This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Dynamic Host Configuration Protocol is a common protocol. It is far more complex than it looks. Dynamic Host Configuration Protocol IP address task process has a few steps to go through first.
DHCP is used to automatically assign IP configuration to hosts that are connected to a network. The Dynamic Host Configuration Protocol (DHCP) offers a basis for passing configuration info to hosts on a TCPIP network. Dynamic Host Configuration Protocol is created on the Bootstrap Protocol (BOOTP). A DHCP user makes a request to a DHCP server that might or might not be present on the same subnet. This programmed supply of IP configuration information to hosts takes the administrative burden of maintaining IP networks. When it is in its simplest form, DHCP assigns the IP address, subnet mask and default gateway to a host, but can include other configuration limits such as name servers and net-bios configuration.
The six stages that a DHCP client goes through during the DHCP process are as follows:
The Dynamic Host Configuration Protocol client starts the process by distributing a DHCPDISCOVER message to its local subnet on a port . The client doesn't know what subnet it belongs to, a common broadcast is used (destination address 255.255.255.255). If the DHCP server is situated on a different subnet, a DHCP-relay agent must be used. The DHCP Relay Agent component is a Bootstrap Protocol (BOOTP) relay agent that relays Dynamic Host Configuration Protocol messages among DHCP clients and DHCP servers on different IP network. The DHCP-relay agent can take several forms. The ip-helperÂ IOSÂ command is used to set up a DHCP-relay agent on a Cisco router.
The DHCP-relay agent forwards a message to a subnet that contains a DHCP server. Once the DHCP server obtains the message, it responses with a DHCPOFFER message. This message holds the IP configuration information for the client. THE DHCPOFFER message is sent as a broadcast on a port. Then the client will know that the DHCPOFFER message is intended for it has it has the MAC address within in the message. If the client is on a different subnet than the server, then the message is sent to a single network destination to the DHCP-relay agent on a port. The DHCP-relay agent broadcasts the DHCPOFFER on the client's subnet on UDP port 68.
After the client receives the DHCPOFFER, it sends a DHCPREQUEST message to the server. The DHCPREQUEST message informs the server that it accepts the parameters offered in the DHCPOFFER message. The DHCPREQUEST is a broadcast message, but it includes the MAC address of the server, so that other DHCP servers on the network will know which server is attending the client.
The DHCP server will sendÂ a DHCPACK message to the client to acknowledge the DHCPREQUEST. The DHCPACK message contains all the configuration info that was requested by the client. After the client receives the DHCPACK, it binds the IP address and is ready to communicate on the network. If the server is unable to provide the requested configuration, it sends a DHCPNACK message to the client. The client will resend the DHCPREQUEST message. If the DHCPREQUEST message does not return a DHCPACK after four attempts, the client will start the DHCP process from the beginning and send a new DHCPDISCOVER message. There is a great diagram of the DHCP process at the "Understanding DHCP" link at the end of this article.
After the client receives the DHCPACK, it will send out an ARP request for the IP address assigned. If it gets a reply to the ARP request, the IP address is already in use on the network. The client then sends a DHCPDECLINE to the server and sends a new DHCPREQUEST. This step is optional, and is often not performed.
Since the DHCP works on broadcast, two pc which are on different networks (or VLANs) cannot work on the DHCP protocol. Does that mean we should have one dedicated server of DHCP in each vlan? No â€¦ in Cisco devices IP helper-address command helps to broadcast DHCP messages from one vlan to other vlan.
Advantage and Disadvantages of WLAN's
WLANs haveÂ a lot of advantagesÂ and a lot of Â disadvantagesÂ when compared with wired LANs. A WLAN makes it simple to add or move workstations and to install access points to deliver connectivity in places where it might be difficult to lay cable. Temporary buildings or semi-permanent buildings that would be in range of an access point could be wirelessly connected to a LAN to give these buildings connectivity. The computers that are used in schools could be put on a movable cart and taken fom classroom to classroom, making sure they are in range of an access point. Wired network points would be needed for each of the access points. Some of the specific advantages of a WLAN
It makes it easier to add or move workstations.
It is easier to provide connectivity in areas where it may be awkward to install cable.
Installation is easy and quick, and it can exclude the need to pull cable through walls and ceilings.
Access to a network can be from anywhere within range of an access point.
Portable or semi-permanent buildings can be connected using aÂ WLAN.
Initial investment essential forÂ WLANÂ hardware can be similar to the cost of wired LAN hardware, installation costs can be considerably lower.
When a facility is located on more thanÂ one site (such as on two sides of a road), an antenna pointed in the directions can be used to avoid digging trenches under roads to connect the sites.
In historic buildings where traditional cabling would compromise the façade, aÂ WLANÂ can avoid the need to drill holes in walls.
In the long-term expense benefits can be found in dynamic environments needing frequent moves and changes
The disadvantages of WLAN:
If the amount of computers using the network rises, the data transfer rate to each computer will decline accordingly.
As standards change, it could be required to change wireless cards and/or access points.
Lower wireless bandwidth means some applications such as video streaming will be more effective on a wired LAN.
It is more difficult to guarantee security which needs configuration.
Devices will only function at a required distance from an access point, with the distance determined by the standard used and buildings and other problems between the access point and the user.
A wired LAN is more likely to be require a backbone to the WLAN; aÂ WLANÂ should be a supplement to a wired LAN and not a complete solution.
Long-term expense benefits are tougher to achieve in static environments that require few moves and changes.
Threats to Wireless Network Security
The threat of an unauthorized user accessing your network and eavesdropping your inner network communications by attaching with your wireless LAN, there are a number of threats posed by insecure secured WLAN's. Here is a few descriptions of the threats:
Rogue WLAN'sÂ - Whether or not your enterprise has an formally sanctioned wireless network, wireless routers are pretty inexpensive, and determined users may use unauthorized tools to get into the network. These rogue wireless networks may be improperly secured and pose a threat to the network .
Spoofing Internal CommunicationsÂ - An attack from outside of the network can usually be recognised as such. If an attacker can connect with your WLAN, they can fake communications that can look like they are coming from your internal domain. Users would be more likely to trust an internal communication.
Theft of Network ResourcesÂ - Even if an intruder doesn't attack your computers, they could connect to your WLAN and hijack your network bandwidth to surf the Web. They can control the higher bandwidth found on most networks to download music and video clips, using your costly network resources and impacting network performance for your genuine users.
Protecting Your Network from Your WLAN
LAN segmentation is used by many groups to break the network down into lesser, more manageable sections. By using different LAN segments or virtual LAN segments has a alot of advantages. It can allow a group to increase their network, decrease network congestion, sort problems for better troubleshooting, and improve security by protecting different VLAN's from each other.
Improved security is an great reason to set your WLAN up on its own VLAN. It can allow all of the wireless devices to connect to the WLAN, but protect the rest of your internal network from any threats or issues that may happen on the wireless network.
When using a firewall, or router access control lists, you can limit communications among the WLAN and the rest of the network. If you connect the WLAN to the internal network via a web proxy or virtual private network (VPN), you can even limit access by wireless devices so they can only surf the Web, or are only permitted to access a particular folder or applications.
Secure WLAN Access
To help protect your internal network, Segmenting your WLAN from the rest of your network will keep you save from any threats or issues on the wireless network, but there could still be other measures you can take to defend the wireless network itself. You could encrypt your wireless communication and require users to verify before connecting, you can guarantee unauthorized users do not impose on your WLAN and which means your wireless data can't be interfered with.
A possible way to be sure unapproved users do not spy on your wireless network is to put your wireless data into code. The very first encryption method, wired equivalent privacy, was found to be profoundly flawed. WEP depends on a shared key, or password, to limit access. If anyone knew the wired equivalent privacy key could then join the wireless network. The WEP had no built in device to automatically change the key, and there are plenty of tools out there that can decipher a WEP key in no time, so it wouldn't take very long for an intruder to gain access to a WEP-encrypted wireless network.
Using wired equivalent privacy may be somewhat better than not having anything at all, it is not dependable for defending an enterprise network. The next generation of encryption, Wi-Fi Protect Access, is designed to control an 802.1X-compliant authentication server, but it can also be run similar to WEP in Pre-Shared Key mode. The main enhancement from WEP to WPA is the use of Temporal Key Integrity Protocol, which can dynamically change the key to avoid the sort of cracking techniques used to break WEP encryption.
To protect wireless data from being intercepted and to prevent unauthorized access to your wireless network, your WLAN should be set up with at least WPA encryption, and preferably WPA2 encryption.
Apart from just encrypting wireless data, WPA can interface with 802.1X or RADIUS authentication servers to provide a more protected method of controlling access to the WLAN. Where wired equivalent privacy, or Wi-Fi Protect Access in PSK mode, allows almost anonymous access to anyone who has the right key or password, 802.1X or RADIUS authentication requires users to have a valid username and password or a valid certificate to log into the wireless network.
Needing authentication to the WLAN provides improved security by limiting access, but it also provides logging and a forensic track to investigate if anything wary goes on. While a wireless network based on a shared key might log IP or MAC addresses, that info is not very helpful when it comes down to determining the root cause of a problem.
Wireless networks can be more efficient, increase productivity and make networking more cost effective, but if they are not properly implemented they can also be the Achilles heel of your network security and expose your entire organization. Take time to realise the risks, and how to secure your wireless network so that your organization can control the accessibility of wireless connectivity without creating an opportunity for a security breach.
Student 3000 Hosts
Staff 200 Hosts
Co-Lab 100 Hosts
Admin 50 Hosts
Tech 30 Hosts
Class B, N.N.H.H
Student 2^12 = 4096-2
172.16. 00000000. 00000000 172.16.0.0/20
00000000. 00000001 172.16.0.1/20
00001111 . 11111110 172.16.15.254/20
00001111 . 11111111 172.16.15.255/20