^{DHCP at SLAC}
Last Update: 8/11/2011

• DHCP - a basic description
  • How to configure your laptop for DHCP
  • How to find your MAC address
• DHCP at SLAC - three different flavors, each with their own function and use
  • Roaming DHCP   for registered laptops on the SLAC internal network
    • Policy and Security guidelines to be followed
    • How to get your laptop registered for Roaming DHCP
  • Visitor  DHCP  for unregistered laptops on the visitor  network  (for SLAC visitors)
  • Temporary  DHCP  for system administrators for new machine configuration
• DHCP Czar Responsibilities-  responsibilities of the DHCP Czar include accurate/updated information
• DHCP Database  -  information on all registered Roaming DHCP entries
  • DHCP czars can register  laptops for Roaming or Temporary DHCP, update existing entries
  • Any user can search the DHCP database if he has a SLAC IP address (including via VPN or Citrix)
• Questions / Comments  - If you have any questions or comments concerning SLAC DHCP

DHCP - a basic description
The Office of the Chief Information Officer (OCIO) supports DHCP (Dynamic Host Configuration Protocol)  for laptop computers on most SLAC subnets.

DHCP enables a computer, with a DHCP client installed and configured,  to dynamically obtain an IP address for a fixed length of time (a lease period) from a remote DHCP server.  When the lease period expires, the server can assign that IP address to another client on the network. DHCP also enables clients to acquire other IP network configuration parameters such as a default gateway address, subnet mask, DNS addresses, WINS addresses, NIS addresses, etc.

The major advantages of DHCP include simplicity of configuration for the clients and the ability to centrally manage the parameters listed above.  More detailed information and the DHCP RFC can by found on the Resources for DHCP web site.

To use DHCP you will need to configure your laptop's network configuration and know the hardware or MAC address of your Ethernet card.  Check with your IT Departmental Support (ITDS) person for help.

Roaming DHCP - for registered laptops on the SLAC network
Roaming DHCP allows the laptop user to connect his registered laptop to network taps on different subnets of the SLAC internal network.  There is no DHCP service for desktops.  There is no wireless networking on the SLAC internal network.

The MAC address of the laptop must first be registered with the DHCP server.  After the laptop is registered  and connected to the SLAC network the DHCP server will dynamically assign it a SLAC IP address and other network configuration information.

As long as the laptop is connected to the network the lease will not expire and the laptop will keep the assigned IP address. If the laptop disconnects from the network the lease will expire after the lease time is up and the IP address will be freed up to be used by another DHCP client.  The laptops lease  will have to be renewed the next time the laptop is connected to the network.  The lease time  is 1 hour.

If a registered MAC address is not used for 9 months it will be removed from  DHCP and will need to be registered again.

Policy and Security Guidelines to be followed
The ITDS should determine that the laptop meets current security requirements set by SLAC Computing Security before registering the laptop for DHCP.  In order to keep your DHCP registration, your machine must keep up-to-date with these security requirements, or else your DHCP registration will be revoked.

For Windows:
Before requesting DHCP you are required to  read and implement  the Windows at SLAC guidelines, including the  Guidelines for Connecting Computers to SLAC Internal Network   . Check with your ITDS for help.

For Linux:
Before requesting DHCP you are required to  read and implement the  Linux at SLAC  guidelines. For help check with unix-admin@slac.stanford.edu .

How to get your laptop registered for Roaming DHCP
Contact your IT Departmental Support (ITDS) person  and provide her/him with the DHCP Registration Information listed below.  He/she can register it for you.

Copy and paste the DHCP Registration Information and your responses to your email:

DHCP Registration Information (all information is required):
   *  =  Name must be in the SLAC Phone Book

• MAC Address      e.g. 00:0d:9d:c9:1c:48  :
• PC Number   e.g. PC12345  or  "Not SLAC Property"  :
• OS Version     e.g. WXP SP2,    Linux RH10  :
• User's Name  *  :
• User's Home Institution    e.g. SLAC,  INFN, TRIESTE  :
• Contact / Supervisor  *    e.g. user's supervisor, manager, or sponsor  :
• System Admin   *         the person who will administer this laptop :
• Security    The laptop user and the System Admin have read,
                understood,  and implemented the Security  Guidelines  
                and the System Admin has determined that the laptop
                meets current security patch levels.                reply    yes or no  :

Visitor DHCP  -  for unregistered laptops on the visitor network (for SLAC visitors)
Visitor DHCP allows SLAC visitors  a quick and easy connection to the Internet to read email, connect to hosts at  home institutions, and browse the web.  This connection is on the visitor network,  located outside the SLAC internal network and firewall,  and restricts access to many SLAC network services.  

No registration is needed.  Users simply need to find a network  tap configured for the visitor network and connect their laptop to it. Currently there are visitor taps located in the Auditorium, many conference rooms, and other locations at SLAC.  Check with your ITDS  for specific locations.

The visitor network also supports wireless networking. See the SLAC wireless web page for more information.

Temporary DHCP  -  for system administrators for new machine configuration
Temporary DHCP is used by authorized system administrators (these are ITDS's), who are also DHCP Czars,  to allow them to configure new machines on the network.  The lease period for temporary DHCP expires at midnight of the day it's acquired.

DHCP Czar Oesponsibilities - Include providing and verifying accurate and updated information.

• The Czar is responsible for the completeness and accuracy of the information he enters. If he has questions about the information provided by a user, he should verify the information, or pass on the request to dhcp-admin to handle.
   
• Information in the database should be kept up to date. For instance, if the Czar learns that the ownership or OS of a system has changed, the database should be updated.
   
• OS information, including SP level, must be provided. If the OS is not one of the standard ones supported at SLAC, the request should be forwarded to dhcp-admin rather than entered by the Czar.

DHCP Database - DHCP Czars (see below for how to find out who are the DHCP czars) can register new entries and make updates to the entries.  Users can search the DHCP database.

DHCP Czars can make changes to the DHCP Database including:

• add new Roaming entries
• add new Temporary entries
• update existing entries
• if you are not a DHCP czar then you will get a message of the form:
  DHCP.STARTUP: PROCEDURE DOESN'T EXIST
  and you will need to contact a DHCP czar (see below for how to find out who are the DHCP czars)

Users can search the DHCP Database.

• The user must have a SLAC IP address.  This means being on the SLAC network or connected via VPN or Citrix
• For example to find out who are the DHCP czars search the DHCP database and click on the Czar pull down (default labelled "Any Czar")