This article covers Policy Based Assignment, a new feature available for the DHCP role Windows Server 2012.

Nearly every administrator can agree that DHCP is a wonderful tool that just makes things work. In fact, I am always puzzled when I hear of an organization that still statically manages addresses. For Windows Server 2012, Microsoft introduced some great new additions to the DHCP role!

The evolutionary attention paid to the DHCP role in Windows Server 2012 includes DHCP failover, a suite of PowerShell CMDLETs, and Policy Based Assignment (PBA). It is this last addition that I believe will have the most benefit to any organization. In short, PBA provides the ability for IP addresses to be leased to clients based on specific information that the client provides in the original DHCP request packet. DHCP administrators can apply these policies against an entire server or specific scopes. These policies can be applied against the following DHCP client attributes:

  • Client Identifier
  • MAC address
  • Relay Agent Information
  • User Class
  • Vendor Class

When a client matches a specified attribute, as listed above, an administrator can specify that the client receives:

  • An unique IP address within a specified range
  • One of several standard DHCP options
  • A vendor specific DHCP scope option

Putting this all together, a DHCP administrator can now dynamically group devices based on their type or group clients based on the role they will play in the organization. To achieve these results in the past, the Network administrator would normally create many VLANs and ACLs for specific ports. DHCP Policy Based Assignments can help eliminate this complexity.
From a technical standpoint, let’s look at how this all works. When a client starts, it will request an address from a DHCP server. The DHCP server will then assess what scope to place the client in based on either the network interface the request arrived in on or the IP of the gateway address. After determining the client scope, the DHCP server will then attempt to match the DHCP packet against the Policies assigned to that scope.

Within the DHCP console, a new Policies tab has been added

Within the DHCP console, a new Policies tab has been added.

If you have multiple policies applied to a scope. The DHCP server will evaluate them in the processing order specified. The order can easily be moved by right clicking on any policy and adjusting it up or down.

Policy order changes in DHCP

Policy order changes in DHCP

Policy processing is slightly different depending on if the policy is an IP address assignment or if the policy is providing DHCP options. If the policy specifies that certain clients should receive an IP address within a specific range, then the DHCP server will assign the first available IP address within that range. If a policy is applied to multiple ranges, the DHCP server will assign an address in the lowest range. A policy that provides DHCP options works by providing the grand total of all specified options. This basically means that if two policies have options that do not conflict, the client can process both policies and receive any option specified within those policies.

Just to show you how easy creating and managing policies are, let’s create one that will automatically set the lease duration of iPhones to 6 hours. To create a new policy, we right click on the Policies tab and select New Policy.

You’ve got to admit, Microsoft makes it straightforward

You’ve got to admit, Microsoft makes it straightforward.

Next, we will give our policy a name and a short description.

Larger organizations may want to add a prefix to each policy name noting the difference in address or scope type.

On the next screen, specify if the MAC Address equals “24AB81*”, apply this policy. This is just an example of using Policies in DHCP. You would likely add in multiple MAC address prefixes in order to cover all of the iPhones.

 Be sure to select append wildcard instead of typing a  in the value fieldBe sure to select append wildcard instead of typing a * in the value field.

Continue through the remaining prompts. Once the policy is created, right click on it and select Properties. Under the General tab, decrease the Lease duration to 6 hours. Select apply and you are good to go!

DHCP Configuration Wizard - iPhone

For a little fun, select the duration to a minute. When the complaints start coming in, ask why their Apple doesn’t just work?

Policy Based Assignments provide powerful options to a DHCP administrator. Options like – dynamically setting DHCP scope options, lease durations, or IP ranges. I, for one, can’t wait to use this in our organization! When your organization implements Policy Based Assignment, let us know what you did and how it worked in the comments below.

2 Comments
  1. Tendy Fish 4 years ago

    Tyrying to implement PBA to assign a different ip range and gateway to mobile devices i.e androids, iphones & ipads. I managed to creates a Vendor Class for android devices and PBA working as desired. Its a different story for iPhones because they do not include a VendorClassIdentifier field with their initial DHCP REQUEST packet and their MAC addresses are random among device, makes it near impossible to apply policies on them. Anyone ever had any success with apple mobile devices, kindly share

  2. Gilles 3 years ago

    I try to use Vendor Class with wildcard but it doesn't work

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account