Contents

Overview 1
Introducing DHCP 2
Designing a Functional DHCP Solution 8
Securing a DHCP Solution 18
Enhancing a DHCP Design for Availability 23
Enhancing a DHCP Design for
Performance 28
Lab A: Designing a DHCP Solution 32
Review 40


Module 3: DHCP as a
Solution for IP
Configuration



Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2000 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, ActiveX, BackOffice, FrontPage, JScript, MS-DOS, NetMeeting,
PowerPoint, Visual Basic, Visual C++, Visual Studio, Win32, Windows, Windows Media,
Windows NT, are either registered trademarks or trademarks of Microsoft Corporation in the
U.S.A. and/or other countries/regions.

Project Lead: Don Thompson (Volt Technical)
Instructional Designers: Patrice Lewis (S&T OnSite), Renu Bhatt NIIT (USA) Inc.
Instructional Design Consultants: Paul Howard, Susan Greenberg
Program Managers: Jack Creasey, Doug Steen (Independent Contractor)
Technical Contributors: Thomas Lee, Bernie Kilshaw, Joe Davies
Graphic Artist: Kirsten Larson (S&T OnSite)
Editing Manager: Lynette Skinner
Editor: Kristen Heller (Wasser)
Copy Editor: Kaarin Dolliver (S&T Consulting)
Online Program Manager: Debbi Conger
Online Publications Manager: Arlo Emerson (Aditi)
Online Support: Eric Brandt (S&T Consulting)
Multimedia Development: Kelly Renner (Entex)
Test Leads: Sid Benevente, Keith Cotton
Test Developer: Greg Stemp (S&T OnSite)
Production Support: Lori Walker (S&T Consulting)
Manufacturing Manager: Rick Terek (S&T OnSite)
Manufacturing Support: Laura King (S&T OnSite)

Lead Product Manager, Development Services: Bo Galford
Lead Product Manager: Ken Rosen
Group Product Manager: Robert Stewart

Other product and company names mentioned herein may be the trademarks of their respective
owners.



Module 3: DHCP as a Solution for IP Configuration iii


Instructor Notes
This module provides students with the information and decision-making
experiences needed to design an Internet Protocol (IP) configuration service by
using the DHCP service in Microsoft® Windows® 2000. Students will evaluate
and create DHCP solutions to support the IP configuration requirements of an
organization.
At the end of this module, students will be able to:
 Recognize DHCP as a solution for the IP configuration needs of an
organization.
 Evaluate and create a DHCP solution for nonrouted networks, routed
networks, and various client types.
 Select the appropriate strategies to secure a DHCP solution.
 Select the appropriate strategies to enhance the availability of a DHCP
design.
 Select the appropriate strategies to enhance the performance of a DHCP
design.

Upon completion of the lab, students will be able to analyze and design a

DHCP solution that supports the IP configuration requirements of an
organization.
Course Materials and Preparation
This section provides you with the materials and preparation needed to teach
this module.
Required Materials
To teach this module, you need the following materials:
 Microsoft PowerPoint® file 1562B_03.ppt

Preparation Tasks
To prepare for this module, you should:
 Review the contents of this module.
 Review RFCs 951, 2131, and 2132, and the Internet Engineering Task Force
(IETF) draft “Multicast Address Dynamic Client Allocation Protocol
(MADCAP)”, dated May 24, 1999, or the latest revision, which is available
at
 Read any relevant information provided in the Windows 2000 Help files,
the Windows 2000 Resource Kit, or materials on the Instructor CD.
 Be familiar with installing, configuring, and managing DHCP Server in
Windows 2000.
 Know how to set up DHCP scopes.
Presentation:
75 Minutes

Lab:
30 Minutes
iv Module 3: DHCP as a Solution for IP Configuration




 Understand how and why to create user or vendor options within DHCP
scopes.
 Review the discussion material and be prepared to lead class discussions on
the topics.
 Complete the lab and be prepared to elaborate beyond the solutions found
there.
 Read the review questions and be prepared to elaborate beyond the answers
provided in the text.
Module Strategy
Use the following strategy to present this module.
 Introducing DHCP
The DHCP service in Windows 2000 provides an automated and centrally
managed Transmission Control Protocol/Internet Protocol (TCP/IP)
configuration scheme. For IP configuration management, a DHCP solution
provides automation for hosts on single or multiple subnets.
In this section:
• Explain that the network designer needs to determine the host
population, the subnet configuration, and the network topology. This
information provides the basis for defining the subnets and the options
for the DHCP Client.
• Emphasize the message-driven protocol of requests and responses
between the DHCP Server and the DHCP Client. Explain that Scopes,
Superscopes, and TCP/IP options are the three management features
supported by DHCP.
• Make sure the students understand that DHCP Server and DHCP Client,
with capital S and capital C, respectively, are used throughout the
module to indicate a server or client running the DHCP Server service in
Windows 2000 or a Microsoft Windows–based DHCP Client.
• Point out that, to extend service capabilities and reduce network
management, the DHCP service integrates with other Windows 2000

networking services.
 Designing a Functional DHCP Solution
A functional DHCP service supports various types of hosts in simple,
routed, and dial-up networks.
In this section:
• Emphasize that in a simple, nonrouted environment, a single DHCP
Server may be all that is required. Discuss the placement of DHCP
Servers, and the selection of TCP/IP options.
• Emphasize that, in a routed network, in which broadcast domains are
restricted, the DHCP Relay Agent provided in Windows 2000 forwards
broadcast traffic from the DHCP Client to the DHCP Server. Point out
that the decision whether to use single or multiple DHCP Servers
depends on routing configuration, network configuration, and server
hardware architecture.
Module 3: DHCP as a Solution for IP Configuration v



• Point out that DHCP supports non-Microsoft DHCP clients, Bootstrap
Protocol (BOOTP) clients, and non-DHCP clients.
• Make sure students understand the illustration, scenario description, and
directions for the Discussion. Direct them to read through the scenario
and answer the questions. Be prepared to clarify if necessary. Lead a
class discussion on the students’ responses.
 Securing a DHCP Solution
A secure DHCP solution ensures that only authorized servers are allowed to
start and only authorized personnel can configure the servers.
In this section:
• Emphasize that, to prevent disruptions in DHCP service, at least one
DHCP Server must be authorized in the Active Directory

™
directory
service. Describe how to use Windows 2000 groups to provide either
administrative or read-only access to DHCP configuration information.
• Describe the problems that are caused by the use of unauthorized DHCP
Servers in a network. Point out that the exclusive use of Windows 2000–
based DHCP Servers, and the authorization of the DHCP Servers in
Active Directory, prevents the use of unauthorized DHCP Servers in the
network.
• Emphasize that there are risks of unauthorized access when using the
DHCP service in screened subnets. Describe the methods available to
deal with these risks.
 Enhancing a DHCP Design for Availability
A highly available DHCP solution ensures that the DHCP service is
available whenever required.
In this section:
• Describe the use of distributed scopes to provide DHCP Server
redundancy, and to share the DHCP Client load.
• Describe how the use of Windows Clustering increases the availability
of an individual DHCP Server. Point out that the benefits that are
achieved by using Windows Clustering must be weighed against the
additional hardware requirements.
• Make sure students understand the illustration, scenario description, and
directions for the Discussion. Direct them to read through the scenario
and answer the questions. Be prepared to clarify if necessary. Lead a
class discussion on the students’ responses.
 Enhancing a DHCP Design for Performance
The performance of the DHCP service can be optimized to provide the
fastest possible response to DHCP Client requests.
In this section:

• Point out that you can optimize the performance of a single DHCP
Server to reduce the response time to client requests.
• Emphasize that you can use multiple servers to enhance the performance
of the DHCP solution.
• Emphasize that you can modify IP address lease lengths so that the
addresses can be available for use by other hardware resources.

vi Module 3: DHCP as a Solution for IP Configuration



Lab Strategy
Use the following strategy to present this lab.
Lab A: Designing a DHCP Solution
In this lab, students will design a DHCP solution based on specific
requirements outlined in the given scenario.
Students will review the scenario and the design limitations and requirements,
and read any supporting materials. They will use this information, and the
knowledge gained from the module, to develop a detailed design that uses
DHCP as the solution.
To conduct the lab:
 Read through the lab carefully, paying close attention to the instructions and
to the details of the scenario.
 Divide the class into teams of two or more students.
 Present the lab and make sure students understand the instructions and the
purpose of the lab.
 Explain that the design worksheet is to be used to develop their solution.
 Remind students to consider any functionality, security, availability, and
performance criteria that are provided in the scenario, and how they will
incorporate strategies to meet these criteria in their design.

 Allow some time to discuss the solutions after the lab is completed. A
solution is provided on the Instructor CD to help you review the lab results.
Encourage students to critique each other’s solutions and to discuss any
ideas for improving their designs.


Module 3: DHCP as a Solution for IP Configuration 1


Overview
 Introducing DHCP
 Designing a Functional DHCP Solution
 Securing a DHCP Solution
 Enhancing a DHCP Design for Availability
 Enhancing a DHCP Design for Performance


The increasing complexity of network infrastructures demonstrates the need for
an automated and centrally managed Internet Protocol (IP) configuration
scheme. The DHCP service in Microsoft
® Windows® 2000 provides an
automated IP addressing service and centralized management of Transmission
Control Protocol/Internet Protocol (TCP/IP) configuration parameters.
At the end of this module, you will be able to:
 Recognize DHCP as a solution for the IP configuration needs of an
organization.
 Evaluate and create a DHCP solution for nonrouted networks, routed
networks, and various client types.
 Select the appropriate strategies to secure a DHCP solution.
 Select the appropriate strategies to improve the availability of a DHCP

design.
 Select the appropriate strategies to improve the performance of a DHCP
design.

Slide Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module, you will
evaluate and design DHCP
solutions for IP
configuration.
2 Module 3: DHCP as a Solution for IP Configuration





 Introducing DHCP
 Design Decisions
 DHCP Features
 Integration Benefits


As an IP configuration scheme increases in size and in the number of
configuration options used, it becomes increasingly difficult to manage the
manual configuration of network hosts. The DHCP service in Windows 2000
provides automation for host IP configuration by supporting multiple subnets
with unique configuration options and IP address ranges.

The Dynamic Host Configuration Protocol (DHCP) is a message-driven
protocol that allows hosts on the network to acquire an IP address and TCP/IP
client option information from a DHCP server. There are two components to
DHCP in Windows 2000, a DHCP Server service and a DHCP Client.

DHCP Server and DHCP Client, with capital S and capital C,
respectively, are used throughout the module to indicate a server or client
running the DHCP Server service in Windows 2000 or a Microsoft Windows–
based DHCP Client.

When designing a DHCP solution, the network designer must:
 Define the requirements for a DHCP solution for the network.
 Identify the features provided by DHCP and how these features support the
design requirements for the DHCP solution.
 Identify the benefits of integration between DHCP and other Windows 2000
services.

Slide Objective
To introduce DHCP as a
solution for IP configuration.
Lead-in
The DHCP service provides
TCP/IP configuration
management to hosts on an
IP network segment or
group of segments.
Emphasize that DHCP is a
message-driven protocol of
requests and responses
between the DHCP Client

and the DHCP Server. Refer
students to the relevant
RFCs, the online
Windows 2000 Help files,
and the Windows 2000
Resource Kit, for further
information.
Note
Module 3: DHCP as a Solution for IP Configuration 3



Design Decisions
 Number of Hosts?
 Number of Subnets?
 Network Configuration?
Segment 1 Segment 2
Router


To develop a DHCP solution, you must determine the host population, the
number of subnets, and the configuration of the network. This information
establishes the subnets you must define and the DHCP Client options that must
be supplied by the DHCP service to allow successful DHCP Client operation on
the IP network.
In an IP network that uses DHCP, you must allocate each DHCP Client an IP
address and configuration information to enable IP communication. The DHCP
Server maintains a database that includes available and allocated IP addresses
for defined subnets and the client TCP/IP options.
Slide Objective

To introduce the decisions
required in a DHCP solution.
Lead-in
To design a DHCP solution,
you must determine the
number of hosts, the
number of subnets, and the
configuration of the network.
4 Module 3: DHCP as a Solution for IP Configuration



DHCP Features
 RFC Compliance
 Scopes
 Superscopes
 TCP/IP Options
 DNS Integration
 Active Directory Integration
 Microsoft’s Vendor-Specific Options
 Microsoft Support for Multicast IP Address Allocation


To design an effective DHCP service infrastructure, you must understand the
features of the DHCP service and how these features solve the IP configuration
requirements of an organization.
RFC Compliance
The DHCP service in Windows 2000 complies with RFCs 951, 2131, and 2132.
The three primary management features that DHCP supports are:
 Scopes. A range of IP address that are offered on any particular subnet.

 Superscopes. A collection of scopes being offered for the same physical
subnet. Superscopes allow easy extension of the IP address range being
offered to a subnet, particularly if the range offered is noncontiguous.
 TCP/IP options. The additional configuration information that can be passed
to the DHCP Client.


For each DHCP Server, the TCP/IP options can be defined by using
default (global) server options; or for each scope by using scope options, class
options, and reserved options.

DNS Integration
DHCP and DNS integration allows earlier versions of Windows-based clients,
and non-Microsoft DHCP clients, to have their records automatically updated in
the DNS database by the DHCP Server.
Active Directory Integration
The integration of the DHCP service with the Active Directory
™
directory
service allows DHCP Servers to be authorized within Active Directory.
Windows 2000–based DHCP Servers do not start unless authorized.
Slide Objective
To identify DHCP
configuration features
supported by the DHCP
service.
Lead-in
To design a DHCP solution,
you need to understand the
DHCP features and how

these features support the
IP configuration
requirements of an
organization.
For Your Information
The IETF draft cited in the
student notes is subject to
change. Refer to the IETF
documents to ensure that
the latest revision is
communicated to the
students.
Note
Module 3: DHCP as a Solution for IP Configuration 5


Microsoft’s Vendor-Specific Options
In addition to RFC 2131-compliant DHCP options, Microsoft supports several
vendor-specific options. Defined in RFC 2132, these vendor options in the
DHCP service in Windows 2000 include:
 Disable NetBIOS over TCP/IP (NetBT). Used to enable or disable NetBT
on Windows 2000 DHCP Clients. Earlier Windows clients require NetBT;
therefore, they do not support this option.
 Release DHCP lease on shutdown. Used to control whether DHCP Server–
enabled computers send a release for their current DHCP lease to the DHCP
Server when the computer shuts down.
 Default Router Metric base. If set, the DHCP client uses the value
configured here as the base metric for its default gateways.



Some DHCP Server options supported by Windows 2000 are only
recognized by a Windows 2000 DHCP Client. Previous versions of Windows
clients and non-Microsoft clients might not support all options.

Microsoft Support for Multicast IP Address Allocation
The DHCP service in Windows 2000 supports the Multicast Address Dynamic
Client Allocation Protocol (MADCAP), in addition to DHCP. These protocols
are supported independently by the DHCP service. MADCAP is used to enable
multicast clients to join multicast groups. The DHCP service in Windows 2000
supports multicast scopes independently of the DHCP scopes.
Valid addresses for a multicast scope are in the following ranges:
239.255.0.0 to 239.255.255.255
239.254.0.0 to 239.254.255.255
239.253.0.0 to 239.253.255.255


For more information on MADCAP and support for multicast groups, see
the IETF draft: "Multicast Address Dynamic Client Allocation Protocol
(MADCAP)", dated May 24, 1999, or the latest revision, which is available at


Note
Note
6 Module 3: DHCP as a Solution for IP Configuration



Integration Benefits
DNS
Server

IP Address
Server Authorization
Name Registration
DHCP
Server
Active
Directory
Routing
and Remote
Access Server
 Routing and Remote Access
 DNS
 Active Directory


To extend service capabilities and reduce network management, the DHCP
service integrates with other Windows 2000 networking services.
Routing and Remote Access Integration
The integration of Routing and Remote Access and DHCP allows a remote
access server to obtain IP address leases from DHCP. These address leases are
then assigned to remote access clients connecting to the server. Upon
initialization, the remote access server contacts the DHCP Server and requests
IP addresses—one used internally and ten for issue to clients. As the number of
simultaneous remote access clients increases, the server requests additional IP
addresses from the DHCP Server in blocks of ten.
If the remote access server is configured to use the DHCP Relay Agent, all
DHCP configuration information is provided to the remote access clients. If the
DHCP Relay Agent is not configured on the remote access server, the remote
access clients receive only the IP address and subnet mask provided by the
DHCP Server.

DNS Integration
For clients with dynamically allocated IP addresses, you cannot manually
update the client name information in DNS. The integration of DHCP with
DNS allows you to configure the DHCP Server to update the client records in
DNS when an IP address is leased.
DHCP and DNS integration allows non–Active Directory, previous versions of
Windows-based clients, and non-Microsoft DHCP clients, to have their records
automatically updated in the DNS database by the DHCP Server.
Windows 2000–based DHCP Clients automatically update their own records in
DNS, but you must enable the DHCP Server to update the DNS database for
other clients, if required.
Slide Objective
To describe how the DHCP
service integrates with other
services in Windows 2000.
Lead-in
You can integrate the DHCP
service with other
Windows 2000 services to
extend service capabilities
and reduce network
management.
Module 3: DHCP as a Solution for IP Configuration 7



Active Directory Integration
Non-authorized DHCP servers have the potential to disrupt network operation
by issuing incorrect IP addresses or option information to clients. The
integration of the DHCP service with Active Directory allows DHCP Servers to

be authorized within Active Directory. Non-authorized Windows 2000–based
DHCP Servers will not start, which eliminates the potential for disruption of IP
address leases on a network.

The authorization of DHCP servers in Active Directory functions only
with Windows 2000–based DHCP Servers. At least one DHCP Server must be
installed on an Active Directory domain controller, or server, to allow
authorization to work.

Note
8 Module 3: DHCP as a Solution for IP Configuration





 Designing a Functional DHCP Solution
 Designing a DHCP Service for a LAN
 Designing a DHCP Service for a Routed Network
 Providing DHCP Service to Non-Microsoft Hosts
 Discussion: Evaluating DHCP Functional Requirements


You can design an IP configuration service by using DHCP to support various
types of hosts in simple, routed, and dial-up networks. You can design the
DHCP service to integrate with other Windows 2000 services, such as DNS, to
simplify the name registration of hosts that have dynamically allocated IP
addresses.
Slide Objective
To describe the various host

types that the DHCP service
supports.
Lead-in
A DHCP service supports
various host types in a LAN,
routed network, or dial-up
network.
Module 3: DHCP as a Solution for IP Configuration 9



Designing a DHCP Service for a LAN
SuperScope 1
DHCP 1
Scope A
Active
Scope B
Active
SuperScope 2
DHCP 2
Scope X
Active
Scope Y
Active
Configuration for 2 DHCP Servers
Reserved
Class
Scope
Global
TCP/IP

Options
“Portable”
Reserved
Class
Scope
Global
“Desktop”
 Server Placement
 LAN TCP/IP Options


A single DHCP Server can potentially support the DHCP service for several
thousand DHCP clients in a nonrouted local area network (LAN). Many small
to medium-sized LANs are built by using ISO layer 2 switches, thereby
allowing large client counts on a single logical subnet.

A DHCP service for switched environments with multiple broadcast
domains may require DHCP Relay Agents even though the network is not
routed.

Placement of DHCP Servers
With a single DHCP Server, DHCP Client requests are allocated from a single
scope. This single scope defines all addresses and TCP/IP options offered for
the LAN.
With multiple DHCP Servers, it is unknown which server will answer a DHCP
Client broadcast first. In this case, share the IP address range equally between
the DHCP scopes. For each server, define a superscope that includes all scopes
for the subnet. Scopes are enabled only in the server issuing IP addresses from
that scope.
Slide Objective

To describe how to design a
DHCP service in a
nonrouted LAN
environment.
Lead-in
In a simple, nonrouted LAN
environment, a single DHCP
Server might be all that is
required to issue IP address
and configuration for DHCP
Clients.
Caution
10 Module 3: DHCP as a Solution for IP Configuration



Selecting TCP/IP Options for a LAN
In a nonrouted LAN configuration where the computer population is stable or
invariant, the following options reduce and control the DHCP traffic:
 Set DHCP leases to extended times.

If your network is subject to frequent reconfiguration, you may need to
reduce the lease time. DHCP Clients renew their lease at startup and 50
percent of lease time, so this is the shortest time to update TCP/IP options.

 Use DHCP classes to customize DHCP scope options, and use names such
as “Portable” and “Desktop” to describe the collections of options used for a
particular scope.
Tip
Module 3: DHCP as a Solution for IP Configuration 11




Designing a DHCP Service for a Routed Network
DHCP Client
DHCP
Client
With BOOTP
Forwarding
No BOOTP
Forwarding
DHCP
Relay Agent
DHCP
Server
Non-DHCP
Client
Subnet 1
Subnet 2
Subnet 3
DHCP
Clients
 DHCP Relay Agent
 DHCP Server Placement
Router Router


In a routed network, the broadcast domains are restricted. As such, any DHCP
solution must allow the broadcast traffic from the DHCP Clients on the subnets
to reach a DHCP Server. Windows 2000 provides a DHCP Relay Agent to

forward client requests to a DHCP Server. You can place the DHCP Relay
Agent in a subnet anywhere in the routed network.
DHCP Clients and Servers initially establish DHCP leases by using media
access control and IP broadcast packets. However, in most networking
environments, broadcast packets do not propagate through routers, thus limiting
the effective range of a DHCP Server to the subnet to which it is connected. To
provide IP configuration to clients on multiple subnets, you must install a relay
agent for DHCP or configure IP routers to support DHCP/Bootstrap Protocol
(BOOTP) forwarding.
DHCP Relay Agent
The RFC 1542–compliant DHCP Relay Agent provided with Windows 2000
acts as an intermediary between DHCP Clients and DHCP Servers located
across routers. The DHCP Client communicates with the relay agent by using
the dynamic host configuration protocol. The DHCP Relay Agent uses unicast
packets to communicate with a DHCP Server. The DHCP Relay Agent is
transparent to a DHCP Client.

The DHCP service and DHCP Relay Agent use the same User
Datagram Protocol (UDP) ports. Neither service works reliably if you install
them both on the same computer.

Slide Objective
To describe how to place
DHCP Relay Agents and
Servers in a routed network.
Lead-in
Your DHCP design must
include a method that allows
broadcast traffic from DHCP
Clients to reach DHCP

Servers.
Caution
12 Module 3: DHCP as a Solution for IP Configuration



For a routed network, use DHCP Relay Agents on each subnet if:
 There is no DHCP Server with an interface on the subnet.
 There are computers available to use as DHCP Relay Agents.
 There are no routers that support DHCP/BOOTP forwarding.

You can design a solution that does not require DHCP Relay Agents
by turning on BOOTP/DHCP forwarding on the network routers.


You can configure the DHCP Relay Agent to delay forwarding requests to a
DHCP Server so that local DHCP Servers can respond to the request. You can
also configure the DHCP Relay Agent to forward requests to multiple DHCP
Servers. To prevent multiple requests from flooding the DHCP Servers,
configure the forwarding delay if using multiple DHCP Relay Agents, or if
including relay agents on a subnet with a DHCP Server.
DHCP Server Placement
DHCP Servers need to be placed in a way that provides the best client
performance and service availability. The decision to use single or multiple
server solutions depends on the routing configuration, the network
configuration, and the server hardware architecture.
Single Server DHCP Solution
You must place a single server on the subnet with the largest client population.
All other subnets will use either DHCP Relay Agents, or have BOOTP/DHCP
forwarding activated on the routers. The following table lists the considerations

and requirements for a single server solution.
When considering A single server solution requires

Routing configuration Relay agents or routers forwarding subnet broadcasts to
support a routed network.
Network configuration High-speed, persistent connections.
Server hardware
architecture
A single server if the hardware can support the client
count. A single server can support many thousands of
clients, but hardware architecture limitations can limit the
client count.

Note
Module 3: DHCP as a Solution for IP Configuration 13



Multiple Server DHCP Solutions
Include multiple DHCP Servers if the number of clients exceeds the capabilities
of a single server, if you anticipate increases in DHCP Server–based traffic
across subnets, or if your DHCP solution includes wide area network (WAN)
links or nonpersistent connections between locations. Use multiple servers if
your solution must accommodate expansion and increased availability. The
following table lists the configurations required to provide a multiple server
solution.
When considering A multiple server solution

Routing configuration Requires relay agents or routers forwarding broadcasts to
provide total coverage, as determined by the number of

servers and subnets.
Network configuration Permits a DHCP Server at each location. This allows you
to service DHCP Clients locally if you have slower WAN
links, dial-up links, or a geographically dispersed
network.
Server hardware
architecture
Allows you to scale the design to support any number of
clients and subnets.

14 Module 3: DHCP as a Solution for IP Configuration



Providing DHCP Service to Non-Microsoft Hosts
 Non-Microsoft DHCP Clients
 BOOTP Clients
 Non-DHCP Clients
Non-DHCP
Client
DHCP
Server
Non-Microsoft
DHCP Client
Diskless
Workstation
BOOTP Client
DHCP Database
IP Address1
IP Address2

IP Address3
IP Address1
IP Address2
IP Address1
IP Address2


A heterogeneous network may include non-Windows-based hosts that require
dynamically allocated IP address and option information. DHCP supports both
non-Microsoft DHCP clients and BOOTP clients. When IP addresses are
issued, DHCP Clients retain the address for a lease period. BOOTP clients, as
used in many diskless workstations, do not support IP address leases.

The DHCP service in Windows 2000 supports any clients that are
compliant with RFCs 951, 2131, and 2132.

Non-Microsoft DHCP Clients
Always test the support required by non-Microsoft clients to ensure that the
clients are compatible with the DHCP service in Windows 2000. These clients
may require support for non-mandatory features or for vendor-specific options.
In addition, these clients may not support Microsoft-specific vendor extensions
that are implemented on the DHCP Server. For example, non-Microsoft DHCP
clients may not recognize the base cost provided for the default gateways
(Default Router Metric base) TCP/IP option.
BOOTP Clients
The BOOTP client requests an address each time it starts because it does not
recognize an IP lease. BOOTP client support in previous implementations of
DHCP required an explicit client reservation to be made for each BOOTP
client. This IP allocation was marked as an infinite lease or reserved IP address
in the DHCP Server scope. You could not reclaim these addresses, which

created IP address management problems.
Slide Objective
To describe how a DHCP
Server services non-
Microsoft hosts.
Lead-in
In a heterogeneous network,
you may have to support
non-Microsoft hosts that
require dynamic IP
addresses.
Key Points
Non-Microsoft clients may
require support for non-
mandatory features or for
vendor-specific options.

In previous implementations
of DHCP, you could not
reclaim reserved IP
addresses.
Note
Module 3: DHCP as a Solution for IP Configuration 15



The DHCP service in Windows 2000 supports RFC 951-compliant BOOTP
clients and can be configured to reclaim the IP addresses when you remove
clients from the network or turn them off. BOOTP clients are assigned dynamic
IP addresses from a pool of addresses designated specifically for BOOTP

clients. The DHCP Server reclaims these addresses after the lease time has
elapsed and it has verified that the address is not still in use by the BOOTP
client.
Non-DHCP Clients
You configure IP addresses for non-DHCP clients manually. You can document
these addresses in the DHCP scope by manually entering them as reserved
addresses. DHCP does not issue or reclaim these reserved addresses.
16 Module 3: DHCP as a Solution for IP Configuration



Discussion: Evaluating DHCP Functional Requirements
Subnet A1
Proxy
Server
Subnet A2
Subnet B1
Router A1 Router A2
Router A3
Link to Internet
Subnet A3
Firewall


To provide a functional DHCP-based solution for IP configuration, you must
decide how many servers are required, whether or not relay agents are needed,
and the necessary number of scopes and superscopes.
The following scenario describes an organization’s current network
configuration. Read through the scenario and then answer the questions. Be
prepared to discuss your answers with the class.

Scenario
An organization has decided to restructure an existing network to include
DHCP services. You are assigned the task of evaluating how DHCP can
provide an automated solution for host IP configuration.
The current network configuration provides:
 Intranet access to all shared folders and Web-based applications at all
locations.
 Access to the Internet from all locations.
 Support for the existing infrastructure by using the manual allocation of host
IP addresses.
 DHCP/ BOOTP forwarding enabled on all routers.
 Support for a mission-critical Web-based application that requires 24-hours-
a-day, 7-days-a-week operation.
 Isolation of the organization’s network from the Internet by using a firewall
and proxy server.

Slide Objective
To evaluate the functional
requirements of a DHCP
solution.
Lead-in
To design a functional
DHCP solution, you must
decide how many servers
are needed, whether relay
agents are required, and
where to use scopes and
superscopes.
Delivery Tip
Read the scenario to the

students and review the
questions as a group. Give
the students time to
consider their answers, and
then lead a discussion
based on their responses.
Module 3: DHCP as a Solution for IP Configuration 17



Questions
Answer the following questions to determine how you can plan a DHCP
solution for automated host IP configuration.
Circle the correct answer(s).
1. Given the number of hosts, and ignoring reliability considerations, how
many DHCP Servers are required for a DHCP solution?
a. One server.
b. Two servers.
c. Five servers.
d. Six servers.
The correct answer is a. One server is required.
2. Given the number of hosts, and ignoring reliability considerations, how
many DHCP Relay Agents are required for a DHCP solution?
a. None.
b. One agent.
c. Four agents.
d. Five agents.
The correct answer is a. Because the routers support DHCP/BOOTP
forwarding, no DHCP Relay Agents are required.
3. Given the number of subnets, what is the minimum number of DHCP

scopes required for a DHCP solution?
a. One scope.
b. Three scopes.
c. Four scopes.
d. Five scopes.
The correct answers are b and c. There are four subnets that require
dynamic addressing, but students may note that Subnet B1 has no
DHCP clients on it.
4. Given the number of subnets, what is the minimum number of superscopes
required for a DHCP solution?
a. None.
b. One superscope.
c. Unknown, superscopes may be required for any subnet to extend address
ranges in the future.
d. None, superscopes will never be required.
The correct answer is c. It is unknown if any superscopes are required.
Future requirements may allocate non-contiguous address ranges to a
subnet, so it is possible that a superscope could be used.

18 Module 3: DHCP as a Solution for IP Configuration




 Securing a DHCP Solution
 Securing the DHCP Service
 Preventing Unauthorized DHCP Servers
 Using DHCP in Screened Subnets



To prevent disruptions in DHCP service, it is essential to ensure that only
authorized servers are started, and that only authorized personnel can alter
server configurations. To secure the administration and authorization of the
DHCP Servers, and to limit access to the service by unauthorized hosts, you
can:
 Secure the DHCP service.
 Prevent unauthorized servers on your network.
 Include a DHCP Server in a screened subnet.

Slide Objective
To describe strategies to
secure Windows 2000–
based DHCP Servers.
Lead-in
Securing a DHCP service
prevents unauthorized
servers from disrupting the
network.
Module 3: DHCP as a Solution for IP Configuration 19



Securing the DHCP Service
DHCPServer
Object
Authorized
List
Active
Directory
Servers Running

Windows 2000
DHCP
Server
DHCP
Server
ADSI
Authorized
List
 Authorize DHCP Servers in Active Directory
 Using Windows 2000 Groups to Secure Management


The security of the DHCP service in Windows 2000 is achieved through the
integration of the DHCP service with Active Directory. The DHCP service is
secured by:
 Authorizing DHCP Servers in Active Directory.
 Using Windows 2000 groups to control access to DHCP Server
configuration.

Authorizing DHCP Servers in Active Directory
Implementing DHCP Server authorization mandates the use of all
Windows 2000–based DHCP Servers. At least one Active Directory–enabled
DHCP Server must exist to allow access to the server authorization list, which
is stored within Active Directory in the DHCPServer object. For example, if a
network is using non-Windows 2000–based DHCP servers, these servers do not
request the authorized list of servers, and they start whether authorized or not.
Using Windows 2000 Groups to Secure Management
DHCP in Windows 2000 supports a secure management strategy. Only
accounts with membership in special Windows 2000 groups can reconfigure or
view a DHCP Server configuration. DHCP Administrators is a special local

group with permissions to administer the DHCP Server; DHCP Users is a
special local group that permits read-only access. Membership in these groups
provides administrative or read-only access to DHCP configuration
information. Although this group membership allows an authorized user to
view information and properties on a specific DHCP Server, it can prevent
unauthorized changes to the DHCP configuration.
Slide Objective
To describe how to securely
manage DHCP Servers.
Lead-in
Integration with Active
Directory allows you to
control server authorization
and manage user and
administrative access to
DHCP Servers.
Emphasize that the DHCP
protocol is not secure. The
security discussed here
applies to management
strategies only.