An enterprise network has several types of devices – desktops, printers, mobiles, laptops etc. An enterprise administrator would need to ensure that all these different types of device are provisioned appropriately for network connectivity. This requires that they have a valid IP address - either assigned statically or leased out by the DHCP server. An enterprise also has to deal with the scenario of employees bringing in their personal devices such as tablets or smartphones to work place. Bring Your Own Device (BYOD) phenomenon requires the admin to control network access and other network configuration of these devices.
These scenarios require the administrator to deliver different network configuration parameters (DHCP options) to different device types. Using DHCP policies, a new feature of DHCP server in Windows Server 2012, an admin can configure the DHCP server to provide different parameters to devices based on device type.
While this article, illustrates how an administrator can configure different lease durations for different classes of devices using DHCP policies, the same can be extended to any other network configuration option delivered via DHCP including the IP address.
An enterprise has the following types of devices for which network connectivity is required: servers, desktops, printers, desk phones and mobile phones. The admin would like each type of device to have different lease duration-
There are a couple of ways you can define grouping of these devices –
By defining conditions of a DHCP policy to be based on Vendor Class identifier or MAC address prefix, you can group clients into different device types.
Let’s see how we can define grouping of the different devices:
Now, given a scope (say 10.0.0.0), we will configure a DHCP policy of each type of device and ensure that they are assigned an IP-address from this scope only for the required lease duration.
For some of the devices listed above, we will add a corresponding Vendor class on the DHCP server as shown in the screenshot below. The value for these created Vendor Classes must be the value that is sent in the Vendor Class field by these devices in the DHCP packet while requesting for an address. One should consult the device documentation to determine the appropriate vendor class used by the vendor of the device.
To create a Vendor class for Nortel Phones, which has a vendor class as “Nortel-i2004-A”, one can go to ‘Define Vendor Classes’ context menu on the IPv4 node in the DHCP MMC and use the following UI in Figure 1 to create the same.
Figure 1: Adding a Vendor Class
Similar one could create a Vendor Class for HP printers with “HP Printer” as the name and say “Hewlett-Packard JetDirect” in the data field and so on for other types of devices. Finally, the DHCP Vendor Class UI would look similar to Figure 2. The first three Vendor Classes exist by default on the Windows DHCP server.
Figure 2: DHCP Vendor Classes
We will now create different policies for each type of device as follows. For example, for the policy for Printers, we will have the condition ‘Vendor Class Equals “HP Printer”.’
Figure 3: Conditions page of Policy for HP Printers
Once the policy is created using the policy creation wizard in DHCP MMC, right click on the policy and go to its Properties. On the General tab, you can set the lease duration for this policy. For printers, we will set it to 60 days.
Figure 4: Setting lease duration on policy properties dialog
We have successfully created a policy for printers that will assign a lease to printers (devices with Vendor Class as “HP Printer”) for duration of 60 days.
In a similar vein, you can create policies for the other type of devices and set the policy lease duration as shown above.
For creating a policy for servers, you can create a MAC-address based policy with all of the servers’ MAC-addresses in the condition of the policy.
Figure 5: Conditions dialog and wizard page for policy for servers
Similarly for policies for mobile phones, the policy could have conditions such that each would signify one of the possible phone vendors. One could attempt to identify Android phones by their Vendor Class Identifier while others like HTC and Apple by their MAC address prefix (OUI).
Figure 6: Conditions dialog and wizard page for policy for phones
Now finally, we have four policies created as shown in the results pane below.
Figure 7: Results pane for policies
For each of these policies, you can configure the lease duration to the appropriate values as shown below.
Figure 8: Policy properties dialog to set the lease duration
Assuming that the scope’s lease duration is default and set to 8 days; all devices that don’t meet any of policies’ criteria will get an IP address with the scope’s lease duration of 8 days.
If the administrator so desires, he/she can even partition the IP-range of the scope such that a specific range is kept aside for printers, another for phones and so on. That has not been depicted in this post but can be done easily using IP-ranges within the policy.
Note: throughout this example, we have showcased creation of a scope-level policy and setting the lease duration for that policy. One can also create a server-level policy and set the lease duration for the same. The lease durations configured via such server level policy would apply to all devices irrespective of which subnet/scope they are present in.
To do the same set of operations as above using PowerShell, we essentially need to create four policies within the scope and set option value 51 (which is lease duration) for each of those policies.
Let us assume, there exists a valid scope 10.0.0.0. We need to create definitions for the Vendor classes on the DHCP server. Vendor classes can be created using the Add-DhcpServerv4Class cmdlet . As specified earlier, for these policies to work properly; the value for data for these created vendor classes must be the value that is sent in the vendor class field by these devices in the packet while requesting for an address . An example for the creation of a vendor class-
Add-DhcpServerv4Class -Name "Printers" -Type Vendor -Data "Hewlett-Packard JetDirect"
Similarly, the Vendor Class definitions for the other type of devices can be configured on the server. Thereafter, the following set of commands would create policies with appropriate lease durations.
Add-DhcpServerv4Policy -Name "Printers" -Description "Policy for printers" -ScopeId 10.0.0.0 -Condition "OR" -VendorClass "EQ", "HP Printer"Add-DhcpServerv4Policy -Name "Servers" -Description "Policy for specific servers" -ScopeId 10.0.0.0 -Condition "OR" -MACAddress "EQ", "0012ABCD34D2", "EQ", "0123AB43CD6E", "EQ", "0A1234ABCDEF"Add-DhcpServerv4Policy -Name "Desk phones" -Description "Policy for Nortel phones" -ScopeId 10.0.0.0 -Condition "OR" -VendorClass "EQ", "Nortel Phones"Add-DhcpServerv4Policy -Name "Mobile phones" -Description "Policy for mobile phones" -ScopeId 10.0.0.0 -Condition "OR" -VendorClass "EQ", "Android" -MACAddress "EQ", "F8DB7F*", "EQ", "001B63*"
<# Option 51 takes value as input in seconds #>Set-DhcpServerv4OptionValue -ScopeId 10.0.0.0 -PolicyName "Printers" -OptionId 51 -Value 5184000 <# 5184000 = 60 * (24*60*60). 60 days #>Set-DhcpServerv4OptionValue -ScopeId 10.0.0.0 -PolicyName "Servers" -OptionId 51 -Value 5184000Set-DhcpServerv4OptionValue -ScopeId 10.0.0.0 -PolicyName "Desk phones" -OptionId 51 -Value 2592000 <# 30 * (24*60*60). 30 days #>Set-DhcpServerv4OptionValue -ScopeId 10.0.0.0 -PolicyName "Mobile phones" -OptionId 51 -Value 28800 <# 8 hours #>
While this article shows usage of DHCP policies to configure different lease duration for different device types, DHCP Policies can be leveraged for delivering customized network configuration based on device type. Refer to the other links section below for more information about DHCP policies.
What about lease time for client reservations?
You can set lease duration for each DHCP reservation using Set-DhcpServerv4OptionValue cmdlet. The option code for lease time is 51 and you will need to specify the value in seconds. For example -
Set-DhcpServerv4OptionValue -ReservedIP 10.10.10.5 -OptionId 51 -Value 28800
The above command will set the lease duration for the DHCP reservation 10.10.10.5 to 8 hours.
Instead of setting lease duration for each reservation, if you could group the reservations based on MAC address or some other criteria into a policy, you can set a lease duration on the policy.
I am also curious to understand your scenario - since reservations are essentially reserved for a specific client, what is the scenario which necessitates setting lease duration on reservation. Thanks.
For some reason the DHCP client-id matching doesn't work? Trying to match Cisco switches with their long client-id and a wildcard (e.g. 636973636F2D*) but it doesn't work. Bug?
The client identifier MAY consist of type-value pairs similar to the 'htype'/'chaddr' fields. For instance, it MAY consist of a hardware type and hardware address. So your filter must contain both the things. For us to be 100% sure that this is the problem
can you mail us the packet capture for DHCP Request packet with client identifier in it.