Use this reference documentation to understand the various considerations that you must keep in mind while configuring the DHCP service and to obtain a detailed guidance about the configuration settings on the Set DHCP Config page.
The following note mentions the DHCP configuration types that are supported or not supported based on how overlay or VLAN segments are connected:
- On an isolated segment that is not connected to a gateway, only Local DHCP server is supported.
- Segments that are configured with an IPv6 subnet can have either a Local DHCPv6 server or a DHCPv6 relay. Gateway DHCPv6 server is not supported.
- If a segment contains an IPv4 subnet and an IPv6 subnet, you can configure both DHCPv4 and DHCPv6 servers on the segment.
- Starting with NSX-T 3.1.1, DHCPv4 relay is supported on a VLAN segment through the service interface of a tier-0 or tier-1 gateway. Only one DHCPv4 relay service is supported on a VLAN segment.
- For a VLAN segment requiring a DHCP server, only Local DHCP server is supported. Gateway DHCP server is not supported on a VLAN segment.
When a Local DHCP server or DHCP Relay is configured on a VLAN segment, Forged Transmits option on the ESXi host where the Edge VM is installed must be set to Accept. Set this option in the VDS or VSS configuration, but not the N-VDS.
- Log in to the vSphere Client UI with admin privileges.
- Go to Hosts and Clusters and click a host in the cluster.
- Navigate to Edit. , and then click
- On the Edit Settings window, click Security. From the Forged Transmits drop-down menu, select Accept.
To learn about Forged Transmits, see the vSphere Security documentation.
The following sections provide guidance about the configuration settings on the Set DHCP Config page.
- If a segment is connected to a gateway, Gateway DHCP server is selected by default. The DHCP profile that is attached to the gateway is autoselected. The name and server IP address are fetched automatically from that DHCP profile and displayed in a read-only mode.
- When a segment is using a Gateway DHCP server, ensure that an edge cluster is selected either in the gateway, or DHCP server profile, or both. If an edge cluster is unavailable in either the profile or the gateway, an error message is displayed when you save the segment.
- If you are configuring a Local DHCP server or a DHCP Relay on the segment, you must select a DHCP profile from the drop-down menu. If no profiles are available in the DHCP Profile drop-down menu, click and create a DHCP profile. After the profile is created, it is automatically attached to the segment.
- When a segment is using a Local DHCP server, ensure that the DHCP server profile contains an edge cluster. If an edge cluster is unavailable in the profile, an error message is displayed when you save the segment.
DHCP IPv4 Server or IPv6 Server Settings
This section explains the configuration settings in the IPv4 Server tab page and the IPv6 Server tab page.
- DHCP Server Address
- If you are configuring a Local DHCP server, server IP address is required. A maximum of two server IP addresses are supported. One IPv4 address and one IPv6 address. For an IPv4 address, the prefix length must be <= 30, and for an IPv6 address, the prefix length must be <= 126. The server IP addresses must belong to the subnets that you have specified in this segment. The DHCP server IP address must not overlap with the IP addresses in the DHCP ranges and DHCP static binding. The DHCP server profile might contain server IP addresses, but these IP addresses are ignored when you configure a Local DHCP server on the segment.
- After a Local DHCP server is created, you can edit the server IP addresses on the Set DHCP Config page. However, the new IP addresses must belong to the same subnet that is configured in the segment.
- If you are configuring a Gateway DHCP server, the DHCP Server Address text box is not editable. The server IP addresses are fetched automatically from the DHCP profile that is attached to the connected gateway.
- The Gateway DHCP server IP addresses in the DHCP server profile can be different from the subnet that is configured in the segment. In this case, the Gateway DHCP server connects with the IPv4 subnet of the segment through an internal relay service, which is autocreated when the Gateway DHCP server is created. The internal relay service uses any one IP address from the subnet of the Gateway DHCP server IP address.
- The IP address used by the internal relay service acts as the default gateway on the Gateway DHCP server to communicate with the IPv4 subnet of the segment.
- After a Gateway DHCP server is created, you can edit the server IP addresses in the DHCP profile of the gateway. However, you cannot change the DHCP profile that is attached to the gateway.
- DHCP Ranges
Caution: After a DHCP server is created, you can update existing ranges, append new IP ranges, or delete existing ranges. However, it is a good practice to avoid deleting, shrinking, or expanding the existing IP ranges. For example, do not try to combine multiple smaller IP ranges to create a single large IP range. When you modify existing ranges after the DHCP service is running, it might cause the DHCP clients to lose network connection and result in a temporary traffic disruption.
- IP ranges, CIDR subnet, and IP addresses are allowed. IPv4 addresses must be in a CIDR /32 format, and IPv6 addresses must be in a CIDR /128 format. You can also enter an IP address as a range by entering the same IP address in the start and the end of the range. For example, 172.16.10.10-172.16.10.10.
- IP addresses in the DHCP ranges must belong to the subnet that is configured on the segment. That is, DHCP ranges cannot contain IP addresses from multiple subnets.
- IP ranges must not overlap with the DHCP server IP address and the DHCP static binding IP addresses.
- IP ranges in the DHCP IP pool must not overlap each other.
- Number of IP addresses in any DHCP range must not exceed 65536.
- The following types of IPv6 addresses are not permitted in DHCP for IPv6 ranges:
- Link Local Unicast addresses (FE80::/64)
- Multicast addresses (FF00::/8)
- Unspecified address (0:0:0:0:0:0:0:0)
- Address with all F (F:F:F:F:F:F:F:F)
- Excluded Ranges (Only for DHCPv6)
Enter IPv6 addresses or a range of IPv6 addresses that you want to exclude for dynamic IP assignment to DHCPv6 clients.
In IPv6 networks, the DHCP ranges can be large. Sometimes, you might want to reserve certain IPv6 addresses, or multiple small ranges of IPv6 addresses from the large DHCP range for static binding. In such situations, you can specify excluded ranges.
- Lease Time
Default value is 86400 seconds. Valid range of values is 60–4294967295. The lease time that you configure in the DHCP server configuration takes precedence over the lease time that you specified in the DHCP profile.
- Preferred Time (Only for DHCPv6)
Preferred time is the length of time that a valid IP address is preferred. When the preferred time expires, the IP address becomes deprecated. If no value is entered, preferred time is autocalculated as (lease time * 0.8).
Lease time must be > preferred time.
Valid range of values is 60–4294967295. Default is 69120 seconds.
- DNS Servers
A maximum of two DNS servers are permitted. When not specified, no DNS is assigned to the DHCP client.
- Domain names (Only for DHCPv6)
One or more domain names are supported.
DHCPv4 server configuration automatically fetches the domain name that you specified in the segment configuration.
DHCP Options (Only for DHCPv4)
DHCP Options for IPv6 are not supported.
- Each classless static route option in DHCP for IPv4 can have multiple routes with the same destination. Each route includes a destination subnet, subnet mask, next hop router. For information about classless static routes in DHCPv4, see RFC 3442 specifications. You can add a maximum of 127 classless static routes on a DHCPv4 server.
- For adding Generic Options, select the code of the option and enter a value of the option. For binary values, the value must be in a base-64 encoded format.
- DHCPv4 server supports only NTP. To add an NTP server, add the Generic Option (Code 42 - NTP Servers).