DHCP Bonus Real-World Scenario: Dueling DHCP servers
- Last Updated: 07/15/2019
For this lab, you should have the DHCP server VM created in the KVM lab and a Cisco router on the same network, as well as a way of testing DHCP (i.e. a VM on the same vlan or a laptop plugged into a switchport with access to the same vlan.
This lab is still being developed and tested. Expect changes and additions, including pictures, in the near future
Configuring Cisco DHCP¶
Your vm running your DHCP server has crashed (go ahead and shut it down). You need to quickly get DHCP back up and running. Configure DHCP on your cisco switch or router to replace the VM and test it to see how the network now functions.
This lab is meant to allow you to practice researching and applying what you already know to new areas within networking, meaning that we will not be providing step-by-step instructions for how to do this. Instead, we are going to provide a sample DHCP configuration, so you should go in and change what is needed to match your current DHCP server. Remember to use the same lease ranges and times as you did when configuring DHCP on a VM, just within the Cisco configuration.
ip dhcp excluded-address 192.168.1.0 192.168.1.50 ip dhcp excluded-address 192.168.1.201 192.168.1.255 ip dhcp excluded-address 192.168.1.100 ip dhcp pool test-pool network 192.168.1.0 /24 domain-name test.local default-router 192.168.1.1 dns-server 192.168.1.10 192.168.1.11 lease 7
Unlike with our Linux DHCP server, Cisco includes every IP in the network as available for DHCP, so you must exclude ranges of IPs you don't wish to hand out. The first 3 lines of the config exclude the IP ranges of 192.168.0-50, 192.168.201-255 and the singular IP 192.168.1.100
The rest of the configuration sets up a DHCP pool, which is used to specify certain DHCP options for a single network. We specify the name "test-pool" in the config, which can be changed to reflect your specific network pool. The next 5 lines has nearly identical options to what you configured with Linux, with the network ID, domain-name, gateway, DNS servers and lease time.
Once you have setup the DHCP pool to work with your network, devices should now be able to get an IP address as they did prior to the the DHCP VM "crashing".
Things to think about:
What do you observe once you have the replacement DHCP server up? Do the clients get new leases with new IPs or keep their old ones?
Dueling DHCP Servers¶
Power your DHCP server vm back on, and watch what happens when you have 2 different DHCP servers running. Use dhclient to test release and renew from a laptop, or est vm. What happens ? What DHCP server wins? Change the IP subnet on the switch / router interface and the DHCP pool so it does not match your network any more. Example use 220.127.116.11/24 as a network / scope so you can tell which DHCP server wins.
Release and renew from your clients multiple times. What do you observe ?
What kinds of things start breaking on the network ?
(Use "dhclient -r interface" to release and "dhclient interface" to renew)
How do you tell which DHCP server gave you the lease? Use tcpdump to watch the traffic when running dhclient in a different window. How many leases are you offered ? What happens when you disable one of the dhcp servers, re-run dhclient, then re-enable the dhcp server. Does your lease tend to be "sticky" or does it bounce back to the original?
What kinds of real world problems might a "Rogue" DHCP server (i.e. a dhcp server randomly setup by someone other than the admin) cause?