DHCP Relay – ip helper-address Explained

1. Why DHCP Relay Is Needed

DHCP clients discover a server by broadcasting a DHCP Discover message — destination IP 255.255.255.255. Routers, by design, do not forward broadcast packets across subnet boundaries. They stop broadcasts at each interface to prevent broadcast storms and keep traffic local to its originating segment. This creates an immediate problem: if the DHCP server is on a different subnet from the clients, the clients' broadcasts never reach it and they fail to obtain IP addresses. 

  Without DHCP Relay:
  ┌───────────────────┐        ┌───────────────────┐
  │  Client Subnet    │        │  Server Subnet    │
  │  192.168.1.0/24   │        │  10.0.0.0/24      │
  │                   │        │                   │
  │  PC sends DHCP    │        │  DHCP Server      │
  │  DISCOVER         │        │  10.0.0.2         │
  │  (broadcast)      │  ─╳─▶  │                   │
  │                   │Router   │                   │
  │                   │BLOCKS   │                   │
  │  PC gets APIPA    │        │  Never hears it   │
  │  169.254.x.x ❌   │        │                   │
  └───────────────────┘        └───────────────────┘

  With DHCP Relay (ip helper-address):
  ┌───────────────────┐        ┌───────────────────┐
  │  Client Subnet    │        │  Server Subnet    │
  │  192.168.1.0/24   │        │  10.0.0.0/24      │
  │                   │        │                   │
  │  PC sends DHCP    │        │  DHCP Server      │
  │  DISCOVER         │──▶Router──▶  10.0.0.2      │
  │  (broadcast)      │  converts  │               │
  │                   │  to unicast│               │
  │  PC gets 192.168  │◀──Router◀──│  Replies ✅    │
  │  .1.10/24     ✅  │            │               │
  └───────────────────┘        └───────────────────┘

The solution is the DHCP Relay Agent — configured on the router interface facing the client subnet with the ip helper-address command. The relay agent intercepts DHCP broadcasts, converts them to unicast packets addressed to the DHCP server, and relays responses back to the client. For a hands-on lab, see DHCP Relay Agent (Step-by-Step).

Related pages: How DHCP Works (DORA) | Configuring DHCP on Routers & Switches | DHCP Server Configuration | DHCP Snooping & DAI

2. How DHCP Relay Works — The giaddr Field

The most important technical detail of DHCP relay — and the one most often overlooked — is the giaddr (Gateway IP Address) field. When the relay agent forwards a DHCP Discover to the server, it does more than simply change the destination address from broadcast to unicast. It inserts its own IP address into the giaddr field of the DHCP packet header.

The DHCP server uses the giaddr to answer two critical questions:

  • Which subnet is the client on? — The giaddr is the relay interface IP on the client's subnet, so the server knows exactly which network the client belongs to.
  • Which pool should be used? — The server searches its configured pools for one whose network statement contains the giaddr IP and assigns an address from that pool. See DHCP Server Configuration for how pools are defined.
  ── Step-by-step with giaddr ────────────────────────────────────────────

  Step 1: Client sends DHCP Discover (broadcast)
  ┌──────────────────────────────────────┐
  │ Src IP:  0.0.0.0   (no IP yet)       │
  │ Dst IP:  255.255.255.255 (broadcast) │
  │ giaddr:  0.0.0.0   (not set yet)     │
  └──────────────────────────────────────┘

  Step 2: Relay agent on 192.168.1.1 intercepts and modifies
  ┌──────────────────────────────────────┐
  │ Src IP:  192.168.1.1 (relay's IP)   │
  │ Dst IP:  10.0.0.2   (DHCP server)   │
  │ giaddr:  192.168.1.1 ◀── SET HERE   │
  │           (tells server: client is  │
  │            on the 192.168.1.0/24    │
  │            subnet)                  │
  └──────────────────────────────────────┘

  Step 3: DHCP Server at 10.0.0.2 receives request
  → Reads giaddr = 192.168.1.1
  → Searches pools for one containing 192.168.1.x
  → Selects pool: 192.168.1.0/24
  → Assigns IP from that pool: 192.168.1.15

  Step 4: Server sends DHCP Offer to relay (192.168.1.1)
  → Relay forwards Offer to client (via broadcast or client MAC)
Why giaddr matters for multiple VLANs: When a single DHCP server serves many VLANs, it uses the giaddr from each relayed request to identify the client's subnet and select the correct pool automatically. Without giaddr, the server would have no way to distinguish a client on VLAN 10 (192.168.10.x) from one on VLAN 20 (192.168.20.x).

3. Configuring ip helper-address on a Router

The ip helper-address command is entered in interface configuration mode on the interface facing the client subnet — not the interface facing the server. The relay agent listens on the client-facing interface for DHCP broadcasts arriving from clients.

Basic Single-Subnet Relay

! Network:
! Client subnet:   192.168.1.0/24 on GigabitEthernet0/0 (router IP 192.168.1.1)
! DHCP server:     10.0.0.2 on GigabitEthernet0/1

Router(config)# interface GigabitEthernet0/0
Router(config-if)# description Client-Facing Interface
Router(config-if)# ip address 192.168.1.1 255.255.255.0
Router(config-if)# ip helper-address 10.0.0.2        ! Forward DHCP to 10.0.0.2
Router(config-if)# no shutdown

Multiple Subnets on the Same Router

! Each client-facing interface needs its own ip helper-address entry
! pointing to the same (or different) DHCP server

Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip address 192.168.1.1 255.255.255.0
Router(config-if)# ip helper-address 10.0.0.2         ! Relay for subnet 1

Router(config)# interface GigabitEthernet0/1
Router(config-if)# ip address 192.168.2.1 255.255.255.0
Router(config-if)# ip helper-address 10.0.0.2         ! Same server for subnet 2

Router(config)# interface GigabitEthernet0/2
Router(config-if)# ip address 192.168.3.1 255.255.255.0
Router(config-if)# ip helper-address 10.0.0.2         ! Same server for subnet 3
One command per interface. ip helper-address must be configured on each interface where clients connect. A single command on a "central" interface does not cover all attached subnets — the relay only activates on the interface where it is configured.

4. Configuring ip helper-address on a Layer 3 Switch (SVI)

In modern enterprise campus networks, the most common deployment is a Layer 3 switch at the distribution layer acting as the relay agent. Each VLAN has an SVI (Switch Virtual Interface) with the VLAN's default gateway IP — and each SVI that has clients needs its own ip helper-address. See Inter-VLAN Routing on a Layer 3 Switch for full SVI configuration.

Multi-VLAN Relay on a Layer 3 Switch

! Enable IP routing on the Layer 3 switch
Switch(config)# ip routing

! VLAN 10 — HR Department
Switch(config)# interface Vlan10
Switch(config-if)# ip address 192.168.10.1 255.255.255.0
Switch(config-if)# ip helper-address 10.0.0.5    ! Relay VLAN 10 clients to DHCP server
Switch(config-if)# no shutdown

! VLAN 20 — IT Department
Switch(config)# interface Vlan20
Switch(config-if)# ip address 192.168.20.1 255.255.255.0
Switch(config-if)# ip helper-address 10.0.0.5    ! Same server; giaddr selects correct pool
Switch(config-if)# no shutdown

! VLAN 30 — Guest Wi-Fi
Switch(config)# interface Vlan30
Switch(config-if)# ip address 192.168.30.1 255.255.255.0
Switch(config-if)# ip helper-address 10.0.0.5
Switch(config-if)# no shutdown

Switch(config)# end
Switch# write memory
How the server distinguishes VLANs: When a client on VLAN 10 sends a Discover, the VLAN 10 SVI (192.168.10.1) relays it with giaddr = 192.168.10.1. When a client on VLAN 20 sends a Discover, the VLAN 20 SVI (192.168.20.1) relays it with giaddr = 192.168.20.1. The server at 10.0.0.5 sees these different giaddr values and selects the correct pool for each: 192.168.10.0/24 for VLAN 10, 192.168.20.0/24 for VLAN 20. One server — many VLANs — zero ambiguity. See DHCP Server Configuration for defining matching pools.

5. Redundant DHCP Servers with Multiple Helper Addresses

For high availability, you can configure multiple ip helper-address entries on a single interface — one for each DHCP server. The relay agent sends a copy of every DHCP Discover to all configured helper addresses simultaneously. 

! Configure relay to forward to both a primary and secondary DHCP server
Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip address 192.168.1.1 255.255.255.0
Router(config-if)# ip helper-address 10.0.0.5     ! Primary DHCP server
Router(config-if)# ip helper-address 10.0.0.6     ! Secondary DHCP server (redundancy)
How redundancy works: Both servers receive the Discover simultaneously. Whichever responds faster with a DHCP Offer — the client accepts. The other server's Offer is ignored. If the primary server is down, only the secondary responds, ensuring clients still get IP addresses. Both servers must have matching pools for the client subnets. See DHCP Server Configuration for pool setup.
Important: Multiple helper addresses on the same interface all point to DHCP servers. Do not confuse this with configuring a helper address on multiple interfaces — that is done per-interface independently (see Section 3).

6. What Else Does ip helper-address Forward?

By default, ip helper-address does not only forward DHCP broadcasts — it forwards eight UDP broadcast protocols simultaneously. This is because historically many network services used UDP broadcasts that needed to cross subnets.

UDP Port Protocol Notes
67 DHCP / BOOTP Server The primary use case — client DHCP requests
68 DHCP / BOOTP Client Server responses back to the client
69 TFTP Trivial File Transfer — used for PXE boot, AP image downloads
53 DNS Domain Name Service broadcast queries (rare in modern networks)
37 Time Protocol Legacy time synchronisation
42 IEN-116 Name Service Very legacy — rarely seen today
137 NetBIOS Name Service Windows NetBIOS name resolution broadcasts
138 NetBIOS Datagram Windows NetBIOS datagram service
Limiting to DHCP only: In security-conscious environments, you may not want to forward all eight protocols. Disable the ones you don't need: 
! Disable forwarding of specific UDP broadcast protocols
Router(config)# no ip forward-protocol udp 69    ! Disable TFTP forwarding
Router(config)# no ip forward-protocol udp 53    ! Disable DNS forwarding
Router(config)# no ip forward-protocol udp 137   ! Disable NetBIOS NS forwarding
Router(config)# no ip forward-protocol udp 138   ! Disable NetBIOS DG forwarding

! After disabling, ip helper-address only forwards DHCP (ports 67/68)

7. DHCP Relay vs. Local DHCP Server

Aspect DHCP Relay (ip helper-address) Local DHCP Server per Subnet
Server location Centralised — one server (or small cluster) serves all subnets Distributed — one server (or process) per subnet
Traffic type Client broadcasts converted to server unicast by relay agent Client broadcasts answered locally — no relay needed
Scalability Excellent — adding a new subnet only requires a new pool entry on the server and ip helper-address on the new SVI Poor — each new subnet needs a new server or server configuration
Management Single point of management — all leases visible in one place. See DHCP Server Configuration. Multiple servers to manage; audit/compliance more complex
Availability risk If central server fails, all subnets lose DHCP (mitigated with redundant servers) Local failure only affects one subnet
Configuration effort Initial setup — one pool per subnet on central server + one helper per SVI Per-subnet configuration; more repetitive in large environments
Typical use Enterprise campus, data centre, multi-VLAN environments SOHO, isolated segments, or when server must be highly available per-segment

8. Complete Relay Packet Flow — Full DORA with Relay

See How DHCP Works (DORA) for a full explanation of the Discover-Offer-Request-Acknowledge sequence. 

  Network:  Client on 192.168.10.0/24 (VLAN 10)
            Relay Agent (L3 switch SVI Vlan10): 192.168.10.1
            DHCP Server: 10.0.0.5

  ─────────── DHCP DISCOVER ──────────────────────────────────────────────
  Client ──broadcast──▶ Layer 3 Switch (SVI Vlan10)
  Src: 0.0.0.0:68    Dst: 255.255.255.255:67
  giaddr: 0.0.0.0 (not yet set)

  Relay modifies and unicasts:
  Src: 192.168.10.1:67   Dst: 10.0.0.5:67
  giaddr: 192.168.10.1   (tells server: client is on .10.x subnet)

  ─────────── DHCP OFFER ─────────────────────────────────────────────────
  DHCP Server reads giaddr=192.168.10.1 → selects 192.168.10.0/24 pool
  Server sends Offer to relay agent:
  Src: 10.0.0.5:67   Dst: 192.168.10.1:67
  yiaddr: 192.168.10.15  (proposed IP for client)

  Relay forwards to client (broadcast or to client's MAC):
  Src: 10.0.0.5   Dst: 255.255.255.255 (or client MAC unicast)

  ─────────── DHCP REQUEST ───────────────────────────────────────────────
  Client accepts → broadcasts Request
  Relay intercepts → unicasts to 10.0.0.5 with giaddr=192.168.10.1

  ─────────── DHCP ACK ───────────────────────────────────────────────────
  Server confirms → sends ACK to relay → relay forwards to client
  Client configures: 192.168.10.15/24, GW: 192.168.10.1, DNS: 8.8.8.8

9. Verification Commands

Command What It Shows When to Use
show ip interface <int> Shows the helper address(es) configured on the interface First check — confirm helper address is applied and correct
show ip interface Vlan10 Shows SVI IP, helper address, ACLs, and status for VLAN 10 Verify SVI is up and helper is configured for that VLAN
show running-config | include helper All interfaces with ip helper-address configured Quick global check — see all relay configurations at once
show ip dhcp binding Active DHCP leases — confirms clients are getting IPs Verify DHCP is working end-to-end for clients
show ip dhcp server statistics DHCP message counters (Discover, Offer, Request, ACK) Confirm the server is seeing relayed requests and responding
debug ip dhcp relay Real-time relay events — forwards and receives Lab troubleshooting; confirms relay is forwarding correctly
debug ip dhcp server events Real-time server-side DHCP events Run on the DHCP server to see if it receives and processes relayed requests

Sample show ip interface Output Confirming Helper

Switch# show ip interface Vlan10

Vlan10 is up, line protocol is up
  Internet address is 192.168.10.1/24
  Broadcast address is 255.255.255.255
  Helper address is 10.0.0.5          ← Relay is configured ✅
  ...

! If helper address is NOT configured, you would see:
  Helper address is not set            ← Relay is missing ❌

10. Troubleshooting DHCP Relay Issues

Symptom Likely Cause Diagnostic & Fix
Clients get 169.254.x.x (APIPA) — no IP from DHCP Helper address missing or on wrong interface; DHCP server unreachable show ip interface <SVI> — check "Helper address is"; if missing, add ip helper-address <server-IP> on the correct client-facing SVI
Helper address configured but clients still not getting IPs Routing between relay and DHCP server broken; firewall/ACL blocking UDP 67/68 Ping DHCP server from the relay device: ping 10.0.0.5 source Vlan10; check ACL/firewall rules allow UDP port 67 from relay to server and back
Clients getting IPs from wrong subnet (wrong pool) giaddr not matching any pool on server; server pool misconfigured for this subnet Check DHCP server pools — ensure the client subnet (e.g., 192.168.10.0/24) has its own pool; verify the helper address matches the SVI IP for that VLAN. See DHCP Server Configuration.
Some VLANs work, others don't Helper address missing from specific VLAN SVIs; that VLAN's pool is missing on the server show running-config | include helper — verify each client VLAN SVI has a helper; check DHCP server for a matching pool per VLAN
Relay configured but DHCP server never receives the request Helper address configured on wrong interface (server-facing instead of client-facing) Remember: helper goes on the interface facing the clients, not the server. Check show ip interface for each interface and verify which subnet's clients it serves
DHCP works initially then stops for some clients DHCP pool exhausted on the server; helper is working but server has no more addresses to offer show ip dhcp pool on server — check pool utilisation; clear ip dhcp binding * if stale leases are the issue; consider shortening lease time

Systematic Troubleshooting Approach

! Step 1: Confirm helper is on the correct interface (client-facing, not server-facing)
Switch# show ip interface Vlan10
! Look for: "Helper address is 10.0.0.5"

! Step 2: Confirm the SVI is up/up
Switch# show ip interface brief | include Vlan
! Vlan10 should show "up" in both Status and Protocol columns

! Step 3: Test reachability from relay to DHCP server (source must be SVI IP)
Switch# ping 10.0.0.5 source Vlan10
! If this fails, routing or firewall issue between relay and server

! Step 4: Confirm server has a pool for the client subnet
Router-DHCP# show ip dhcp pool
! Verify a pool with network 192.168.10.0 255.255.255.0 exists

! Step 5: Watch relay activity in real time (lab only)
Switch# debug ip dhcp relay
! Look for "relay: rcvd from" and "relay: sent to" messages

! Step 6: Stop debug
Switch# undebug all

11. Common Misconceptions About DHCP Relay

  • "ip helper-address only needs to be on one interface of the router."
    It must be configured on every interface where clients connect and need relay service. Each client-facing interface requires its own ip helper-address entry. A single global command does not apply to all interfaces.
  • "ip helper-address goes on the interface facing the DHCP server."
    The opposite is true. ip helper-address goes on the interface facing the clients. The relay agent listens on that interface for client broadcasts and forwards them toward the server's address.
  • "ip helper-address only forwards DHCP."
    By default, it forwards eight UDP broadcast protocols including TFTP (69), DNS (53), NetBIOS (137/138), and others. Use no ip forward-protocol udp <port> to disable any protocols you don't need relayed.
  • "The DHCP server can distinguish clients from different VLANs without giaddr."
    Without giaddr, all relayed requests look identical to the server — it cannot determine which subnet the client is on. The giaddr field (set by the relay to its own interface IP) is the mechanism by which the server knows which pool to select. It is essential.
  • "You need a separate DHCP server for each VLAN when using relay."
    Relay allows a single DHCP server to serve unlimited VLANs — that is the entire purpose of DHCP relay. The server uses giaddr to distinguish clients from different VLANs and assigns from the correct pool each time. See DHCP Server Configuration for how to configure multi-VLAN pools.

12. Key Points & Exam Tips

  • DHCP broadcasts (255.255.255.255) are blocked by routers — they do not cross subnet boundaries without a relay agent. See How DHCP Works (DORA).
  • ip helper-address <server-IP> enables DHCP relay on an interface — configured on the client-facing interface (not server-facing).
  • The relay agent converts the client's broadcast to a unicast addressed to the DHCP server.
  • The relay inserts its own IP into the giaddr (Gateway IP Address) field — the server uses giaddr to select the correct pool for the client's subnet.
  • Multiple ip helper-address entries on one interface forward to multiple DHCP servers simultaneously — for redundancy.
  • In multi-VLAN environments, each SVI needs its own ip helper-address — one per VLAN that has clients needing DHCP. See Inter-VLAN Routing on a Layer 3 Switch.
  • By default, helper-address forwards 8 UDP protocols: DHCP (67/68), TFTP (69), DNS (53), Time (37), NetBIOS (137/138). Disable unneeded ones with no ip forward-protocol udp <port>.
  • Verify with: show ip interface <int> — look for "Helper address is X.X.X.X".
  • Test relay-to-server reachability with: ping <server> source <SVI-int>.
  • Check all relay configurations at once: show running-config | include helper.
  • Client with 169.254.x.x = no DHCP response received → first check for missing or wrong ip helper-address.
  • Use debug ip dhcp relay to confirm relay is forwarding in real time (lab only).
  • If ACLs or firewalls exist between relay and server, ensure UDP 67/68 is permitted.

Related pages: How DHCP Works (DORA) | Configuring DHCP on Routers & Switches | ARP & arp -a | VLANs | Layer 3 Switch Routing | ACL Overview | DHCP Relay (Step-by-Step) | DHCP Server Configuration | DHCP Snooping & DAI

13. DHCP Relay Quiz

1. A DHCP server is at 10.0.0.5. Clients on VLAN 10 (192.168.10.0/24) need addresses from this server. The Layer 3 switch SVI for VLAN 10 is configured with IP 192.168.10.1. On which interface and in which direction must ip helper-address 10.0.0.5 be applied?

Correct answer is D. The ip helper-address command must be placed on the interface where client DHCP broadcasts arrive — in this case the VLAN 10 SVI (interface Vlan10 with IP 192.168.10.1). The relay agent listens on this interface for broadcasts from clients. Placing it on the server-facing interface would do nothing — DHCP broadcasts never arrive there. There is no global helper-address command; it must be configured per-interface on each client VLAN. See DHCP Relay Agent (Step-by-Step).

2. A DHCP server serves three VLANs (10, 20, 30) via a relay agent. All three VLAN SVIs are configured with ip helper-address 10.0.0.5. How does the server at 10.0.0.5 know which pool to use for each VLAN's clients?

Correct answer is B. When the relay agent on VLAN 10's SVI (192.168.10.1) relays a DHCP Discover, it sets the giaddr field to 192.168.10.1. When the VLAN 20 SVI (192.168.20.1) relays, giaddr = 192.168.20.1. The DHCP server receives the request and searches all configured pools to find one whose network statement contains the giaddr IP. It selects the matching pool — 192.168.10.0/24 for VLAN 10, 192.168.20.0/24 for VLAN 20 — and assigns from it. One server, multiple pools, each matched by giaddr. See DHCP Server Configuration.

3. A network engineer configures two ip helper-address statements on a switch SVI — one for 10.0.0.5 and one for 10.0.0.6. Both are DHCP servers with identical pools. When a client sends a DHCP Discover, what happens?

Correct answer is C. Multiple ip helper-address entries on the same interface cause the relay to send a unicast copy of every DHCP Discover to all configured helper addresses simultaneously. Both servers receive the request and both may respond with an Offer. The client receives both Offers and accepts the first one that arrives. The other server sees the subsequent DHCP Request (which contains the chosen server's IP in Option 54) and releases its temporarily reserved IP. This provides DHCP redundancy — if one server is down, the other still serves clients.

4. An engineer runs show ip interface Vlan20 and sees "Helper address is not set" for VLAN 20. Clients on VLAN 20 all have 169.254.x.x addresses. VLAN 10, 30, and 40 clients are getting DHCP addresses normally. What is the cause and correct fix?

Correct answer is A. "Helper address is not set" is conclusive — the VLAN 20 SVI has no relay configured. DHCP Discovers from VLAN 20 clients arrive at the SVI but the relay agent is not active, so they are simply dropped. Clients time out and fall to APIPA (169.254.x.x). The fix is: interface Vlan20 → ip helper-address <server-IP>. The fact that other VLANs work confirms the DHCP server and network path are fine — the problem is specifically the missing relay on VLAN 20. See DHCP Relay Agent (Step-by-Step).

5. The ip helper-address is correctly configured and clients can reach the DHCP server by ping, but clients are getting addresses from the wrong subnet pool. A VLAN 30 client (should get 192.168.30.x) is receiving 192.168.10.x addresses. What is the most likely cause?

Correct answer is C. The server selects the pool based on giaddr. If a VLAN 30 client's Discover is being relayed by the VLAN 10 SVI (perhaps because the VLAN 30 SVI doesn't have a helper address and traffic is somehow reaching VLAN 10), the giaddr would be 192.168.10.1. The server would then correctly (from its perspective) assign from the 192.168.10.0/24 pool. Verify which SVI is actually relaying using debug ip dhcp relay and confirm each VLAN's clients are relayed by their own SVI with the correct IP.

6. An engineer wants to ensure that ip helper-address on a router only forwards DHCP traffic (UDP 67/68) and does NOT forward TFTP (UDP 69) or NetBIOS (UDP 137/138). Which commands achieve this?

Correct answer is B. By default, ip helper-address forwards eight UDP broadcast protocols. The ip forward-protocol udp <port> command globally controls which UDP ports are forwarded by all helper-address instances on the router. Using no ip forward-protocol udp 69 (TFTP), no ip forward-protocol udp 137 (NetBIOS NS), and no ip forward-protocol udp 138 (NetBIOS DG) disables forwarding for those protocols, leaving only DHCP (67/68) and any others not disabled. This is the correct and documented method — not a per-helper or per-interface filter.

7. A client on VLAN 10 has the APIPA address 169.254.42.1. The engineer runs show ip interface Vlan10 and confirms "Helper address is 10.0.0.5". The engineer then pings 10.0.0.5 from the switch without specifying a source interface, and the ping succeeds. But clients still get APIPA. What should the engineer test next?

Correct answer is D. The relay agent always uses the SVI's IP address as the source of the relayed packet (it also sets this as the giaddr). A ping without specifying source may use a different interface IP that does have routing to 10.0.0.5 — but the relay's traffic from 192.168.10.1 may not have a route or may be blocked by an ACL or firewall. The correct test is ping 10.0.0.5 source Vlan10 — this tests the exact path the relay will use. If this ping fails while an unspecified ping succeeds, there is a routing asymmetry: traffic from 192.168.10.1 cannot reach 10.0.0.5 but traffic from another switch IP can.

8. In which scenario would you NOT need ip helper-address for DHCP to work?

Correct answer is A. A relay agent is only needed when the DHCP server is on a different subnet from the clients, and a router (or Layer 3 switch) sits between them blocking the DHCP broadcasts. When the DHCP server is running locally on the same Layer 3 switch that the clients are directly connected to, client broadcasts arrive directly at the switch's SVI, and the local DHCP server process handles them without any relay needed. The relay agent's purpose — converting broadcasts to unicast for cross-subnet delivery — is simply not required in this scenario.

9. What is the giaddr field value set to when the VLAN 20 SVI (IP 192.168.20.1) relays a DHCP Discover to server 10.0.0.5, and what critical function does it serve at the server?

Correct answer is C. When the relay agent on VLAN 20's SVI (192.168.20.1) forwards the DHCP Discover, it inserts 192.168.20.1 into the giaddr (Gateway IP Address) field of the DHCP packet. The server at 10.0.0.5 receives the relayed packet and reads giaddr = 192.168.20.1. It then searches all configured pools for one whose network contains 192.168.20.1 — selecting the 192.168.20.0/24 pool. The server assigns an address from this pool and sends the Offer back to the relay address (giaddr). This is the mechanism that allows one DHCP server to serve multiple subnets correctly. See How DHCP Works (DORA).

10. A junior engineer configures ip helper-address 192.168.10.1 (the Vlan10 SVI IP itself) instead of the DHCP server IP 10.0.0.5. What will happen when VLAN 10 clients send DHCP Discovers?

Correct answer is B. ip helper-address forwards the DHCP Discover as a unicast to whatever IP address is configured — it does not validate whether that IP is a DHCP server. If the helper is set to 192.168.10.1 (the switch's own SVI), the switch will send a unicast DHCP packet to itself. Since no DHCP server process is listening on 192.168.10.1 for these relayed packets, they are silently discarded. Clients send multiple Discovers, receive no response, and fall back to APIPA. The fix is simply correcting the helper address to ip helper-address 10.0.0.5. Verify with show ip interface brief and debug ip dhcp relay to confirm.

← Back to Home