DHCP Deployment Considerations

Before defining an DHCP server configuration, refer to the following deployment guidelines to ensure the configuration is optimally effective:

  • DHCP's lack of an authentication mechanism means a DHCP server cannot check if a client or user is authorized to use a given user class. This introduces a vulnerability when using user class options. For example, if a user class is used to assign a special parameter (for example, a database server), there is no way to authenticate a client and it's impossible to check if a client is authorized to use this parameter.
  • Ensure that traffic can pass on UDP ports 67 and 68 for clients receiving DHCP information.