This article covers Policy Based Assignment, a new feature available for the DHCP role Windows Server 2012.
Nearly every administrator can agree that DHCP is a wonderful tool that just makes things work. In fact, I am always puzzled when I hear of an organization that still statically manages addresses. For Windows Server 2012, Microsoft introduced some great new additions to the DHCP role!
The evolutionary attention paid to the DHCP role in Windows Server 2012 includes DHCP failover, a suite of PowerShell CMDLETs, and Policy Based Assignment (PBA). It is this last addition that I believe will have the most benefit to any organization. In short, PBA provides the ability for IP addresses to be leased to clients based on specific information that the client provides in the original DHCP request packet. DHCP administrators can apply these policies against an entire server or specific scopes. These policies can be applied against the following DHCP client attributes:
- Client Identifier
- MAC address
- Relay Agent Information
- User Class
- Vendor Class
When a client matches a specified attribute, as listed above, an administrator can specify that the client receives:
- An unique IP address within a specified range
- One of several standard DHCP options
- A vendor specific DHCP scope option
Putting this all together, a DHCP administrator can now dynamically group devices based on their type or group clients based on the role they will play in the organization. To achieve these results in the past, the Network administrator would normally create many VLANs and ACLs for specific ports. DHCP Policy Based Assignments can help eliminate this complexity.
From a technical standpoint, let’s look at how this all works. When a client starts, it will request an address from a DHCP server. The DHCP server will then assess what scope to place the client in based on either the network interface the request arrived in on or the IP of the gateway address. After determining the client scope, the DHCP server will then attempt to match the DHCP packet against the Policies assigned to that scope.
Within the DHCP console, a new Policies tab has been added.
If you have multiple policies applied to a scope. The DHCP server will evaluate them in the processing order specified. The order can easily be moved by right clicking on any policy and adjusting it up or down.
Policy order changes in DHCP
Policy processing is slightly different depending on if the policy is an IP address assignment or if the policy is providing DHCP options. If the policy specifies that certain clients should receive an IP address within a specific range, then the DHCP server will assign the first available IP address within that range. If a policy is applied to multiple ranges, the DHCP server will assign an address in the lowest range. A policy that provides DHCP options works by providing the grand total of all specified options. This basically means that if two policies have options that do not conflict, the client can process both policies and receive any option specified within those policies.
Just to show you how easy creating and managing policies are, let’s create one that will automatically set the lease duration of iPhones to 6 hours. To create a new policy, we right click on the Policies tab and select New Policy.
You’ve got to admit, Microsoft makes it straightforward.
Next, we will give our policy a name and a short description.
Larger organizations may want to add a prefix to each policy name noting the difference in address or scope type.
On the next screen, specify if the MAC Address equals “24AB81*”, apply this policy. This is just an example of using Policies in DHCP. You would likely add in multiple MAC address prefixes in order to cover all of the iPhones.
Be sure to select append wildcard instead of typing a * in the value field.
Continue through the remaining prompts. Once the policy is created, right click on it and select Properties. Under the General tab, decrease the Lease duration to 6 hours. Select apply and you are good to go!
For a little fun, select the duration to a minute. When the complaints start coming in, ask why their Apple doesn’t just work?
Policy Based Assignments provide powerful options to a DHCP administrator. Options like – dynamically setting DHCP scope options, lease durations, or IP ranges. I, for one, can’t wait to use this in our organization! When your organization implements Policy Based Assignment, let us know what you did and how it worked in the comments below.