Whether in an existing network or a new one, there is an aspect of design that cannot be skipped: deciding if handing out IP addresses will be dynamic (automatic) or manual (one-by-one) or\u2014the most common\u2014a combination of the two.\nBy choosing to distribute them dynamically you are choosing to use a dynamic host configuration protocol (DHCP) service somewhere on your network, and there can be some tricks to that regardless of what server you use. For this discussion, I will describe how to use user classes on a Windows DCHP Server to specify a range of IP addresses and to assign range-specific DHCP options.\nFor background, DHCP is a protocol between server and client with the server automatically providing IP addresses to clients as they join a network rather than the addresses being manually assigned per device.\nThe DHCP role in a network can be performed by different types of hardware (security appliances, L3 switches, DHCP servers), but it doesn\u2019t have to be just one of them; it can be whatever works best for what you are trying to do. A common DHCP setup I use is running the service on a security appliance to host ranges of IP addresses grouped as a subnet for dynamic distribution\u2014scopes\u2014that only need access to the internet, such as guest or IoT networks. Then I run a separate DHCP server to handle devices and scopes within the domain that accesses internal resources.\nThere are many reasons to choose DHCP over static assignment, the biggest being ease of use. In most enterprises there will be at least one DHCP server on the network serving IP addresses from at least one scope to be given out to devices as they connect to the network. Scopes are configurable and can range from two IP addresses to thousands.\nMicrosoft's DHCP server handles as many scopes as you need and has a pretty simple GUI for setup and management. It also supports subsets of scopes, called classes, to help organize addresses by users and devices in a logical way. User classes and vendor classes allow you to assign DHCP options to groups of clients by specifying policies that will apply to some users or devices but not all of them within the same scope. Classes within scopes can be useful if you want to separate a group of devices to one segment of a scope while still maintaining dynamic hosting. For example, I recently used user classes to assign addresses from a particular scope to SD-WAN users working remotely. Because the network between the DHCP server and the proxy server that set up VPN links to clients was virtual, I used user classes to distinguish the SD-WAN clients from native clients.\nDHCP user classes and vendor classes alike are identifiers that use a minimum of 1 octet within the IP-address request sent from the DHCP client to the DHCP server. Their purpose is to define policy criteria such as tags that denote class, specific vendor information, or to specify DHCP servers. By using user or vender classes with DHCP policies you can specify types of devices and organize what range they receive IP addresses from within a given scope. There are several ways to use DHCP policies but I will show how to use user classes on a Windows DCHP Server to specify a range and to assign range-specific DHCP options on that class.\nHow to implement user classes\nTo implement user classes you first need to connect to the DHCP server that is in your domain. As long as your DHCP server is a Windows server 2012 or newer, the following steps will apply.\nFirst open the DHCP Microsoft Management Console (MMC) snap-in and connect to the server. Once you have it open, right click on the IPv4 icon to access the drop-down menu and click on Define User Classes:\n Michael A. Flowers Sr.\nOn the \u201cDHCP User Classes\u201d dialog box you will see the existing user classes by name and description. To add a new one simply click on \u201cAdd\u2026\u201d.\n Michael A. Flowers Sr.\nIn the \u201cNew Class\u201d dialog box you will need to add the display name, description, and ASCII name of the class. The display name and description are really only for your own organization, but having them describe what you are trying to use the class for may help make it easier to identify them later.\nThe ASCII field is the important area that will act as the actual \u201ctag\u201d for the packets coming to the DHCP server. For this field do not use spaces between the words and be sure to be mindful of case, as it is case sensitive. I have had mixed success with special characters. Some, such as hyphens or underscores, work and others, like pound signs, don\u2019t. I haven\u2019t seen restrictions on use of characters in the Microsoft documentation, so keep that in mind. Be sure to take note of what you put there for later and click \u201cOK\u201d when you are done. The \u201cBinary\u201d field to the left of the ASCII field will auto fill as you fill in the ASCII name.\n Michael A. Flowers Sr.\nOnce your new user class is added, click \u201cClose\u201d to exit this dialog box.\nBack at the main DHCP MMC snap-in, expand the scope you will be applying this user class to, right-click on the \u201cPolicies\u201d folder, and select \u201cNew Policy\u2026\u201d from the drop-down menu.\n Michael A. Flowers Sr.\nIn the \u201cPolicy Name\u201d field enter a name that will make sense to you and your team when you look back on this later. Fill in the \u201cDescription\u201d field with what you are aiming to use this policy for. Click \u201cNext\u201d.\nOn the \u201cDHCP Policy Configuration Wizard\u201d click \u201cAdd\u201d to add a condition for the policy.\n Michael A. Flowers Sr.\nIn the \u201cAdd\/Edit Condition\u201d dialog box, use the drop-down menu to change the \u201cCriteria:\u201d field from Vendor Class to User Class.\n Michael A. Flowers Sr.\nChange the \u201cValue:\u201d field to the new user class you just created.\n Michael A. Flowers Sr.\nClick the \u201cAdd\u201d button when all of your selections are correct.\n Michael A. Flowers Sr.\nThen press \u201cOK\u201d to close the dialog box and returning to the configuration wizard, click \u201cNext\u201d to continue.\nOn the following screen you are presented with a choice. You can use the default range for that scope or you can specify a range for those devices. In the example below, I select \u201cYes\u201d for a specific range of IP addresses and specified the ranges below that. Once you specify the ranges, the wizard will display what percentage of the available scope you are setting aside for this policy. In the example below it is 15%. Click \u201cNext\u201d when finished with these options.\n Michael A. Flowers Jr.\nOn the next screen of the wizard you can configure unique settings for the policy by selecting the \u201cVendor class\u201d drop down item such as \u201cDHCP Standard Options\u201d, \u201cMicrosoft Options\u201d, etc.\n Michael A. Flowers Sr.\nThen further select from the \u201cAvailable Options\u201d checkboxes below it. Click \u201cNext\u201d when you have made all of your selections.\nThe next page of the wizard presents a summary of the selections you have chosen. If they are correct click \u201cFinish\u201d to close the dialog box.\nOn a Windows server the user class has to be applied to the network interface for it to be recognized. To apply it, open a command prompt as administrator. Type in \u201cipconfig\u201d to confirm that it is not in the right range or doesn\u2019t have the right options set.\n Michael A. Flowers Sr.\nTo set the user class type in \u201cipconfig \/setclassid ethernet \u201ctestuserclass\u201d\u201d, but replacing testuserclass with the name of the user class you created.\n Michael A. Flowers Sr.\nIf you were successful, once you reboot and run ipconfig again in an administrator console you will see that the policies have been applied. In my case an IP address has been assigned from the policy-defined range.