Updated: Feb 2019

Overview
Introduction
Installation
Operation
Users Guide
Support

Overview

The haneWIN DHCP server software implements a DHCP and BOOTP server based on RFC 2131. The server supports all DHCP options and has a built-in TFTP server to provide an intergrated solution for remote boot.

The server supports multiple address pools for dynamic IP address assignment as well as fixed IP address assignment to clients. IP address and parameter assignment can be based on:

• hardware address
• hardware address range (e.g. vendor bytes of MAC address)
• Server interface
• Client identifier
• Vendor or User class (as specified in RFC 3004)
• Relay IP address
• Relay Agent Information (as specified in RFC 3046) with support of trusted interfaces for transparent relay agents

On multi homed servers the software can handle up to 32 interfaces with a dynamic IP address pool per interface IP address.

Built-in TFTP Server for Remote Boot of diskless clients
To download data files and remote boot of diskless clients a TFTP server based on RFCs 1350, 2347-2349 is built-in giving a complete remote-boot solution for PXE, Etherboot type of clients.

Integration with DNS
Domain Name System (DNS) servers provide name resolution for network resources and are closely related to DHCP services. The DHCP server can register DHCP clients automatically with a DNS server, e.g. haneWIN DNS Server.

Includes features to enhance LAN security
The software can answer requests of clients with known hardware address or identifier only. The software can run in monitor mode only to trace DHCP requests of nodes on a LAN.
TFTP download can be restricted to registered addresses/identfifiers and/or known boot files only.

The haneWIN DHCP server is the professional solution for all Win32 platforms
The DHCP server is implemented as a native XP/VISTA/20xx/7/8/10 Windows service for reliable 24h background operation. A Control Panel applet provides interactive access to the service.

The haneWIN DHCP Server Software is Shareware.
You may test the software for 30 days without any obligation. Any use of the software after the evaluation time requires a software license. Registration details you will find in order.txt.

---

Introduction

The Dynamic Host Control Protocol (DHCP) is an internet standard protocol that reduces the complexity of administering networks based on TCP/IP. In a TCP/IP network each host computer connected to the network must be assigned an unique IP address and various other configuration information, e.g. subnet mask, default gateway, IP addresses of DNS servers, etc...
Equipment supporting the DHCP/BOOTP protocol can request these configuration information from a central DHCP/BOOTP server, freeing network administrators from having to configure all of the computers by hand. By keeping configuration information in central place the DHCP/BOOTP protocol simplifies configuring parameters on a pool of networked equipment.
Configuration parameters are mainly IP specific but the DHCP/BOOTP protocol is not limited to IP specific parameters.

Groups of clients on a LAN (Ethernet) segment normally have the same configuration parameters except the IP address itself. Clients on different LAN segements will need other configuration information. Therefore the software is based on so called profiles. A profile is a set of configuration parameters for a group of clients. The profile for a client is selected based on one of the following criteria:

• a known client identifier
• a known client hardware address
• a matching partial hardware address (e.g. vendor bytes)
• a matching user class
• a matching vendor class
• a relay IP address forwarding the client request
• the information added by a relay agent forwarding the client request
• the server interface receiving the client request

The DHCP/BOOTP protocol is designed only for delivering configuration information to a client, NOT for remote booting a client. The server can tell clients the name and location of a boot image, but requires another protocol mainly the TFTP protocol for downloading the image. This software integrates both protocols into one application, a DHCP/BOOTP server for delivering configuration information and a TFTP server for downloading bulk data to a client.

---

Installation

Requirements

Computer with Windows XP or higher.

Installation of the DHCP Service

1. Install the software by running the setup. The setup will install the DHCP Server service and start the service.
2. Enable DHCP Server in firewall for incoming requests. An example for adding a firewall entry for the DHCP Server is provided in file firewall.bat.
3. With the control panel applet DHCP Server you can configure and monitor the service.
   Only Administrators are allowed to start the applet.

Controlling the DHCP Service

The service is configured for automatic start on Windows startup. The service can be started and stopped manually by control panel applet or through the services control panel.

1. The service is installed from setup with the command:
   DHCP4NT -install
2. The command:
   DHCP4NT -remove
   stops a running DHCP service and removes the DHCP Service from the services list.

---

Operation

The Info Box at startup is displayed only for the unregistered version.

The main window of the DHCP/BOOTP server displays the client addresses or identifiers known to or observed by the server. The server internally maintains three lists:

• a "static" list of registered hardware addresses or identifiers, normally used to assign a static or fixed IP addess to client.
• a "dynamic" list of addresses or identifiers from clients that received an dynamic IP address from the server.
• a list of all addresses or identfiers from requests ignored by the server.

Clicking on the column header a list is sorted based on the column entries.
Using the right mouse button, you can transfer entries from the dynamic or ignored list to the static list, to configure profile information for new clients, etc.

The "static" list displays a list of all manually registered hardware addresses or identifiers, the IP address or the DNS resolved name of the client and informs about the last time a DHCP request was received from the client.
The "dynamic" list shows all client addresses or identifiers that were assigned an IP address from one of the IP address pools of the server. The window shows the time the IP address lease ends and optionally the name accepted from a client and forwarded to a DNS server.
The "ignored" list shows DHCP/BOOTP requests from clients on your net that were observed but ignored by the server. A client request is ignored, if

• the server runs in "registered addresses/identifiers only" mode and the address or identifier did not match an entry in the static list.
• the address or identifier was registered with an IP address of 255.255.255.255.
• the server is restricetd to DHCP and the server received a BOOTP request.
• the server received a DHCP request, but the matching profile handles BOOTP requests only (lease time set to zero).
• the request comes in from a gateway not configured.
• a dynamic IP address pool is exhausted.

Additional information about the observed requests are the type of request (BOOTP or DHCP) or Vendor/User Class information in a DHCP request, the gateway or interface IP address the request was received on, the host name sent by the client.

Client addresses and identifiers are displayed byte by byte in hexadezimal representation. For addresses the bytes are separated by a colon or dash. Optionally identifiers consisting only of readable ASCII characters can be displayed as text.
The server handles three types of identifiers:

• Client-Identifiers are displayed as they are.
• Relay-Agent Remote-IDs are displayed with a leading R.
• Relay-Agent Circuit-IDs are displayed with a leading C.
• Relay-Agent Circuit-ID+Remote ID are displayed with a leading +.

The haneWIN DHCP server supports the evaluation of relay agent information How circuit and remote identfiers are checked depend on the server configuration:

• for static entries:
  You can add a circuit ID, a remote ID or a combination of both as ID to the "static" list. Incoming requests are matched against the list. of IDs.

• for dynamic clients, visible relay:
  You can create a profile for a relay IP address with or without a circuit ID.

  For relay profiles with a Circuit-ID the remote ID is used to identify the client (that means Circuit-ID and Remote-ID must match).

  For relay profiles without a Circuit-ID only the Circuit-ID is used to identify the client. In this case it is assumed that only one client is connected per circuit and uniquely identifies the client. The Remote-ID is ignored in this case.

• for dynamic clients, transparent relay:
  For transparent relays the Remote-ID is used to identify a client. The Circuit-ID is ignored.

---

Users Guide

Menus

File

View log

displays a log of DHCP, BOOTP, TFTP requests. By default a log is written. If a log is not desired it can be disabled in the Preferences dialog. The software can automatically create a new log file every day or every month. The log files are ASCII text files and be easily processed using perl-scripts, etc.

Exit

terminates the program or Control Panel Applet. It does not stop the software running as background service on NT/2000/XP/2003

Options

Preferences

With the available general settings the software can be customized to your needs.

The user interface can be customized to other languages. Currently the software is delivered with an English and German user interface.

The DHCP server can disable itself, if another DHCP server is detected. Every 30 seconds the DHCP server sends a request to detect another server. If the server receives a response it stays disabled, if no reply is received on two consecutive requests, the server starts serving client requests.

The haneWIN DHCP Server respond to registered addresses only. In this mode only requests from known hardware addresses or identifiers are processed.

For requests coming in from a relay the answer is sent to the gateway address specified in the packet. With the option Reply to relayed requests to sender the server sends the reply to the sender of the packet.

On multihomed computers the server can accept requests only on specific interfaces. The default handling is to exclude the deselected interfaces. This way new interfaces (or changed interface IP addresses) are automatically included after restart of the server. To run the server only on interfaces with known fixed IP addresses check the option Use selected addresses only
Please note that requests coming in on deselected interfaces will not appear in the "ignored" list.

Hardware addresses and client identifiers can be manipulated by a client. If clients are connected to an unique router port, the router can act as a relay agent and assign an unique identifier to all connected clients. In case of a layer-2 router, a switch, the relay agent operates invisible at layer-3 (the IP protocol level) for the server. Therefore, if relay agent information is accepted by the server, there are two types of interfaces.

• For selected interfaces relay agent information is only accepted from BOOTP relays.
• For trusted interfaces (a lock is dispayed in place of the interface check mark ) relay agent information is always accepted. You should declare an interface as trusted interface only if clients are NOT able to insert relay agent information itself, e.g. all clients on this interface are connected through a layer-2 router (switch) with a transparent BOOTP relay.

The server can handle DHCP and BOOTP requests.If both are disbled the server will not respond to requests (monitor mode of former versions).

The server can send replies as broadcast packet or as unicast packet to the hardware address of the client. If a client requests a broadcast reply by setting the broadcast flag in the BOOTP packet, replies are send as broadcast packet independant from the setting of this option.

To lookup a client the server evaluates the following information:

1. Relay Agent Information. A client may be able to set the hardware address or define a client identifier. This may lead to potential security problems as discussed in RFC 3046. Such problems can be avoided if a relay agent assigns an unique identifier to all connected clients.

2. Client Identifier, a sequence of bytes or a string defined on the client that is an unique identification of client.

3. Hardwareaddress (MAC address) of the client interface.

Windows has a feature called autoconfiguration. If a client requests an IP address and no DHCP server responds, a Windows client will assign itself a random IP address from 169.x.x.x. Windows clients announce this feature by setting DHCP option 116 in the DHCP request. If the haneWIN DHCP server receives such a DHCP request, but is incapable of assigning an IP address to the client, it can respond with "autoconfiguration not desired" to stop the client from using an 169.x.x.x IP address.

A client can specify a file for downloading either relative to the TFTP root directory or absolute. For the second case a semicolon separated list of path prefixes must be setup. Access is granted only if one of the prefixes matches the start of the file name for downloading.
Only administered IP addresses are allowed to download files using the TFTP server. To protect boot files from unauthorized access the software provides two further options:

• Only the boot file specified in the client profile may be downloaded.
• Only known hardware addresses (static entries) are allowed to download files.

An active TFTP server is indicated by a blue TFTP symbol on the main screen. During a TFTP download the symbol is shown in red.
The TFTP main page will show details for active and completed transfers.

Add static address entry

to add client addresses or identifiers to the servers address list. Addresses and identifiers must be specified byte by byte in hexadezimal format. For addresses the bytes must be separated by colons. (e.g. 00:01:02:03:04:05). Client and relay agent information identifiers are limited to 64 bytes.
An entry for a client can be bound to a fixed IP address and a configuration profile. If the configuration profile does not exist you are prompted for setting up a new profile. The same address or identifier can be bound to more than one IP address if a different profile is used. Checking the "Redundant entry" option two or more addresses or identifiers can be configured with the same IP address. The option is intended for preconfiguring backup equipment. If an equipment fails, the hardware can be replaced by a already registered backup module without modifying the server configuration at the time of failure.

If the IP address is set to 0.0.0.0 the client will receive an IP address from the dynamic IP address pool of the configured profile.
If the IP address is set to 255.255.255.255 the client will NOT receive a response from the server.
The addresses are stored in file compatible to the Unix ethers file. Therefore if you want to add a lot of entries it may easier to create the file using an editor or some other tool.

Manage profiles

A set of parameters is herein called a profile. A profile can be specific for a certain client or a group (or class) of clients.

Use Manage profiles to add new profiles, to remove an unused client profile, edit the settings of a profile or rename a profile. New profiles are added as further entries to the menu. If you disabled the display of profile names in the main menu doubleclick on a profile name to change the profile settings.
The software supports an unlimited number of profiles. One profile per interface can have a dynamic address pool. Further profiles are not bound to an interface and can be used to assign specific parameters to clients with a known hardware addresses or client identifiers, for a group of clients starting with a known hardware address, for clients sending a user or vendor class identifier or for requests received from a relay IP address.

Profile configuration

The are six different types of profiles.

1. Profiles for known hardware addresses or client identifiers.
2. Profiles for a group of clients starting with the same hardware address bytes (e.g. the vendor bytes).
3. Profiles for User classes (RFC 3004). Starting with Windows XP you can create a user class on a DHCP client with the command ipconfig /setclassid ....
4. Profiles for vendor classes, e.g. DHCP-requests from Windows 98SE/ME are sent with a vendor class of MSFT 98 and from Windows 2000/XP with a vendor class of MSFT 5.0
   The received VendorClass-ID string is compared with the specified string. If the received string is longer than the specified string the exceeding characters are ignored. E.g. Specifing MSFT will match bothe Win98SE/ME and 2000/XP.
5. Profiles for requests via BOOTP forwarder or relay. One profile can be created for each relay IP address.
6. For servers with multiple interfaces one profile can be created for each interface..

A profile can have a pool of IP addresses for dynamic address assignment to clients. Such an address pool is optional, an IP address for a client is looked up in the following order:

• An address or identifier entry for a client with an IP address of 0.0.0.0 will receive an IP address of the assigned profile. If the profile has no address pool an IP address of the corresponding relay or interface profile will be assigned.
• If the DHCP request contains a user or vendor class, a correspondig profile will be used. If the profile has no address pool an IP address of the corresponding relay or interface profile will be assigned.

If only a starting IP address and NO final IP address is specified an address pool of size 0 is created. It can be used to EXCLUDE clients matching the profile from receiving a response from the DHCP server.

The DHCP protocol requires the specification of a Lease time for the assigned IP address. If a profile is setup with a Lease time of 0 the profile will be used only to answer BOOTP requests. DHCP requests are ignored in this case.

DNS Options

• IP Domain Name - to specify Domain name for clients.
• 1. DNS Address - IP address of Primary DNS Server.
• 2. DNS Address - IP address of Secondary DNS Server.
• Host Name options - How a name is assigned to the client.

The Host name option available under DNS is not supported by Windows NT 4.0 clients. The client will generate an Unknown option 012 error log entry.

NetBIOS options

• 1. WINS Address – IP address of WINS Server.
• 1. WINS Address – IP address of secondary WINS Server.
• Scope ID - The Scope ID is a character string which is appended to the NetBIOS name for all NetBIOS over TCP/IP communications. It provides a method to isolate a collection of computers that only communicate with each other.

• Node Type - This parameter determines what methods NetBT will use to register and resolve names. The broadcast system uses broadcasts. A p-node system uses only point-to-point name queries to a name server (WINS). An m- node system broadcasts first, and then queries the name server. A hybrid system queries the name server first, and then broadcasts. Resolution through LMHOSTS and/or Domain Name Service (DNS), if enabled, will follow these methods. If this key is present, it will override the DhcpNodeType key. If neither key is present, the system defaults to b-node if there are no WINS servers configured for the client. The system defaults to h-node if there is at least one WINS server configured.

Time options

• Time Offset from UTC (s) - number of seconds offset from Universal Time Clock or GMT. Negativ numbers specify time zone offsets west of GMT, postiv numbers specifiy time zone offsets east of GMT.
• Time Server Address – IP address of a local Time Server.
• NTP Server Address – IP address of Internet Time Server.

The "Next Server IP" specifies the next host to contact in a remote boot process, normally the TFTP server. It is only required if it differs from the local node.

Boot Server Name and File name are sent to the client as specified in the RFC:

• The server name is sent in the sname field of the BOOTP packet.
• The file name is sent in the file field of the BOOTP packet.
• Boot File Size – size of the Boot file in 512 byte blocks.

If the total length of the options field exceeds the maximum size, the software checks if server name or file name are shorter than 64/128 bytes. If yes, option 66 and/or 67 are used for sending server name and/or file name and the correspondig flag in the overload option is set.

• With the Always use option 66 & 67 for name and file checkbox, you can disable the standard behaviour and Name and File are always sent as DHCP option 66 and 67.
• To support 2-stage bootloaders the server can send an alternate boot file name to the client if a certain Vendor Class ID is specified in the request from the client. The received VendorClass-ID string is compared with the specified string. If the received string is longer than the specified string the exceeding characters are ignored.
• Root Path - Path to root file on an NFS server system for NFS clients, e.g. 192.100.1.1:/root01

Other options

The dialog boxes allows direct specification of the most common client parameters. Any other parameter supported by the DHCP protocol is available through this dialog.

The DHCP Protocol specifies options in a tag-length-value format. Select the option tag from the option list. Implemented options are listed but cannot be selected. The option length is calculated based on the entered values.

If the option value is a character string it can be typed in as it is. e.g.Tag: 133
Option value is a string: PXopt=03;PXfile=pxboot;PXserv=192.168.1.12
results in :
133 42 "PXopt=03;PXfile=pxboot;PXserv=192.168.1.12

If the option value is a number or a sequence of bytes it must be entered byte by byte in decimal or with 0x in hexadecimal format. Non numerical values with ASCII-Codes >32 can be entered directly, e.g:

• Tag: 8
  Value is a binary coded IP address: 192.168.1.2
  result:
  8 4 192 168 1 2
• The example from above now entered as a sequence of bytes.
  Tag: 133
  Value is a text string: PXopt=03;PXfile=pxboot;PXserv=192.168.1.12
  result:
  133 42 PXopt=0x30 0x33 ;PXfile=pxboot;PXserv= 0x31 0x39 0x32 . 0x31 0x36 0x38 . 0x31 . 0x31 0x32

Window

Resolve Addresses

IP addresses of static or dynamic entries are resolved to names

Show Remarks

Comments added to static entries are shown

Auto. Refresh

The lists are updated on new requests.

Help

Contents

starts a HTML browser displaying the manual.

Register

prompts for the license key and your name, company. Check the Info menu to find out if the license information was accepted.

Show License

displays the conditions for using this software.

Info

displays program version information.

---

Support

The latest version is available on www.hanewin.net. Please mail comments, questions, problems to .