DHCP (Dynamic Host Configuration Protocol)

This guide provides an overview of the Dynamic Host Configuration Protocol (DHCP), explaining how it works, its core components, the allocation process, and common deployment scenarios.

1. What is DHCP?

Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks. It automates the process of configuring devices on IP networks, allowing them to use network services such as DNS, NTP, and any communication protocol based on UDP or TCP.

Why is DHCP Needed?

Without DHCP, network administrators must manually configure IP addresses, subnet masks, default gateways, and DNS servers on every single device (computer, phone, printer, server) connected to the network.

Manual Configuration (Static IP):

  • Time-consuming for large networks.
  • High risk of human error (e.g., assigning the duplicate IP addresses, leading to conflicts).
  • Inefficient when devices frequently join and leave the network.

Automatic Configuration (DHCP):

  • Eliminates manual configuration errors.
  • Automatically reclaims IP addresses when devices disconnect, preventing address exhaustion.
  • Simplifies network management by centralizing IP configuration.

2. Key DHCP Concepts and Terminology

To understand how DHCP works, it is helpful to be familiar with its core terminology:

  • DHCP Server: A network device (such as a router, server, or firewall) that runs the DHCP service. It manages a pool of IP addresses and assigns them to clients.
  • DHCP Client: Any device (computer, smartphone, IoT device) that requests network configuration parameters from a DHCP server.
  • IP Pool (or Range): The range of IP addresses that the DHCP server is allowed to assign to clients (e.g., 192.168.1.100 to 192.168.1.200).
  • DHCP Scope: The consecutive range of IP addresses and associated configuration settings (such as subnet mask, gateway, and DNS servers) defined for a specific network segment.
  • Exclusion Range: A specific range of IP addresses within a scope that the DHCP server is instructed not to lease out (often reserved for devices that require static IPs, like printers or servers).
  • DHCP Reservation (Static DHCP): A feature that maps a device's unique physical Media Access Control (MAC) address to a specific IP address. Every time that device connects, the DHCP server assigns it the exact same IP address.
  • DHCP Lease: The period for which a DHCP client is permitted to use an assigned IP address.

3. How DHCP Works: The DORA Process

The core interaction between a DHCP client and a DHCP server is known as the DORA process, named after the four distinct types of messages exchanged: Discover, Offer, Request, and Acknowledge.

Client                                                   Server
  |                                                        |
  | ----------- DHCPDISCOVER (Broadcast) -------------> | (Is anyone there?)
  | <---------- DHCPOFFER (Unicast/Broadcast) --------- | (I have an IP for you)
  | ----------- DHCPREQUEST (Broadcast) --------------> | (I'd like to use that IP)
  | <---------- DHCPACK (Unicast/Broadcast) ----------- | (It's yours. Here are the details)
  |                                                        |

Step 1: Discover (DHCPDISCOVER)

When a device connects to the network, it does not have an IP address. It sends a DHCPDISCOVER message to find any available DHCP servers on the network.

  • Sender: Client
  • Destination: 255.255.255.255 (Limited Broadcast)
  • Port Used: Source UDP 68 -> Destination UDP 67

Step 2: Offer (DHCPOFFER)

Any DHCP server that receives the discovery message checks its available address pool and sends a DHCPOFFER message back to the client, proposing an IP address and configuration settings.

  • Sender: DHCP Server
  • Destination: Client (usually sent as unicast using the client's MAC address, or broadcast depending on the implementation)
  • Port Used: Source UDP 67 -> Destination UDP 68

Step 3: Request (DHCPREQUEST)

The client selects one of the offers (usually the first one it receives) and sends a DHCPREQUEST message back to the server. This message is broadcast so that all other DHCP servers know their offers were declined and can release those IPs back to their pools.

  • Sender: Client
  • Destination: 255.255.255.255 (Broadcast)
  • Port Used: Source UDP 68 -> Destination UDP 67

Step 4: Acknowledge (DHCPACK)

The DHCP server that offered the selected IP address receives the request, confirms that the IP is still available, and sends a DHCPACK (Acknowledge) message. This message contains the client's lease duration and final network parameters (Subnet Mask, Default Gateway, DNS Servers).

  • Sender: DHCP Server
  • Destination: Client (Unicast or Broadcast)
  • Port Used: Source UDP 67 -> Destination UDP 68

Once the client receives the DHCPACK, its TCP/IP stack is configured, and it can communicate on the network.

4. DHCP Lease Renewal and Timers

IP addresses assigned by DHCP are not permanent; they are leased. To keep its IP address, the client must renew the lease before it expires. This process involves two critical timers:

1. T1 (Renewal Timer): Usually set to 50% of the lease time.

  • When this timer expires, the client sends a unicast DHCPREQUEST directly to the DHCP server that originally granted the lease, asking to renew it.
  • If the server responds with a DHCPACK, the lease is reset to its original duration.

2. T2 (Rebinding Timer): Usually set to 87.5% of the lease time.

  • If the original DHCP server does not respond by the T1 mark (perhaps it is offline), the client waits until the T2 timer expires.
  • At this point, the client broadcasts a DHCPREQUEST to the entire network, attempting to renew its lease with any available DHCP server.
  • If no server responds by the time the lease expires (100%), the client must immediately stop using the IP address and begin the DORA process again from the start.

5. DHCP Relay Agents

Because DHCP messages rely heavily on broadcast packets (255.255.255.255), they cannot cross routers by default. Routers block broadcast traffic to prevent network congestion.

If an organization has multiple Local Area Networks (LANs) or Virtual Local Area Networks (VLANs), they would need either:
1. A DHCP server on every subnet.
2. A DHCP Relay Agent (also known as an IP Helper).

[ Client ] ---> Broadcast (Discover) ---> [ Router / Relay Agent ]
                                                 |
                                         Unicast (Discover)
                                                 |
                                                 v
                                        [ Central DHCP Server ]

How DHCP Relay Works:

1. The client broadcasts a DHCPDISCOVER on its local subnet.
2. The router (configured with DHCP Relay/IP Helper) intercepts this broadcast.
3. The router converts the broadcast into a unicast packet and forwards it directly to the IP address of the central DHCP server on a different subnet.
4. The DHCP server processes the request, offers an IP address suitable for the client's subnet, and sends the response back to the router.
5. The router forwards the response back to the client.

This allows organizations to centralize IP address management onto a few central servers.

6. DHCP Security Considerations

DHCP was designed without built-in security mechanisms, leaving it vulnerable to several common attacks:

Rogue DHCP Servers

An attacker can place an unauthorized DHCP server on the network. This server can hand out incorrect default gateways and DNS servers to clients, redirecting their traffic through the attacker's system (a Man-in-the-Middle attack).

  • Mitigation: DHCP Snooping. This is a Layer 2 switch security feature that distinguishes between trusted ports (connected to legitimate DHCP servers/routers) and untrusted ports (connected to end-users). The switch drops any incoming DHCP offers/acknowledgements on untrusted ports.

DHCP Starvation Attack

An attacker broadcasts a massive volume of DHCPDISCOVER packets, using spoofed MAC addresses, to exhaust the DHCP server's pool of available IP addresses. Valid clients are then unable to obtain network access.

  • Mitigation: Port Security on network switches. This limits the number of MAC addresses allowed to connect to a single switch port, preventing a single attacker from spoofing multiple MAC addresses.

7. Basic Troubleshooting Commands

If a device is experiencing network connectivity issues, you can troubleshoot the DHCP process using the command line.

Windows (Command Prompt)

  • View current DHCP details:
  ipconfig /all

(Look for "DHCP Enabled: Yes", "DHCP Server", and lease times).

  • Release the current IP lease:
  ipconfig /release
  • Request a new IP lease (restart DORA):
  ipconfig /renew

Linux (Terminal)

Depending on your distribution, you can manage IP configurations via the command line.

  • For systems using dhclient:
  • Release lease:
    sudo dhclient -r
  • Obtain new lease:
    sudo dhclient
  • For systems using NetworkManager (nmcli):
  • Check connection details:
    nmcli device show

The guide was created in June 2026.