DHCP PROCESS
•
When DHCP client request for IP, it does not know the IP address of DHCP server, and it
does not have IP address to send discover message with, so DHCP client build IP packet
with source address 0.0.0.0 and send it to broadcast 255.255.255.255 for both Discover
& Request messages.
•
On a contrary, server communications to client is a Unicast communication (server reply
with the offer with assigned address in destination field of IP Packet)
Ahmed Elhefny
CCNA Enterprise - 2021-2022
139
DHCP OPTIONS
•
Every information
distributed using
DHCP protocol has an
option number, the
client receive the
DHCP message and
read values assigned
with each option.
•
The OS is programmed
to pick value assigned
with DHCP option
number (3) and set its
content as IP address
of default gateway.
140
https://www.youtube.com/c/techvortexx
3
https://www.youtube.com/c/techvortexx
11/12/2021
DHCP OPTIONS
PROVIDED BY SERVER
Option Number
Information Provided
1
Subnet Mask
3
Gateway
6
DNS
51
Lease duration
54
DHCP Server IP Address
58
Address Renewal Time value
59
Address Rebinding Time value
150
TFTP Server IP Address
Ahmed Elhefny
CCNA Enterprise - 2021-2022
141
DHCP OPTIONS
PROVIDED BY CLIENT
Option Number
Information Provided
50
Requested IP Address
(Could exist in discover message, if client took same IP Before and still
remember it)
60
Vendor Class identifier (Tells if this client is Windows, Linux, IOT) ->
Windows 7 gives MSFT 5.0
61
Client Identifier (Mac address of the client)
Ahmed Elhefny
CCNA Enterprise - 2021-2022
142
https://www.youtube.com/c/techvortexx
4
https://www.youtube.com/c/techvortexx
11/12/2021
DHCP OPTIONS
SPECIAL OPTIONS
Option Number
Information Provided
43
Cisco Light weight access points (LWAPs) cannot operate without Wireless
controller, controller IP address is needed, and can be provided by DHCP
server, LWAPs request option 43, DHCP server respond with IP address,
they IP address when received by LWAP will be considered as the IP
address of Wireless LAN Controller (WLC)
150
Cisco IP Phones whenever it is reboots, it request configurations
associated to it (Such as number, functions and much more) from its
Server (Called CUCM) using TFTP protocol, the option 150 provide IP
phones with IP address of CUCM to allow phones to work
60, 66, 67
53
Options related to PXE (Preboot execution environment), the PXE make
Sysadmins and IT Helpdesk live easier by allowing bulk OS deployment
over Network using tools such as SCCM
Identify the type of DHCP message (DISCOVER, OFFER, REQUEST)
Ahmed Elhefny
CCNA Enterprise - 2021-2022
143
DHCP WELL KNOWN MESSAGE TYPES
IDENTIFIED UNDER OPTION 53
Option Number
Information Provided
1
DISCOVER (DHCP client sends a DHCP Discover broadcast on the network for finding
a DHCP server. If there is no respond from a DHCP server, the client assigns itself an
Automatic Private IPv4 address (APIPA))
2
OFFER (DHCP servers on a network that receive a DHCP Discover message respond
with a DHCP Offer message, which offers the client an IPv4 address lease)
3
REQUEST (Clients accept the first offer received by broadcasting a DHCP Request
message for the offered IPv4 address)
4
DHCPDECLINE (From Client) – client refuse the given address for whatever reason.
5
ACK (The server accepts the request by sending the client a DHCP Acknowledgment
message)
6
RELEASE (A DHCP client sends a DHCPRelease packet to the server to release the
IPv4 address and cancel any remaining lease)
7
DHCPNAK (From Server) – server refuse to give the requested address, maybe other
device in the same network already took it while you was offline.
8
Inform (DHCPInform is used by DHCP clients to obtain DHCP options)
Ahmed Elhefny
CCNA Enterprise - 2021-2022
144
https://www.youtube.com/c/techvortexx
5
https://www.youtube.com/c/techvortexx
11/12/2021
DHCP-V4
LEASE AND TIMERS
CCNA ENTERPRISE
Ahmed Elhefny
CCNA Enterprise - 2021-2022
145
UNDERSTANDING LEASE
DURATION, T1 & T2 TIMERS
•
Configurations provided by DHCP server are granted for limited time, Cisco DHCP server
default lease value is 1 Day, while windows default lease time is 8 days.
•
Renewal Timer (T1) is considered as the half of the lease duration (12 hours Cisco / 4 Days
Microsoft), when T1 is reached, client sends DHCPREQUEST asking to renew the lease, server
could respond with either DHCPACK or DHCPNAK.
•
In case now reply received at all for T1 DHCP request, Client will operate normally, but in
background it will be still sending DHCPREQUEST messages to the server.
•
Client it will wait till Rebind timer (T2) expiration, T2 is 87.5/100 of the original lease time,
upon expiration, the client will be transited to the rebinding state and send DHCPREQUEST, if
negative reply received, the client would transit to INIT state asking for totally new lease.
•
If no reply received at all, the client IP address will reset to APIPA, and Client will be actively
sending DHCPDISCOVER messages till server replies with configurations.
•
The above describe how specific PCs in your network can have the same IP address for years
without manually reserve it.
Ahmed Elhefny
CCNA Enterprise - 2021-2022
146
https://www.youtube.com/c/techvortexx
6
https://www.youtube.com/c/techvortexx
11/12/2021
LEASE, T1, T2 OPTIONS
Ahmed Elhefny
CCNA Enterprise - 2021-2022
147
IOS DHCP-V4
CONFIGURATIONS
CCNA ENTERPRISE
Ahmed Elhefny
CCNA Enterprise - 2021-2022
148
https://www.youtube.com/c/techvortexx
7
https://www.youtube.com/c/techvortexx
11/12/2021
SOME CONSIDERATIONS
•
DHCP is an added feature of Cisco IOS - enabled by default ( # no service DHCP )
•
you can configure router or even switch (whether layer2 or MLS) to act as DHCP server for your
network.
•
Generally, DHCP server need to have an IP address in the subnet that it needs to distribute
addresses within.
•
The last point is not applicable in case we use relay-agent / helper address, at companies, you can
find single server with ip address (EX. 10.0.100.100) and distribute addresses for 10 different
subnets.
•
Plan for lease duration carefully, lease for guest network should be few hours, while lease for
employees vlans could be days and weeks, no need to configure lease duration as infinite
(Forever).
Ahmed Elhefny
CCNA Enterprise - 2021-2022
149
DHCP CONFIGURATIONS ON
CISCO IOS
Configure terminal
IP DHCP POOL VLAN_10
NETWORK 10.10.10.0 255.255.255.0 Can be /24 instead of full mask
Can add two DNS Servers
DNS 10.10.100.100 10.10.100.101
DEFAULT-ROUTER 10.10.0.254
NTP 10.10.100.100
! If this vlans for VOIP
OPTION 150 IP 10.10.100.254
Option 43 hex f108c0a80a05c0a80a14 ! If this vlans for LWAP
DOMAIN-NAME TECHVORTEX.COM
Days – Hours - Minutes
LEASE 0 8 0
!
End
ip dhcp excluded-address 10.10.10.1 10.10.10.20
Exclude gateway, From – TO
servers and so on rangne
150
https://www.youtube.com/c/techvortexx
8
https://www.youtube.com/c/techvortexx
11/12/2021
HELPER ADDRESS / RELAY
AGENT
CCNA ENTERPRISE
Ahmed Elhefny
CCNA Enterprise - 2021-2022
151
HELPER ADDRESS OR RELAY
AGENT CONCEPT
•
As stated before, DHCP client send discover message to broadcast address, which means
this message can reach all clients at the same broadcast domain.
•
Most of times, especially when DHCP server is configured on Microsoft Windows Server,
the DHCP server will be in a different broadcast domain (usually servers vlan)
•
Helper address (As called in Cisco), and Relay Agent (As called in Microsoft), is simply a
feature that you configured on Router interface (or generally the gateway interface) that
serve the client VLAN.
•
In Helper address configurations, you instruct the interface that whenever it sees DHCP
discover message (or other types of protocol), please transform it from Broadcast to
Unicast, and send it to DHCP server address configured with “helper-address <SERVER-IP>”
interface command, the interface also set its IP address in GIADDR field.
•
The server will receive routed DISCOVER message, if the check the GIADDR to see if it
has a pool configured for this address range and will also read option 61 to know which MAC
address is requesting the configuration to send the DHCP offer.
Ahmed Elhefny
CCNA Enterprise - 2021-2022
152
https://www.youtube.com/c/techvortexx
9
https://www.youtube.com/c/techvortexx
11/12/2021
HELPER ADDRESS
CONFIGURATIONS
INTERFACE VLAN 10
IP HELPER-ADDRESS (DHCP SERVER IP Address)
153
THE SMART RELAY
ip dhcp smart-relay if you have secondary addresses on that interface and you want
the router to step through each IP network when forwarding DHCP requests. Without
the smart relay agent configured, all requests are forwarded using the primary IP
address on the interface.
# ip dhcp smart-relay
Yes, you can have two IP addresses per interface, but always primary address is set in
GIADDR field.
Ahmed Elhefny
CCNA Enterprise - 2021-2022
154
https://www.youtube.com/c/techvortexx
10
https://www.youtube.com/c/techvortexx
11/12/2021
VERIFY CONFIGURED HELPER
ADDRESS
Ahmed Elhefny
CCNA Enterprise - 2021-2022
155
HELPER ADDRESS SUPPORTED
PROTOCOLS
• Port 37: Time
• Port 49: TACACS
• Port 53: DNS (Remember 255.255.255.255)
• Port 67: DHCP/BOOTP server
• Port 68: DHCP/BOOTP client
• Port 69: TFTP
• Port 137: NetBIOS name service
• Port 138: NetBIOS datagram service
Ahmed Elhefny
CCNA Enterprise - 2021-2022
156
https://www.youtube.com/c/techvortexx
11
https://www.youtube.com/c/techvortexx
11/12/2021
DHCP-V4
DATABASE & MANUAL
RESERVATION
CCNA ENTERPRISE
Ahmed Elhefny
CCNA Enterprise - 2021-2022
157
DHCP MANUAL RESERVATION
CONCEPT
•
As client send in DHCP discover message its client identifier (MAC
address) – Option 61.
•
You can instruct your DHCP server, whenever you see specific MAC
address coming under option 61, give it a specific IP address from the
available Pool.
•
Manual reservation configuration varies according to the operating system
of the DHCP server.
•
Manual reservation is recommended whenever needed but avoid to do
manual reservation until you consume all the pool, leaving nothing to other
clients, as the reserved DHCP Address cannot be distributed to any client
other than the client has the specific mac configured.
Ahmed Elhefny
CCNA Enterprise - 2021-2022
158
https://www.youtube.com/c/techvortexx
12
https://www.youtube.com/c/techvortexx
11/12/2021
HOW TO DO MANUAL
RESERVATION
•
THE “01” is inserted before MAC address to make the client identifier.
ip dhcp pool PC-01
host 192.168.1.100 255.255.255.0
client-identifier 01aa.bbcc.0010.00
default-router 192.168.1.1
dns-server 8.8.8.8
Ahmed Elhefny
CCNA Enterprise - 2021-2022
159
IP DHCP DATABASE
• One of the problems when you configure Cisco IOS as DHCP
server is that binding information will be deleted when
switch/router got restart, this could lead to a lot of problems.
• Problems can be avoided by assign a path for external dhcp
database file, or at least save it on flash
Ahmed Elhefny
CCNA Enterprise - 2021-2022
160
https://www.youtube.com/c/techvortexx
13
https://www.youtube.com/c/techvortexx
11/12/2021
READING IP DHCP DATABASE
•
You can configure the path to DHCP database to be over FTP / HTTP
Server, but of course authentication will be needed.
Ahmed Elhefny
CCNA Enterprise - 2021-2022
161
DHCP-V4
VERIFICATION AND
TROUBLESHOOTING
CCNA ENTERPRISE
Ahmed Elhefny
CCNA Enterprise - 2021-2022
162
https://www.youtube.com/c/techvortexx
14
https://www.youtube.com/c/techvortexx
11/12/2021
SHOW IP DHCP?
R2#show ip dhcp ?
binding
DHCP address bindings
conflict DHCP address conflicts
database DHCP database agents
import
Show Imported Parameters
pool
DHCP pools information
relay
Miscellaneous DHCP relay information
server
Miscellaneous DHCP server information
163
SHOW IP DHCP BINDING
Ahmed Elhefny
CCNA Enterprise - 2021-2022
164
https://www.youtube.com/c/techvortexx
15
https://www.youtube.com/c/techvortexx
11/12/2021
SHOW IP DHCP POOL
Ahmed Elhefny
CCNA Enterprise - 2021-2022
165
SHOW IP DHCP POOL
Ahmed Elhefny
CCNA Enterprise - 2021-2022
166
https://www.youtube.com/c/techvortexx
16
https://www.youtube.com/c/techvortexx
11/12/2021
SHOW IP DHCP SERVER
STATISTICS
Ahmed Elhefny
CCNA Enterprise - 2021-2022
167
DISABLE UNNEEDED SERVICES
DHCP is a feature and can be disabled.
Remember password encryption???
Ahmed Elhefny
CCNA Enterprise - 2021-2022
168
https://www.youtube.com/c/techvortexx
17
https://www.youtube.com/c/techvortexx
11/12/2021
DHCP-V4
CLIENT CONFIGURATIONS
CCNA ENTERPRISE
Ahmed Elhefny
CCNA Enterprise - 2021-2022
169
HOW TO ASSIGN IP ADDRESS
Ahmed Elhefny
CCNA Enterprise - 2021-2022
170
https://www.youtube.com/c/techvortexx
18
https://www.youtube.com/c/techvortexx
11/12/2021
WINDOWS CMD COMMANDS
IPCONFIG
Ahmed Elhefny
CCNA Enterprise - 2021-2022
171
CMD COMMANDS
RELEASE / RENEW IP ADDRESS
Ahmed Elhefny
CCNA Enterprise - 2021-2022
172
https://www.youtube.com/c/techvortexx
19
https://www.youtube.com/c/techvortexx
11/12/2021
CMD COMMANDS
START/STOP DHCP SERVICE
Ahmed Elhefny
CCNA Enterprise - 2021-2022
173
LINUX COMMANDS / SHOW IP
& RENEW
Ahmed Elhefny
CCNA Enterprise - 2021-2022
174
https://www.youtube.com/c/techvortexx
20
https://www.youtube.com/c/techvortexx
11/12/2021
TURNING IOS TO DHCP-V4
CLIENT
Ahmed Elhefny
CCNA Enterprise - 2021-2022
175
https://www.youtube.com/c/techvortexx
21
Related documents
The benefits of exercise and The dangers of lack of exercise
The benefits of exercise and The dangers of lack of exercise
Going to the bank
Going to the bank
Extreme Stars Video Questions (3)
Extreme Stars Video Questions (3)
DHCP discover step
DHCP discover step
Chapter 9 Customer Service Answers
Chapter 9 Customer Service Answers
Lecture 1
Lecture 1
DHCP Security Analysis
DHCP Security Analysis
Download
advertisement