What is DHCP?
Dynamic Host Configuration Protocol (DHCP) is a network protocol that automatically assigns IP addresses and essential configuration parameters to devices the moment they connect to a network. When a device joins, it sends out a request; the DHCP server responds within milliseconds with everything that device needs to communicate. No manual intervention, no configuration files, no room for human error.
Beyond IP addresses, DHCP also assigns subnet masks, default gateways, DNS server addresses, and other network parameters — all packaged together in a single automated exchange. DHCP remains the backbone of IP address management in virtually every modern network, from small office environments to enterprise infrastructures managing tens of thousands of endpoints. It was originally defined in RFC 2131 as an enhancement of the older BOOTP protocol.
What does DHCP stand for?
DHCP stands for Dynamic Host Configuration Protocol. "Dynamic" refers to how IP addresses are assigned automatically and temporarily, rather than being fixed manually to each device. "Host Configuration" refers to the full set of network parameters — not just the IP address — that DHCP provides to each device. "Protocol" refers to the standardized set of rules that govern how this exchange happens between a client device and a DHCP server.
Why is DHCP important?
DHCP makes network management scalable. Without it, every device that joins a network requires manual configuration — slow, error-prone, and unworkable at enterprise scale. DHCP automates this, allowing thousands of devices to connect, disconnect, and reconnect without administrator involvement.
Reduced overhead
Devices are ready to communicate the moment they connect — no manual setup required.
Optimized IP utilization
Addresses are leased temporarily and reclaimed when devices leave — preventing exhaustion.
Seamless mobility
Users move between floors, offices, or VLANs and DHCP issues new configuration automatically.
These benefits become especially significant as networks grow. The rise of BYOD policies, IoT devices, remote work, and 5G has dramatically increased the number of endpoints organizations must manage. DHCP is the foundational protocol that makes this growth manageable.
How DHCP works — the DORA process
When a device connects, it has no IP address and no way to communicate with a specific server. DHCP solves this through a four-step process known as DORA: Discover, Offer, Request, and Acknowledge. The entire exchange typically completes in under a second.
1. Discover
The client broadcasts a DHCPDISCOVER message to
255.255.255.255to locate any available DHCP server on the local segment. The message includes the client's MAC address.2. Offer
Any available DHCP server replies with a DHCPOFFER containing a proposed IP address, lease duration, subnet mask, gateway, and DNS servers.
3. Request
The client broadcasts a DHCPREQUEST accepting one offer, simultaneously notifying other servers that their offers were not selected so they can return those addresses to their pools.
4. Acknowledge
The selected server sends a DHCPACK confirming the lease. The client configures its network interface and begins communicating.
What ports does DHCP use? DHCP uses two UDP ports — the server listens on UDP 67 and the client receives responses on UDP 68. These port numbers are defined in RFC 2131 and have remained unchanged since the protocol was introduced.
The DHCP relay agent
In networks with multiple subnets, a DHCP relay agent (also called a DHCP relay) plays a crucial role. Because DHCP discovery messages are broadcast-based, they cannot cross subnet boundaries on their own. A relay agent sits at the network layer and forwards DHCP messages between clients on remote subnets and a centralized DHCP server — allowing a single server to serve a multi-subnet enterprise network without deploying a separate DHCP server on every segment.
Static vs. dynamic IP addresses
| Static IP | Dynamic IP (DHCP) | |
|---|---|---|
| Assignment | Manually configured by admin | Automatically assigned by DHCP server |
| Permanence | Fixed, never changes | Temporary, renewed after lease expires |
| IP exhaustion risk | High — address held even when device is offline | Low — address reclaimed after lease expires |
| Best for | Servers, printers, routers, critical infrastructure | End-user devices, laptops, phones, guests |
| Scalability | Poor for large networks | Scales easily to thousands of devices |
DHCP reservations: the best of both worlds
For devices that need a consistent IP address but should still be managed through DHCP — such as network printers, IP phones, or surveillance cameras — DHCP reservations provide an elegant middle ground. A reservation maps a specific IP address to a device's MAC address, ensuring that device always receives the same IP when it connects, while keeping the address within the DHCP management system rather than requiring manual static configuration.
Unlike static IP configuration, reservations are managed centrally on the DHCP server. The device's address is documented, visible in lease logs, and can be updated without ever touching the device itself.
DHCP lease management
A DHCP lease is the time-limited assignment of an IP address to a client device. Every lease has a duration — commonly 24 hours for end-user devices, though it can be configured shorter or longer depending on network requirements.
When a lease reaches its halfway point (T1), the client attempts to renew directly with its assigned server. If that fails and the lease reaches 87.5% (T2), the client broadcasts a renewal request to any available DHCP server. If the lease expires entirely without renewal, the client must begin the DORA process again from scratch.
DHCPACK received, IP assigned
Client renews with original server
Client asks any available server
Address reclaimed, restart DORA
DHCPv4 vs. DHCPv6
DHCPv4
Uses 32-bit addresses in the familiar dotted-decimal format (e.g. 192.168.1.100). Defined in RFC 2131. The dominant protocol for client configuration on most enterprise networks today.
DHCPv6
Defined in RFC 8415. Serves the same function for IPv6, which uses 128-bit addresses. Operates in stateful mode (assigning specific addresses) or stateless mode (providing parameters while the device self-assigns via SLAAC). Most enterprises run dual-stack.
DHCP security
Rogue DHCP servers
A rogue DHCP server is an unauthorized DHCP server operating on a network — set up maliciously by an attacker or accidentally by an employee connecting a misconfigured device such as a home router. If it responds faster than the legitimate server, it can route traffic through an attacker-controlled gateway, provide a malicious DNS server, or enable a man-in-the-middle attack.
DHCP starvation attacks
A starvation attack floods a DHCP server with DISCOVER requests using spoofed MAC addresses until the address pool is exhausted. Legitimate devices are then unable to obtain IPs. Attackers often follow a starvation attack by standing up a rogue server to serve the now-unresponsive network.
DHCP snooping
DHCP snooping is a switch security feature that classifies each port as trusted (legitimate DHCP servers and uplinks) or untrusted (end-device ports). Server responses arriving on untrusted ports are dropped, and DISCOVER messages on untrusted ports are rate-limited — neutralizing both rogue server and starvation attacks.
Best practices
Separate DHCP from DC
Running DHCP on a domain controller increases blast radius. Use dedicated DHCP servers.
Implement failover
Configure primary and secondary servers in a failover pair to maintain availability.
Monitor lease logs
Review history regularly — devices cycling through many IPs may signal a starvation attack.
Fingerprinting for NAC
Combine DHCP fingerprinting with NAC policies to enforce device-type rules automatically.
DHCP in the enterprise
For small networks, DHCP is a convenience. For enterprise networks, it is an operational necessity — and increasingly, a strategic lever for network security and compliance.
The proliferation of BYOD, IoT, and 5G has multiplied endpoints. DHCP, working alongside Dynamic DNS (DDNS), is the mechanism that makes this scale manageable. DHCP assigns and reclaims addresses dynamically; DDNS keeps DNS records accurate even as IP assignments change.
For enterprises managing hundreds of scopes across multiple sites and VLANs, manual DHCP administration becomes its own problem. Integrated DDI (DNS, DHCP, and IP address management) platforms provide a single management plane with real-time visibility into every lease, scope, and device on the network.
Frequently asked questions
A DHCP server is a network server that automatically assigns IP addresses and configuration parameters to devices on a network. It maintains a pool of available IP addresses, issues leases to connecting clients, tracks active assignments, and reclaims addresses when leases expire. DHCP servers can be dedicated physical or virtual appliances, software running on a network device, or a service within an integrated DDI management platform.
DHCP is important because it automates IP address assignment across a network, eliminating the need for manual configuration of each device. Without DHCP, every device would need to be individually configured with a static IP address, subnet mask, gateway, and DNS settings — a process that is unscalable and error-prone on any network with more than a handful of devices. DHCP also improves IP address efficiency by reclaiming addresses from devices that disconnect, preventing exhaustion.
The DORA process is the four-step sequence by which a DHCP client obtains an IP address from a DHCP server. DORA stands for Discover (client broadcasts a request), Offer (server responds with an available address), Request (client accepts the offer), and Acknowledge (server confirms the assignment). The entire process typically completes in under a second and is initiated automatically each time a device connects to a network.
A DHCP lease is the time-limited assignment of an IP address to a client device. Every lease has a configured duration, commonly 24 hours, after which the client must renew the lease or the address is returned to the available pool. Lease management is a critical aspect of network administration because it directly affects IP address availability, network documentation accuracy, and security audit capability.
A DHCP scope is the defined range of IP addresses that a DHCP server can assign within a specific subnet, along with associated configuration parameters such as subnet mask, default gateway, DNS servers, and lease duration. Each subnet in a network typically has its own scope. Administrators can define exclusion ranges within a scope to reserve specific addresses for static assignment, and can configure scope-level options that override server defaults for devices on that subnet.
A rogue DHCP server is an unauthorized DHCP server operating on a network, either deployed maliciously by an attacker or accidentally introduced by a misconfigured device such as a home router connected to the corporate network. A rogue server can respond to client DISCOVER messages before the legitimate server, providing fraudulent IP configuration data that redirects traffic, enables man-in-the-middle attacks, or disrupts network connectivity. DHCP snooping on managed switches is the primary defense against rogue DHCP servers.
DHCP uses two UDP ports. UDP port 67 is used by the DHCP server to receive requests from clients. UDP port 68 is used by the DHCP client to receive responses from the server. These port numbers are defined in RFC 2131 and are standardized across all DHCP implementations. Note that DHCP uses UDP (not TCP) because the initial client broadcast occurs before the client has an IP address, making a connection-oriented protocol like TCP impossible at that stage.
Ready to take control of your IP address space?
Experience DHCP-driven IP automation with ManageEngine DDI Central.
Get Started Free