Q: – How can I prevent
unauthorized laptops from using a network that uses DHCP for dynamic
addressing?
This would have to be done using a
mechanism other than DHCP. DHCP does not prevent other clients from using the
addresses it is set to hand out nor can it distinguish between a computer’s
permanent MAC address and one set by the computer’s user. DHCP can impose no
restrictions on what IP address can use a particular port nor control the IP
address used by any client.
Q: – Can a BOOTP client boot
from a DHCP server?
Only if the DHCP server is specifically
written to also handle BOOTP queries.
Q: – What is DHCP’s purpose?
DHCP’s purpose is to enable individual
computers on an IP network to extract their configurations from a server (the
‘DHCP server’) or servers, in particular, servers that have no exact
information about the individual computers until they request the information.
The overall purpose of this is to reduce the work necessary to administer a
large IP network. The most significant piece of information distributed in this
manner is the IP address.
Q: – Can DHCP support remote
access?
PPP has its own non-DHCP way in which
communications servers can hand clients an IP address called IPCP (IP Control
Protocol) but doesn’t have the same flexibility as DHCP or BOOTP in handing out
other parameters. Such a communications server may support the use of DHCP to
acquire the IP addresses it gives out. This is sometimes called doing DHCP by
proxy for the client. I know that Windows NT’s remote access support does this.
A feature of DHCP under development (DHCPinform) is a method by which a DHCP server
can supply parameters to a client that already has an IP number. With this, a
PPP client could get its IP number using IPCP, then get the rest of its
parameters using this feature of DHCP. SLIP has no standard way in which a
server can hand a client an IP address, but many communications servers support
non-standard ways of doing this that can be utilized by scripts, etc. Thus,
like communications servers supporting PPP, such communications servers could
also support the use of DHCP to acquire the IP addressees to give out. The DHCP
protocol is capable of allocating an IP address to a device without an
IEEE-style MAC address, such as a computer attached through SLIP or PPP, but to
do so, it makes use of a feature which may or may not be supported by the DHCP
server: the ability of the server to use something other than the MAC address
to identify the client. Communications servers that acquire IP numbers for
their clients via DHCP run into the same roadblock in that they have just one
MAC address, but need to acquire more than one IP address. One way such a
communications server can get around this problem is through the use of a set
of unique pseudo-MAC addresses for the purposes of its communications with the
DHCP server. Another way (used by Shiva) is to use a different “client ID type”
for your hardware address. Client ID type 1 means you’re using MAC addresses.
However, client ID type 0 means an ASCII string.
Q: – How can I prevent
unauthorized laptops from using a network that uses DHCP for dynamic addressing?
This would have to be done using a
mechanism other than DHCP. DHCP does not prevent other clients from using the
addresses it is set to hand out nor can it distinguish between a computer’s
permanent MAC address and one set by the computer’s user. DHCP can impose no
restrictions on what IP address can use a particular port nor control the IP
address used by any client.
Q: – Can a BOOTP client boot
from a DHCP server?
Only if the DHCP server is specifically
written to also handle BOOTP queries.
Q: – Can DHCP work with Apple
Talk or IPX?
No, it is too tied to IP. Furthermore,
they don’t need it since they have always had automated mechanisms for
assigning their own network addresses.
Q: – What is a DHCP lease?
A DHCP lease is the amount of time that
the DHCP server grants to the DHCP client permission to use a particular IP
address. A typical server allows its administrator to set the lease time.
Q: – What is DHCP Spoofing?
Ascend Pipeline ISDN routers (which
attach Ethernets to ISDN lines) incorporate a feature that Ascend calls “DHCP
spoofing” which is essentially a tiny server implementation that hands an IP
address to a connecting Windows 95 computer, with the intention of giving it an
IP number during its connection process.
Q: – How long should a lease
be?
A very relevant factor is that the client
starts trying to renew the lease when it is halfway through: thus, for example,
with a 4 day lease, the client which has lost access to its DHCP server has 2
days from when it first tries to renew the lease until the lease expires and
the client must stop using the network. During a 2- day outage, new users
cannot get new leases, but no lease will expire for any computer turned on at
the time that the outage commences. Another factor is that the longer the lease
the longer time it takes for client configuration changes controlled by DHCP to
propogate.
Q: – Is a DHCP client
“supposed to” be able to use a BOOTP servers?
The RFC on such interoperability (1534)
is clear: “A DHCP client MAY use a reply from a BOOTP server if the
configuration returned from the BOOTP server is acceptable to the DHCP client.”
(section 3). The word “MAY” indicates such support, however useful, is left as
an option.
Q: – What is a Client IDs?
What is termed the Client ID for the purposes
of the DHCP protocol is whatever is used by the protocol to identify the client
computer. By default, DHCP implementations typically employ the client’s MAC
address for this purpose, but the DHCP protocol allows other options. Some DHCP
implementations have a setup option to specify the client ID you want. One
alternative to the MAC address is simply a character string of your choice. In
any case, in order for DHCP to function, you must be certain that no other
client is using the client ID you choose, and you must be sure the DHCP server
will accept it.
Q: – How can I relay DHCP if
my router does not support it?
A server on a net(subnet) can relay DHCP
or BOOTP for that net. Microsoft has software to make Windows NT do this.
Q: – Is a DHCP server “supposed
to” be able to support a BOOTP client?
The RFC on such interoperability (1534)
is clear: “In summary, a DHCP server:
… MAY support BOOTP clients,” (section 2). The word “MAY” indicates such support, however useful, is left as an option.
A source of confusion on this point is the following statement in section 1.5 of RFC 1541: “DHCP must provide service to existing BOOTP clients.” However, this statement is one in a list of “general design goals for DHCP”, i.e. what the
designers of the DHCP protocol set as their own goals. It is not in a list of requirements for DHCP servers.
… MAY support BOOTP clients,” (section 2). The word “MAY” indicates such support, however useful, is left as an option.
A source of confusion on this point is the following statement in section 1.5 of RFC 1541: “DHCP must provide service to existing BOOTP clients.” However, this statement is one in a list of “general design goals for DHCP”, i.e. what the
designers of the DHCP protocol set as their own goals. It is not in a list of requirements for DHCP servers.
Q: – Can DHCP support
statically defined addresses?
Yes. At least there is nothing in the
protocol to preclude this and one expects it to be a feature of any DHCP
server. This is really a server matter and the client should work either way.
The RFC refers to this as manual allocation.
Q: – What is a MAC address?
A MAC address (also called an Ethernet
address or an IEEE MAC address) is a number (typically written as twelve hexadecimal
digits, 0 through 9 and A through F, or as six hexadecimal numbers separated by
periods or colons, i.e. 0080002012ef, 0:80:0:2:20:ef) which uniquely identifes
a computer that has an Ethernet interface. Unlike the IP number, it includes no
indication of where your computer is located. In DHCP’s typical use, the server
uses a requesting computer’s MAC address to uniquely identify it.
Q: – Can a DHCP server back
up another DHCP servers?
You can have two or more servers handing
out leases for different addresses. If each has a dynamic pool accessible to
the same clients, then even if one server is down, one of those clients can
lease an address from the other server. However, without communication between
the two servers to share their information on current leases, when one server
is down, any client with a lease from it will not be able to renew their lease
with the other server. Such communication is the purpose of the “server to
server protocol” (see next question). It is possible that some server vendors
have addressed this issue with their own proprietary server-to-server
communication.
Q: – What protocol and port
does DHCP use?
DHCP, like BOOTP runs over UDP, utilizing
ports 67 and 68.
No comments:
Post a Comment