Configuring a DHCP Superscope – Dante Leo

Applies To: Windows Server 2008 R2 – 2016

A superscope is an administrative feature of Dynamic Host Configuration Protocol

(DHCP) servers running Windows Server 2008 that you can create and manage by using
the DHCP Microsoft Management Console (MMC) snap-in. By using a superscope, you
can group multiple scopes as a single administrative entity. With this feature, a DHCP
server can:

 Support DHCP clients on a single physical network segment (such as a single

Ethernet LAN segment) where multiple logical IP networks are used. When more
than one logical IP network is used on each physical subnet or network, such
configurations are often called multinets.

 Support remote DHCP clients located on the far side of DHCP and BOOTP relay
agents (where the network on the far side of the relay agent uses multinets).

In multinet configurations, you can use DHCP superscopes to group and activate
individual scope ranges of IP addresses used on your network. In this way, the DHCP
server can activate and provide leases from more than one scope to clients on a single
physical network.

Superscopes can resolve specific types of DHCP deployment issues for multinets,
including situations in which:

 The available address pool for a currently active scope is nearly depleted, and
more computers need to be added to the network. The original scope includes the
full addressable range for a single IP network of a specified address class. You
need to use another range of IP addresses to extend the address space for the same
physical network segment.

 Clients must be migrated over time to a new scope (such as to renumber the
current IP network from an address range used in an existing active scope to a
new scope that contains another range of IP addresses).

 You want to use two DHCP servers on the same physical network segment to
manage separate logical IP networks.

Superscope configurations for multinets

The following section shows how a simple DHCP network consisting originally of one
physical network segment and one DHCP server can be extended to use superscopes for
support of multinet configurations.
Example 1: Non-routed DHCP server (before
superscope)
In this example, a small local area network (LAN) with one DHCP server supports a
single physical subnet, Subnet A. The DHCP server in this configuration is limited to
leasing addresses to clients on this same physical subnet.

The following illustration shows this example network in its original state. At this point,
no superscopes have been added and a single scope, Scope 1, is used to service all DHCP
clients on Subnet A.

Example 2: Superscope for non-routed DHCP server

supporting local multinets
To include multinets implemented for client computers on Subnet A, the same network
segment where the DHCP server is located, you can configure a superscope that includes
as members the original scope (Scope 1) and additional scopes for the logical multinets
for which you need to add support (Scope 2 and Scope 3).

This illustration shows the scope and superscope configuration to support the multinets
on the same physical network (Subnet A) as the DHCP server.
Example 3: Superscope for routed DHCP server with
relay agent supporting remote multinets
To include multinets implemented for client computers on Subnet B, the remote network
segment located across a router from the DHCP server on Subnet A, you can configure a
superscope that includes as members the additional scopes for the logical multinets for
which you need to add remote support (Scope 2 and Scope 3).

Because the multinets are for the remote network (Subnet B), the original scope (Scope
1) does not need to be part of the added superscope.

This illustration shows the scope and superscope configuration to support the multinets
on the remote physical network (Subnet B) away from the DHCP server. A DHCP relay
agent is used for DHCP servers to support clients on remote subnets.
Create a superscope
You can use this procedure to create a DHCP superscope.

Membership in the Administrators or DHCP Administrators group is the minimum

required to complete this procedure.

To create a superscope

1. Open the DHCP snap-in.

2. In the console tree, click the DHCP server you want to configure.
3. On the Action menu, click New Superscope.

This menu option only appears if at least one scope that is not currently part of a
superscope has been created at the DHCP server.

4. Follow the instructions in the New Superscope Wizard.

Configuring a DHCP Multicast Scope
Applies To: Windows Server 2008 R2 - 2016

Multicasting is the sending of network traffic to a group of endpointsdestination hosts.

Only those members in the group of endpoints hosts that are listening for the multicast
traffic (the multicast group) process the multicast traffic. All other nodes hosts ignore the
multicast traffic.

Multicast scopes are supported by using Multicast Address Dynamic Client Allocation
Protocol (MADCAP), a protocol for performing multicast address allocation. The
MADCAP protocol describes how multicast address allocation or MADCAP servers can
dynamically provide IP addresses to other computers (MADCAP clients) on your
network.

Typically, a MADCAP server is also a multicast server (MCS) used to support IP

multicasting. An MCS manages the shared or group use of the allocated multicast IP
address and streams data traffic to members that share the use of the specified group
address.

After an MCS is configured and allocated a group address to use, any multicast clients
that have registered their membership with the MCS can receive streams sent to this
address. By registering with the MCS, clients can participate efficiently in the stream
process, such as for real-time video or audio network transmissions. The MCS also
manages the multicast group list, updating its membership and status so that multicast
traffic is received by all current members.

You can use this procedure to create a multicast scope.

Membership in the Administrators or DHCP Administrators group is the minimum

required to complete this procedure.

To create a multicast scope

1. Open the DHCP Microsoft Management Console (MMC) snap-in.

2. In the console tree, click the DHCP server you want to configure.
3. On the Action menu, click New Multicast Scope.
4. Follow the instructions in the New Multicast Scope Wizard.
Configuring Name Protection
Applies To: Windows Server 2008 R2 - 2016

Name squatting occurs when a non-Windows-based computer registers in Domain Name

System (DNS) with a name that is already registered to a Windows-based computer. The
use of name protection in Windows Server prevents name squatting by non-Windows-
based computers. Name squatting does not present a problem on a homogeneous
Windows network where Active Directory Domain Services (AD DS) can be used to
reserve a name for a single user or computer.

Name protection is based on the Dynamic Host Configuration Identifier (DHCID) in the
Dynamic Host Configuration Protocol (DHCP) server, and support for the new DHCID
RR (resource record) in DNS. DHCID RR is described by the Internet Engineering Task
Force (IETF) in RFCs 4701 and 4703.

DHCID is a resource record (RR) stored in DNS that maps names to prevent duplicate
registration. This RR is used by DHCP to store an identifier for a computer, along with
other information for the name such as the A/AAAA records of the computer. The unique
position of DHCP in the name registration process allows it to request this match, and
then refuse the registration of a computer with a different address attempting to register a
name with an existing DHCID record.

DHCID prevents the following name squatting situations:

 Server name squatting by a client

 Server name squatting by another server

 Client name squatting by another client

 Client name squatting by a server

In addition, support for DHCP Unique Identifier (DUID) will be added to the IPv4
registration on the DHCP client. DUID is described by the IETF in RFC 4361.

Name protection can be configured for IPv4 and IPv6 at the network adapter level or
scope level. Name protection settings configured at the scope level take precedence over
the setting at the IPv4 or IPv6 level. If Name protection at the scope level is not
configured at all, then the setting at the IPv4 or IPv6 network adapter takes precedence.
DHCID protects names on a first come-first served basis.

To enable name protection at the IPv4 or IPv6 node level

1. Open the DHCP Microsoft Management Console (MMC) snap-in.

 2. In the console tree, double-click the DHCP server you want to configure, right-
click IPv4 or IPv6, and then click Properties.
3. Click DNS, click Advanced, and then check Enable Name Protection.

To enable name protection at the scope level

1. Open the DHCP console.

2. In the console tree, double-click the DHCP server you want to configure, double-
click IPv4 or IPv6, right-click the scope you want, and then click Properties.
3. Click DNS, click Configure, and then check Enable Name Protection.