search the web

Monday, September 12, 2016

Dynamic Host Configuration Protocol (DHCP)

DHCP

Stands for “Dynamic Host Configuration Protocol”
Allows host/client to dynamically obtain its IP address from network server
when it joins network
– Client can renew its lease on address in use
– Allows reuse of addresses (only hold address while connected and “on”)
– Support for mobile users who want to join network
– Automated and centralized configuration of network
– Ports:
UDP 67 (request)
UDP 68 (response)
When we want to join/connect to a network we might:
- Request the network administrator to set/give us a static IP address
- Simply connect to the network and wait for DHCP server to do it!

Dynamic Host Configuration Protocol (DHCP)
DHCP

DHCP overview:

A host/client in order to get an IP from a dhcp server,
Should pass the following dialogue:
– Host/client broadcasts “DHCP discover” message
– DHCP server responds with “DHCP offer” message
– host requests IP address: “DHCP request” message
– DHCP server sends address: “DHCP ack” message

IP address leasing

IP address leasing
IP address leasing 
– DHCPDISCOVER
● Client broadcasts to discover dhcp
server in the network
– DHCPOFFER
● Server sends uni-cast to DHCP client
(suggest. IP, subnet, gateway, etc.)
– DHCPREQUEST
● Client sends broadcast to all DHCP
servers ! Why? and includes
server identifier to choose from offers
– DHCPACK
● Server sends uni-cast to client
(IP, subnet, gateway, etc.)










DHCP DORA

DHCP DORA
DHCP DORA 

DHCP Services

DHCP server assigns (at least) the following information:
- Client IP address and subnet mask
- Default gateway (default route)
- Name server (for name resolution)
- NTP server (for synchrony internal time setting)

Allocation Modes

DHCP server can assign IP addresses to the requested clients in
different ways:

Manual mode:

- Static mapping table for MAC and IP address
- Only hosts with listed MAC address receives IP address
- Allocation on undefined time
- Mostly used for servers ( static mapping, port forwarding)

Automatic static mode:

- Defined range of IP address for allocation
- Automated mapping of MAC and IP addresses
- Allocation on undefined time

Automatic dynamic mode:

- Defined range of IP address for allocation
- Automated mapping of MAC addresses and IP addresses
- Provides re-use of IP address

DHCP server leases IP address for a defined time period
Client renews lease time or release its IP address

DHCP commands

DHCPDISCOVER: Client broadcasts for DHCP server discovery

DHCPOFFER: DHCP servers answer on DHCPDISCOVER including their
specific values and parameters

DHCPREQUEST: Client broadcasts DHCP request including server
identifier to choose one of the DHCP server that has respond on
DHCPDISCOVER

DHCPACK: related DHCP server gives acknowledgment to the client's
related DHCPREQUEST

DHCPNAK: related DHCP server gives negative acknowledgment to the
client's related DHCPREQUEST (because of concurrent requests, etc.)

DHCPDECLINE: Client declines offer because of the IP is already used
in the network (checked with ARP)

DHCPRELEASE: Client releases it's actual configuration (for example if
network interface is set down) – that configuration than can be used
by other clients

 DHCPINFORM: only request for information / parameter excluding the
IP address
(for example if IP is configured in a static way for this client)

DHCP commands Analysis

DHCP Discover

DHCP Discover
DHCP Discover 

DHCP Offer

DHCP offer
DHCP offer

DHCP Request

DHCP Request
DHCP Request

DHCP Ack

DHCP Ack
DHCP Ack

DHCP Decline

DHCP Decline
DHCP Decline

Sample DHCP Configuration

#this is test DHCP server
ddns-update-style none;
option domain-name-servers 192.168.2.1;
default-lease-time 86400;
max-lease-time 604800;
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.155;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;

DHCP Security

What happens if an unauthorized DHCP server connects
to a network?
DHCP Security
DHCP Security

Scenario: Client requests for a bank website

CCNA tutorials
CCNA tutorials 

But before that, client has obtained IP address with offer of
a fake DHCP server !

DHCP CCNA tutorials
DHCP CCNA tutorials

As DHCP provides DNS server to the client who requested the IP,
Client will be cheated with fake and wrong DNS server as well !

fake client on DHCP
fake client on DHCP 













No comments: