DHCP Explained – Step by Step Server Configuration

– You’re probably using it right now. ♪ ‘Cause we both deserve it all ♪ (upbeat music) – Don’t deny it, you’re
probably using DHCP if you’re watching this video. Whether it’s on a device like this, notice, using DHCP to
connect to the internet, or, perhaps, on a computer. Modern networks rely very heavily on DHCP. For example, if you go to
Starbucks, or a coffee shop, or you go to the airport, it’s very unlikely that
you’re gonna be walking around saying, “What’s the IP address
that I should be using? “Which IP address should
I configure my device as?” Very unlikely that you’re
gonna be doing that, and the reason for that
is IP addresses are, more often than not,
dynamically allocated, especially to client devices. So, here’s an example
of some client devices. Client devices could be PCs, could be Internet of Things devices, such as these, could be phones. Servers typically have IP
addresses configured statically, because you need to
connect to that server. So, as an example, if
you go to facebook.com, or some other website, that domain name needs to be
resolved to an IP address, and you need to connect
to a specific IP address, or range of IP addresses, and
they are statically defined, but more often than not, client devices are
automatically configured, or dynamically configured,
because it’s too much work to manually configure these devices. I mean, when was the last time you manually configured your
phone with an IP address? Most of us probably have never done that, or only in exceptional circumstances. With Internet of Things devices, such as these lights,
or devices like cameras, it doesn’t make sense to
manually configure IP addresses. So as an example, here’s a IP camera. I’m probably not going to
configure this device statically. I’m gonna let it
dynamically be configured. Now, DHCP, or Dynamic Host
Configuration Protocol, is, once again, a
fundamental building block in networks today. Okay, but, how does DHCP actually work? Do you know the messages sent between what’s called
a client and a server? Do you know how they work? In this video, I’m gonna show you practically how to configure and use DHCP. I’ve got a network here. I’m gonna demonstrate DHCP using a router, which I’ll configure as a DHCP server. This is a Cisco router, but
the same principles apply whether you’re configuring a home router, or some other kind of
device as your DHCP server. I’ve got a Windows PC
and I’ve got a Linux PC that are going to get IP
addresses from the router, and I’m gonna run
Wireshark in this topology to show you how DHCP actually works. So rather than just talking about it, I’m gonna demonstrate it. Here’s an example of someone just talking about what DHCP is, rather than practically demonstrating it. Alexa, what is DHCP? – [Alexa] In computer networking, the Dynamic Host
Configuration Protocol, DHCP, the network application
protocol used by devices, DHCP clients, to obtain
configuration information for operation in an
internet protocol network. – Okay, not sure if you
understood any of that, but there you go, there’s a
so-called definition of DHCP. It’s gonna make a lot more sense, however, if I show you this practically. Now, she did mention some terms there, so let’s look at some
of those on this iPhone. If I go to Settings, go
to my Wi-Fi networks, so, in this example, it’s ABC1top 5GHz. Go and look at the information. I can see firstly that the address has been allocated automatically
rather than manually. BootP is the predecessor to
DHCP, we won’t worry about that. Two main ways to configure IP addresses: dynamically, or automatically,
if you prefer that term, or statically, where
you manually configure the IP address on the device. Notice we have an IP address. In this example, it’s We have a subnet mask, We have a router, That is also known as the default gateway, or the way to get to the internet. So, for a lot of people, they don’t understand necessarily
the technical terms here, they just want Wi-Fi, and
Wi-Fi equates to internet, so that’s obviously not the same thing. Wi-Fi is the way that we connect to a network using wireless technologies. The internet is a totally
different concept, and I won’t discuss that right now, but basically, the router,
or the default gateway, is the way that you get,
typically, to the internet. Notice we’ve got this option, Renew Lease. DHCP IP addresses are
typically only allocated for a period of time. When you configure the DHCP server, you as the administrator
decide how long a lease is, so you can say it’ll last for
three days, or for a week. You typically don’t wanna
allocate IP addresses permanently, even though you can in certain cases, because devices change. As an example, when you go to Starbucks, you’re not gonna be there permanently. You’re only going there
for a period of time. A DHCP pool, or scope, typically only consists of
a range of IP addresses, so there may be only 250
IP addresses in the pool, or in the scope. As people come and go, we
wanna reuse those IP addresses, so we only wanna allocate
them for a period of time. At Starbucks, or other places,
they may reduce that interval to a much smaller period of time, so that addresses are reused more often. Notice this option, Configure
DNS, Automatic or Manual. In this example, the DNS server is the local router, That could be configured as That’s a Google DNS
server, quite a famous one. That, once again, is configured
by the DHCP administrator. So that’s an example of
DHCP on a client, a phone. We have many devices that use DHCP. IoT, or Internet of Things
devices such as these, typically don’t get configured
statically, or manually. It’s too much work to
configure it manually. You’re gonna wanna do it dynamically. This device, as an example, gives me a indication of the
air quality in this room, so my iPhone, using IP, is connecting to the
information from that device so that I can see how good the
air quality is in the room. I can talk to an Alexa. Alexa, start CCNA Quiz. – [Alexa] Welcome to
David Bombal’s CCNA Quiz. I will ask you 24 questions. Try to get as many right as you can. Just say the number of the answer. Let’s begin, question one. Which of the following describes RSTP–
– Alexa, stop. – [Alexa] Okay, let’s play again soon. – So, that device has been
allocated an IP address by DHCP. It’s connecting through Wi-Fi, no physical ethernet cables
here, to the internet, so going to the default gateway. Okay, so, without further ado, I’m gonna show you practically
how to configure DHCP now, and show you how it actually works. Okay, so in this topology, I’ve turned off the Windows
PC and the Linux host. I wanna configure the router first, and then once I’ve configured the router, I wanna run Wireshark on this link so that you can see the DHCP messages, so you can see the entire thing happening. Okay, so here’s the router. Show IP DHCP, let’s look
at some options, binding. At the moment, there are no bindings. We haven’t configured an address pool yet. Now, an address pool,
in Cisco terminology, is very similar to a
scope on, say, Windows, or another platform. I’m basically gonna create
a pool of addresses, and I’m gonna give it a name. Let’s call it pc. This could be any name. I’m gonna specify the network
that is gonna be allocated, and the subnet mask. Now, don’t worry if you
aren’t used to Cisco commands. Similar kind of principles apply no matter what device you’re working on. Here, I’ve got a home router. This is a BT home router. I’m based in the UK, so British Telecom is my service provider. This is the device that
connects me to the internet. If I go to Advanced Settings
here on this device, make this a bit bigger,
and go to Home Network, and go to IP Addresses,
what you’ll see here is this is the IP address of the router, so that would typically
be my default gateway if I connected to the wireless network, or Wi-Fi network, on this device. There’s the subnet mask. The DHCP server is enabled, and I’ve manually configured
a range of addresses, and I’ve specified the lease time. So, a lease time, in
this case, is three days. Typically, a host will try
and renew its IP address halfway through the lease time, so that’s an example on a home router, in this example, a British Telecom router. On Cisco routers, you’re
typically gonna use the CLI, or Command Line Interface,
to configure the devices. So the network is, once
again, this network. That’s similar in concept to specifying a range of addresses. The way Cisco do it is
you specify the network, and then you specify what’s
called an exclusion range of addresses that you wanna exclude. So typically, you’re gonna wanna exclude the router’s IP address from the pool, and perhaps other network
devices that you’ve got. Okay, so default gateway,
or default router, will be the local router. That’s the IP address of the local router. I’ll specify the DNS server
as the local router as well. Now, I know that IP address, because I’ve configured this
router to use this IP address, so I’ve basically configured, show run shows me the
configuration of the Cisco router, I’ve configured the Cisco
router with a DHCP pool. This is the network. This is the default
router, or default gateway. This is the DNS server. Very similar to this being the
IP address of my BT router. This is the subnet mask that’s being used, and these are the addresses
that are being allocated. Now, I haven’t specified a lease time. I could do that, so ip dhcp pool pc. Many options are available here. Many commands can be configured. So, I could specify lease, and then specify number of days if I wanted to, or specify infinite. Be careful with infinite, because you could use up
your pool of addresses. So I’ll just specify a
lease time of one day. I could specify a domain
name, as an example, of, let’s say, that, so davidbombal.com. If I go back one step, I could say IP DHCP excluded addresses, and let’s exclude the router
from the address pool. So, on the router, show ip dhcp pool. I’ve configured a pool of addresses. The pool’s name’s pc. Total addresses in the pool is this. This is the addresses in the address pool. No addresses have been
leased at the moment. Show run once again shows us
that IP addresses in this range will be allocated, but this one won’t. Default router, DNS server, domain name. Okay, so let’s start Wireshark on the link between the
switch and the router. So, Wireshark is running. I can see various protocols here. You can see, as an example,
CDP, Spanning-tree, a bunch of protocols, but
I’m gonna filter for DHCP, because I only wanna see DHCP messages. Okay, what I’ll do is start
the Windows host first. So this Windows PC is actually running as a virtual machine in my topology. I’m running on a Mac here. GNS3 is a way for me
to virtualize networks, and I’m virtualizing a
network of a Cisco router, switch, a Linux host,
and a Windows PC, so. PC has booted up, I’ll log in. I’m gonna start a CMD prompt, and I’ll make this bigger
so that it’s easier to read. So, ipconfig, and I’m
thinking Linux there, it should be ipconfig,
not ifconfig, so ipconfig. Notice I can see domain name. I can see IP address that was allocated. I can see subnet mask, default gateway. Now, the reason this PC used
that address, and not, is because that address
was allocated previously, and it’s just trying to
get to the same IP address. So, IP address has been allocated. I can use the command ipconfig
/all to see more information, so scrolling up again,
there’s the command. This is the host name. Now, notice it’s called MSEdgeWin10. That becomes important when we look at the Wireshark capture. There’s the domain name. We can see the MAC address of the PC, so this is the MAC address burnt into the network interface card. I could see that, as an example,
by going to Control Panel, Network and Internet, View network status, look at my network interface card. Notice if I click on Details, I’ll be able to see the
physical IP address, and IP address information
in a similar way to using ipconfig. I can also see when I go to
Properties that I’m using DHCP. Obtain IP address automatically, obtain DNS server
information automatically, and using the ipconfig /all command, I can see IP address, subnet mask, notice, default gateway,
and DNS server information, shown in the output here. Okay, so let’s have a look at Wireshark. Now, before getting into the nitty-gritty, I wanna show you a really
nice option in Wireshark. Notice here we have messages: Discover, Offer, Request,
and Acknowledgment. In Wireshark, you can go
to the Statistics menu, and click Flow Graph, and you can see messages
being sent on the network. I’m gonna limit this to the filter, which at the moment is DHCP, and notice what you can
see in the output here. Just make this a bit
smaller, so I can zoom in. Notice we’ve got DHCP Discover, with this Transaction ID ending in c3. Here’s an Offer, here’s a Request, and here’s an Acknowledgement. This shows graphically the
process of how the client, notice there’s no IP address here, sends a broadcast
message,, trying to discover DHCP
servers on the network. So, it’s saying, “Who’s out
there? I need an IP address.” The DHCP server offers an
IP address to the client. There may be multiple DHCP
servers on the network, so the DHCP servers that
receive these Discover messages will offer IP addresses to the client. The client will then request
one of those IP addresses. In this example, it’s only DHCP server, so it’s only going to
request the IP address from that DHCP server, but if there were multiple
DHCP servers in the network, it would request an IP
address from one of them, typically the first one
to offer an IP address, and then the DHCP server will
acknowledge that Request. This is a great option in Wireshark. You can graphically see, Discover, Offer, Request, and Acknowledgement. Again, Discover, try and discover DHCP servers on the network. DHCP server will offer an
IP address to the client. The client will then accept that Offer, and request the IP address
from that DHCP server, and the DHCP server will
acknowledge that Request. Now, notice in the Wireshark capture, I’ve got a DHCP Discover, DHCP Offer, DHCP Request, and DHCP Acknowledgement. Notice the IP address on DHCP Discover. There’s no IP address. It’s sending a message
to a broadcast address, so the PC is trying to discover a DHCP server on the internet. Notice the MAC address ends in 80:b0. Going back to my PC, notice
MAC address ends in 80-B0, so this message is being
sent from that Windows PC. We can also see that by looking
at the client identifier. Notice MAC address there. Message Type is DHCP Discover. The PC is trying to
discover a DHCP server, and as mentioned, notice it’s requesting to use this IP address. The reason for that is
because, once again, the PC used that IP address previously, and it’s trying to get
the same IP address. If a new device boots
up, it won’t do that, and I’ll show you that in a moment, but because this MSEdgeWin10 PC previously was allocated this IP address, it’s simply requesting
the same IP address again. Notice you can see under Host Name the name of this Windows PC. Once again, there it
is on the Windows host. So, in Windows, and in Wireshark. So, first step is Discover. PC is trying to discover the DHCP server. Now, this IP address, once again,, is the DHCP server. In our example, this is the router. Router is configured with this IP address, so the router replies back
to a broadcast address, because the client doesn’t
have an IP address yet. It can’t send a message to an IP address, ’cause the client doesn’t
have an IP address, so it broadcasts, saying,
“Your IP address is this.” So, your client IP address is this. Your client MAC address,
remember, ending in 80-b0. That is the MAC address
of this Windows PC. So that MAC address will
get this IP address. Option 53, this is an Offer
from this DHCP server. I’ll just jump back for a moment. Notice the protocol used here is UDP, from source port 68,
to destination port 67, but here, we’re using
DHCP, which uses UDP. In this example, source port is 67, going to destination port 68, and again, the server with this identifier is allocating an IP address to the client with a lease time of one day. It needs to renew after 12 days. As I said previously, typically
after half the lease period, clients will be told to renew. Notice subnet mask, default
gateway, option three here, default gateway or router,
DNS server, option six, and option 15 is domain name, so that’s the Offer from the
DHCP server to the client. The client then requests that IP address. The reason why is we could
have multiple servers offering IP addresses to the client, and it needs to request one of them. So you could have two DHCP servers offering IP addresses to the client. It needs to choose one. Typically it chooses the
one that replied first. So going up, notice it’s UDP,
source port 68 going to 67. MAC address is the client. It’s a Request, so we’re requesting that this MAC address use this IP address, the IP address that was
offered by the server. So, back again, notice the server offered that IP address to the client,
and that’s the IP address that the client is requesting to use. So requested IP address is
this from this DHCP server. This is my host name. Because this is Windows, it
asks for NetBIOS, old protocol. Asks for other information, such as Private Classless
Static Route, et cetera, and then lastly, the server
acknowledges that Request. So, UDP, source port 67 to port 68. The server’s saying, “I acknowledge
this as your IP address, “this is your MAC address”. It’s an Acknowledgement, and then similar kind of information is displayed once again. So, notice we have four messages here: Discover, Offer, Request,
and Acknowledgement. Okay, so that was Wireshark. Let’s have a look on the router. So, again, this is the
MAC address of our client. This is the IP address that
it got from the DHCP server. On the router now, show IP DHCP bindings. Notice this MAC address was allocated this IP address automatically. Show IP DHCP server statistics. We can see, as an example,
that we have one address pool. There’s been five Discover
messages were received. There’s been 12 DHCP Requests, and three Offers, and
five Acknowledgements, so a bunch of stuff has been going on in the background here. Most important command
here is typically binding, so that you can see which client
received which IP address. Okay, so I have got a Linux host here. I’ll start this Linux host up. Go back into Wireshark,
and what you’ll see is we’ve got a bunch of DHCP messages now. What I can do very nicely
in Wireshark is do a filter so that I’ll only see one host. Notice this MAC address
here ends in c9:55. That is the MAC address
of this Linux client. We can see, as an example, that this Linux client has
obtained this IP address. ifconfig, ’cause this is
Linux, shows me IP address, shows me the MAC address ending in c9:55. In Wireshark, I could
actually add this as a filter. So add this as and Selected, so this changes the Wireshark filter to only show me that PC
rather than the Windows PC, so I’m only seeing the messages
from that Linux client. So notice here’s a Discover
message, sent out a broadcast. This is the Offer from the DHCP server. Here’s the Request, and
here’s an Acknowledgement. So if we look at the Discover message, notice it doesn’t have an IP address. It’s sending out a broadcast
with its MAC address, trying to discover DHCP server. It wants various parameters including NTP. The DHCP server replies
back with an Offer, offering this IP address, to this client. DHCP server is this. Again, lease time, renewal time, other information is displayed. So, on the client, I can
see that it got given this IP address by the DHCP server. It requested that IP address, so it requested this IP address, and the DHCP server
acknowledged that IP address. Okay, so that was quite a detailed video. I hope after this video you really understand how DHCP works. Now, if you’ve enjoyed this video, please like it, and please
subscribe to my YouTube channel. I’m David Bombal, I wanna
wish you all the very best. ♪ ‘Cause we both deserve it all ♪ (upbeat music)

46 thoughts on “DHCP Explained – Step by Step Server Configuration

  1. Menu:
    Introduction and basic terms: 00:14
    iPhone DHCP Client explanation: 03:46
    Lab and DHCP server configuration: 07:54
    Cool Wireshark Flow Graph: 15:15
    Wireshark deep dive: 17:23
    Cisco router output: 22:25
    Linux client and Wireshark coolness: 23:07

    Download Wireshark capture here: http://bit.ly/2mk4FS9

  2. I've always wondered how many businesses use routers vs a regular Windows or Unix/Linux servers to assign DHCP addresses percentage wise?

  3. Sir

    How can I decrypt the 802.11 traffic in Wireshark without private keys or passphrase

    I captured a 3-Way Handshake but it is encrypted with 802.11

    So how can I decrypt it without private keys in Wireshark

    So please help me sir

    Please provide me your mail to discuss my doubts

  4. Thank you David for this video, its really informative. I was just wondering the function of the Domain name in the pool configuration and what would be the effect if DHCP is configured without it.

  5. So all 4 transactions are Broadcasts?
    I've read some literature that says otherwise (D:broadcast O:unicast R:broadcast A:unicast) I'm a bit confused now!

  6. Nicely explained the packet capture flow and demo Appreciated you David 👌👌.. Based on the packet capture I have a quick question ,the destination IP for the Dhcp Offer and Dhcp Ack will be varying on windows and Linux host as in this packet capture. For the Linux host l could see the Dhcp Offer and Dhcp Ack destination IP and it's supposed to be broadcast). Please correct me if am wrong.

Leave a Reply

Your email address will not be published. Required fields are marked *