WEBVTT 00:04.459 --> 00:09.090 >> Our next network service we'll take a look at is DHCP, 00:09.090 --> 00:11.790 Dynamic Host Configuration Protocol. 00:11.790 --> 00:14.730 This allows a client to come onto the network send out 00:14.730 --> 00:17.775 a query and receive an IP address automatically. 00:17.775 --> 00:19.980 Without DHCP, we would have to go to 00:19.980 --> 00:23.265 each system and statically configure an IP address. 00:23.265 --> 00:26.850 This automates our process and makes life much easier. 00:26.850 --> 00:28.500 You can see on the screen, 00:28.500 --> 00:31.905 a shot from windows where we've got the DHCP utility. 00:31.905 --> 00:33.810 One of the most important things we have to think 00:33.810 --> 00:36.085 about doing is setting up a scope. 00:36.085 --> 00:37.530 A scope is a range of 00:37.530 --> 00:41.370 IP addresses the DHCP server can issue. 00:41.370 --> 00:45.135 I will have a scope between 1011100, 00:45.135 --> 00:47.730 and 1011200 for instance. 00:47.730 --> 00:50.000 Then DHCP would be able to issue 00:50.000 --> 00:53.045 IP addresses anywhere in that range. 00:53.045 --> 00:56.960 When I say DHCP will issue those addresses, 00:56.960 --> 00:58.280 it doesn't give a client 00:58.280 --> 01:01.270 IP addresses forever, ain't nothing free. 01:01.270 --> 01:02.960 What DHCP does 01:02.960 --> 01:05.350 >> is it leases an IP address to the client. 01:05.350 --> 01:07.910 >> The typical lease is eight days. 01:07.910 --> 01:10.730 It will release an address to a client for eight days. 01:10.730 --> 01:13.085 If that client wants to renew their lease, 01:13.085 --> 01:16.100 they can contact DHCP after four days and ask, 01:16.100 --> 01:18.230 "Hey, can I continue my lease?" 01:18.230 --> 01:20.060 And if DHCP is accessible, 01:20.060 --> 01:21.655 it says, "Sure." 01:21.655 --> 01:24.030 If not, the client will try again and again. 01:24.030 --> 01:26.690 If it can't contact the DHCP server, 01:26.690 --> 01:29.120 the entire process just starts over. 01:29.120 --> 01:31.040 We'll talk about what that leasing process 01:31.040 --> 01:32.845 is in just a second. 01:32.845 --> 01:37.055 You can also reserve IP addresses for specific servers. 01:37.055 --> 01:38.960 When you reserve an IP address, 01:38.960 --> 01:41.240 let's say I have a file server and I'd like 01:41.240 --> 01:44.135 that file server to always have the same IP address, 01:44.135 --> 01:46.970 I can create a reservation for that file server, 01:46.970 --> 01:48.600 enter its MAC address. 01:48.600 --> 01:51.020 That way when that file server comes online 01:51.020 --> 01:53.375 to get an IP address from DHCP, 01:53.375 --> 01:54.680 based on its MAC, 01:54.680 --> 01:58.189 it will be given that specific reserved IP address. 01:58.189 --> 02:01.955 I can also exclude IP addresses from the range. 02:01.955 --> 02:04.550 Maybe I'm going to give out IP addresses 02:04.550 --> 02:09.680 >> from 1011100 to 1011200 but 101150 is 02:09.680 --> 02:12.295 >> a print server that I want to assign manually. 02:12.295 --> 02:14.820 I can just exclude from that range and 02:14.820 --> 02:17.750 101150 won't be given to any other device. 02:17.750 --> 02:21.140 I'll have to manually configure the print server. 02:21.140 --> 02:23.180 With reservations, 02:23.180 --> 02:26.450 a specific IP address is given to a specific host. 02:26.450 --> 02:27.725 With exclusions, 02:27.725 --> 02:30.155 the IP address is removed from the range, 02:30.155 --> 02:32.090 and that requires the administrator to 02:32.090 --> 02:35.250 manually assign that address. 02:36.050 --> 02:39.090 Sometimes exclusions are better. 02:39.090 --> 02:41.075 If you have really critical servers, 02:41.075 --> 02:44.465 it's best to just statically assign an IP address. 02:44.465 --> 02:47.070 Some services require that you do, 02:47.070 --> 02:48.260 but also if you have 02:48.260 --> 02:50.570 a really critical server and you think about what would 02:50.570 --> 02:52.520 happen if DHCP is down 02:52.520 --> 02:54.905 and I couldn't access that critical server, 02:54.905 --> 02:56.770 that could really be a problem. 02:56.770 --> 02:58.490 When you have those really important 02:58.490 --> 02:59.670 servers on the network, 02:59.670 --> 03:01.820 it's probably just better to go ahead and give them 03:01.820 --> 03:03.149 a static address and 03:03.149 --> 03:05.689 >> exclude the address from that range. 03:05.689 --> 03:09.035 >> I mentioned the leasing process just a few minutes ago. 03:09.035 --> 03:11.140 Let's go ahead and look at this. 03:11.140 --> 03:15.335 You can remember the DHCP lease process through DORA; 03:15.335 --> 03:18.700 Discover, Offer, Request, Acknowledge. 03:18.700 --> 03:20.510 The way the discover process 03:20.510 --> 03:22.415 works is when a client comes online, 03:22.415 --> 03:25.100 it sends out a broadcast message that basically says, 03:25.100 --> 03:26.990 "Hey, is anybody out there? 03:26.990 --> 03:28.660 DHCP server?" 03:28.660 --> 03:30.740 Every DHCP server that 03:30.740 --> 03:32.690 here's the query, responds and says, 03:32.690 --> 03:37.400 "I'm a DHCP server and here's an IP address for you." 03:37.400 --> 03:39.620 The client is going to request 03:39.620 --> 03:42.580 the first IP address that it received as an offer. 03:42.580 --> 03:44.990 Then that DHCP server is 03:44.990 --> 03:47.420 going to come back and acknowledge the client has 03:47.420 --> 03:49.670 been offered an IP address and it's 03:49.670 --> 03:52.430 going to remove the IP address from its scope. 03:52.430 --> 03:55.320 That's the DORA process. 03:55.940 --> 03:58.930 There are a couple little things to note here. 03:58.930 --> 04:00.320 First of all, to start 04:00.320 --> 04:02.555 the discover message is a broadcast. 04:02.555 --> 04:05.000 There are some devices that don't allow broadcasts 04:05.000 --> 04:07.535 to pass, specifically routers. 04:07.535 --> 04:10.040 We'll talk in a later chapter about what routers 04:10.040 --> 04:12.590 are and some of the peculiarities of them. 04:12.590 --> 04:15.875 But one of the things a router does is lock broadcasts. 04:15.875 --> 04:17.690 There are some broadcasts you don't want 04:17.690 --> 04:19.460 to go through your entire network. 04:19.460 --> 04:20.960 You might want some broadcasts 04:20.960 --> 04:22.715 limited to certain segments, 04:22.715 --> 04:24.860 a router does that for us. 04:24.860 --> 04:27.350 But if I'm trying to get an IP address 04:27.350 --> 04:29.040 on the other side of a router, 04:29.040 --> 04:31.645 then my broadcast is going to be blocked. 04:31.645 --> 04:34.130 There are a couple of things we can do about this. 04:34.130 --> 04:37.190 There's something called a DHCP relay agent, 04:37.190 --> 04:39.050 which is a kind of service you install on 04:39.050 --> 04:42.275 the router that will afford those DHCP requests. 04:42.275 --> 04:45.080 There are also certain routers referred to as 04:45.080 --> 04:49.055 RFC 1542 compliant routers. 04:49.055 --> 04:53.105 You can also hear them referred to as boot P routers. 04:53.105 --> 04:54.500 These will also forward 04:54.500 --> 04:57.710 those discover messages from clients. 04:59.540 --> 05:02.345 The next service we look at is called 05:02.345 --> 05:05.420 IPAM, IP address management. 05:05.420 --> 05:07.640 We may be in an environment that has 05:07.640 --> 05:09.815 multiple locations throughout the world. 05:09.815 --> 05:13.385 We may have thousands and thousands of hosts. 05:13.385 --> 05:16.730 When you start to work with a very large organization, 05:16.730 --> 05:18.350 becomes very challenging to 05:18.350 --> 05:20.180 keep up with all your network segments, 05:20.180 --> 05:22.070 the IP addresses, and 05:22.070 --> 05:24.485 any sort of naming resolution issues. 05:24.485 --> 05:27.350 There are a series of software tools that will assist 05:27.350 --> 05:30.425 you with determining what IP addresses are in use, 05:30.425 --> 05:32.630 whether or not they're being fully utilized, 05:32.630 --> 05:34.580 and any sort of issues that might 05:34.580 --> 05:37.220 have with your DHCP server scope. 05:37.220 --> 05:38.870 You could also even use it with 05:38.870 --> 05:40.595 incident response because it's 05:40.595 --> 05:44.640 able to detect the IP addresses that are being used. 05:44.930 --> 05:48.300 That's going to bring us to the end of the services. 05:48.300 --> 05:49.845 We looked at DNS, 05:49.845 --> 05:51.580 DNS for name resolution, 05:51.580 --> 05:53.680 and determining where services are. 05:53.680 --> 05:57.590 We looked at DHCP for automatic IP address assignment. 05:57.590 --> 06:00.305 Then we looked at IPAM as a means of managing 06:00.305 --> 06:02.600 a more complex environment and keeping 06:02.600 --> 06:06.480 track of IP address scopes and names as well.