How to work with user classes on Windows – Guide
Whether on an existing network or a new one, there is an aspect of the design that cannot be ignored: deciding whether the distribution of IP addresses will be dynamic (automatic) or manual (one by one) or – most common – a combination of the two . By choosing to dynamically distribute them, you are choosing to use a Dynamic Host Configuration Protocol (DHCP) service somewhere on your network, and there may be some tricks for this regardless of the server you use. For this discussion, I will describe how to use user classes on a Windows DCHP Server to specify a range of IP addresses and to assign range-specific DHCP options. For the background, DHCP is a protocol between the server and the client, with the server automatically providing IP addresses to clients when they connect to a network, rather than the addresses being manually assigned per device.
NaaS is the future, but it has challenges
The DHCP function in a network can be performed by different types of hardware (security devices, L3 switches, DHCP servers), but it need not be just one of them; may be what works best for what you’re trying to do. A common DHCP configuration I use is running the service on a security device to host IP address ranges grouped together as a subnet for dynamic distribution – scopes – that only need Internet access, such as guest or IoT networks. I then run a separate DHCP server to handle devices and scopes within the domain that access internal resources. There are many reasons to choose DHCP over static assignment, the biggest one being ease of use. In most organizations, there will be at least one DHCP server on the network serving IP addresses from at least one scope to be provided to devices as they connect to the network. Scopes are configurable and can range from two to thousands of IP addresses. Microsoft’s DHCP server handles as many scopes as you need and has a very simple GUI for configuration and management. It also supports subsets of scopes, called classes, to help organize addresses by users and devices in a logical way. User and Vendor classes allow you to assign DHCP options to groups of clients, specifying policies that will apply to some users or devices, but not everyone in the same scope. In-scope classes can be useful if you want to separate a group of devices into a segment of a scope while maintaining dynamic hosting. For example, I recently used user classes to assign addresses of a specific scope to SD-WAN users working remotely. Because the network between the DHCP server and the proxy server it defines up VPN links to clients were virtual, I used user classes to distinguish SD-WAN clients from native clients. DHCP User Classes and Vendor Classes are identifiers that use at least 1 octet in the IP address request sent from the DHCP client to the DHCP server. Its purpose is to define policy criteria such as tags that denote the class, vendor-specific information or to specify DHCP servers. When using user or vendor classes with DHCP policies, you can specify device types and organize from which range they receive IP addresses for a given scope. There are several ways to use DHCP policies, but I’ll show you how to use user classes on a Windows DCHP Server to specify a range and assign range-specific DHCP options to that class.
How to implement user classes
To implement user classes, you first need to connect to the DHCP server that is in your domain. As long as your DHCP server is a Windows 2012 server or later, the following steps will apply. First, open the Microsoft Management Console (MMC) DHCP snap-in and connect to the server. After opening it, right-click the IPv4 icon to access the drop-down menu and click Define User Classes: In the “DHCP User Classes” dialog, you will see the existing user classes by name and description. To add a new one, just click “Add…”. In the “New Class” dialog, you will need to add the display name, description and ASCII name of the class. The display name and description are really just for your own organization, but having them describe what you’re trying to use the class for can help make it easier to identify them later. The ASCII field is the important area that will act as the real “tag” for packets arriving at the DHCP server. For this field do not use spaces between the words and be sure to be case sensitive as it is case sensitive. I had mixed success with special characters. Some, like hyphens or underscores, work and some, like pound signs, don’t. I haven’t seen restrictions on the use of characters in Microsoft documentation, so keep this in mind. Be sure to write down what you put in there for later and click “OK” when done. The “Binary” field to the left of the ASCII field will be filled in automatically as you fill in the ASCII name. Once your new user class has been added, click “Close” to exit this dialog. Back in the main DHCP MMC snap-in, expand the scope you will apply this user class to, right-click on the “Policies” folder and select “New Policy…” from the drop-down menu. In the “Policy Name” field, enter a name that will make sense to you and your team when you look back later. Fill in the “Description” field with the purpose of using this policy. Click “Next”. In the “DHCP Policy Configuration Wizard”, click “Add” to add a condition to the policy. In the “Add / Edit Condition” dialog, use the drop-down menu to change the “Criteria:” field from Supplier Class to User Class. Change the “Value:” field to the new user class you just created. Click on the “Add” button button when all your selections are correct. Then press “OK” to close the dialog box and, returning to the setup wizard, click “Next” to continue. On the screen below, you have a choice. You can use the default range for this scope, or you can specify a range for these devices. In the example below, I selected “Yes” for a specific range of IP addresses and specified the ranges below that. After specifying the ranges, the wizard will display the percentage of the available scope you are reserving for this policy. In the example below, it is 15%. Click “Next” when finished with these options. On the next screen of the wizard, you can configure unique settings for the policy by selecting the “Vendor Class” drop-down item such as “Default DHCP Options”, “Microsoft Options”, etc. Then further select the “Available Options” checkboxes below it. Click “Next” when you’ve made all your selections. The next page of the wizard presents a summary of the selections you have chosen. If they are correct, click “Finish” to close the dialog box. On a Windows server, the user class must be applied to the network interface for it to be recognized. To apply it, open a command prompt as an administrator. Type “ipconfig” to confirm that it is not in the right range or does not have the correct options set. To set the user class type “ipconfig / setclassid ethernet“ testuserclass ” but replace testuserclass with the name of the user class you created. If you were successful, after rebooting and running ipconfig again from an admin console, you will see that the policies have been applied. In my case, an IP address was assigned from the range defined by the policy.
Final note
I hope you like the guide How to work with user classes on Windows. In case if you have any query regards this article you may ask us. Also, please share your love by sharing this article with your friends.
