DHCP (Dynamic Host Configuration Protocol)
Definition
DHCP (Dynamic Host Configuration Protocol, RFC 2131) is a network management protocol used to automatically assign IP addresses and other network configuration parameters to devices on a network. It eliminates the need for manual IP address configuration.
DHCP operates on a client-server model using UDP ports 67 (server) and 68 (client).
DHCP Process (DORA)
Client DHCP Server
│ │
│── DHCP Discover ────────────▶│ (broadcast, 0.0.0.0:68 → 255.255.255.255:67)
│ │
│◀── DHCP Offer ──────────────│ (IP address, subnet, gateway, DNS, lease time)
│ │
│── DHCP Request ─────────────▶│ (accepts the offered IP)
│ │
│◀── DHCP ACK ─────────────────│ (confirms the lease)
│ │
│ IP assigned: 192.168.1.100 │
│ Subnet: 255.255.255.0 │
│ Gateway: 192.168.1.1 │
│ DNS: 8.8.8.8, 8.8.4.4 │
│ Lease: 86400 seconds │
DHCP Options
| Option |
Name |
Description |
| 3 |
Router |
Default gateway IP |
| 6 |
Domain Name Server |
DNS server IPs |
| 15 |
Domain Name |
DNS domain name |
| 28 |
Broadcast Address |
Network broadcast address |
| 51 |
Lease Time |
Lease duration in seconds |
| 53 |
DHCP Message Type |
Discover/Offer/Request/Ack/Nak/Release |
| 54 |
Server Identifier |
DHCP server IP |
| 66 |
TFTP Server |
TFTP server for PXE boot |
| 67 |
Bootfile Name |
Boot file for PXE boot |
| 121 |
Static Routes |
Static routing information |
| 252 |
HTTP Proxy Auto-Config |
PAC file URL |
DHCP Scopes
DHCP Scope: 192.168.1.0/24
├── Pool: 192.168.1.100 - 192.168.1.200 (101 addresses)
├── Exclusions: 192.168.1.1 - 192.168.1.50 (reserved for static)
├── Lease Duration: 86400 seconds (24 hours)
├── Options:
│ ├── Router: 192.168.1.1
│ ├── DNS: 8.8.8.8, 8.8.4.4
│ └── Domain: example.com
└── Reservations:
├── Printer: 192.168.1.10 (MAC: aa:bb:cc:dd:ee:01)
└── Server: 192.168.1.20 (MAC: aa:bb:cc:dd:ee:02)
DHCP in Infrastructure
| Component |
DHCP Role |
| Servers |
DHCP server for network devices |
| Routers/Switches |
DHCP relay agent (option 82) |
| PXE boot |
DHCP provides TFTP server info (options 66/67) |
| Cloud |
DHCP in VPC/subnets for VMs/containers |
| Wireless |
DHCP for Wi-Fi connected devices |
DHCP Relay (Option 82)
When DHCP server is on a different subnet, a DHCP relay agent (usually on the router/switch) forwards DHCP broadcasts:
Client (192.168.1.0/24) Relay Agent (Router) DHCP Server (10.0.0.1)
│ │ │
│── DHCP Discover ──────▶ │ │
│ │── DHCP Discover ────────▶│ (giaddr=192.168.1.1)
│◀── DHCP Offer ─────────│ │
│◀── DHCP Offer ─────────│ │
│── DHCP Request ───────▶│ │
│ │── DHCP Request ─────────▶│
│◀── DHCP ACK ───────────│ │
│◀── DHCP ACK ───────────│ │
DHCP Security
| Threat |
Mitigation |
| Rogue DHCP server |
DHCP snooping on switches |
| DHCP starvation |
Port security, limit DHCP packets per port |
| Man-in-the-middle |
DHCP snooping + DAI (Dynamic ARP Inspection) |
| Lease exhaustion |
Proper scope sizing, monitoring |
DHCP vs Static IP
| Feature |
DHCP |
Static IP |
| Configuration |
Automatic |
Manual |
| IP management |
Centralized |
Decentralized |
| Scalability |
High |
Low |
| Reliability |
Depends on DHCP server |
Always available |
| Use case |
End-user devices |
Servers, printers, network devices |
| Conflicts |
Rare (DHCP handles) |
Common if not tracked |
- Dns — DHCP traffic must be allowed (UDP 67/68)
References
