Scope design considerations

The range of IP addresses used to create the scope should not contain any static IP addresses of existing computers. If there are any static addresses in use, there are several choices available to fix the problem:

• Convert them into DHCP clients. • Use address reservations.

• Use address exclusions.

• Shorten the scope's range of IP addresses.

The first option, converting the computers into DHCP clients, is the easiest solution. Once converted, the computer can request an IP address via DHCP. This may not be the ideal solution if the computer needs a static IP address, such as a web or FTP server. In this case, we would need to choose one of the remaining options.

The second option, using address reservations, enhances the first solution by adding IP address reservations in the scope. These address reservations contain the MAC address of the DHCP client. When a DHCP client requests an IP address, the DHCP server examines the MAC address from the DHCPREQUEST packet and looks for a reservation that matches it. As you can see, this is a more elegant solution. The computer always gets the same IP address, while any DHCP options that may change, such as DNS server addresses, are automatically updated. I will discuss reservations in greater detail later in this chapter.

Another option is to use address exclusions. Exclusions are IP addresses that are not to be leased to DHCP clients. Exclusions work great when a server or network device must use a static IP address or when the device does not support DHCP.

The final option is shortening the scope's range of IP addresses. For example, take a subnet of 192.168.0.0/24. This yields 254 host addresses. Since there are 25 servers on this subnet, you want to shorten the DHCP scope by removing the first 25 IP addresses in the range. As a result, the scope range of valid IP addresses is 192.168.0.26 through 192.168.0.254. I don't recommend doing this because it may be difficult to support and administer. In this example, the scope 192.168.0.0 looks like it includes the entire range. In actuality it doesn't, and the administrator who configured the scope is the only person aware of that. Another administrator or new employee would have a difficult time supporting this.

Another item to remember is that the DHCP server itself requires a static IP address. Therefore it too must be excluded from the scope. In this situation, an administrator should use an address exclusion.

So, why an address exclusion and not one of the other options discussed previously? The reason you need to use an address exclusion is because the DHCP server cannot be a DHCP client. Once the DHCP Server service is installed, the option to assign an IP address via DHCP is disabled. Since the DHCP server cannot be a DHCP client, the first two options are simply not possible. The final option, shortening the scope, is a possibility. But again, I do not recommend it.

The DHCP scope also contains other information, such as lease duration and DHCP options that will be distributed along with the IP address. Let's take a few moments to decide what these items should be.

First, let's consider the lease duration. The lease duration is the amount of time that a DHCP client can use an IP address before being required to renegotiate the lease.

As discussed in Chapter 4, the lease duration can have several functions. For example, if the subnet has an abundance of available IP addresses, the lease duration can be set to a longer length of time. This cuts down on DHCP traffic. On the other hand, if the subnet has a limited supply of IP addresses that need to be reclaimed more often, the lease duration can be set to a shorter length of time.

For the scopes I am creating, the main subnets have an abundance of IP addresses. In this case, I am going to leave the lease duration at the default setting of 8 days. Later in this chapter I will demonstrate how to change an existing lease duration.

Next, I need to consider the DHCP clients and the DHCP options they support and require. For example, let's say that the first scope I am creating contains Windows 95 workstations. The Windows 95 workstations support the following DHCP options:

Subnet Mask Option (1)

This option specifies the subnet mask to be used by the client. Routers Option (3)

This option specifies the default gateway.

Domain Name Option (15)

This option specifies the domain name to be used by the client.

Domain Name Servers Option (6)

This option lists the DNS servers to be used for host name resolution by the client.

NetBIOS Name Servers Option (44)

This option lists the WINS servers to be used for NetBIOS name resolution by the client.

NetBIOS Node Type Option (46)

This option determines the NetBIOS node type to be used by the client.

NetBIOS Scope Option (47)

This option specifies the NetBIOS scope ID to be used by the client.

Taking into account the current network infrastructure, a DHCP designer needs to determine which options are required and what are the correct values for these options.

Option Value

Subnet Mask 255.255.252.0

Routers 168.3.4.1

Domain Name helpandlearn.com

Domain Name Servers 168.3.4.11, 168.3.40.11 NetBIOS Name Servers (WINS) 168.3.4.12, 168.3.40.12

NetBIOS Node Type 0x8 (H-node)

NetBIOS Scope Option Not used

Now let's get started creating the first scope. 5.5.3 Creating a Scope

Creating a DHCP scope is very simple once the design criteria is decided. Just as with every other function in Windows 2000, Microsoft was nice enough to create a wizard that walks you through the DHCP scope creation process.

To create a DHCP scope, follow these steps:

1. In the DHCP Console, right-click on the DHCP server that will contain the scope. Select "New Scope . . . " from the menu.

2. The New Scope Wizard starts. Click Next on the Welcome screen.

3. Enter a name and description for the new scope. This name is used to identify the scope. For the scope I am creating, I enter 168.3.4.0 for the name and Corp-HQ for the description (see Figure 5.10). You can use more descriptive names, such as the physical location of the scope (e.g., Building 411 - Third Floor) if you prefer. Click Next.

Figure 5.10. Scope name

4. Now define the scope address range. The range must be a set of contiguous IP addresses belonging to a single subnet (see Figure 5.11). Since I am defining the scope for subnet 168.3.4.0, I enter the starting IP address, 168.3.4.1, and the ending IP address, 168.3.4.254. Next enter the subnet mask traditionally (i.e., 255.255.252.0) or as a length (i.e., the number of bits that comprise the network address, 22).

Figure 5.11. Specifying the scope address range

Note that the starting IP address cannot be the first address in the subnet. For example, if the scope being created was for the 192.168.0.0 subnet, the first address on that subnet is 192.168.0.1. Recall from Chapter 1, that any IP address with all zeros is invalid. All zeros in the host portion of the address designates the address as the subnet address. If you enter an invalid IP address, an error message will be displayed (see Figure 5.12).

Figure 5.12. Invalid IP address error message

If you enter a range of IP addresses that is bigger than the subnet mask provides, another dialog box will be displayed asking if you would like to create a superscope. Superscopes are covered later in this section. Click Next.

5. Next, enter any address exclusions (see Figure 5.13). An address exclusion is an IP address that is included in the scope range but which the DHCP server is not to distribute.

In the scope I am creating, I want to exclude the first 25 addresses in the scope. Therefore, I need to enter a range of IP addresses to be excluded. I enter 168.3.4.1 through 168.3.4.25. If you want to specify a single IP address, use that address in the starting address field only. Click Add to add the range of IP addresses to the exclusion list.

Figure 5.13. Specifying address exclusions

Also be sure to add the address of the DHCP server to the exclusion list. Remember that the DHCP server requires a static IP address. Since the IP address I used for the DHCP server (168.3.4.10) was within the exclusion range I defined, I do not need to create a separate exclusion. Click Next.

6. Next, specify the lease duration to be used for this scope (see Figure 5.14). Lease durations are used to allow the DHCP server to reclaim IP addresses. Lease durations and strategies in their use were covered in detail in Chapter 4. Use the up and down arrows to specify the duration in days/hours/minutes. For this subnet I am accepting the default value of 8 days. Click Next.

Figure 5.14. Specifying lease duration

7. Now you have a choice of configuring DHCP options now or later (see Figure 5.15). DHCP options are settings distributed to DHCP clients when they lease an IP address from this scope. These options can include information such as default gateway or DNS server addresses. Since I already determined which DHCP options to configure, select "Yes, I want to configure these options now" and click Next.

Figure 5.15. Configure DHCP Options page

8. The New Scope Wizard prompts you to enter a Router (Default Gateway) IP address. For the subnet 168.3.4.0, the router address is 168.3.4.1. Enter the IP address for the router and click Add. Click Next.

9. Next you need to enter DNS configuration data. These configuration settings will allow the DHCP clients to query DNS servers for host name to IP address resolution. First, enter the parent DNS domain. The domain name that I am using for this example is helpandlearn.com. Next, enter the IP addresses for the DNS servers. If you are not sure of the IP address but you do have the host name of the DNS server, you can enter the server's name and click Resolve to find the IP address. Enter 168.3.4.11 and 168.3.40.11. When finished, click Next.

10.Now it's time for WINS configuration. WINS servers resolve NetBIOS names to IP addresses. Enter the IP addresses for the WINS servers, or enter the WINS server's name and click Resolve. Enter 168.3.4.12 and 168.3.40.12 for my example. Click Next.

11.Next you are prompted to activate the scope. Activating the scope allows DHCP clients to obtain IP addresses from the scope. For this example, select "No, I will activate the scope later." (There may be situations where you want to wait before activating a scope, such as when you are converting from one IP addressing scheme to another.) Click Next.

12.Click Finish to create the scope.

13.Notice the red down arrow on the scope icon. This designates that the scope is not active. This is why I didn't want you to activate the scope yet. To activate the scope, right-click on the scope and select Activate from the menu. The red down arrow disappears and the scope is active.

After the scope has been created, additional items can be configured, such as more DHCP options, exclusions, and reservations.