Cisco CNS Network Registrar Users's Guide Web Interface, 6.0
DHCP Administration
Downloads: This chapterpdf (PDF - 678.0KB) The complete bookPDF (PDF - 2.69MB) | Feedback

DHCP Administration

Table Of Contents

DHCP Administration

DHCP Administrator Role

Role Functions

Role Limitations

Managing DHCP Scopes

Adding Scope Properties

Editing a Scope

Listing and Managing Leases for a Scope

Managing DHCP Scope Templates

Adding a Scope Template

Editing a Scope Template

Managing DHCP Policies

Adding a Policy

Editing a Policy

Managing DHCP Clients

Adding a Client Without a Client-Class

Editing a Client

Managing DHCP Client-Classes

Adding a Client-Class

Editing a Client-Class

Editing Embedded Policies

Managing DHCP Networks

Listing Networks

Editing a Network

Managing DHCP Failover

Adding a Failover Pair

Configuring Failover for the Server

Configuring Failover for Scopes

Listing Failover Pairs

Editing a Failover Pair

Synchronizing the Failover Servers and Running a Report

Managing the Failover Servers

Managing the DHCP Server

Managing the Server Status

.Editing DHCP Server Attributes


DHCP Administration


DHCP administration involves configuring scopes and policies so that the DHCP server can distinguish host requirements and give the proper leases to these hosts. You can also use the Web UI to configure DHCP clients and client-classes. Table 7-1 lists the topics explained in this chapter.

Table 7-1 DHCP Administration Topics

If you want to learn about...
See...

DHCP administrator responsibilities

"DHCP Administrator Role" section

Managing DHCP scopes

"Managing DHCP Scopes" section

Managing DHCP scope templates

"Managing DHCP Scope Templates" section

Managing DHCP policies

"Managing DHCP Policies" section

Managing DHCP clients

"Managing DHCP Clients" section

Managing DHCP client-classes

"Managing DHCP Client-Classes" section

Managing DHCP embedded policies

"Editing Embedded Policies" section

Managing DHCP networks

"Managing DHCP Networks" section

Managing failover server pairs

"Managing DHCP Failover" section

Managing the DHCP server

"Managing the DHCP Server" section


DHCP Administrator Role

DHCP administrators are interested in managing dynamic configuration of hosts in their network. These administrators do not have complex client classification or DHCP request handling customization requirements, but rather want to use the basic features of the DHCP server to easily configure a large number of devices with their basic IP configuration.

Role Functions

The DHCP administrator can perform these role functions:

View allocated scopes

Create a new scope

Set the dynamic ranges in a scope (also done by associating an IP range with a scope)

Add reservations (perhaps done on subnet and then applied to each associated scope)

Delete a scope or subnet

Set DHCP option values

Configure scope attribute values

Create clients and client-classes

Synchronize and manage DHCP failover server pairs

Manage the DHCP server

Role Limitations

There are no role limitations for a DHCP administrator.

Managing DHCP Scopes

A scope is a predefined set of IP addresses for a subnet, along with configuration parameters (called DHCP options) that tell the DHCP server how to operate on these addresses. You must define at least one scope for a subnet so that the DHCP server can allocate addresses from its subnet.

How to Get There

On the Primary Navigation bar, click the DHCP tab. On the Secondary Navigation bar, click the Scopes tab. This opens the List/Add DHCP Scopes page (see Figure 7-1).

Figure 7-1 List/Add DHCP Scopes Page

Data to Enter

You can enter or select the fields described in Table 7-2 to create a scope. The scope name and subnet values are required.

Table 7-2 Entries on the List/Add DHCP Scopes Page 

Entry
Description

Name*

Name of the scope. Make this name as identifiable as possible. It must be unique. If you omit the scope name (and the scope template does not provide it), you need to add it on the Add Scope page. Required.

Subnet*

Subnet address of the scope. Also select the appropriate mask from the drop-down list. Required.

Template

Template to apply to the scope. Select a predefined scope template from the drop-down list. Defining a template is as easy as defining its name, an associated policy, and optional scope selection tags. To define scope templates, see the "Managing DHCP Scope Templates" section. Optional.


Actions to Take

On the List DHCP Scopes page, you can:

Add a scope—The fields you enter are listed in Table 7-2. You have three options; in all cases, you must enter a subnet and mask for the scope:

Enter a scope name and subnet, and select a subnet mask, but do not select a template. When you click Add Scope, the Add Scope page appears, where you can add a policy, ranges, and reservations. See the "Adding Scope Properties" section.

Omit the scope name, subnet, and mask, and select a template from the drop-down list of predefined templates (see the "Managing DHCP Scope Templates" section). When you click Add Scope, the Add Scope page appears. Because you omitted the scope name, you must supply it, along with adding any ranges and reservations on the Add Scope page. (Because you applied a template, the scope already has a policy from the template.) See the "Adding Scope Properties" section.

Enter a scope name and subnet, select a subnet mask, and select a template from the drop-down list of predefined templates (see the "Managing DHCP Scope Templates" section). When you click Add Scope, this adds the scope to the bottom of the list on the List/Add DHCP Scopes page. Because you applied a template, the scope already has a policy. However, you must click the scope name to edit the scope name, ranges, and options. See the "Editing a Scope" section.

List the leases for a scope—Click the View icon () in the Leases column to open the List DHCP Leases for Scope page. See the "Listing and Managing Leases for a Scope" section.

Edit a scope—Click the scope name. See the "Editing a Scope" section.

Delete a scope—Click the Delete icon () next to its name, and confirm or cancel the deletion.

Sort by scope name or subnet—Click the Name column heading to sort by scope name, or click the Subnet column heading to sort by subnet. Both are descending sorts.

You can also view the relationship between primary and secondary scopes using the Networks view. See the "Managing DHCP Networks" section.

Adding Scope Properties

When you create a scope on the List/Add DHCP Scopes page with a scope name but do not apply a template, or omit the scope name but apply a template, the Add Scope page appears. On this page, you can specify a policy for the scope, and you can add dynamic IP address ranges and reserved addresses.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Scopes tab. This opens the List/Add DHCP Scopes page (see Figure 7-1).

Step 3 Enter a scope name, but do not select a template, or omit the scope name and select a template. (You must always enter a subnet and mask for the scope.)

Step 4 Click Add Scope. This opens the Add DHCP Scope page (see Figure 7-2).

Figure 7-2 Add DHCP Scope Page


Data to Enter

You can enter the fields described in Table 7-3 for a scope. The fields marked with an asterisk (*) are required.

Table 7-3 Entries on the Add DHCP Scope Page 

Entry
Description

Name*

Name of the scope. Make this name as identifiable as possible. It must be unique. Note that if you apply a template to this scope, you can have the template define the scope name, so that you can leave this field blank. Required.

Subnet*

Subnet address of the scope. Select the appropriate mask from the drop-down list. Required.

Policy*

Name of the policy to apply to the scope. The default policy is default. Required.

Ranges:

Start, End

Start and end address in the address range. To add the range, click Add Range. This adds the range entry below the button. To delete a range, click the Delete icon () next to its name. This immediately deletes the range from the list, without a confirmation.

Reservations:

IP Address,
MAC Address

IP address of the reserved address. Also include its MAC address, in the form 00:d0:ba:d3:bd:3b or 1,6,00:d0:ba:d3:bd:3b. To add the reservation, click Add Reservation. To delete a reservation, click the Delete icon () next to its name. This immediately deletes the reservation from the list, without a confirmation.

Selection Tags:

Tag Value

List of selection criteria associated with the scope. The scope compares a client's selection criteria to this list to determine whether the client can obtain a lease from it. For each selection tag you enter, click Add Selection Tag.

Attribute

For a description of each attribute, click its name to open a help window. The attributes are identified by display name and CLI (hyphenated) name.

Primary Subnet

If the scope is a secondary scope, the network address of its primary scope, when multiple logical IP subnets are present on the same physical network. There is no default.

Dynamic DNS

dynamic-dns

Whether or not to use dynamic DNS update. The default is disabled.

dns-zone-name

DNS zone to which to add the client's host name. There is no default.

dns-server-addr

Address of the DNS server. There is no default.

dns-reverse-zone-
name

DNS reverse (in-addr.arpa) zone to which to add the client's host name. There is no default.

dns-rev-server-addr

Name of the reverse DNS server for the zone. There is no default.

dns-host-bytes

Number of bytes in a pool's IP address to use when forming in-addr.arpa names. The cluster forms names in the in-addr zone by prepending dns-host-bytes of IP address (in reverse order) to the dns-reverse-zone-name.

dynamic-dns-tsig

Controls the transaction signatures (TSIG) feature used for dynamic DNS updates for the DHCP server. If not set to use-server-settings (the default), overrides the DHCP server attribute value.

enable-fwd-and-rev—Use TSIG for both forward and reverse zone updates.

disable-fwd-and-rev—Do not use TSIG for forward or reverse zone updates.

enable-fwd-only—Use TSIG for forward zone updates only.

enable-rev-only—Use TSIG for reverse zone updates only.

use-server-settings—Use the dynamic-dns-tsig value set for the DHCP server. This is the default setting.

dynamic-dns-fwd-
key

Server wide security key to process all forward zone dynamic DNS updates (the DNS server is specified by the dns-server-addr attribute and the zone name is specified by the dns-zone-name attribute in a scope object). There is no default.

dynamic-dns-rev-
key

Server wide security key to process reverse zone dynamic DNS updates for all leases available in this server. (the DNS server is specified by the dns-rev-server-addr attribute and the zone name is specified by the dns-reverse-zone-name attribute in a scope object). There is no default.

synthesize-name

Whether or not to create names for hosts that do not provide them. The default is disabled.

synthetic-name-
stem

Prefix of the default host name to use if not supplied. There is no default.

update-dns-first

Whether or not to update the DNS server before granting a lease. The default is disabled.

Failover

Failover Setting

Whether or not to use failover, and how. Select scope-enabled, scope-disabled, or use-server-settings. The default is use-server-settings.

Main Server

Name of the main failover server for the subnet. There is no default.

Backup Server

Name of the backup failover server for the subnet. There is no default.

Backup Percentage

Percentage of available addresses that the main server should send to the backup server. There is no default.

BootP

bootp

Whether or not to accept BOOTP requests. The default is disabled.

dhcp

Whether or not to accept DHCP requests. The default is enabled.

dynamic-bootp

Whether or not to accept dynamic BOOTP requests. The default is disabled.

update-dns-for-
bootp

Whether or not to accept DNS updates from clients. There is no default.

Miscellaneous

deactivated

Whether or not to de-activate the scope. There is no default.

renew-only

Whether or not to allow existing clients to renew their leases and not offer leases to other clients. There is no default.

ping-clients

Whether or not to ping client addresses. The default is disabled.

ping-timeout

Number of milliseconds to wait for ping responses from the server. The default is 300 ms.

namespace-id

Namepace identifier for the scope. There is no default.

SNMP Traps

trap-free-address-
high

Whether or not to send a free-address trap when above the trap-free-address-high-threshold value. The default is enabled.

trap-free-address-
high-threshold

Number or percentage of free addresses at which point a free-address-high trap is generated and the free address trap is re-enabled. There is no default.

trap-free-address-
low

Whether or not to send a free-address trap when below the trap-free-address-low-threshold value—true or false. There is no default.

trap-free-address-
low-threshold

Number or percentage of free addresses at which point the free-address trap is generated. There is no default.


Actions to Take

Click Add Scope to add the scope, or click Cancel to cancel the operation. You return to the List/Add DHCP Scopes page, where you can edit or delete the scope.

Editing a Scope

You can add DHCP options to the scope after you create the scope and then edit it. Editing a scope provides further field additions that are DHCP option attributes.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Scopes tab. This opens the List/Add DHCP Scopes page (see Figure 7-1).

Step 3 Click the name of the scope that you want to edit. This opens the Edit DHCP Scope page, which has the same fields as the Add DHCP Scope page (see Figure 7-2), except that there are additional Embedded Policy and Leases areas.


Data to Enter

See Table 7-3 for the attributes you can edit. You can also edit embedded policies and list leases. See the "Editing Embedded Policies" section and the "Listing and Managing Leases for a Scope" section.

Actions to Take

To unset fields, check the Unset? box and click Unset Fields. To complete editing the scope, click Modify Scope, or click Cancel to cancel the edit.


Note You must click Modify Scope to add embedded policies or implement any changes to the scope properties.


Listing and Managing Leases for a Scope

You can list the leases assigned to a scope on the List DHCP Leases for Scope page. You can also force an unavailable lease to become available, or de-activate a lease from this page.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Scopes tab. This opens the List DHCP Scopes page (see Figure 7-1).

Step 3 Click the name of the scope you want to edit. This opens the Edit DHCP Scope page.

Step 4 Click List Leases in the Leases area of the page. This opens the List DHCP Leases for Scope page (see Figure 7-3).

Figure 7-3 List DHCP Leases for Scope Page

Step 5 To manage a specific lease, click its name on the page. This opens the Manage DHCP Lease page (see Figure 7-4).

Figure 7-4 Manage DHCP Lease Page

On this page, you can force a lease to be available and you can de-activate a lease:

To force a lease to become available, click Force Available.

To de-activate an active lease, click Deactivate.

To cancel the page, click Cancel.

Each action returns to the List DHCP Leases page.


Data to Enter

There is no data to enter or select on this page. However, the page identifies the IP address, state, host name, flags, and lease expiration date. Click an attribute name to open a help window for the attribute.

The lease state values are available, offered, leased, expired, unavailable, released, other-available, or pending-available.

The lease flag values are reserved, valid, deactivated, initialized, failover-updated, not_in_ranges, dynamic, or backup.

Managing DHCP Scope Templates

Scope templates provide a convenient way to define scopes with common properties, rather than having to define these properties for each scope.

How to Get There

On the Primary Navigation bar, click the DHCP tab. On the Secondary Navigation bar, click the Scope Templates tab. This opens the List Scope Templates page (see Figure 7-5).

Figure 7-5 List DHCP Scope Templates Page

Actions to Take

On the List DHCP Scope Templates page, you can:

Add a template—Click Add Scope Template. See the "Adding a Scope Template" section.

Edit a template—Click the template name. See the "Editing a Scope Template" section.

Delete a template—Click the Delete icon () next to its name, and confirm or cancel the deletion.

Adding a Scope Template

You add scope templates from the List DHCP Scope Templates page.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Scope Templates tab. This opens the List DHCP Scope Templates page (see Figure 7-5).

Step 3 Click Add Scope Template. This opens the Add DHCP Scope Template page (see Figure 7-6).

Figure 7-6 Add DHCP Scope Template Page


Data to Enter

Enter or select the fields described in Table 7-4 to add a scope template. The Name field is required. You must also add expressions in the Expression fields. These expressions are evaluated when you create a scope with a template selected or when you apply a scope template to an existing scope. See the "Using Expressions" section section for more details.

Table 7-4 Entries on the Add/Edit DHCP Scope Template Page 

Entry
Description

Name*

Name of the template. Make this name as identifiable as possible. It must be unique.

Scope Name Expression

You can create a scope with this template by entering the scope name (enclosed in quotes) in this field, or you can derived it using an expression (see Table 7-5). The expression must return a string.

Policy

Select an existing policy from the drop-down list. To create a policy, see the "Adding a Policy" section.

Range Expression

You can use an expression to derive IP address ranges when creating a scope using the template. See Table 7-5. The expression must return a range or list of ranges.

Embedded Policy Option Expression

You can use an expression to derive DHCP options to include for the scope template that become part of the scope's embedded policy. See Table 7-5. The expression must return an option or list of options.

Scope Selection Tags

Tag Value

A scope selection tag is an arbitrary tag name associated with clients and client-classes to determine what scope they should belong to. The tag can be any length of characters, but must be unique. Click Add Selection Tag for each tag entered. They appear in the order entered above the button. To delete any tag, click the Delete icon () next to its name. You cannot edit an added tag; you must delete and then recreate it.

Attributes

The attributes are in groups that are initially collapsed on the page. Click the attribute for a help window, or see Table 7-3 (for the equivalent scope attributes).


Using Expressions

You can specify expressions in a scope template to dynamically create scope names, embedded options, and IP address ranges when creating a scope using the template. Expressions can include context variables and operations, described in Table 7-5. Operations must be enclosed in parentheses.

Table 7-5 Scope Template Expression Functions 

Function
Description
Expression Field Used
Context Variable

Examples use subnet address 192.168.50.0/24 in the scope

 

bcast-addr

Derived from the broadcast address in the subnet, such as 192.168.50.255.

Any

first-addr

Derived from the first address in the subnet, such as the first address in 192.168.50.64/26 is 192.168.50.65.

Any

last-addr

Derived from the last address in the subnet, such as the last address in 192.168.50.64/26 is 192.168.50.127.

Any

mask-addr

Derived from the network mask address in the subnet, such as 255.255.255.0.

Any

mask-count

Derived from the number of bits in the network address of the subnet, such as 24.

Scope Name, Embedded Policy Option

naddr

Derived from the number of IP addresses in the subnet, such as 255.

Scope Name

nhosts

Derived number of usable hosts in the subnet, such as 254.

Any

subnet

Derived from the IP address and mask of the subnet, such as 192.168.50.0/24.

Scope Name, Embedded Policy Option

subnet-addr

Derived from the subnet address, such as 192.168.50.0.

Any

template.attr

Attribute of the scope template, such as template.ping-timeout.

Embedded Policy Option

Arithmetic Operation

Arguments must be unsigned integers or variables

(+ arg1 arg2)

Adds the two argument values.

(+ 2 3) 

Any

(- arg1 arg2)

Subtracts the second argument value from the first one. Example: With the ping timeout defined as 100:

(- template.ping-timeout 10) —> 90 

Any

(* arg1 arg2)

Multiplies the values of two arguments.

Any

(% arg1 arg2)

Divides the value of the first argument by that of the second one (which cannot be zero).

Any

Concatenation Operation

Concatenates a literal string, constant, variable, or expression into a string.

(concat arg1... argn)

Concatenates the arguments into a string, to be used in the Scope Name Expression field. With the network defined as 192.168.50.0/24 and the ping timeout defined as 100:

Any

 
(concat "ISP-" subnet) —> ISP-192.168.50.0/24 
(concat subnet "-" (+ template.ping-timeout 10)) —> 192.168.50.0/24-110

Create Option Operation

Adds an operation to the scope's embedded policy.

(create-option opt val)

Creates a new DHCP option for the scope. The first argument can be an integer or string to represent the option number or name. The second argument can be a string or blob to give the option a value.

Embedded Policy Option

 
(create-option "domain-name" "example.com") 
(create-option 3 "10.10.10.1") 
(create-option "routers" "10.10.10.1,10.10.10.2,10.10.10.3") 
(create-option "routers" (create-ipaddr first-addr 10)).

Create Range Operation

Adds an IP address range to the scope template.

(create-range start end)

Creates an IP address range for the scope. The first argument is the start of the address range and can be an integer or IP address string. The second argument is the end of the range and can be an integer or IP address string. Validation ensures that the range must be in the subnet defined by the template and that the first argument value must be lower than the second. An integer value determines the position of the address in the given subnet.

Range

 
((create-range "192.168.50.65" "192.168.50.74") 
(create-range 1 10) —> 192.168.50.65 — 192.168.50.74 

Create IP Operation

Creates an IP address string for the scope template.

(create-ipaddr net nthhost)

Creates an IP address string. The net argument is a subnet string or context variable. The nthhost argument is an integer indicating the nth host in the subnet.

(create-ipaddr subnet 4) 

If the subnet in the example were 192.168.50.0/24, the result would be 192.168.50.4.

Embedded Policy Option, Range

List Operation

Evaluates multiple expressions with the same operation.

(list oper1 ... opern)

Arguments must all be create-option or create-range operations. Nesting is not supported. Examples:

Embedded Policy Option, Range


(list (create-option "routers" "10.10.10.1") (create-option 
"domain-name" "example.com")) 
(list (create-range 1 5) (create-range 10 20)) 


Actions to Take

Click Add Scope Template to add the template, or click Cancel to cancel the operation. You return to the List Scope Templates page, where you can edit or delete the template.

Editing a Scope Template

You can edit a scope template. Note that changing the scope name in the template and reapplying the modified template to an existing scope does not change the scope's name; the name change applies to newly created scopes only.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Scope Templates tab. This opens the List DHCP Scope Templates page (see Figure 7-5).

Step 3 Click the name of the template to edit. This opens the Edit DHCP Scope Template page, which includes the same fields as the Add DHCP Scope Template page (see Figure 7-6), except that it includes an additional Embedded Policy area.


Data to Enter

You can modify or reselect the fields described in Table 7-4. The additional area of the page is the Embedded Policy area, where you can edit the embedded policy for the scope template by clicking Edit Embedded Policy. See the "Editing Embedded Policies" section.

Actions to Take

To unset fields, check the Unset? box and click Unset Fields. To complete editing the scope template attributes, click Modify Scope Template, or click Cancel to cancel the edit.


Note You must click Modify Scope Template to add embedded policies or implement any changes to the scope template properties.


Managing DHCP Policies

DHCP policies allow grouping of lease times and other configuration parameters that a DHCP server communicates to clients. Every scope is associated with at least one policy, and a client-class and client can each be associated with a policy as well.

How to Get There

On the Primary Navigation bar, click the DHCP tab. On the Secondary Navigation bar, click the Policies tab. This opens the List DHCP Policies page (see Figure 7-7). This page automatically includes the default and system_default-policy policies.

Figure 7-7 List DHCP Policies Page

Actions to Take

On the List DHCP Policies page, you can:

Add a policy—Click Add Policy. See the "Adding a Policy" section.

Edit a policy—Click the policy name. See the "Editing a Policy" section.

Delete a policy—Click the Delete icon () next to its name, and confirm or cancel the deletion.

Adding a Policy

Create a policy from the List DHCP Policies page. There are already two policies listed on the page—default and system-default-policy.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Policies tab. This opens the List DHCP Policies page (see Figure 7-7).

Step 3 Click Add Policy. This opens the Add DHCP Policy page (see Figure 7-8).

Figure 7-8 Add DHCP Policy Page


Data to Enter

You can enter or select the fields described in Table 7-6 to add a DHCP policy. The Name field is required.

Table 7-6 Entries on the Add DHCP Policy Page 

Entry
Description

Name*

Name of the policy. Make this name as identifiable as possible. It must be unique.

Offer timeout

If the server offers a lease to a client, but the offer is not accepted, the server will wait this specified number of seconds before making the lease available again. The default is two minutes (2m).

Grace period

Time between the expiration of a lease and the time it is made available for re-assignment. The default is five minutes (5m).

Options:
Number
Value

Add DHCP options to the policy by clicking their numbers and names in the Number drop-down list. The selections indicate the datatype of the option value. Add the appropriate option value in the Value field. The Web UI does error checking based on the value entered. To add each option, click Add Option. To delete an unwanted option, click the Delete icon () next to its number. This immediately deletes the option without confirmation.

Attribute

Click an attribute to open a help window, or see Table 7-7.


Actions to Take

Click Add Policy to add the policy, or click Cancel to cancel the operation. You return to the List DHCP Policies page, where you can edit or delete the policy.

Editing a Policy

You can add DHCP options when you add a policy, or you can do so when you edit the policy.


Caution Be careful editing or deleting the default and system-default-policy policies.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Policies tab. This opens the List DHCP Policies page (see Figure 7-7).

Step 3 Click the name of the policy you want to edit. This opens the Edit DHCP Policy page, which has the identical fields as the Add DHCP Policy page (see Figure 7-8).


Data to Enter

You can modify or reselect the fields described in Table 7-7 to edit a DHCP scope.

Table 7-7 Entries on the Edit DHCP Policy Page 

Entry
Description

Name*

Name of the policy. This field is read-only.

Offer timeout

If the server offers a lease to a client, but the offer is not accepted, the server will wait this specified number of seconds before making the lease available again. Defaults to 2 minutes.

Grace period

Time between the expiration of a lease and the time it is made available for re-assignment. Defaults to 5 minutes.

Options:

Number and
Value

Add DHCP options to the policy by clicking their numbers and names in the Number drop-down list. The selections indicate the datatype of the option value. Add the appropriate option value in the Value field. The Web UI does error checking based on the value entered. To add each option, click Add Option. To delete an unwanted option, click the Delete icon () next to its number. This immediately deletes the option without confirmation.

Attribute

Described as follows, or click the attribute name to open a help window.

bootp-reply-
options

List of the names of options that should be returned in any replies to BOOTP clients. There is no default.

dhcp-reply-
options

List of the options to be returned in any replies to DHCP clients, even if not requested in a dhcp-reply-options option from the DHCP client. There is no default.

packet-file-name

Name of a boot file to be used in a client's boot process, which sets the file field in a DHCP packet. There is no default.

packet-server-
name

Hostname of a server to be used in a client's boot process. The server returns this file name in the sname field of its replies. This value cannot exceed 64 characters. There is no default.

packet-siaddr

IP address of the next server in a client's boot process. There is no default.

unavailable-
timeout

The server makes a lease unavailable for this period of time, after which the lease returns to an available state. If there is no value configured in the system_default_policy policy, the default is 1d.

allow-client-a-
record-update

Whether or not clients can update A records. If the client sets the flags in the fqdn option to indicate that it wants to do the A record update in the request, and if this value is true, the server lets the client do the A record update. Otherwise, based on other server configurations, the server does the A record update. The default is disabled.

allow-dual-zone-
dns-update

Whether or not clients can perform DNS updates into two DNS zones. The default is disabled.

allow-lease-time-
override

Whether or not clients can request a specific lease time. The default is enabled.

inhibit-all-renews

Causes the server to reject all renewal requests, forcing the client to obtain a different address any time it contacts the DHCP server. The default is disabled.

inhibit-renews-
at-reboot

Permits clients to renew their leases, but the server forces them to obtain new addresses each time they reboot. The default is disabled.

limitation-count

Maximum number of clients with the same limitation ID allowed to have currently active (valid) leases. There is no default.

permanent-leases

Whether or not leases for this scope can be permanently granted to requesting clients. The default is disabled.

Deprecated
 

server-lease-time

Time interval for which the server thinks the lease is valid. It might be useful to have the server consider leases leased for a longer period to get more frequent client communication along with the stability of long lease times. This value is not used unless it is longer than the lease time in the dhcp-lease-time attribute found through the normal traversal of policies. There is no default.

split-lease-times

If enabled, the DHCP server may use the value of the server-lease-time attribute internally. Clients are still offered lease times that reflect the configured lease time option from the appropriate policy, but the server bases its decision about expiration on the server-lease-time value. The default is false.


Actions to Take

To unset fields, check the Unset? box and click Unset Fields. To complete editing the policy attributes, click Modify Policy, or click Cancel to cancel the edit.

Managing DHCP Clients

Configuring clients and client-classes and assigning client-classes to clients is an important adjunct to DHCP addressing. This provides differentiated services to users connected to a common network. You can group your user community based on administrative criteria, and then ensure that each user receives the appropriate class of service.

Creating clients, for example, defines the lease period for clients with certain name strings, their address ranges, query service, and host names, and provides denial-of-service to certain hosts. Client-classes organize clients into homogeneous groupings.

How to Get There

On the Primary Navigation bar, click the DHCP tab. On the Secondary Navigation bar, click the Clients tab. This opens the List/Add DHCP Clients page (see Figure 7-9).

Figure 7-9 List/Add DHCP Clients Page

Actions to Take

On the List/Add DHCP Clients page, you can:

Add a client—Add the name of the client and select a client-class, if applicable (see the "Adding a Client-Class" section). Click Add Client.

The client name can be a MAC address, the name default, or some other value. If you want to set the client name to some other value, you must set the DHCP server validate-client-name-as-mac attribute to false.

If you enter the client name and select a client-class, the client appears immediately in the list. You cannot select a client-class without also entering a client name.

If you enter the client name and omit a client-class, you go to the Add DHCP Client page (see "Adding a Client Without a Client-Class"). This also occurs if you leave both fields blank.

Edit a client—Click the client name. See the "Editing a Client" section.

Delete a client—Click the Delete icon () next to its name, and confirm or cancel the deletion.

Adding a Client Without a Client-Class

You create clients from the List/Add DHCP Clients or Add DHCP Client page. If you enter a MAC address and select a client-class on the List/Add DHCP Clients page and click Add Client, you immediately create the client. If you enter only the client name (or leave it blank) on the List/Add DHCP Clients page, you go to the Add DHCP Client page described in this section.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Clients tab. This opens the List DHCP Clients page.

Step 3 Add the name of the client in the Name field or leave the field blank. Do not select the client-class.

Step 4 Click Add Client. This opens the Add DHCP Client page (see Figure 7-10).

Figure 7-10 Add DHCP Client Page


Tip If you entered both a client name and select a client-class, you immediately create the client on the List/Add Clients page.



Data to Enter

You can add or select the fields described in Table 7-8 to add a DHCP client.

Table 7-8 Entries on the Add DHCP Client Page 

Entry
Description

Name

Name of the client. You can change the name to a MAC address, the name default, or some other value. If you want to set the client name to some other value, you must set the DHCP server validate-client-name-as-mac attribute to false.

Client-class name

Client-class to which the client belongs. See the "Managing DHCP Client-Classes" section.

Host name

Host name of the client.

Domain name

Fully qualified domain name of the client.

Policy name

Policy to which the client belongs. See "Managing DHCP Policies" section.

Attribute

See Table 7-9, or click an attribute to open a help window.


Actions to Take

Click Add Client to add the client, or Cancel to cancel.

Editing a Client

Editing a client provides further field additions and allows you to change the ones already set.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Clients tab. This opens the List DHCP Clients page (see Figure 7-9).

Step 3 Click the MAC address of the client you want to edit. This opens the Edit DHCP Client page, which includes the same fields as the Add DHCP Client page (see Figure 7-10), except that it also includes an additional Embedded Policy area.


Data to Enter

You can modify or reselect the fields described in Table 7-9 to edit a DHCP client.

Table 7-9 Entries on the Edit DHCP Clients Page 

Entry
Description

Name

Name of the client. This field is read-only.

Client-class name

Client-class to which the client belongs. See the "Managing DHCP Client-Classes" section.

Host name

Host name of the client.

Domain name

Fully qualified domain name of the client.

Policy name

Policy to which the client belongs. See "Managing DHCP Policies" section.

Embedded Policy

Implicitly created when you create a client. However, you can edit this embedded policy. Click Edit Embedded Policy. This opens the Edit DHCP Embedded Policy for Client page. See the "Editing Embedded Policies" section.

Attribute
 

selection-criteria

All of the criteria in this list must appear in the scope selection tags for a scope to be considered acceptable to this client. There is no default.

selection-criteria-
excluded

None of the criteria in this list may appear in a scope selection tags for that scope to be considerable acceptable. There is no default.

action

Action to take for this client. There is no default. Check one of the boxes:

exclude—Server ignores all communication from this client. If you use the command on the default client, only a client specifically registered through the client command can communicate with the server.

one-shot—Server fails to renew or re-offer any lease made to a client that specified this action string (either directly or in a client-class entry). Use this action to allocate provisional addresses, which are useful in cases where you want an unknown client to have an address for only a short time.

(use-release-grace-period—Server delays the effect of DHCPRELEASE messages that the client sends. A release-grace-period for the policy specifies the delay time. During the grace period, the client's lease is not available for any other client.

none—No action)

over-limit-client-
class-name

Name of the client-class to use if this client is over the limit allowed for the number of simultaneous active leases with a common limitation ID. See the limitation-id attribute and the policy's limitation-count attribute. There is no default.

default-
namespace

Namespace to put this client in if it does not supply a a vpn-id (or vrf-name) value. There is no default.

override-
namespace

The namespace to put this client, no matter what it provides for a vpn-id (or vrf-name) value. There is no default.

authenticate-until

Time (in local time) until which to authenticate the client. There is no default.

unauthenticated-
client-class-name

Name of the client-class to use if this client is no longer authenticated. There is no default.

user-defined

Opaque user-defined string that can be set and queried. This attribute has no effect on the operation of the DHCP server. There is no default.


Actions to Take

To unset fields, check the Unset? box and click Unset Fields. To complete editing the client attributes, click Modify Client, or click Cancel to cancel the edit.

Managing DHCP Client-Classes

Client-classes organize clients into homogeneous groupings. You can set lease times and other attributes on the client-class that then get applied to each client in that class. Like clients, you can associate policies with them.

How to Get There

On the Primary Navigation bar, click the DHCP tab. On the Secondary Navigation bar, click the Client-Classes tab. This opens the List DHCP Client-Classes page (see Figure 7-11).

Figure 7-11 List DHCP Client-Classes Page

Actions to Take

On the List DHCP Client-Classes page, you can:

Add a client-class—Click Add Client-Class. See the "Adding a Client-Class" section.

Edit a client-class—Click the client-class name. See the "Editing a Client-Class" section.

Delete a client-class—Click the Delete icon () next to its name, and confirm or cancel the deletion.

Adding a Client-Class

You create client-classes from the List DHCP Client-Classes page.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Client-Classes tab. This opens the List DHCP Client-Classes page (see Figure 7-11).

Step 3 Click Add Client-Class. This opens the Add DHCP Client-Class page (see Figure 7-12).

Figure 7-12 Add DHCP Client-Class Page


Data to Enter

You can enter or select the fields described in Table 7-10 to add a DHCP client-class.

Table 7-10 Entries on the Add DHCP Client-Class Page 

Entry
Description

Name

Name of the client-class. Make this name as identifiable as possible. It must be unique.

Host name

Hostname to replace any host-name DHCP option value the client sends.

Domain name

Fully qualified domain name of the zone to use when performing DNS updates. Places the client`s A record in this zone.

Policy name

Policy to add to the DHCP policy search list for this client. Click in the drop-down list of exiting policies. See "Managing DHCP Policies" section.

Attribute

See Table 7-11, or click an attribute to open a help window.


Actions to Take

Click Add Client-Class to add the client, or click Cancel to cancel the operation. You return to the List DHCP Client-Classes page, where you can edit or delete the client.

Editing a Client-Class

You edit a client-class from the Edit DHCP Client-Class page. This also includes editing the client-class's embedded policy.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Client-Classes tab. This opens the List DHCP Client-Classes page (see Figure 7-11).

Step 3 Click the name of the client-class you want to edit. This opens the Edit DHCP Client-Class page, which includes the same fields as the Add DHCP Client-Class page (see Figure 7-12), except that it also includes an Embedded Policy area.


Data to Enter

You can modify or reselect the fields described in Table 7-11 to edit a DHCP client-class.

Table 7-11 Entries on the Edit DHCP Client-Class Page 

Entry
Description

Name

Name of the client-class. Make this name as identifiable as possible. It must be unique.

Host name

Hostname to replace any host-name DHCP option value the client sends.

Domain name

Fully qualified domain name of the zone to use when performing DNS updates. Places the client`s A record in this zone.

Policy name

Policy to add to the DHCP policy search list for this client. Click in the drop-down list of exiting policies. See "Managing DHCP Policies" section.

Embedded Policy

Implicitly created when you create a client-class. However, you can edit it. Click Edit Embedded Policy. This opens the Edit DHCP Embedded Policy for Client-Class page. See the "Editing Embedded Policies" section.

Attribute

These attributes are described here, or click an attribute to open a help window.

selection-criteria

All of the criteria in this list must appear in the scope selection tags for a scope to be considered acceptable to this client. There is no default.

selection-criteria-
excluded

None of the criteria in this list may appear in a scope selection tags for that scope to be considerable acceptable. There is no default.

action

Action to take for this client-class. There is no default. Check one of the boxes:

exclude—Server ignores all communication from this client. If you use the command on the default client (client default action=exclude), only a client specifically registered through the client command can communicate with the server.

one-shot—Server fails to renew or re-offer any lease made to a client that specified this action string (either directly or in a client-class entry). Use this action to allocate provisional addresses, which are useful in cases where you want an unknown client to have an address for only a short time.

use-release-grace-period—Server delays the effect of DHCPRELEASE messages that the client sends. A release-grace-period for the policy specifies the delay time. During the grace period, the client's lease is not available for any other client.

none—No action

limitation-id

Expression that evaluates to a blob (or a string used as a blob). The result relates together leases for which there are a maximum limit on the number of simultaneous active leases allowed. The limit is configured in a policy, using the limitation-count attribute. See also the over-limit-client-class-name attribute. There is no default.

over-limit-client-
class-name

Name of the client-class to use if this client is over the limit allowed for the number of simultaneous active leases with a common limitation ID. See the limitation-id attribute and the policy's limitation-count attribute. There is no default.

client-lookup-id

Expression that evaluates to a string (or a blob that is a valid string). The result is the key used to look up the client in the client database, either locally or through LDAP. There is no default.

default-
namespace

Namespace to put this client in if it does not supply a vpn-id (or vrf-name) value. There is no default.

override-
namespace

The namespace to put this client, no matter what it provides for a vpn-id (or vrf-name) value. There is no default.

authenticate-until

Time (in local time) until which to authenticate the client. There is no default.

user-defined

Opaque user-defined string that can be set and queried. This attribute has no effect on the operation of the DHCP server. There is no default.


Actions to Take

To unset fields, check the Unset? box and click Unset Fields. To complete editing the client attributes, click Modify Client-Class, or click Cancel to cancel the edit.

Editing Embedded Policies

You can edit the embedded policy for a scope, scope template, client, and client-class. An embedded policy is implicitly created when you create one of these objects. You need to specify an offer timeout, grace period, and server lease time value for the embedded policy. You can also add DHCP options and further attributes for the embedded policy.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Scopes, Scope Templates, Clients, or Client-Classes tab.

Step 3 Click the name of a scope, template, client, or client-class to open the Edit page for that object.

Step 4 Click Edit Embedded Policy under the Embedded Policy section of the page. This opens the Edit DHCP Embedded Policy page for the object (see Figure 7-13 for a client-class embedded policy).

Figure 7-13 Edit DHCP Embedded Policy Page


Data to Enter

The fields and selections you can modify or reselect for an embedded policy are the same as for modifying a policy, as described in Table 7-7.

Actions to Take

To unset fields, check the Unset? box and click Unset Fields. To complete editing the embedded policy attributes, click Modify Embedded Policy, or click Cancel to cancel the edit.


Note You must click Modify... on the next page that comes up to implement the embedded policy changes.


Managing DHCP Networks

When you create a scope in the Web UI, this creates a network based on the subnet and mask you specify for the scope. Scopes can shared the same subnet, so it is often convenient to show the networks and the scopes associated with them. You can also edit the name of any created network.

Listing Networks

The List Networks page lets you list the networks created by scopes and determine to which scopes the networks relate. The networks are listed by name, which the Web UI creates from the subnet and mask. On this page, you can expand and collapse the networks to show or hide their associated scopes.

How to Get There

On the Primary Navigation bar, click the DHCP tab. On the Secondary Navigation bar, click the Networks tab. This opens the List Networks page (see Figure 7-14).

Figure 7-14 List Networks Page

Actions to Take

On the List Networks page, you can:

List the networks—The networks appear alphabetically by name and identify their subnet and any assigned scope selection tags. Click the + sign next to a network to expand the view to show the associated scopes. To expand all the network views, click Expand All; to collapse all the network views to show just the network names, click Collapse All.

Edit a network name—Click the network name. See the "Editing a Network" section.

Editing a Network

You can edit a network name. The original name is based on the subnet and mask as specified in the scope. You can change this name to an arbitrary but descriptive string.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Network tab. This opens the List Networks page (see Figure 7-14).

Step 3 Click the name of the network you want to edit. This opens the Edit Network page (see Figure 7-15).

Figure 7-15 Edit Network Page


Actions to Take

After you edit a network name, click Modify Network, or click Cancel to cancel the edit.

Managing DHCP Failover

You can use the Network Registrar Web UI to manage DHCP failover server pairs. Failover pairs are main and backup DHCP servers that interact in a failover configuration, with the backup server taking over in leasing addresses to clients if the main server is down.


Note This feature replaces the functionality previous performed by the cnrFailoverConfig utility.


The types of configuration options currently supported by managing failover server pairs are:

Policy properties and DHCP options, including vendor-specific options

DHCP server properties

Scope properties and ranges

Reservations

Clients and client-classes

Scope selection tags

Extensions

To add a failover pair, you must set the failover attributes on the DHCP server or scope level. See the "Adding a Failover Pair" section. You should always reload the main server after you make configuration changes, and reload the backup server after you synchronize the failover pairs.

Adding a Failover Pair

Network Registrar adds failover pairs when you configure main and backup failover servers in two ways:

For the server—See the "Configuring Failover for the Server" section.

For the applicable scopes—See the "Configuring Failover for Scopes" section.

Configuring Failover for the Server

One of two failover configuration methods is to set up failover on the server level.

How to Get There

On the Primary Navigation bar, click the DHCP tab. On the Secondary Navigation bar, click the DHCP Server tab. This opens the Edit DHCP Server page (see Figure 7-17).

Attributes to Set

Set these DHCP server attributes:

Failover Settings—Click the on radio button.

Main Server—Enter the IP address of the main DHCP server in the failover pair.

Backup Server—Enter the IP address of the backup DHCP server in the failover pair.


Note You must specify both a main and backup server address.


You can accept the other failover settings as they are, unless you have reason to change them.

Actions to Take

After you make these attribute settings:

1. Click Modify Server at the bottom of the page.

2. Go the Manage DHCP Server page and reload the server. See the "Managing the DHCP Server" section.

To unconfigure failover, turn the Failover Settings to off, then reload the server.

Configuring Failover for Scopes

The second of the two failover configuration methods is to set up failover for each applicable scope.

How to Get There

On the Primary Navigation bar, click the DHCP tab. On the Secondary Navigation bar, click the Scopes tab. This opens the List/Add DHCP Scopes page (see Figure 7-1). Select the applicable scope on this page, or create one for the purpose.

Attributes to Set

On the Edit DHCP Scope page, set the attributes in the Failover category described in Table 7-12.

Table 7-12 Scope Failover Attributes 

Attribute
Description

Failover Setting

Click scope-enabled in the drop-down box, or accept use-server-settings if the DHCP server is failover-enabled (see the "Configuring Failover for the Server" section).

Main Server

Enter the IP address of the main DHCP server in the failover pair.

Backup Server

Enter the IP address of the backup DHCP server in the failover pair.

Backup Percentage

Enter the typical backup percentage value of 10%, or leave it blank.



Note You must specify both a main and backup server address.


Actions to Take

After you make these attribute settings:

1. Click Modify Scope at the bottom of the page.

2. Go the Manage DHCP Server page and reload the server. See the "Managing the DHCP Server" section.

To unconfigure failover for the scope, set the Failover Settings to scope-disabled, or set it to use-server-settings with the server failover setting turn to off. Then, reload the server

Listing Failover Pairs

The List DHCP Failover Pairs page lets you list the DHCP failover server pairs.

How to Get There

On the Primary Navigation bar, click the DHCP tab. On the Secondary Navigation bar, click the Failover tab. This opens the List DHCP Failover Pairs page.

Actions to Take

On the List DHCP Failover Pairs page, you can:

Edit a failover pair—Click its name. See the "Editing a Failover Pair" section.

Synchronize the failover pair—Click the Run icon () in the Synchronize column. See the "Synchronizing the Failover Servers and Running a Report" section.

Run a report on the synchronization—Click the Report icon () in the Synchronize column. See the "Synchronizing the Failover Servers and Running a Report" section.

Manage the DHCP server—Click the View icon () in the Manage Servers column. See the "Managing the Failover Servers" section.

Delete an unreferenced failover pair—Click the Delete icon () next to its name, and confirm or cancel the deletion. You cannot delete a failover pair that is currently being referenced. The Delete icon appears only if the failover configuration was turned off for either the server or all relevant scopes. There may be additional cleanup operations to make on the backup server.

Editing a Failover Pair

The Edit DHCP Failover Pair page lets you edit a DHCP failover pair.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Failover tab. This opens the List DHCP Failover Pairs page.

Step 3 Click the name of a failover pair. This opens the Edit DHCP Failover Pair page.


Data to Enter

Use the fields described in Table 7-13 to edit a failover pair.

Table 7-13 Entries on the Edit Failover Pair Page 

Entry
Description

Name

Name of the failover pair. Enter a value that is unique, yet reflects the failover pair's use. It can be any character string of any length, but it is best to keep it as short as possible while still making it unique. Required.

Main Server

Main DHCP server. You cannot modify this value.

Backup Server

Backup DHCP server. You cannot modify this value.

Server Default

Whether to use the attribute values of the server. The default is true.

Attribute

These attributes are described here, or click an attribute to open a help window.

remote-username

User name to access the backup server. Required.

remote-password

Password to the backup server. Required.

remote-scp-port

CCM SCP port number to communicate with the target failover server. (Note that this port number is required.) Check the target system for this port number, which is set during Network Registrar installation. On Windows systems, the installation sets the CNR_CCM_PORT registry key. On Solaris and Linux systems, the installation sets the CNR_CCM_PORT variable in the install-dir/conf/aic.conf file. The default is 1234. Required.


Actions to Take

To unset fields, check the Unset? box and click Unset Fields. To complete editing a failover pair, click Modify Failover, or click Cancel to cancel the edit. Also reload the main server from the Manage DHCP Server page.

Synchronizing the Failover Servers and Running a Report

You can synchronize the failover server pairs and run a report on the synchronization from the List DHCP Failover Pairs page. You can do so from the main server only; it is disabled on the backup server.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Failover tab. This opens the List DHCP Failover Pairs page.

Step 3 Click the Run icon () in the Synchronize column next to the pair name. This synchronizes the pair and opens the Run Synchronize Failover Pair page. If you click the Report icon () in the Synchronize column, this opens the Report Synchronize Failover Pair page, which has the same content as the Run Synchronize Failover Pair page.

Step 4 Select the synchronization operation, depending on the degree to which you want the main server's property values to replace those of the backup server. There are three basic operations:

Update—This is the default and least radical operation. It is appropriate for update synchronizations in that it has the least effect on the unique properties of the backup server.

Complete—This operation is appropriate for all initial synchronizations. It is more complete than an update operation, while still preserving many of the backup server's unique properties, such as are required for back office failover configurations.

Exact—This operation is appropriate for initial basic and symmetrical failover configurations, and is not appropriate for back office configurations. It makes the two servers as much as possible mirror images of each other, although it retains unique DHCP server, LDAP event services, and extension points on the backup server.

Each operation performs a different mix of functions on the failover properties, as described in Table 7-14. There are four functions, with examples based on these property name-value pairs:

On the main server: On the backup server:
Name1=A Name2=B
Name2=C Name3=D

no change—Makes no change to the list of properties or their values on the backup server. For the example, the result would be Name2=B, Name3=D.

ensure—Ensures that a copy of the main server property exists on the backup server, but does not replace its value. For the example, the result would be Name1=A, Name2=B, Name3=D.

replace—Replaces the value of a property that the two servers have in common with that of the main server. For the example, the result would be Name1=A, Name2=C, Name3=D.

exact—Puts an exact copy of the main server's list of properties and values on the backup server and removes the unique ones. For the example, the result would be Name1=A, Name2=C.


Table 7-14 Synchronization Functions Based on Update, Complete, or Exact Operations 

Data Description
Update
Complete
Exact

DHCP Server (server level failover pair):

Client Class Properties
Failover Properties
Failover Tuning Properties
Dynamic DNS Security Properties

(See the Web UI online help for the full list of properties affected.)

replace

replace

replace

All other Properties

no change

replace

replace

LDAP Event Service

no change

replace

replace

Policy:

Option-list Property
All other Properties

ensure
replace

replace
replace

exact
exact

Client

replace

replace

exact

ClientClass

replace

replace

exact

Scopes (related to failover pair)

exact

exact

exact

Namespace

replace

replace

exact

Key

replace

replace

exact

Extensions

Note You must manually copy over the extension files.

ensure

replace

exact

Extension Point

no change

replace

replace

Option Information:

Custom options list
Vendor options list
Option-Data-types list

ensure

exact

exact


Actions to Take

On this page, click Run, Report, or Cancel:

Click Run to run the synchronization. The resulting View DHCP Failover Pair Sync Report page shows what change entries the synchronization added. To return to the List DHCP Failover Pairs page, click Return to Failover Pair List.

Click Report to generate the report of the intended synchronization actions. The resulting View DHCP Failover Pair Sync Report page shows what change entries the synchronization will apply if you run the synchronization. A Run Update, Run Complete, or Run Exact button indicates what kind of synchronization you want to perform. Click this button or Return to Failover Pair List. You return to the List DHCP Failover Pairs page.


Note After synchronizing, reload the backup DHCP server (see the "Managing the Failover Servers" section). The synchronization essentially sets the properties on the backup, but a physical reload is still required.


Managing the Failover Servers

You can manage the failover server pairs on the Manage DHCP Failover Servers page. You can do so from the main server only; it is disabled on the backup server.


Note If you find a server error, investigate the server log file for a configuration error, correct the error, return to this page, reload the server, and refresh the page.


How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the Failover tab. This opens the List DHCP Failover Pairs page.

Step 3 Click the View icon () in the Manage Servers column. This opens the Manage DHCP Failover Servers page.

Step 4 After synchronizing the servers, always reload the backup server on this page.


Actions to Take

Table 7-15 describes the columns and functions on the Manage DHCP Failover Servers page. The page indicates when it was last refreshed. To move from this page, click another Navigation bar tab.

Table 7-15 Columns on the Manage DHCP Failover Servers Page 

Column
Description

Name

Name of the failover server. Click the name to edit the server attributes. See the ".Editing DHCP Server Attributes" section.

State

State of the server—initialized, running, or disabled. If the Web UI cannot determine the state, a question mark (?) appears.

Health

Relative health of the server, as a color indicator: () for optimal health, () for less than optimal health, and () for stopped. The numbers in parentheses range from 0 (stopped) to 10 (optimum health). If the Web UI cannot determine the server's health, a question mark (?) appears. Note that the server is healthy only if at least one scope of addresses exists.

Statistics

Click the Report () icon to view statistics for the server. This opens the Statistics for Server page, which shows statistics relevant to the server. You can refresh the statistics using the Refresh icon (). To return to managing the server, click Return to Manage DHCP Server on that page. Each statistic item is described in the help window when you click the item name.

View Log

Click the Logs () icon to view the log files for the server. This opens the Log for Server page, which lists the log items for the particular server ordered by date and time. You can step through the log using the arrow keys and change the number of items shown by clicking Change Page Size. You can display the log items in two different ways, a tabular format and in the log file format (which you can better use for cutting-and-pasting to a text file). Toggle between these two display modes using the Logs () icon on the Log for Server page. To return to managing the server, click Return to Manage DHCP Server on that page.

Start/Stop/
Reload

Click the Start icon () to start or restart the server, click the Stop icon () to stop the server, or click the Refresh icon () to reload the server. If the function is unsuccessful, a red X appears in the column.

Note Reload the backup server after a synchronization. This is not done automatically.


Managing the DHCP Server

You can manage the DHCP server, including viewing its health, statistics; starting, stopping, and reloading it; and editing its attributes.

Managing the Server Status

You can view the server status and health, and stop, start, and reload the server.

How to Get There

On the Primary Navigation bar, click the DHCP tab. On the Secondary Navigation bar, click the DHCP Server tab. This opens the Manage DHCP Server page (see Figure 7-16).


Note If you find a server error, investigate the server log file for a configuration error, correct the error, return to this page, reload the server, and refresh the page.


Figure 7-16 Manage DHCP Server Page

Actions to Take

Table 7-16 describes the columns and functions on this page. The page indicates when it was last refreshed. To move from this page, click another Navigation bar tab

Table 7-16 Columns on the Manage DHCP Server Page 

Column
Description

Name

Name of the DHCP server. Click the name to edit the server attributes. See the ".Editing DHCP Server Attributes" section.

State

State of the server—initialized, running, or disabled. If the Web UI cannot determine the state, a question mark (?) appears.

Health

Relative health of the server, as a color indicator: () for optimal health, () for less than optimal health, and () for stopped. The numbers in parentheses range from 0 (stopped) to 10 (optimum health). If the Web UI cannot determine the server's health, a question mark (?) appears.

Statistics

Click the Report () icon to view statistics for the server. This opens the Statistics for Server page, which shows statistics relevant to the server. You can refresh the statistics using the Refresh icon (). To return to managing the server, click Return to Manage DHCP Server on that page. Each statistic item is described in the help window when you click the item name.

View Log

Click the Logs () icon to view the log files for the server. This opens the Log for Server page, which lists the log items for the particular server ordered by date and time. You can step through the log using the arrow keys and change the number of items shown by clicking Change Page Size. You can display the log items in two different ways, a tabular format and log format (better used for cutting-and-pasting to a text file). Toggle between these two display modes using the Logs () icon on the Log for Server page. To return to managing the server, click Return to Manage DHCP Server on that page.

Start/Stop/
Reload

Click the Start icon () to start or restart the server, click the Stop icon () to stop the server, or click the Refresh icon () to reload the server. If the function is unsuccessful, a red X appears in the column. Always reload the server after every configuration change.


.Editing DHCP Server Attributes

You can directly edit the attributes of the DHCP server. This is essential, for example, if you are configuring DHCP failover between two servers.

How to Get There


Step 1 On the Primary Navigation bar, click the DHCP tab.

Step 2 On the Secondary Navigation bar, click the DHCP Server tab to open the Manage DHCP Server page.

Step 3 Click the name of the server. This opens the Edit DHCP Server page (see Figure 7-17).

Figure 7-17 Edit DHCP Server Page


Actions to Take

On the Edit DHCP Server page, you can:

Unset fields—Check the Unset? box and click Unset Fields.

Modify the server—Modify the attributes and click Modify Server, or Cancel to cancel the modification. See Table 7-17 for a description of the attributes.

Table 7-17 Attributes on the Edit DHCP Server Page 

Attribute
Description
Logging

log-settings

Determines which events to log in the log files. Logging additional detail about events can help analyze a problem. However, leaving detailed logging enabled for a long period can fill up the log files. Defaults are default, incoming-packets, and missing-options. The logging categories are:

default—Logs at a low level in several parts of the DHCP server. Default enabled.

incoming-packets—Logs a single line for every incoming packet. This setting is especially useful when you initially configure a DHCP server or BOOTP relay, in that an immediate positive indication exists that the DHCP server receives packets. Default enabled.

 

missing-options—Logs when a policy does not include an option a DHCP client requests, to that the DHCP server cannot supply it. Default enabled.

incoming-packet-detail—Logs the contents of every DHCP packet received by the DHCP server in human readable form. This setting enables the built-in DHCP packet sniffer for input packets. The log files fill up (and turn over) very rapidly when you enable this setting. It also causes a significant performance impact on the DHCP server, and should not be enabled for long.

outgoing-packet-detail—Logs the contents of every DHCP packet transmitted by the DHCP server in a human readable form. Enables the built-in DHCP packet sniffer for output packets. The log files fill up (and turn over) very rapidly when this setting is enabled. Enabling this setting also causes a performance impact on the DHCP server because of the volume of outgoing packets so you should not leave it enabled for long.

unknown-criteria—Logs a single line when the DHCP server finds a client entry that specifies a selection-criteria or selection-criteria-excluded that is not found in any scope appropriate for that client's current network location.

dns-update-detail—Provides additional log messages for all DNS operations. This flag is helpful in diagnosing problems in dynamic DNS operations.

client-detail—Logs every client-class client lookup operation. This line shows all the data found for the client as well as the data found in the client's client-class. This is useful when setting up a client-class configuration and for debugging problems in client-class processing.

client-criteria-processing—Logs when the server examines a scope to find an available lease or to determine if a lease is still acceptable for a client who already has one. This setting can be useful when configuring or debugging client-class scope criteria processing. It logs a moderate amount of data, so you should not leave it enabled for long.

failover-detail—Logs failover protocol operations and state transitions. Setting this does not place a significant load on the server.

ldap-query-detail—Logs when the DHCP server initiates a query to an LDAP server, receives a response from an LDAP server, or retrieves a query result or an error message from an LDAP server.

ldap-update-detail—Logs when the DHCP server sends a lease update request to an LDAP server, receives a response from an LDAP server, or a retrieves a result or error message from an LDAP server.

ldap-create-detail—Logs when the DHCP server sends a request creating a lease state entry to an LDAP server, receives a response from an LDAP server, or retrieves a result or error message from an LDAP server.

leasequery—Logs LEASEQUERY packets without internal errors, and when a lease query results in an acknowledgement (ACK) or negative acknowledgement (NAK) message.

 

dropped-waiting-packets—Logs when the system drops packets due to the setting of the max-waiting-packets DHCP attribute. The server may drop packets if the queue length for any IP address exceeds the value of the max-waiting-packets attribute. If the dropped-waiting-packets attribute is enabled, the server logs a message whenever it drops a waiting packet from the queue for an IP address.

no-success-messages—Prevents logging the single line message normally logged for every successful outgoing DHCP response packet. This affects logging for only successful outgoing DHCP response packets. This log setting can greatly increase server performance.

no-dropped-dhcp-packets—Prevents logging the single line message normally logged for every DHCP packet dropped due to DHCP configuration. See the no-invalid-packets flag for messages associated with packets dropped because they are invalid.

no-dropped-bootp-packets—Prevents logging the single line message normally logged for every dropped BOOTP packet.

no-failover-activity—Prevents logging normal activity messages and some warning messages logged for failover. Serious error log messages continue to appear independently of this log setting.

activity-summary—Provides a summary of DHCP server activities over time, by default every five minutes. This is useful when you enable many of the no-xxx log settings because it provides some indication of the activity in the server without imposing the load required for a log message corresponding to each DHCP message. Configure the frequency for these messages using the activity-summary-interval attribute.

no-invalid-packets—Prevents logging the single line message normally logged for every DHCP packet dropped for being invalid. See the no-dropped-dhcp-packets flag for messages associated with packets dropped because of the DHCP server configuration.

no-reduce-logging-when-busy—Logs when the server is very busy. Normally, the DHCP server reduces logging when it becomes very busy, such as when it uses over two-thirds of the available receive buffers (which is itself a configurable value). To do this, it sets the no-success-messages, no-dropped-dhcp-packet, no-dropped-bootp-packets, no-failover-activity, and no-invalid-packet flags and clears everything else except the activity-summary flag. When it is no longer very busy, such as when only one-third of the available receive buffers used, the server restores the previous settings. Setting this flag prevents Network Registrar from taking these actions.

no-timeouts—Prevents logging messages associated with the timeout of leases or offers.

minimal-config-info—Reduces the number of configuration messages that Network Registrar logs when the server starts or reloads. In particular, the server does not log a message for every scope when this flag is set.

 

no-failover-conflict— Prevents logging warnings about potential conflicts between failover partners, but still logs errors. Setting this log setting can greatly reduce the amount of logging produced by a failover without losing the errors.

Dynamic DNS

dns-timeout

Time, in milliseconds, that the DHCP server waits for a response before retrying a dynamic DNS request. Default 60000ms (1m).

force-dns-updates

Controls whether the DHCP server retries a dynamic DNS update whenever a client renews its lease, even if the server thinks that the update was already completed successfully. Default false.

max-dns-packets

Number of DNS packet buffers that the DHCP server allocates for sending dynamic updates to the DNS server. You can reduce the DHCP server's memory requirement by reducing the number of DNS packets, at the risk of missing updates. Default 500.

max-dns-renaming-
retries

Number of times that the DHCP server can try to add a host in DNS even if it detects that the host's name is already present. This controls the number of times the DHCP server tries to modify a host's name to resolve a conflict on each failed update. Default 3.

max-dns-retries

Number of times that the server tries to send dynamic updates to a DNS server. Default 3.

max-dns-ttl

Time to live (TTL) ceiling, in seconds, for DNS records added through dynamic DNS. When the DHCP server adds a DNS record, it sets the TTL to less than one-third of the lease time, or this ceiling value. Note that the DNS record's effective TTL could actually be the zone's minimum TTL. Default 86400s (24 h).

update-dns-for-bootp

If the server replies to a BOOTP request and offers a lease from a scope that is configured for DNS updates, the DHCP server checks this attribute before beginning the update. You can use this attribute to prevent DNS updates for BOOTP clients, while allowing updates for DHCP clients. Default enabled.

use-dns-update-
prereqs

By default, the DHCP server uses prerequisites in its DNS update messages when it is performing DNS updates on behalf of clients. If disabled, the server does not include prerequisites. Without them, the server associates the last client who uses a given domain name with that name, even if another client was already associated with it. Default true.

synthesize-reverse-
zone

Controls whether the DHCP server automatically generates the name of the reverse zone (in-addr.arpa) that is updated with PTR records. If this attribute is enabled and the scope does not have an explicit dns-reverse-zone-name attribute configured, the server uses the leased IP address and dns-host-bytes attribute on a scope to generate the reverse zone name. Default true.

trim-host-name

Controls whether the DHCP server trims the host-name string to the first period character (used to update dynamic DNS update records and to return the host-name option to clients). If this attribute is enabled, the host-name is truncated before the period. If disabled, the server retains the period characters in the host-name. Default true.

Dynamic DNS Security

dynamic-dns-tsig

Controls whether transaction signatures (TSIG) are used for DNS updates for leases from this server. Default is disable-fwd-and-rev. The options are:

enable-fwd-and-rev—Use TSIG for forward and reverse zone updates.

disable-fwd-and-rev—Do not use TSIG for forward or reverse zone updates (the default).

enable-fwd-only—Use TSIG for forward updates only.

enable-rev-only—Use TSIG for reverse updates alone.

dynamic-dns-fwd-key

Server-wide security key to process all forward zone dynamic DNS updates (the DNS server is specified by the attribute dns-server-addr and the zone name is specified by the dns-zone-name attribute in a scope object). No default.

dynamic-dns-rev-key

Server-wide security key to process all reverse zone dynamic DNS updates (the DNS server is specified by the attribute dns-rev-server-addr and the zone name is specified by the dns-reverse-zone-name attribute in a scope object). No default.

Client Host Name Processing

use-host-name

Controls whether the system examines the host-name option for the hostname. Disable this attribute if you do not want the server to determine a hostname from this option, possibly because the client is sending unexpected or "junk" characters. Default enabled.

use-client-fqdn

Controls whether the system examines the client-fqdn (fully qualified domain name) option for the hostname. If there are characters after the first dot in a client-fqdn option, the server ignores them because it determines the domain from the scope. Set this attribute to false if you do not want the server to determine a hostname from this option, possibly because the client is sending unexpected characters. Default enabled.

use-client-fqdn-first

Controls whether the system examines the client-fqdn option on incoming packets first, before the host-name option, when determining a hostname for a client. If there is a client-fqdn option with a hostname specified, the system uses that hostname. If the system finds no client-fqdn option in the incoming packet, the system uses the host-name option. If the use-client-fqdn-first parameter is set to false, the system examines the host-name option first and uses any name found in that option. If that option does not appear, it examines the client-fqdn option for a hostname. Default enabled.

return-client-fqdn-
if-asked

Controls whether the system returns the client-fqdn (fully qualified domain name) option to the client in the outgoing packet if the client requests it in the parameter request list. For example, the client may want to know the status of the DNS activity. The system always sets the flags in the option to 0x3 and the RCODE1 and RCODE2 to 255. It also sends back whatever string was sent in, even if the use-client-fqdn attribute is turned off and no matter what the actual name is (or may ultimately be) in DNS. Default enabled.

Failover

Failover Settings

Controls whether all scopes that use the server's failover configuration can engage in failover. See the Network Registrar User's Guide for a description of the attribute states. If disabled (the default), those scopes with failover explicitly enabled for the scope are still available for failover. Default off.

Main Server

With failover enabled, the DNS name or IP address of the main server associated with all scopes where the failover-main-server is not set. If the DNS name resolves to the IP address of the current server, this server operates as the main server for all of these scopes. It is an error if both the main and backup server names resolve to addresses on the same server. No default.

Backup Server

With failover enabled, the DNS name or IP address of the backup server associated with all scopes if you did not use the scope name set failover-backup-server command. If the DNS name resolves to the IP address of the current server, this server operates as the backup server for all of these scopes. It is an error if both the main and backup server names resolve to addresses on the same server. No default.

Backup Percentage

With failover enabled, the percentage of currently available (unleased) addresses that the main server should send to the backup server to allocate to new DHCP clients when the main server is down. The value is only meaningful for the main server. Default 10%.

Maximum Client Lead Time

With failover enabled, the maximum client lead time (MCLT), in seconds. The MCLT is the maximum time that one server can extend a client's lease beyond what its partner knows it to be. You must define the MCLT on the main server, which communicates it to its partner. It is ignored on a backup server. Default 60m.

Dynamic BOOTP Backup Percentage

With failover enabled, the percentage of currently available (unreserved) addresses that the main server should send to the backup server for scopes set with scope name enable bootp. No default.

Use Safe Period

With failover enabled and the failover-use-safe-period attribute set, you must enable the failover-use-safe-period attribute to cause Network Registrar to go into the PARTNER-DOWN state automatically. If you disable this attribute (the default), Network Registrar never goes into the PARTNER-DOWN state automatically. You must then use the explicitly set the partner down. Default disabled.

Safe Period Duration

With failover enabled and the failover-use-safe-period attribute set, the safe period, in seconds. You must define it in the main server. The safe period can differ on the main and backup servers. See the Network Registrar User's Guide for more information. Default 24h.

Failover Tuning

failover-bulking

With failover enabled, controls whether a failover bind update (BNDUPD) contains multiple lease state updates. Affects only the lease state updates that DHCP client activity generates. No default.

failover-lease-period-
factor

With failover enabled, the multiple of the desired lease period used to update the backup server when the main server informs it of a new DHCP client lease period. Default 1.5.

failover-poll-interval

With failover enabled, the polling interval of the failover partners (in seconds) to confirm network connectivity. Default 15s.

failover-poll-timeout

With failover enabled, the interval (in seconds) after which failover partners who cannot communicate know that they lost network connectivity. Default 60s.

failover-recover

With failover enabled, time at which the server performs initialization and goes into RECOVER state. If server A is running, server B issues this command to ask for the state of server A. Dates can be in the -2h (two hours ago, for example) or month day hour:minute[:second] year format. Default none.

Client Class

client-class-lookup-id

Expression to use to determine a client-class solely on data contained in an incoming DHCP client request. The expression must return a string that is the name of a currently configured client-class, otherwise the string <none> must be returned. Any return that is not a string containing the name of a currently configured client-class or is considered an error. No default.

client-class

Controls whether the DHCP server uses the client and client-class configuration properties to affect request processing. Default disabled.

use-ldap-client-data

Controls whether the DHCP server attempts to read client-entry data using the configuration supplied by the ldap command. Default disabled.

append-user-class-
id-to-selection-tag

Meaningful only if setting the map-user-class-id attribute to 1 (map the user class ID to the scope selection tag). If you set this attribute to true (the default), Network Registrar appends the user class ID to existing scope selection tags. If set to false, the user class ID replaces any existing tags. Default true.

map-user-class-id

Determines the handling of user class-id. This attribute is global and is set for all DISCOVER packets. The default is 0 (ignore the user class-id option). The values are:

0—Ignore the user class-id option (default).

1—Map the user class-id option to the scope selection tag.

2—Map the user class-id option to the client-class.

skip-client-lookup

If enabled, causes the DHCP server to skip looking up the client entry for client-class processing. If disabled (the default), the DHCP server looks up the client entry first. Default false.

client-cache-count

Allocates the specified maximum number of clients to the client cache. The DHCP server allocates the amount at startup and frees it up at shutdown. Default 1000.

client-cache-ttl

Time to live for the client cache, in seconds. The DHCP server removes the entries in memory after this period. Default 10s.

validate-client-
name-as-mac

If set, the user interfaces should require that the name of client entries is a valid MAC address (or the literal string default) and should turn the name into the canonical MAC address format (1,6,xx:xx:xx:xx:xx:xx) that the DHCP server uses as the default client entry lookup key. If set to false, the user interfaces allow creating client entries with arbitrary names, which could match the lookup keys generated from the client-lookup-id expression. Default true.

Performance

defer-lease-
extensions

Controls whether the server renews a client's lease that is less than halfway to its expiration. By default, the server defers the lease extension—does not renew the lease, but grants another one while keeping the lease period. This way, the server can avoid extra database updates. However, if a client is more than halfway to expiration, this setting has no effect, and the server extends the lease to the full configured lease period. Default true.

drop-old-packets

Time, in seconds, that a packet can age and still be processed. If the server is very busy, this could delay processing packets in the UDP input queue. The DHCP protocol allows clients to retry packets that are not processed in a few seconds. Therefore, allowing the server to process packets that are older than a few seconds could increase the congestion. If the age of a packet is greater than the value of this attribute when the server processes it, the server drops the packet. Default 4s.

inhibit-busy-
optimization

Controls whether to prevent the server from using optimization to recover from periods of congestion. By default, the DHCP server determines that it is heavily loaded when the number of request packets reaches two-thirds of the total allocated. It logs a message and attempts to recover from the congestion by performing several optimizations. For example, it relaxes the requirement to keep the client's last transaction time updated to the granularity specified by the last-transaction-time-granularity attribute. When the number of request packets drops to one-third of the total allocated, the server logs a message and returns to normal operation. If you enable the inhibit-busy-optimization attribute, the server does not use the optimizations or log the messages when it gets congested. Default false.

last-transaction-
time-granularity

Time, in seconds, that Network Registrar guarantees that the last transaction time is accurate. Do not set this lower than the default of 60 seconds). For optimal performance, set it to a value that is greater than half of your lease interval. Default 60s.

max-waiting-packets

Number of packets that can wait for processing for an address. The server queues only the most recently received n packets (of an address) for processing. If an additional packet associated with that address arrives and n packets are already queued, the server drops the oldest packet and queues the new one. See the dropped-waiting-packets log setting attribute. It also drops duplicate packets (whose XID, client-id, and MAC address are the same as one already queued). If you accept the default of 0, the server processes all packets. Default 0.

collect-performance-
statistics

Controls whether the DHCP server collects statistics for performance monitoring. Default false.

Request and Response Allocations

max-dhcp-requests

Controls the number of buffers the DHCP server allocates for receiving packets from DHCP clients and failover partners. When enabling failover, allocate at least 150 buffers. Up to 1500 buffers could be reasonable for high capacity installations. When buffer size exceeds capacity, a burst of DHCP activity can clog the server with requests that become stale before they are processed. This results in an increasing processing load that can severely degrade performance as clients try to obtain a new lease. A lower buffer setting throttles requests and avoids wasted processing on requests that would otherwise be stale. When using LDAP client lookups, buffers should not exceed the LDAP lookup queue size defined by the total number of LDAP connections and the maximum number of requests allowed for each connection. Set the LDAP queue size to match the LDAP server's capacity to service client lookups. Default 500.

max-dhcp-responses

Number of buffers that the DHCP server allocates for responding to DHCP clients and communicating with failover partners. The number of buffers allocated should be at least two times the number allocated for the max-dhcp-requests attribute. Perhaps as many as several thousand is reasonable in some installations. Default 1000.

Extensions

extension-trace-level

Default value of the extension trace level for every request object. To override this value, set the extension-trace-level in a user-written extension. Setting the level to 0 (the default) causes very little tracing. Setting the level to 3 causes considerable tracing. Default 0.

drop-packet-on-
extension-failure

Controls whether the server drops a packet (if possible) when it encounters a failure in an extension. Default enabled.

Expressions

expression-trace-
level

Trace level to use when executing DHCP expressions. The range is from 0 through 10, 0 being no tracing and 10 the highest amount of tracing:

0—No tracing

1—exp_trace_failures—Failures (including those protected by (try ...))

2—exp_trace_failure_retry—Total failure retries (with trace level = 6 for retry)

3—exp_trace_calls_returns—Function calls and returns

5—exp_trace_args—Function arguments evaluation

6—exp_trace_print_args—Print function arguments

8—exp_trace_conversions—Datatype conversions

10—exp_trace_all—Everything

There is considerable performance penalty to any setting beside 0, 1, or 2. The setting of 1 only traces when there is a failure in an expression. The default setting of 2 re-executes evaluating an expression that fails at the outermost level with the expression-trace-level=10 for the duration of the re-execution, to provide maximum debugging assistance. Optional, default 2.

expression-
configuration-trace-
level

Trace level to use when configuring DHCP expressions. The range is from 0 through 10, 0 being the lowest amount of tracing and 10 the highest:

0—No additional tracing

2—exp_config_trace_failure_retry—Retry failures

4—exp_config_trace_defns—Definitions

5—exp_config_trace_defn_args—Definition arguments

7—exp_config_trace_find—Find errors

8—exp_config_trace_literal—Literal details

10—exp_config_trace_all—Trace all

There is no performance penalty to specify a high expression-
configuration-trace-level
, as expressions are configured only when the server is started. Optional, default 2 (failure retry).

IP History

IP History

Controls recording IP history data for the IP history database. See the Network Registrar User's Guide for details. Default disabled.

IP History Directory

Path to the directory of the database containing the IP (lease) history. It is best to store the history files on a different disk partition from the server's lease state database. Because of this, use absolute paths if possible. Use forward slashes (/) as path separators (do not enclose paths in quotes). You must set this attribute if you also enable the ip-history attribute. No default.

Subnet Allocation

addr-blocks-default-
selection-tags

Default selection tag (or list of tags) associated with incoming subnet-allocation requests that do not contain any subnet name data. No default.

addr-blocks-use-
client-affinity

The DHCP server tries to allocate subnets to clients using address blocks that they already used. Disabling this attribute causes the server to supply subnets from any suitable address block, based on other selection data in the clients' messages. Default true.

addr-blocks-use-lan-
segments

Controls whether DHCP subnet-allocation uses the lan-segment attribute when configured on address blocks. Default false.

addr-blocks-use-
selection-tags

Controls whether the server compares the incoming subnet-allocation requests' subnet name data with each address block's selection tags. An address block will only be considered if the two match. Default true.

delete-orphaned-
subnets

As the DHCP server starts up, it tries to locate the parent namespace and address block of each subnet. If a subnet refers to a namespace that is no longer configured in the server, or if the server cannot locate a parent address block that contains the subnet, the server uses this attribute to decide whether to keep the subnet entry in the state database (the default) or to delete it permanently. Default false.

Microsoft Systems Management Server

sms-network-
discovery

Causes the DHCP server to generate SMS network discovery records. To enable this attribute, set it to 1; to disable it, set it to 0 (the default). Use this attribute together with updating SMS. Default 0.

sms-library-path

Overrides the internal default value for the name of the SMS dll. The default is the empty string. If you specify an empty string, the system defaults to the internal server default of smsrsgen.dll. No default.

sms-lease-interval

Sets the time interval, in milliseconds, between sending addresses to the System Management Server (SMS). After you install a future release of Microsoft BackOffice Resource Kit (which contains an enhanced version of smsrsgen.dll), reduce this interval or set it to 0. Default 1100.

sms-site-code

Specifies the site code of the SMS server that receives discovery records when you update SMS. You must initialize this attribute to the appropriate SMS site code to update SMS. No default.

Miscellaneous

import-mode

Controls whether to have the DHCP server recognize only packets generated from the import leases command and to ignore all others. You can use this attribute if you want to update your DHCP server and prevent clients from receiving addresses during this period. Default disabled.

delete-orphaned-
leases

Leases that are in the lease state database can have a namespace-id recorded with them, or they can be orphaned. When the DHCP server initializes its cache from the lease state database, it expects every lease with a namespace-id to match a configured namespace. If the server finds a lease whose namespace-id does not match a configured namespace, this attribute controls whether to delete that lease from the database or to ignore that entry (the default), assuming that at some point the server is configured with the appropriate namespace. In either case, the server cannot use the lease. Default false.

discover-interfaces

Controls whether the DHCP server looks at all the interface cards on the host and processes DHCP requests that it receives from any of them. However, it only offers addresses to requests from subnets defined with a valid scope with available addresses. If disabled, the DHCP server uses only its list of configured interfaces. Default enabled.

hardware-unicast

Controls whether the DHCP server sends unicast rather than broadcast responses when a client indicates that it can accept a unicast. This attribute is only available on these operating systems: Solaris, Windows 2000, and Windows NT. Default enabled.

get-subnet-mask-
from-policy

Controls whether the DHCP server searches all relevant policies for a subnet mask option when constructing a response to send to a client. Normally, the DHCP server retains the subnet mask configured in the scope containing the base being granted to the DHCP client. Default false.

ignore-requests-for-
other-servers

Controls whether to prevent the normal DHCP server response to client requests for other servers. Normally, if the DHCP server sees a client requesting a lease from another server for an address that this server is configured to control, it sets the lease to unavailable. However, some clients could send request packets with bad server ID options (rather than packets actually directed to other servers) that the server could wrongly interpret as the address being unavailable. You can set this attribute to prevent this from occurring. No default.

vpn-communication

If enabled (the default), the DHCP server can communicate with DHCP clients on a different virtual private network (VPN) from that of the DHCP server by using an enhanced DHCP relay agent capability. This enhanced capability is signalled by the appearance of the server-id-override sub-option in the relay-agent-information-option (DHCP option 82). Default true.

ldap-mode

Determines the preference for using LDAP servers if more than one LDAP server is configured. Optional, no default. There are two possible values:

round-robin—The DHCP server ignores the servers' preferences. It treats all LDAP servers (those configured to handle client queries and those configured to accept lease-state updates) equally.

failover—The DHCP server uses the active LDAP server with the lowest preference. If the preferred server loses its connection or fails, the DHCP server uses the next LDAP server in preference order. The DHCP server uses servers with equal preference in round-robin order.

ignore-icmp-errors

With this attribute enabled (the default), if you configured the DHCP server to send ICMP ECHO (ping-before-offer) requests, the server makes unavailable any address for which it receives an ECHO reply within its configured timeout period. If you disable this attribute, the DHCP server also treats ICMP DEST_UNREACHABLE and TTL_EXPIRED error messages that it receives after sending ICMP ECHO requests as grounds for making an address unavailable. Default enabled.

docsis-version-id-
missing

String (maximum 255 characters) that gets substituted with the %@docsis-vers% variable in the policy command's boot-file attribute. This substitution occurs if the DHCP request packet does not contain a vendor-class-id option or the option does not contain a DOCSIS version id. No default.

save-lease-renewal-
time

If set to true, the server saves the lease renewal time (the minimum time in which the client is expected to issue a lease renewal) as part of the lease in persistent memory. Default false.

max-ping-packets

Number of buffers that the server allocates for sending and receiving ICMP ping messages, if you use the scope name enable ping-clients command. Default 500.

save-vendor-class-id

Controls whether the server saves the value of the vendor-class-identifier DHCP option (60) in memory. This affects what you can store in an LDAP directory. Default false.

cnr-5-0-upgraded

Shows whether the DHCP server was upgraded for Network Registrar release 5.0. Read-only.

mcd-blobs-per-bulk-
read

Number of binary large objects (blobs) for a bulk read. Use this attribute to tune DHCP start and reload times. Generally, a higher value results in faster server start and reload times, at the cost of using more memory. No default.

Deprecated

mac-address-only

Causes the DHCP server to use the client's MAC address as the only client identifier. The standard behavior, as specified in RFC 2132, is to use the client ID option (if it is present) as the unique client identifier. If you specify the this attribute, the DHCP server ignores the client's ID and uses its MAC address instead. You can use this attribute to have a single, consistent way of identifying all clients that use your DHCP server. Default false.

one-lease-per-client

Causes the DHCP server to release any other leases the client may have had on this server. Since the default behavior for the Network Registrar DHCP server is to store all the leases a client obtains, this attribute ensures that only one lease is stored. A client might obtain a number of leases if a user with a laptop traveled throughout the building and requested leases at different locations on the network. Default false.

save-relay-agent-data

In previous versions of Network Registrar, this attribute controlled whether the DHCP server would save the relay agent data for a particular IP address in the lease state database. It now has no purpose, because the relay agent data (if any) is always saved in the lease state database. Setting or clearing this attribute now has no effect, but it still exists so as to not break existing configuration scripts. No default.