Configure DHCP on a Segment

You can configure DHCP on each segment regardless of whether the segment is connected to a gateway. Both DHCP for IPv4 (DHCPv4) and DHCP for IPv6 (DHCPv6) servers are supported.

For a gateway-connected segment, all the following DHCP types are supported:

DHCP local server
DHCP relay
Gateway DHCP (supported only for IPv4 subnets in a segment)

For a standalone segment that is not connected to a gateway, only local DHCP server is supported.

The following restrictions apply to DHCPv6 server configuration on an IPv6 subnet:

Segments configured with an IPv6 subnet can have either a local DHCPv6 server or a DHCPv6 relay. Gateway DHCPv6 is not supported.
DHCPv6 Options (classless static routes and generic options) are not supported.

Prerequisites

DHCP profile is added in the network.
If you are configuring Gateway DHCP on a segment, a DHCP profile must be attached to the directly connected tier-1 or tier-0 gateway.

Procedure

From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
Select Networking > Segments.
Either add or edit a segment.
- To configure a new segment, click Add Segment.
- To modify the properties of an existing segment, click the vertical ellipses next to the name of an existing segment, and then click Edit.
If you are adding a segment, ensure that the following segment properties are specified:
- Segment name
- Connectivity
- Transport zone
- Subnets (required for a gateway-connected segment, optional for a standalone segment)
If you are editing an existing segment, go directly to the next step.
Click Set DHCP Config.

In the DHCP Type drop-down menu, select any one of the following types.

On a segment, IPv6 and IPv4 subnets always use the same DHCP type. Mixed configuration is not supported.

DHCP Type	Description
DHCP Local Server	Select this option to create a local DHCP server that has an IP address on the segment. As the name suggests, it is a DHCP server that is local to the segment and not available to the other segments in the network. A local DHCP server provides a dynamic IP assignment service only to the VMs that are attached to the segment. You can configure all DHCP settings, including DHCP ranges, DHCP Options, and static bindings on the segment. For standalone segments, this type is selected by default.
DHCP Relay	Select this option to relay the DHCP client requests to the external DHCP servers. The external DHCP servers can be in any subnet, outside the SDDC, or in the physical network. The DHCP relay service is local to the segment and not available to the other segments in the network. When you use a DHCP relay on a segment, you cannot configure DHCP Settings and DHCP Options. The UI does not prevent you from configuring DHCP static bindings. However, in NSX-T Data Center 3.0, static binding with a DHCP relay is an unsupported configuration.
Gateway DHCP	This DHCP type is analogous to a central DHCP service that dynamically assigns IP and other network configuration to the VMs on all the segments that are connected to the gateway and using Gateway DHCP. Depending on the type of DHCP profile you attach to the gateway, you can configure a Gateway DHCP server or a Gateway DHCP relay on the segment. By default, segments that are connected to a tier-1 or tier-0 gateway use Gateway DHCP. If needed, you can choose to configure a DHCP local server or a DHCP relay on the segment. To configure Gateway DHCP on a segment, a DHCP profile must be attached to the gateway. If the IPv4 subnet uses Gateway DHCP, you cannot configure DHCPv6 in the IPv6 subnet of the same segment because Gateway DHCPv6 is not supported. In this case, the IPv6 subnet cannot support any DHCPv6 server configuration, including the IPv6 static bindings.

DHCP Type

Description

DHCP Local Server

Select this option to create a local DHCP server that has an IP address on the segment.

As the name suggests, it is a DHCP server that is local to the segment and not available to the other segments in the network. A local DHCP server provides a dynamic IP assignment service only to the VMs that are attached to the segment.

You can configure all DHCP settings, including DHCP ranges, DHCP Options, and static bindings on the segment.

For standalone segments, this type is selected by default.

DHCP Relay

Select this option to relay the DHCP client requests to the external DHCP servers. The external DHCP servers can be in any subnet, outside the SDDC, or in the physical network.

The DHCP relay service is local to the segment and not available to the other segments in the network.

When you use a DHCP relay on a segment, you cannot configure DHCP Settings and DHCP Options. The UI does not prevent you from configuring DHCP static bindings. However, in NSX-T Data Center 3.0, static binding with a DHCP relay is an unsupported configuration.

Gateway DHCP

This DHCP type is analogous to a central DHCP service that dynamically assigns IP and other network configuration to the VMs on all the segments that are connected to the gateway and using Gateway DHCP. Depending on the type of DHCP profile you attach to the gateway, you can configure a Gateway DHCP server or a Gateway DHCP relay on the segment.

By default, segments that are connected to a tier-1 or tier-0 gateway use Gateway DHCP. If needed, you can choose to configure a DHCP local server or a DHCP relay on the segment.

To configure Gateway DHCP on a segment, a DHCP profile must be attached to the gateway.

If the IPv4 subnet uses Gateway DHCP, you cannot configure DHCPv6 in the IPv6 subnet of the same segment because Gateway DHCPv6 is not supported. In this case, the IPv6 subnet cannot support any DHCPv6 server configuration, including the IPv6 static bindings.

Note: In NSX-T Data Center 3.0 and 3.0.1, after the segment is created and the DHCP service is in use, you cannot change the DHCP type of a gateway-connected segment. Starting in version 3.0.2, you can change the DHCP type of a gateway-connected segment.

In the DHCP Profile drop-down menu, select the name of the DHCP server profile or DHCP relay profile.
- If the segment is connected to a gateway, Gateway DHCP server is selected by default. The DHCP profile that is attached to the gateway is autoselected. The name and server IP address are fetched automatically from that DHCP profile and displayed in a read-only mode.
  When a segment is using a Gateway DHCP server, ensure that an edge cluster is selected either in the gateway, or DHCP server profile, or both. If an edge cluster is unavailable in either the profile or the gateway, an error message is displayed when you save the segment.
- If you are configuring a local DHCP server or a DHCP relay on the segment, you must select a DHCP profile from the drop-down menu. If no profiles are available in the drop-down menu, click the vertical ellipses icon and create a DHCP profile. After the profile is created, it is automatically attached to the segment.
  When a segment is using a local DHCP server, ensure that the DHCP server profile contains an edge cluster. If an edge cluster is unavailable in the profile, an error message is displayed when you save the segment.
Note: In NSX-T Data Center 3.0 and 3.0.1, after the segment is created and the DHCP service is in use, you cannot change the DHCP profile of the segment. Starting in version 3.0.2, you can change the DHCP profile of the segment that uses a DHCP local server or a DHCP relay.
Click the IPv4 Server or IPv6 Server tab.
If the segment contains an IPv4 subnet and an IPv6 subnet, you can configure both DHCPv4 and DHCPv6 servers on the segment.
Configure the DHCP settings.
1. Enable the DHCP configuration settings on the subnet by clicking the DHCP Config toggle button.
2. In the DHCP Server Address text box, enter the IP addresses.
  - If you are configuring a DHCP local server, server IP address is required. A maximum of two server IP addresses are supported. One IPv4 address and one IPv6 address. For an IPv4 address, the prefix length must be <= 30, and for an IPv6 address, the prefix length must be <= 126. The server IP addresses must belong to the subnets that you have specified in this segment. The DHCP server IP address must not overlap with the IP addresses in the DHCP ranges and DHCP static binding. The DHCP server profile might contain server IP addresses, but these IP addresses are ignored when you configure a local DHCP server on the segment.
    After a local DHCP server is created, you can edit the server IP addresses on the Set DHCP Config page. However, the new IP addresses must belong to the same subnet that is configured in the segment.
  - If you are configuring a DHCP relay, this step is not applicable. The server IP addresses are fetched automatically from the DHCP relay profile and displayed below the profile name.
  - If you are configuring a Gateway DHCP server, this text box is not editable. The server IP addresses are fetched automatically from the DHCP profile that is attached to the connected gateway.
    Remember, the Gateway DHCP server IP addresses in the DHCP server profile can be different from the subnet that is configured in the segment. In this case, the Gateway DHCP server connects with the IPv4 subnet of the segment through an internal relay service, which is autocreated when the Gateway DHCP server is created. The internal relay service uses any one IP address from the subnet of the Gateway DHCP server IP address. The IP address used by the internal relay service acts as the default gateway on the Gateway DHCP server to communicate with the IPv4 subnet of the segment.
    After a Gateway DHCP server is created, you can edit the server IP addresses in the DHCP profile of the gateway. However, you cannot change the DHCP profile that is attached to the gateway.
3. (Optional) In the DHCP Ranges text box, enter one or more IP address ranges.
  Both IP ranges and IP addresses are allowed. IPv4 addresses must be in a CIDR /32 format, and IPv6 addresses must be in a CIDR /128 format. You can also enter an IP address as a range by entering the same IP address in the start and the end of the range. For example, 172.16.10.10-172.16.10.10.
  Ensure that DHCP ranges meet the following requirements:
  - IP addresses in the DHCP ranges must belong to the subnet that is configured on the segment. That is, DHCP ranges cannot contain IP addresses from multiple subnets.
  - IP ranges must not overlap with the DHCP Server IP address and the DHCP static binding IP addresses.
  - IP ranges in the DHCP IP pool must not overlap each other.
  - Number of IP addresses in any DHCP range must not exceed 65536.
  Note: The following types of IPv6 addresses are not permitted in DHCP for IPv6 ranges:
  - Link Local Unicast addresses (FE80::/64)
  - Multicast addresses (FF00::/8)
  - Unspecified address (0:0:0:0:0:0:0:0)
  - Address with all F (F:F:F:F:F:F:F:F)
  Caution: After a DHCP server is created, you can update existing ranges, append new IP ranges, or delete existing ranges. However, it is a good practice to avoid deleting, shrinking, or expanding the existing IP ranges. For example, do not try to combine multiple smaller IP ranges to create a single large IP range. You might accidentally miss including IP addresses, which are already leased to the DHCP clients from the larger IP range. Therefore, when you modify existing ranges after the DHCP service is running, it might cause the DHCP clients to lose network connection and result in a temporary traffic disruption.
4. (Optional) (Only for DHCPv6): In the Excluded Ranges text box, enter IPv6 addresses or a range of IPv6 addresses that you want to exclude for dynamic IP assignment to DHCPv6 clients.
  
  In IPv6 networks, the DHCP ranges can be large. Sometimes, you might want to reserve certain IPv6 addresses, or multiple small ranges of IPv6 addresses from the large DHCP range for static binding. In such situations, you can specify excluded ranges.
5. (Optional) Edit the lease time in seconds.
  Default value is 86400. Valid range of values is 60–4294967295. The lease time configured in the DHCP server configuration takes precedence over the lease time that you specified in the DHCP profile.
6. (Optional) (Only for DHCPv6): Enter the preferred time in seconds.
  
  Preferred time is the length of time that a valid IP address is preferred. When the preferred time expires, the IP address becomes deprecated. If no value is entered, preferred time is autocalculated as (lease time * 0.8).
  
  Lease time must be > preferred time.
  
  Valid range of values is 60–4294967295. Default is 69120.
7. (Optional) Enter the IP address of the domain name server (DNS) to use for name resolution. A maximum of two DNS servers are permitted.
  When not specified, no DNS is assigned to the DHCP client. DNS server IP addresses must belong to the same subnet as the subnet's gateway IP address.
8. (Optional) (Only for DHCPv6): Enter one or more domain names.
  DHCPv4 configuration automatically fetches the domain name that you specified in the segment configuration.
9. (Optional) (Only for DHCPv6): Enter the IP address of the Simple Network Time Protocol (SNTP) server. A maximum of two SNTP servers are permitted.
  
  In NSX-T Data Center 3.0, DHCPv6 server does not support NTP.
  
  DHCPv4 server supports only NTP. To add an NTP server, click Options, and add the Generic Option (Code 42 - NTP Servers).
(Optional) Click Options, and specify the Classless Static Routes (Option 121) and Generic Options.
In NSX-T Data Center 3.0, DHCP Options for IPv6 are not supported.
- Each classless static route option in DHCP for IPv4 can have multiple routes with the same destination. Each route includes a destination subnet, subnet mask, next hop router. For information about classless static routes in DHCPv4, see RFC 3442 specifications. You can add a maximum of 127 classless static routes on a DHCPv4 server.
- For adding Generic Options, select the code of the option and enter a value of the option. For binary values, the value must be in a base-64 encoded format.
Click Apply to save the DHCP configuration, and then click Save to save the segment configuration.

What to do next

After a segment has DHCP configured on it, some restrictions and caveats apply on changing the segment connectivity. For more information, see Scenarios: Impact of Changing Segment Connectivity on DHCP.
When a DHCP server profile is attached to a segment that uses a DHCP local server, the DHCP service is created in the edge cluster that you specified in the DHCP profile. However, if the segment uses a Gateway DHCP server, the edge cluster in which the DHCP service is created depends on a combination of several factors. For a detailed information about how an edge cluster is selected for DHCP service, see Scenarios: Selection of Edge Cluster for DHCP Service.