Deploying DHCP Common Mistakes

Many companies realize that DHCP is a very important service. Without it, IP-based networks and applications will be paralyzed. However, many organizations still use the software that combines ad-hoc to deploy DHCP on the server. As a result, unwittingly, they make common mistakes that lead to severely reduced network availability and security. Below we list the common errors in deploying DHCP services:

DHCP lease time is set too long or too short

The recommended lease time depends on the degree of change in the network. The wireless network and the customer network have a high degree of change, which is not only caused by the expiration of the lease. Devices are constantly plugged in and out of the network, sometimes at very short intervals. Setting a lease that is too long in this case prevents others from using those addresses before the lease expires.

Failure to monitor IP address usage in the lease pool

Administrators will create enough address ranges for current use, and will reserve some extensions for the future, but they tend to Ignore the growth rate of each subnet. Technicians installing new devices using IP may be faster than expected, which will exhaust all IP addresses, and as a result, new devices will not be able to use the network. This will lead to an extension of the installation time of the new equipment, usually open a ticket to the IT department for help (translator: in many companies, when encountering problems in the network, equipment, etc. in daily work, can go to the internal IT system of the enterprise Create a problem description topic ticket, the IT department will seek solutions based on the ticket).

Forgotten or Wrong Optional Configuration

Remember: everything except the IP address is optional for DHCP. Each device requires a subnet mask, default route, and priority route. But if the administrator forgets to design these optional configurations, DHCP will not provide this information to the customer.

Failed to determine if the DHCP server is authenticated

It is important to understand that the meaning of "authentication" and "difference" is critical for a DHCP server. Ignoring this setting will cause major problems in the network, including: DHCP conflicts (the conflicting DHCP server prevents the client from obtaining an IP address, or the address is wrong) and loses important data (for example, the Novell network uses the INFORM package). Packages will only be replied if you authorize them, and the problem with Microsoft systems is the long-term possession of IP addresses, even when they are no longer valid.

UDP/BOOTP/DHCP Forwarding Lost or Unavailable

Because DHCP is broadcast-based, you need to enable UDP forwarding on the router to forward DHCP packets to the DHCP server. If you don't actually set this up, or if the configuration is incorrect, you'll run into a lot of problems: the customer didn't receive the address and the broadcast storm.

Unknown IP address overlap override

When an administrator configures the same address segment on multiple servers, and these servers do not use DHCP invalidation mechanism, this may result in the same network. The IP address copied in. The DHCP servers do not share information about the addresses that have been distributed, so they may assign the same address to different clients.

Incorrect use of shared networks

Although VLANs supported by Layer 3 switches and routers are common now, you may encounter a network design that uses secondary IP addresses. In other words, a routing interface (whether actual or virtual) contains the IP addresses of multiple networks. In the past, this was known as one-arm routing (“one armed routing”, or "router on a stick”). In this case, you must use a shared network to consolidate all your networks into one network. If you fail to use the shared network correctly, the user will end up with the wrong network address and therefore cannot communicate with other networks.