Server/Security Parameters

In the Server/Security tab, you can define the configuration of a JOIN server by setting:

Configuring Server/Security Parameters

To configure JOIN server parameters:

Accept Client Name

 Choose True to have JOIN automatically accept the name a client suggests for itself. However, the server will accept the client-suggested name only if the name does not conflict with the hardware or IP addresses, and if the name is not used elsewhere in the network. The default setting is False.

Clients may or may not have an assigned name. If a client does not have an assigned name, one is assigned from the JOIN hostnames list when the client requests an IP address.

Assign Name by Hardware Address

Choose True to assign the hostname by the hardware address. The client computer always has the same name, even if its IP address changes. Also, the client must remain in the same domain.

Assign Name by IP Address

Choose True to assign the hostname by an IP address. The client receives its name from the name service. When a client computer is moved, it can receive a new name from the name service (if this option is selected).

Auto Reread Config File

Instructs the server to check whether or not the dhcpcap file appears to have changed each and every time a client configuration is required. If the file has changed (as indicated by its time stamp), the server will read and parse it anew. The default is True.

Auto Release Old Lease

Set this True if you want to automatically delete leases when the client changes its net. For example, if the client received an address on Subnet A, then moved to Subnet B, the leased IP address on Subnet A will be released.

Note: Some hardware, notably SUN workstations, use a MAC address or client identifier which is the same regardless of the interface being configured. Therefore, two interfaces of a client of this type may appear to the server to be a single client which has changed network. You would probably not want to auto delete leases in this case.

Auto Synchronize Database

Set this parameter to True to flush the server database to disk after each update. This is more reliable in the event of a failure, but slows the server down. The default is False.

BOOTP Client Lease Extension

Finite BOOTP lease support. When this parameter is not zero, the server grants FINITE leases to BOOTP clients. BOOTP clients don't know this, so before the server can re-use these leases it must ping the IP address. If a reply is heard the server automatically extends the lease by this time interval (in seconds).

Note: The original lease conferred on a BOOTP client is determined by the dhcpcap file, which need not be the same as this extension. Also, this capability is only relevant to BOOTP clients which are dynamically addressed (BOOTP_addr_from_pool set to True). The default value is 0.

BOOTP Addr From Pool

Specifies if the server can permanently assign an IP address from its free pool to a BOOTP client in the event that no permanent binding exists in dhcpcap. Normally the JOIN server can only service BOOTP clients for which such a binding pre-exists. This option is valid only if support_BOOTP is enabled.

False do not pick an address from a pool
True pick an address from a pool

BOOTP Compatibility

 Choose True to have the server also act as a BOOTP server servicing BOOTP clients. The default is False.

Check BOOTP Client Net

Before a BOOTP client is given a hard-wired IP address the server checks that the client is indeed connected to the logical IP network for which the address is valid. If not, an error is logged and no response sent. This prevents the server from giving a BOOTP client on Subnet A a user-specified IP address on Subnet B. In order for this to work properly netmasks must contain the network numbers and masks for any non-standard IP Class A, B or C configuration.

Default Lease Time

Enter the default lease time of the IP address granted to a client. Default lease time is one day.

Min BOOTP Packet Size

Specifies the minimum packet size for DHCP requests. Change this value to allow the DHCP server to work with some non-compliant DHCP clients that send DHCP requests smaller than the minimum required packet length.

Default minimum packet size 300 bytes
Note: Macintosh DHCP client from an early version of Open Transport sends packets smaller than the minimum 300 bytes. To compensate, set this parameter to 200 bytes.

Name Service

 Choose a name service. Before JOIN can work, a name service must be configured for the JOIN server. Name service is used to authenticate, route, address, and perform naming-related functions for other computers on the network. Four types of name services can be used by the JOIN server:

Digital Unix /etc/hosts, DNS, and NIS
HP-UX /etc/hosts, DNS, and NIS
Solaris /etc/hosts, DNS, NIS, and NIS+
SunOS /etc/hosts, DNS, NIS

Name Service Updatable

 Choose True to have JOIN automatically update the name service with the assigned IP addresses and hostnames. The following table describes name services that can be updated for each platform.

Digital Unix /etc/hosts
HP-UX 9 /etc/hosts
HP-UX 9 /etc/hosts and NIS
Solaris /etc/hosts, NIS and NIS+
SunOS /etc/hosts and NIS

Note: DNS cannot be updated by JOIN.

Ping BOOTP Clients

Before an IP address is given to a BOOTP client the server first checks to see whether or not it is in use by sending an ICMP echo. If a reply is received, an error is logged. If the address was from the dynamic pool it will be marked unavailable, and a new address selected from the pool. If the address was statically configured the server refuses to configure the client.

Ping Timeout

Enter the duration to wait before concluding no other host is using the IP address. After the time-out, the ping command stops checking.

Before assigning an address, the server checks to see if the address is already in use on the network. The ping command can be used to find out if an IP address on the network is available. When ping sends an echo request, the client, if it exists, responds with an echo reply.

Enter the time allocated to check that no other host is using the IP address. The time out value is in milliseconds. If you do not want the server to ping before giving out an IP address, set the timeout value to 0.

Provisional Time To Live

This parameter serves two functions:

  1. Specifies the maximum time that an IP address remains on the provisionally allocated list before it becomes a candidate for allocation to another client. The provisional list describes an IP address offered to a client but not accepted or refused by the client. If the client doesn't indicate a decision either way by this time-out value, the address will once again be available for allocating to other clients. The default value is 60 seconds.
  2. Specifies the "blackout" period for BOOTP clients that sends repeated BOOTP requests without waiting for a reply. The "blackout" period is used only if "Ping BOOTP Clients" is set to True. Once the server sends out a BOOTP reply, it will not send out another BOOTP reply to this BOOTP client until the blackout period has expired.

Reply to Relay On Local Net

 Specifies if the server will ignore packets forwarded to it via a relay agent who is on the same subnet as the server.

False do not reply (presumably the server will hear the client broadcast directly)
True reply regardless of the location of the relay agent

Restrict to Known MAC Addresses

 Specifies whether the server should respond to clients with a MAC address that is unknown to the server. Choose True to have DHCP information provided to only those hosts which have a known MAC address. To "register" a known MAC address client, use Preload MAC Addresses from the Server/Security tab. Choose False to have DHCP information provided to all clients. The default is False.

For more information, see "Preload MAC Addresses".

Send Options In DHCP Offer

Specifies if the server will send a complete configuration to a DHCP client. Resolving a client configuration can be time consuming and, in a multi-server environment, the client may select another server. The default is False.

False send a minimum configuration
True send a complete configuration

Use MAC addr as client ID

 Specifies whether the server should use the "client ID" to uniquely identify a client. If set to True, the server will use the client's MAC address as the client ID. Using the MAC address as the client identifier is the same method used by BOOTP to uniquely identify a client. For more information on client ID, refer to "The Concept of Client ID".

Configuring IP Ranges

Use the IP Ranges parameters to specify the IP addresses available for assignment to clients.

Note: If your network is subnetted, you must reflect that information properly in the netmasks file.

  1. From the drop-down list, select IP Ranges.
  2. From the IP Ranges list, select [New IP Range].
  3. Enter the Subnet Address and DHCP Server address.
  4. For each IP Range, specify the starting address and the ending address.

IP Ranges Parameters

Subnet Address

 Subnets are logical subdivisions of a single TCP/IP network. The subnet IP address identifies one segment of the network. As the number of networks grows, routing IP addresses can get very complicated. Using subnets allows more flexibility when assigning and administering network addresses.

On the right side of the window, enter the Subnet IP address, for example, 128.174.139.0. This sample network has a Class B address (128.174.x.x) that is subnetted to Class C with a 24-bit subnet mask, resulting in the network 128.174.139.0.

DHCP Server

Enter the IP address or name of the JOIN DHCP server. For example, 128.174.139.10. More than one JOIN server can be configured on a local area network (LAN) or subnet.

IP Ranges

The IP Address Range is the group of unique IP addresses that will be assigned to clients on the selected subnet. Using the above subnet IP address as an example, an administrator can configure a range of 100 clients from 128.174.139.20 to 128.174.139.120.

More than one range can be configured for a particular network. If your network has more than one range, enter the remaining IP address ranges.

The JOIN server can configure computers on more than one subnet. The target or client machine need not be on the same subnet as the JOIN DHCP server. However, the router must have a BOOTP/DHCP relay agent.

Secondary Address

Generally, the DHCP server offers an IP address based on the subnet address of the interface from which the server receives the DHCP request. In the case where the client and the server reside on two different subnets, a relay agent forwards the packets between them. The server uses the address of the interface from which the relay agent receives the DHCP request to identify the correct subnet. This helps to ensure that a client on Subnet A gets an address within Subnet A.

However, this mechanism breaks down if you have one of these configurations:

  1. Multiple logical subnets on a physical wire.
  2. Multiple logical subnets connected to a single router port which has a primary address and secondary addresses.
To correctly support these configurations, you must define ranges of secondary addresses. Secondary addresses will be used by the server when the primary address pool is exhausted.

In the example above, there are three logical subnets connected to a single port at the router: 129.72.3.0, 129.72.4.0 and 129.72.5.0. The primary interface address of the router is 129.72.3.1.

The router also has two secondary interface addresses: 129.72.4.1 and 129.72.5.1. The DHCP server (129.72.8.33) sits on a different subnet, connected to the router at a different port.

The server has configured three different pools of addresses, one for each subnet:

Subnet Range
129.72.3.0 129.72.3.10-129.72.3.50
129.72.4.0 129.72.4.20-129.72.4.80
129.72.5.0 129.72.5.35-129.72.5.88

The JOIN nets file should look like this:

          129.72.3.0 129.72.8.33  129.72.3.10-129.72.3.50
                                  129.72.4.20-129.72.4.80
                                  129.72.5.35-129.72.5.88

When the router receives a DHCP request from the client, it is going to stamp its primary interface address (129.72.3.1) into the packet before forwarding it to the server. Upon receiving the request, the server will assign an address from the primary range (129.72.3.10-129.72.3.50). When that pool is exhausted, the server will then give an IP address from the second range (129.72.4.20-129.72.4.80) and then the third range (129.72.5.35-129.72.5.88). Even though the IP address in the second and third pools are not on the same subnet as 129.72.3.0, the server will assign addresses from those IP pools. This allows IP addresses from different subnets to be given through the same interface.

To support secondary addresses, enter the additional ranges of IP address through the GUI.

Configuring Parameters for Secondary Nets

Since secondary nets reside on different logical networks, they typically do not share the same set of configuration parameters. For example, in the previous network environment, the default router for each secondary net should be different. In addition, each secondary net may have its own DNS server or use a different subnet mask. As a result, each secondary net should have its own set of configuration parameters. This is done the same way parameters are defined for subnets using the Subnet tab in the xjoin GUI, regardless of whether the subnet is a primary or secondary network. In the above sample environment, the user should define three subnet configuration parameters for subnet3, subnet4 and subnet5.

Supporting BOOTP clients for Secondary Nets

Traditionally, the BOOTP protocol is used to provide static, one-to-one MAC address to IP address mapping. Using static MAC-to-IP mapping, the use of secondary networks should have no effect on IP address assignment. Each MAC address has a predefined, unique IP address. However, the JOIN server has a feature where an IP address can be allocated from an IP pool for a BOOTP client. This provides dynamic IP mapping for BOOTP clients. This feature is enabled by setting the Server/Security parameter, BOOTP Addr from Pool to True. If you want to use this feature for secondary networks, you will need to configure the IP address ranges for secondary nets the same way you do for DHCP clients. The server will give out IP addresses to the BOOTP clients from one range to another after exhausting the preceding range.

Configuring Hostnames

You can assign client hostnames from the JOIN server by specifying a pool of names. For more information about how a name is chosen and assigned, see Appendix B, "Server Logic."

Note: Follow the instructions in this section only if Accept Client Name is set to False.
If you configured the JOIN Server to automatically accept the name a client suggests for itself, you normally do not need to set up hostnames. However, in the event that a client requests a name that another client has previously reserved, you do need to set up hostnames.

  1. From the drop-down list, select Hostname Lists, then select [New Hostname List].
  2. Enter:

Hostnames list parameters

Domain Name

 Enter the domain name where the hostname belongs. For example, school.edu, company.com, city.gov, and so on.

DHCP Server

Enter the IP address or name of the JOIN DHCP server.

Hostname Prefix

Enter a specific hostname prefix.

The hostname prefix is used when a computer requests a hostname, but no hostname is available.

For example, if the names in the Hostname list box have all been assigned and the hostname prefix is Mariner, the next two computers to request hostnames would receive Mariner1 and Mariner2 as their hostnames.

Hostnames

Enter as many hostnames as desired. Hostnames can be owned by different JOIN Servers. Again, when all of the hostnames are used (assigned), the JOIN server will use the hostname prefix (see above) to assign additional names.

Active IP Snapshot

You can use the Active IP Snapshot window to:

Checking the status of a configuration

 The left side of the Active IP Snapshot window lists each configured JOIN client. To see the details of a configuration, select a record on the left side of the window. The right side of the window lists the information that applies to the configuration.

Adding a new lease

You can add a new IP address (lease) using the Active IP Snapshot window. Do this when you want to permanently allocate an IP address to a MAC address.

Changes made to the database take effect immediately.

Note: Make sure that the IP address you specify does not belong to any pool of IP addresses configured in IP Range. Otherwise, the IP address could be released and used by other clients (MAC address).

Removing a lease

To remove a lease, select the record and click Delete.

Changes to the database take effect immediately.

Importing a file into the Active IP database

  1. Click Import.
  2. Choose the file to import.
  3. Click OK.
The file being imported must be in ASCII format, and each record in the file must start on a new line. The fields within each record should be separated with the pipe character ( | ). For more information about the imported file format, refer to the jdbmod man page.

Refreshing the Active IP Snapshot window

Click Refresh. The current status of the database is shown.

Preload MAC Addresses

Use the Preload MAC Addresses window to restrict assignment of IP addresses. To enable this security measure, set Restrict to known MAC addr to True in the Server/Security Parameters window. Dictate what clients get configuration information from the server by manually entering the desired MAC addresses. All other client DHCP requests will be ignored.

Checking the status of a MAC address

The left side of the Preload MAC Addresses window lists each configured MAC address and type. To see the details of a MAC address, select a record. The right side of the window lists the information that applies to the address.

Adding a new MAC address

Typically, you add a new MAC address when you want to restrict the server to work with a specific set of MAC addresses.

  1. Choose [New Record].
  2. Enter a value for each parameter.
  3. Click Add.
Changes to the database take effect immediately.

Removing a MAC address

  1. Choose a MAC address.
  2. Click Delete.
Changes to the database take effect immediately.

Searching for a MAC or IP address

  1. Click Find.
  2. Enter the MAC or IP address you want to locate.
  3. Click OK.

Importing a file into the MAC address database
  1. Click Import.
  2. Choose the file to import.
  3. Click OK.
The file being imported must be in ASCII format, and each record in the file must start on a new line. The fields within each record should be separated with the pipe character ( | ). For more information about the imported file format, refer to the jbdreg man page.

Refreshing the MAC Addresses window

Click Refresh. The current status of the database is shown.

Last Modified: 11:26am , November 11, 1996