In order to improve the efficiency of network management, in a working environment where the LAN is relatively large, network administrators often set up and install a DHCP server in the unit LAN, and automatically provide Internet access services for ordinary workstations through the server; After the ordinary workstation is connected to the unit network, it will automatically send the Internet parameter request packet to the LAN network. Once the DHCP server receives the Internet request information from the client system, it will automatically provide the appropriate IP address and network cover. Parameters such as code address, gateway address, and DNS address, so that the client system can access the network normally. It is obvious that the stability of the DHCP server directly affects the performance of the entire LAN network.
However, if the local area network, there is another one illegal DHCP server while running stability of the entire local area network will be destroyed, ordinary Internet workstation system will be chaos. In order to make the LAN network always stable, we need to find ways to protect the operational security of the legitimate DHCP server to avoid it being "shocked" by the illegal DHCP server!
Temporary protection DHCP
< BR>
As we all know, the ordinary workstation system sends the Internet access parameter request information to the local area network through broadcast. All network devices in the LAN will receive the Internet access request from the ordinary workstation, which naturally includes the legal DHCP server. An illegal DHCP server, but whether it is a legitimate DHCP server or an illegal DHCP server, there is no regularity in answering the Internet request of the ordinary workstation. Therefore, when the ordinary workstation system cannot obtain the effective Internet access parameter, we You can try to ensure that the normal workstation establishes a connection with a legitimate DHCP server by repeatedly sending broadcast information until the normal workstation can obtain valid Internet access parameters from the legitimate DHCP server.
Once you see your workstation can not access the Internet, we can open the DOS command line work window of the faulty workstation system, and execute the "ipconfig /release" string command at the DOS command prompt. The incorrect internet access parameters obtained before were released.
Then try to execute the "ipconfig /renew" string command to re-send the Internet parameter request packet to the LAN. If the above command returns incorrect result information, then we can continue execution in the local system run dialog box. The "ipconfig /release" and "ipconfig /renew" string commands are used until the normal workstation obtains valid Internet access parameters.
Of course, this method can only meet their immediate needs, but also the number of trial and error can not be determined, often requires several or a dozen times, and when the IP address lease duration expires, ordinary workstation needs Applying for an IP address to the local area network DHCP server again, the failure of the normal workstation to access the Internet will still occur.
Long-term protection DHCP
Normally, the ordinary workstations in the LAN are installed using the Windows operating system, in the Windows workstation system-based LAN working environment. We can use the domain management mode to protect the operational security of the legitimate DHCP server, and filter the illegal DHCP server to ensure that the DHCP server does not assign incorrect Internet access parameter information to the LAN common workstation. As long as we add a valid and valid DHCP server host to the LAN Active Directory in the LAN domain controller, all the normal workstations on the LAN will automatically obtain the correct Internet access parameter information from the valid and valid DHCP server. This is because the normal workstations in the domain send broadcast information to the network. When applying for the Internet access parameter address, the legal and valid DHCP server in the same domain will automatically respond to the Internet access request of the ordinary workstation. If the DHCP server in the specified domain of the LAN In the absence or failure, those illegal DHCP servers that do not join the specified domain are likely to respond to Internet requests from ordinary workstations.
To add a valid and valid DHCP server to the specified domain of the LAN, we can follow the following steps:
First log in to the specified domain controller of the LAN with system administrator privileges. On the host system, open the "Start" menu on the desktop of the system, click on the "Programs" /"Administrative Tools" /"DHCP" option, open the DHCP server console window of the corresponding system; secondly in the target console window On the left side of the display area, right-click on the target server host, execute the "Add Server" command from the pop-up shortcut menu, click the "Browse" button, and in the Select Computer dialog box that appears, select Valid. The host name of the DHCP server can also be entered directly in the "This server" text box, enter the IP address of the host where the DHCP server is located, and finally click the "OK" button to complete the setting operation. In this way, when the ordinary workstations in the designated domain of the local area network access the Internet in the future, the correct Internet access parameter information is automatically obtained from the legally valid DHCP server.
Although a good effect of this approach, but for the relatively small size of the local area network unit, there is almost no little practical significance because of the small size of the local area network almost all of the working group model, this work A DHCP server that is legally valid in the mode cannot be secured.