Introduction to DHCP

This topic is to discuss the following lesson:

great explanation…thanx Rene

Awesome work Rene …appreciate it !!


More one time, thanks for good explanation!!!


JOb well done to explain this in simple way, yet offer a good level of detail.

Hi Rene,

From the wireshark capture I understand that all the DHCP (Discover, Offer, Request and Ack) messages are layer 2 and layer 3 broadcast messages.

Why is it so?

I read somtime back (Request and Ack) messages. can be unicast message . Is it possible ?

Could you please explain how to configure it?



Hi SV,

Take a look at DHCP Relay, that’s where you will see unicast packets.

DHCP Relay on Cisco IOS


Rene simply misspoke in the video. The Offer message is broadcast. In the Wireshark capture for the Offer message, you can see the destination at layer 3 is and at layer 2 is ff:ff:ff:ff:ff:ff. This is a broadcast.

Another way to think about it would be this: The client does not yet have an IP address (the whole point of getting an Offer!), so the server has no choice but to do a layer 3 broadcast.


Hi Rene,

Nice explanation. Crisp and to the point. I have one question though.
How would the client identify that the Offer and the Ack message that the server sends? In other words, how would the client understand that it is the intended recipient of those messages from the DHCP server. Say, for instance two new clients are connected to the network at the same time, then there would be two sets of offer and ack messages broadcasted from the server. How would each client pick the right message?


Hi VJ,

Let’s take a look at the four DHCP packets:

DHCP Discover, Offer, Request and ACK packet capture

If you open the Offer packet and expand the “Bootstrap Protocol (Offer)” field then you can see the Client MAC address in there.


Hi Rene,

Thanks for the explanation. Could you please explain the role of Client Identifier field in this DHCP address learning process?

Hi Shanmugasiva,

The client identifier is used to uniquely identify the device that is requesting an IP address. You can see it in action here:

Cisco IOS DHCP Client Identifier

and here:

DHCP Static Binding


Hi Rene,

I did understand that the DHCP Request and DHCP Ack should be unicast by watching your video, however looking at the wireshark those packets going out from the DHCP client are in fact L2 and L3 broadcast packets. Could you help me to understand these situation?

Thank you,

This question was answered in the comments just a few lines up ^^^^

Rene misspoke in the video.

Hello Rene,

Thank you very much for your clear explanation,i have a small query on this topic

I understand that DHCP uses UDP 67 and 68 for its communication,but IP allocation process should be reliable right?

So my question here is why DHCP uses UDP instead of TCP? Any specific reason behind that?

Thanks and Regards,

Hi Hariharan,
I would think there are two reasons for this:

  1. The DHCP processes itself, via DORA (Discovery Offer Request and Acknowledgement, in IPv4) has all the reliability it needs without the additional overhead of TCP. If any of those DORA messages are lost, the client will simply retry.

  2. Aside from some implementations with DHCP renewals, the client will not have an source IP address - instead it is, so establishing a SYN, SYN-ACK, ACK TCP session would not be possible.


Hi Rene/Andrew,
I am able to understand that discover, offer packets are broadcast. How about Request and Acknowledgement ? whether it is broadcast ? When we use relay agent it will be unicast. However i want to know about if there is no relay in our network? Please let know.

- Thanks!

Hi Saranya,
This topic can be a little bit confusing because there are two different layers that can perform broadcast or unicast - Layer 2 and Layer 3.

Here is a summary of what happens at each layer for each phase:

Phase      Layer 3      Layer 2
Discover   Broadcast    Broadcast
Offer      Broadcast    Unicast
Request    Broadcast    Broadcast
Ack        Broadcast    Unicast

Layer 3 broadcast =
Layer 2 broadcast = FFFF.FFFF.FFFF

You may notice that layer 3 is always broadcast. This is because the whole purpose of DHCP is for the client to establish its layer 3 address, which will not happen until the conclusion of DORA. Additionally, you may notice that all communication from the DHCP server at layer 2 is unicast. The reason for this is because the DHCP server obtained the client’s MAC address when the client sent out its initial Discover message.


Dear Rene/Andrew,
Thank you for this great lesson. Mr Andrew with reference to your reply # 27608 above particularly this point " Additionally, you may notice that all communication from the DHCP server at layer 2 is unicast. The reason for this is because the DHCP server obtained the client’s MAC address when the client sent out its initial Discover message.", I am still confused on where broadcast happens and where unicast happens. From the Wireshark captures above I do not see Unicast happening anywhere. Even for Offer and Ack from the server the dest mac address seems to broadcast instead of unicast to the end device.

Could you please clarify on this. Thank you very much.

I have seen conflicting information as well. For example, the link below supports what you are seeing (no unicasts)

However, in the following Wireshark Wiki site, it supports what I was saying (Offer and ACK from the server are layer 2 unicast)

My only conclusion is that different vendors must have implemented how the DHCP server handles Offer and ACK differently.