Overview

This cheat sheet provides a detailed guide on DHCP (Dynamic Host Configuration Protocol), covering the essentials, configuration steps, message types, common options, troubleshooting tips, and advanced topics like relay and failover.


What is DHCP?

DHCP is a network management protocol used to automate the process of configuring devices on IP networks. It assigns IP addresses and other network configuration parameters to devices, allowing them to communicate on a network.


Key Terms

  • DHCP Server: A server that manages and assigns IP addresses.
  • DHCP Client: A device that receives an IP address from a DHCP server.
  • IP Address: A unique identifier for a device on a network.
  • Lease: The duration of time a DHCP client can use an IP address before it must be renewed.
  • Scope: The range of IP addresses that a DHCP server can assign to clients.
  • Subnet Mask: Used to divide an IP address into network and host portions.
  • Default Gateway: The IP address of a router that forwards traffic to other networks.
  • DNS Server: A server that translates domain names to IP addresses.

DHCP Process (DORA)

  1. Discovery: The client broadcasts a DHCPDISCOVER message to find available DHCP servers.
  2. Offer: DHCP servers respond with a DHCPOFFER message, offering an IP address.
  3. Request: The client sends a DHCPREQUEST message to the selected DHCP server, requesting the offered IP address.
  4. Acknowledgment: The DHCP server sends a DHCPACK message, confirming the lease of the IP address.

DHCP Message Types

  • DHCPDISCOVER: Sent by clients to locate available DHCP servers.
  • DHCPOFFER: Sent by servers in response to a DHCPDISCOVER, offering an IP address.
  • DHCPREQUEST: Sent by clients to accept an offered IP address.
  • DHCPACK: Sent by servers to confirm the IP address lease.
  • DHCPNAK: Sent by servers if the client’s request cannot be fulfilled.
  • DHCPDECLINE: Sent by clients if the offered IP address is already in use.
  • DHCPRELEASE: Sent by clients to release an assigned IP address.
  • DHCPINFORM: Sent by clients to obtain local configuration parameters without IP address allocation.

Common DHCP Options

  • Option 1: Subnet Mask
  • Option 3: Default Gateway
  • Option 6: DNS Server
  • Option 12: Hostname
  • Option 15: Domain Name
  • Option 51: IP Address Lease Time
  • Option 53: DHCP Message Type
  • Option 54: DHCP Server Identifier
  • Option 61: Client Identifier

DHCP Configuration Example (Linux ISC DHCP Server)

Install DHCP Server

sudo apt-get update
sudo apt-get install isc-dhcp-server

Configuration File: /etc/dhcp/dhcpd.conf

# Global Parameters
default-lease-time 600;
max-lease-time 7200;
authoritative;

# Network Configuration
subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.100 192.168.1.200;
  option routers 192.168.1.1;
  option subnet-mask 255.255.255.0;
  option domain-name-servers 8.8.8.8, 8.8.4.4;
  option domain-name "example.com";
}

Restart DHCP Server

sudo systemctl restart isc-dhcp-server

Troubleshooting DHCP

  • Check DHCP Server Status:
    sudo systemctl status isc-dhcp-server
    
  • View DHCP Leases:
    cat /var/lib/dhcp/dhcpd.leases
    
  • Check for DHCP Messages:
    sudo tail -f /var/log/syslog | grep dhcp
    
  • Renew IP Address (Client):
    sudo dhclient -r
    sudo dhclient
    

Best Practices

  1. Plan IP Addressing Scheme: Carefully design the IP address ranges to avoid conflicts.
  2. Secure DHCP Server: Limit access and monitor for unauthorized devices.
  3. Regular Backups: Keep backups of the DHCP configuration and lease files.
  4. Monitoring: Use monitoring tools to track the DHCP server’s health and performance.
  5. Lease Time Management: Adjust lease times according to network needs to optimize address availability.

Security Practices

Securing your DHCP infrastructure is crucial to maintaining a safe and efficient network. Here are some security practices to consider:

  1. Isolate the DHCP Server: Place the DHCP server on a dedicated network segment to limit access.
  2. Use DHCP Snooping: Enable DHCP snooping on your network switches to prevent rogue DHCP servers from distributing IP addresses.
  3. Authentication: Implement 802.1X network access control to ensure only authenticated devices receive IP addresses.
  4. Monitor DHCP Traffic: Use network monitoring tools to keep an eye on DHCP traffic and identify unusual activity.
  5. Access Control Lists (ACLs): Apply ACLs to restrict which devices can send or receive DHCP traffic.
  6. Regular Updates: Keep the DHCP server software updated to protect against known vulnerabilities.

Advanced Topics

DHCP Relay

When clients and DHCP servers are on different subnets, a DHCP relay agent forwards DHCP messages between them.


Configuring DHCP Relay (Linux)

sudo apt-get install isc-dhcp-relay

# Configuration File: /etc/default/isc-dhcp-relay
SERVERS="192.168.1.10" # IP of the DHCP Server
INTERFACES="eth0 eth1" # Interfaces to listen on

sudo systemctl restart isc-dhcp-relay

DHCP Failover

To provide high availability, you can configure two DHCP servers in failover mode. They share lease information and balance load.


Configuring DHCP Failover (ISC DHCP Server)

In /etc/dhcp/dhcpd.conf:

# On Primary DHCP Server
failover peer "dhcp-failover" {
  primary;
  address 192.168.1.10;
  port 647;
  peer address 192.168.1.11;
  peer port 647;
  max-response-delay 60;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 3600;
  split 128;
}

# On Secondary DHCP Server
failover peer "dhcp-failover" {
  secondary;
  address 192.168.1.11;
  port 647;
  peer address 192.168.1.10;
  peer port 647;
  max-response-delay 60;
  max-unacked-updates 10;
  load balance max seconds 3;
}

Visual Aids

Below are diagrams to help visualize the DHCP process and configurations:

DHCP Process (DORA) Diagram

+--------+             +--------+             +--------+              +--------+
| Client |             | Server |             | Server |              | Client |
|        |--Discover-->|        |             |        |              |        |
|        |             |        |--Offer------|        |              |        |
|        |<------------|        |             |        |              |        |
|        |             |        |             |        |              |        |
|        |--Request--->|        |             |        |              |        |
|        |             |        |--ACK--------|        |              |        |
|        |<------------|        |             |        |              |        |
+--------+             +--------+             +--------+              +--------+

DHCP Failover Configuration Diagram

+----------------+          +----------------+
| Primary DHCP   |          | Secondary DHCP |
| Server         |          | Server         |
| (192.168.1.10) |          | (192.168.1.11) |
|                |          |                |
|                |<-------->|                |
|                |          |                |
|                |<-------->|                |
+----------------+          +----------------+

Real-world Scenarios

Here are some scenarios where DHCP troubleshooting and best practices come into play:

Scenario 1: IP Address Exhaustion

  • Problem: Users report that they cannot connect to the network.
  • Solution: Check the DHCP scope to ensure there are enough IP addresses available. Adjust the range if necessary or reduce the lease time to recycle addresses more frequently.

Scenario 2: Rogue DHCP Server

  • Problem: Devices are getting incorrect IP addresses or network configurations.
  • Solution: Enable DHCP snooping on switches to block unauthorized DHCP servers. Identify and remove the rogue server.

Scenario 3: Network Segmentation

  • Problem: Devices on different subnets are not receiving IP addresses.
  • Solution: Configure a DHCP relay agent to forward requests between subnets. Ensure proper relay configuration and connectivity.

Scenario 4: Lease Renewal Issues

  • Problem: Devices are losing connectivity periodically.
  • Solution: Check the DHCP server logs for errors during lease renewals. Adjust the lease time and ensure the server has adequate resources to handle renewals.

Scenario 5: Misconfigured DHCP Options

  • Problem: Devices are not receiving the correct DNS server addresses.
  • Solution: Verify the DHCP configuration file for correct option settings. Use option domain-name-servers to specify the correct DNS servers.

Conclusion

DHCP simplifies network management by automating IP address assignment and configuration. Understanding its processes, configurations, and best practices ensures efficient and reliable network operation.

This cheat sheet provides a quick reference for DHCP essentials, configuration, troubleshooting, and advanced features. Keep it handy for managing DHCP in your network environment.

Last updated 22 Sep 2024, 12:15 CEST . history