DHCP at StanfordDHCP at StanfordDHCP at StanfordDHCP at Stanford

Kent ReuberKent Reuber

725-8092, reuber@stanford.edu725-8092, reuber@stanford.edu

Outline• What DHCP is, and how it works

• What’s special about DHCP at Stanford

• What happens when DHCP doesn’t work

• Q&A

Skills You’ll Learn

• How to check Netdb records to see if DHCP is working the way you want

• How to look at DHCP server logs to troubleshoot problems

• How to uncover rogue DHCP servers on your network

DHCP BasicsDHCP BasicsDHCP BasicsDHCP Basics

What is DHCP• “Dynamic Host Configuration Protocol” (RFC

2131)• Automatically assigns IP addresses to

devices (I.e. hosts) on your network– Prevents having to manually enter data– Prevents typos that can cause connectivity

problems or disrupt the network (e.g., exchanging IP address and gateway address)

DHCP Conversation• Four step process between client (UDP port

68) and servers (UDP port 67)– Client sends Discover “Someone send me an

address”. This is a broadcast.– Servers Offer “Use this address”.– Client Requests “I’ll use this one”. (broadcast)– Servers Acknowledge “OK or No Way!”

(ACK/NAK)

DHCP Results• Servers should provide address, net mask,

DNS servers, domain, and gateway (and perhaps other stuff, e.g., WINS)

• Client will be allowed to use the address for a period of time called a Lease– Normal campus addresses: 2 day lease– Roaming addresses: 42 minutes

Lease Renewal• Halfway through lease period, client asks its

current server to continue using the address.– Client sends Request (unicast). – Server sends Acknowledge.

• If current server isn’t available, client will broadcast request. This may cause it to change servers.

• If lease expires, client must stop using the address and start the process from scratch.

Looking at DHCP Information

• MacOS X:– Use “ipconfig getpacket interface_name” (e.g.,

en0). Lease times are in hexadecimal.

• Windows NT/2000/XP:– Command line: “ipconfig /all”

• Windows 95/98– Winipcfg GUI utility

DHCP at StanfordDHCP at StanfordDHCP at StanfordDHCP at Stanford

DHCP at Stanford: Netdb Connection

• Have to have MAC (hardware) address in Netdb and DHCP box checked to get DHCP provided address

• If you specify one or more IP addresses for a MAC address, you will always get one of those addresses if appropriate

• Use more than one IP address if you have multiple “home bases”, for example, an office in one building and a lab in another building.

Example Whois Record• Multiple interfaces with multiple addresses: name: lapwarmer

type: Node (Advanced) cpu: Apple PowerBook op-sys: MacOS Xinterfaces: 1) name: slab-en0 hw-addr: 000a.95a0.03ce dhcp roam ip-addr: 171.64.20.45 slab 171.65.92.2 slab-clark-92 2) name: slab-en1 hw-addr: 0003.93eb.26dd dhcp roam ip-addr: 171.66.32.245 slab-ap

DHCP and Netdb: Roaming

• Checking “roaming” allows you to get an address from the local roaming address pool if none of the IP addresses associated with your MAC address are appropriate

• For example, my laptop wired interface has two “home” addresses, 171.64.20.45 and 171.65.92.2. When on those nets, I’ll get the appropriate address. On other campus nets, I’ll get an address from the local roaming pool if one is available.

• If local roaming pool is full or doesn’t exist, I’m stuck!

How Big is the Local Roaming Pool?

• The number of addresses available for roaming is specified by the LNA

• Look at the network record for the network of interest:

[mac-kent-x:~] reuber% whois 171.64.20.0name: Pine-B-net.Stanford.EDUip-subnets: 1) addr space: 171.64.20.0/24 lo: 5 hi: 5 dhcp-addr: 171.64.20.242 DNab4014f2.Stanford.EDU 171.64.20.243 DNab4014f3.Stanford.EDU 171.64.20.244 DNab4014f4.Stanford.EDU 171.64.20.245 DNab4014f5.Stanford.EDU 171.64.20.246 DNab4014f6.Stanford.EDU

More Roaming Trivia• Each DHCP server (dusk, dawn) is

responsible for 1/2 of the roaming pool.

• For example, if one of the servers were unavailable, only 1/2 of our roaming pool would be available.

Policy Issues• Never add residential (128.12.*.*) or Stanford West

(171.66.152-159.*) to campus Netdb records.• Add campus address to residential or Stanford West

records.• Never assign clients new addresses in these ranges.

Clients must contact RCC or Comm Services.• More Stanford West info:

http://www.stanford.edu/group/itss-cns/stanfordwest/faq.html

TroubleshootingTroubleshootingTroubleshootingTroubleshooting

SUNet Reports Troubleshooting Page

• https://www.stanford.edu/group/networking/dist/sunet.reports/

(Off the main SUNet reports page. Must be a registered LNA to access this page.)

• Has links for looking at DHCP conversation for a particular client and for DHCP Dynamic (I.e., roaming) Address Utilization

Roaming Address Utilization

• Shows how many of your roaming addresses were used in the last 24 hrs.

Pine-B-net 171.64.20.0/24 5 3 60%

• Very rough indicator of usage.

DHCP Client Conversation Report

• Takes practice to read. Look for common date and time for messages

• Most helpful if you type in the MAC address rather than the IP address– Can see where the laptop has been– Can see the discover message (I.e.,

before the device gets an address)

Odd Addresses You Might Encounter

• 10.*.*.*: Hospital uses this range, but Airport base stations also give out this range (esp. 10.0.1.*)

• 192.168.*.*. Used for a few special purposes on campus, but often used by rogue wireless access points

• 169.254.*.* “Zero-conf” address -- device can’t contact DHCP server. May be indicative of Netdb, cabling, inactive jack, etc.

• 172.20.*.* Wireless guest network range (experimental). Will get this address on certain wireless nets when MAC address isn’t in Netdb.

Troubleshooting Questions For DHCP Problems

• What address if any did clients receive?• Is their Netdb record set up correctly (correct MAC,

DHCP/roaming checked)?• What network is the user connected to when they’re trying to

use DHCP? What is the network range?• Does the user have an address on this network or is the user

roaming?• Are there available roaming addresses (roaming is defined and

there are free addresses)?• Check DHCP server report? What happened?• There may be a physical problem (cabling issues, jack not

activated, NIC problems, etc.).

Finding Rogue DHCP Servers

• If users are getting inappropriate 10.* or 192.168.* addresses, may need to hunt for a rogue server on your net.

• Often, these rogue servers are poorly configured access points or PCs/Macs set for “Internet Sharing”. Note: Internet Sharing means sharing your *address* not your files! This shouldn’t be used at Stanford!

Finding Rogue Servers• Must do this from a machine getting a “bad” address!• Ping the machine acting as your DHCP server. Can

get this info from the command line. Often the rogue will advertise itself as the gateway.

• Get the MAC address:– OS X: arp IP_ADDR– Windows: arp -a IP_ADDR

• Give MAC address to your LNA or submit a HelpSU ticket.

Questions?Questions?Questions?Questions?