Ready to watch this entire course?
Become a member and get unlimited access to the entire skills library of over 4,900 courses, including more Business and personalized recommendations.Start Your Free Trial Now
- View Offline
- Deploying, troubleshooting, and understanding OS X 10.6 DNS server
- Understanding and configuring OS X and OS X Server-based firewalls
- Fixing server- and client-side firewalls
- Configuring and troubleshooting DHCP
- Setting up and troubleshooting a VPN server
Skill Level Intermediate
When troubleshooting DHCP, there are a few places you can look to see if the problem is local to the server or in the client or in the network in between. If you think about it, DHCP functions properly when the client asks if a DHCP server is present. The server responds that it is, then the DHCP client requests an address, then the server provides all the configuration info that it has for the system on the leased basis. When the client comes to the end of its lease, it renews and usually will get the same IP address upon renewal of the lease.
And when the client leaves the network, it tells the server that the address has been leased and that it's being returned to it and is available now for someone else to use. The first thing that can get in the way of that is that the server might not hear the client's query about whether the server is out there or not. Then that communications process can be interrupted by a network disconnection like an unplugged cable or a damaged network interface, or by access control lists on a switch that forbid the client from accessing the service, or by a firewall rule that prevents the traffic from breaching the server.
I'm going to open Server Admin, here we are on the server, and I'm going to take us back over to the firewall. Now we've got our various groups, and I'm going to go into our DHCP range and what I want to do here is I want to make sure that the ports that are necessary for DHCP are enabled in all necessary groups.
I am going to sort by Description and this is where Mac OS X Server's Server Admin interface really shines. The ports that are necessary are 68 and 67 and all you have to do to find them is sort out DHCP and you've got them. Those are the only two ports that are necessary. I'm going to just be doubly secure here. That one's allowing all traffic, and I think we've got the any of rules set to Allow all right now, which is fine for what we're doing.
So the point being that you're for sure that you're allowing 68 and 67 for absolutely everyone. You can check your active rules over here, but once you've done that, your client should be able to receive a DHCP address. So that's accessing the Firewall and changing the way it is configured to allow your DHCP to function properly. And even if it's not your firewall, if it's someone else's, you can go to them and say hey, turn on Port 67 and 68. We need that to be available because DHCP has to work, and that's what they can do.
Another easy thing to fix is to find out if the service is actually running. Let's say you can't get into Server Admin for some reason. Lo and behold, yes, there is. There is a Terminal way to do this. If we open up Terminal here from the server, and we just type sudo -s to make us root, and we just type serveradmin fullstatus dhcp, what we get back is a really detailed list of what's going on with DHCP.
We know that it's running. We know it's backendVersion. We know how many active clients it's got. We have a lot of information that can all be very useful for troubleshooting. So that's a very important thing to remember, and it's good thing to memorize. It's serveradmin fullstatus dhcp. BOOTP is the name of the service that runs DHCP on Mac OS X server. So, when you look at logs for useful troubleshooting information, what we want to look at is the system log. So I'm going to go into Utilities, and I'm going to go to Console and open it.
And what we're going to do now is we're going to close this down. We're going to find the system log. The system log is right here. And if we do a filter on BOOTP, what we'll find is all of the traffic that has been generated by our DHCP server. And here you can see the offering and the replying and all of the transaction information that's in place here between our server and our client system. If there is a problem, if, for example, a request is being received, but a reply is not being sent, you'll see that here and you can troubleshoot that from this position.
So this is a great log to look at right here. Just remember to filter on BOOTP when you come in here and look. If you haven't done so already, this would be a great time to try to access the network using a device that can pick up DHCP. We already did that in our Configuring movie, so we know it's functioning properly. But it's a fairly easy thing to do. You plug any device into the network and if it receives an IP address in the range that you specified, your DHCP server is working. We have success then and we can move on to our next subject, which is VPN.