DHCP – Dynamic Host Configuration Protocol Overview
1. What Is DHCP and Why Is It Used?
Dynamic Host Configuration Protocol (DHCP) is an application-layer protocol that automatically assigns IP addressing information to hosts on a network. Without DHCP, every device — every PC, phone, printer, and IoT sensor — would need its IP address, subnet mask, default gateway, and DNS server configured manually. On a network of even modest size, that becomes an enormous administrative burden.
DHCP operates on a client/server model. A DHCP server (a dedicated server, a router, or a Layer 3 switch) maintains a pool of available IP addresses and configuration parameters. A DHCP client (any host that needs network configuration) broadcasts a request and receives a lease automatically — typically in under a second.
| Information DHCP Can Provide | DHCP Option Number | Notes |
|---|---|---|
| IP address | — | Assigned from the configured pool/scope |
| Subnet mask | Option 1 | Defines the network boundary for the assigned IP |
| Default gateway | Option 3 | The router address clients use to reach other networks |
| DNS server(s) | Option 6 | Up to eight DNS server addresses can be provided |
| Domain name | Option 15 | e.g., company.local |
| Lease time | Option 51 | How long the client may keep the assigned IP address |
| TFTP server / boot file | Options 66 / 67 | Used for PXE booting and IP phone firmware |
| NTP server | Option 42 | Network Time Protocol server address — see NTP Configuration Lab |
Related pages: How DHCP Works | DHCP Configuration | DHCP Relay | DHCP Snooping | DNS Overview | DHCP Server Configuration Lab | DHCP Relay Agent Lab
2. The DORA Process — How a Client Gets an IP Address
When a DHCP client needs an IP address it goes through a four-step exchange known as DORA: Discover → Offer → Request → Acknowledge. Each step is a distinct UDP message type. Understanding DORA — what each message does, who sends it, and what addressing it uses — is a core CCNA exam topic.
DORA overview — new client joining the network:
Client DHCP Server
────── ───────────
"I need an IP address — is anyone there?"
DHCPDISCOVER ──────────────────────────────────────────────►
(broadcast: Src 0.0.0.0:68 → Dst 255.255.255.255:67)
"I have an address for you — here's an offer."
◄────────────────────────────────── DHCPOFFER
(broadcast or unicast: offered IP, mask, gateway, DNS, lease)
"I'll take that offer — formally requesting it."
DHCPREQUEST ───────────────────────────────────────────────►
(broadcast: Src 0.0.0.0:68 → Dst 255.255.255.255:67)
(broadcast allows other DHCP servers to see the request
and withdraw their offers)
"Confirmed — the address is yours."
◄────────────────────────────────── DHCPACK
(confirms IP, mask, gateway, DNS, and lease duration)
Client configures its interface with the leased parameters.
IP address is now active.
Discover — client broadcasts looking for a server
Offer — server proposes an IP address
Request — client formally asks for that specific offer
Ack — server confirms and delivers the lease
3. DORA — Each Message in Detail
Step 1 — DHCPDISCOVER
The client has no IP address yet, so it sends a broadcast to find
any available DHCP server on the local segment. The source IP is
0.0.0.0 (the client has no address) and the destination is
the limited broadcast 255.255.255.255.
DHCPDISCOVER key fields: ┌────────────────────────────────────────────────────────────┐ │ Source IP: 0.0.0.0 │ │ Destination IP: 255.255.255.255 (limited broadcast) │ │ Source Port: UDP 68 (DHCP client) │ │ Destination Port:UDP 67 (DHCP server) │ │ Client MAC: AA:BB:CC:DD:EE:FF (identifies the client)│ │ Message type: DHCPDISCOVER (Option 53 = 1) │ └────────────────────────────────────────────────────────────┘ Sent as: Layer 2 broadcast (FF:FF:FF:FF:FF:FF)
Step 2 — DHCPOFFER
The DHCP server responds with an offer containing a proposed IP address, subnet mask, default gateway, DNS server, and lease duration. If the client does not yet have an IP, the offer may be sent as a broadcast or unicast depending on the broadcast flag in the Discover message.
DHCPOFFER key fields: ┌────────────────────────────────────────────────────────────┐ │ Source IP: 192.168.1.1 (DHCP server) │ │ Destination IP: 255.255.255.255 (or unicast to client MAC)│ │ Offered IP: 192.168.1.100 │ │ Subnet mask: 255.255.255.0 │ │ Default gateway: 192.168.1.1 │ │ DNS server: 8.8.8.8 │ │ Lease time: 86400 seconds (24 hours) │ │ Message type: DHCPOFFER (Option 53 = 2) │ └────────────────────────────────────────────────────────────┘ The server marks 192.168.1.100 as "tentatively reserved."
Step 3 — DHCPREQUEST
The client sends a broadcast to formally request the offered address and to inform all other DHCP servers on the segment that it is accepting a specific offer. This broadcast allows any DHCP servers that sent competing offers to release their tentatively reserved addresses back to their pools.
DHCPREQUEST key fields: ┌────────────────────────────────────────────────────────────┐ │ Source IP: 0.0.0.0 (still no confirmed IP yet) │ │ Destination IP: 255.255.255.255 (broadcast) │ │ Requested IP: 192.168.1.100 (Option 50) │ │ Server ID: 192.168.1.1 (Option 54 — chosen server)│ │ Message type: DHCPREQUEST (Option 53 = 3) │ └────────────────────────────────────────────────────────────┘ Broadcast ensures all competing servers see the selection.
Step 4 — DHCPACK
The chosen DHCP server sends a final acknowledgement that confirms the IP address lease and delivers all configuration parameters. The client applies the settings to its network interface and is ready to communicate.
DHCPACK key fields: ┌────────────────────────────────────────────────────────────┐ │ Source IP: 192.168.1.1 (DHCP server) │ │ Destination IP: 255.255.255.255 (or unicast) │ │ Leased IP: 192.168.1.100 │ │ Subnet mask: 255.255.255.0 │ │ Default gateway: 192.168.1.1 │ │ DNS server: 8.8.8.8 │ │ Lease time: 86400 seconds │ │ Message type: DHCPACK (Option 53 = 5) │ └────────────────────────────────────────────────────────────┘ Client configures interface → ready to communicate.
| Message | Sent By | Type | Source IP | Destination IP | Purpose |
|---|---|---|---|---|---|
| DHCPDISCOVER | Client | Broadcast | 0.0.0.0 | 255.255.255.255 | Find available DHCP servers |
| DHCPOFFER | Server | Broadcast / Unicast | Server IP | 255.255.255.255 | Propose an IP address and parameters |
| DHCPREQUEST | Client | Broadcast | 0.0.0.0 | 255.255.255.255 | Formally request the offered IP; inform other servers |
| DHCPACK | Server | Broadcast / Unicast | Server IP | 255.255.255.255 | Confirm lease; deliver all IP configuration |
| DHCPNAK | Server | Broadcast | Server IP | 255.255.255.255 | Reject request; client must restart DORA |
| DHCPRELEASE | Client | Unicast | Client IP | Server IP | Client voluntarily returns its leased IP |
| DHCPINFORM | Client | Unicast | Client IP | Server IP | Client already has IP; requests only other config options |
See full detail: How DHCP Works – Full Guide
4. DHCP Lease Time
The lease time defines how long a client is permitted to use an assigned IP address before it must renew the lease with the DHCP server. Lease management is critical — if a lease expires and is not renewed, the client loses its IP configuration and must restart DORA.
Lease Renewal Timeline
Lease lifecycle (example: 24-hour / 86400-second lease):
T=0 T=50% (12h) T=87.5% (21h) T=100% (24h)
│ │ │ │
├────────────┼────────────────┼─────────────────┤
│ │ │ │
Lease T1: Renewal T2: Rebinding Lease
Granted (unicast to (broadcast to Expires
original server) any DHCP server) (client loses IP)
T1 (50% of lease) — DHCPREQUEST sent directly (unicast) to the
original DHCP server asking to renew. If the server responds with
DHCPACK, the lease is extended from the current time.
T2 (87.5% of lease) — If T1 renewal failed, client broadcasts a
DHCPREQUEST to ANY DHCP server on the segment (rebinding). The
client is still using the old IP and hoping any server will renew it.
T=100% — If neither T1 nor T2 renewal succeeded, the lease expires.
The client MUST stop using the IP address immediately and restart the
full DORA process from DHCPDISCOVER.
| Lease Duration | Typical Use Case | Considerations |
|---|---|---|
| Short (1–4 hours) | Guest Wi-Fi, hotspots, high-turnover environments | Addresses return to pool quickly; higher DHCP traffic due to frequent renewals |
| Medium (8–24 hours) | Corporate office workstations | Common default; balances address reuse with renewal overhead |
| Long (3–8 days) | Servers, printers, fixed infrastructure | Reduces renewal traffic; devices keep address across reboots |
| Infinite | Static-like assignments for specific hosts via DHCP | Address is never returned to pool; effectively a dynamic static assignment |
5. DHCP Scope, Pool, and Exclusions
A DHCP scope (or pool in Cisco IOS terminology) defines the range of IP addresses and configuration options that a DHCP server will assign to clients on a given subnet. Configuring the scope correctly is the foundation of any DHCP deployment. A solid understanding of subnetting is essential for calculating correct pool ranges and exclusions.
Key Scope Components
| Component | Description | Example |
|---|---|---|
| Network / Range | The subnet from which addresses are assigned | 192.168.1.0 /24 |
| Excluded addresses | Addresses within the scope that the DHCP server will NOT assign — reserved for routers, switches, servers, and printers with static IPs | 192.168.1.1 – 192.168.1.20 |
| Default gateway | Pushed to clients as Option 3 | 192.168.1.1 |
| DNS server | Pushed to clients as Option 6 | 8.8.8.8 |
| Lease time | How long clients may keep the assigned address | 1 day (86400 seconds) |
| Domain name | Pushed to clients as Option 15 | company.local |
DHCP Exclusions — Why They Matter
Without exclusions, the DHCP server might assign an address already statically configured on a router, switch SVI, server, or printer — causing an IP address conflict. Exclusions must be configured before the pool so the server never hands out those addresses.
Best practice address planning for 192.168.1.0/24: 192.168.1.0 — Network address (unusable) 192.168.1.1 — Default gateway (router) — EXCLUDE 192.168.1.2 — Layer 3 switch SVI — EXCLUDE 192.168.1.3–10 — Reserved for servers — EXCLUDE 192.168.1.11–20 — Reserved for printers — EXCLUDE ───────────────────────────────────────────────────────── 192.168.1.21–254 — DHCP pool (234 available addresses) 192.168.1.255 — Broadcast (unusable)
Cisco IOS DHCP Server Configuration
! Step 1 — Exclude addresses BEFORE defining the pool: Router(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.20 ! Step 2 — Create and name the DHCP pool: Router(config)# ip dhcp pool LAN_POOL ! Step 3 — Define the network (scope): Router(dhcp-config)# network 192.168.1.0 255.255.255.0 ! Step 4 — Set the default gateway (Option 3): Router(dhcp-config)# default-router 192.168.1.1 ! Step 5 — Set the DNS server (Option 6): Router(dhcp-config)# dns-server 8.8.8.8 8.8.4.4 ! Step 6 — Set the domain name (Option 15): Router(dhcp-config)# domain-name company.local ! Step 7 — Set the lease time (days hours minutes): Router(dhcp-config)# lease 1 0 0 ! Verify DHCP pool and bindings: Router# show ip dhcp pool Router# show ip dhcp binding Router# show ip dhcp conflict Router# show ip dhcp statistics
ip dhcp excluded-address
statements before creating the pool. If the router boots and the
pool is active before exclusions are applied, it may hand out addresses that
conflict with statically-configured devices.
See full detail: DHCP Configuration Guide | DHCP Server Configuration Lab
6. DHCP Address Bindings and Conflicts
A DHCP binding is the record of a leased IP address and the client that holds it, identified by the client's MAC address. The DHCP server stores all active bindings in memory and uses them to avoid assigning the same address twice.
Router# show ip dhcp binding IP address Client-ID / Hardware address Lease expiration Type 192.168.1.21 0100.1122.3344.55 Mar 18 2026 09:00 AM Automatic 192.168.1.22 0100.aabb.ccdd.ee Mar 18 2026 10:30 AM Automatic 192.168.1.23 0100.dead.beef.01 Infinite Manual
DHCP Conflicts
A DHCP conflict occurs when the DHCP server tries to assign an address that is already in use on the network. Cisco IOS uses ping (before offering) and gratuitous ARP (by the client after receiving the offer) to detect conflicts. If a conflict is found, the address is removed from the pool and logged.
! View addresses that were detected as conflicted and removed from the pool: Router# show ip dhcp conflict IP address Detection method Detection time 192.168.1.25 Ping Mar 17 2026 08:14 AM ! Clear a specific conflict so the address can be used again: Router# clear ip dhcp conflict 192.168.1.25 ! Clear all conflicts: Router# clear ip dhcp conflict *
7. DHCP Relay Agent — ip helper-address
DHCP relies on broadcasts for the Discover and Request messages. Broadcasts do not cross router boundaries — they are confined to the local subnet. This creates a problem: if the DHCP server is on a different subnet (or a centralised server farm), clients on remote subnets cannot reach it via broadcast.
The solution is a DHCP Relay Agent. The relay agent is configured on the router interface that faces the client subnet. It intercepts the DHCP broadcast from the client and forwards it as a unicast packet directly to the DHCP server's IP address. The server receives the forwarded request, allocates an address from the appropriate scope, and sends the reply back through the relay agent to the client.
DHCP Relay — How It Works
Topology: DHCP server is centrally located; clients are on remote subnets.
[Client 192.168.10.x] [Router] [DHCP Server 10.0.0.2]
Subnet: 192.168.10.0/24 Gi0/0: 192.168.10.1 Subnet: 10.0.0.0/24
Gi0/1: 10.0.0.1
Step 1: Client broadcasts DHCPDISCOVER
Src: 0.0.0.0 Dst: 255.255.255.255
→ Received by Router Gi0/0 (ip helper-address configured)
Step 2: Router (relay agent) converts broadcast to unicast:
Src: 192.168.10.1 (router's inside interface)
Dst: 10.0.0.2 (DHCP server unicast)
→ Also inserts the client's subnet info (giaddr field = 192.168.10.1)
Step 3: DHCP server sees giaddr = 192.168.10.1
→ Allocates from the 192.168.10.0/24 scope (not its own subnet)
→ Sends DHCPOFFER back to relay agent (unicast to 192.168.10.1)
Step 4: Relay agent forwards DHCPOFFER to client (broadcast on Gi0/0)
Step 5: Same relay process for DHCPREQUEST and DHCPACK
→ Client receives full IP configuration
Configuring ip helper-address
! Configure ip helper-address on the router interface facing the clients: Router(config)# interface GigabitEthernet0/0 Router(config-if)# ip address 192.168.10.1 255.255.255.0 Router(config-if)# ip helper-address 10.0.0.2 ! If clients are on multiple VLANs (SVIs on a Layer 3 switch): ! See: Inter-VLAN Routing (Layer 3 Switch) Switch(config)# interface vlan 10 Switch(config-if)# ip address 192.168.10.1 255.255.255.0 Switch(config-if)# ip helper-address 10.0.0.2 Switch(config)# interface vlan 20 Switch(config-if)# ip address 192.168.20.1 255.255.255.0 Switch(config-if)# ip helper-address 10.0.0.2 ! One ip helper-address per interface, pointing to the DHCP server. ! Multiple helper-addresses can be configured on one interface ! (forwards to multiple DHCP servers — useful for redundancy).
giaddr field in the forwarded DHCP packet with its own
interface IP address. The DHCP server uses giaddr to
determine which scope to assign from — so it is critical that the DHCP
server has a scope matching the giaddr subnet. If no matching
scope exists, the server drops the request.
What ip helper-address Forwards
By default, ip helper-address forwards not just DHCP but
also several other broadcast-based UDP services:
| Service | UDP Port |
|---|---|
| DHCP / BOOTP Server | 67 |
| DHCP / BOOTP Client | 68 |
| TFTP | 69 |
| DNS | 53 — see DNS Overview |
| NetBIOS Name Service | 137 |
| NetBIOS Datagram Service | 138 |
| TACACS | 49 |
| Time Protocol | 37 |
See full detail: DHCP Relay Guide | DHCP Relay Agent Lab
8. DHCP Reservations — Binding a Specific IP to a MAC Address
A DHCP reservation (called a manual binding in Cisco IOS) ensures a specific host always receives the same IP address from DHCP, identified by its MAC address. This is useful for printers, servers, and IP phones that need a predictable address but whose configuration you still want managed centrally through DHCP.
! Create a manual DHCP binding for a specific host: Router(config)# ip dhcp pool PRINTER_01 Router(dhcp-config)# host 192.168.1.50 255.255.255.0 Router(dhcp-config)# hardware-address 00AA.BBCC.DD01 Router(dhcp-config)# default-router 192.168.1.1 Router(dhcp-config)# dns-server 8.8.8.8 ! The host 00AA.BBCC.DD01 will always receive 192.168.1.50. ! Note: 192.168.1.50 should also be in the excluded range of the ! main pool to prevent it from being assigned to another host.
9. DHCP Snooping — Security Against Rogue DHCP Servers
DHCP Snooping is a Layer 2 security feature on Cisco switches that protects against rogue DHCP servers. Without it, any device connected to the network could run a DHCP server and respond to client Discover messages with malicious configuration — such as a fake default gateway (used in man-in-the-middle attacks).
DHCP Snooping divides switch ports into trusted and untrusted ports:
| Port Type | DHCP Messages Allowed | Typical Assignment |
|---|---|---|
| Trusted | All DHCP messages (including DHCPOFFER, DHCPACK) | Uplinks to legitimate DHCP servers, router ports, trunk ports |
| Untrusted | Only client messages (DHCPDISCOVER, DHCPREQUEST). DHCPOFFER and DHCPACK are dropped — preventing rogue servers | All access ports connecting end-user devices |
! Enable DHCP Snooping globally and per VLAN: ! See: VLANs Overview for VLAN concepts Switch(config)# ip dhcp snooping Switch(config)# ip dhcp snooping vlan 10 ! Mark the uplink toward the legitimate DHCP server as trusted: Switch(config-if)# ip dhcp snooping trust ! Verify: Switch# show ip dhcp snooping Switch# show ip dhcp snooping binding
See full detail: DHCP Snooping Guide | DHCP Snooping & DAI Lab
10. DHCP Troubleshooting and Verification Commands
When clients fail to obtain IP addresses, a systematic approach to DHCP troubleshooting saves time. Start by confirming the client's perspective, then verify the server, then check relay if applicable.
Client-Side Verification
Windows — check current IP configuration: C:\> ipconfig /all C:\> ipconfig /release (release current DHCP lease) C:\> ipconfig /renew (request a new lease — triggers DORA) Linux / macOS: $ ip address show (or: ifconfig -a) $ sudo dhclient -r eth0 (release lease) $ sudo dhclient eth0 (request new lease)
Cisco Router / Switch Verification
! Show all active DHCP leases (bindings): Router# show ip dhcp binding ! Show DHCP pool configuration and utilisation: Router# show ip dhcp pool ! Show DHCP statistics (messages sent/received, conflicts): Router# show ip dhcp statistics ! Show addresses removed from pool due to conflicts: Router# show ip dhcp conflict ! Verify ip helper-address is configured correctly: Router# show ip interface GigabitEthernet0/0 (look for "Helper address is 10.0.0.2") ! Real-time DHCP debug (use with care on busy networks): Router# debug ip dhcp server events Router# debug ip dhcp server packet Router# no debug all (turn off all debugging)
Common DHCP Problems and Solutions
| Symptom | Likely Cause | Fix |
|---|---|---|
| Client gets 169.254.x.x (APIPA) | No DHCP response received — server unreachable, pool exhausted, or relay misconfigured | Check pool availability, verify
ip helper-address, check routing to server |
| IP address conflict | Statically-configured device uses an address in the DHCP pool | Add the conflicting address to ip dhcp excluded-address;
run clear ip dhcp conflict * |
| Pool exhausted | All addresses in the scope are leased; new clients cannot get IPs | Shorten lease time, expand the pool, or add a second scope |
| Clients on remote subnet get no IP | Missing or incorrect ip helper-address on the
inter-subnet router interface |
Add ip helper-address <server-IP> to the correct
interface; ensure DHCP server has a scope for the remote subnet |
| Rogue DHCP server handing out bad config | Unauthorised device running a DHCP server on the network | Enable DHCP Snooping on access switches; mark only legitimate server uplinks as trusted |
| Correct IP but no internet access | Wrong default gateway or DNS server pushed by DHCP | Verify default-router and dns-server
in the pool configuration |
See also: ipconfig / ifconfig Command | Troubleshooting DHCP Clients Lab