4    Dynamic Host Configuration Protocol

Dynamic Host Configuration Protocol (DHCP) enables you to centralize and automate IP address administration. Using a graphical application, you can configure several computers at once, ensuring that configurations are consistent and accurate. Even portable computers can be automatically configured each time they attach to the network.

This chapter describes:

• The DHCP implementation on Tru64 UNIX systems

• How to configure a DHCP server by using the xjoin and SysMan Menu utilities

• How to configure a DHCP server to support BOOTP clients

• How to manage DHCP client addressing

The implementation of DHCP in Tru64 UNIX is based on JOIN^® Server Version 4.1 from JOIN Systems, Inc. For additional information about DHCP, see the DHCP(7) reference page and the JOIN Server Administrator's Guide. The latter is provided by JOIN Systems in HTML format, and it can be accessed by opening the following file with a web browser:

/usr/doc/join/TOC.html

For troubleshooting information, see Section 14.5.

Note

Starting with Tru64 UNIX Version 4.0F, DHCP database files were stored in a new format that is incompatible with older formats. An online document explains the reasons behind this change, lists the files that are affected, and provides instructions for converting the files to the new format. The document, README-DB237, and conversion utility, conv185-237, are located in the /etc/join directory.

4.1    DHCP Environment

In the DHCP environment, systems can have the following roles:

• Server -- A system that offers DHCP and BOOTP services to other systems on the network. There can be one DHCP server on a subnetwork. Multiple servers can exist on a subnetwork, but each server's IP address range cannot overlap. If a cluster member is to support a DHCP server, there can be only one DHCP server for all of the cluster members using a common database with failover.

• Client -- A system that requests configuration information from a DHCP server. A cluster member should never be a DHCP client. It should always use static addressing.

Figure 4-1 shows a sample corporate LAN in which a DHCP server is configured to supply IP addresses to clients in three different functional areas. In this configuration, the router must be configured to forward BOOTP packets. DHCP packets are BOOTP packets with DHCP extensions. See the bprelay(8) reference page for more information.

Figure 4-1:  DHCP Configuration (acme-net)

4.1.1    DHCP Parameter Assignment

In the DHCP environment, DHCP parameters can be assigned to the following named entities:

• Groups -- Group parameters apply to all clients (nodes) on the network that share the same configuration values. By grouping these clients together, you can simplify the implementation and maintenance of your network configuration. You define a parameter once for a group instead of once for each individual node. After the group parameters are defined, you can use the settings for other subnetwork or node configurations.

  You can group nodes by logical area, by functional area, by physical area, or in any way you want. Groups can also be grouped together with other groups, subnetworks, and nodes.

• Subnetworks -- Subnetwork parameters apply to all clients (nodes) on a subnetwork. A subnetwork can also be considered a group, but a group that also shares a common subnetwork address. Subnetworks can be grouped together with other subnetworks and nodes.

• Nodes -- Node parameters apply to an individual client (node) in the network, and typically override subnetwork or group parameters.

These entities and their parameters have a hierarchical relationship to each other in your network. For example, Figure 4-1 shows a small business network named acme-net, comprising two subnetworks and three distinct groups, Accounting, Sales, and Engineering. A DHCP administrator might look at this network as one group named acme-net, consisting of two subnetworks, floor1 and floor2, that contain the individual nodes.

The acme-net group, at the top level of the hierarchy, specifies those parameters that apply to all systems in the network. At the next level, the floor1 subnetwork specifies those parameters that apply to all nodes on that subnetwork and the floor2 subnetwork specifies those parameters that apply to all nodes on that subnetwork. If it were necessary to assign parameters on a group basis, the administrator could have the floor1 subnetwork consist of the Accounting and Sales groups, with the individual nodes assigned to their respective groups. However, since these groups are on the same subnetwork, this is probably unnecessary.

If Figure 4-1 showed a single LAN with no subnetworks (no router), a DHCP administrator might look at this network as one group named acme-net, consisting of three groups (Accounting, Sales, and Engineering) that contain the individual nodes, respectively.

Groups can also be used to define a group of settings for one Ethernet or subnetwork number, allowing you to reuse the settings for other nodes or subnetwork configurations.

4.1.2    DHCP and Security

You can restrict client access to the DHCP server by creating a Media Access Control (MAC) address database. Only those clients with addresses in the database are allowed to receive an IP address. See Section 4.8 for more information.

4.2    Planning DHCP

This section describes those tasks you need to do before configuring DHCP.

4.2.1    Verifying Installation of the DHCP Software

For a DHCP server system, verify that the DHCP server is installed by entering the following command:

# setld -i | grep OSFINET500

If the subset is not installed, install it by using the setld command. For more information on installing subsets, see the setld(8) reference page, the Installation Guide, or the System Administration manual.

For DHCP client systems, the DHCP client software is installed with the mandatory subsets.

4.2.2    Preparing for the Configuration

After you verify that the DHCP software is installed, you configure DHCP by using the xjoin utility to:

• Specify server parameters

• Specify basic DHCP parameters for groups, subnetworks, and nodes

The information you need depends on how you define the DHCP environment. The following sections contain worksheets that you can use to record the information required to configure DHCP.

4.2.2.1    Server/Security Parameters

Figure 4-2 shows the DHCP Server/Security Parameters Worksheet. If you are viewing this manual online, you can use the print feature to print this worksheet. The following sections explain the information you need to record on the worksheet.

Figure 4-2:  DHCP Server/Security Parameters Worksheet

BOOTP address from pool

If you want the DHCP server to allocate an address from the pool to BOOTP clients, check True. The address allocation is permanent. If you want the DHCP server to support BOOTP clients whose address is configured in the /etc/bootptab file (the usual method), check False; this is the default.

BOOTP compatibility

If you want the server to act as a BOOTP server in addition to a DHCP server when a client requests a BOOTP address, check True. For no BOOTP client support, check False. If you want to configure a BOOTP server only, see Section 4.10.

Default lease time

The default time (in days, hours, minutes, and seconds) of a client's DHCP lease, unless one is explicitly configured for the node, subnetwork, or group.

Name service

The name service to be used by the server. A name service must be configured for the DHCP server. The name service is used to authenticate, route, address, and perform naming-related functions for other systems on the network. The following types of name services can be used by the server:

• A Local Name Service updates the /etc/hosts file with information about dynamically assigned names and addresses.

• The Domain Name Service (DNS) automatically translates host names to their numeric IP address.

• The Network Information Service (NIS) allows you to distribute host name information in a network.

Ping timeout

The time (in milliseconds) for the ping timeout. The ping command is used to determine if a client on your network is available. When the ping program sends a request to the client, the client responds to the request and includes its IP address in the response. The Ping timeout parameter is used to check that no other client is using an IP address prior to it being assigned by the server. After the timeout, the ping command stops checking.

Provisional time to live

The maximum time (in hours, minutes, and seconds) that an IP address remains on the provisionally allocated list before it can be allocated to another client. This prevents an IP address from being reused too quickly after a lease has expired.

Restrict to known MAC addresses

If you want to assign an IP address to a client's matching MAC address, check True; otherwise, check False. See Section 4.8 for additional information on restricting client access to the server.

4.2.2.1.1    IP Ranges

IP ranges are those IP addresses available for assignment to clients on the network. Although multiple DHCP servers can reside on the same subnetwork, the IP address ranges administered by each server must not overlap. For IP ranges, supply the following information:

Subnetwork address

Subnetworks are logical subdivisions of a single TCP/IP network. The subnetwork IP number identifies one segment of the network. As the number of networks grows, routing IP addresses can get very complicated. Using subnetworks allows more flexibility when assigning network addresses and simplifies the administration of network numbers. The IP address consists of the following information:

• Network address

• Subnetwork address

• Host address

The IP address is divided into four fields, each separated by a period. Each field represents an element of the address; for example, the following is a typical IP address:

128.174.139.47

In the preceding example, 128.174 is the network address, 139 is the subnetwork address, and 47 is the host address; therefore, the full subnetwork address is 128.174.139.0.

DHCP server

The IP address of the DHCP server.

IP ranges

The group of unique IP addresses to be assigned to clients on the selected subnetwork. Using the preceding subnetwork address as an example, if there are 25 clients on the subnetwork, the range of IP addresses is: 128.174.139.47 to 128.174.139.72.

A subnetwork address can have more than one corresponding IP Address Range.

The DHCP server can configure clients on more than one subnetwork as long as the routers between the server and the client forward BOOTP packets. See Section 4.2.2.2 and the bprelay(8) reference page for information about boot file and BOOTP parameters.

4.2.2.1.2    Host name list

A host name list contains the names that are assigned clients when they are also assigned an IP address. For host name lists, supply the following information:

Domain name

A domain represents computers that are grouped together for administrative reasons. Domain names are usually assigned to a company, and make administering the domain easy. For example, if a domain is changed to have access to a new service on the network, each computer that is part of the domain automatically has access to the new service.

Write down the domain name exactly as it was assigned by the NIC Domain Registrar, and include its top-level domain extension; for example, school.edu, Company.com, and city.gov.

DHCP server

The IP address of the DHCP server.

Host name prefix

A specific host name prefix that is assigned to a system when the system requests a host name and there are no host names available for assignment. For example, in the company.com domain, if the names in the Host name list box are all assigned and the host name prefix is net12host, the next computers to request host names will receive net12host1, net12host2, and so on as their host names.

Host names

The host names to be assigned to systems that request them.

4.2.2.2    Information for Basic DHCP Parameters

Figure 4-3 shows the Basic DHCP Parameters Worksheet. If you are viewing this manual online, you can use the print feature to print this worksheet. The following sections explain the information you need to record on the worksheet.

Figure 4-3:  Basic DHCP Parameters Worksheet

Configuration type

For node configuration, check Node. For subnetwork configuration, check Subnet. For group configuration, check Group.

Configuration name

The name of the node, group, or subnetwork.

Member of group

For node, subnetwork, and group configurations, the name of a configuration from which to inherit DHCP parameter values. Parameters defined for that group also apply to this configuration.

Group members

For group configuration, the nodes, subnetworks, and groups that compose this group.

Net or subnetwork IP address

For subnetwork configuration, the IP address of the subnetwork. The IP address format is ddd.ddd.ddd.ddd. For example, if your subnetwork is 16.128, enter 16.128.0.0; you must include the trailing zeros.

Hardware address

For node configuration, the Ethernet address of the client node.

Hardware type

For node configuration, a descriptive name to identify the system.

For node, subnetwork, and group configuration, BOOTP parameters allow you to specify how to pass configuration information to hosts on the network. For BOOTP parameters, supply the following information:

Boot file

The fully qualified path name of the client's default boot image.

Boot file server address

The IP address of the server that stores the boot file. The IP address format is ddd.ddd.ddd.ddd.

Boot file size

The length, in 512-octet blocks, of the default boot image for the client. The file length is specified as a decimal number.

DNS domain name

The domain name the client should use when resolving host names using the Domain Name Service.

DNS server IP addresses

A list of IP addresses of DNS (STD 13, RFC 1035) name servers available to the client, in order of preference. The address format is ddd.ddd.ddd.ddd.

Home directory

The pathname for the boot file, if it is not specified in the boot file name.

Host IP address (BOOTP)

The host IP address for BOOTP clients. The address format is ddd.ddd.ddd.ddd.

Routers

A list of IP addresses for routers. The address format is ddd.ddd.ddd.ddd.

Send client's host name

If you want to send the client's host name, check True. If you do not want to send the client's host name, check False.

Subnetwork mask

The client's subnetwork mask as per RFC 950. A subnetwork mask allows the addition of subnetwork numbers to an address, and provides for more complex address assignments. If both the subnetwork mask and the router option are specified in a DHCP reply, the subnetwork mask option must be specified first. The subnetwork mask format is ddd.ddd.ddd.ddd.

TFTP root directory

The root directory for Trivial File Transfer Protocol (TFTP).

For subnetwork and group configuration, IP layer parameters affect the operation of the IP layer on a per-host basis. The required IP layer parameters are as follows:

Broadcast address

The broadcast address in use on the client's subnetwork. The address format is ddd.ddd.ddd.ddd.

Subnetworks are local

If all subnetworks of the IP network to which the client is connected use the same maximum transfer unit (MTU) as the subnetwork to which the client is directly connected, check True; otherwise, check False. The client should assume that some subnetworks of the directly connected network may have smaller MTUs.

Supply masks

If the client should respond to subnetwork mask requests using ICMP, check True; otherwise, check False.

For a list of additional parameters and a description of each, see the JOIN Server Administrator's Guide (/usr/doc/join/TOC.html).

For node, group, and subnetwork configuration, lease parameters allow you to specify information about IP lease times. Lease times determine the length of time an IP address is used. For the lease parameters, supply the following information:

DHCP rebinding time

The time interval (in seconds) from address assignment until the client requests a new lease from any server on the network.

DHCP renewal time

The time interval (in seconds) from address assignment until the client attempts to extend the duration of its lease with the original server.

Lease time

The amount of time (in months, days, hours, minutes, and seconds) the DHCP server will allow a DHCP client to use an IP address; for example, 2 months 5 days 45 minutes. The actual lease time is negotiated between the client and server.

4.3    Configuring a DHCP Server

Use the xjoin application to configure a DHCP server. To start the application, enter the following command:

# /usr/bin/X11/xjoin

You can configure the following server information:

• Server/Security parameters

• IP ranges

• Host names

• Subnetworks

• DHCP client nodes

• Groups

To update the server so that the new configuration takes effect, click on the Add/Update button in the lower right-hand side of the window. To exit the application, select File and Exit from the menu bar. See the xjoin(8) reference page and the JOIN Server Administrator's Guide (/usr/doc/join/TOC.html) for more information.

4.3.1    Configuring Server/Security Parameters

To configure the Server/Security parameters, do the following:

1. Click on the Server/Security tab in the xjoin main window.

2. Select the Server item from the left side of the window.

3. Select Server/Security parameters from the pull-down menu.

4. Select a server parameter.

5. Select True or False, or enter a value.

6. Repeat steps 4 and 5 for all server parameters you want to configure.

7. Click on the Add/Update button to update the server with the new Server/Security parameters.

4.3.2    Configuring IP Ranges

To configure IP ranges, do the following:

1. Click on the Server/Security tab in the xjoin main window.

2. Select the Server item from the left side of the window.

3. Select IP Ranges from the pull-down menu.

4. Select the New IP Range item.

5. Enter the subnetwork address, server address, and IP range. For each IP range, do the following:

   1. Enter the beginning of the IP Address Range for the subnetwork (network, subnetwork, and host address).

   2. Press the Tab key to move to the next field.

   3. Enter the end of the IP Address Range.

6. Repeat steps 4 and 5 for each new IP range.

7. Click on the Add/Update button to update the server with new IP ranges.

4.3.3    Configuring Host Name Lists

You configure host name lists only if the Accept Client Name server parameter is set to False. (See Section 4.2.2.1.) If the Accept Client Name server parameter is set to True, the server automatically accepts the name a client suggests for itself; do not configure host name lists.

To configure a host name list, do the following:

1. Click on the Server/Security tab in the xjoin main window.

2. Select the Server item from the left side of the window.

3. Select Hostname Lists from the pull-down menu.

4. Select the New Hostname List item.

5. Enter the domain name, DHCP server name, host name prefix, and host names for each host name list.

6. Repeat steps 4 and 5 for each host name.

7. Click on the Add/Update button to update the server with new host name lists.

4.3.4    Configuring a Subnetwork

To configure a subnetwork, do the following:

1. Click on the Subnets tab in the xjoin main window.

2. Select the New Record item from the left side of the window.

3. Select the Name parameter.

4. Enter the name of the subnetwork configuration, for example, Subnet3.

5. Select the Member of Group parameter. Enter the name of the group of which the subnetwork will be a member.

6. Select the Net or Subnet IP Address parameter. Enter the Net or Subnet IP address that identifies the subnetwork portion of the network.

7. Select the Broadcast Address parameter. Enter the broadcast address for this subnetwork.

8. Enter information for basic DHCP parameters in the appropriate fields. See Section 4.2.2 and the JOIN Server Administrator's Guide (/usr/doc/join/TOC.html) for descriptions of these parameters.

   Note that you do not have to change each parameter value in the Subnets tab; only those that describe your particular network configuration.

9. Click on the Add/Update button to update the server with new subnetwork configuration information.

10. Edit the /etc/join/netmasks file and add an entry for each subnetwork in your network. The format of each entry is as follows:

    subnet_address subnet_mask

4.3.5    Configuring a DHCP Client Node

To configure a node, do the following:

Note

A cluster member should never be a DHCP client. It should always use static addressing.

1. Click on the Nodes tab in the xjoin main window.

2. Select the New Record item from the left side of the window.

3. Select the Name parameter.

4. Enter the name of the node configuration; for example, Client5.

5. Select the Hardware Type parameter. Enter the type of network to which the node is connected; for example, Token Ring, Ether3, Pronet, Arcnet, or 0.

6. Select the Hardware Address/Client ID parameter. Enter the hardware address or the client ID of the node. If the Hardware Type defined in the previous step is zero, enter the Client ID (an alphanumeric string that you define).

   If you are using the hardware address (MAC address) of the node, enter it in the format nn:nn:nn:nn:nn:nn (for instance, 08:00:26:75:31:81). The hardware address is assigned when a workstation is manufactured, and is often displayed when the workstation is turned on or rebooted. The hardware address is also called the Ethernet address.

7. Select the Member of Group parameter. Enter the name of the group of which the node will be a member.

8. Enter information for basic DHCP parameters. See Section 4.2.2 and the JOIN Server Administrator's Guide (/usr/doc/join/TOC.html) for descriptions of these parameters.

   Note that you do not have to change each parameter value in the Nodes tab, only those that describe your particular network configuration.

9. Click on the Add/Update button to update the server with new node configuration information.

Depending on the DHCP client, the MAC address field is not always the actual MAC address of the client's network adapter. The following Microsoft clients are known to modify the MAC address before sending it to the server:

• Windows 95

• Windows NT

• Windows for Workgroups with Microsoft TCP/IP

These clients prefix the MAC address with the hardware type. The MAC address type is 0 and the length is 7 (instead of 6). For example, if your Ethernet address is 11:22:33:44:55:66, you must specify the following for static IP mapping:

• MAC address: 01:11:22:33:44:55:66

• MAC type: 0

• MAC length: 7

If you do not specify the MAC address in this manner, the client will fail to collect an IP address from the DHCP server.

See the documentation for your Microsoft product for more information.

4.3.6    Setting Group Parameters

To define a group, do the following:

1. Click on the Groups tab in the xjoin main window.

2. Select the New Record item from the left side of the window.

3. Select the Name parameter.

4. Enter the name of the group configuration; for example, Global.

5. Select the Member of Group parameter. If appropriate, enter the name of the group of which that the new group will be a member.

6. Select the Group Members parameter. Enter the names of subnetworks, nodes, or other groups that will be members of the group. Press the Tab key between entries.

7. Enter information for basic DHCP parameters. See Section 4.2.2 and the JOIN Server Administrator's Guide (/usr/doc/join/TOC.html) for descriptions of these parameters.

   Note that you do not have to change each parameter value in the Groups tab, only those that describe your particular network configuration.

8. Click on the Add/Update button to update the server with new group configuration information.

4.4    Starting the DHCP Server (joind)

After you install the OSFINET500 optional subset, run the installation script, and configure the server, you should use the SysMan Menu application of the Common Desktop Environment (CDE) Application Manager to start the DHCP server to implement the new configuration. To invoke the SysMan Menu application, follow the instructions in Chapter 1.

To start the DHCP server, do the following:

1. From the SysMan Menu, select Networking-->Additional Network Services-->Set up the system as a DHCP Server (joind) to display the DHCP Server Daemon dialog box.

   Alternatively, enter the following command on a command line:

   # /usr/bin/sysman joind
   

   The utility asks if you want this system to be a DHCP server.

2. Select the Yes radio button to enable the joind daemon.

3. Set the debugging level. The default is 0 for no debugging information. Higher numbers produce more detailed debugging information.

4. Set the Log Level by selecting the appropriate radio button.

5. Select OK to save the changes and enable the joind daemon. You are informed that the daemon is running.

6. Select OK to dismiss the message and close the DHCP Server Daemon dialog box.

The DHCP Server Daemon dialog box also allows you to disable and stop the joind daemon. See the SysMan Menu online help for additional information.

Caution

Do not use the kill -9 command to stop the DHCP server daemon; it can corrupt your database files. Use the Configuring DHCP Server Daemon dialog box or the kill -HUP command instead.

See the joind(8) reference page for more information about the joind daemon.

4.5    Starting the DHCP Client

When you configure the basic network connections on the client system you must specify an Internet address source. If you specify DHCP server and restart the network, the DHCP client daemon starts and uses DHCP to obtain IP configuration information. From then on, the DHCP client automatically starts each time the client computer boots.

4.6    Monitoring DHCP Client Configuration

After the initial DHCP server configuration, you can check the status of a DHCP client by examining the contents of the /var/join/log file or by doing the following:

1. Log in as root to the DHCP server host.

2. Invoke the xjoin application by entering the following command:

   # /usr/bin/X11/xjoin
   

3. Click on the Server/Security tab in the xjoin main window.

4. Select Active IP Snapshot from the pull-down menu. The Active IP Snapshot window is displayed, listing each configured DHCP client.

5. Click on a record on the left side of the window to display all current configuration information for the client.

You can also use the xjoin application to modify client configuration information, permanently map a hardware address to an IP address, import a file into the active IP database, and remove records from this window. See the xjoin(8) reference page and the JOIN Server Administrator's Guide (/usr/doc/join/TOC.html) for more information.

4.7    Mapping Client IP Addresses Permanently

Typically, a client is assigned the first available IP address from the pool of IP addresses. However, you might want to permanently assign an IP address to a client's hardware address or Media Access Control (MAC) address. The IP address mapped to a hardware address does not need to come from the IP addresses you have already defined. To permanently map an IP address to a client's hardware address, do the following:

1. Log in as root to the DHCP server.

2. Invoke the xjoin application by entering the following command:

   # /usr/bin/X11/xjoin
   

3. Click on the Server/Security tab in the xjoin main window.

4. Select Active IP Snapshot from the pull-down menu. The Active IP Snapshot window is displayed.

5. Select the New Record item.

6. Enter a value for each parameter. Press the Return or Tab key after each entry. Specify the integer -1 for Lease Expiration to ensure that the IP address assignment is preserved in the DHCP database (it will never expire).

7. Click on the Add/Update button to add the new record to the database.

8. Repeat steps 5, 6, and 7 for each MAC address you want to permanently map.

4.8    Restricting Access to the DHCP Server

You restrict client access to the DHCP server only if you set the Restrict to Known MAC Address server parameter to True. (See Section 4.2.2.1.) If you set the Restrict to Known MAC Address server parameter to True, you must create a list of MAC addresses that can access and accept IP address assignments from the DHCP server. If you set the server parameter to False, do not create a list of MAC addresses.

To create a list of MAC addresses that can access the DHCP server, do the following:

1. Click on the Server/Security tab in the xjoin main window.

2. Select Preload MAC Addresses from the pull-down menu. The Preload MAC Addresses window is displayed.

3. Select the New Record item.

4. Enter a value for each parameter. Press the Return key after each entry.

5. Click on the Add/Update button to add the new record to the database.

6. Repeat steps 3, 4, and 5 for each MAC address that you want to access the DHCP server.

Alternatively, you can import a file into the MAC address database by using the jdbmod command. See the jdbmod(8) reference page for information on the imported file format.

To remove records from the MAC address database, select a MAC address from the left side of the window and click on the Delete button.

4.9    Configuring a BOOTP Client

To register a client to use BOOTP only, do the following:

1. Log in as root.

2. Invoke the xjoin application by entering the following command:

   # /usr/bin/X11/xjoin
   

3. Click on the Nodes tab in the xjoin main window.

4. Enter BOOTP client information, including the boot file name, host IP address, subnetwork mask, and any other required information. The basic BOOTP parameters are grouped together below the Key parameters in the middle column. To display additional parameters, click on the Basic DHCP Parameters pull-down menu and select DHCP Parameters.

5. Click on the File/Update button to update the server with the BOOTP client information.

4.10    Disabling DHCP Address Assignment

In some cases, you might want to disable DHCP address assignment and use the BOOTP and DHCP server daemon (/usr/sbin/joind) to respond to BOOTP requests only. To disable all DHCP address assignment features in the DHCP and BOOTP server, do not specify an IP address range for any subnetwork (this is the default). If no IP address ranges are defined, the server never sends a DHCP reply in response to a DHCP client request.

If DHCP address assignment is disabled, DHCP clients that have previously registered with this server continue to operate until their leases timeout; the server will fail to renew the client lease.