DHCP: Dynamic Host Configuration Protocol

The protocol that automatically assigns IP addresses and network settings to every device on your network, eliminating the need for manual configuration.

Type

Application Layer

Ports

67 (server) / 68 (client)

Transport

UDP

Standard

RFC 2131

What is DHCP?

DHCP (Dynamic Host Configuration Protocol) is a network protocol that automatically assigns IP addresses and other configuration parameters to devices on a network. When you connect your laptop, phone, or any other device to a WiFi network or plug in an Ethernet cable, DHCP is the protocol that gives your device an IP address, a subnet mask, a default gateway, and DNS server addresses, all without any manual input.

Before DHCP existed, network administrators had to manually configure IP addresses on every single device. On a network with hundreds or thousands of machines, this was tedious and error-prone. Duplicate IP addresses, typos in subnet masks, and incorrect gateway settings were common problems. DHCP was created to solve all of these issues by centralizing and automating address management.

DHCP was first defined in 1993 in RFC 1531, then updated and superseded by RFC 2131 in 1997, which remains the current standard. It evolved from an earlier protocol called BOOTP (Bootstrap Protocol), which could assign IP addresses but lacked features like automatic address reclamation through lease expiration. DHCP operates over UDP, using port 67 for the server and port 68 for the client. Virtually every home router, enterprise network, and cloud environment uses DHCP to manage IP address allocation.

The DORA Process: How DHCP Assigns an IP Address

DHCP assigns addresses through a four-step exchange known as DORA: Discover, Offer, Request, Acknowledge. This process takes place over UDP broadcasts and typically completes in milliseconds.

  1. Discover: when a device connects to a network and needs an IP address, it sends a DHCPDISCOVER message as a broadcast (destination 255.255.255.255). The device does not yet have an IP address, so it uses 0.0.0.0 as its source. This broadcast reaches every device on the local network segment, including any DHCP servers.
  2. Offer:each DHCP server that receives the Discover message responds with a DHCPOFFER. This offer includes a proposed IP address, the subnet mask, the lease duration, and the server's own IP address as an identifier. If multiple DHCP servers exist on the network, the client may receive multiple offers.
  3. Request: the client selects one of the offers (typically the first one received) and broadcasts a DHCPREQUEST message. This message is broadcast rather than unicast so that all DHCP servers on the network can see which offer was accepted. Servers whose offers were not chosen will release the IP addresses they had reserved.
  4. Acknowledge: the selected DHCP server sends a DHCPACK message confirming the lease. This message contains the final IP address, subnet mask, default gateway, DNS servers, and lease duration. Once the client receives the ACK, it configures its network interface and begins using the assigned address.
New Device(no IP address)DHCP Server192.168.1.1DORA ProcessDHCPDISCOVERWho is the DHCP server? I need an IP!255.255.255.255DHCPOFFERHere, try 192.168.1.50 (lease: 24h)DHCPREQUESTI'll take 192.168.1.50 please255.255.255.255DHCPACKConfirmed! 192.168.1.50 is yours for 24h192.168.1.50Device configured
The DHCP DORA process: a new device broadcasts a Discover message, the server responds with an Offer, the client formally Requests the offered address, and the server Acknowledges with a lease.

DHCP Network Architecture

A DHCP server manages one or more address pools, commonly called scopes. Each scope defines a range of IP addresses available for assignment, along with the associated configuration parameters. When a client requests an address, the server selects an available IP from the appropriate scope and leases it to the client for a specified duration.

Beyond the IP address itself, a DHCP server delivers a complete set of network configuration parameters to each client. These typically include the following:

  • Subnet mask: defines the network boundary (for example, 255.255.255.0 for a /24 network)
  • Default gateway: the router address that the client uses to reach other networks and the internet
  • DNS servers: the addresses of domain name servers for resolving hostnames to IP addresses
  • Domain name: the DNS suffix applied to unqualified hostnames (for example, corp.example.com)
  • NTP servers: time server addresses used to synchronize the system clock
  • Lease time: how long the client may use the assigned address before it must renew
DHCP Server192.168.1.1Pool: 192.168.1.50 – 192.168.1.200151 addresses availableLease TableIPMACExpires.50AA:BB:CC:0123:45:00.51AA:BB:CC:0223:50:12.52AA:BB:CC:0323:55:30.53AA:BB:CC:0423:58:45Network SwitchLaptopAA:BB:CC:01192.168.1.50PhoneAA:BB:CC:02192.168.1.51PrinterAA:BB:CC:03192.168.1.52IoT SensorAA:BB:CC:04192.168.1.53Gateway: 192.168.1.1 | Subnet: 255.255.255.0 | DNS: 8.8.8.8
The DHCP server manages an address pool and assigns IPs with lease times. Along with an IP address, DHCP also provides the default gateway, subnet mask, and DNS server addresses.

DHCP Lease Lifecycle

DHCP does not assign IP addresses permanently. Instead, it leases them for a configurable duration. This lease mechanism allows the server to reclaim addresses from devices that have left the network and reassign them to new devices. Lease durations are configurable and commonly range from 8 to 24 hours, though they can be set to anything from a few minutes to several days depending on the network environment.

The lease lifecycle follows a predictable pattern. After the initial DORA exchange, the client enters the Bound state and uses its assigned IP normally. At the halfway point of the lease (known as T1, or 50% of the lease duration), the client attempts to renew by sending a DHCPREQUEST directly to the server that issued the lease. This is a unicast message because the client already knows the server's address.

If the renewal at T1 fails (because the server is unreachable, for example), the client continues using its address and tries again at T2, which is 87.5% of the lease duration. At this point, the client broadcasts a DHCPREQUEST to any available DHCP server, since the original server may be permanently unavailable. If the lease expires without a successful renewal, the client must release the address and restart the entire DORA process from scratch.

StateTimingAction
BoundAfter DHCPACKClient uses the IP normally
RenewingAt T1 (50% of lease)Client unicasts DHCPREQUEST to server
RebindingAt T2 (87.5% of lease)Client broadcasts DHCPREQUEST
ExpiredLease time reachedClient releases IP, restarts DORA

DHCP Options

DHCP can deliver a wide variety of configuration parameters beyond just an IP address. These parameters are encoded as numbered options within DHCP messages. The DHCP options framework is extensible, and new options can be defined for specific use cases. Here are the most commonly used options:

OptionCodeDescription
Subnet Mask1Network mask (e.g., 255.255.255.0)
Default Gateway3Router address
DNS Servers6Domain name server addresses
Domain Name15DNS domain suffix
NTP Servers42Time server addresses
Lease Time51Duration of IP lease in seconds
DHCP Server54Identifier of the DHCP server
TFTP Server66Used for PXE/network boot

Option codes are standardized by IANA. Options 1 through 254 are available, with many already assigned to specific parameters. Vendors can also define custom options (option 43 is commonly used for vendor-specific information) to deliver proprietary configuration data to devices from a particular manufacturer.

DHCP Relay Agents

DHCP relies on broadcast messages, and broadcasts do not cross router boundaries. This means that, without additional configuration, a DHCP server can only serve clients on its own local subnet. In enterprise networks with dozens or hundreds of VLANs, placing a dedicated DHCP server on every subnet would be impractical and wasteful.

DHCP relay agents solve this problem. A relay agent is a service (typically running on a router or Layer 3 switch) that listens for DHCP broadcast messages on a local subnet and forwards them as unicast packets to a DHCP server on a different subnet. The relay agent adds its own interface address to the forwarded message so the server knows which subnet the request originated from and can assign an address from the correct scope.

On Cisco routers, DHCP relay is configured with the ip helper-address command on the interface facing the client subnet. For example, ip helper-address 10.0.0.5 tells the router to forward DHCP broadcasts from that interface to the server at 10.0.0.5. This allows a single centralized DHCP server to manage address allocation for an entire campus or data center across many subnets and VLANs.

DHCP Security

DHCP has no built-in authentication mechanism. Any device on the network can act as a DHCP server or send DHCP requests. This creates several security vulnerabilities that attackers can exploit.

Rogue DHCP servers are one of the most common DHCP attacks. An attacker connects a device to the network that responds to DHCPDISCOVER messages with malicious configuration. The rogue server can provide a fake default gateway (routing all traffic through the attacker for man-in-the-middle attacks) or fake DNS servers (redirecting domain lookups to malicious sites). Because clients typically accept the first offer they receive, the rogue server only needs to respond faster than the legitimate server.

DHCP starvation attacksexhaust the server's address pool by flooding it with DHCPDISCOVER messages, each using a spoofed MAC address. Once all available addresses are leased to fake clients, legitimate devices cannot obtain an IP address. This effectively creates a denial-of-service condition on the network.

Several mitigations exist for these threats:

  • DHCP snooping: a switch-level security feature that creates a trusted/untrusted port model. Only ports marked as trusted (typically uplinks to the DHCP server) are allowed to send DHCP server messages. Untrusted ports (client-facing) can only send client messages. This prevents rogue servers from operating on access ports.
  • Port security: limits the number of MAC addresses allowed on a switch port, which helps prevent starvation attacks that rely on spoofing many MAC addresses from a single port.
  • 802.1X authentication: requires devices to authenticate before gaining network access, preventing unauthorized devices from sending any DHCP traffic at all.

For IPv6 networks, DHCPv6 (defined in RFC 8415) provides similar functionality. DHCPv6 can work alongside SLAAC (Stateless Address Autoconfiguration) and includes options for authentication through the DHCPv6 auth option, though adoption of DHCP authentication remains limited in practice.

Common Use Cases for DHCP

  • Home networks: every consumer router includes a built-in DHCP server that assigns addresses to phones, laptops, smart TVs, and other connected devices. Most home users never need to think about IP configuration because DHCP handles everything automatically.
  • Enterprise networks: organizations use dedicated DHCP servers (such as Windows Server DHCP, ISC DHCP, or Kea) to manage thousands of addresses across multiple subnets. Enterprise DHCP servers support features like failover, address reservations, and integration with DNS for dynamic record updates.
  • Guest WiFi: hotels, airports, and coffee shops use DHCP to assign temporary addresses to guest devices. Short lease times ensure that addresses are recycled quickly as guests connect and disconnect throughout the day.
  • Cloud virtual networks: cloud providers like AWS, Azure, and GCP use DHCP to assign private IP addresses to virtual machines and containers within virtual networks. The DHCP integration is typically transparent to the user but follows the same underlying protocol.
  • PXE network booting: DHCP plays a critical role in network booting by providing not only an IP address but also the location of a TFTP server and boot file (options 66 and 67). This allows diskless workstations and servers to boot their operating system over the network.
  • IoT device provisioning: IoT devices ranging from sensors to cameras to industrial controllers use DHCP to obtain network configuration automatically. This is essential for large-scale deployments where manual configuration of each device would be impractical.

Frequently Asked Questions About DHCP

What happens if the DHCP server is down?

If no DHCP server is available, new devices cannot obtain an IP address and will be unable to communicate on the network. Most operating systems will fall back to an APIPA (Automatic Private IP Addressing) address in the 169.254.x.x range, which allows limited local communication but no internet access. Devices that already have a lease will continue to function normally until their lease expires. Enterprise networks mitigate this risk by deploying redundant DHCP servers with failover configurations.

What is a DHCP lease?

A DHCP lease is a temporary assignment of an IP address to a device. The lease has a defined duration (for example, 24 hours), after which the device must renew the lease or lose the address. This mechanism ensures that IP addresses are returned to the pool when devices leave the network, preventing address exhaustion. The lease duration is configured on the DHCP server and can range from minutes to days depending on the network requirements.

Can I have a static IP with DHCP?

Yes, through a feature called DHCP reservations (also known as static DHCP mappings). A reservation ties a specific IP address to a device's MAC address. When the server sees a DHCPDISCOVER from that MAC address, it always offers the same reserved IP. This gives you the consistency of a static IP with the centralized management benefits of DHCP. Reservations are commonly used for printers, servers, and network infrastructure devices that need predictable addresses.

What is the difference between DHCP and static IP?

With DHCP, IP addresses are assigned automatically by a server and may change over time as leases expire and renew. With a static IP, the address is manually configured on the device and never changes. DHCP is easier to manage at scale and prevents configuration errors, while static IPs are used for devices that need a permanent, known address (like servers and network equipment). In practice, most networks use DHCP for the majority of devices and static IPs or DHCP reservations for a small number of critical systems.

What is DHCP snooping?

DHCP snooping is a Layer 2 security feature available on managed switches. It monitors DHCP traffic and builds a binding table that maps IP addresses to MAC addresses on specific switch ports. Trusted ports (connected to legitimate DHCP servers) are allowed to send DHCP server messages, while untrusted ports (connected to clients) are restricted to client messages only. If an untrusted port attempts to send a DHCP offer or acknowledgment, the switch drops the packet. DHCP snooping also serves as the foundation for other security features like Dynamic ARP Inspection and IP Source Guard.

Does DHCP work with IPv6?

Yes. DHCPv6, defined in RFC 8415, provides address assignment and configuration for IPv6 networks. However, IPv6 also supports SLAAC (Stateless Address Autoconfiguration), which allows devices to generate their own addresses using router advertisements without needing a DHCP server. Many IPv6 networks use a combination of both: SLAAC for address assignment and DHCPv6 for delivering additional configuration like DNS server addresses. The choice between DHCPv6 and SLAAC depends on how much control administrators need over address allocation.

Related Protocols

  • DNS: the domain name system that DHCP clients use after receiving DNS server addresses from DHCP
  • UDP: the transport protocol that carries all DHCP messages on ports 67 and 68
  • TCP: the reliable transport protocol often compared to UDP, which DHCP chose not to use in favor of speed and simplicity
  • NAT: Network Address Translation, which works alongside DHCP to allow private IP addresses assigned by DHCP to access the public internet