How to manage University DHCP

Clients can be registered by MAC address. At registration time you can also specify a label for the entry, fixed IP address and expiry date.

ACCESS DHCP REGISTRATIONS

Clients can be de-registered by MAC or assigned fixed IP address.

ACCESS DHCP DE-REGISTRATION

The DHCP web tool provides a list of subnets where the University DHCP service has been enabled.

VIEW DHCP-ENABLED SUBNETS

The log search facility allows you to query and view key DHCP transactions. In particular this can be used to determine when a particular client was associated with a particular IP address.

Results will be filtered for your subnet: except in certain circumstances you will not be able to view log entries from other networks.

You may search on the following terms:

• MAC address: this is the best term to use, as it will show all entries pertaining to DHCP activity. The system accepts several common MAC address formats
• IP address: often in investigations you will an IP address relating to activity of interest, and will need to trace the MAC address of the client responsible. Be aware of the difference between a lease offered to a client (server sends a DHCPOFFER) and a lease accepted by a client (server sends a DHCPACK to the client to acknowledge take-up of a lease). Clients will often be offered leases from each server, and while under no obligation to accept either, will generally accept the first to be received
• Client hostname: this is an optional identifier which DHCP clients may send to the DHCP servers and generally corresponds to the name a user has assigned to their computer (eg "fred-laptop"). With the DHCP service, it does not affect whether or not a client is permitted to obtain a DHCP lease, but is recorded in the server logs

SEARCH DHCP LOGS

You can search the list of registered clients on a subnet. The link below is direct, however the same search functionality is available on all DHCP web tool pages.

SEARCH DHCP REGISTRATIONS

You should change your DHCP password when key personnel change, or if you believe that it may have been exposed to a party who should not have access. If you know your current password them you can change this via self-service using the link below. If you do not know your current password then please contact our Networks team for assistance.

CHANGE DHCP/DNS PASSWORD

We are able to detect other systems acting as DHCP servers on DHCP-enabled subnets. There are scenarios where this is correct, expected behaviour - however unauthorised DHCP servers can cause significant disruption or be an indicator of malicious activity.

VIEW POTENTIAL ROGUE DHCP SERVERS

Information regarding the usage of the dynamic pool on each subnet is gathered periodically from the DHCP server. The information displayed will typically be no more than a few minutes old.

Current usage will be displayed in terms of the number of available addresses out of the total number in the dynamic pool. Hosts with static IP addresses do not affect the count. Maximum and minimum usage is displayed from the previous Sunday onwards, i.e. a period of between seven and fourteen days.

Dynamic pool information is also provided through the DHCP server log search interface, however you need to click on View dynamics pool information button once you have selected your subnet and entered your password.

SEARCH DHCP LOGS