DHCP Explained: Leases, Options, and Troubleshooting (DORA, Scopes, and Reservations

DHCP explained: What is DHCP?

DHCP (also called dynamic host configuration protocol) is a network service that automatically provides hosts with an IP address, subnet mask, default gateway, DNS servers, and other settings. In practical terms, a DHCP server hands out an IP lease from a defined scope and records the assignment so addresses can be reused safely.

This fits into core computer networking basics such as IP addressing and subnetting, DNS resolution, and how routing vs switching affects broadcast traffic (especially across VLANs).

DHCP roles: client, server, and relay

• Client: requests configuration when it joins a network.
• Server: offers and tracks leases from one or more scopes.
• DHCP relay/agent: forwards DHCP broadcasts across subnets (often configured as ip helper-address on routers).

DHCP explained: How DHCP works — the DORA process

Most deployments follow the DORA exchange: Discover, Offer, Request, Acknowledge. DHCP typically uses UDP port 67 (server) and port 68 (client). When the server is on a different subnet, a relay is required because the initial client messages are broadcasts.

Discover

The client sends a broadcast DHCP Discover to find available servers. If a router separates the client and server, a DHCP relay forwards the message and sets relay information (GIADDR) so the server can choose the right scope.

Offer

One or more servers respond with a DHCP Offer that includes a proposed IP lease, lease duration, and DHCP options (for example, option 3 router and option 6 DNS). The client may receive multiple offers and selects one.

Request

The client broadcasts a DHCP Request indicating which offer it accepted and which server it intends to use. The transaction ID and client identifiers help match replies to the correct exchange.

Acknowledge

The selected server replies with DHCP ACK to finalize the lease and commit it to the lease database. The client applies the IP configuration and begins normal network traffic.

DHCP leases: lease time, renewal (T1), rebind (T2), and APIPA

DHCP lease time explained (T1/T2

The lease duration is commonly delivered via option 51. Clients attempt renewal at T1 (often 50% of the lease) by contacting the original server. At T2 (often 87.5%), the client attempts to rebind by broadcasting to any available server if the original server is unavailable.

• Shorter leases: helpful for high-churn networks (guest Wi‑Fi, dense labs).
• Longer leases: reduces server load and churn on stable networks.

APIPA and self-assigned addresses (169.254.x.x

If a client can’t reach a DHCP server, many operating systems assign an APIPA (link-local) address in 169.254.x.x. This usually means Discover/Offer messages aren’t completing—because of physical connectivity, VLAN placement, relay issues, or filtering of UDP 67/68.

DHCP options: option 3 (router), option 6 (DNS), and other common options

Options are how DHCP delivers “everything besides the IP.” Wrong options often look like “I have an IP, but nothing works.”

Common DHCP options (quick reference

• Option 3 (Router): default gateway.
• Option 6 (DNS): DNS server list used for name resolution.
• Option 42 (NTP): time sources.
• Option 51: lease time.

Tip: validate whether options are set at the scope level, per-VLAN scope, or overridden per reservation—especially when troubleshooting “wrong DNS” or “wrong gateway.”

DHCP server components: scopes, reservations, and DHCP relay

Scopes and exclusions

A scope defines the IP pool for a subnet, including the start/end range and any excluded addresses. Scope design should align with your IP addressing and subnetting basics (mask size, expected host count, growth).

Reservations (reservation vs static

A reservation maps a device identifier (commonly MAC address) to a predictable IP while keeping centralized control on the DHCP server. This is often preferable to configuring static IPs directly on endpoints because leases, options, and auditing remain consistent.

DHCP relay/agent (cross-subnet DHCP

To serve clients on different VLANs/subnets, configure a relay on the Layer 3 gateway. Example on Cisco IOS:

interface Vlan10
 ip helper-address 10.0.0.5

• Confirm the relay points to the correct DHCP server IP.
• Allow UDP 67/68 across firewall/ACL boundaries.
• Verify the server uses relay (GIADDR) to select the correct scope.

Common DHCP troubleshooting scenarios and fixes

No IP address / APIPA (169.254.x.x

• Verify the physical link and the correct VLAN/SSID assignment.
• Check that the DHCP service is running and the scope has free addresses.
• If using a relay, verify ip helper-address and routing between relay and server.
• Confirm UDP 67/68 is not blocked (switch ACLs, firewall rules, security groups).

IP conflicts and duplicate addresses

Duplicates often come from overlapping scopes, stale static IPs, cloned VMs, or bad reservations. Fix by identifying the conflicting host (ARP table, switch MAC table), removing overlap, and clearing incorrect bindings in the lease database when appropriate.

Scope exhaustion

• Signs: new clients fail to lease; server shows 0 available addresses.
• Immediate fixes: expand the scope, add a new scope, reclaim stale leases, or temporarily reduce lease time.
• Long-term: redesign subnets/VLANs, forecast growth, and monitor utilization.

DHCP server unreachable or relay problems

Use commands and packet capture to confirm where the DORA process breaks:

# Windows
ipconfig /all
ipconfig /renew

# Linux
sudo dhclient -v eth0

# Cisco IOS
show ip dhcp binding
show running-config | include helper-address

# Capture DHCP
sudo tcpdump -n -i eth0 'port 67 or port 68'

If Discover leaves the client subnet but Offers never return, focus on relay configuration, routing, and return-path filtering.

Incorrect options or wrong reservations

• Wrong gateway: verify option 3 router at the correct scope/VLAN.
• Wrong DNS: verify option 6 DNS and confirm no per-reservation override.
• Reservation mismatch: confirm MAC/device identifier matches the endpoint.

Quick troubleshooting checklist

• Client has a valid IP/subnet mask (not APIPA) and correct default gateway.
• Scope has available addresses; no overlapping scopes.
• Relay configured for the VLAN; UDP 67/68 permitted end-to-end.
• Options (router/DNS) correct at the scope and not overridden unexpectedly.
• Packet capture shows a complete Discover → Offer → Request → ACK sequence.

Best practices and security considerations

• Set sane lease times: match lease duration to churn; avoid overly short leases on stable networks.
• Use reservations for infrastructure: printers, network appliances, monitoring targets, and services needing stable IPs.
• Document scopes and options: include option 3/6 values per VLAN and change control for edits.
• Monitor utilization: alert on low free addresses and unusual churn.
• Protect access-layer networks: enable DHCP snooping where available to reduce rogue DHCP risk.
• Log and audit: retain lease logs to speed incident response and troubleshooting.

Conclusion — DHCP explained: key takeaways and next steps

DHCP explained comes down to three operational ideas: DORA assigns an address, leases control time and reuse, and options (router/DNS) make the address usable. If you can validate scopes, relay paths, and the Discover/Offer/Request/ACK flow, you can solve most DHCP issues quickly and tie the behavior back to broader networking fundamentals like IP addressing and DNS.