Focus on DHCP server protection to ensure network security and stability

To improve network management efficiency, network administrators often set up and install DHCP servers in the LAN, this server is used to automatically provide Internet settings for normal workstations. When a common workstation in the LAN is connected to a network, it automatically sends a request packet for Internet parameters to the LAN, once the DHCP server receives the Internet request information from the client system, it will automatically provide the appropriate IP address, network mask address, gateway address, DNS address, and other parameters, in this way, the client system can access the network normally. Obviously, the stability of the DHCP server directly affects the performance of the LAN network. However, if there is another illegal DHCP server in the LAN network, the stability of the entire lan network will be damaged, and the general workstation system will be confused when accessing the Internet. In order to keep the LAN running stably, we need to find a way to protect the operation security of valid DHCP servers, so as to avoid the "impact" of illegal DHCP servers "!

Temporary protection DHCP

As we all know, the common workstation system sends the request information of the Internet parameters to the LAN network through broadcasting. All network devices in the LAN will receive requests from the common workstation, this naturally includes valid DHCP servers and invalid DHCP servers. However, whether the DHCP server is a valid DHCP server or an invalid DHCP server gives priority to responding to Internet requests from normal workstations, there are no rules. Therefore, when the system of a common workstation cannot obtain valid Online parameters, we can try to send broadcast information repeatedly, to temporarily ensure that the normal workstation establishes a connection with the valid DHCP server until the normal workstation can obtain valid Internet access parameters from the valid DHCP server.

Once we see that our workstation cannot access the Internet normally, we can open the doscommand line work window of the faulty workstation system and execute the "ipconfig/release" string command at the doscommand line prompt, to release the incorrect parameters.

Then try to run the "ipconfig/renew" string command to re-send the request packet for the Internet parameters to the LAN. If the above command returns the error result, then, we can continue executing the "ipconfig/release" and "ipconfig/renew" string commands in the local system running dialog box until the normal workstation obtains valid Online parameter information.

Of course, this method can only solve the urgent problem, and the number of repeated attempts cannot be determined, usually several or more times, and when the IP address Lease Term expires, the common workstation also needs to apply for an IP address from the lan dhcp server again. At that time, the normal workstation will still fail to access the Internet.

Long-term Protection DHCP

Generally, common workstations in the LAN are installed on Windows operating systems, we can use the domain management mode to protect the operation security of valid DHCP servers, and filter out invalid DHCP servers to ensure that the DHCP server does not assign incorrect Internet parameters to common LAN workstations. As long as we add valid DHCP server hosts to the LAN active directory in the LAN domain controller, we can ensure that all common workstations in the LAN are automatically taken from valid DHCP servers, the correct Internet parameters are obtained. This is because normal workstations in the domain send broadcast information to the network and valid DHCP servers in the same domain are used to apply for an Internet parameter address, the system automatically responds to the Internet requests from normal workstations first. If the DHCP server in the specified domain of the LAN does not exist or becomes invalid, illegal DHCP servers that are not added to the specified domain may respond to Internet requests from normal workstations.

To add valid DHCP servers to a domain specified by the LAN, follow these steps:

First, log on to the host system where the local area network controller is located as the system administrator, and open the Start menu on the system desktop, select programs, administrative tools, and DHCP to open the DHCP server console window of the corresponding system;

In the left-side area of the target Console window, right-click the target server host, execute the "Add Server" command from the shortcut menu, and click the "Browse" button, in the select computer dialog box that appears later, select the name of the host where the valid DHCP server is located, or directly enter the IP address of the host where the DHCP server is located in the "this server" text box, click OK. In this way, when a common workstation in a LAN domain accesses the internet in the future, the correct IP address parameter information is automatically obtained from a valid DHCP server.

Although this method works well, it has little practical significance for small-scale LAN units, because small-scale LAN networks are basically working in working groups, in this mode, valid DHCP servers cannot be protected.