DYNAMIC HOST CONFIGURATION PROTOCOL
DHCP ( Dynamic Host Configuration Protocol ) is a network management protocol used to dynamically assign an Internet Protocol (IP) address to any one device, or node, on a network so they can communicate using IP. DHCP automates and centrally manages these configurations rather than requiring network administrators to manually assign IP addresses to all network devices. DHCP can be implemented on small local networks as well as enterprise networks.
DHCP will assign new IP addresses in each location when devices are moved from place, which means network administrators do not have to manually initially configure each device with a valid IP address or reconfigure the device with a new IP address if it moves to a new location on the network. Versions of DHCP are available for use in IPv4 and IPv6.
HOW DOES DHCP WORK?
DHCP is based on a client-server model and based on discovery, offer, request and acknowledge. DHCP port number for server is 67 and for the client is 68. It is a client server protocol which uses UDP services. IP address is assigned from a pool of addresses. In DHCP, the client and the server exchange mainly 4 DHCP messages in order to make a connection, also called DORA process, but there are 8 DHCP messages in the process.
These messages are given as below :
1. DHCP Discover Message –
This is a first message generated in the communication process between server and client. This message is generated by Client host in order to discover if there is any DHCP server/servers present in a network or not. This message is broadcasted to all devices present in a network to find the DHCP server. This message is 342 or 576 bytes long.
As shown in the figure above, source MAC address (client PC) is 08002B2EAF2A, destination MAC address (server) is FFFFFFFFFFFF, source IP address is 0.0.0.0 (because PC has no IP address till now) and destination IP address is
255.255.255.255 (IP address used for broadcasting). As the discover message is broadcast to find out the DHCP server or servers in the network therefore broadcast IP address and MAC address is used.
2. DHCP Offer Message –
The server will respond to host in this message specifying the unleased IP address and other TCP configuration information. This message is broadcasted by server. Size of the message is 342 bytes. If there are more than one DHCP servers present in the network then client host will accept the first DHCP Offer Message it receives. Also a server ID is specified in the packet in order to identify the server.
For the Offer Message, source IP address is 172.16.32.12 (server’s IP address in the example), destination IP address is 255.255.255.255 (broadcast IP address), source MAC address is 00AA00123456, destination MAC address is FFFFFFFFFFFF. Here, the offer message is broadcast by the DHCP server therefore destination IP address is broadcast IP address and destination MAC address is FFFFFFFFFFFF, source IP address is server IP address and MAC address is server MAC address.
Also, the server has provided the offered IP address 188.8.131.52 and lease time of 72 hours (after this time the entry of host will be erased from the server automatically). The client identifier is PC MAC address (00802BEAF2A) for all the messages.
1. DHCP Request Message –
When a client receives an offer message, it responds by broadcasting a DHCP request message. The client will produce a gratuitous ARP in order to find if there is any other host present in the network with the same IP address. If there is no reply by other host, then there is no host with the same TCP configuration in the network and the message is broadcasted to server showing the acceptance of IP address. A client ID is also added in this message.
The request message is broadcast by the client PC therefore the source IP address is 0.0.0.0 (as the client has no IP right now) and the destination IP address is 255.255.255.255 (broadcast IP address) and source MAC address is 08002B2EAF2A (PC MAC address) and the destination MAC address is FFFFFFFFFFFF.
2. DHCP Acknowledgement Message –
In response to the request message received, the server will make an entry with specified client ID and bind the IP address offered with lease time. Now, the client will have the IP address provided by server.
The server will make an entry of the client host with the offered IP address and lease time. This IP address will not be provided by server to any other host. The destination MAC address is FFFFFFFFFFFF and the destination IP address is 255.255.255.255 and the source IP address is 172.16.32.12 and the source MAC address is 00AA00123456 (server MAC address).
DHCP Negative Acknowledgement Message –
Whenever a DHCP server receives a request for IP address that is invalid according to the scopes that is configured with, it sends DHCP NAK message to client. E.g. – when the server has no IP address unused or the pool is empty, then this message is sent by the server to client.
4. DHCP Decline –
If DHCP client determines the offered configuration parameters are different or invalid, it sends DHCP decline message to the server. When there is no reply to the gratuitous ARP by any host to the client , the client sends DHCP decline message to the server showing the offered IP address is already in use.
5. DHCP Release –
A DHCP client sends DHCP release packet to server to release IP address and cancel any remaining lease time.
6. DHCP Inform –
If a client address has obtained IP address manually then the client uses DHCP Inform to obtain other local configuration parameters, such as domain name. In reply to the DHCP
Inform Message, DHCP server generates DHCP ACK Message with local configuration suitable for the client without allocating a new IP address. This DHCP ACK Message is unicast to the client.
ENABLING DHCP SERVER
Beginning in privileged EXEC mode, follow these steps to
enable the DHCP server on the router :
To disable the DHCP server, use the no service DHCP
global configuration command.
CONFIGURING DHCP SERVER
The following steps are performed to configure DHCP server :
Beginning in privileged EXEC mode, following steps configure the DHCP server –
The following example configures DHCP server :
CONFIGURING STATEFUL DHCPv6 SERVER
Beginning in privileged EXEC mode, the following steps are performed :
The following example configures stateful DHCPv6 server –
CONFIGURING STATELESS DHCPv6 SERVER
Beginning in privileged EXEC mode, follow these steps to configure stateless DHCPv6 server :
The following example configures the stateless DHCPv6 server –
ADVANTAGES OF DHCP
It provides the following benefits –
- Reliable IP address
DHCP minimises configuration errors caused by manual IP address configuration, such as typographical errors, or address conflicts caused by the assignment of an IP address to more than one computer at the same time.
- Reduced network
DHCP includes the following features to reduce network administration. :
- Centralised and automated TCP/IP
- The ability to define TCP/IP configurations from a central
- The ability to assign a full range of additional TCP/IP configuration values by means of DHCP
- The efficient handling of IP address changes for clients that must be updated frequently, such as those for portable devices that move to different locations on a wireless network.
- The forwarding of initial messages by using a DHCP relay agent, which eliminates the need for a server on every
- IP conflict can occur
- It automation can be a serious security risk if a rogueDHCP server is introduced to the A rogue server isn’t under control of the network staff, and can offer IP addresses to users connecting to the network. If a user connects to the rogue, information sent over that connection can be intercepted or looked at, violating user privacy and network security. This is known as a man in the middle attack, and can lead to serious consequences if confidential informant is sent over the rogue server.
- Another issue is that is only a single DHCP server is in place,it forms a single critical junction where failure can erupt from a single issue to the system-wide If the server fails, any connected computers that don’t already have an IP address, will try and fail to obtain one. Computers that already have an IP address from before the server’s failure will attempt to renew it, which will lead to the computer losing it’s IP address. All network address would be lost until the server is restored, leading to potential complications for those connected and needing to communicate with the network.
- If the network has multiple subnetworks, or segments, asingle DHCP may be Making up for this lack requires additional configuration, which means additional time and money spent setting everything up. Each network segment may require its own DHCP server. If neither option is viable, all connected routers may have to be configured to Bootstrap Protocol (BootP) broadcasts. BootP is older and less advanced than DHCP protocols, and not all systems may support BootP network protocols.
It allows us to manage the network’s IP addresses scopes and other TCP/IP settings like DNS, Default Gateway, etc. from central place, the central place is the DHCP Server. It is a critical must have network service because using DHCP helps to manage clients by assigning, tracking and re- assigning IP addresses.
Highest Selling Technical Courses of Indian Cyber Security Solutions: