SYS 255 ‐ Lab 04 - connor0329/repository-1 GitHub Wiki

What we Did in this Lab

1. Disable IE Enhanced Security Configuration on "ad01"

On ad01 I used server manager to turn off the IE Enhanced security config

EX:

  • On "ad01" open server manager, click on the "local server" tab on the left
  • Click the "on" or "off" next to "IE Enhanced Security Configuration"
  • Make sure "Administrators" is selected "off" and "Users" is selected "on"

2. Installing DHCP on "dhcp01" using ssh

Using "ad01" I SSH into "dhcp01" and install DHCP

EX:

  • Launch windows powershell
  • ssh into connnor@dhcp01-connor
  • Type "sudo dnf install dhcp-server

3. Configuring DHCP services

Using "VIM" (vi) I configured the .conf file for DHCP

EX:

  • Type "sudo -i"
  • Type "vi /etc/dhcp/dhcpd.conf
  • Type out the configurations exactly like this:
  • Press "Esc", then type ":wq" and press "Enter" to save and quit.

4. Starting DHCP services

Through SSH and using the command "systemctl" I enabled at boot and started DHCP services

EX:

  • Type "systemctl start dhcpd"
  • Type "systemctl status dhcpd" to make sure it says, "Active: active (running)"
  • Type "systemctl enable dhcpd"

5. Configuring the firewall to allow incoming DHCP requests

Through SSH I used the "firewall-cmd" command to allow DHCP requests and checked if it was configured properly

EX:

  • Type "firewall-cmd --add-service=dhcp --permanent"
  • Type "firewall-cmd --reload
  • Type "firewall-cmd --list-all", make sure it says "dhcp" in front of "dhcpv6-client ssh"

6. Re-configure networking on wks01 to use dynamic addressing rather than static addresses

On "wks01" I re-configured the network settings for IPv4 to use "dynamic addressing"

EX:

  • Select "network and internet settings" from the bottom right of the home screen, click "change adapter options"
  • Ethernet 0, properties, IPv4, properties
  • Select "Obtain an IP address automatically"
  • Select "Obtain DNS server address automatically"

Deliverables

1. Take a screenshot of the results of "ipconfig /all" after Step 6

EX:

  • Type "ipconfig /all", should look like this

2. SSH back into "dhcp01" via 'wks01" and find the DHCP log associated with wks01's request for DHCP information

EX:

  • Open "Windows Powershell"
  • Type "ipconfig /release", then type "ipconfig /renew"
  • SSH into "dhcp01" on "wks01"
  • Type "sudo journalctl -u dhcpd | grep wks01-connor"
  • The final result should look like this:

3. Use Wireshark and "ipconifg" commands to capture the four DHCP messages between client and server

EX:

  • Start a Wireshark capture
  • Type "ipconfig /release", then type "ipconfig /renew"
  • In Wireshark at the top type filter by "udp.port==67"
  • End result should look like this

4. Figure out how to change the default lease time given to dhcp clients to 1 hour with a max lease time of four hours

EX:

  • SSH into "dhcp01"
  • Type "sudo vi /etc/dhcp/dhcpd.conf"
  • Type in the "/etc/dhcp/dhcpd.conf" file these exact configurations to the end of what's already in there:
  • Press "Esc", then type ":wq" and press "Enter" to save and quit.
  • Type "sudo systemctl restart dhcpd"
  • Type "systemctl status dhcpd" to make sure its running
  • Exit the SSH
  • Type "ipconfig /release
  • Type "ipconfig /renew
  • Type "ipconfig /all", it should look like this:

Important Information in the lab

Why do I have to install DHCP services and what does it do? DHCP Services

  • You need to install DHCP services to automatically assign IP addresses to devices on a network, ensuring that each device has a unique IP without manual configuration
  • This simplifies network management and reduces the chance of IP conflicts

Why do I have to configure the firewall to allow incoming DHCP requests? DHCP Requests

  • By default, the firewall blocks traffic on certain ports for security reasons
  • DHCP operates on specific ports (UDP 67 and 68), and without allowing traffic through those ports, the DHCP server won't be able to respond to client requests, preventing devices from receiving IP addresses

Why did I have to reconfigure networking on wks01 to dynamic addressing rather than static and what does that do? Dynamic Addressing

  • Dynamic addressing allows the DHCP server to automatically assign an IP address to the device
  • This makes network management easier by avoiding manual IP configuration and reducing chances of conflicts or errors
  • Dynamic addressing ensures that the device receives an IP address from the available pool which can change over time

Why do I have to type "ipconfig /release" and "ipconfig /renew" to create the DHCP logs? DHCP Logs

  • These commands force the client (wks01) to release its current IP address and request a new one from the DHCP server
  • This interaction triggers the DHCP process, which is then logged by the server

What specific commands do

dnf - Packet manager by Linux used to install update, and manage software packages

EX: "sudo dnf install dhcp-server"

vi - Text Editor in Linux used to create and modify files directly from the terminal

EX: "vi /etc/dhcp/dhcpd.conf"

systemctl - Used to manage system services and control the systemd system manager

EX:

  • "systemctl start dhcpd"
  • "systemctl status dhcpd"
  • "sudo systemctl restart dhcpd"

firewall-cmd - Used to configure and manage the firewall

EX:

  • "firewall-cmd --add-service=dhcp --permanent"
  • "firewall-cmd --reload
  • "firewall-cmd --list-all"

ipconfig /release - Windows command that forces the computer to give up its current IP address assigned by the DHCP server

ipconfig /renew - Windows command that request a new IP address from the DHCP server after the previous one has been released