Export (0) Print
Expand All

Example DHCP Implementation

Updated: March 28, 2003

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

This DHCP example implementation depicts how a fictional company uses the Windows Server 2003–based DHCP servers to streamline and automate administration and assignment of IP addresses and other client configuration information. Though your network configuration might differ from this example, you can apply the basic concepts.

The company has two offices, a main administrative office, and branch offices 25 miles away. The company employs 600 people, many of whom travel frequently between the two offices with portable computers.

The main office is housed on two floors, with 75 desktop computer users per floor. Because many of these employees also have portable computers, conference rooms are configured with wireless networking. Wireless networking also provides ease of network connectivity to employees from the branch offices who are attending meetings at the main office.

Connectivity and Routing

A digital subscriber line (DSL) account at a rate of 1.1 megabits per second (Mbps) is established for each of the two company sites, providing a dedicated connection to the Internet through a DSL modem. Additional network adapters are installed on the server computers at both sites, one network adapter per subnet.

The DSL-connected server in the main office has two additional network adapters, one for Subnet A and one for Subnet B. On Subnet A, network cable runs from the network adapter to a hub. On wireless Subnet B, media network cable runs from the network adapter to a hub, then to wireless access points stationed in conference rooms.

The DSL-connected server computer in the branch office has four additional network adapters, one each for subnets C through F. On wireless subnet C, network cable runs from the network adapter to a hub, then to wireless access points stationed in conference rooms. On subnets D, E, and F, network cable runs from the network adapters to hubs that extend to each individual subnet.

To provide secure, private, encrypted communication between the two sites over DSL, both DSL-connected servers are also configured as virtual private network (VPN) servers.

To allow messages from both DHCP servers and DHCP clients to cross from site to site and between subnets at each site, the Routing and Remote Access service on the DSL-connected servers have the DHCP relay agent routing protocol installed and configured.

For more information about connecting remote sites, see "Connecting Remote Sites" in this book.

Transmission Security Between Sites

Because the company wants the highest level of security available for the VPN connection that allows the two sites to communicate using their 1.1 Mbps DSL connections over the Internet, they install a Windows Server 2003 certification authority (CA) and establish a Layer Two Tunneling Protocol (L2TP) connection, relying on Internet Protocol security (IPSec) for encryption services. The combination of L2TP and IPSec is known as L2TP/IPSec. With certificate-based authentication and an L2TP/IPSec connection, the company is using the strongest form of authentication in Windows Server 2003. For more information about using a certification authority, see "Designing an Authentication Strategy" in the Designing and Deploying Directory and Security Services book of this kit. For more information about using IPSec, see "Deploying IPSec" in this book.

Active Directory Domain Structure

The company uses Active Directory to list IP addresses of DHCP servers authorized for operation on the network. If an unauthorized DHCP server running Windows 2000 or Windows Server 2003 is started on the network, it determines its authorization status from the directory service. If the server determines that it is not authorized, it stops functioning in the domain as a DHCP server, and cannot be used to provide IP address leases to clients. There are two sites to define in Active Directory, one at the main administrative site and one at the branch office site. Creating two sites optimizes the exchange of directory information and facilitates administration by centralizing resources such as configuration information.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft