This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Dynamic Host Configuration Protocol is a common protocol. It is far more complex than it looks. Dynamic Host Configuration Protocol IP address task process has a few steps to go through first.
DHCP is used to automatically assign IP configuration to hosts that are connected to a network. The Dynamic Host Configuration Protocol (DHCP) offers a basis for passing configuration info to hosts on a TCPIP network. Dynamic Host Configuration Protocol is created on the Bootstrap Protocol (BOOTP). A DHCP user makes a request to a DHCP server that might or might not be present on the same subnet. This programmed supply of IP configuration information to hosts takes the administrative burden of maintaining IP networks. When it is in its simplest form, DHCP assigns the IP address, subnet mask and default gateway to a host, but can include other configuration limits such as name servers and net-bios configuration.
The six stages that a DHCP client goes through during the DHCP process are as follows:
The Dynamic Host Configuration Protocol client starts the process by distributing a DHCPDISCOVER message to its local subnet on a port . The client doesn't know what subnet it belongs to, a common broadcast is used (destination address 255.255.255.255). If the DHCP server is situated on a different subnet, a DHCP-relay agent must be used. The DHCP Relay Agent component is a Bootstrap Protocol (BOOTP) relay agent that relays Dynamic Host Configuration Protocol messages among DHCP clients and DHCP servers on different IP network. The DHCP-relay agent can take several forms. The ip-helperÂ IOSÂ command is used to set up a DHCP-relay agent on a Cisco router.
The DHCP-relay agent forwards the DHCPDISCOVER message to a subnet that contains a DHCP server. Once the DHCP server receives the DHCPDISCOVER message, it replies with a DHCPOFFER message. The DHCPOFFER message contains the IP configuration information for the client. THE DHCPOFFER message is sent as a broadcast on UDP port 68. The client will know that the DHCPOFFER message is intended for it because the client's Mac Address is contained within in the message. If the client is on a different subnet than the server, the message is sent unicast to the DHCP-relay agent on UDP port 67. The DHCP-relay agent broadcasts the DHCPOFFER on the client's subnet on UDP port 68.
After the client receives the DHCPOFFER, it sends a DHCPREQUEST message to the server. The DHCPREQUEST message informs the server that it accepts the parameters offered in the DHCPOFFER message. The DHCPREQUEST is a broadcast message, but it includes the MAC address of the server, so that other DHCP servers on the network will know which server is attending the client.
The DHCP server will sendÂ a DHCPACK message to the client to acknowledge the DHCPREQUEST. The DHCPACK message contains all the configuration info that was requested by the client. After the client receives the DHCPACK, it binds the IP address and is ready to communicate on the network. If the server is unable to provide the requested configuration, it sends a DHCPNACK message to the client. The client will resend the DHCPREQUEST message. If the DHCPREQUEST message does not return a DHCPACK after four attempts, the client will start the DHCP process from the beginning and send a new DHCPDISCOVER message. There is a great diagram of the DHCP process at the "Understanding DHCP" link at the end of this article.
After the client receives the DHCPACK, it will send out an ARP request for the IP address assigned. If it gets a reply to the ARP request, the IP address is already in use on the network. The client then sends a DHCPDECLINE to the server and sends a new DHCPREQUEST. This step is optional, and is often not performed.
Since the DHCP works on broadcast, two pc which are on different networks (or VLANs) cannot work on the DHCP protocol. Does that mean we should have one dedicated server of DHCP in each vlan? No â€¦ in Cisco devices IP helper-address command helps to broadcast DHCP messages from one vlan to other vlan.
Advantage and Disadvantages of WLAN's
WLANs haveÂ advantagesÂ andÂ disadvantagesÂ when compared with wired LANs. A WLANÂ will make it simple to add or move workstations and to install access points to provide connectivity in areas where it is difficult to lay cable. Temporary or semi-permanent buildings that are in range of an access point can be wirelessly connected to a LAN to give these buildings connectivity. Where computer labs are used in schools, the computers (laptops) could be put on amobileÂ cart and wheeled from classroom to classroom, provided they are in range of access points. Wired network points would be needed for each of the access points. AÂ WLANÂ has some specificÂ advantages:
It is easier to add or move workstations.
It is easier to provide connectivity in areas where it is difficult to lay cable.
Installation is fast and easy, and it can eliminate the need to pull cable through walls and ceilings.
Access to the network can be from anywhere within range of an access point.
Portable or semi-permanent buildings can be connected using aÂ WLAN.
Although the initial investment required forÂ WLANÂ hardware can be similar to the cost of wired LAN hardware, installation expenses can be significantly lower.
When a facility is located on more thanÂ one site (such as on two sides of a road), a directional antenna can be used to avoid digging trenches under roads to connect the sites.
In historic buildings where traditional cabling would compromise the façade, aÂ WLANÂ can avoid the need to drill holes in walls.
Long-term cost benefits can be found in dynamic environments requiring frequent moves and changes
WLANs also have someÂ disadvantages:
As the number of computers using the network increases, the data transfer rate to each computer will decrease accordingly.
As standards change, it may be necessary to replace wireless cards and/or access points.
Lower wireless bandwidth means some applications such as video streaming will be more effective on a wired LAN.
Security is more difficult to guarantee and requires configuration.
Devices will only operate at a limited distance from an access point, with the distance determined by the standard used and buildings and other obstacles between the access point and the user.
A wired LAN is most likely to be required to provide a backbone to the WLAN; aÂ WLANÂ should be a supplement to a wired LAN and not a complete solution.
Long-term cost benefits are harder to achieve in static environments that require few moves and changes.
Threats to Wireless Network Security
Aside from the threat of unauthorized users accessing your network and eavesdropping your internal network communications by connecting with your wireless LAN (WLAN), there are a variety of threats posed by insecure, or improperly secured WLAN's. Here is a brief list with descriptions of some of the primary threats:
Rogue WLAN'sÂ - Whether your enterprise has an officially sanctioned wireless network or not, wireless routers are relatively inexpensive, and ambitious users may plug unauthorized equipment into the network. These rogue wireless networks may be insecure or improperly secured and pose a risk to the network at large.
Spoofing Internal CommunicationsÂ - An attack from outside of the network can usually be identified as such. If an attacker can connect with your WLAN, they can spoof communications that appear to come from internal domains. Users are much more likely to trust and act on spoofed internal communications.
Theft of Network ResourcesÂ - Even if an intruder does not attack your computers or compromise your data, they may connect to your WLAN and hijack your network bandwidth to surf the Web. They can leverage the higher bandwidth found on most enterprise networks to download music and video clips, using your precious network resources and impacting network performance for your legitimate users.
Protecting Your Network from Your WLAN
LAN segmentation is used by many organizations to break the network down into smaller, more manageable compartments. Using different LAN segments or virtual LAN (VLAN) segments has a number of advantages. It can enable an organization to expand their network, reduce network congestion, compartmentalize problems for more efficient troubleshooting, and improve security by protecting different VLAN's from each other.
The improved security is an excellent reason to set your WLAN up on its own VLAN. You can allow all of the wireless devices to connect to the WLAN, but shield the rest of your internal network from any issues or attacks that may occur on the wireless network.
Using a firewall, or router ACL (access control lists), you can restrict communications between the WLAN and the rest of the network. If you connect the WLAN to the internal network via a web proxy or VPN, you can even restrict access by wireless devices so that they can only surf the Web, or are only allowed to access certain folders or applications.
Secure WLAN Access
Segmenting your WLAN from the rest of your network will help to defend the internal network from any issues or attacks on the wireless network, but there are still other steps you can take to protect the wireless network itself. By encrypting your wireless communications and requiring users to authenticate before connecting, you can ensure unauthorized users do not intrude on your WLAN and that your wireless data can not be intercepted.
One of the ways to ensure unauthorized users do not eavesdrop on your wireless network is to encrypt your wireless data. The original encryption method, WEP (wired equivalent privacy), was found to be fundamentally flawed. WEP relies on a shared key, or password, to restrict access. Anyone who knows the WEP key can join the wireless network. There was no mechanism built in to WEP to automatically change the key, and there are tools available that can crack a WEP key in minutes, so it won't take long for an attacker to access a WEP-encrypted wireless network.
While using WEP may be slightly better than using no encryption at all, it is insufficient for protecting an enterprise network. The next generation of encryption, WPA (Wi-Fi Protect Access), is designed to leverage an 802.1X-compliant authentication server, but it can also be run similar to WEP in PSK (Pre-Shared Key) mode. The main improvement from WEP to WPA is the use of TKIP (Temporal Key Integrity Protocol), which dynamically changes the key to prevent the sort of cracking techniques used to break WEP encryption.
Even WPA was a band-aid approach though. WPA was an attempt by wireless hardware and software vendors to implement sufficient protection while waiting for the official 802.11i standard. The most current form of encryption is WPA2. The WPA2 encryption provides even more complex and secure mechanisms including CCMP, which is based on the AES encryption algorithm.
To protect wireless data from being intercepted and to prevent unauthorized access to your wireless network, your WLAN should be set up with at least WPA encryption, and preferably WPA2 encryption.
Aside from just encrypting wireless data, WPA can interface with 802.1X or RADIUS authentication servers to provide a more secure method of controlling access to the WLAN. Where WEP, or WPA in PSK mode, allows virtually anonymous access to anyone who has the correct key or password, 802.1X or RADIUS authentication requires users to have valid username and password credentials or a valid certificate to log into the wireless network.
Requiring authentication to the WLAN provides increased security by restricting access, but it also provides logging and a forensic trail to investigate if anything suspicious goes on. While a wireless network based on a shared key might log MAC or IP addresses, that information is not very useful when it comes to determining the root cause of a problem. The increased confidentiality and integrity provided are also recommended, if not required, for many security compliance mandates.
With WPA / WPA2 and an 802.1X or RADIUS authentication server, organizations can leverage a variety of authentication protocols, such as Kerberos, MS-CHAP (Microsoft Challenge Handshake Authentication Protocol), or TLS (Transport Layer Security), and use an array of credential authentication methods such as usernames / passwords, certificates, biometric authentication, or one-time passwords.
Wireless networks can increase efficiency, improve productivity and make networking more cost effective, but if they are not properly implemented they can also be the Achilles heel of your network security and expose your entire organization to compromise. Take the time to understand the risks, and how to secure your wireless network so that your organization can leverage the convenience of wireless connectivity without creating an opportunity for a security breach.