Table of Contents

Configuring DHCP Servers

Dynamic Host Configuration Protocol (DHCP) is an industry-standard protocol for automatically assigning IP configuration to workstations. DHCP uses a client-server model for address allocation. As administrator, you can configure one or more DHCP servers to provide IP address assignment and other TCP/IP-oriented configuration information to your workstations. DHCP frees you from having to manually assign an IP address to each client. The DHCP protocol is described in RFC 2131.

This chapter describes how to set up a DHCP server and its policies. Before clients can use DHCP for address assignment, you must add at least one scope to the server. This is described in "Configuring DHCP Scopes and Leases."

Table 7-1 lists the topics found in this chapter and their associated sections.

To configure your DHCP server, Network Registrar needs the following information:

• Your DHCP server's address—Allows Network Registrar to determine the address or you can specify one.
  
  
• One or more policies—Specifies, at a minimum, the lease times for the addresses.
  
  
• One or more address pools (called scopes)—Makes IP addresses available to the DHCP server.
  
  

Configuring a DHCP Server

When configuring a DHCP server, you must configure the server properties, policies, and associated DHCP options. (Configuring DNS updating is described in "Configuring Dynamic DNS Update.")

Note   Whenever you change server properties, you must reload the server to load the configuration data from the Network Registrar database.

General Configuration Guidelines

Here are some guidelines to consider before configuring a DHCP server:

• Separate the DHCP server from any secondary DNS servers used for DNS updating—Because writing a full zone to disk can take some time, server performance can be slow when it transfers large zones to a secondary DNS server. To ensure that the DHCP server is not adversely affected during large zone transfers, your DHCP server should run on a different cluster than your secondary DNS servers.
  
  
• Configure a separate DHCP server to run in remote segments of the WAN—Ensure that the DHCP client can consistently send a packet to the server in under a second. The DHCP protocol dictates that the client receive a response to a DHCP DISCOVER or REQUEST within four seconds of packet transmission. Many clients (most notably early releases of the Microsoft DHCP stack) have actually implemented a two-second timeout.
  
  
• Set DHCP lease times to a relatively large value in a policy—To prevent leases from expiring when the DHCP client is turned off (overnight or over long weekends), set the DHCP lease time longer than the longest period of expected downtime. A lease time of 10 days should be sufficient.
  
  

DHCP Server Properties in the GUI

The DHCP Server Properties dialog box of the GUI has a number of tabs that relate to configuring the DHCP server. These tabs and where they are described in this User's Guide are listed and defined in Table 7-2.

Selecting the Server Interface

To configure the DHCP server, accept Network Registrar's defaults or supply the data explicitly:

• The IP address of the server's interface (Ethernet card). This interface must have a static IP address that is not assigned dynamically by DHCP.
  
  
• The subnet mask, which identifies the network membership of the interface. The subnet mask defaults to the appropriate value based on the network class of the interface address. In most cases, the subnet mask is 255.255.255.0.
  
  

Network Registrar uses the distinguished interface named default to provide configurable default values for interfaces that the DHCP server discovers automatically. If you delete the default interface, the DHCP server uses hard-coded default values for port numbers and socket buffer sizes for the interfaces that it auto-discovers.

If you enable discover-interfaces, the DHCP server uses the operating system platform support to enumerate all the active interfaces on the machine and (unless there is an interface configuration with the ignore feature enabled) attempts to listen on all of these. If you disable discover-interfaces, the DHCP server listens on the interface you specify, as long as it does not have the ignore feature enabled.

Using the GUI:

Step 1   In the Server Manager window, double-click the DHCP server you want to configure. This opens the DHCP Server Properties dialog box. The General tab should be selected (Figure 7-1).

The Name field identifies the internal name of the DHCP server. You can change this name without affecting how the server functions. The name does not reflect the server's official name. Network Registrar actually uses the server's IP address for official name lookups and dynamic DNS updating.

The dialog box also identifies the cluster the server is in and version of Network Registrar's DHCP server software.

Step 2   Decide if you want Network Registrar to discover the interface cards on the server host, known as NICs (Network Interface Cards) on Ethernet and Token Ring networks:

• If you select the Discover interfaces check box, the DHCP server finds all the interface cards on the host and processes DHCP requests it receives from any of them. However, it only offers addresses to requests from subnets for which you defined a valid scope with available addresses.
  
  
• Select Use interface only if you want Network Registrar to use one interface address in a multi-homed system. If you select this option, you must also enter the address and network mask of the interface.
  
  

Using the CLI:

Use the dhcp-interface commands to add, remove, and list the IP addresses of your server's hardware cards. Interfaces are named with the IP address and net mask for the physical device.

If you have two interface cards for the server host, use two dhcp-interface create commands to register them both. Use the net mask suffix /16 or /24 as part of the address.

nrcmd> dhcp-interface 192.168.1.12/24 create 
nrcmd> dhcp-interface 10.1.2.3/24 create 
 

If you want Network Registrar to use only one interface, you have to set all the other ones to be ignored by using the dhcp-interface set ignore=true command.

nrcmd> dhcp-interface 10.1.2.3/24 set ignore=true 
 

Configuring Server Policies

Every DHCP server must have one or more policies defined for it. Policies are the way you define lease duration, gateway routers, and other configuration parameters, in what are called DHCP options. Policies are especially useful if you have multiple scopes, because you need only define a policy once and apply it to the multiple scopes. You can define named policies with specific option definitions or you can use system defaults. This section describes how to configure a policy in both ways.

Types of Policies

There are three types of policies—system default, user-defined, and embedded.

• System default (system_default_policy)—Provides a single location for setting default values on certain options for all scopes. Use the system default policy for scopes you want to define with standard DHCP option values. You can modify the system default options and their values, but you cannot delete the policy using the GUI. If you delete it using the CLI, it re-appears using its original list of options and their system-defined values. Table 7-3 lists the options and values in the system default policy.
  
  

• User-defined—Policies you explicitly define by name or assign the default policy. The default policy contains only two options (dhcp-lease-time and dhcp-renewal-time) that are not duplicated in the system default policy. (Table 7-4 includes the default values for these options.) User-defined policies are usually object-specific and named after their associated scope or client grouping. They are usually assigned options that are unique to a subnet (such as for its routers).
  
  

• Embedded—A policy embedded in (and limited to) a named scope, client, or client-class. An embedded policy is implicitly created (and removed) when you add (or remove) the corresponding object, such as a scope, except that the embedded policy options have no default values and are initially undefined. (Manipulating embedded policies is available through the CLI only; see the "Configuring an Embedded Policy for the Scope" section.)
  
  

Because you can define options at these various levels—from globally to more locally—there is a chance of duplicating option values. To resolve this, the Network Registrar DHCP server uses a "local priority" method. Before returning option values to a DHCP client, it examines its associated policies and prioritizes the option values in the following order:

Another way of saying this is that the DHCP server picks up the more locally defined option values and finally includes any default ones not otherwise defined.

Creating a Policy

This section describes how to create a policy at the DHCP server level and then allow a specific scope or scopes to reference it. A policy can consist of the following components:

• Name—A unique name.
  
  
• Permanent lease option—A permanent lease never expires.
  
  
• Lease time—How long a client can use an assigned lease before having to renew the lease with the DHCP server. (You cannot define an embedded policy with lease times.)
  
  
• Lease grace period—Length of time after the lease expires that it is unavailable for re-assignment. (You cannot define an embedded policy with a lease grace period.)
  
  
• DHCP options and their defined values (see "DHCP Options,").
  
  

Network Registrar provides a system_default_policy that defines a series of important options if they are not explicitly set. This policy applies to all scopes by default, if not specifically overridden at the scope level. The system defaults are not hard and fast; you can modify and even delete them. However, if you delete a system_default_policy, Network Registrar re-creates it with the initial default values.

You can also use or base a defined policy on a default policy, which sets only two values (the lease and lease renewal times). The default policies include settings that are optimized for most configurations.

Using the GUI:

Step 1   In the DHCP Server Properties dialog box for a selected server, click the Policies tab (Figure 7-2) to create a policy at the server level.

You can edit an existing default policy or you can create a named one. In most cases, you would want to leave the defaults alone and create named policies, especially if you want to associate them with particular scopes and clients. (You can always base a named policy on an existing one.)

Note   All possible selections in the Policy field apply to the server. The name that appears indicates only that the policy is the one currently being configured.

To create a new policy, click the New button to display the New Policy dialog box (Figure 7-3).

Step 2   In the Name field, enter the new policy's name; for example, policyCableModem.

Step 3   In the Copy from field:

• Select an existing policy from which to copy properties. You can select default, system_default_policy, or newpolicy. The default and newpolicy policies have the same initial settings, while the system_default_policy includes quite a few more initial settings.
  
  
• Select <None> to create a policy without basing it on any existing one. This policy has no preset properties or options and you have to specify them from scratch.
  
  

Step 4   Click OK.

Step 5   On the Policies tab, choose whether you want the leases to be permanent (never expire), or have a specified duration (lease time). In most cases you would clear the Leases are permanent check box.

Step 6   If setting non-permanent leases, set the duration of the lease in the Lease time fields. The default in most cases is 7 days.

Tip For guidelines to setting lease periods, see the "Adding DHCP Options for the Policy" section.

Step 7   If setting non-permanent leases, set the duration of the lease grace period in the Grace period fields. This is the length of time the lease remains in the DHCP server's database after the lease expires. This grace period protects a client's lease in the cases the client and server are in different time zones, their clocks are not synchronized, or the client was off the network when the lease expired.

Using the CLI:

Use the policy create command to create the policy and the policy set command to set the lease options.

nrcmd> policy policyCableModem create 
nrcmd> policy policyCableModem set grace-period=1D 
 

To set permanent leases for the policy, use the policy enable permanent-leases command.

nrcmd> policy policyCableModem enable permanent-leases 
 

To set the subnet mask, you have to use a combination of the policy setOption subnet-mask command and the dhcp set get-subnet-mask-from-policy true command.

nrcmd> policy policyCableModem setOption subnet-mask 255.255.255.0 
nrcmd> dhcp set get-subnet-mask-from-policy true 
 

To remove the subnet mask from the policy, use either of the following commands:

nrcmd> dhcp unset get-subnet-mask-from-policy 
nrcmd> dhcp set get-subnet-mask-from-policy false 
 

Adding DHCP Options for the Policy

DHCP options supply configuration parameters automatically to DHCP clients, such as their domain, and addresses of their name servers and subnet routers. The DHCP options are described in detail in "DHCP Options."

You can set, unset, edit, and view individual option values. When you set an option value, the DHCP server replaces any existing value or creates a new one, as needed for the given option name. Network Registrar DHCP options are grouped into categories to aid you in identifying options that you must set in various usage contexts. The categories are described in Table B-7. The custom options you can create are described in the "Adding a Custom Option" section.

Using the GUI:

Step 1   On the Policies tab (Figure 7-2) of the DHCP Server Properties dialog box for your selected DHCP server, select in the Policy field the policy for which to add DHCP options.

Step 2   Click the Edit options button to open the Edit Options dialog box (Figure 7-4).

The Available field includes all the available DHCP options organized in categories (click the plus sign next a category to view the member options). (See Appendix B for the option categories and their member options.) The options that are preset for the policy type (if any) appear in bold type and also in the Active field.

Step 3   Select the option you want to configure for the policy. For example, expand the DHCP Packet Fields category in the Available field to expand the category, then select the packet-file-name option.

Step 4   Click the Add button to add the option to the Active field.

The option settings appear at the bottom of the dialog box. For example, for the packet-file-name option, enter the text /docsis/mac-%@mac-addr% in the Option value(s) field. (The Send to BOOTP clients and Always send to DHCP clients options are described in the "Setting Advanced Scope Options" section.)

Step 5   Click OK to commit the changes. The new option now appears in the Active field of the DHCP Server Properties dialog box, with its value in the Value(s) field. (If you add another option, you must select it to view its value.)

Step 6   Add additional options in the same way.

To edit or remove a DHCP option:

Step 7   Click Close.

Step 8   Reload the DHCP server.

Using the CLI:

You can set individual option values with the policy setOption command, unset option values with the policy unsetOption command, and view option values with the policy getOption and policy listOptions commands. When you set an option value, the DHCP server replaces any existing value or creates a new one, as needed, for the given option name.

nrcmd> policy policyCableModem setOption dhcp-lease-time 3600 
 

The policy setOption command requires a space (not an equal sign) before the property value.

For a list of all of the DHCP options you can configure, use the help dhcp-option command.

Supporting Vendor-Specific DHCP Options

There are four main steps to configure Network Registrar to support a device that expects to receive vendor-specific DHCP options from the DHCP server:

The following example includes all three commands required to accomplish its task.

Step 1   Define vendor-specific option data types. The device1 expects several vendor-specific suboptions to be returned by the DHCP server. One such suboption is suboption 8, which holds a set of IP addresses for boot servers available to the device. Suboption 8 has a distinct format and can be mapped into Network Registrar using the option-datatype command to create an option data type called device1_suboption_8, as follows:

nrcmd> option-datatype device1_suboption_8 create 
nrcmd> option-datatype device1_suboption_8 defineField boot_server_type 1 WORD 
nrcmd> option-datatype device1_suboption_8 defineField boot_server_IP_list 2 IPADDR 
        counted-array 
nrcmd> option-datatype device1_suboption_8 enable read-only 
 

Here device1_suboption_8 describes the format for suboption 8 of a device1 network device. Assume that several suboptions with different formats are required for such a device. Each suboption should be mapped into Network Registrar using a separate set of option-datatype commands.

Step 2   Create vendor options. Once the suboption formats are mapped to vendor-specific option data types or to standard DHCP options, you are ready to create a vendor option for the device. The command

nrcmd> vendor-option device1_vso create "device1:Arch:xxxxxx:UNDI:yyyzzz" 
 

creates the vendor option device1_vso (device1:Arch:xxxxxx:UNDI:yyyzzz exactly matches the string provided by the vendor as the Class Identifier [Option 60] for the device).

Step 3   Define all required suboptions. Suboption 8 is assigned to the option data type device1_odt_suboption_8 as follows:

nrcmd> vendor-option device1_vso defineSuboption suboption_8 8 device1_odt_suboption_8 
        array 
 

Step 4   Repeat this command for each suboption required for the device.

Step 5   Set the data of the vendor option by setting the values of each suboption. In this example, the policy named network-1.2.3 is set for suboption 8 of the vendor-specific DHCP option named device1_vso to have the following values:

nrcmd> policy network-1.2.3 setVendorOption device1_vso {suboption_8[0]} 
        boot_server_type 2 
nrcmd> policy network-1.2.3 setVendorOption device1_vso {suboption_8[0]} 
        boot_server_IP_list 192.168.25.4,192.168.25.5 
nrcmd> policy network-1.2.3 setVendorOption device1_vso {suboption_8[1]} 
        boot_server_type 8 
nrcmd> policy network-1.2.3 setVendorOption device1_vso {suboption_8[1]} 
        boot_server_IP_list 192.168.25.6 
 

Editing a Policy

You can edit an existing policy, as well as delete it entirely. This can be tricky, because you have to consider the effect on any of the scopes or clients who use that policy. If you remove a policy from the server, Network Registrar also removes it from all scopes, clients, and client-classes.

Using the GUI:

Step 1   On the Policies tab of the DHCP Server Properties dialog box (Figure 7-2), select the name of the policy you want to edit or delete.

• To edit the policy, overtype (or re-select) the entries or options in the Leases area, then click Edit options to add more options or edit (or remove) existing ones.
  
  
• To delete the policy, click the Delete button at the top of the dialog box.
  
  

Caution   Be sure that your actions do not adversely affect any scopes or clients configured with these policies.

Step 2   Click OK in the Edit Options dialog box.

Step 3   Click OK in the DHCP Server Properties dialog box.

Step 4   Reload the DHCP server.

Using the CLI:

Use the policy set command to change the value of a property. For example, to change the grace period from one day to two days, enter:

nrcmd> policy policyCableModem set grace-period=2d 
 

Use the policy unsetOption command to remove an option from a policy.

nrcmd> policy policyCableModem unsetOption dhcp-lease-time 

Caution   Be sure that your actions do not adversely affect any scopes or clients configured with these policies.

To delete a policy, use the policy delete command.

nrcmd> policy policyCableModem delete 
 

Defining Advanced Server Parameters

Table 7-5 lists and describes advanced parameters you can set for DHCP servers. The remainder of this section explains how to use both the GUI and CLI to:

• Assign and edit custom options (see the "Configuring Custom DHCP Options" section).
  
  
• Enable and disable debug settings (see the "Enabling Server Debugging" section).
  
  

Using the GUI:

The Advanced tab contains the advanced parameters fields, as well as the buttons to set custom options, and debug settings, as shown in Figure 7-5.

Step 1   Double-click the DHCP server for which you want to set advanced parameters. This opens the DHCP Server Properties dialog box.

Step 2   Click the Advanced tab (Figure 7-5).

Step 3   Modify the field values for the parameters described in Table 7-5.

Step 4   Deselect the Enable Unicast check box if you want the DHCP server to send broadcast responses only (a feature that may not be available on all platforms).

Step 5   Select the Defer Lease Extensions check box if you want to control whether the DHCP server should extend leases that are less than half expired.

Step 6   Click OK or go on to adding custom or debug options.

Using the CLI:

Use the dhcp set, dhcp get, dhcp unset, and dhcp show commands to assign and retrieve values from the DHCP server's name-value properties. (See Table 7-5 for guidelines on setting the advanced parameters.)

nrcmd> dhcp set max-dhcp-responses=400 
nrcmd> dhcp set max-dhcp-requests=400 
nrcmd> dhcp set max-ping-packets=250 
nrcmd> dhcp enable hardware-unicast 
nrcmd> dhcp enable defer-lease-extensions 
nrcmd> dhcp set last-transaction-time-granularity=1800 
 

Configuring Custom DHCP Options

In addition to assigning values to pre-defined DHCP options, you can create your own custom options. You can add, edit, and remove these custom options.

Adding a Custom Option

To add a custom option to a specific policy, and to assign or edit its value in that policy, follow the same procedure as for other DHCP options (see the "Adding DHCP Options for the Policy" section).

Using the GUI:

Step 1   Double-click the DHCP server for which you want to set advanced parameters. This opens the DHCP Server Properties dialog box.

Step 2   Click the Advanced tab (Figure 7-5).

Step 3   Click the Custom Options button (Figure 7-6).

Step 4   Click Add.

Step 5   In the Add Custom Option dialog box (Figure 7-7), select an option number from the drop-down list box. The numbers in the selection list intentionally do not map to any existing DHCP options (see "DHCP Options"). Be sure to check with the client about using the same number.

Step 6   Enter a name in the Option Name field. (It is recommended that you use lowercase characters and not create case-sensitive option names.) This name should also match that assigned by the client.

Step 7   From the Option Data Type drop-down list, select an option type.

Step 8   If applicable to the data type, select the Data is Array? check box.

Step 9   Enter a description for the option, if desired.

Step 10   Click OK to finish or Apply to continue adding custom options.

Step 11   Click Close in the Custom Options dialog box.

Step 12   Click the Policies tab, then click the Edit Options button. The new options you added should appear when you expand the Custom category in the Available list.

Using the CLI:

Use the custom-option create command to create a custom option. For example, to create the option red, mapped to number 100, and of type IPADDR (IP address), enter:

nrcmd> custom-option red create 100 IPADDR 
 

Do not map numbers to custom options that are already used by DHCP or BOOTP options. For a complete list of pre-assigned numbers, see "DHCP Options." You should also remember to set the option number to the same number that the client is going to ask for.

Use the custom-option show command to show an option's values and the custom-option list command to show the values to all the custom options. Use the custom-option get command to show individual properties of the custom option.

nrcmd> custom-option myoption show 
100 Ok
myoption:
    desc = {custom option 1}
    number = 100
    type = BYTE
 
nrcmd> custom-option list 
 
nrcmd> custom-option myoption get desc 
100 Ok
desc="custom option 1"
 

Editing and Removing a Custom Option

You can edit or remove custom options.

Caution   Be careful when changing any custom option properties (except the description) or removing the option altogether, since this can have unexpected side effects if the option is used in an existing policy. Also be sure to remove a custom option from a policy if you also delete the option definition (see the "Editing a Policy" section). Network Registrar does not automatically remove the custom option from any policies.

Using the GUI:

Step 1   On the Advanced tab of the DHCP Server Properties dialog box for the selected server, click Custom Options (Figure 7-6).

Step 2   From the Custom Options dialog box, select the option number that you want to edit or remove.

Step 3   Click Edit to edit the option, or Remove to remove it.

• Editing the option opens the Edit Custom Option dialog box, where you can make changes to any of the fields other than the Option Number. Click OK after you make the edits.
  
  
• Removing the option opens a confirmation dialog box where you click OK to effect the removal.
  
  

Step 4   Click Close in the Custom Options dialog box.

Step 5   When removing a custom option to also remove it from all policies that include it (see the "Editing a Policy" section). Network Registrar does not do this for you.

Using the CLI:

Use the custom-option set command to change the option type (opttype) or description (desc).

nrcmd> custom-option myoption set desc="This option applies to all external users" 
 

You cannot change an option's number, but you can delete the option and re-create it. Also, use caution when changing any properties except the description. Changing an option's property can have unexpected side effects if the option is used in any policies.

Use the custom-option delete command to delete an option.

nrcmd> custom-option myoption delete 
 

After you delete a custom option, you can use the policy setOption, policy unsetOption, policy getOption, and policy listOptions commands to associate options with policies, and to manipulate or display their values. See the Network Registrar CLI Reference Guide for more information about the policy commands.

Enabling Server Debugging

Use the debug settings option to collect debug information about the server. You should only need to set debug settings if you were to instructed to do so by the Cisco Technical Assistance Center.

Note   After enabling the debug settings, if you reboot the server, Network Registrar disables debug. You must enable the debug settings again.

Using the GUI:

Step 1   In the Server Manager window, open the properties for the DHCP server for which you want to set debugging.

Step 2   Click the Advanced tab.

Step 3   Click the Debug Settings button to open the Debug Settings for Server dialog box.

Step 4   Select the Enable debug check box.

Step 5   In the Category field, enter the category as supplied by the Cisco Technical Assistance Center.

Step 6   Select the output destination:

• Console goes to the server console
  
  
• MLOG goes to Network Registrar's logging facility (the default and recommended choice)
  
  

Step 7   Click OK.

Using the CLI:

You should only need to set debug settings if you were instructed to do so by the Cisco Technical Assistance Center. Use the server DHCP setDebug command to specify the debugging level. The following example provides packet trace logging.

nrcmd> server DHCP setDebug VX=5 
 

Use the server DHCP unsetDebug command to clear debugging.

nrcmd> server DHCP unsetDebug 
 

To set the server to generate up to 7 log files of 5 million bytes each, use the server DHCP serverLogs command.

nrcmd> server DHCP serverLogs nlogs=7 logsize=5M 
 

Configuring Multiple Servers and BOOTP Relay

You should install more than one DHCP server so that if one server fails, the DHCP clients can continue to obtain IP addresses. Because the DHCP protocol does not provide a way for DHCP servers to cooperate in ensuring that assigned addresses are unique, you must divide the IP address pool among the DHCP servers to prevent duplicate address assignment. For details on how to set up DHCP failover servers, see ""Configuring DHCP Failover."

Configuring a Second DHCP Server

You can configure two DHCP servers to distribute the load and handle the leases if the first DHCP server goes down. You must configure the second DHCP server on a different cluster than the first server.

• For each DHCP server, configure a scope that contains some mixture of local and remote clients, such as 60 percent of the IP address pool for the local clients, and 40 percent for clients from the subnet. In this case, local refers to clients in this cluster, and remote to clients in another cluster.
  
  
• If both servers are on the same subnet, you do not have to configure routers. If they are on different subnets, you should configure the routers (relay agents) so that they deliver requests between the two servers.
  
  

After you set up both servers, the local DHCP server responds to requests from local DHCP clients most of the time, while the remote DHCP server assigns addresses to clients on the other subnet only when the local server is unavailable or without addresses.

Configuring a BOOTP Relay Router

Any router that supports BOOTP Relay usually has an IP address that points to the DHCP server. For example, if you are using a Cisco router, it uses the term ip helper-address, which contains an IP address for a specific machine. In this case, you would use this address to forward all BOOTP (and therefore DHCP) broadcast packets. Be sure you configure this address on the router closest to your desktop machine.

Note   If your clients are not receiving IP addresses, it may be that the router is configured with another DHCP server, which means that the Network Registrar DHCP server cannot see it. If so, configure a second helper address to make sure the Network Registrar DHCP server can respond to the packets as well as the other DHCP server.