Network Configuration Made Easy: The UCS DHCP Server App Explained

With the DHCP Server App, you manage IP addresses automatically, flexibly, and securely. Whether it’s static or dynamic addresses, the app handles it all for you, saving time and ensuring smooth network configuration. It’s a real game-changer for admins managing large networks with lots of devices coming and going.

In big, distributed networks with tons of devices coming and going, automatic network configuration isn’t just helpful—it’s essential. That’s where the DHCP server steps in: it makes sure that every PC, laptop, and server gets exactly what they need, from IP addresses to gateways and subnet masks, all on autopilot.

Need a quick breakdown of how DHCP and DNS work? Head over to Brief Introduction: DHCP and DNS for a solid refresher.

But what makes the UCS DHCP Server App stand out? Let’s dive into the key features:

• Dynamic IP Management: Automatically assigns IP addresses, subnet masks, gateway info, and DNS servers—perfect for schools or offices where new devices are constantly popping up.
• Flexibility: Need static IPs? No problem. You can also assign fixed addresses, which is super useful for devices like printers or servers that need the same IP every time.
• Enhanced Security: With MAC address filtering, only approved devices get network access. This is a must-have for high-security environments like companies or schools where you only want trusted devices on the network.
• Easy Installation: You can install the DHCP Server App on any UCS server role: Primary, Backup, Replica, or Managed Node. It’s pre-configured and integrates seamlessly into your UCS setup, cutting down on admin headaches.
• Centralized Management: Manage everything through the Univention Management Console (UMC). With policies, you can push settings to other UCS systems, saving time and reducing errors, especially in larger, distributed networks.
• Team Player: The app works perfectly with the LDAP directory service, syncing all changes across your UCS systems instantly. This keeps your configuration consistent and up-to-date, no matter how large your network is—especially helpful for businesses with multiple locations or departments

Note: The DHCP integration in Univention Corporate Server currently only supports IPv4.

Let’s kick things off with the installation via the Univention App Center. Search for the app, click Install, and choose which UCS server you want to install it on from the drop-down menu. You can run the DHCP server on any of these UCS server roles: Primary Directory Node, Backup Directory Node, Replica Directory Node, or Managed Node.

• The Primary Directory Node is the central server, basically the heart of your domain, where all the important directory data is managed.
• The Backup Node is your safety net—it holds a full copy of the data and steps in if something goes wrong, ensuring you’ve got failover covered.
• The Replica Node is great for locations that mainly need to access data but don’t need to make changes. It offers a read-only copy of the directory data, keeping things speedy without overloading the main server.
• Finally, there’s the Managed Node. This server handles specialized tasks like running the DHCP service, taking the load off the main servers without acting as a directory server itself.

Once you’ve made your selection, click Continue and start the installation. Since the DHCP service pulls its information from the UCS-provided OpenLDAP directory service, you’ll configure it using the standard tools: either the Univention Management Console (UMC) or the Univention Directory Manager (udm command-line tool). Any changes you make are automatically synced to all other UCS systems in the domain using the Univention Directory Listener / Notifier mechanism. This way, everything stays consistent across all your machines.

This blog post focuses on the UMC. To get started, open the Univention Management Console and head to the Domain section. There, you’ll spot the new DHCP tile, which lets you set up the module. On the left sidebar, you’ll see the entry All DHCP services, which you can expand. The app’s installation routine automatically assigns the appropriate DHCP servers to any newly created services.

You might be wondering, what’s the difference between a DHCP service and a DHCP server? It’s pretty simple: the DHCP service is like the control center, the main hub that holds all the global network settings—things like DNS servers, domain names, and other network configurations. These global settings apply to all the DHCP servers under that service. In other words, the DHCP service sets the rules.

The DHCP server, on the other hand, is the one actually doing the work. It’s responsible for distributing IP addresses and network info to the devices. Each DHCP server pulls its configuration from the DHCP service, meaning all servers in the network are working with the same settings. The best part? You can have multiple DHCP servers within a single DHCP service to add redundancy. The first server that responds handles the IP assignment, while the others discard any extra requests. This way, your network stays stable even if one server goes down.

And if you’re working with dynamic IP addresses, the DHCP Failover mechanism comes into play (see the section “Failover for DHCP Servers: Your Backup Plan in Action”).

For a server to provide DHCP services, it needs a DHCP server entry in the LDAP directory. That might sound a bit technical, but don’t worry—most of the time, you don’t have to set this up manually. The join script from the univention-dhcp package automatically handles it as soon as the server joins the domain.

However, if you ever need to manually add another DHCP server, it’s super simple using the Univention Management Console (UMC) and the DHCP module. Just click on All DHCP services, select the service you want, and then hit Add / DHCP: Server to register a new one. You’ll need to enter the name of the server that will be handling the DHCP service. One important thing to remember: a server can only provide one DHCP service at a time, so it can’t be registered in multiple services.

To keep your network stable, even during outages, UCS offers a DHCP failover mechanism. This ensures that two DHCP servers in a subnet work together. If one server goes down, the second one seamlessly takes over IP address assignment. Both servers pull the same data from the LDAP directory. For static IP addresses, you can have as many DHCP servers as you need within the same DHCP service. Clients will always take the first response and ignore the others.

But when you’re using dynamic IP addresses, the failover mechanism really shines. Here, a maximum of two DHCP servers can be active per subnet to prevent duplicate IP assignments. Both servers share the same LDAP configuration. When a client sends a request, the first available server responds, while the second discards the request. This means clients always accept the first response and ignore the rest. If the primary server fails, the secondary takes over, ensuring IP assignment continues without interruption. Your network stays stable, even if one server goes offline.

And what about DHCP host objects? It’s simple: If a device needs a static IP through DHCP, it requires a DHCP host object. The good news is, you usually don’t have to worry about this. When you add a new client, the object is created automatically. You’ll only need to step in if there are special requirements. Once the host object is set up, the device will always get the same IP address, which is super helpful for things like printers or servers that need a static IP to function smoothly in the network.

If you ever need to manually register a device, just go to the DHCP module, select a service from the left sidebar, click Add, and choose DHCP: Host from the menu. Enter the device’s name, select the network type, and input the MAC address of the network card. You can assign one or more static IP addresses to the device. On top of that, you can also assign a fully qualified domain name (FQDN), which the DHCP server will resolve to one or more IP addresses.

Now, what if you need to assign IP addresses dynamically? That’s where subnet entries come into play. Every subnet that will distribute IP addresses needs a DHCP subnet entry. Think of a subnet as the range in which your DHCP server hands out IP addresses. To set up a subnet, go to the DHCP module, select a service from the left sidebar, and click Add / DHCP: Subnet. In the section for Dynamic address assignment, enter the IP ranges for dynamic distribution.

A DHCP pool lets you define multiple IP address ranges within a subnet, which you can assign to different groups of devices. For example, you might want your office devices to get IP addresses from the range 192.168.178.10 to 192.168.178.100, while your printers use a separate range. To do this, you’ll create a subnet entry in the UMC module and define the IP range.

If you need additional address ranges, you can create DHCP pools within the subnet. This gives you more control over which devices get which IP addresses. You can also decide whether only known devices from the LDAP directory receive IP addresses, or if you want to allow unknown devices too.
To set up a DHCP pool, go to the UMC module Domain / LDAP directory, navigate to the subnet, and add the desired pool. You can also tweak advanced settings, like allowing BOOTP clients or unknown devices to access the network. Once you’re done, click Create LDAP Object to save your changes.

So, a DHCP pool is basically a defined range of IP addresses within a subnet that the DHCP server hands out to devices on the network. The cool part? You can create multiple pools within a subnet and control exactly which devices get which IP ranges. This flexibility is super helpful when you’ve got different types of devices—like computers, printers, and other network gear—that need their own IP ranges.

In the pool configuration, you can also set advanced parameters. For example, you can ensure that only known clients (devices already registered in the LDAP directory) get addresses from the pool. This boosts security by ensuring that only trusted devices can join the network. On the flip side, you can allow unknown clients (devices not yet in the directory) to get addresses too—handy for open networks with guest access.

You can even manage older devices that don’t support DHCP. In the advanced settings of the DHCP pools, just expand the Advanced menu and enable the option for dynamic BOOTP clients. This way, devices using the older BOOTP protocol can still get addresses from the pool. Additionally, you can specify whether the pool should only serve specific devices or allow all clients to access it.

Managing DHCP policies is a total game changer when it comes to efficiently controlling your DHCP settings from one place. With policies, you can easily decide whether the DHCP server assigns dynamic or static IP addresses—and whether unknown clients, not yet registered in the directory, can receive IPs. The best part? Once you set up a policy, it’s automatically inherited. That means you only have to configure it once, and it applies to everything below it—DHCP services, subnets, or individual host objects.

The clever part: the most specific settings always take priority. So, if you need to make specific tweaks for a particular subnet or pool, you can do that without affecting the global policies. You manage all of this through the UMC module Domain / Policies.

Here are a few examples of what you can control with DHCP policies:

• Lease times: You can set how long a device keeps a particular IP address before it has to request a new one. This is especially helpful in environments with lots of rotating devices, like offices or schools.
• Gateway settings: You can assign gateway addresses that apply to all devices in a specific subnet, saving you the hassle of manually configuring each device.
• Specific DHCP pools: If you’ve configured different DHCP pools for different device groups, policies let you apply different settings for each pool. For example, you might have one pool that only allows known clients, while another could allow unknown devices, like for guest access.

Configuring your DHCP clients is mostly done through policies. This allows you to centrally define which network settings your clients receive, like IP addresses, DNS servers, or gateways. The advantage? You don’t need to configure each device manually—just link the policies to subnets or DHCP host objects. One key thing to remember: host objects always take priority. So if you set a specific configuration for a device, it will override the general subnet settings.
Here’s a list of important DHCP settings for clients:

• Set the gateway: With the DHCP Routing policy, you decide which gateway your clients should use. Just enter the router’s IP address, and your clients will know where to go.
• Configure DNS servers: Use the DHCP DNS policy to specify which DNS servers your clients should use. Enter the IP addresses or domain names—that’s it! The order of servers will determine which one is contacted first.
• Set up WINS servers: If your clients need NetBIOS, you can handle it through the DHCP NetBIOS policy. Enter the WINS servers here, which the clients will use for name resolution.
• Adjust lease times: The DHCP Lease Time policy lets you decide how long a client keeps its IP address before needing to request a new one. This is especially handy for networks with lots of devices constantly coming and going.
• Boot server for PXE: If clients need to boot via PXE, use the DHCP Boot policy to set the boot server’s IP address and the path to the boot file.

The UCS DHCP Server App offers a powerful, flexible, and centralized solution for managing networks in large, distributed environments. Whether you’re assigning dynamic or static IP addresses, the app makes management easy and ensures strong network security with features like MAC address filtering. With the ability to centrally manage policies and target specific IP ranges through DHCP pools, you’ll always have full control over your network environment. Plus, the failover mechanism ensures that your network stays stable, even if a server goes down.

Got questions or feedback? Drop us a comment and share your thoughts and experiences—right here on the blog or over on the Univention Help forum!

Image Source: Icon created by itim2101 from flaticon.com