11.3. IP assignment via DHCP#
The Dynamic Host Configuration Protocol (DHCP) assigns computers an IP address, the subnet mask and further settings for the gateway or NetBIOS server as necessary. The IP address can be set fixed or dynamic.
The use of DHCP allows central assignment and control of IP addresses via the LDAP directory without performing manual configuration on the individual computer systems.
The DHCP integration in UCS only supports IPv4.
In a DHCP service, DHCP servers are grouped in a shared LDAP configuration. Global configuration parameters are entered in the DHCP service; specific parameters in the subordinate objects.
A DHCP server can be installed from the Univention App Center with the application DHCP server. Alternatively, the software package univention-dhcp can be installed. Additional information can be found in Installation of further software.
Every DHCP assigns IP addresses via DHCP. In the default setting, only static IP addresses are assigned to computer objects registered in the UCS LDAP.
If only fixed IP addresses are assigned, as many DHCP servers as required may be used in a DHCP service. All the DHCP servers procure identical data from the LDAP and offer the DHCP clients the data multiple times. DHCP clients then accept the first answer and ignore the rest.
If dynamic IP addresses are also assigned, the DHCP failover mechanism must be employed and a maximum of two DHCP servers can be used per subnet.
A DHCP host entry is used to make the DHCP service aware of a computer. A DHCP host object is required for computers attempting to retrieve a fixed IP address over DHCP. DHCP computer objects do not normally need to be created manually, because they are created automatically when a DHCP service is assigned to a computer object with a fixed IP address.
A DHCP subnet entry is required for every subnet, irrespective of whether dynamic IP addresses are to be assigned from this subnet.
Configuration parameters can be assigned to the different IP ranges by creating DHCP pools within subnets. In this way unknown computers can be allowed in one IP range and excluded from another IP range. DHCP pools can only be created below DHCP subnet objects.
If several IP subnets are used in a physical Ethernet network, this should be entered as a DHCP shared subnet below a DHCP shared network. DHCP shared subnet objects can only be created below DHCP shared network objects.
Values which are set on a DHCP configuration level always apply for this level and all subordinate levels, unless other values are specified there. Similar to policies, the value which is closest to the object always applies.
11.3.1. Composition of the DHCP configuration via DHCP LDAP objects#
The left column of the UMC module DHCP includes a list of all the DHCP services. To add an object to a DHCP service - for example in an additional subnet - the corresponding service must be selected. Add is then used to create the object in this service. To create a new DHCP service, start by selecting All DHCP services. Clicking on Add then creates a new service. If an object is saved within a service, the service is labeled in UMC dialogues as a superordinate object.
11.3.1.1. Administration of DHCP services#
DHCP services are managed in the UMC module DHCP (see Univention Management Console modules). To create a new DHCP service, All DHCP services needs to be selected in the left column of the UMC module. Clicking on Add then creates a new service.
A DHCP server can only serve one DHCP service; to use another DHCP service, a separate DHCP server must be set up (see Administration of DHCP server entries).
The following parameters are often set on the DHCP service object which then apply to all the computers which are served by this DHCP service (unless other values are entered in lower levels):
Domain name and Domain name servers under Policy: DHCP DNS
NetBIOS name servers under Policy: DHCP NetBIOS
A description of this and the other DHCP policies can be found at Configuration of clients via DHCP policies.
Attribute |
Description |
|---|---|
Service name |
An unambiguous name for the DHCP service must be entered in this input
field, e.g., |
11.3.1.2. Administration of DHCP server entries#
Each server which should offer the DHCP service requires a DHCP server entry in the LDAP directory. The entry does not normally need to be created manually, instead it is created by the join script of the univention-dhcp package. However, to create another record manually, a DHCP service must be selected in the left column of the UMC module DHCP. can then be used to register a new server.
Attribute |
Description |
|---|---|
Server name |
The computer name that the DHCP service should offer is entered in this
input field, e.g., A server can only ever provide a single DHCP service and therefore cannot be entered in more than one DHCP service at the same time. |
11.3.1.3. Administration of DHCP subnets#
DHCP subnets are managed in the UMC module DHCP (see Univention Management Console modules). To create another subnet, a DHCP service must be selected in the left column. can be used to create a new subnet.
A DHCP subnet entry is required for every subnet from which dynamic or fixed IP addresses are to be assigned. It is only necessary to enter IP address ranges if IP addresses are to be assigned dynamically.
If DHCP shared subnet objects are to be used, the corresponding subnets should be created below the DHCP shared subnet container created for this purpose (see Management of DHCP shared networks / DHCP shared subnets).
Attribute |
Description |
|---|---|
Subnet address |
The IP address of the subnet must be entered in dot-decimal form in this
input field, e.g., |
Net mask |
The network mask can be entered in this input field as the network prefix or in dot-decimal form. If the network mask is entered in dot-decimal form it will be subsequently be converted into the corresponding network prefix and later also shown so. |
Dynamic address assignment |
Here one can set up individual or multiple IP address ranges for dynamic assignment. The range stretches from the First address to the Last address in dot-decimal form. Caution Dynamic IP ranges for a subnet should always either be specified exclusively in the subnet entry or exclusively in one or more special pool entries. The types of IP range entries within a subnet must not be mixed! If different IP ranges with different configurations are be set up in one subnet, pool entries must be created for this purpose. |
At this level, the gateway for all computers in a subnet is often set using the Policy: DHCP Routing tab (unless other entries are performed at lower levels).
11.3.1.4. Administration of DHCP pools#
DHCP pools can only be managed via the UMC module LDAP directory. To do so, one must always be in a DHCP subnet object - a DHCP pool object must always be created below a DHCP subnet object - and a DHCP: Pool object added with Add.
If DHCP pools are created in a subnet, no IP address range should be defined in the subnet entry. These should only be specified via the pool entries.
General tab#
Attribute |
Description |
|---|---|
Name |
An unambiguous name for the DHCP pool must be entered in this input
field, e.g., |
Dynamic range |
Here you can enter the IP addresses in dot-decimal form that are to be dynamically assigned. |
Advanced settings tab#
Attribute |
Description |
|---|---|
Failover peer |
The name of a failover configuration, which must to be configured
manually in file |
Allow known clients |
A computer is identified by its MAC address. If this input field is set
to If set to |
Allow unknown clients |
A computer is identified by its MAC address. If this input field is set
to If set to |
Allow dynamic BOOTP clients |
BOOTP is the predecessor of the DHCP protocol. It has no mechanism to
renew leases and by default assigns leases infinitely, which can deplete
the pool. If this options is set to |
All clients |
If this option is set to |
11.3.1.5. Registration of computers with DHCP computer objects#
A DHCP host entry is used to register the respective computer in the DHCP service. Computers can be handled depending on their registration status. Known computers may get fixed and dynamic IP addresses from the DHCP service; unknown computers only get dynamic IP addresses.
DHCP computer entries are usually created automatically when a computer is added via the computer management. Below the DHCP service object you have the possibility of adding DHCP computer entries or editing existing entries manually, irrespective of whether they were created manually or automatically.
DHCP host objects are managed in the UMC module DHCP (see Univention Management Console modules). To register a host in the DHCP manually, a DHCP service must be selected in the left column of the module. can be used to register a host.
Attribute |
Description |
|---|---|
Hostname |
A name for the computer is entered in this input field (which usually also has an entry in the computer management). It is recommended to enter the same name and the same MAC address for the computer in both entries to facilitate assignment. |
Type |
The type of network used can be selected in this selection list. Ethernet almost always needs to be selected here. |
Address |
The MAC address of the network card needs to be entered here, e.g.,
|
Fixed IP addresses |
One or more fixed IP addresses can be assigned to the computer here. In addition to an IP address, a fully qualified domain name can also be entered, which is resolved into one or more IP addresses by the DHCP server. |
11.3.2. Configuration of clients via DHCP policies#
Note
Many of the settings for DHCP are configured via policies. They are also applied to DHCP computer objects if a policy is linked to the LDAP base or one of the other intermediate containers. As the settings for DHCP computer objects have the highest priority, other settings for subnetwork and service objects are ignored.
For this reason, DHCP policies should be linked directly to the DHCP network objects (e.g., the DHCP subnetworks).
Alternatively, the LDAP class univentionDhcpHost can be added in the
advanced settings of the policies under . Such policies are then no longer applied to the DHCP
computer objects, with the result that the settings from the DHCP subnetwork
and service are used.
Tip
When using the command line udm dhcp/host list
(see also DNS/DHCP), it is possible to
use the option --policies 0 to display the
effective settings.
11.3.2.1. Setting the gateway#
The default gateway can be specified via DHCP with a DHCP routing policy, which is managed in the UMC module Policies (see Policies)
Attribute |
Description |
|---|---|
Routers |
The names or IP addresses of the routers are to be entered here. It must be verified that the DHCP server can resolve these names in IP addresses. The routers are contacted by the client in the order in which they stand in the selection list. |
11.3.2.2. Setting the DNS servers#
The name servers to be used by a client can be specified via DHCP with a DHCP DNS policy, which is managed in the UMC module Policies (see Policies)
Attribute |
Description |
|---|---|
Domain name |
The name of the domain, which the client automatically appends on computer names that it sends to the DNS server for resolution and which are not FQDNs. Usually this is the name of the domain to which the client belongs. |
Domain name servers |
Here IP addresses or fully qualified domain names (FQDNs) of DNS servers can be added. When using FQDNs, it must be verified that the DHCP server can resolve the names in IP addresses. The DNS servers are contacted by the clients according to the order specified here. |
11.3.2.3. Setting the WINS server#
The WINS server to be used can be specified via DHCP with a DHCP NetBIOS policy, which is managed in the UMC module Policies (see Policies)
Attribute |
Description |
|---|---|
NetBIOS name servers |
The names or IP addresses of the NetBIOS name servers (also known as WINS servers) should be entered here. It must be verified that the DHCP server can resolve these names in IP addresses. The servers entered are contacted by the client in the order in which they stand in the selection list. |
NetBIOS scope |
The NetBIOS over TCP/IP scope for the client according to the specification in RFC 1001 and RFC 1002. Attention must be paid to uppercase and lowercase when entering the NetBIOS scope. |
NetBIOS node type |
This field sets the node type of the client. Possible values are:
|
11.3.2.4. Configuration of the DHCP lease#
The validity of an assigned IP address - a so-called DHCP lease - can be specified with a DHCP lease time policy, which is managed in the UMC module Policies (see Policies)
Attribute |
Description |
|---|---|
Default lease time |
If the client does not request a specific lease time, the standard lease time is assigned. If this input field is left empty, the DHCP server’s default value is used. |
Maximum lease time |
The maximum lease time specifies the longest period of time for which a lease can be granted. If this input field is left empty, the DHCP server’s default value is used. |
Minimum lease time |
The minimum lease time specifies the shortest period of time for which a lease can be granted. If this input field is left empty, the DHCP server’s default value is used. |
11.3.2.5. Configuration of boot server/PXE settings#
A DHCP Boot policy is used to assign computer configuration parameters for booting via BOOTP/PXE. They are managed in the UMC module Policies (see Policies)
Attribute |
Description |
|---|---|
Boot server |
The IP address or the FQDN of the PXE boot server from which the client should load the boot file is entered in the input field. If no value is entered in this input field, the client boots from the DHCP server from which it retrieves its IP address. |
Boot filename |
The path to the boot file is entered here. The path must be entered
relative to the base directory of the TFTP service
( |
11.3.2.6. Further DHCP policies#
There are some further DHCP policies available, but they are only required in special cases.
- DHCP Dynamic DNS
DHCP Dynamic DNS allows the configuration of dynamic DNS updates. These cannot yet be performed with a LDAP-based DNS service as provided out-of-the-box by UCS.
- DHCP Allow/Deny
DHCP Allow/Deny allows the configuration of different DHCP options, which control what clients are allowed to do. The are only useful in exceptional cases.
- DHCP statements
DHCP statements allows the configuration of different options, which are only required in exceptional cases.