Dynamic Host Configuration

Protocol
A comprehensive overview of DHCP including fundamentals, process, server
configuration, security, best practices, and
troubleshooting
What is
DHCP?
Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on IP networks for automatically
assigning IP addresses and configuration parameters to devices.

Standards: Defined in RFC 2131 (supersedes RFC 1541), created to automate and centralize

network configuration Automation: Eliminates need for manual configuration of each network

device

Scalability: Enables easy network expansion without reconfiguration overhead

KeyIPParameters Assigned by DHCP Subnet

Address Mask
Default DNS Server
Gateway Configuration

Made with
Dynamic Host Configuration Protocol Genspark
(DHCP) 2
DHCP Components and
Architecture
Main
Components

DHCPIPServer
Assigns addresses and provides configuration
data from a defined pool. Manages lease time and
maintains database of assigned addresses.
Client
Requests
IP
DHCP
Clients
End devices that request IP configuration from
DHCP Rela
DHCP servers. Includes computers, phones, y
Server
printers, and other network devices. IP Pool Age
Manageme
nt
nt
Client Forward
s
DHCP Relay Requests Message
Agents
Forward DHCP messages between clients and
IP s

servers across different subnets. Typically

configured on routers or dedicated hosts.

Made with
Dynamic Host Configuration Protocol Genspark
(DHCP) 3
DHCP DORA
Process
The DORA Process

1 Discover
Client broadcasts a DHCPDISCOVER message to
locate available DHCP servers on the network.
Source: 0.0.0.0, Destination: 255.255.255.255
1. DHCPDISCOVER
(Broadcast)
2 Off
er
Server responds with a DHCPOFFER message 2.
containing an IP address and configuration DHCPOFFER

parameters. Server reserves this address

temporarily.
DHCP 3. DHCPREQUEST DHCP
(Broadcast)
Client Server
3
Request
Client broadcasts a DHCPREQUEST message to 4.
accept the offered IP address and confirm which DHCPACK
server's offer is accepted (if multiple offers).

4 Acknowledge
Server finalizes the lease by sending a DHCPACK
message that confirms the IP address assignment
and provides the lease duration.
Made with
Dynamic Host Configuration Protocol Genspark 4
(DHCP)
DHCP Message Types

DHCP uses several message types to facilitate IP address assignment and

management:

DHCPDISCOVER Client broadcasts to locate available DHCP

servers DHCPOFFER Server offers IP address and configuration

parameters DHCPREQUEST Client requests offered IP

address or confirms existing lease DHCPACK Server

acknowledges request and finalizes configuration

DHCPNAK Server rejects client's request (e.g., IP address no

longer available)

DHCPDECLINE Client indicates offered address is already in

use DHCPRELEASE Client releases IP address back to

server pool DHCPINFORM Client requests local

configuration without IP address

Clien DHCPREQUES DHCP

tPrimary DORA Process Message Flow T Server
DHCPAC
K
DHCPDISCOVER Made with
Dynamic Host Configuration Protocol Genspark 5
(DHCP)
DHCP vs. Static IP Addressing

Comparison Overview
Understanding when to use Dynamic Host Configuration Protocol (DHCP) or Static
IP addressing

DHCP Static
(Dynamic) IP
Pros & Pros &
Cons Cons
Automatic configuration - zero touch Consistent, permanent
deployment addressing
Centralized management of IP No dependency on DHCP
addresses infrastructure
Efficient utilization of IP address Better for devices that need consistent
space access
Potential delays during IP Manual configuration
acquisition required
Dependent on DHCP server Time-consuming to manage at
availability scale

Use
Cases
DHCP Ideal Static IP Ideal
For: For:
End-user workstations and Network servers and
laptops infrastructure
Mobile devices and guest Printers and network
networks devices
Large enterprise Security systems and critical
networks equipment
DHCP Server Configuration &
Deployment
Key Configuration
Elements
Installation &
Authorization
Install DHCP Server role on Windows Server or
DHCP service on Linux. Authorize in Active
Directory to prevent rogue servers.

Scope Creation & IP

Ranges
Define DHCP scopes with appropriate subnet
masks. Configure exclusion ranges for static
devices and reservation for servers/printers.

Deployment
Models
Centralized: Single DHCP server location with relay
agents. Distributed: Local DHCP servers at branch
offices for fault isolation and reduced WAN traffic.

Made with
Dynamic Host Configuration Protocol Genspark
(DHCP) 7
DHCP Relay Agents

DHCP Relay
Functionality
Why Relay
Agents?
DHCP relies on broadcast messages, but routers
typically don't forward broadcasts across subnets.
Without relay agents, every subnet would need
its own DHCP server.

How They
Work
Relay agents capture DHCP broadcasts from
clients, convert them to unicast packets, and
forward them to the DHCP server. Responses
from the server are then relayed back to the
clients.

Implementation
Typically configured on router interfaces connected
to client subnets. The router is configured with the
IP address of the DHCP server that will service the
requests.

Made with
Genspark
Dynamic Host Configuration Protocol 8
DHCP Security Vulnerabilities
& Attacks
Common DHCP
Attacks

DHCPfloods
Attacker Starvation
the DHCP server with fake MAC
addresses to request all available IP addresses,
depleting the IP pool. This prevents legitimate DHCP Rogue Rogue
Starvation
clients from obtaining addresses, creating a DHCP
Server
denial of service. Attacke Malicious
r Configuratio
n
Rogue DHCP MAC DHCP
Flooding
Server Server
An unauthorized DHCP server is introduced to the
Legitimate
network, providing malicious configuration to Server
clients. Typically directs traffic through attacker-
DHCP
controlled gateways for eavesdropping. Spoofing

Attacke Clie
r nt
DHCP
MITM Victi
Spoofing
Attacker manipulates DHCP responses to provide Position m

false configuration data, setting themselves as

the default gateway (Man-in-the-Middle), DNS
server, or other critical parameters.

Made with
Dynamic Host Configuration Protocol Genspark
(DHCP) 9
DHCP Best Practices

Essential recommendations for robust DHCP deployment and

management:
Separate DHCP from Domain Controllers Implement DHCP Failover
Keep DHCP services on dedicated servers to reduce security risks, Configure load-balanced or hot standby failover to ensure continuous
prevent guest network access to domain controllers, and improve availability of DHCP services in case of server failure
system stability

Proper Scope Management Network Segmentation

Create excluded ranges for infrastructure devices, use DHCP Separate networks with VLANs and dedicated DHCP scopes for computers,
reservations instead of static IPs, and set appropriate lease durations printers, IoT devices, and guest networks to enhance security
for different device types

Security & Documentation

Practices
DHCP Snooping: Enable at switch level to prevent rogue MAC Address Filtering: Control which devices can obtain
DHCP servers and spoofing attacks IP addresses

Documentation: Use IPAM tools to track IP assignments and Regular Audits: Run Best Practices Analyzer to verify
DHCP scopes configurations

Made with
Dynamic Host Configuration Protocol Genspark
(DHCP) 10
Troubleshooting Common
DHCP Issues
Network administrators frequently encounter several common DHCP issues that can disrupt network connectivity. Here are
practical solutions:

IP Address Conflicts: Verify using ipconfig /all and the DHCP server logs. Enable IP conflict detection on the DHCP server. Use Test-

Connection before adding new static IPs.

Scope Exhaustion: Reduce lease duration for temporary devices (1-4 hours), clean up stale leases, monitor usage (80% alert
threshold), and properly size DHCP scopes for your network needs.

Client Connectivity Issues: Check network cable connections, verify DHCP client service is running, temporarily set static IP to test
physical connectivity, check for VLAN misconfigurations and ACLs.

DHCP Relay Problems: Confirm IP Helper configuration on routers, verify relay agents are properly forwarding DHCP packets, test
connectivity between relay agents and DHCP server.

Useful PowerShell Commands for DHCP Troubleshooting

Get-DhcpServerv4Scope | Get-DhcpServerv4Lease - View all DHCP
leases
Get-DhcpServerv4FreeIPAddress -ScopeId 10.0.0.0 - Find next
available IP
Get-DhcpServerv4ScopeStatistics - View scope usage
statistics
Get-DhcpServerv4Lease -ClientId "00-11-22-33-44-55" - Find lease by
MAC
Made with
Troubleshooting Common DHCP Genspark
Issues 11
Summary and Conclusion

Key Takeaways from our comprehensive look at Dynamic Host Configuration Protocol:

Automation Benefits: DHCP significantly reduces administrative overhead by automating IP address management and

network configuration Security Considerations: Implementing DHCP snooping, preventing rogue DHCP servers, and regular

monitoring are essential for network security Best Practices: Separate DHCP from Domain Controllers, configure proper

scope management, implement failover, and document IP assignments Proper Architecture: Understanding DORA process

and deployment strategies ensures robust network infrastructure

RFC 2131Resources
Further - DHCP Protocol
& Q&A Questions &
Specification Discussion
DHCP Best Practices Technical Support
Guide Resources

Made with
Dynamic Host Configuration Protocol Genspark
(DHCP) 12