The concepts advanced by DHCP include the functionality not used in daily situations, such as superscopes, ranges of multicast, and the delegation of the administration of DHCP. Moreover, in the environment of calculation of today, the management of the services by a command line environment is strongly desired. The following sections cover these advanced concepts of DHCP.
Understanding DHCP Superscopes
A DHCP Superscope is a container
that can include several DHCP scopes. A Superscope can be created when
a single network includes multiple network ranges. For example, if an
organization wanted to support different network clients or
organizations with a single router, a superscope with multiple scopes
configured with different network address spaces could be created.
Policies for each scope range could be configured along with
reservations to ensure that the desired clients get the right network
scope leases when they request a DHCP lease.
Examining DHCP Multicast Scopes
Organizations that require multicast
functionality might want to set up DHCP multicast scopes. Multicast
clients are used for media and deployment applications where several
systems will be accessing the same content. A few examples are
operating system deployments or video or audio presentations that each
client will access simultaneously. There are special uses for multicast
addressing, and DHCP multicast scopes can simplify the setup and
delivery in those scenarios.
Delegating Administration of DHCP
Even though DHCP services are quite critical
in most networking environments, organizations usually do not dedicate
servers specific for this service. DHCP services are usually bundles on
servers that host other services. In situations when DHCP
administration needs to be delegated to, say, the networking group or a
certain administrator, but access to the host server is not desirable,
DHCP delegation is the answer. To delegate DHCP administration, first
the administrator needs to have access to the DHCP server tools, and
those should be installed on the administrator’s IT administrative
workstation or on an IT central console server. Once the tools are
accessible, the IT administrator’s user account, or admin account, can
be added to the local DHCP security group named DHCP Administrators.
DHCP Netsh and PowerShell Administration
Like most Microsoft services today, DHCP can
be fully managed through a wide array of PowerShell functions and via
the Netsh command-line utility. To get a list of the available
commands, follow these steps.
1. On a system with the DHCP server tools installed, open a PowerShell console session.
2. Type get-command *DHCP* and press Enter to get the list of all the DHCP-related functions or cmdlets.
For example, type get-DHCPServerv4Binding -Computername server10.companyabc.com and press Enter to get the IPv4 address bound to the DHCP server named server10.companyabc.com.
3. To learn how to use
any PowerShell function or cmdlet (for example, the
get-DHCPServerv4Binding function), in the PowerShell window type get-help get-DHCPServerv4Binding -Full and press Enter to list the help information.
4. In the same window or in a command prompt window, to access the DHCP Netsh commands type Netsh DHCP List and press Enter to get a list of the commands available.
5. For example, if the
DHCP Post-Install Wizard was skipped or closed, the DHCP administrator
can add the security groups for delegation to the local server by using
the command Netsh DHCP Add SecurityGroups and pressing Enter.
This completes the overview of some of the DHCP administrative tasks that you can perform using PowerShell commands or Netsh.
DHCP by default is an unsecure
service and should be treated as such. For example, in a basic DHCP
deployment, if a malicious user gains access to the physical network or
a wireless network that the DHCP server provides IP addresses leases
for, that user can quickly get on the network and begin to try and hack
and communicate with the organizations’ systems. Wireless networks get
hacked every day, but that is a different topic. Getting access to
physical connectivity is less likely, but when it occurs the same risk
is presented. This is why every DHCP implementation should include some
form of security or frequent auditing.