3    Dynamic Host Configuration Protocol

Dynamic Host Configuration Protocol (DHCP) enables you to centralize and automate IP address administration. Using a graphical application, you can configure several computers at once, ensuring that configurations are consistent and accurate. Even portable computers can be automatically configured each time they attach to the network.

This chapter describes the DHCP implementation on Digital UNIX systems, and provides information for setting up and maintaining the DHCP database. In addition, this chapter provides information on the xjoin application, and the different DHCP configurations.

The Digital UNIX DHCP implementation is based on the JOIN software product from Competitive Automation. For additional introductory information on DHCP, see dhcp(7).

3.1    The DHCP Environment

In the DHCP environment, systems can have the following roles:

• Server -- A Digital UNIX system that offers DHCP and BOOTP services to systems on the network. There can be one DHCP server on a subnetwork. Multiple servers can exist on a subnet, but each server's IP address range cannot overlap.

• Client -- A Digital UNIX system or any other system that requests configuration information from a DHCP server.

Figure 3-1 shows a sample corporate LAN in which a DHCP server is configured to supply IP addresses to clients in three different functional areas. In this configuration, the router must be configured to forward BOOTP packets. DHCP packets are BOOTP packets with DHCP extensions. See bprelay(8) for more information.

Figure 3-1: DHCP Configuration

3.1.1    DHCP Parameter Assignment

In the DHCP environment, DHCP parameters can be assigned to the following named entities:

• Groups -- Group parameters apply to all clients (nodes) on the network that share the same configuration values. By grouping these clients together, you can simplify the implementation and maintenance of your network configuration. You define a parameter once for a group instead of once for each individual node. After the group parameters are defined, you can use the settings for other subnet or node configurations.

  You can group nodes by logical area, by functional area, by physical area, or in any way you want. Groups can also be grouped together with other groups, subnets, and nodes.

• Subnets -- Subnet parameters apply to all clients (nodes) on a subnet. A subnet can also be considered a group, but a group that also shares a common subnet address. Subnets can be grouped together with other subnets and nodes.

• Nodes -- Node parameters apply to an individual client (node) in the network, and typically override subnet or group parameters.

These entities and their parameters have a hierarchical relationship to each other in your network. For example, Figure 3-1 shows a small business network named acme-net, comprising two subnets and three distinct groups, Accounting, Sales, and Engineering. A DHCP administrator might look at this network as one group named acme-net, consisting of two subnets (floor1 and floor2) that contain the individual nodes.

The acme-net group is at the top level of the hierarchy and specifies those parameters that apply to all systems in the network. At the next level down, the floor1 subnet specifies those parameters that apply to all nodes on that subnet and the floor2 subnet specifies those parameters that apply to all nodes on that subnet. If it were necessary to assign parameters on a group basis, the administrator could have floor1 subnet consist of the Accounting and Sales groups, with the individual nodes assigned to their respective groups. However, since these two groups are on the same subnet, this is probably unnecessary.

If Figure 3-1 showed a single LAN network with no subnets (no router), a DHCP administrator might look at this network as one group named acme-net, consisting of three groups (Accounting, Sales, and Engineering) that contain the individual nodes, respectively.

Groups can also be used to define a group of settings for one Ethernet or subnet number, allowing you to reuse the settings for other nodes or subnet configurations.

3.1.2    DHCP and Security

You can restrict client access to the DHCP server by creating a MAC address database. Only those clients whose addresses are in the database are allowed to receive an IP address. See Section 3.8 for more information.

3.2    DHCP Planning

This section describes those tasks you need to do before configuring DHCP.

3.2.1    Verifying that the DHCP Software is Installed

For a DHCP server system, verify that the DHCP server is installed by entering the following command:

#  setld -i | grep OSFINET400

If the subset is not installed, install it by using the setld command. For more information on installing subsets, see setld(8), the Installation Guide, or the System Administration manual.

For DHCP client systems, the DHCP client software is installed with the mandatory subsets.

3.2.2    Preparing for the Configuration

After you verify that the DHCP software is installed, you configure DHCP by using the xjoin utility. DHCP configuration consists of the following parts:

• Specifying server parameters

• Specifying basic DHCP parameters for groups, nodes, and subnets

The information you need depends on how you define the DHCP environment. Appendix A contains a worksheet that you can use to record the information that you need to provide to configure DHCP.

3.2.2.1    Information for Server Parameters

Figure 3-2 shows Part 2A of the Configuration Worksheet.

Figure 3-2: Configuration Worksheet, Part 2A

If you are viewing this manual online, you can use the print feature to print part of the worksheet. The following sections explain the information you need to record in Part 2A of the worksheet.

BOOTP address from pool

If you want the DHCP server to allocate an address from the pool to BOOTP clients, check TRUE. The address allocation is permanent. If you want the DHCP server to support BOOTP clients whose address is configured in the /etc/bootptab file (the usual method), check FALSE; this is the default.

BOOTP compatibility

If you want the server to act as a BOOTP server in addition to a DHCP server when a client requests a BOOTP address, check TRUE. If you want to configure a BOOTP server only, see Section 3.10.

Default lease time

The default time (in days, hours, minutes, and seconds) of a client's DHCP lease, unless one is explicitly configured for the node, subnet, or group.

Name service

The name service to be used by the server. A name service must be configured for the DHCP server. The name service is used to authenticate, route, address, and perform naming-related functions for other systems on the network. The following types of name services can be used by the server:

• The Domain Name Service (DNS) automatically translates hostnames to their numeric IP address.

• The Network Information Service (NIS) allows you to distribute hostname information in a network.

• A Local Name Service updates the /etc/hosts file with information about dynamically assigned names and addresses.

Ping timeout

The time (in milliseconds) for the ping timeout. The ping command is used to find out if a client on your network is available. When the ping program sends a request to the client, the client responds to the request and includes its IP address in the response. The Ping Timeout parameter is used to check that no other client is using an IP address prior to it being assigned by the server. After the timeout, the ping command stops checking.

Provisional time to live

The maximum time (in hours, minutes, and seconds) that an IP address remains on the provisionally allocated list before it can be allocated to another client. This prevents an IP address from being reused too quickly after a lease has expired.

Restrict to known MAC addresses

If you want to assign an IP address to a client's matching MAC address, check TRUE; otherwise, check FALSE. See Section 3.8 for additional information on restricting client access to the server.

3.2.2.1.1    IP Ranges

IP ranges are those IP addresses available for assignment to clients on the network. Although multiple DHCP servers can reside on the same subnetwork, the IP address ranges administered by each server must not overlap. For IP ranges, supply the following information:

Subnet address

Subnets are logical subdivisions of a single TCP/IP network. The subnet IP number identifies one segment of the network. As the number of networks grows, routing IP addresses can get very complicated. Using subnets allows more flexibility when assigning network addresses and simplifies the administration of network numbers. The IP address consists of the following information:

• Network address

• Subnetwork address

• Host address

The IP address is divided into four fields, each separated by a period. Each field represents an element of the address; for example, the following is a typical IP address:

128.174.139.47

In the preceding example, 128.174 is the network address, 139 is the subnet address, and 47 is the host address; therefore, the subnet address would be 128.174.139.0.

DHCP server

The IP address of the DHCP server.

IP ranges

The group of unique IP addresses that will be assigned to clients on the selected subnet. Using the preceding subnet address as an example, if there were 25 clients on the subnetwork, the range of IP addresses would be: 128.174.139.47 to 128.174.139.72.

A subnet address may have more than one corresponding IP Address Range.

The DHCP server can configure clients on more than one subnet as long as the routers between the server and the client forward BOOTP packets. See Section 3.2.2.2 and bprelay(8) for information about boot file and BOOTP parameters.

3.2.2.1.2    Host name list

A hostname list contains the names that are assigned clients when they are also assigned an IP address. For hostname lists, supply the following information:

Domain name

A domain represents computers that are grouped together for administrative reasons. Domain names are usually assigned to a company, and make administering the domain easy. For example, if a domain is changed so that it has access to a new service on the network, each computer that is part of the domain automatically has access to the new service.

Write down the domain name exactly as it was assigned by the NIC Domain Registrar, and include its top-level domain extension; for example, school.edu, Company.com, and city.gov.

Hostname prefix

A specific hostname prefix that is assigned to a system when the system requests a host name and there are no host names available for assignment. For example, in the company.com domain, if the names in the Hostname list box have all been assigned and the hostname prefix is net12host, the next two computers to request hostnames would receive net12host1 and net12host2 as their hostnames, respectively.

Hostnames

The host names to be assigned to systems that request them.

3.2.2.2    Information for Basic DHCP Parameters

Figure 3-3 shows Part 2B of the Configuration Worksheet.

Figure 3-3: Configuration Worksheet, Part 2B

If you are viewing this manual online, you can use the print feature to print part of the worksheet. The following sections explain the information you need to record in Part 2B of the worksheet.

Type of configuration

For node configuration, check NODE. For subnet configuration, check SUBNET. For group configuration, check GROUP.

Name of configuration

The name of the node, group, or subnet.

Member of group

For node, subnet, and group configurations, the name of a configuration from which to inherit DHCP parameter values. Parameters defined for that group also apply to this configuration.

Group members

For group configuration, the nodes, subnets, and groups that compose this group.

Net or subnet IP address

For subnet configuration, the IP address of the subnet. The IP address format is ddd.ddd.ddd.ddd. For example, if your subnet is 16.128, enter 16.128.0.0; you must include the trailing zeros.

Hardware address/Client ID

For node configuration, the Ethernet address of the client node.

Hardware type

For node configuration, a descriptive name to identify the system.

For node, subnet, and group configuration, BOOTP parameters allow you to specify how to pass configuration information to hosts on the network. For BOOTP parameters, supply the following information:

Boot file

The fully qualified path name of the client's default boot image.

Boot file server address

The IP address of the server that stores the boot file. The IP address format is ddd.ddd.ddd.ddd.

Bootfile size

The length, in 512-octet blocks, of the default boot image for the client. The file length is specified as a decimal number.

DNS domain name

The domain name the client should use when resolving hostnames using the Domain Name System.

DNS servers

A list of IP addresses of DNS (STD 13, RFC 1035) name servers available to the client, in order of preference. The address format is ddd.ddd.ddd.ddd.

Home directory

The pathname for the boot file, if it is not specified in the boot file name.

Host IP address (BOOTP)

The host IP address for BOOTP clients. The address format is ddd.ddd.ddd.ddd.

Routers

A list of IP addresses for routers. The address format is ddd.ddd.ddd.ddd.

Send client's hostname

If you want to send the client's host name, check TRUE. If you do not want to send the client's host name, check FALSE.

Subnet mask

The client's subnet mask as per RFC 950. A subnet mask allows the addition of subnetwork numbers to an address, and provides for more complex address assignments. If both the subnet mask and the router option are specified in a DHCP reply, the subnet mask option must be specified first. The subnet mask format is ddd.ddd.ddd.ddd.

TFTP root directory

The root directory for Trivial File Transfer Protocol (TFTP).

For subnet and group configuration, IP layer parameters affect the operation of the IP layer on a per-host basis. The required IP layer parameter is as follows:

Broadcast address

The broadcast address in use on the client's subnet. The address format is ddd.ddd.ddd.ddd.

Subnets are local

If all subnets of the IP network to which the client is connected use the same MTU as the subnet of the network to which the client is directly connected, check TRUE; otherwise, check FALSE. The client should assume that some subnets of the directly connected network may have smaller MTUs.

Supply masks

If the client should respond to subnet mask requests using ICMP, check TRUE; otherwise, check FALSE.

For a list of additional parameters and a description of each, see the xjoin application online help.

For node, group, and subnet configuration, lease parameters allow you to specify information about IP lease times. Lease times determine the length of time an IP address is used. The lease parameters, supply the following information:

DHCP rebinding time

The time interval (in seconds) from address assignment until the client requests a new lease from any server on the network.

DHCP renewal time

The time interval (in seconds) from address assignment until the client attempts to extend the duration of its lease with the original server.

Lease time

The amount of time (in months, days, hours, minutes, and seconds) the DHCP server will allow a DHCP client to use an IP address; for example, 2 months 5 days 45 minutes. The actual lease time is negotiated between the client and server.

3.3    Configuring a DHCP Server

You use the xjoin application to configure a DHCP server. To start the application, enter the following command:

#  /usr/bin/X11/xjoin

You can configure the following server information:

• Server/Security parameters

• IP ranges

• Hostnames

• DHCP client nodes

• Subnets

• Groups

To update the server so that the new configuration takes effect, select File and Update. To exit the application, select File and Exit. Then, click on Save and Exit to save your changes and exit the application. See xjoin(8) for more information.

3.3.1    Configuring Server Parameters

To configure the server parameters, do the following:

1. In the xjoin Main Window, click on the Server/Security tab.

2. On the left of the window, select Server.

3. In the drop-down menu, select Server/Security parameters.

4. In the middle, select a server parameter.

5. On the right, select True or False, or enter a value.

6. Repeat steps 4 and 5 for all server parameters you want to configure.

7. Select File and Update to update the server with new server parameters.

3.3.2    Configuring IP Ranges

To configure IP ranges, do the following:

1. In the xjoin Main Window, click on the Server/Security tab.

2. On the left, select Server.

3. In the drop-down menu, select IP Ranges.

4. In the middle, select New IP Range.

5. On the right, for each IP range, enter the subnet address, server address, and IP range. For IP ranges, do the following:

   1. Enter the beginning of the IP Address Range for the subnet (network, subnet, and host address).

   2. Press Tab to move to the next field.

   3. Enter the end of the IP Address Range.

6. Repeat steps 4 and 5 for each new IP range.

7. Select File and Update to update the server with new IP ranges.

3.3.3    Configuring Hostname Lists

You configure hostname lists only if you have set the Accept Client Name server parameter to False. (See Section 3.2.2.1.) If you have set Accept Client Name server parameter to True, the server automatically accepts the name a client suggests for itself; do not configure hostname lists.

To configure a host name, do the following:

1. In the xjoin Main Window, click on the Server/Security tab.

2. On the left, select Server.

3. In the drop-down menu, select Hostname Lists.

4. In the middle, select New Hostname List.

5. For each hostname list, enter the domain name, DHCP server name, hostname prefix, and hostname.

6. Repeat steps 4 and 5 for each host name.

7. Select File and Update to update the server with new hostname lists.

3.3.4    Configuring a Subnet

To configure a subnet, do the following:

1. Select the Subnets tab.

2. On the left, select New Record.

3. In the middle, select the Name parameter.

4. On the right, enter the name of the subnet configuration, for example, Subnet3.

5. Select Net or Subnet IP Address. Enter the Net or Subnet IP address that identifies the subnet portion of the network.

6. Select Member of Group. Enter the name of the group of which the subnet will be a member.

7. Select Broadcast Address. Enter the broadcast address for this subnet.

8. Enter information for basic DHCP parameters. See Section 3.2.2 and the xjoin online help for a description of these parameters.

   Note

   You do not have to change every value for the parameters in the Subnets tab; only those that describe your particular network configuration.

9. Select File and Update to update the server with new subnet configuration information.

10. Edit the /etc/join/netmasks file and add an entry for each subnetwork in your network. The format of each entry is as follows:

    subnet_address subnet_mask

3.3.5    Configuring a DHCP Client Node

To configure a node, do the following:

1. Select the Nodes tab.

2. On the left, select New Record.

3. In the middle, select the Name parameter.

4. On the right, enter the name of the node configuration; for example, Client5.

5. Select Hardware Type. Enter the type of network to which the node is connected; for example, Token Ring, Ether3, Pronet, Arcnet, or 0.

6. Select Hardware Address/Client ID. Enter the hardware address or the client ID of the node. If the Hardware Type defined in the previous step is zero, enter the Client ID (an alphanumeric string that you define).

   If you are using the hardware address (MAC address) of the node, enter it in the format 08:00:26:75:31:81. The hardware address is assigned when a workstation is manufactured, and is often displayed when the workstation is turned on or rebooted. The hardware address is also called the Ethernet address.

   Note

   All address numbers in this guide are examples only. Do not use them for your own purposes.

7. Select Member of Group. Enter the name of the group of which the node will be a member.

8. Enter information for basic DHCP parameters. See Section 3.2.2 and the xjoin online help for a description of these parameters.

   Note

   You do not have to change every value for the parameters in the Nodes tab, only those that describe your particular network configuration.

9. Select File and Update to update the server with new node configuration information.

3.3.6    Setting Group Parameters

To define a group, do the following:

1. Select the Groups tab.

2. On the left, select New Record.

3. In the middle, select the Name parameter.

4. On the right, enter the name of the group configuration; for example, Global.

5. Select Member of Group. If appropriate, enter the name of the group of which that the new group will be a member.

6. Select Group Members. Enter the names of subnets, nodes, or other groups that will be a member of the group. Press Tab between entries.

7. Enter information for basic DHCP parameters. See Section 3.2.2 and the xjoin online help for a description of these parameters.

   Note

   You do not have to change every value for the parameters in the Groups tab, only those that describe your particular network configuration.

8. Select File and Update to update the server with new group configuration information.

3.4    Starting the DHCP Server

After you install the OSFINET400 optional subset, run the installation script, and configure the server, you must start the server so that the new configuration takes effect. Digital recommends that you use the Network Configuration application of the Common Desktop Environment (CDE) Application Manager for starting the DHCP server on systems with graphics capabilities.

To start up the Network Configuration application, log in as root, double click on Network Configuration icon in the Configuration group. The Network Configuration main window is displayed, showing available network components and configured network components.

To exit the Network Configuration application, choose File then Exit. See netconfig(8X) for more information.

To start the DHCP server, do the following:

1. In the Network Configuration Main Window, select DHCP Server Daemon from the Available Network Components list box.

2. Click on Define Configuration. The Configuring DHCP Server Daemon Dialog Box appears.

3. Click on the Enable button in the DHCP Server Daemon field to start the DHCP server daemon each time the system boots.

4. Click on Commit to save the configuration and display a pop-up dialog box.

5. Click on Yes to start the DHCP daemon now and close the pop-up window.

6. Click on Close to close the Configuring DHCP Server Daemon dialog box. See the application online Help for additional information.

For more information about joind, see joind(8).

3.5    Starting the DHCP Client

When you configure the basic network connections on the client system you must specify an Internet address source. If you specify DHCP server and restart the network, the DHCP client daemon starts and uses DHCP to obtain IP configuration information. From then on, the DHCP client automatically starts each time the client computer is booted.

3.6    Monitoring DHCP Client Configuration

After the initial DHCP server configuration, you can check the status of a DHCP client by doing the following:

1. Log in to the DHCP server host as root.

2. Invoke the xjoin application by entering the following:

   #  /usr/bin/X11/xjoin
   

3. Select Active IP Snapshot in the drop-down menu. The Active IP Snapshot window displays, listing each configured DHCP client.

4. Click on a record on the left side of the window. The right side of the window displays all current configuration information for the client.

You can also modify client configuration information, permanently map a hardware address to an IP address, import a file into the active IP database, and remove records from this window. See xjoin(8) and the xjoin online help for more information.

3.7    Mapping Client IP Addresses Permanently

Typically, a client is assigned any free IP address from the pool of IP addresses. However, you might want to permanently map or assign an IP address to a client's hardware address. The IP address mapped to a hardware address does not need to come from the IP addresses you have already defined. To map an IP address to a client's hardware address permanently, do the following:

1. Log in to the DHCP server as root.

2. Invoke the xjoin application by entering the following command:

   #  /usr/bin/X11/xjoin
   

3. In the xjoin Main Window, click on the Server/Security tab.

4. Select Active IP Snapshot in the drop-down menu. The Active IP Snapshot window appears.

5. On the left side of the window, select New Record.

6. On the right side of the window, enter a value for each parameter. Press Return or Tab after each entry.

7. Click the Add button. This adds the new record to the database.

8. Repeat steps 2, 3, and 4 for each MAC address.

9. To update the server with new IP address mappings, select File and Update.

3.8    Restricting Access to the DHCP Server

You restrict client access to the DHCP server only if you have set the Restrict to Known MAC Address server parameter to True. (See Section 3.2.2.1.) If you have set Restrict to Known MAC Address server parameter to True, you must create a list of MAC addresses to be allowed access to and accept IP address assignment from the DHCP server. If you have set the server parameter to False, do not create a list of MAC addresses.

To create a list of MAC addresses to be allowed access to the DHCP server, do the following:

1. In the xjoin Main Window, click on the Server/Security tab.

2. Select Preload MAC Addresses in the drop-down menu. The Preload MAC Addresses window appears.

3. On the left side of the window, select New Record.

4. On the right side of the window, enter a value for each parameter. Press Return after each entry.

5. Click the Add button to add the new record to the database.

6. Repeat steps 2, 3, and 4 for each MAC address.

7. To update the server with new MAC addresses, select File and Update.

Alternatively, you can import a file into the MAC address database. To do this, click on Import and enter a file name. See jdbmod(8) for information on the imported file format.

To remove records from the MAC address database, select a MAC address on the left side of the window and click on Delete.

3.9    Configuring a BOOTP Client

To register a client to use BOOTP only, do the following:

• Log in as root.

• Invoke the xjoin application by entering the following:

  #  /usr/bin/X11/xjoin
  

• In the xjoin Main Window, click on the Nodes tab.

• Enter your BOOTP client information, including the bootfile name, host IP address, subnet mask, and any others the client requires. The basic BOOTP parameters are located together near the top of the middle column. To display additional parameters, click on the Basic DHCP Parameters drop-down menu and then select DHCP parameters.

• Select File and Update to update the server with these changes.

3.10    Disabling DHCP Address Assignment

In some cases, you might want to disable DHCP address assignment and use the BOOTP and DHCP server daemon (/usr/sbin/joind) to respond to BOOTP requests only. To disable all DHCP address assignment features in the DHCP and BOOTP server, do not specify an IP address range for any subnet (this is the default). If no IP address ranges are defined, the server never sends a DHCP reply in response to a DHCP client request.

If DHCP address assignment is disabled, DHCP clients that have previously registered with this server continue to operate until their leases timeout; the server will fail to renew the client lease.

3.11    Solving DHCP Problems

If DHCP clients are having problems obtaining DHCP information from the server, do the following:

1. Log in as root.

2. Kill the joind daemon.

3. Restart the joind daemon with the debug flag as follows:

   #  /usr/sbin/joind -d4
   

   If you are running joind from the /etc/inetd.conf file, do the following:

   1. Edit the /etc/inetd.conf file and add the -d4 flag.

   2. Kill the joind daemon.

   3. Kill the inetd daemon with a HUP. This forces inetd to reread the /etc/inetd.conf file.

4. Review the /var/join/log file for information about the cause of any DHCP client problems.

Example 3-1 shows a /var/join/log file message that indicates a DHCP discover message arrived at the server system, but the IP subnet address range is not defined.

Example 3-1: Sample DHCP Log File Message

DHCPDISCOVER from HW address 08:00:2b:96:79:b6 : network not administered
        by server

This problem can also occur if an address range is defined, but the /etc/join/netmasks file is missing the subnet mask definition for this IP network. In this case, edit the netmasks file, add an entry for the subnetwork, and restart the DHCP server, /usr/sbin/joind.