DHCP Configuration Settings: Reference

Use this reference documentation to understand the various considerations that you must keep in mind while configuring the DHCP service and to obtain a detailed guidance about the configuration settings on the Set DHCP Config page.

The following note mentions the DHCP configuration types that are supported or not supported based on how overlay or VLAN segments are connected:

Note:

On an isolated segment that is not connected to a gateway, only Local DHCP server is supported.
Segments that are configured with an IPv6 subnet can have either a Local DHCPv6 server or a DHCPv6 relay. Gateway DHCPv6 server is not supported.
If a segment contains an IPv4 subnet and an IPv6 subnet, you can configure both DHCPv4 and DHCPv6 servers on the segment.
Starting with NSX-T 3.1.1, DHCPv4 relay is supported on a VLAN segment through the service interface of a tier-0 or tier-1 gateway. Only one DHCPv4 relay service is supported on a VLAN segment.
For a VLAN segment requiring a DHCP server, only Local DHCP server is supported. Gateway DHCP server is not supported on a VLAN segment.

When a Local DHCP server or DHCP Relay is configured on a VLAN segment, one of the following configurations is required:

For VDS or VSS, Forged Transmits must be set to Accept.
For NSX-T segments or VDS 6.6 and later, MAC Learning must be set to Enabled.

In vSphere 7.0 or later, the Forged Transmits option is set to Reject, by default. To enable this option on the host, do the following steps:

Log in to the vSphere Client UI with admin privileges.
Go to Hosts and Clusters and click a host in the cluster.
Navigate to Configure > Networking > Virtual Switches, and then click Edit.
On the Edit Settings window, click Security. From the Forged Transmits drop-down menu, select Accept.

To learn about Forged Transmits, see the vSphere Security documentation.

Important: After a segment has DHCP service configured on it, some restrictions and caveats apply on changing the connectivity of the segment. For more information, see Scenarios: Impact of Changing Segment Connectivity on DHCP.

The following sections provide guidance about the configuration settings on the Set DHCP Config page.

DHCP Profile

If a segment is connected to a gateway, Gateway DHCP server is selected by default. The DHCP profile that is attached to the gateway is autoselected. The name and server IP address are fetched automatically from that DHCP profile and displayed in a read-only mode.
When a segment is using a Gateway DHCP server, ensure that an edge cluster is selected either in the gateway, or DHCP server profile, or both. If an edge cluster is unavailable in either the profile or the gateway, an error message is displayed when you save the segment.
If you are configuring a Local DHCP server or a DHCP Relay on the segment, you must select a DHCP profile from the drop-down menu. If no profiles are available in the DHCP Profile drop-down menu, click and create a DHCP profile. After the profile is created, it is automatically attached to the segment.
When a segment is using a Local DHCP server, ensure that the DHCP server profile contains an edge cluster. If an edge cluster is unavailable in the profile, an error message is displayed when you save the segment.

DHCP IPv4 Server or IPv6 Server Settings

This section explains the configuration settings in the IPv4 Server tab page and the IPv6 Server tab page.

DHCP Server Address

If you are configuring a Local DHCP server, server IP address is required. A maximum of two server IP addresses are supported. One IPv4 address and one IPv6 address. For an IPv4 address, the prefix length must be <= 30, and for an IPv6 address, the prefix length must be <= 126. The server IP addresses must belong to the subnets that you have specified in this segment. The DHCP server IP address must not overlap with the IP addresses in the DHCP ranges and DHCP static binding. The DHCP server profile might contain server IP addresses, but these IP addresses are ignored when you configure a Local DHCP server on the segment.
After a Local DHCP server is created, you can edit the server IP addresses on the Set DHCP Config page. However, the new IP addresses must belong to the same subnet that is configured in the segment.
If you are configuring a Gateway DHCP server, the DHCP Server Address text box is not editable. The server IP addresses are fetched automatically from the DHCP profile that is attached to the connected gateway.
The Gateway DHCP server IP addresses in the DHCP server profile can be different from the subnet that is configured in the segment. In this case, the Gateway DHCP server connects with the IPv4 subnet of the segment through an internal relay service, which is autocreated when the Gateway DHCP server is created. The internal relay service uses any one IP address from the subnet of the Gateway DHCP server IP address.
The IP address used by the internal relay service acts as the default gateway on the Gateway DHCP server to communicate with the IPv4 subnet of the segment.
After a Gateway DHCP server is created, you can edit the server IP addresses in the DHCP profile of the gateway. However, you cannot change the DHCP profile that is attached to the gateway.

DHCP Ranges

IP ranges, CIDR subnet, and IP addresses are allowed. IPv4 addresses must be in a CIDR /32 format, and IPv6 addresses must be in a CIDR /128 format. You can also enter an IP address as a range by entering the same IP address in the start and the end of the range. For example, 172.16.10.10-172.16.10.10.
IP addresses in the DHCP ranges must belong to the subnet that is configured on the segment. That is, DHCP ranges cannot contain IP addresses from multiple subnets.
IP ranges must not overlap with the DHCP server IP address and the DHCP static binding IP addresses.
IP ranges in the DHCP IP pool must not overlap each other.
Number of IP addresses in any DHCP range must not exceed 65536.
The following types of IPv6 addresses are not permitted in DHCP for IPv6 ranges:
- Link Local Unicast addresses (FE80::/64)
- Multicast addresses (FF00::/8)
- Unspecified address (0:0:0:0:0:0:0:0)
- Address with all F (F:F:F:F:F:F:F:F)

Caution: After a DHCP server is created, you can update existing ranges, append new IP ranges, or delete existing ranges. However, it is a good practice to avoid deleting, shrinking, or expanding the existing IP ranges. For example, do not try to combine multiple smaller IP ranges to create a single large IP range. When you modify existing ranges after the DHCP service is running, it might cause the DHCP clients to lose network connection and result in a temporary traffic disruption.

Excluded Ranges (Only for DHCPv6)

Enter IPv6 addresses or a range of IPv6 addresses that you want to exclude for dynamic IP assignment to DHCPv6 clients.

In IPv6 networks, the DHCP ranges can be large. Sometimes, you might want to reserve certain IPv6 addresses, or multiple small ranges of IPv6 addresses from the large DHCP range for static binding. In such situations, you can specify excluded ranges.

Lease Time: Default value is 86400 seconds. Valid range of values is 60–4294967295. The lease time that you configure in the DHCP server configuration takes precedence over the lease time that you specified in the DHCP profile.

Preferred Time (Only for DHCPv6)

Preferred time is the length of time that a valid IP address is preferred. When the preferred time expires, the IP address becomes deprecated. If no value is entered, preferred time is autocalculated as (lease time * 0.8).

Lease time must be > preferred time.

Valid range of values is 60–4294967295. Default is 69120 seconds.

DNS Servers: A maximum of two DNS servers are permitted. When not specified, no DNS is assigned to the DHCP client.

Domain names (Only for DHCPv6)

One or more domain names are supported.

DHCPv4 server configuration automatically fetches the domain name that you specified in the segment configuration.

SNTP Servers (Only for DHCPv6)

A maximum of two SNTP servers are permitted.

DHCPv6 server does not support NTP.

DHCP Options (Only for DHCPv4)

DHCP Options for IPv6 are not supported.

Each classless static route option in DHCP for IPv4 can have multiple routes with the same destination. Each route includes a destination subnet, subnet mask, next hop router. For information about classless static routes in DHCPv4, see RFC 3442 specifications. You can add a maximum of 127 classless static routes on a DHCPv4 server.

In addition to the Generic Option 121 (classless static route), NSX-T supports other Generic Options that are described in the following table. The Generic Options, which are not listed in this table are also accepted without any validation, but they do not take effect.

Table 1. Supported Generic Options
Code	Name	Value Type	Example Value
2	Time Offset	Integer - seconds offset from UTC Allowed values: -43200–43200 Maximum items: 1	28800
13	Boot File Size	Number of blocks. One block is 512 bytes. Integer values: 1–65535 Maximum items: 1	1385
19	Forward On/Off	IP forwarding Allowed values: [0, 1] 1 for on, 0 for off Maximum items: 1	0
26	MTU Interface	MTU for a given interface. Allowed values: 68–65535 Maximum items: 1	9600
28	Broadcast Address	IP address Maximum items: 1	10.10.10.255
35	ARP Timeout	Integer (seconds) Allowed values: 0–4294967295	360
40	NIS Domain	Text Maximum: 255 characters	vmware.com
41	NIS Servers	IP addresses in a preferred order Maximum items: 63	10.10.10.10
42	NTP Servers	IP addresses in a preferred order Maximum items: 63	10.10.10.11
44	NETBIOS Name Server	IP addresses in a preferred order Maximum items: 63	10.10.10.12
45	NETBIOS Dist Server	IP addresses in a preferred order Maximum items: 63	10.10.10.13
46	NETBIOS Node Type	Integer encoding of node type Allowed values: [1, 2, 4, 6] Maximum items: 4 1 = B-node - broadcast no WINS 2 = P-node - WINS only 4 = M-node - broadcast then WINS 8 = H-node - WINS then broadcast	2
47	NETBIOS Scope	String encoded according to RFC 1001/1002 Maximum: 255 characters
58	Renewal Time	N/A - based on the lease time between 0–4294967295 Maximum items: 1	300
59	Rebinding Time	N/A - based on the lease time between 0–4294967295 Maximum items: 1	300
64	NIS+ Domain Name	Text (domain name)	vmware.com
65	NIS+ Server Address	IP addresses in a preferred order	10.10.10.10
66	Server Name	Text (server domain name) Maximum: 255 characters	10.10.10.253
67	Bootfile Name	Text (file name) Maximum: 255 characters	/tftpboot/pxelinux/pxelinux.bin
117	Name Service Search	Not natively supported with API Allowed values: [0, 6, 41, 44, 65] Maximum items: 5	6
119	Domain Search	One or more domain names. Each domain name must be enclosed in quotes and separated by commas.	vmware.com
150	TFTP server address	IP address	10.10.10.10
209	PXE Configuration File	Maximum: 255 characters	configs/common
210	PXE Path Prefix	Maximum: 255 characters	/tftpboot/pxelinux/files/
211	PXE Reboot Time	Allowed values: 0–4294967295	1800