DHCP, DHCPv6, SLAAC, Scopes, Leases, and Relay
Key Takeaways
- DHCP automatically hands IPv4 clients an address plus options such as default gateway, DNS servers, and NTP via the DORA exchange.
- A scope defines the address pool, exclusions, reservations, lease time, and options for one subnet.
- DHCP Discover is a broadcast that does not cross routers, so a DHCP relay (IP helper) is required to reach a centralized server on another subnet.
- IPv6 clients use SLAAC, stateless DHCPv6, or stateful DHCPv6 depending on the M and O flags in router advertisements.
- APIPA 169.254.x.x means the client got no DHCP reply: suspect a missing relay, an exhausted scope, or an unreachable server.
IPv4 DHCP and the DORA Exchange
Dynamic Host Configuration Protocol (DHCP) removes manual addressing and prevents duplicate-IP errors, but its scopes must match every subnet, VLAN, gateway, and DNS design. The IPv4 lease handshake is DORA, and DHCP uses UDP port 67 on the server and UDP port 68 on the client.
| Step | Message | What happens |
|---|---|---|
| Discover | Client broadcast | Client looks for any DHCP server |
| Offer | Server unicast/broadcast | Server proposes an address and options |
| Request | Client broadcast | Client formally requests the offered lease |
| Acknowledge | Server | Server confirms; lease timer starts |
Common options pushed in the offer include the subnet mask, default gateway, DNS servers, domain search suffix, NTP servers, and vendor or voice-VLAN options. If clients get a valid address but cannot leave the subnet, suspect the default-gateway option; if they reach IPs but not names, suspect the DNS option.
Scopes, Leases, Reservations, and Exclusions
| Term | Meaning |
|---|---|
| Scope | The address range and options served to one subnet |
| Lease | A time-limited assignment of an address to a client |
| Exclusion | An address carved out of the pool so DHCP never hands it out |
| Reservation | A specific address tied to a client's MAC or client-ID |
| Option | Extra config such as router (3), DNS (6), NTP (42) |
Use a reservation when a device must keep a predictable address yet stay centrally managed - for example a network printer or a server you patch via DHCP. Use an exclusion to protect addresses you assign statically, such as router interfaces and switches, so the pool never collides with them. A device that renews into a different address every lease is a sign its reservation is missing or its MAC changed (random MAC on modern phones is a common culprit).
Leases move through clear timers you should recognize. At T1 (50% of the lease) the client unicasts a renewal to its own server; at T2 (87.5%) it broadcasts to any server if the original has not answered; at 100% the lease expires and the client must start over with Discover. This is why a server outage does not drop every client at once - existing clients keep their addresses until their individual leases age out, but new clients and renewals fail. Recognizing that pattern tells you the server has been down for a while rather than a network path being broken right now.
Scope exhaustion produces the opposite signature: existing clients are fine, but the next new device gets APIPA because there is no free address left to hand out.
DHCP Relay and IPv6 Assignment
Because a DHCP Discover is a Layer 2/Layer 3 broadcast, it dies at the first router. A DHCP relay agent (configured as an ip helper-address on the SVI or routed interface) rewrites the broadcast into a unicast aimed at the central server and inserts the gateway address so the server picks the right scope.
| Symptom | Likely cause |
|---|---|
| One VLAN gets leases, another does not | Missing relay or no matching scope |
| Clients pull an address from the wrong subnet | Relay points to wrong scope, or VLAN/SVI mismatch |
| Clients self-assign 169.254.x.x (APIPA) | Server unreachable, relay missing, or scope exhausted |
| Only brand-new clients fail | Scope exhaustion or a reservation/exclusion gap |
IPv6: SLAAC vs DHCPv6
IPv6 hosts learn addressing from router advertisements (RAs) plus Neighbor Discovery. The RA's M (managed) and O (other) flags decide the method:
| Method | M/O flags | Address from | Options from |
|---|---|---|---|
| SLAAC | M=0, O=0 | Client builds it from the RA prefix + interface ID | RA (and RDNSS for DNS) |
| Stateless DHCPv6 | M=0, O=1 | SLAAC builds the address | DHCPv6 supplies DNS and other options |
| Stateful DHCPv6 | M=1 | DHCPv6 server assigns the address | DHCPv6 supplies options |
SLAAC does not use DORA, and DHCPv6 uses UDP 546/547 - entirely separate from IPv4's 67/68.
Lease Planning and a PBQ Scenario
Match lease length to how long clients stay:
| Environment | Lease approach |
|---|---|
| Guest Wi-Fi, high churn | Short lease (hours) so addresses recycle quickly |
| Stable office desktops | Long lease (8 days is the Windows default) to cut traffic |
| Small pool, many transient devices | Short lease plus active scope monitoring |
| Critical infrastructure | Static addressing or documented DHCP reservations |
Too-short leases flood the server with renewals; too-long leases strand addresses after clients leave.
PBQ-style DHCP scenario
Facts: VLAN 10 users get valid leases; VLAN 20 users get 169.254.x.x; the DHCP server lives in the data center on VLAN 10; VLAN 20 was created today on a Layer 3 switch. Best checks: (1) confirm VLAN 20 has an SVI with a correct IP, (2) add a DHCP relay/ip-helper on the VLAN 20 interface pointing to the server, (3) create or verify the VLAN 20 scope, (4) confirm any firewall between switch and server permits UDP 67/68, (5) renew a client and validate address, mask, gateway, and DNS. The tell is that DHCP works in one subnet but not another - relay, scope, VLAN, or firewall path, not a dead DHCP service.
Clients in a newly built VLAN receive APIPA 169.254.x.x addresses while an existing VLAN gets normal leases. What is the most likely missing configuration?
A router advertisement is sent with the M (managed) flag set to 1. How will compliant IPv6 hosts obtain their address?
Which two items are typical components of a DHCP scope?