Logo - tutorial.programming4.us
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
Windows Server

Windows Server 2012 : Enhancing DHCP Reliability - Link-Layer Filtering, DHCP Reservations

12/8/2014 8:37:37 PM

On most networks, DHCP is a critical networking service. When the DHCP service is offline, most clients cannot function and may be unable to work at all. For most organizations building redundancy, reliability, and security into their DHCP service can help alleviate undesired and unexpected DHCP networking outages.

Windows Server 2012 builds on top of previous DHCP server services by leveraging several features that can enhance DHCP reliability as outlined in the proceeding sections.

Link-Layer Filtering

Link-layer filtering or MAC address filtering is a feature of the Windows Server 2012 DHCP service that can be enabled to provide a higher level of security to DHCP leases.

Link-layer filtering basically can restrict which devices are allowed and which devices are denied the ability to obtain a DHCP lease from the DHCP server. For this feature to function, the server must be enabled to support the Allow / Deny Link Layer Filter lists, and the lists must be populated.

In many DHCP deployments, it can be cumbersome for administrators to manually enter each network-connected device’s MAC address before it can be granted a DHCP lease, so link-layer filtering may seem like it is out of reach. One way to avoid this issue is to deploy DHCP in a phased approach. First, deploy DHCP services without Link Layer Filtering enabled. Later, after all clients have connected to the network, add leases to the filter lists as leases are obtained. This can even be performed with DHCP reservations. For example, suppose you set up a DHCP scope on Monday morning and later that afternoon most of your clients have obtained a lease. You can simply select and right-click a single or a set of current leases and select Add to Filter and Allow or Deny depending on which filter list you want the system to be on, as shown in Figure 1.


Figure 1. Adding a DHCP lease to the Allowed link-layer filter list

After adding all your leases to the appropriate filter list, in the DHCP console right-click the IPv4 node and select Properties. On the Filters tab check the check boxes to enable Allow or Deny Lists, as desired.

DHCP Reservations

A DHCP reservation is a predefined relationship between an IP address and a system’s MAC address. This configuration allows a system to remain configured for DHCP, but it will always get the same IP address that is predefined or reserved for it, hence the name reservation. Reservations are quite useful on business networks for mobile devices and printers; the mobile device or printer can always be contacted at the same IP address for access and for remote management and so on. The flip side is that if that printer or mobile device moves to another office or network, it will be DHCP ready and will connect to the network without manual network configuration.

Using DHCP reservations along with link-layer filtering allows a DHCP administrator to quickly identify new or unidentified machines and quickly block their access. For example, identified machines can be granted leases, and then all of those leases can be converted to reservations and added to Allow filter lists, and finally, an IP address exclusion list can be created for all IP addresses not currently defined in the reservation list, essentially stopping all new leases from occurring. The only issue with this scenario is that when a new valid machine joins the network the DHCP scope changes need adjustments to allow this new system to connect. In addition, when machines have both wireless and wired network cards, each card requires a different reservation.

You can create DHCP reservations using two different processes. The first and most common process is to manually create a reservation; the second much easier process is to convert a DHCP lease into a reservation. To manually create a DHCP reservation, follow these steps:

1. Collect the desired MAC address from the system that will be associated with this reservation. You can do this on a Windows machine in a command prompt by using the Ipconfig /all command and recording the physical address entry.

2. Open the DHCP console and expand the IPv4 node.

3. Expand the desired scope, select and right-click the Reservations node, and select New Reservation.

4. Enter a descriptive name, IP address, and MAC address for the system, and click Add to create the reservation, as shown in Figure 2.


Figure 2. Manually creating a DHCP reservation.

5. When that reservation is completed, the window clears to allow for another reservation to be created. Click Close to return to the DHCP console.

To create a reservation from an existing lease, simply open the IPv4 scope and select the Address Leases node in the tree pane, locate the lease in the center pane, right-click the desired lease or multiple leases, and select Add to Reservation.

This completes the reservation-creation process.

Configuring Reservation-Specific DHCP Scope Options

Sometimes devices are on the same network but require different DHCP scope options. One example could be a kiosk machine that should not have a default gateway or an IP phone that requires additional scope options that are not desired on all DHCP clients. This can be accomplished with reservation-specific DHCP scope options. To create a reservation-specific scope option, create a reservation in the tree pane, expand the Reservations node, and specifically select the desired reservation and select Configure Options. Proceed to select and configure the desired options and save the changes by clicking OK when completed. These reservation-specific options override both scope and server options when configured.

Other -----------------
- Exploring DHCP Changes in Windows Server 2012 : Migrating DHCP Services from 2008 R2 to Windows Server 2012, derstanding DHCP Client Alternate Network Capability
- Exploring DHCP Changes in Windows Server 2012 : Migrating DHCP Servers Using Windows Server Migration Tools
- Sharepoint 2013 : The Office Web Applications for Sharepoint - Preparing the Server and Installing OWA via the GUI
- Sharepoint 2013 : The Office Web Applications for Sharepoint - Topology
- Sharepoint 2013 : The Office Web Applications for Sharepoint - Mobile Device Support
- Sharepoint 2013 : The Office Web Applications for Sharepoint - Desktop Enhancements
- Sharepoint 2013 : The Office Web Applications for Sharepoint - Licensing and Versions
- Microsoft Lync Server 2013 : Persistent Chat Administration (part 2) - Chat Room Management by End Users , Persistent Chat Troubleshooting
- Microsoft Lync Server 2013 : Persistent Chat Administration (part 1) - Chat Room Management by Administrators
- Microsoft Lync Server 2013 : Configuring Persistent Chat (part 4) - Creating a Chat Room Using the Lync Server Management Shell , Creating a Chat Room Using the Lync 2013 Client
Top 10
- Microsoft Exchange Server 2013 : Working with cmdlets (part 2) - Understanding cmdlet errors, Using cmdlet aliases
- Microsoft Exchange Server 2013 : Working with cmdlets (part 1) - Using Windows PowerShell cmdlets, Using cmdlet parameters
- Microsoft Exchange Server 2013 : Using Windows PowerShell (part 2) - Running and using cmdlets, Running and using other commands and utilities
- Microsoft Exchange Server 2013 : Using Windows PowerShell (part 1) - Running and using Windows PowerShell
- Troubleshooting Stop Messages : Being Prepared for Stop Errors - Prevent System Restarts After a Stop Error
- Troubleshooting Stop Messages : Memory Dump Files (part 3) - Using Memory Dump Files to Analyze Stop Errors - WinDbg Debugger
- Troubleshooting Stop Messages : Memory Dump Files (part 2) - Using Memory Dump Files to Analyze Stop Errors - Using Problem Reports And Solutions
- Troubleshooting Stop Messages : Memory Dump Files (part 1) - Configuring Small Memory Dump Files, Configuring Kernel Memory Dump Files
- Troubleshooting Stop Messages : Stop Message Overview - Identifying the Stop Error, Finding Troubleshooting Information
- Deploying IPv6 : Planning for IPv6 Migration - Understanding ISATAP, Migrating an Intranet to IPv6