DHCP at Stanford Kent Reuber ,

Outline What DHCP is, and how it works What’s special about DHCP at Stanford What happens when DHCP doesn’t work Q&A

Skills You’ll Learn How to check Netdb records to see if DHCP is working the way you want How to look at DHCP server logs to troubleshoot problems How to uncover rogue DHCP servers on your network

DHCP Basics

What is DHCP “Dynamic Host Configuration Protocol” (RFC 2131) Automatically assigns IP addresses to devices (I.e. hosts) on your network –Prevents having to manually enter data –Prevents typos that can cause connectivity problems or disrupt the network (e.g., exchanging IP address and gateway address)

DHCP Conversation Four step process between client (UDP port 68) and servers (UDP port 67) –Client sends Discover “Someone send me an address”. This is a broadcast. –Servers Offer “Use this address”. –Client Requests “I’ll use this one”. (broadcast) –Servers Acknowledge “OK or No Way!” (ACK/NAK)

DHCP Results Servers should provide address, net mask, DNS servers, domain, and gateway (and perhaps other stuff, e.g., WINS) Client will be allowed to use the address for a period of time called a Lease –Normal campus addresses: 2 day lease –Roaming addresses: 42 minutes

Lease Renewal Halfway through lease period, client asks its current server to continue using the address. –Client sends Request (unicast). –Server sends Acknowledge. If current server isn’t available, client will broadcast request. This may cause it to change servers. If lease expires, client must stop using the address and start the process from scratch.

Looking at DHCP Information MacOS X: –Use “ipconfig getpacket interface_name” (e.g., en0). Lease times are in hexadecimal. Windows NT/2000/XP: –Command line: “ipconfig /all” Windows 95/98 –Winipcfg GUI utility

DHCP at Stanford

DHCP at Stanford: Netdb Connection Have to have MAC (hardware) address in Netdb and DHCP box checked to get DHCP provided address If you specify one or more IP addresses for a MAC address, you will always get one of those addresses if appropriate Use more than one IP address if you have multiple “home bases”, for example, an office in one building and a lab in another building.

Example Whois Record Multiple interfaces with multiple addresses: name: lapwarmer type: Node (Advanced) cpu: Apple PowerBook op-sys: MacOS X interfaces: 1) name: slab-en0 hw-addr: 000a.95a0.03ce dhcp roam ip-addr: slab slab-clark-92 2) name: slab-en1 hw-addr: eb.26dd dhcp roam ip-addr: slab-ap

DHCP and Netdb: Roaming Checking “roaming” allows you to get an address from the local roaming address pool if none of the IP addresses associated with your MAC address are appropriate For example, my laptop wired interface has two “home” addresses, and When on those nets, I’ll get the appropriate address. On other campus nets, I’ll get an address from the local roaming pool if one is available. If local roaming pool is full or doesn’t exist, I’m stuck!

How Big is the Local Roaming Pool? The number of addresses available for roaming is specified by the LNA Look at the network record for the network of interest: [mac-kent-x:~] reuber% whois name: Pine-B-net.Stanford.EDU ip-subnets: 1) addr space: /24 lo: 5 hi: 5 dhcp-addr: DNab4014f2.Stanford.EDU DNab4014f3.Stanford.EDU DNab4014f4.Stanford.EDU DNab4014f5.Stanford.EDU DNab4014f6.Stanford.EDU

More Roaming Trivia Each DHCP server (dusk, dawn) is responsible for 1/2 of the roaming pool. For example, if one of the servers were unavailable, only 1/2 of our roaming pool would be available.

Policy Issues Never add residential ( *.*) or Stanford West ( *) to campus Netdb records. Add campus address to residential or Stanford West records. Never assign clients new addresses in these ranges. Clients must contact RCC or Comm Services. More Stanford West info: cns/stanfordwest/faq.html

TroubleshootingTroubleshooting

SUNet Reports Troubleshooting Page (Off the main SUNet reports page. Must be a registered LNA to access this page.) Has links for looking at DHCP conversation for a particular client and for DHCP Dynamic (I.e., roaming) Address Utilization

Roaming Address Utilization Shows how many of your roaming addresses were used in the last 24 hrs. Pine-B-net / % Very rough indicator of usage.

DHCP Client Conversation Report Takes practice to read. Look for common date and time for messages Most helpful if you type in the MAC address rather than the IP address –Can see where the laptop has been –Can see the discover message (I.e., before the device gets an address)

Odd Addresses You Might Encounter 10.*.*.*: Hospital uses this range, but Airport base stations also give out this range (esp *) *.*. Used for a few special purposes on campus, but often used by rogue wireless access points *.* “Zero-conf” address -- device can’t contact DHCP server. May be indicative of Netdb, cabling, inactive jack, etc *.* Wireless guest network range (experimental). Will get this address on certain wireless nets when MAC address isn’t in Netdb.

Troubleshooting Questions For DHCP Problems What address if any did clients receive? Is their Netdb record set up correctly (correct MAC, DHCP/roaming checked)? What network is the user connected to when they’re trying to use DHCP? What is the network range? Does the user have an address on this network or is the user roaming? Are there available roaming addresses (roaming is defined and there are free addresses)? Check DHCP server report? What happened? There may be a physical problem (cabling issues, jack not activated, NIC problems, etc.).

Finding Rogue DHCP Servers If users are getting inappropriate 10.* or * addresses, may need to hunt for a rogue server on your net. Often, these rogue servers are poorly configured access points or PCs/Macs set for “Internet Sharing”. Note: Internet Sharing means sharing your *address* not your files! This shouldn’t be used at Stanford!

Finding Rogue Servers Must do this from a machine getting a “bad” address! Ping the machine acting as your DHCP server. Can get this info from the command line. Often the rogue will advertise itself as the gateway. Get the MAC address: –OS X: arp IP_ADDR –Windows: arp -a IP_ADDR Give MAC address to your LNA or submit a HelpSU ticket.

Questions?Questions?