This chapter covers DHCP scopes, options, and reservations — critical topics for the N10-009 exam's Network Implementation domain (Objective 2.5). Understanding how DHCP operates, from scope creation to option assignment and reservation configuration, is essential for deploying and troubleshooting IP address management in enterprise networks. Expect 8-12% of exam questions to touch DHCP configuration, lease states, and common troubleshooting scenarios.
Jump to a section
Imagine a hotel with a front desk that assigns rooms to guests as they arrive. The hotel has a block of rooms (the DHCP scope) from 201 to 300. When a guest checks in (a device sends a DHCPDISCOVER), the front desk finds the next available room and gives the guest a keycard with the room number, a map (subnet mask), the front desk phone number (default gateway), and a list of hotel services (DNS server). The guest can stay for a certain number of nights (lease duration). If the guest wants to stay longer, they call the front desk before checkout to renew (DHCPREQUEST). If they don't, the room is cleaned and made available for the next guest. Some VIP guests always get the same room (reservation) based on their loyalty number (MAC address). The front desk can also give special amenities to rooms on certain floors (DHCP options like option 150 for TFTP server). If the hotel runs out of rooms, late guests are turned away (NAK). The front desk can also exclude certain rooms for maintenance (exclusion range).
What is DHCP and Why It Exists
Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP addresses and other network configuration parameters to devices. Defined in RFC 2131, DHCP eliminates manual configuration, reduces errors, and simplifies network management. The protocol operates on a client-server model using UDP ports 67 (server) and 68 (client).
DHCP Scope: The Address Pool
A DHCP scope is a contiguous range of IP addresses that the DHCP server can lease to clients. For example, a scope might be 192.168.1.100 to 192.168.1.200 with a subnet mask of 255.255.255.0. Scopes are defined per subnet and must match the subnet's network ID and mask. Each scope also includes: - Exclusion ranges: Addresses within the scope that are reserved for static assignment (e.g., servers, printers) and should not be leased dynamically. - Lease duration: The length of time a client can use an assigned IP before it must renew. Default is 8 days on Windows Server, but often reduced in production (e.g., 1 hour for Wi-Fi networks). - Subnet mask: Required to define the network boundary. - Default gateway: Usually option 3 (Router). - DNS servers: Usually option 6 (Domain Name Server).
DHCP Options: Customizing Client Configuration
DHCP options are additional parameters sent to clients beyond the IP address and subnet mask. Options are identified by a numeric code. Common options include: - Option 1: Subnet Mask (required) - Option 3: Router (default gateway) - Option 6: Domain Name Server (DNS) - Option 15: Domain Name - Option 43: Vendor-Specific Information (used by VoIP phones to find the call server) - Option 66: TFTP Server Name (used for PXE boot) - Option 150: TFTP Server IP (Cisco-specific for VoIP) - Option 121: Classless Static Routes
Options can be configured at different levels: - Server level: Applied to all scopes on the server. - Scope level: Applied to all clients in a specific scope. - Class level: Applied to clients matching a vendor class or user class. - Reservation level: Applied only to a specific reserved client.
Reservations: Fixed Address Assignment
A DHCP reservation ensures a specific device always receives the same IP address. The reservation ties the IP address to the client's MAC address. When the DHCP server receives a request from that MAC, it checks its reservations and assigns the reserved IP if available. Reservations are useful for devices that need a consistent IP but still benefit from DHCP management (e.g., printers, servers).
DHCP Lease Process (DORA)
The DHCP lease process involves four steps: 1. DHCPDISCOVER: Client broadcasts (UDP port 67, destination 255.255.255.255) to find a DHCP server. 2. DHCPOFFER: Server responds with an offered IP address and options (unicast to client's MAC, but often broadcast if client has no IP). 3. DHCPREQUEST: Client broadcasts (or unicasts if address known) to accept the offer. 4. DHCPACK: Server acknowledges and finalizes the lease.
Lease Renewal and States
Clients attempt to renew their lease at 50% of the lease duration (T1 timer). If successful, the lease is extended. If not, at 87.5% (T2 timer), the client broadcasts to any DHCP server for renewal. If the lease expires, the client must stop using the IP and restart the DORA process.
DHCP Relay Agent
When DHCP servers are on a different subnet than clients, a DHCP relay agent (usually configured on a router or switch) forwards DHCP broadcasts between subnets. The relay agent modifies the DHCP packet's gateway IP address (giaddr) field to indicate the client's subnet, allowing the server to assign an appropriate IP from the correct scope. Without a relay agent, DHCP broadcasts are limited to the local subnet.
Superscopes and Multiscopes
A superscope (Windows) or shared network (ISC DHCP) allows a DHCP server to serve multiple logical subnets on the same physical segment. This is useful for migrating address ranges or when running out of addresses in a scope. The server assigns addresses from all included scopes based on availability.
DHCP Options and Vendor Classes
Vendor class identifiers allow DHCP servers to assign different options based on the device type. For example, Cisco IP phones send vendor class ID "Cisco IP Phone" and can receive option 150 for TFTP server, while a Windows PC does not get that option.
DHCP Authorization and Security
In Active Directory environments, DHCP servers must be authorized to prevent rogue DHCP servers. Unauthorized servers that respond with incorrect options can cause network outages. DHCP snooping on switches is a security feature that filters DHCP messages and only allows trusted ports to send DHCPOFFER and DHCPACK messages.
Troubleshooting DHCP
Common issues include: - Scope exhaustion: No available addresses in the scope. Check lease usage and consider expanding the scope or reducing lease duration. - Duplicate IPs: Caused by overlapping scopes or static IPs within the scope. Use exclusion ranges. - Wrong options: Clients get incorrect gateway or DNS. Verify scope options and server-level options. - Reservation conflicts: A reserved IP is already leased to another device. Ensure the IP is not in the dynamic pool or use exclusion. - Relay agent misconfiguration: The giaddr field is missing or incorrect, causing the server to assign an IP from the wrong scope.
DHCPv6
DHCPv6 (RFC 3315) provides address assignment for IPv6. It uses UDP ports 546 (client) and 547 (server). DHCPv6 can operate in stateless (only options, no addresses) or stateful (addresses and options) mode. SLAAC (Stateless Address Autoconfiguration) can also assign IPv6 addresses without DHCP.
Key Commands
On Cisco IOS:
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp pool LAN_POOL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
lease 7On Windows Server (PowerShell):
Add-DhcpServerv4Scope -Name "LAN Scope" -StartRange 192.168.1.100 -EndRange 192.168.1.200 -SubnetMask 255.255.255.0
Set-DhcpServerv4OptionValue -ScopeId 192.168.1.0 -OptionId 3 -Value 192.168.1.1
Add-DhcpServerv4Reservation -ScopeId 192.168.1.0 -IPAddress 192.168.1.50 -ClientId "00-11-22-33-44-55" -Name "Printer"Interaction with Other Technologies
DHCP interacts with DNS (dynamic updates), IPAM (IP address management), and AAA (for network access control). DHCP snooping integrates with switch security to prevent rogue servers.
Client Sends DHCPDISCOVER
When a client device boots or its lease expires, it sends a DHCPDISCOVER broadcast packet to 255.255.255.255 from UDP source port 68, destination port 67. The packet contains the client's MAC address and optionally a requested IP from a previous lease. The broadcast is limited to the local subnet unless a DHCP relay agent is present. The client sets its own IP to 0.0.0.0 initially. A network engineer would see this as a broadcast frame in a packet capture with DHCP message type 1.
Server Responds with DHCPOFFER
Any DHCP server that receives the DISCOVER and has an available IP responds with a DHCPOFFER unicast to the client's MAC address (or broadcast if the client has no IP). The offer includes a proposed IP address, subnet mask, lease duration, server identifier, and any configured options (gateway, DNS). The server reserves the IP temporarily (typically 2 minutes) to prevent double assignment. In a packet capture, this is DHCP message type 2.
Client Sends DHCPREQUEST
The client selects one offer (usually the first received) and broadcasts a DHCPREQUEST message to all servers. This broadcast includes the server identifier of the chosen server. All other servers see this and release their reserved IP back to the pool. The request also includes any requested parameters (list of options the client wants). This is DHCP message type 3. The client may also include a requested IP address if renewing.
Server Acknowledges with DHCPACK
The chosen server sends a DHCPACK unicast to the client, confirming the lease. The ACK includes the final IP address, lease duration, and all options. The client then configures its network interface with the provided IP and options. The lease is now active. If the server cannot fulfill the request (e.g., the offered IP was taken), it sends a DHCPNAK (message type 6), forcing the client to restart the process.
Client Renews Lease at T1
At 50% of the lease duration (T1 timer, default 4 days for an 8-day lease), the client attempts to renew its lease by sending a unicast DHCPREQUEST directly to the server that granted the lease. The server responds with a DHCPACK, resetting the lease timer. If no response, the client continues to use the IP and tries again at T2 (87.5%). If renewal fails at T2, the client broadcasts to any server. If the lease expires, the client must stop using the IP and begin with DHCPDISCOVER.
Enterprise Scenario 1: Large Corporate Network with Multiple Subnets
A company with 50 VLANs across multiple buildings uses a centralized DHCP server cluster (e.g., Windows Server DHCP with failover). Each VLAN has a corresponding DHCP scope. DHCP relay agents are configured on the Layer 3 switches at each building to forward broadcasts to the DHCP server. The server uses superscopes to manage multiple subnets on the same VLAN during a migration from 10.0.0.0/16 to 172.16.0.0/16. Common issues include scope exhaustion during peak hours (e.g., Monday morning when many laptops boot up). The solution is to reduce lease duration from 8 days to 4 hours and increase the scope size. Reservations are used for network printers and servers to ensure consistent IPs while still allowing DHCP management.
Enterprise Scenario 2: VoIP Deployment with Option 150
A company deploys Cisco IP phones across the organization. Each phone needs to find the Cisco Call Manager (CUCM) server via TFTP. The DHCP server is configured with option 150 (TFTP server IP) at the scope level. Without option 150, phones fail to boot and display an error. The network engineer also uses vendor class identifiers: phones send vendor class ID "Cisco IP Phone" and the server assigns option 150 only to that class, avoiding confusion with PCs. Misconfiguration (e.g., using option 66 instead of 150) is a common pitfall. The engineer also sets up DHCP snooping on access switches to prevent rogue DHCP servers from offering false IPs.
Enterprise Scenario 3: Guest Wi-Fi with Short Leases
A hotel offers free Wi-Fi to guests. The DHCP scope is 10.0.0.0/22 (1022 usable addresses) with a lease duration of 1 hour. This prevents IP exhaustion when many guests check in and out. The DHCP server also assigns a DNS server that performs web filtering. Reservations are used for management devices (APs, controllers). The engineer monitors lease usage and sets up alerts when utilization reaches 80%. A misconfigured lease duration (e.g., 8 days) would quickly exhaust the pool. The network also uses DHCP relay agents because the DHCP server is in a different VLAN.
What N10-009 Tests on DHCP Scopes, Options, and Reservations (Objective 2.5)
The exam expects you to:
Identify the components of a DHCP scope: range, exclusions, lease duration, subnet mask, and default gateway.
Explain the purpose of DHCP options and know common option codes (3, 6, 15, 43, 66, 150).
Differentiate between a reservation and a static IP assignment.
Describe the DORA process and lease renewal timers (T1 at 50%, T2 at 87.5%).
Understand the role of a DHCP relay agent.
Troubleshoot common DHCP issues: scope exhaustion, duplicate IPs, wrong options, and rogue servers.
Common Wrong Answers and Why Candidates Choose Them
"A DHCP reservation assigns an IP address based on the device's hostname." – Candidates confuse reservations with DNS. Reservations use MAC address, not hostname.
"The DHCP server always sends offers as broadcasts." – Offers can be unicast if the client has an IP; initial offers are often broadcast in practice, but the protocol allows unicast.
"Lease renewal occurs at 87.5% of the lease duration." – That is T2, the rebinding state. T1 (50%) is the renewal state. The exam tests both timers.
"Option 66 is used for VoIP TFTP servers." – Option 66 is TFTP server name (hostname), but Cisco uses option 150 for TFTP server IP. Candidates often mix them up.
"A DHCP relay agent is only needed if the server is on a different VLAN." – Correct, but candidates think it's always needed; it's only needed when server and client are on different subnets.
Specific Numbers and Terms to Memorize
UDP ports: 67 (server), 68 (client)
DORA: Discover, Offer, Request, Acknowledge
T1: 50% of lease duration
T2: 87.5% of lease duration
Default lease on Windows Server: 8 days
Option 3: Router (default gateway)
Option 6: DNS server
Option 150: TFTP server IP (Cisco)
Reservation: based on MAC address
Exclusion range: addresses not leased dynamically
Edge Cases and Exceptions
If a client has a previously leased IP, it may skip DISCOVER and send a REQUEST directly (DHCPINFORM for stateless).
A DHCP server can be configured with multiple scopes for the same subnet to provide redundancy (split scope).
DHCPv6 uses different port numbers (546/547) and can operate in stateful or stateless mode.
Some devices (e.g., printers) ignore DHCP options and require manual configuration.
How to Eliminate Wrong Answers
If an answer mentions hostname for reservation, eliminate it.
If an answer says DHCP uses TCP, eliminate it (UDP only).
If an answer says the relay agent changes the client's IP, eliminate it (it sets giaddr, not client IP).
If an answer says option 150 is for DNS, eliminate it (it's for TFTP).
DHCP uses UDP ports 67 (server) and 68 (client).
The DORA process: Discover, Offer, Request, Acknowledge.
Lease renewal (T1) at 50% of lease duration; rebinding (T2) at 87.5%.
Default lease duration on Windows Server is 8 days.
A DHCP reservation ties an IP to a specific MAC address.
Common DHCP options: Option 3 (Router), Option 6 (DNS), Option 150 (TFTP server IP for Cisco VoIP).
A DHCP relay agent forwards broadcasts between subnets by setting the giaddr field.
Exclusion ranges prevent specific IPs from being dynamically leased.
DHCP snooping on switches filters unauthorized DHCP servers.
DHCPv6 uses ports 546/547 and can be stateful or stateless.
These come up on the exam all the time. Here's how to tell them apart.
DHCP Reservation
IP address is managed by DHCP server
Based on client MAC address
Easier to change IP centrally
IP is not available for dynamic leasing
Client still uses DHCP for other options
Static IP Assignment
IP address is manually configured on device
No dependency on DHCP server
IP is outside DHCP scope to avoid conflicts
Requires manual changes on each device
No DHCP lease renewal process
Mistake
A DHCP reservation assigns the same IP to any device that requests it.
Correct
A reservation ties a specific IP to a specific MAC address. Only the device with that MAC gets the reserved IP; other devices get dynamic addresses from the pool.
Mistake
DHCP uses TCP for reliable delivery.
Correct
DHCP uses UDP (ports 67 and 68). Reliability is handled by the client retransmitting if no response is received.
Mistake
The DHCP server always responds to a DISCOVER with a broadcast.
Correct
The server can unicast the offer if the client's IP is known (e.g., during renewal). However, initial DISCOVER often results in broadcast offers because the client has no IP.
Mistake
Lease renewal always happens at 87.5% of the lease duration.
Correct
Renewal (T1) occurs at 50%. Rebinding (T2) occurs at 87.5% if renewal fails. Both timers are tested on the exam.
Mistake
Option 66 and option 150 both provide TFTP server IP addresses.
Correct
Option 66 provides a TFTP server hostname (string), while option 150 provides a TFTP server IP address (used by Cisco VoIP). They are not interchangeable.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
A DHCP reservation assigns a specific IP to a device based on its MAC address, but the device still obtains the IP via DHCP and receives other options (gateway, DNS). A static IP is manually configured on the device and does not involve DHCP. Reservations are easier to manage centrally and ensure consistency, while static IPs are independent of the DHCP server.
A DHCP relay agent forwards DHCP broadcast messages between subnets. When a client broadcasts a DHCPDISCOVER, the relay agent (typically a router or Layer 3 switch) receives it, inserts its own IP address into the giaddr field, and unicasts the message to the DHCP server. The server uses the giaddr to determine which scope to assign an IP from. The relay agent then forwards the server's response back to the client.
T1 is the renewal timer at 50% of the lease duration. At T1, the client attempts to renew its lease by sending a unicast DHCPREQUEST to the server. T2 is the rebinding timer at 87.5% of the lease duration. If renewal fails at T1, the client waits until T2 and then broadcasts a DHCPREQUEST to any server. If both fail, the lease expires and the client must start the DORA process.
Open DHCP Manager, expand the scope, right-click 'Reservations', and select 'New Reservation'. Enter a name, the IP address to reserve, the client's MAC address (in format xx-xx-xx-xx-xx-xx), and select 'Both' for DHCP and BOOTP. Click Add. Alternatively, use PowerShell: Add-DhcpServerv4Reservation -ScopeId 192.168.1.0 -IPAddress 192.168.1.50 -ClientId "00-11-22-33-44-55" -Name "Printer".
Option 66 (TFTP Server Name) provides a hostname for the TFTP server, used for PXE boot. Option 150 (TFTP Server IP) provides an IP address for the TFTP server, commonly used by Cisco IP phones to find the call manager. They are not interchangeable; option 150 is a Cisco-specific option.
When a DHCP scope is exhausted, the server cannot assign new IP addresses. Clients that attempt to obtain an IP will not receive a DHCPACK; they may use Automatic Private IP Addressing (APIPA) to assign themselves an IP in the 169.254.0.0/16 range. Network engineers should monitor lease usage and either expand the scope, reduce lease duration, or add additional scopes.
No, DHCP broadcasts are limited to the local subnet. Without a relay agent, a DHCP server on a different subnet will not receive the client's DISCOVER message. A relay agent or DHCP helper address must be configured on the router to forward the broadcast to the server.
You've just covered DHCP Scopes, Options, and Reservations — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?