DHCP deployment and setting seven "fatal" errors

DHCP is the Dynamic Host Configuration Protocol, which is the protocol for many enterprises as a key service. Without DHCP, many TCP/ip-based networks and applications will not exist. However, many organizations still use a special combination of software on the server to provide DHCP services. And, unconsciously, these units make common mistakes, and these "fatal" errors are enough to undermine the effectiveness and security of our network.

Some of the mistakes that most units often make can be summed up in the following seven areas:

1. DHCP lease time is too long or too short: the recommended lease time varies with the rate at which the network changes. Wireless networks and customer networks have a higher frequency of change, which is closely related to the change in lease time. The device Gets or loses contact with the network, sometimes for a short time. A long lease time prevents other nodes from using these addresses until the lease ends.

2. Can not monitor the lease IP address pool address utilization: Administrators will create a dynamic range with sufficient IP address, and will create some additional scope to facilitate network expansion, but will lose the tracking of individual subnet extensions. Technicians will install new IP-enabled devices, even faster than expected, resulting in a situation where new devices are not allowed to enter the network.

3. Missing or incorrect options: Remember that everything except the IP address is considered an option by DHCP. Each device requires a subnet mask, a default router, and so on. However, if an administrator forgets to configure these options, the DHCP server cannot give the information to the client.

4. It is not possible to confirm that the DHCP server is necessary or unnecessary: In a DHCP server, there are two issues that are important, one is to understand the "necessary" meaning, and the other is the branching problem. Ignoring this problem will cause some of the major problems on the network, including DHCP conflicts (DHCP servers that conflict prevent clients from acquiring IP addresses, or incorrect IP addresses), and missing very important data (for example, Novell uses inform packets, This data is answered only when necessary, and some computers that use Microsoft's system prefer to insist on using their original IP address even if the addresses are not valid.

5. UDP/BOOTP/DHCP forwarding is missing or illegal: Because DHCP is broadcast based, forwarding on UDP must be enabled on the router to forward DHCP packets to the DHCP server. If you do not, or do not accurately, your trouble will come, and will encounter a number of problems, such as: The client can not get the IP address, broadcast storm and so on.

6. Created zone overlap: When administrators Configure the same IP range on multiple servers (and they do not use DHCP failover), then, in the end, you will have exactly the same IP address on your network. The DHCP server does not share information about which addresses have been allocated, so if the same IP address is available to multiple DHCP servers, it is possible to assign that address to a different client.

7. Improper use of a network that is not shared: even though it is already quite common to use three-tier switches, and routers support virtual LANs (VLANs), you may still encounter some networks that use secondary IP addressing. In other words, a separate router interface (real or virtual) that contains the IP addresses of multiple networks. In "The Good old days", this refers to "a fully armed routing". In this scenario, you must take a shared network and include all networks in one network. If you use a shared network incorrectly, the client will eventually get the IP address of the "error" Network and cannot communicate on the network.

DHCP configuration errors are not limited to this, but these errors can be a reference for you to check your own server.