🌐 AlmaLinux DHCP Server Configuration: Complete Network Automation Guide

Welcome to the ultimate AlmaLinux DHCP server configuration guide! 🎉 Setting up a DHCP (Dynamic Host Configuration Protocol) server automates IP address assignment and network configuration for all devices on your network. Whether you’re managing a small office network or enterprise infrastructure with thousands of devices, DHCP eliminates manual IP configuration and ensures seamless connectivity! 🌟

DHCP servers are the backbone of modern networks, automatically providing IP addresses, subnet masks, gateways, and DNS settings to every device that connects. This guide will show you exactly how to build a robust, enterprise-grade DHCP server that handles everything from basic IP allocation to advanced features like failover and load balancing! 🚀

🤔 Why is DHCP Server Important?

DHCP servers are absolutely essential for modern network operations! Here’s why setting up your own DHCP server is incredibly valuable: ✨

🔄 Automatic Configuration: Eliminate manual IP address assignment for all network devices
📊 Centralized Management: Control all network parameters from a single location
🎯 IP Address Management: Prevent IP conflicts and optimize address pool utilization
🌐 Scalable Solutions: Support thousands of devices with automatic configuration
⚡ Quick Deployment: New devices get network access instantly upon connection
💰 Operational Efficiency: Reduce IT support tickets and manual configuration tasks
🔧 Flexible Configuration: Support multiple subnets, VLANs, and network segments
📈 Resource Optimization: Efficiently utilize available IP address ranges
🛡️ Security Integration: Implement MAC-based access control and device filtering
📋 Comprehensive Logging: Track device connections and network usage patterns

🎯 What You Need

Before we start configuring your DHCP server, make sure you have these essentials ready:

✅ AlmaLinux 9.x server with root or sudo access ✅ Static IP address configured on the server ✅ Minimum 1GB RAM and 10GB disk space ✅ Network interface connected to the target subnet ✅ Basic networking knowledge (IP addresses, subnets, gateways) ✅ Terminal/SSH access to your server ✅ Text editor familiarity (nano, vim, or gedit) ✅ Firewall admin access for port configuration ✅ Network topology documentation showing IP ranges and subnets ✅ Client devices to test DHCP functionality

📝 Step 1: System Preparation and Network Setup

Let’s start by preparing your AlmaLinux system and configuring the network interface! 🎯

# Update system packages to latest versions
sudo dnf update -y

# Install network utilities for troubleshooting
sudo dnf install -y net-tools tcpdump wireshark-cli

# Check current network configuration
ip addr show
ip route show

# Identify network interfaces
nmcli device status
nmcli connection show

# Check current IP configuration
hostname -I
cat /etc/hostname

# Verify static IP configuration (DHCP server should have static IP)
nmcli connection show "System eth0" | grep -E "(ipv4.method|ipv4.addresses)"

# If not static, configure static IP (example for eth0)
# sudo nmcli connection modify "System eth0" ipv4.method manual
# sudo nmcli connection modify "System eth0" ipv4.addresses "192.168.1.10/24"
# sudo nmcli connection modify "System eth0" ipv4.gateway "192.168.1.1"
# sudo nmcli connection modify "System eth0" ipv4.dns "8.8.8.8,8.8.4.4"
# sudo nmcli connection up "System eth0"

# Test network connectivity
ping -c 3 8.8.8.8
ping -c 3 google.com

Expected output:

Complete!
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 192.168.1.10/24 brd 192.168.1.255 scope global noprefixroute eth0
default via 192.168.1.1 dev eth0 proto static metric 100
192.168.1.10
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=115 time=12.3 ms

Perfect! 🌟 Your network interface is properly configured with a static IP address!

🔧 Step 2: Install ISC DHCP Server

Install and configure the ISC DHCP server package on AlmaLinux! ⚡

# Install ISC DHCP server
sudo dnf install -y dhcp-server

# Check installed version
dhcpd --version

# Create DHCP configuration backup directory
sudo mkdir -p /etc/dhcp/backup

# Backup original configuration file
sudo cp /etc/dhcp/dhcpd.conf /etc/dhcp/backup/dhcpd.conf.original

# Check default configuration
cat /etc/dhcp/dhcpd.conf

# Verify DHCP user and group exist
id dhcpd
getent group dhcpd

# Check DHCP service status (initially stopped)
sudo systemctl status dhcpd

# Check firewall status
sudo firewall-cmd --list-all

# Identify available network interfaces
ip link show

Expected output:

Complete!
Internet Systems Consortium DHCP Server 4.4.2
Copyright 2004-2020 Internet Systems Consortium.

# DHCP configuration file for Red Hat systems

uid 177(dhcpd) gid 177(dhcpd) groups=177(dhcpd)
● dhcpd.service - DHCPv4 Server Daemon
     Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled)
     Active: inactive (dead)

Excellent! ✅ ISC DHCP server is installed and ready for configuration!

🌟 Step 3: Configure Basic DHCP Settings

Create a comprehensive DHCP server configuration for your network! 📊

# Get network information for configuration
NETWORK_INTERFACE=$(ip route | grep default | awk '{print $5}' | head -n1)
SERVER_IP=$(ip addr show $NETWORK_INTERFACE | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | head -n1)
NETWORK=$(ip route | grep $NETWORK_INTERFACE | grep -oP '\d+(\.\d+){3}/\d+' | head -n1)
GATEWAY=$(ip route | grep default | awk '{print $3}' | head -n1)

echo "Network Interface: $NETWORK_INTERFACE"
echo "Server IP: $SERVER_IP"
echo "Network: $NETWORK"
echo "Gateway: $GATEWAY"

# Create comprehensive DHCP configuration
sudo tee /etc/dhcp/dhcpd.conf << EOF
# AlmaLinux DHCP Server Configuration
# Global Configuration

# DHCP Server Settings
default-lease-time 3600;              # 1 hour default lease
max-lease-time 86400;                 # 24 hour maximum lease
authoritative;                        # This is the authoritative DHCP server

# DNS Configuration
option domain-name "company.local";
option domain-name-servers 8.8.8.8, 8.8.4.4, 1.1.1.1;

# Network Boot Settings (for PXE if needed)
option routers $GATEWAY;
option broadcast-address $(echo $NETWORK | cut -d'/' -f1 | awk -F'.' '{print $1"."$2"."$3".255"}');
option subnet-mask 255.255.255.0;

# Logging Configuration
log-facility local7;
ddns-update-style none;

# Global Options
option time-offset -18000;            # Eastern Standard Time
option ntp-servers pool.ntp.org;

# Primary Subnet Configuration
subnet $(echo $NETWORK | cut -d'/' -f1 | awk -F'.' '{print $1"."$2"."$3".0"}') netmask 255.255.255.0 {
    range $(echo $NETWORK | cut -d'/' -f1 | awk -F'.' '{print $1"."$2"."$3".100"}') $(echo $NETWORK | cut -d'/' -f1 | awk -F'.' '{print $1"."$2"."$3".200"}');
    option routers $GATEWAY;
    option subnet-mask 255.255.255.0;
    option broadcast-address $(echo $NETWORK | cut -d'/' -f1 | awk -F'.' '{print $1"."$2"."$3".255"}');
    option domain-name-servers 8.8.8.8, 8.8.4.4;
    option domain-name "company.local";

    # Performance optimizations
    default-lease-time 7200;          # 2 hours for this subnet
    max-lease-time 172800;            # 48 hours maximum
}

# Static IP Reservations
# Example: Server reservations
host file-server {
    hardware ethernet aa:bb:cc:dd:ee:01;
    fixed-address $(echo $NETWORK | cut -d'/' -f1 | awk -F'.' '{print $1"."$2"."$3".50"}');
    option host-name "file-server";
}

host print-server {
    hardware ethernet aa:bb:cc:dd:ee:02;
    fixed-address $(echo $NETWORK | cut -d'/' -f1 | awk -F'.' '{print $1"."$2"."$3".51"}');
    option host-name "print-server";
}

# Printer Pool (different lease times)
class "printers" {
    match if substring (option vendor-class-identifier, 0, 7) = "printer";
    default-lease-time 86400;         # 24 hours for printers
    max-lease-time 604800;            # 1 week maximum
}

# Mobile Device Pool (shorter leases)
class "mobile-devices" {
    match if substring (option vendor-class-identifier, 0, 6) = "mobile";
    default-lease-time 1800;          # 30 minutes for mobile devices
    max-lease-time 7200;              # 2 hours maximum
}
EOF

# Verify configuration syntax
sudo dhcpd -t -cf /etc/dhcp/dhcpd.conf

# Check configuration file
cat /etc/dhcp/dhcpd.conf

Expected output:

Network Interface: eth0
Server IP: 192.168.1.10
Network: 192.168.1.0/24
Gateway: 192.168.1.1
Internet Systems Consortium DHCP Server 4.4.2
Copyright 2004-2020 Internet Systems Consortium.
All rights reserved.
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcpd/dhcpd.leases
PID file: /var/run/dhcpd.pid

Amazing! 🌟 Your DHCP server configuration is complete and syntactically correct!

✅ Step 4: Configure Firewall and Start Service

Configure firewall rules and start the DHCP service! 🔥

# Enable and start firewalld service
sudo systemctl enable firewalld
sudo systemctl start firewalld

# Add DHCP service to firewall
sudo firewall-cmd --permanent --add-service=dhcp

# Alternative: Add DHCP ports manually
sudo firewall-cmd --permanent --add-port=67/udp  # DHCP server port
sudo firewall-cmd --permanent --add-port=68/udp  # DHCP client port

# Add SSH for remote management
sudo firewall-cmd --permanent --add-service=ssh

# Reload firewall rules
sudo firewall-cmd --reload

# Verify firewall configuration
sudo firewall-cmd --list-all

# Create empty leases file if it doesn't exist
sudo touch /var/lib/dhcpd/dhcpd.leases
sudo chown dhcpd:dhcpd /var/lib/dhcpd/dhcpd.leases

# Set correct permissions
sudo chmod 644 /var/lib/dhcpd/dhcpd.leases

# Start DHCP service
sudo systemctl start dhcpd

# Enable DHCP service for automatic startup
sudo systemctl enable dhcpd

# Check service status
sudo systemctl status dhcpd

# Verify DHCP server is listening
sudo ss -ulnp | grep :67
sudo netstat -ulnp | grep :67

# Check DHCP server logs
sudo tail -f /var/log/messages | grep dhcpd &

Expected output:

success
success
success
public (active)
  services: ssh dhcp
  ports: 67/udp 68/udp

● dhcpd.service - DHCPv4 Server Daemon
     Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; enabled)
     Active: active (running) since Tue 2025-09-17 12:00:15 EDT

UNCONN 0 0 0.0.0.0:67 0.0.0.0:* users:(("dhcpd",pid=12345,fd=7))

Perfect! 🎉 Your DHCP server is running and ready to serve IP addresses!

🔧 Step 5: Advanced DHCP Configuration

Configure advanced DHCP features for enterprise environments! 📈

# Create advanced DHCP configuration with multiple subnets
sudo tee -a /etc/dhcp/dhcpd.conf << 'EOF'

# Secondary Subnet (VLAN 10)
subnet 192.168.10.0 netmask 255.255.255.0 {
    range 192.168.10.50 192.168.10.150;
    option routers 192.168.10.1;
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.10.255;
    option domain-name-servers 192.168.1.10, 8.8.8.8;
    default-lease-time 3600;
    max-lease-time 86400;
}

# Guest Network (VLAN 20)
subnet 192.168.20.0 netmask 255.255.255.0 {
    range 192.168.20.100 192.168.20.200;
    option routers 192.168.20.1;
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.20.255;
    option domain-name-servers 8.8.8.8, 8.8.4.4;
    default-lease-time 1800;          # Shorter leases for guests
    max-lease-time 7200;
    deny unknown-clients;             # Only allow registered devices
}

# Network Boot Configuration (PXE)
subnet 192.168.30.0 netmask 255.255.255.0 {
    range 192.168.30.50 192.168.30.100;
    option routers 192.168.30.1;
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.30.255;
    option domain-name-servers 192.168.1.10;

    # PXE Boot Settings
    option tftp-server-name "192.168.1.10";
    option bootfile-name "pxelinux.0";
    next-server 192.168.1.10;

    default-lease-time 600;           # Short leases for PXE
    max-lease-time 3600;
}

# Device-Specific Classes
class "servers" {
    match if substring(option host-name, 0, 6) = "server";
    default-lease-time 86400;        # 24 hour leases for servers
    max-lease-time 604800;           # 1 week maximum
}

class "workstations" {
    match if substring(option host-name, 0, 2) = "ws";
    default-lease-time 28800;        # 8 hour leases for workstations
    max-lease-time 86400;            # 24 hours maximum
}

# Vendor-Specific Options
option space PXE;
option PXE.mtftp-ip code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;

# Failover Configuration (for redundancy)
failover peer "dhcp-failover" {
    primary;
    address 192.168.1.10;
    port 647;
    peer address 192.168.1.11;
    peer port 647;
    max-response-delay 60;
    max-unacked-updates 10;
    mclt 3600;
    split 128;
    load balance max seconds 3;
}

# Apply failover to primary subnet
# (Uncomment when secondary server is configured)
# subnet 192.168.1.0 netmask 255.255.255.0 {
#     pool {
#         failover peer "dhcp-failover";
#         range 192.168.1.100 192.168.1.200;
#     }
#     option routers 192.168.1.1;
# }
EOF

# Create DHCP monitoring script
sudo tee /usr/local/bin/dhcp-monitor.sh << 'EOF'
#!/bin/bash
# DHCP Server Monitoring Script

echo "=== DHCP Server Status Report ==="
echo "Date: $(date)"
echo ""

# Service status
echo "=== Service Status ==="
systemctl status dhcpd --no-pager -l

# Port status
echo -e "\n=== Port Status ==="
ss -ulnp | grep :67

# Active leases
echo -e "\n=== Active Leases ==="
dhcp-lease-list

# Lease statistics
echo -e "\n=== Lease Statistics ==="
echo "Total leases: $(wc -l < /var/lib/dhcpd/dhcpd.leases)"
echo "Active leases: $(grep -c "binding state active" /var/lib/dhcpd/dhcpd.leases)"
echo "Expired leases: $(grep -c "binding state expired" /var/lib/dhcpd/dhcpd.leases)"

# Pool utilization
echo -e "\n=== Pool Utilization ==="
awk '/range/ {print $2, $3}' /etc/dhcp/dhcpd.conf | while read start end; do
    echo "Range: $start - $end"
done

# Recent DHCP activity
echo -e "\n=== Recent DHCP Activity ==="
tail -n 20 /var/log/messages | grep dhcpd
EOF

# Make monitoring script executable
sudo chmod +x /usr/local/bin/dhcp-monitor.sh

# Test configuration syntax
sudo dhcpd -t -cf /etc/dhcp/dhcpd.conf

# Restart service with new configuration
sudo systemctl restart dhcpd

# Run monitoring script
sudo /usr/local/bin/dhcp-monitor.sh

Expected output:

Internet Systems Consortium DHCP Server 4.4.2
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcpd/dhcpd.leases

=== DHCP Server Status Report ===
Date: Tue Sep 17 12:05:30 EDT 2025

=== Service Status ===
● dhcpd.service - DHCPv4 Server Daemon
     Active: active (running) since Tue 2025-09-17 12:05:25 EDT

Excellent! ✅ Advanced DHCP features are now configured and active!

📝 Step 6: Test DHCP Functionality

Test your DHCP server with various client scenarios! 🎯

# Install DHCP lease list utility
sudo dnf install -y dhcp-lease-list

# Create DHCP testing script
sudo tee /usr/local/bin/test-dhcp.sh << 'EOF'
#!/bin/bash
# DHCP Server Testing Script

echo "=== DHCP Server Testing ==="

# Test 1: Check DHCP server process
echo "=== Test 1: DHCP Process Status ==="
ps aux | grep dhcpd | grep -v grep

# Test 2: Verify listening ports
echo -e "\n=== Test 2: Listening Ports ==="
ss -ulnp | grep -E ":(67|68)"

# Test 3: Configuration syntax check
echo -e "\n=== Test 3: Configuration Syntax ==="
dhcpd -t -cf /etc/dhcp/dhcpd.conf 2>&1

# Test 4: Firewall verification
echo -e "\n=== Test 4: Firewall Status ==="
firewall-cmd --list-services | grep -q dhcp && echo "DHCP service allowed" || echo "DHCP service NOT allowed"

# Test 5: Check lease database
echo -e "\n=== Test 5: Lease Database ==="
if [ -f /var/lib/dhcpd/dhcpd.leases ]; then
    echo "Lease file exists: $(ls -la /var/lib/dhcpd/dhcpd.leases)"
    echo "Total lease entries: $(wc -l < /var/lib/dhcpd/dhcpd.leases)"
else
    echo "Lease file missing!"
fi

# Test 6: Network interface check
echo -e "\n=== Test 6: Network Interface ==="
ip addr show | grep -A 2 -B 2 inet | grep -v 127.0.0.1

# Test 7: DNS resolution test
echo -e "\n=== Test 7: DNS Resolution ==="
nslookup pool.ntp.org | head -n 5

echo -e "\n=== Testing Complete ==="
EOF

# Make testing script executable
sudo chmod +x /usr/local/bin/test-dhcp.sh

# Run DHCP tests
sudo /usr/local/bin/test-dhcp.sh

# Simulate DHCP client request (using dhclient on a test interface)
# Note: This is for testing purposes only
echo "=== DHCP Client Simulation ==="

# Check current DHCP leases
echo "Current active leases:"
sudo dhcp-lease-list 2>/dev/null || echo "No lease list utility available"

# Monitor DHCP logs in real-time
echo "Starting DHCP log monitoring (press Ctrl+C to stop):"
sudo tail -f /var/log/messages | grep dhcpd

Expected output:

=== DHCP Server Testing ===

=== Test 1: DHCP Process Status ===
dhcpd     12345  0.0  0.3  12345  6789 ?        Ss   12:05   0:00 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid

=== Test 2: Listening Ports ===
UNCONN 0 0 0.0.0.0:67 0.0.0.0:* users:(("dhcpd",pid=12345,fd=7))

=== Test 3: Configuration Syntax ===
Internet Systems Consortium DHCP Server 4.4.2

DHCP service allowed

Perfect! 🌟 All DHCP server tests are passing successfully!

🎮 Quick Examples

Here are practical examples of using your DHCP server in real scenarios! 🌟

Example 1: Corporate Network with VLANs 🏢

# Configure DHCP for multiple corporate VLANs
sudo tee /etc/dhcp/conf.d/corporate-vlans.conf << 'EOF'
# Corporate VLAN Configuration

# Management VLAN (VLAN 100)
subnet 10.100.0.0 netmask 255.255.255.0 {
    range 10.100.0.50 10.100.0.100;
    option routers 10.100.0.1;
    option domain-name "mgmt.company.local";
    option domain-name-servers 10.100.0.10, 8.8.8.8;
    default-lease-time 86400;         # 24 hours for management devices
    max-lease-time 604800;            # 1 week maximum

    # Management server reservations
    host mgmt-server-1 {
        hardware ethernet 00:11:22:33:44:55;
        fixed-address 10.100.0.10;
        option host-name "mgmt-server-1";
    }
}

# User VLAN (VLAN 200)
subnet 10.200.0.0 netmask 255.255.0.0 {
    range 10.200.1.1 10.200.254.254;
    option routers 10.200.0.1;
    option domain-name "users.company.local";
    option domain-name-servers 10.100.0.10, 8.8.8.8;
    default-lease-time 28800;         # 8 hours for user devices
    max-lease-time 86400;             # 24 hours maximum
}

# Server VLAN (VLAN 300)
subnet 10.300.0.0 netmask 255.255.255.0 {
    range 10.300.0.50 10.300.0.200;
    option routers 10.300.0.1;
    option domain-name "servers.company.local";
    option domain-name-servers 10.100.0.10, 10.100.0.11;
    default-lease-time 604800;        # 1 week for servers
    max-lease-time 2592000;           # 30 days maximum

    # Critical server reservations
    host database-server {
        hardware ethernet aa:bb:cc:dd:ee:10;
        fixed-address 10.300.0.10;
        option host-name "database-server";
    }

    host web-server {
        hardware ethernet aa:bb:cc:dd:ee:11;
        fixed-address 10.300.0.11;
        option host-name "web-server";
    }
}
EOF

# Include corporate VLAN configuration
echo "include \"/etc/dhcp/conf.d/corporate-vlans.conf\";" | sudo tee -a /etc/dhcp/dhcpd.conf

# Create VLAN monitoring script
sudo tee /usr/local/bin/monitor-dhcp-vlans.sh << 'EOF'
#!/bin/bash
# Monitor DHCP usage across VLANs

echo "=== DHCP VLAN Usage Report ==="
echo "Generated: $(date)"

# Parse lease file for VLAN usage
awk '
BEGIN {
    print "\n=== VLAN Statistics ==="
    vlan100=0; vlan200=0; vlan300=0; other=0;
}
/lease 10\.100\./ && /binding state active/ { vlan100++ }
/lease 10\.200\./ && /binding state active/ { vlan200++ }
/lease 10\.300\./ && /binding state active/ { vlan300++ }
/lease/ && !/10\.(100|200|300)\./ && /binding state active/ { other++ }
END {
    print "VLAN 100 (Management): " vlan100 " active leases"
    print "VLAN 200 (Users): " vlan200 " active leases"
    print "VLAN 300 (Servers): " vlan300 " active leases"
    print "Other networks: " other " active leases"
    print "Total active leases: " (vlan100+vlan200+vlan300+other)
}' /var/lib/dhcpd/dhcpd.leases

echo -e "\n=== Recent DHCP Activity by VLAN ==="
tail -n 50 /var/log/messages | grep dhcpd | grep -E "(10\.100\.|10\.200\.|10\.300\.)"
EOF

sudo chmod +x /usr/local/bin/monitor-dhcp-vlans.sh

echo "Corporate VLAN DHCP configuration complete"

Example 2: Guest Network with Captive Portal 🌐

# Configure isolated guest network with restrictions
sudo tee /etc/dhcp/conf.d/guest-network.conf << 'EOF'
# Guest Network Configuration

# Guest WiFi Subnet
subnet 172.16.100.0 netmask 255.255.255.0 {
    range 172.16.100.100 172.16.100.200;
    option routers 172.16.100.1;
    option domain-name "guest.wifi";
    option domain-name-servers 8.8.8.8, 1.1.1.1;  # External DNS only

    # Short lease times for guests
    default-lease-time 900;           # 15 minutes
    max-lease-time 3600;              # 1 hour maximum

    # Captive portal redirection
    option www-server 172.16.100.1;

    # Deny unknown clients (MAC filtering)
    deny unknown-clients;

    # Guest device pool
    pool {
        allow members of "guest-devices";
        range 172.16.100.150 172.16.100.200;
    }
}

# Guest device class
class "guest-devices" {
    match if option vendor-class-identifier = "guest-device";
}

# Temporary guest registrations
host temp-guest-001 {
    hardware ethernet 11:22:33:44:55:66;
    fixed-address 172.16.100.101;
    option host-name "guest-device-001";
}

host temp-guest-002 {
    hardware ethernet 77:88:99:aa:bb:cc;
    fixed-address 172.16.100.102;
    option host-name "guest-device-002";
}
EOF

# Create guest management script
sudo tee /usr/local/bin/manage-guest-dhcp.sh << 'EOF'
#!/bin/bash
# Guest DHCP Management Script

ACTION="$1"
MAC_ADDRESS="$2"
HOSTNAME="$3"

case "$ACTION" in
    add)
        if [ -z "$MAC_ADDRESS" ] || [ -z "$HOSTNAME" ]; then
            echo "Usage: $0 add <mac-address> <hostname>"
            exit 1
        fi

        # Find next available IP
        LAST_IP=$(grep -oP 'fixed-address 172\.16\.100\.\K\d+' /etc/dhcp/conf.d/guest-network.conf | sort -n | tail -1)
        NEXT_IP=$((LAST_IP + 1))

        # Add guest reservation
        cat << EOF >> /etc/dhcp/conf.d/guest-network.conf

host guest-$HOSTNAME {
    hardware ethernet $MAC_ADDRESS;
    fixed-address 172.16.100.$NEXT_IP;
    option host-name "guest-$HOSTNAME";
}
EOF

        echo "Added guest device: $HOSTNAME ($MAC_ADDRESS) -> 172.16.100.$NEXT_IP"
        systemctl reload dhcpd
        ;;

    remove)
        if [ -z "$HOSTNAME" ]; then
            echo "Usage: $0 remove <hostname>"
            exit 1
        fi

        # Remove guest reservation
        sed -i "/host guest-$HOSTNAME {/,/}/d" /etc/dhcp/conf.d/guest-network.conf
        echo "Removed guest device: $HOSTNAME"
        systemctl reload dhcpd
        ;;

    list)
        echo "=== Current Guest Devices ==="
        grep -A 3 "host guest-" /etc/dhcp/conf.d/guest-network.conf
        ;;

    *)
        echo "Usage: $0 {add|remove|list} [mac-address] [hostname]"
        echo "Examples:"
        echo "  $0 add aa:bb:cc:dd:ee:ff smartphone-01"
        echo "  $0 remove smartphone-01"
        echo "  $0 list"
        ;;
esac
EOF

sudo chmod +x /usr/local/bin/manage-guest-dhcp.sh

echo "Guest network DHCP configuration complete"
echo "Use: sudo /usr/local/bin/manage-guest-dhcp.sh to manage guest devices"

Example 3: High-Availability DHCP Failover 🔄

# Configure DHCP failover for high availability
sudo tee /etc/dhcp/conf.d/failover-config.conf << 'EOF'
# DHCP Failover Configuration

# Primary/Secondary Failover Peer
failover peer "main-failover" {
    primary;                          # This is the primary server
    address 192.168.1.10;           # Primary server IP
    port 647;                        # Failover communication port
    peer address 192.168.1.11;      # Secondary server IP
    peer port 647;                   # Secondary failover port

    # Failover timing
    max-response-delay 60;           # Max response time
    max-unacked-updates 10;          # Max unacknowledged updates
    mclt 3600;                       # Maximum client lead time
    split 128;                       # Load balancing (50/50 split)
    load balance max seconds 3;      # Load balance timing
}

# Failover-enabled subnet
subnet 192.168.1.0 netmask 255.255.255.0 {
    option routers 192.168.1.1;
    option subnet-mask 255.255.255.0;
    option domain-name-servers 8.8.8.8, 8.8.4.4;
    option domain-name "company.local";

    # Failover pool
    pool {
        failover peer "main-failover";
        range 192.168.1.100 192.168.1.200;
        max-lease-time 86400;
        default-lease-time 3600;
    }

    # Static reservations (outside failover range)
    host critical-server-1 {
        hardware ethernet aa:bb:cc:dd:ee:01;
        fixed-address 192.168.1.50;
        option host-name "critical-server-1";
    }
}
EOF

# Create failover monitoring script
sudo tee /usr/local/bin/monitor-dhcp-failover.sh << 'EOF'
#!/bin/bash
# DHCP Failover Status Monitor

echo "=== DHCP Failover Status Report ==="
echo "Generated: $(date)"

# Check primary DHCP service
echo -e "\n=== Primary DHCP Service Status ==="
systemctl status dhcpd --no-pager -l

# Check failover port
echo -e "\n=== Failover Port Status ==="
ss -tlnp | grep :647

# Parse DHCP logs for failover messages
echo -e "\n=== Recent Failover Activity ==="
journalctl -u dhcpd --since "1 hour ago" | grep -i failover

# Check lease synchronization
echo -e "\n=== Lease Synchronization Status ==="
if [ -f /var/lib/dhcpd/dhcpd.leases ]; then
    echo "Lease database size: $(wc -l < /var/lib/dhcpd/dhcpd.leases) entries"
    echo "Last lease update: $(stat -c %y /var/lib/dhcpd/dhcpd.leases)"
fi

# Test connectivity to failover peer
echo -e "\n=== Peer Connectivity Test ==="
PEER_IP="192.168.1.11"
ping -c 3 $PEER_IP > /dev/null 2>&1 && echo "Peer $PEER_IP: REACHABLE" || echo "Peer $PEER_IP: UNREACHABLE"

# Check pool utilization
echo -e "\n=== Pool Utilization ==="
TOTAL_RANGE=101  # 192.168.1.100-200
ACTIVE_LEASES=$(grep -c "binding state active" /var/lib/dhcpd/dhcpd.leases 2>/dev/null || echo 0)
UTILIZATION=$((ACTIVE_LEASES * 100 / TOTAL_RANGE))
echo "Active leases: $ACTIVE_LEASES / $TOTAL_RANGE ($UTILIZATION%)"
EOF

sudo chmod +x /usr/local/bin/monitor-dhcp-failover.sh

echo "DHCP failover configuration complete"
echo "Note: Configure secondary server at 192.168.1.11 for full failover"

🚨 Fix Common Problems

Here are solutions to common DHCP server issues you might encounter! 🔧

Problem 1: DHCP Service Won’t Start ❌

# Check service status and detailed logs
sudo systemctl status dhcpd -l
sudo journalctl -u dhcpd --no-pager

# Test configuration syntax
sudo dhcpd -t -cf /etc/dhcp/dhcpd.conf

# Check lease file exists and permissions
ls -la /var/lib/dhcpd/dhcpd.leases
sudo chown dhcpd:dhcpd /var/lib/dhcpd/dhcpd.leases
sudo chmod 644 /var/lib/dhcpd/dhcpd.leases

# Create lease file if missing
sudo touch /var/lib/dhcpd/dhcpd.leases
sudo chown dhcpd:dhcpd /var/lib/dhcpd/dhcpd.leases

# Check network interface is up
ip link show
nmcli device status

# Verify DHCP user exists
id dhcpd || sudo useradd -r -s /sbin/nologin dhcpd

# Check for port conflicts
sudo ss -ulnp | grep :67
sudo lsof -i :67

# Check SELinux context
ls -laZ /var/lib/dhcpd/dhcpd.leases
sudo restorecon -v /var/lib/dhcpd/dhcpd.leases

# Restart service
sudo systemctl restart dhcpd

echo "✅ DHCP service startup issues resolved!"

Problem 2: Clients Not Receiving IP Addresses ❌

# Check firewall allows DHCP traffic
sudo firewall-cmd --list-services | grep dhcp
sudo firewall-cmd --list-ports | grep -E "(67|68)"

# Add DHCP service to firewall if missing
sudo firewall-cmd --permanent --add-service=dhcp
sudo firewall-cmd --reload

# Verify DHCP server is listening
sudo netstat -ulnp | grep :67
sudo ss -ulnp | grep :67

# Check subnet configuration matches network
ip route show
ip addr show | grep inet

# Test DHCP server from command line
sudo nmap --script broadcast-dhcp-discover

# Monitor DHCP requests in real-time
sudo tcpdump -i any -n port 67 or port 68

# Check DHCP logs for client requests
sudo tail -f /var/log/messages | grep dhcpd

# Verify IP range is not exhausted
echo "=== Pool Utilization Check ==="
POOL_START=$(awk '/range/ {print $2}' /etc/dhcp/dhcpd.conf | head -1 | cut -d'.' -f4)
POOL_END=$(awk '/range/ {print $3}' /etc/dhcp/dhcpd.conf | head -1 | cut -d'.' -f4 | tr -d ';')
ACTIVE_LEASES=$(grep -c "binding state active" /var/lib/dhcpd/dhcpd.leases)
TOTAL_IPS=$((POOL_END - POOL_START + 1))

echo "Pool range: $POOL_START - $POOL_END ($TOTAL_IPS IPs)"
echo "Active leases: $ACTIVE_LEASES"
echo "Available IPs: $((TOTAL_IPS - ACTIVE_LEASES))"

# Check for conflicting DHCP servers
sudo nmap -sU -p 67 --open 192.168.1.0/24

echo "✅ Client IP assignment issues resolved!"

Problem 3: IP Address Conflicts ❌

# Check for duplicate IP assignments
echo "=== Checking for IP Conflicts ==="

# Scan for active IPs on network
nmap -sn 192.168.1.0/24 > /tmp/network_scan.txt

# Check DHCP lease database
awk '/lease/ && /binding state active/ {print $2}' /var/lib/dhcpd/dhcpd.leases | sort > /tmp/dhcp_leases.txt

# Check static reservations
awk '/fixed-address/ {print $2}' /etc/dhcp/dhcpd.conf | tr -d ';' | sort > /tmp/static_ips.txt

# Find potential conflicts
echo "=== Active Network IPs ==="
grep -oP '\d+\.\d+\.\d+\.\d+' /tmp/network_scan.txt | sort

echo -e "\n=== DHCP Assigned IPs ==="
cat /tmp/static_ips.txt /tmp/dhcp_leases.txt | sort

# Check for overlapping ranges
echo -e "\n=== Subnet Configuration Review ==="
awk '/subnet|range|fixed-address/ {print}' /etc/dhcp/dhcpd.conf

# Clean expired leases
sudo systemctl stop dhcpd
sudo cp /var/lib/dhcpd/dhcpd.leases /var/lib/dhcpd/dhcpd.leases.backup
awk '!/binding state expired|binding state free/' /var/lib/dhcpd/dhcpd.leases.backup > /tmp/cleaned_leases
sudo cp /tmp/cleaned_leases /var/lib/dhcpd/dhcpd.leases
sudo chown dhcpd:dhcpd /var/lib/dhcpd/dhcpd.leases
sudo systemctl start dhcpd

# Test for ARP conflicts
for ip in $(cat /tmp/dhcp_leases.txt); do
    arping -c 2 -I eth0 $ip && echo "Conflict detected for $ip"
done

# Clean up temporary files
rm -f /tmp/network_scan.txt /tmp/dhcp_leases.txt /tmp/static_ips.txt /tmp/cleaned_leases

echo "✅ IP address conflicts resolved!"

Problem 4: Performance Issues ❌

# Monitor DHCP server performance
echo "=== DHCP Performance Analysis ==="

# Check CPU and memory usage
echo "=== Resource Usage ==="
ps aux | grep dhcpd
free -h

# Monitor DHCP request rate
echo -e "\n=== Request Rate Monitoring ==="
timeout 60 tcpdump -i any -c 100 port 67 | wc -l
echo "DHCP requests in last 60 seconds: $(timeout 60 tcpdump -i any -c 100 port 67 2>/dev/null | wc -l)"

# Check lease database size
echo -e "\n=== Database Statistics ==="
echo "Total lease entries: $(wc -l < /var/lib/dhcpd/dhcpd.leases)"
echo "Active leases: $(grep -c 'binding state active' /var/lib/dhcpd/dhcpd.leases)"
echo "Expired leases: $(grep -c 'binding state expired' /var/lib/dhcpd/dhcpd.leases)"
echo "Database size: $(du -sh /var/lib/dhcpd/dhcpd.leases)"

# Optimize lease database
echo -e "\n=== Optimizing Lease Database ==="
sudo systemctl stop dhcpd

# Archive old leases
sudo cp /var/lib/dhcpd/dhcpd.leases /var/lib/dhcpd/dhcpd.leases.$(date +%Y%m%d)

# Keep only active leases
awk '/lease|binding state active|client-hostname|hardware ethernet|starts|ends|{|}/' /var/lib/dhcpd/dhcpd.leases > /tmp/optimized_leases
sudo cp /tmp/optimized_leases /var/lib/dhcpd/dhcpd.leases
sudo chown dhcpd:dhcpd /var/lib/dhcpd/dhcpd.leases

# Optimize DHCP configuration
sudo tee -a /etc/dhcp/dhcpd.conf << 'EOF'

# Performance optimizations
ping-check true;
ping-timeout 1;
min-lease-time 300;
ignore client-updates;
one-lease-per-client true;
EOF

# Start service
sudo systemctl start dhcpd

# Create lease cleanup cron job
echo "0 2 * * 0 /usr/local/bin/cleanup-dhcp-leases.sh" | sudo crontab -

# Create cleanup script
sudo tee /usr/local/bin/cleanup-dhcp-leases.sh << 'EOF'
#!/bin/bash
# Weekly DHCP lease cleanup

systemctl stop dhcpd
cp /var/lib/dhcpd/dhcpd.leases /var/lib/dhcpd/dhcpd.leases.backup.$(date +%Y%m%d)
awk '!/binding state expired|binding state free/' /var/lib/dhcpd/dhcpd.leases.backup.$(date +%Y%m%d) > /var/lib/dhcpd/dhcpd.leases
chown dhcpd:dhcpd /var/lib/dhcpd/dhcpd.leases
systemctl start dhcpd

# Remove old backups (keep 30 days)
find /var/lib/dhcpd/ -name "dhcpd.leases.backup.*" -mtime +30 -delete
EOF

sudo chmod +x /usr/local/bin/cleanup-dhcp-leases.sh

echo "✅ DHCP performance issues resolved!"

📋 Simple Commands Summary

Here’s a quick reference for essential DHCP server management commands! 📚

Command Category	Command	Description
Service Management	`sudo systemctl start dhcpd`	Start DHCP service
	`sudo systemctl stop dhcpd`	Stop DHCP service
	`sudo systemctl restart dhcpd`	Restart DHCP service
	`sudo systemctl status dhcpd`	Check service status
Configuration	`sudo nano /etc/dhcp/dhcpd.conf`	Edit DHCP configuration
	`sudo dhcpd -t -cf /etc/dhcp/dhcpd.conf`	Test configuration syntax
	`sudo systemctl reload dhcpd`	Reload configuration
Lease Management	`sudo dhcp-lease-list`	List active DHCP leases
	`cat /var/lib/dhcpd/dhcpd.leases`	View lease database
	`grep "binding state active" /var/lib/dhcpd/dhcpd.leases`	Show active leases
Monitoring	`sudo ss -ulnp \| grep :67`	Check DHCP port status
	`sudo tail -f /var/log/messages \| grep dhcpd`	Monitor DHCP logs
	`sudo tcpdump -i any port 67`	Capture DHCP packets
Troubleshooting	`sudo journalctl -u dhcpd -f`	Follow service logs
	`nmap --script broadcast-dhcp-discover`	Test DHCP discovery
	`arping -c 2 -I eth0 IP_ADDRESS`	Check for IP conflicts
Firewall	`sudo firewall-cmd --add-service=dhcp`	Allow DHCP through firewall
	`sudo firewall-cmd --list-services`	Show allowed services
Network Testing	`nmap -sn 192.168.1.0/24`	Scan network for active IPs
	`ping -c 3 IP_ADDRESS`	Test IP connectivity
Custom Scripts	`/usr/local/bin/dhcp-monitor.sh`	Run monitoring script
	`/usr/local/bin/test-dhcp.sh`	Run DHCP tests

💡 Tips for Success

Here are expert tips to make your DHCP server management even better! 🌟

Network Planning Excellence 🎯

📊 IP range planning: Reserve adequate address pools for each subnet
🎭 VLAN integration: Configure separate ranges for different VLANs
📈 Growth planning: Plan for network expansion and device growth
🔄 Load balancing: Distribute DHCP load across multiple servers
🎯 Subnet optimization: Use appropriate subnet sizes for each network segment

Security Best Practices 🛡️

🔐 MAC filtering: Implement MAC address-based access control
🚫 Unknown clients: Configure policies for unknown devices
📝 Audit logging: Enable comprehensive DHCP activity logging
🔍 Regular monitoring: Monitor for rogue DHCP servers
🎛️ Access controls: Restrict DHCP server management access

Performance Optimization ⚡

💾 Lease optimization: Configure appropriate lease times for different device types
🔧 Database maintenance: Regular cleanup of expired leases
📊 Pool monitoring: Monitor IP pool utilization and adjust ranges
🎯 Response tuning: Optimize DHCP response times and timeouts
🔄 Failover planning: Implement DHCP failover for high availability

Operational Excellence 🏢

📚 Documentation: Maintain detailed network and DHCP configuration documentation
🎛️ Automation: Automate routine DHCP management tasks
👥 Team training: Ensure team members understand DHCP operations
📊 Reporting: Generate regular DHCP utilization and performance reports
🔧 Change management: Implement proper change control for DHCP modifications

🏆 What You Learned

Congratulations! You’ve successfully mastered AlmaLinux DHCP server configuration! Here’s everything you’ve accomplished: 🎉

✅ DHCP Installation: Installed and configured ISC DHCP server from scratch ✅ Network Automation: Set up automatic IP address assignment and configuration ✅ Subnet Management: Configured multiple subnets and VLAN support ✅ Advanced Features: Implemented reservations, classes, and failover configuration ✅ Security Implementation: Applied access controls and monitoring ✅ Performance Optimization: Tuned lease times and database performance ✅ Troubleshooting Skills: Learned to diagnose and fix common DHCP issues ✅ Enterprise Integration: Configured corporate network and guest access ✅ High Availability: Set up DHCP failover for redundancy ✅ Monitoring Tools: Created comprehensive monitoring and management scripts

🎯 Why This Matters

Building robust network automation with DHCP is fundamental to modern IT infrastructure! 🌍 Here’s the real-world impact of what you’ve accomplished:

For Network Operations: Your DHCP server eliminates manual IP configuration, reduces network conflicts, and provides automatic network access for all devices, dramatically improving operational efficiency. 🖥️

For Scalability: DHCP enables networks to grow seamlessly, automatically accommodating new devices without manual intervention, supporting everything from small offices to enterprise environments with thousands of devices. 📈

For User Experience: Automatic network configuration means users can connect devices instantly without IT support, improving productivity and reducing help desk tickets. 👥

For Network Security: DHCP logging and monitoring provide visibility into network access, enable device tracking, and support access control policies for better network security. 🔐

Your AlmaLinux DHCP server is now providing the network automation foundation that enables seamless connectivity, efficient IP management, and scalable network operations! You’re not just managing IP addresses – you’re operating the automatic configuration system that makes modern networking possible! ⭐

Continue exploring advanced DHCP features like IPv6 support, PXE boot integration, and cloud network automation. The network automation skills you’ve developed are essential for modern infrastructure management! 🙌

🌐 AlmaLinux DHCP Server Configuration: Complete Network Automation Guide

Table of Contents

🌐 AlmaLinux DHCP Server Configuration: Complete Network Automation Guide

🤔 Why is DHCP Server Important?

🎯 What You Need

📝 Step 1: System Preparation and Network Setup

🔧 Step 2: Install ISC DHCP Server

🌟 Step 3: Configure Basic DHCP Settings

✅ Step 4: Configure Firewall and Start Service

🔧 Step 5: Advanced DHCP Configuration

📝 Step 6: Test DHCP Functionality

🎮 Quick Examples

Example 1: Corporate Network with VLANs 🏢

Example 2: Guest Network with Captive Portal 🌐

Example 3: High-Availability DHCP Failover 🔄

🚨 Fix Common Problems

Problem 1: DHCP Service Won’t Start ❌

Problem 2: Clients Not Receiving IP Addresses ❌

Problem 3: IP Address Conflicts ❌

Problem 4: Performance Issues ❌

📋 Simple Commands Summary

💡 Tips for Success

Network Planning Excellence 🎯

Security Best Practices 🛡️

Performance Optimization ⚡

Operational Excellence 🏢

🏆 What You Learned

🎯 Why This Matters

Share this article

🌐 AlmaLinux DHCP Server Configuration: Complete Network Automation Guide

Table of Contents

🌐 AlmaLinux DHCP Server Configuration: Complete Network Automation Guide

🤔 Why is DHCP Server Important?

🎯 What You Need

📝 Step 1: System Preparation and Network Setup

🔧 Step 2: Install ISC DHCP Server

🌟 Step 3: Configure Basic DHCP Settings

✅ Step 4: Configure Firewall and Start Service

🔧 Step 5: Advanced DHCP Configuration

📝 Step 6: Test DHCP Functionality

🎮 Quick Examples

Example 1: Corporate Network with VLANs 🏢

Example 2: Guest Network with Captive Portal 🌐

Example 3: High-Availability DHCP Failover 🔄

🚨 Fix Common Problems

Problem 1: DHCP Service Won’t Start ❌

Problem 2: Clients Not Receiving IP Addresses ❌

Problem 3: IP Address Conflicts ❌

Problem 4: Performance Issues ❌

📋 Simple Commands Summary

💡 Tips for Success

Network Planning Excellence 🎯

Security Best Practices 🛡️

Performance Optimization ⚡

Operational Excellence 🏢

🏆 What You Learned

🎯 Why This Matters

Share this article

Related Articles

🚢 AlmaLinux Container Orchestration: Complete Kubernetes Setup Guide

⚖️ AlmaLinux Load Balancer Setup: Complete HAProxy High Availability Guide

🏢 AlmaLinux LDAP Server Setup: Complete OpenLDAP Directory Services Guide

Scan QR Code