Network Services Continued: DHCP and IPAM

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
8 hours 20 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:05
our next network service will take a look at is D H C P Dynamic Host Configuration protocol.
00:11
This allows the client to come on to the network, send out a Kerry and receive an I P address automatically
00:18
without D H C P. We would have to go to each system and statically configure an i p address.
00:23
This automates. That process makes life much easier.
00:27
You can see on the screen shot from Windows, where we've got the D. H. C P utility.
00:32
One of the most important things we have to think about doing is setting up a scope.
00:36
A scope is a range of IP addresses the D H C P server can issue.
00:41
So I might have a scope between 10 11 110 11 200 for instance, and then D H C P would be able to issue I P addresses anywhere in that range.
00:52
When I say D H C P will issue those addresses, it doesn't give a client I p addresses forever. Ain't nothing free.
01:00
What D H C P does is at least as an i p address to the client and the typical lease is eight days. So it released an address to a client for eight days. And if that client wants to renew their lease, they can contact the HCP after four days and ask, Hey, can I continue my lease? And if the HCP is accessible, it says, Sure.
01:21
If not, the client will try again and again. And if it can't contact the D. H C P server, the entire process just starts over.
01:29
Let's talk about what that leasing processes in just a second.
01:33
You can also reserve I P addresses for specific servers.
01:37
When you reserve an I P address, let's say I have a file server and I'd like that file server to always have the same I p address. I can create a reservation for that file server, enter its Mac address, and that way, when that file server comes online to get an I P address from D H C P. Based on smack,
01:53
it will be given that specific reserved I p address.
01:57
I can also exclude I p addresses from the range.
02:01
So maybe I'm going to give out I P addresses from 10 11 100 to 10 11 200 but 10 11 50 is a print server that I want to sign manually.
02:12
I can just exclude from that range. And 10, 11 50 won't be given to any other device, and I'll have to manually configure the print server.
02:21
So with reservations, a specific I P address is given to a specific host with exclusions. The I P address is removed from the range, and that requires the administrator to manually assign that address.
02:36
Sometimes exclusions are better.
02:38
If you have really critical servers, it's best to just statically assign an I P address.
02:44
Some services require that you do,
02:46
but also if you have a really critical server and you think about what would happen if D H. C P is down and I couldn't access that critical server, that could really be a problem.
02:57
When you have those really important servers on the network, it's probably just better to go ahead and give them a static address and exclude the address from that range.
03:06
I mentioned the leasing process just a few minutes ago, so let's go ahead and look at this.
03:10
You can remember the D H C P lease process through Dora Discover offer request acknowledge
03:19
The way the discovery process works is when a client comes online. It sends out a broadcast message that basically says, Hey, is anybody out there? D H C P server
03:29
Every D H C P server that Here's the query responds and says, I'm a d h c p server and here's an I P address for you.
03:37
Now the client is going to request the first i p address that it received as an offer.
03:42
Then that D H C P server is going to come back and acknowledge the client has been offered an I P address, and it's going to remove the I P address from its scope.
03:52
So that's the door process.
03:55
No,
03:55
there are a couple little things to note here.
03:59
First of all, to start the Discover messages, a broadcast.
04:01
There are some devices that don't allow broadcast to pass specifically routers.
04:06
We'll talk in a later chapter about what routers are and some of the peculiarities of them. But one of the things the router does is lock broadcast.
04:15
There are some broadcast that you don't want to go through your entire network.
04:18
You might want some broadcast limited to certain segments. So router does that for us.
04:25
But if I'm trying to get an I P address on the other side of a router that my broadcast is going to be blocked,
04:31
there are a couple of things we can do about this.
04:33
There's something called a deep CP relay agent, which is a kind of service you install on the router that will Ford those D H C P requests.
04:42
There are also certain routers referred to as RFC 15 42 compliant routers.
04:48
You can also hear them referred to as boot P routers.
04:53
These will also forward those discover messages from clients.
04:59
All right,
05:00
so the next service we look at is called I Pam I P. Address management.
05:04
So we may be in an environment that has multiple locations throughout the world.
05:10
We may have thousands and thousands of hosts
05:13
when you start to work with a very large organization becomes very challenging to keep up with all your network segments, the hippies, mattresses and any sort of naming resolution issues.
05:24
So there are a series of software tools that will assist you with determining what I P addresses are in use whether or not they're being fully utilized in any sort of issues that might have with your D H C P server scope.
05:36
You could also even use it with incident response because it's able to detect the I P addresses that are being used.
05:45
So that's going to bring us to the end of the services. We looked at DNS DNS. For name resolution and determining where services are.
05:53
We looked at D H C P for automatic I p address assignment, and then we looked at I Pam as a means of managing a more complex environment and keeping track of I p address scopes and names as well.
Up Next
CompTIA Network+ (N10-007)

The Cybrary Network+ Certification course provides students with the knowledge and insight to perform entry-level network-related tasks and to serve as one portion of a balanced study effort required to pass the Network+ exam.

Instructed By