DHCP
Stands for “Dynamic Host Configuration Protocol”
Allows host/client to dynamically obtain its IP address from network server
when it joins network
– Client can renew its lease on address in use
– Allows reuse of addresses (only hold address while connected and “on”)
– Support for mobile users who want to join network
– Automated and centralized configuration of network
– Ports:
UDP 67 (request)
UDP 68 (response)
When we want to join/connect to a network we might:
- Request the network administrator to set/give us a static IP address
- Simply connect to the network and wait for DHCP server to do it!
 |
| DHCP |
DHCP overview:
A host/client in order to get an IP from a dhcp server,
Should pass the following dialogue:
– Host/client broadcasts “DHCP discover” message
– DHCP server responds with “DHCP offer” message
– host requests IP address: “DHCP request” message
– DHCP server sends address: “DHCP ack” message
IP address leasing
 |
| IP address leasing |
– DHCPDISCOVER
● Client broadcasts to discover dhcp
server in the network
– DHCPOFFER
● Server sends uni-cast to DHCP client
(suggest. IP, subnet, gateway, etc.)
– DHCPREQUEST
● Client sends broadcast to all DHCP
servers ! Why? and includes
server identifier to choose from offers
– DHCPACK
● Server sends uni-cast to client
(IP, subnet, gateway, etc.)
DHCP DORA
 |
| DHCP DORA |
DHCP Services
DHCP server assigns (at least) the following information:
- Client IP address and subnet mask
- Default gateway (default route)
- Name server (for name resolution)
- NTP server (for synchrony internal time setting)
Allocation Modes
DHCP server can assign IP addresses to the requested clients in
different ways:
Manual mode:
- Static mapping table for MAC and IP address
- Only hosts with listed MAC address receives IP address
- Allocation on undefined time
- Mostly used for servers ( static mapping, port forwarding)
Automatic static mode:
- Defined range of IP address for allocation
- Automated mapping of MAC and IP addresses
- Allocation on undefined time
Automatic dynamic mode:
- Defined range of IP address for allocation
- Automated mapping of MAC addresses and IP addresses
- Provides re-use of IP address
DHCP server leases IP address for a defined time period
Client renews lease time or release its IP address
DHCP commands
DHCPDISCOVER: Client broadcasts for DHCP server discovery
DHCPOFFER: DHCP servers answer on DHCPDISCOVER including their
specific values and parameters
DHCPREQUEST: Client broadcasts DHCP request including server
identifier to choose one of the DHCP server that has respond on
DHCPDISCOVER
DHCPACK: related DHCP server gives acknowledgment to the client's
related DHCPREQUEST
DHCPNAK: related DHCP server gives negative acknowledgment to the
client's related DHCPREQUEST (because of concurrent requests, etc.)
DHCPDECLINE: Client declines offer because of the IP is already used
in the network (checked with ARP)
DHCPRELEASE: Client releases it's actual configuration (for example if
network interface is set down) – that configuration than can be used
by other clients
DHCPINFORM: only request for information / parameter excluding the
IP address
(for example if IP is configured in a static way for this client)
DHCP commands Analysis
DHCP Discover
 |
| DHCP Discover |
DHCP Offer
 |
| DHCP offer |
DHCP Request
 |
| DHCP Request |
DHCP Ack
 |
| DHCP Ack |
DHCP Decline
 |
| DHCP Decline |
Sample DHCP Configuration
#this is test DHCP server
ddns-update-style none;
option domain-name-servers 192.168.2.1;
default-lease-time 86400;
max-lease-time 604800;
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.155;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
DHCP Security
What happens if an unauthorized DHCP server connects
to a network?
 |
| DHCP Security |
Scenario: Client requests for a bank website
 |
| CCNA tutorials |
But before that, client has obtained IP address with offer of
a fake DHCP server !
 |
| DHCP CCNA tutorials |
As DHCP provides DNS server to the client who requested the IP,
Client will be cheated with fake and wrong DNS server as well !
 |
| fake client on DHCP |
No comments:
Post a Comment