The policy based assignment (PBA) feature enables you to team DHCP client by certain attributes based upon fields consisted of in the DHCP customer request packet. PBA permits targeted management and greater control of the construction parameters yielded to network gadgets with DHCP.

You are watching: You have a windows server 2012 system that you want to use as a dhcp relay agent


Consider the following scenarios:

A subnet has actually a mix that different types of clients: desktop computers, printers, IP phones, and other devices. You want different types of clients to obtain IP addresses from different IP address ranges in ~ the subnet. This is feasible using DHCP policies if the tools have various vendors. Because that example:

Printers can gain IP addresses native to

IP phones can obtain IP addresses native to

Desktop computers can be assigned IP addresses from come

Additional tools can be assigned IP addresses of to

By point out a various IP address range for different machine types, friend can more easily identify and manage devices on the network.

In a subnet which has actually a mix the wired and also mobile computers, you can want to assign a shorter, 4 hour lease duration come mobile computers and also longer, 4 work lease duration come wired computers.

You want to manage who gets access to the network by giving a DHCP lease to just a known collection of clients based upon MAC address.

Employees lug in your own tools such together smartphones and tablets come work and you desire to control network web traffic or regulate network access based on maker type.

You desire to provide a different set of scope choices to different varieties of devices. Because that example, IP phones can obtain a various Boot Server hold Name (TFTP server) and also Bootfile Name option.

DHCP policies administer a very useful tool to accomplish these goals. View the following example.


In this example:

Subnet A has DHCP client devices of numerous different types including workstations, printers, and also IP phones.

A DHCP server on another subnet is configured to carry out leases to these gadgets from scope A.

Polices are configured at the scope level to control IP address range and in ~ the server level come specify lease duration.

DHCP customer requests are processed as follows:

A customer on subnet A submits a DHCPREQUEST the is sent out to the DHCP server via DHCP relay.

The client’s vendor class and MAC prefix are included in the DHCPREQUEST packet along with the gateway IP attend to (GIADDR).

The DHCP server offers the GIADDR to determine that the customer requires a lease from scope A, and begins processing policies in the scope.

Since limit B does not apply, these policies are ignored.

Based ~ above the vendor class and MAC prefix values provided, the client request matches conditions of plan A3.

After every scope polices space processed, server level plans are processed and the customer also matches conditions of policy 1.

After all policies are processed, the DHCP server returns an IP address configuration to the customer using the settings specified in plans A3 and also 1.

Based top top the client’s MAC deal with it is determined that the an equipment is a press (it matches policy A3). That is assigned the first available IP attend to in the IP address range to, with a lease duration of 14 days.

In home windows Server 2008 R2 and also previous operating systems, if you desire to clues the IP address selection for a specific collection of client or devices, or assign different option worths based on an equipment type, the only means to attain this is to configure a scope with individual reservations. This technique can need high effort, and also is complicated to regulate on an recurring basis.

DHCP policies in windows Server 2012 administer much an ext flexibility come assign unique IP addresses and options to particular DHCP client in a single subnet, or in many subnets.


See policy processing to understand just how settings are used when they space configured in many policies, in reservations, in ~ the scope level, or in ~ the server level.

How DHCP PBA works

DHCP policies are rules that you can specify for DHCP clients. Friend can define a single policy, or several. Attributes of DHCP plans include:

Policy level: Polices can use at the server level or the scope level. Server level plans are handle for all DHCP customer requests obtained by the server. Scope level plans are processed just for DHCP customer requests that apply to a details scope.

Processing order: every policy has actually an connected processing order the is distinct within a server or scope. Plans with a lower numbered handling order space evaluated before greater number policies. If both scope and server level policies use to a client, the limit level policies are constantly processed before any server level policies.

Conditions: The problems specified in a policy permit you to advice clients based on fields the are present in the DHCP customer request. If a client request matches the conditions in the policy, the settings associated with a policy will be used to the customer by the DHCP server when it responds to the DHCP request.

Settings: settings are network construction parameters (ex: IP address, options, lease duration) that are detailed to DHCP clients in the DHCP server response. Settings permit you to group clients by applying the same set of network parameters come them.

Enabled/Disabled: policies at the scope or server level can additionally be enabled or disabled. A plan that is disabled is skipped once processing incoming DHCP client requests.

To produce a policy at the server level utilizing the home windows interface, open the DHCP console, navigate to IPv4, right-click Policies and then click New Policy.


If other server level plans exist, castle are presented in the details pane and can it is in modified by right-clicking the policy and also then clicking Move Up, Move Down, Disable, Enable, Delete, or Properties.


To produce a policy at the border level making use of the windows interface, open the DHCP console, navigate come an IPv4 scope, right-click Policies and then click New Policy. If various other scope level plans exist, they space displayed together with any server level policies that exist. You can modify existing border level policies by right-clicking them. You can not modify a server level plan at the scope level.


You must provide a unique policy surname when creating a new policy. A policy summary is optional. A policy must have actually at least one condition.

Policy setups are optional, however DNS setups are had by default so that is not feasible to have a policy with no settings. To watch DNS setups for a policy, right-click the policy, click Properties, and then click the DNS tab.


DHCP policy conditions and also settings

The complying with conditions and settings are available when creating a policy:

Conditions: merchant Class, User Class, MAC Address, client Identifier, Relay certified dealer Information.

Settings: IP deal with Range, standard DHCP Options, seller Specific DHCP Options.


In windows Server 2012, you deserve to specify five conditional criteria to evaluate and group DHCP clients:

MAC Address: The media accessibility control (MAC) resolve or link-layer address of the client.

Vendor Class: merchant managed DHCP choice assignments.

User Class: Non-standard DHCP option assignments.

Client Identifier: The client identifier (ClientID) is typically a MAC address. In the instance of PXE clients, it have the right to be the GUID of the network user interface card (NIC).

Relay certified dealer Information, including sub-options: Agent Circuit ID, Agent remote ID, and also Subscriber ID: info inserted right into DHCP customer requests through a DHCP relay using alternative 82.

The operator that have the right to be used with these problems are equals and not equals. You can additionally use a trailing wildcard with MAC address, vendor Class, User class and customer Identifier conditions to do a partial match. By combine the amounts to or not equals with a wildcard in the condition you can effectively attain a starts with or does not begin with condition.


Using multiple criterion values: as soon as you perform multiple worths for a solitary criterion, such as “User class Equals (valueA, valueB, valueC)” or “MAC attend to Not amounts to (value1, value2, value3)” these values are taken as being OR’d if the EQ (equals) operator is used, however they space AND’d if the NEQ (not equals) operator is used.

An incoming customer request because that an IP attend to and choices from the DHCP server matches a policy if the client satisfies the cumulative collection of problems in the policy. A customer that walk not match conditions of any type of policy is granted one IP resolve lease native the remainder of the IP address selection of the scope, exclusive of every the policy IP attend to ranges, and also is assigned the default alternative values configured in the scope.


In windows Server 2012, three varieties of plan settings are accessible that can be applied to DHCP clients:

IP resolve Range: A stated sub-range that IP addresses within the border range. The IP resolve range setup cannot be mentioned in a server-level policy.

Standard DHCP Options: typical DHCP alternatives like default gateway (003 Router) and also preferred DNS servers list (006 DNS Servers).

Vendor details DHCP Options: seller managed DHCP alternative assignments.

In addition, friend can likewise specify the following settings in plan properties:

DNS settings: DNS registration and also Name protection settings have the right to be specified on the DNS tab.

Lease duration: The lease duration have the right to be specified on the General tab. View the complying with example


When a customer matches the problems of a policy, the DHCP server responds to the client and includes settings in that policy, listed these setups are not currently applied in a higher priority plan or utilizing a reservation. See plan processing for an ext information.

A policy can specify one IP address selection with no options, or it can specify alternatives with no IP attend to range, or it can specify both, or it have the right to specify neither. A policy can additionally specify multiple traditional options, vendor-specific options, or both.

Policy processing

Since you have the right to configure multiple policies at both the limit level and server level, each plan is assigned a processing order. The handling order can additionally be modified, assuming an ext than a single policy exists. The following problems exist:

When processing DHCP customer requests, the DHCP server evaluates each customer request against the problems in all applicable policies, based on their handling order.

Scope level policies are processed an initial by the DHCP server, complied with by server vast policies. Theoretically, a customer can match the conditions of number of scope plans and also several server policies.

If a customer satisfies the conditions of more than 1 policy, the will gain the linked settings from all policies that it matched. If the same option setting is provided in lot of policies, the client will usage the setup from the first policy the is processed.

For example, assume the policy-1 has an option value because that 003 Router and policy-2 has actually an option value because that 006 DNS Servers, and also a client request matches both policies. The DHCP server will certainly assign a default gateway worth (003 Router) using policy-1 and a DNS server value making use of policy-2. However, if policy-1 has actually the greater processing priority (a worth of “1”) and additionally has an choice value for DNS server, the client will obtain both the router and also DNS server option values indigenous policy-1. The DNS server alternative value in policy-2 is ignored due to the fact that policy-2 has a reduced processing priority (a worth of “2”).

A policy does not must be configured v all option values the you have already configured in ~ the border or server level. If a policy customer has asked for an choice which is not present in the policy yet has been configured in border level or server level options, these choices are used to the client in the server response. However, if you wish to specify options for details clients, friend can incorporate these choice settings in policies and also they will have a greater priority than scope or server level options. The only kind of option setting that has a greater priority 보다 those configured in polices are alternatives that girlfriend configure because that a reservation.

The priority for alternatives settings is reservation > scope policy > server policy > scope-level > server-level. Watch the complying with figure.


If a DHCP customer obtains option settings due to the fact that it suitable a reservation, the will overlook the same alternatives settings if they are present in any type of scope or server polices, or configured around the world at the limit or server level.

Deploying DHCP policies

A common reason come deploy DHCP plans is to provide unique setups to different varieties of devices on the network. Two typical methods supplied to recognize device type include:

Vendor class: A message string is sent in option 60 by many DHCP clients that identifies the vendor and as such the form of the device.

MAC attend to prefix: The very first three bytes that a MAC attend to is dubbed the organizationally distinctive identifier (OUI), and also can be provided to identify the seller or manufacturer the a device.

For example, you might decide to team DHCP client on the network by maker type. After ~ assigning IP attend to ranges to devices, you can configure her router to manage network web traffic from each IP address selection differently. In effect, you have the right to configure network accessibility control because that a class of gadgets using DHCP policies. Girlfriend might likewise manage network website traffic by configuring route alternatives such together default gateway (option 003) and classless static paths (option 121) based on machine type.

It is often desirable to configure a quick lease duration because that wireless devices, and also grant a much longer lease to wired devices. Because wireless accessibility points are typically qualified of behaving together a DHCP relay agent, or are connected to a DHCP relay, they can administer DHCP option 82 (DHCP relay agent). Visibility of a particular value in the relay agent option can because of this indicate that the DHCP client is a wireless device.

See more: Calvin Klein One Lipstick In 140 Undressed, Calvin Klein Lipstick Makeup For Women

With DHCP policies, you have the right to configure a policy with a condition based upon the relay agent info option worth that identify wireless clients and also provides a much shorter lease duration. Other DHCP client in the border will proceed to be provided with the longer lease expression configured in ~ the scope level.