DHCP module

8.2. DHCP module#

Nubus offers the DHCP management module to manage assignments of IP addresses, subnet mask and further settings for the gateway. In the module, you can manage the following aspects around DHCP:

DHCP services
DHCP host
DHCP server
DHCP shared network
DHCP subnets
DHCP pools

You find the DHCP management module in the Domain category in the Management UI.

Important

Only the UCS appliance offers a DHCP service and the proper DHCP servers that use the configuration made in the DHCP management module.

8.2.1. DHCP services#

A DHCP Service groups DHCP servers in a shared configuration in the tree of the Directory Service. It stores the global parameters. You can configure specific parameters in subordinate objects.

To create a DHCP service, you need to select All DHCP services in the left column of the UMC module and click Add.

DHCP service objects have often set the following parameters that apply to all network devices that obtain their network information from this DHCP Service, unless you configure other values on lower levels in the directory tree. For a description of DHCP policies, see Configuration of clients through DHCP policies.

Policy: DHCP DNS ‣ Domain name and Policy: DHCP DNS ‣ Domain name servers
Policy: DHCP NetBIOS ‣ NetBIOS name servers

Within a DHCP Service you can add the following DHCP object types:

Host
Server
Shared network
Subnet

A DHCP service in the DHCP management module has the tabs General, Options, and Policies.

8.2.1.1. General tab - DHCP services#

Service name: Is an unambiguous name for the DHCP service, for example company.example.

8.2.1.2. Options tab - DHCP services#

Allow custom DHCP options: A checkbox that allows an administrator to configure custom DHCP options. The option is only for administrators who know what they’re doing.

8.2.1.3. Policies tab - DHCP services#

For the configuration of DHCP services through Policies, see Configuration of clients through DHCP policies.

8.2.2. DHCP host#

A DHCP Host entry makes the DHCP Service aware of computers. The DHCP Service requires a DHCP Host object to enable the computer to retrieve a fixed IP address over DHCP. It can handle computers depending on their registration status:

Known computers receive either a fixed or a dynamic IP address.
Unknown computers only receive dynamic IP addresses.

Usually, Nubus automatically creates a DHCP Host objects, when you assign a DHCP Service to a computer object with a fixed IP address. For more information, see DHCP service on General tab in the Computer management module.

To manually add a DHCP Host entry, select a DHCP Service, click Add ‣ DHCP: Host.

A DHCP Host entry has the following fields on the General tab. The Options tab - DHCP services and Policies tab - DHCP services are the same as for the DHCP Service.

Hostname

A unique name for the host. Usually, you also have an entry in the Computer management module. The field is mandatory.

Recommendation: Use the same name and the same MAC address for the computer in both entries to facilitate assignment.

Type

The type of the DHCP Host entry. Available values are Ethernet, FDDI, and Token-Ring. Usually, you need to select Ethernet. The field is mandatory.

Address

The MAC address of the host for assigning an IP address, for example 2e:44:56:3f:12:32 or 2e-44-56-3f-12-32. The field is mandatory.

Fixed IP addresses

You can assign multiple fixed IP addresses to a DHCP Host entry. In addition to an IP address, you can set a fully qualified domain name that resolves into one or more IP address by the DHCP server.

8.2.3. DHCP server#

Each server that offers the DHCP service requires a DHCP server entry. To create another record manually, you need to select a DHCP service in the left column of the DHCP management module. To create a DHCP server, click Add ‣ DHCP Server.

Server name

The computer name that the DHCP service offers, for example ucs-primary.

A server can only ever provide one DHCP service. Therefore, you can’t use a server name in more than one DHCP service at the same time.

8.2.4. DHCP shared network#

DHCP shared network objects accept subnets that use a common physical network.

To create a shared network, select a DHCP Service in the left column of the module and click Add ‣ DHCP: Shared Network.

Caution

A shared network must contain at least one shared subnet object. Otherwise, the DHCP service terminates itself and doesn’t restart until you adjust the configuration.

You can declare subnets as a DHCP shared subnet if they use the same and common physical network. You must store all subnets that use the same network underneath the same shared network container in the directory service. For each subnet, you must create a separate DHCP shared subnet object.

You can manage DHCP Shared subnet objects only through the LDAP Directory management module. However, you must create DHCP Shared subnet objects within a Shared Network object. Select the Shared Network object and click Add.

A DHCP Shared network entry has the following fields on the General tab. The Options tab - DHCP services and Policies tab - DHCP services are the same as for the DHCP Service.

Shared network name: A unique name for the shared network.

8.2.5. DHCP subnets#

Every subnet requires a DHCP subnet entry, irrespective of whether you use dynamic IP addresses for address assignment in the subnet.

If you use several IP subnets in a physical Ethernet network, use a DHCP Shared subnet below a DHCP Shared network. You can only create DHCP Shared subnet objects underneath DHCP Shared network objects.

To create another subnet, select a DHCP Service in the left column and click Add ‣ DHCP: Subnet.

Every subnet that requires assignment of dynamic or fixed IP addresses requires a DHCP subnet entry. Enter IP address ranges, if you want to assign IP addresses dynamically.

If you use DHCP shared subnet objects, you need to create the corresponding subnets below the DHCP shared subnet container that you created for this purpose, see DHCP shared network.

A DHCP subnet entry has the following fields on the General tab. The Options tab - DHCP services and Policies tab - DHCP services are the same as for the DHCP Service. At this level, Nubus often sets the gateway for all computers in a subnet using the Policy: DHCP Routing tab, unless other entries at lower levels apply.

Subnet address: The IP address of the subnet. Enter the address in dot-decimal format, for example 192.0.2.0.
Address prefix length (or Netmask): Provide the network mask as the network prefix or in dot-decimal format. If the network mask is in dot-decimal format, Nubus converts it into the corresponding network prefix format and shows it that way.
Broadcast address: The IP address to send a broadcast to all hosts in the subnet.
Dynamic address assignment: Define individual or multiple IP address ranges for dynamic assignment. The range is from the First address to the Last address in dot-decimal form.

Caution

Always specify dynamic IP ranges for a subnet either exclusively in the DHCP subnet entry or exclusively in one or more corresponding DHCP pool entries. Don’t mix the types of IP range entries within a subnet!

If you need to set up different IP ranges with different configurations in one subnet, you must create pool entries for this purpose.

8.2.6. DHCP pools#

Before you can create a DHCP Pool entry, you need to ensure the following prerequisites:

In the DHCP management module you must have set up a DHCP Service.
In the DHCP Service you must have set up a DHCP subnet.

To create a DHCP Pool, select the DHCP subnet in the left column and click Add.

If you create DHCP pool objects, you need to ensure that you haven’t defined any IP address ranges in the DHCP subnet object. In this constellation, only define IP address ranges through DHCP Pool entries.

8.2.6.1. General tab - DHCP pools#

The General tab has the following settings:

Name: Provide a unique name for the DHCP pool, for example testnet.company.example.
Dynamic range: Provide the IP addresses in dot-decimal format for dynamical IP address assignment.

8.2.6.2. Advanced settings tab - DHCP pools#

Failover peer configuration

The name of a failover configuration that you must configure manually in the /etc/dhcp/local.conf file. For further information, see A Basic Guide to Configuring DHCP Failover.

Allow known clients

The DHCP Service identifies a computer by its MAC address. If you set this field to allow or unset it, a computer with a matching DHCP host entry is eligible to receive an IP address from this pool. For more information, see DHCP host.

If you set the value to deny, the computer doesn’t receive an IP address from the pool.

Allow unknown clients

The DHCP Service identifies a computer by its MAC address. If you set this field to allow or unset it, a computer without a matching DHCP host entry is eligible to receive an IP address from this pool. For more information, see DHCP host.

If you set the value to deny, the computer doesn’t receive an IP address from the pool.

Allow dynamic BOOTP clients

BOOTP is the predecessor of DHCP. It has no mechanism to renew leases and by default assigns leases infinitely that can deplete the pool. If you set this option to allow, clients can retrieve an IP address from this pool using BOOTP.

All clients

If you set this option to deny, you deactivate the pool globally. Use this option only in exceptional scenarios.

8.2.7. Configuration of clients through DHCP policies#

You usually configure many DHCP settings through policies. Nubus applies the settings to DHCP Host objects, if you have the policy linked to the LDAP base or one of the other intermediate containers in the directory service. As the settings for DHCP computer objects have the highest priority, Nubus ignores other settings for subnetwork and service objects.

For this reason, link DHCP policies directly to DHCP Network objects, for example the DHCP subnets.

Alternatively, you can add the LDAP class univentionDhcpHost in the advanced settings of the policies under Object ‣ Excluded object classes. Such policies then no longer apply to the DHCP computer objects. The result is that Nubus uses the settings from the DHCP subnetwork and service.

The following sections provide a reference for Policies that relate to DHCP settings.

8.2.7.1. Setting the gateway#

You can specify the default gateway for a computer through DHCP with a DHCP routing policy. The Policies management module handles them, see Policies module.

Routers: Provide the names or IP addresses of the routers. You must verify that the DHCP server can resolve these names in IP addresses. The clients contact the servers according to the order specified in the selection list.

8.2.7.2. Setting the DNS servers#

You can specify the name servers for a client through DHCP with a DHCP DNS policy. The Policies management module handles them, see Policies module.

Domain name: Provide the name of the domain that the client automatically appends to computer names. The client sends the domain name to the DNS server for resolution that aren’t fully qualified domain names. Usually, the domain name is the name of the domain to which the client belongs.
Domain name servers: Provide the IP addresses or fully qualified domain names of DNS servers. If you use fully qualified domain names, you must verify that the DHCP server can resolve the names in IP addresses. The clients contact the servers in the order specified in the selection list.

8.2.7.3. Configuration of the DHCP lease#

You can specify the validity of an assigned IP address—a so-called DHCP lease—with a DHCP lease time policy. If you leave values empty, the DHCP server uses its default values. The Policies management module handles them, see Policies module.

Default lease time: If the client doesn’t request a specific lease time, the DHCP server assigns the standard lease time.
Maximum lease time: The maximum lease time specifies the longest period of time for which a DHCP server grants a lease.
Minimum lease time: The minimum lease time specifies the shortest period of time for which a DHCP server grants a lease.

8.2.7.4. Setting the NetBIOS server#

You can specify the WINS server through DHCP with a DHCP NetBIOS policy. The Policies management module handles them, see Policies module.

NetBIOS name servers

Specifies the names or IP addresses of the NetBIOS name servers, also known as WINS servers. You must verify that the DHCP server can resolve these names in IP addresses. The clients contact the servers in the order specified in the selection list.

NetBIOS scope

The NetBIOS over TCP/IP scope for the client according to the specification in RFC 1001 and RFC 1002. Pay attention to uppercase and lowercase for the NetBIOS scope.

NetBIOS node type

This field sets the node type of the client. It can have one of the following values:

1 B-node - Broadcast: no WINS
2 P-node - Peer: only WINS
4 M-node - Mixed: first Broadcast, then WINS
8 H-node - Hybrid: first WINS, then Broadcast

8.2.7.5. Configuration of boot server#

You can specify the boot server for a client through DHCP with a DHCP Boot policy. The Policies management module handles them, see Policies module.

Boot server: The IP address or the fully qualified domain name of the PXE boot server from which the client loads the boot file. If you don’t provide a value, the client boots from the DHCP server from which it retrieves its IP address.
Boot filename: The path to the boot file. Enter the path relative to the base directory of the TFTP service, /var/lib/univention-client-boot/.

8.2.7.6. Further DHCP policies#

There are some further DHCP policies available. Only special cases require these policies.

DHCP Dynamic DNS: DHCP Dynamic DNS allows the configuration of dynamic DNS updates. To use dynamic DNS you need to use the Samba backend for DNS instead of the LDAP-based DNS service in the UCS appliance.
DHCP Allow/Deny: DHCP Allow/Deny allows the configuration of different DHCP options that control what permissions clients have. Only use them in exceptional case.
DHCP statements: DHCP statements allow the configuration of different options that you only need in exceptional cases.

Nubus Manual 1.x