Imagine every device in your network needing a unique IP address — configuring each manually on hundreds of PCs, printers, and phones would be a nightmare. DHCP (Dynamic Host Configuration Protocol) automates this, assigning IP addresses, subnet masks, default gateways, and DNS servers automatically. On the CCNA 200-301 exam, DHCP is a core IP Services topic (objective 4.3) tested for configuration, verification, and troubleshooting on Cisco routers and switches. Master it to save time in the exam and in real networks.
Jump to a section
Think of a large hotel with hundreds of guests arriving and departing daily. Each guest needs a room key (IP address) and a welcome packet with hotel info (subnet mask, default gateway, DNS server). The hotel has a limited number of rooms (IP addresses in a subnet). When a guest arrives, they go to the front desk (DHCP server) and request a room. The front desk clerk checks if any rooms are available, picks one, and gives the guest a key and welcome packet (DHCPOFFER). The guest accepts the room (DHCPREQUEST), and the clerk confirms the assignment (DHCPACK). The guest can stay for a limited time (lease duration). If the guest wants to stay longer, they can renew their stay before checkout (lease renewal). When a guest leaves, they return the key (DHCPRELEASE), and the room becomes available for the next guest. Just like a hotel, the front desk must keep track of which rooms are occupied and for how long. If the front desk runs out of rooms, new guests are turned away (DHCPNAK). The hotel also has a policy for guests who don't check out — their key expires, and the room is freed (lease expiration). This analogy mirrors DHCP's discover, offer, request, and acknowledge (DORA) process, lease times, renewal, and release.
What is DHCP and Why Exists?
DHCP (Dynamic Host Configuration Protocol) is a client-server protocol that automates the assignment of IP addresses and other network configuration parameters to devices on an IP network. Without DHCP, a network administrator would have to manually configure every device with a static IP address, subnet mask, default gateway, DNS server, and other settings. This is impractical for networks with more than a few devices, especially when devices frequently connect and disconnect (e.g., guest Wi-Fi, BYOD). DHCP solves this by centralizing IP address management, reducing configuration errors, and reclaiming addresses when devices leave the network.
DHCP is defined in RFC 2131 and uses UDP ports 67 (server) and 68 (client). It supports three address allocation methods: - Dynamic Allocation: The server assigns an IP address from a pool for a limited time (lease). Most common. - Automatic Allocation: The server permanently assigns an IP address to a client. Rare. - Static Allocation: The server assigns a specific IP address based on the client's MAC address (DHCP reservation).
How DHCP Works: The DORA Process
DHCP uses a four-step process called DORA (Discover, Offer, Request, Acknowledge). The client broadcasts to find a DHCP server, and the server responds with an offer. The client then requests the offered address, and the server acknowledges and binds the address.
Step 1: DHCPDISCOVER - The client sends a broadcast UDP packet to destination IP 255.255.255.255 (local broadcast) from source IP 0.0.0.0 (since it has no IP yet). - Source MAC: client's MAC. Destination MAC: FF:FF:FF:FF:FF:FF. - The packet includes the client's MAC address and optionally a requested IP address (if renewing). - If the client and server are on different subnets, a DHCP relay agent (usually a router) forwards the broadcast as a unicast to the server.
Step 2: DHCPOFFER - The DHCP server responds with a unicast or broadcast packet (depending on the 'broadcast' flag in the discover). - The offer includes an available IP address, subnet mask, default gateway, DNS server, lease duration, and server identifier. - If multiple servers respond, the client typically accepts the first offer.
Step 3: DHCPREQUEST - The client broadcasts a DHCPREQUEST packet to inform all servers which offer it accepted. This is a broadcast so that other servers know their offers were declined. - The packet includes the server identifier of the chosen server.
Step 4: DHCPACK - The chosen server sends a DHCPACK packet confirming the lease. The client can now use the IP address. - If the server cannot honor the request (e.g., address already taken), it sends a DHCPNAK.
DHCP Lease Lifecycle and Timers
A DHCP lease has a finite duration (default on Cisco routers: 1 day, configurable). The client goes through several states: - Initializing: Client has no IP, sends DHCPDISCOVER. - Selecting: Client received offers, sends DHCPREQUEST. - Requesting: Client waits for DHCPACK. - Bound: Client has a valid IP and can use it. - Renewing: After 50% of lease time (T1), the client tries to renew the lease by sending a unicast DHCPREQUEST directly to the server. If successful, the lease timer resets. - Rebinding: If renewal fails at 87.5% of lease time (T2), the client broadcasts a DHCPREQUEST to any server. If any server responds with DHCPACK, the lease extends. - Expired: If no response by lease end, the client must stop using the IP and go back to INIT state.
Default timers on Cisco IOS DHCP server:
Lease duration: 86400 seconds (1 day)
T1 (renewal): 43200 seconds (50%)
T2 (rebind): 75600 seconds (87.5%)
DHCP Relay Agent
When a DHCP client and server are on different subnets, broadcasts won't cross routers. The router interface facing the client must be configured as a DHCP relay agent using the ip helper-address command. The relay agent receives the client's broadcast, changes the source IP to its own interface IP, and unicasts the packet to the DHCP server. The server's response is unicast back to the relay agent, which then forwards it to the client. This is essential for centralized DHCP servers.
IOS DHCP Server Configuration
On a Cisco router, you can configure the router to act as a DHCP server.
! Exclude static addresses from the pool
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
! Create a DHCP pool
ip dhcp pool LAN_POOL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
lease 7
!
! Verify
show ip dhcp binding
show ip dhcp pool
show ip dhcp server statisticsVerification Commands and Output
Router# show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address
192.168.1.11 0063.6973.636f.2d63. Feb 28 2025 12:00 PM Automatic
6363.2d30.3031.302e.
6130.3030.2d30.3030.
30
Router# show ip dhcp pool LAN_POOL
Pool LAN_POOL :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 1
Pending event : none
1 subnet is currently in the pool
Current index IP address range Leased/available
192.168.1.11 192.168.1.1 - 192.168.1.254 1/253
Router# show ip dhcp server statistics
Memory usage : 29564
Address conflicts : 0
Rate limit : 0
DHCPDISCOVER : 1
DHCPOFFER : 1
DHCPREQUEST : 1
DHCPDECLINE : 0
DHCPACK : 1
DHCPNAK : 0
DHCPRELEASE : 0
DHCPINFORM : 0DHCP and Related Protocols
ARP: Before using an offered IP, the client may send a gratuitous ARP to check for conflicts. If a conflict is detected, the client sends a DHCPDECLINE.
DNS: DHCP can provide DNS server addresses. The client can then resolve hostnames.
NTP: DHCP can provide NTP server addresses for time synchronization.
DHCP Snooping: A security feature on switches that filters untrusted DHCP messages to prevent rogue DHCP servers (exam topic 4.4).
Configure DHCP Excluded Addresses
Before creating a DHCP pool, exclude any IP addresses that should not be dynamically assigned (e.g., router interfaces, servers, printers). Use the global configuration command `ip dhcp excluded-address LOW_ADDRESS HIGH_ADDRESS`. For example, `ip dhcp excluded-address 192.168.1.1 192.168.1.10` reserves the first 10 addresses for static use. This prevents the DHCP server from handing out addresses already in use. If you forget this step, you may get IP address conflicts.
Create DHCP Pool and Define Network
Use `ip dhcp pool POOL_NAME` to enter DHCP pool configuration mode. Then specify the subnet using `network NETWORK MASK`. For example, `network 192.168.1.0 255.255.255.0` defines the pool of addresses from 192.168.1.1 to 192.168.1.254 (excluding any excluded addresses). The router will automatically assign addresses from this range. You must also configure at least a default router (gateway) using `default-router IP_ADDRESS` so clients know how to reach other networks.
Configure Optional DHCP Parameters
Within the DHCP pool, you can set other options like DNS servers, domain name, lease duration, and more. Common commands: `dns-server IP1 IP2` (up to 8), `domain-name example.com`, `lease DAYS HOURS MINUTES` (default 1 day). For example, `lease 7` sets a 7-day lease. These parameters are sent to clients in the DHCPACK. Missing DNS servers mean clients cannot resolve domain names unless manually configured.
Configure DHCP Relay Agent (if needed)
If the DHCP server is on a different subnet than the clients, configure the router interface facing the clients with `ip helper-address DHCP_SERVER_IP`. This command enables DHCP relay on that interface. The router will intercept DHCP broadcasts and forward them as unicasts to the specified server. Without this, clients on remote subnets cannot get IP addresses. Verify with `show ip interface INTERFACE | include Helper`.
Verify DHCP Operation
Use `show ip dhcp binding` to see active leases (IP, MAC, lease expiration). Use `show ip dhcp pool POOL_NAME` to see pool utilization. Use `show ip dhcp server statistics` to see message counts (DISCOVER, OFFER, etc.). If clients are not getting addresses, check that the pool has available addresses and that the relay is working. Also check for conflicts with `show ip dhcp conflict`.
Troubleshoot DHCP Issues
Common issues: No DHCP server reachable, pool exhausted, excluded addresses overlap, relay misconfiguration. Use `debug ip dhcp server events` to see real-time DHCP messages (use with caution in production). On the client, check if it received an APIPA address (169.254.x.x) — that indicates DHCP failure. On Cisco switches, ensure DHCP snooping is not blocking legitimate messages (if configured). Verify that the VLAN interface has an IP address and is up.
In enterprise networks, DHCP is indispensable. Consider a large office with 500 employees, each with a laptop and a desk phone. Manually assigning IPs would be impossible. Instead, a centralized DHCP server (often a Windows Server or a Cisco router) serves all subnets via DHCP relay. The network engineer configures VLANs (e.g., VLAN 10 for data, VLAN 20 for voice) and each VLAN interface has ip helper-address pointing to the DHCP server. The server has scopes for each subnet. This allows seamless IP management across the entire campus.
Another scenario: Guest Wi-Fi. Guests receive IPs from a separate DHCP pool with limited access (e.g., only internet, no internal resources). The DHCP server assigns short leases (e.g., 2 hours) to reclaim addresses quickly when guests leave. The network engineer also configures DHCP options like DNS server (for captive portal) and maybe a WINS server.
Performance considerations: A single DHCP server can handle thousands of clients, but redundancy is critical. Use two servers with split scopes (each covers 50% of addresses) or a failover protocol (e.g., DHCP failover in Windows). On Cisco routers, you can configure multiple pools but be mindful of CPU usage during heavy lease activity.
Misconfiguration consequences: If the pool is too small, clients fail to get IPs and use APIPA (169.254.x.x), causing connectivity loss. If excluded addresses are not set, the router's own interface IP might be handed out, causing a conflict and knocking the router offline. If the relay is misconfigured (wrong IP or missing), remote clients cannot get IPs. Always test with a client and verify bindings.
On the CCNA 200-301 exam, DHCP is tested under IP Services (4.3). You must know how to configure a Cisco router as a DHCP server and DHCP relay agent. Expect scenario-based questions where you choose the correct configuration commands or troubleshoot why a client isn't getting an IP.
Common wrong answers:
1. Using `ip dhcp pool` without `network`: Candidates forget to specify the subnet, so the pool has no addresses. The correct sequence is ip dhcp pool NAME then network NETWORK MASK.
2. Confusing `ip helper-address` with `ip dhcp relay`: There is no ip dhcp relay command. The correct command is ip helper-address on the interface. Some candidates think it's a global command.
3. Thinking DHCPOFFER is unicast always: Actually, the server can send unicast or broadcast depending on the 'broadcast' flag in the discover. The exam may ask about this flag.
4. Mixing up T1 and T2 timers: T1 is 50% (renewal unicast), T2 is 87.5% (rebind broadcast). Candidates often reverse them.
Specific values to memorize:
Default lease: 1 day (86400 seconds)
T1: 50% of lease (43200 seconds)
T2: 87.5% of lease (75600 seconds)
UDP ports: 67 (server), 68 (client)
DHCP message types: DISCOVER (1), OFFER (2), REQUEST (3), ACK (5), NAK (6), RELEASE (7), DECLINE (4), INFORM (8)
Calculation traps: If a lease is 8 days, T1 is 4 days, T2 is 7 days. If a lease is 10 hours, T1 is 5 hours, T2 is 8.75 hours.
Decision rule: For scenario questions, first identify if the client and server are on the same subnet. If yes, no relay needed. If no, the router needs ip helper-address. Then check if the pool has addresses and if exclusions are correct. Always verify with show ip dhcp binding.
DHCP uses DORA: Discover (broadcast), Offer (unicast/broadcast), Request (broadcast), Acknowledge (unicast/broadcast).
Default lease time on Cisco IOS DHCP server is 1 day (86400 seconds).
T1 (renewal) occurs at 50% of lease; T2 (rebind) at 87.5%.
DHCP relay is configured with `ip helper-address SERVER_IP` on the interface facing clients.
Exclude static addresses with `ip dhcp excluded-address LOW HIGH` before creating the pool.
Verify with `show ip dhcp binding`, `show ip dhcp pool`, and `show ip dhcp server statistics`.
DHCP uses UDP ports 67 (server) and 68 (client).
These come up on the exam all the time. Here's how to tell them apart.
DHCP (Dynamic Host Configuration Protocol)
Automatically assigns IP addresses from a pool.
Reduces manual configuration errors.
Reclaims addresses when devices leave (lease expiry).
Requires a DHCP server and relay (if needed).
Lease duration can be configured (default 1 day).
Static IP Addressing
IP address manually configured on each device.
Prone to typos and duplicate IPs.
Addresses are permanently assigned until changed.
No server required; works immediately.
No lease concept; address is permanent until changed.
Mistake
DHCPOFFER is always a unicast packet.
Correct
The DHCPOFFER can be unicast or broadcast depending on the 'broadcast' flag set in the DHCPDISCOVER. If the flag is 1, the server broadcasts the offer; if 0, it unicasts.
Candidates assume unicast because the server knows the client's MAC, but the client may not have an IP yet, so broadcast is sometimes used.
Mistake
The `ip helper-address` command is configured globally on the router.
Correct
The `ip helper-address` command is configured on the interface that receives DHCP broadcasts from clients, not globally.
Candidates confuse it with other global helper commands like `ip dhcp relay` (which doesn't exist).
Mistake
A DHCP client sends a DHCPREQUEST directly to the server during the initial DORA process.
Correct
The DHCPREQUEST in step 3 is broadcast so that all servers know which offer was accepted.
Candidates think it's unicast because the client knows the server's IP from the offer, but the broadcast is necessary for other servers to reclaim their offered IPs.
Mistake
DHCP lease renewal always uses a broadcast.
Correct
At T1 (50%), the client unicasts the DHCPREQUEST directly to the server. Only at T2 (87.5%) does it broadcast.
Candidates confuse the initial request (broadcast) with renewal (unicast at T1).
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Renewal (T1 at 50% of lease) is when the client unicasts a DHCPREQUEST directly to the server that granted the lease. If the server responds with DHCPACK, the lease is extended. Rebinding (T2 at 87.5%) occurs if renewal fails; the client broadcasts a DHCPREQUEST to any DHCP server. If any server responds, the lease extends. If both fail, the lease expires at 100%.
During the initial DORA, the client broadcasts the DHCPREQUEST so that all DHCP servers that sent offers know which offer was accepted. This allows other servers to reclaim the offered IP address for other clients. If it were unicast only to the chosen server, other servers would keep the IP reserved until the offer timer expires.
The default lease time is 1 day (86400 seconds). You can change it with the `lease` command in DHCP pool configuration mode. For example, `lease 0 12` sets 12 hours, `lease 7` sets 7 days.
Enter interface configuration mode for the interface that receives DHCP broadcasts from clients (e.g., `interface GigabitEthernet0/1`), then use `ip helper-address DHCP_SERVER_IP`. The router will forward DHCP broadcasts as unicasts to the server. You can specify multiple helper addresses for redundancy.
It prevents the DHCP server from assigning certain IP addresses to clients. These are typically used for static devices like routers, servers, printers. For example, `ip dhcp excluded-address 192.168.1.1 192.168.1.10` reserves the first 10 addresses. Without this, the server might assign an address already in use, causing a conflict.
On the router, use `show ip dhcp binding` to see all active leases. On the client, use `ipconfig /all` (Windows) or `ifconfig` (Linux/Mac) to see the assigned IP, subnet mask, default gateway, and DNS servers. Also check for APIPA address (169.254.x.x) which indicates DHCP failure.
DHCP snooping is a security feature on Cisco switches that filters DHCP messages to prevent rogue DHCP servers. It trusts only ports connected to legitimate DHCP servers (trusted ports) and drops DHCPOFFER/ACK from other ports (untrusted). If a client is not getting an IP, check if DHCP snooping is enabled and if the server port is configured as trusted.
You've just covered DHCP Process — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?