DHCP Configuration

DHCP Leases: Time, Renewal, and “Why It Broke”

DHCP doesn’t “give you an IP forever.” It gives you a lease: temporary permission to use an IP address (plus options like gateway and DNS). Understanding lease timing is the difference between guessing and diagnosing outages like scope exhaustion, stale clients after network changes, and intermittent renew failures.

After this page, you should be able to:

  • Explain what a DHCP lease is (and what it includes)
  • Describe the lease lifecycle: ACK → renew → rebind → expire
  • Choose lease durations for stable vs high-churn networks
  • Recognize common lease-related failure patterns and what to check next
  • Verify lease timing and renewal behavior from a Windows client

What a DHCP Lease Is

A DHCP lease is a time-bound agreement: the server allows a specific client to use a specific IP address for a defined period. The lease also includes the configuration that makes the network usable (gateway/DNS/etc.).

Why leases exist:

  • Reuse addresses efficiently (devices come and go)
  • Scale without manual IP management
  • Reduce conflicts by tracking who “owns” an address right now
  • Allow change over time (options can be updated on renewal)

Lease Lifecycle (The Practical Timeline)

DORA gets you a lease (Offer/Request/ACK). After that, most of DHCP’s “action” happens quietly during renewals. Clients attempt to renew before a lease expires so they keep the same address.

Two useful concepts (kept simple): T1 is the “early renew” point, and T2 is the “late renew / rebind” point. If the server can’t be reached at T1, the client tries harder at T2 (often by talking to any available DHCP server).

Time  ───────────────────────────────────────────────────────────────────────────────>

Lease granted (DHCPACK)
  |
  |  Client uses IP + options
  |
  |  T1 (early renew): client tries to renew with the original server
  |-------------------(unicast renew attempt)---------------------------------------->
  |
  |  T2 (late renew / rebind): if renew failed, client tries more broadly
  |-------------------(rebind attempt to any server)--------------------------------->
  |
  |  Expiration: if renewal fails, client must stop using the address and re-DORA
  v

What Happens When a Lease Expires

When a lease expires and the client can’t renew, the client no longer has permission to use that IP. The next step is effectively “start over” (new DORA).

Common symptoms when lease renewal fails:

  • Client falls back to 169.254.x.x (APIPA) or shows “limited connectivity”
  • Client keeps an old IP briefly but can’t reach anything reliably
  • Intermittent drops around the time leases should be renewing

Lease Duration Strategy (High Level)

Lease duration is a tradeoff: shorter leases reclaim addresses faster; longer leases reduce churn and renewal noise. The “best” value depends on how quickly devices come and go.

Stable LAN

Longer leases are usually fine (devices are predictable).

Guest Wi‑Fi

Shorter leases help reclaim addresses as guests leave.

Labs / training

Short-to-medium leases keep things tidy when you rebuild often.

Common Lease-Related Failure Patterns

Scope exhaustion (no free addresses)

What you observe: Some clients can’t get leases; failures increase over time; renews fail.

What it usually means: The pool is too small, leases are too long for churn, or old leases aren’t being reclaimed.

  • What to check next: scope statistics (active vs available), pool size, lease duration

“Stale” clients after a network change

What you observe: Devices “used to work,” now can’t; renew results in odd IP/mask/gateway.

What it usually means: VLAN/subnet changed, but clients are still holding old leases or the wrong scope is being applied.

  • What to check next: client subnet/VLAN, release/renew, scope subnet/mask match

Duplicate IPs (static devices inside the DHCP pool)

What you observe: Random drops, “duplicate address” warnings, ARP weirdness.

What it usually means: Someone manually configured a static IP in the dynamic range, or pool design doesn’t separate infrastructure from clients.

  • What to check next: pool boundaries, exclusions/reservations strategy, conflicting hosts

Intermittent renew failures (relay/firewall/UDP 67/68)

What you observe: Clients work for a while, then drop around renewal windows.

What it usually means: DHCP traffic is being blocked or relayed inconsistently; renew/rebind messages aren’t reaching the server(s).

  • What to check next: relay config on the L3 gateway, firewall rules for UDP 67/68

Clients keep old DNS/gateway after you change options

What you observe: You updated DHCP options, but some clients still use old DNS/gateway.

What it usually means: Options typically update on renew; some clients won’t pick up changes until renewal (or until you force a release/renew).

  • What to check next: lease timing on affected clients; force release/renew

Rogue DHCP server handing out bad leases

What you observe: Some clients get weird settings or short leases; behavior is inconsistent.

What it usually means: Another DHCP server is responding (accidental router/AP feature, lab appliance, misconfigured VM).

  • What to check next: which DHCP server issued the lease (client output), packet capture if needed

Hands-on: Verify Lease Timing on a Windows Client

Check lease details:

ipconfig /all

Look for: DHCP Server, Lease Obtained, Lease Expires, IPv4 Address, Subnet Mask, Default Gateway, and DNS Servers.

Force a fresh lease (fastest way to test renewal path):

ipconfig /release
ipconfig /renew

If /renew hangs or fails, you’re likely in “no Offer/ACK” territory (relay, firewall, scope match, server availability).

Optional (PowerShell):

Get-NetIPConfiguration

Where to see DHCP client logs (Windows)

Event Viewer → Applications and Services Logs → Microsoft → Windows → DHCP-Client → Operational

Server-Side Visibility (Brief)

DHCP servers track leases: which IPs are active, which are available, and which client holds which address. When troubleshooting, server-side lease tables help you confirm whether the issue is “no addresses left” vs. “clients can’t reach the server.”

Windows DHCP: DHCP management console → Server → IPv4 → Scopes → Address Leases / Scope [Statistics].

Next Up: DHCP Options (Why Changes Feel “Delayed”)

DHCP options matter as much as the IP address. If you change gateway/DNS options, clients often won’t pick up the change until they renew their lease—which can make fixes feel delayed. Next, we’ll go deep on DHCP options and how wrong options make a healthy network look broken.

Key Takeaways

  • A lease is temporary permission to use an IP address plus options.
  • Most of DHCP’s “life” is renewals, not the initial DORA exchange.
  • T1/T2 are practical checkpoints: early renew → later rebind → expire if all fails.
  • Scope exhaustion is common and usually a pool sizing + lease duration problem.
  • “Got an IP but nothing works” is often options (gateway/DNS/mask), not a lease failure.
  • Option changes can feel delayed because clients update on renew unless you force it.
  • Verify from the client first: ipconfig /all shows lease timing and the issuing DHCP server.

If you can read lease timing, you can predict and prevent a huge class of DHCP outages. Leases aren’t just a timer—they’re the operational heartbeat of address management.