How every device gets an IP without a human typing one — from DORA to HA failover.
DHCP is client-server. Right-side diagram shows the three roles (Client, Server, Relay Agent) — broadcast on UDP 67/68 connects them.
DHCP uses a four-step handshake (Discover, Offer, Request, Acknowledge) to assign an IP address. The right-side diagram shows all four messages between client and server.
A scope = range of IPs the server leases on one subnet. Components: address range, subnet mask, exclusions, lease duration. Best practice: exclude .1–.50 for infrastructure, 8-day lease for stable networks.
Reservations guarantee a specific IP for a device by MAC address. Use for printers, DHCP-only servers, IP-based ACLs, legacy devices.
Options provide additional configuration beyond IP addresses, such as DNS servers, gateways, and domain names.
| Option | Code | Description |
|---|---|---|
| Router (Default Gateway) | 003 | IP of the default gateway |
| DNS Servers | 006 | List of DNS server IPs |
| DNS Domain Name | 015 | Domain suffix for clients |
| WINS Servers | 044 | NetBIOS name servers (legacy) |
| NTP Servers | 042 | Time synchronization servers |
Configure the essential scope options so clients get DNS, gateway, and domain suffix.
Policies conditionally assign options by MAC, vendor class, or user class. Use cases: VLAN per device type · VoIP phones (specific TFTP) · guest devices · BYOD vs corp.
Order matters: first match wins, like firewall rules.
DHCP failover lets two servers share scope responsibility. Hot Standby = primary leads, secondary takes over on failure (branch/HQ). Load Balance = both serve 50/50 (same-site HA).
MCLT = how long a server can extend a lease past partner's knowledge. Default 1h. Longer = more resilient, slower failback.
DHCP can register client A + PTR records in DNS automatically. Modes: client-only (A), server-only (PTR), or Always (both).
Credential: use a dedicated service account for DDNS to avoid orphans on DHCP server change.
Common DHCP issues: APIPA (169.254.x.x), scope exhaustion, rogue server, wrong options, lease conflicts.
Diagnostic tools: ipconfig /all · /release + /renew · Event Viewer DHCP logs · DHCP audit logs · Wireshark DORA capture.
Check scope utilization, list active leases, search by MAC.
Superscope: groups scopes sharing one physical network (multi-subnet segment, gradual IP expansion, migrations).
Multicast Scopes (MADCAP): assigns multicast addresses (224.0.0.0–239.255.255.255) for streaming, conferencing, WDS deployment.
Practice via GUI Lab (scopes, reservations, failover) + PowerShell Lab (cmdlet scope mgmt, lease queries, options).