Virtual machine does not receive a DHCP Server Offers on NSX-T backed network segment
book
Article ID: 371005
calendar_today
Updated On:
Products
VMware NSX
Issue/Introduction
Virtual machine does not receive a DHCP Server Offers on NSX-T backed network segment
Virtual machine connected to overlay or VLAN backed segment
Virtual machine uses DHCP to get an IP address
After sending a DHCP discover message the virtual machine does not receive the DHCP offer
Cause
The NSX-T Segment Security Policy "default-segment-security-policy" has DHCP Server Block enabled by default.
DHCP Server Block & DHCP Client Block are disabled by default.
DHCP Server Block blocks traffic from a DHCP server to a DHCP client.
Note that, it does not block traffic from a DHCP server to a DHCP relay agent.
DHCP Client Block prevents a VM from acquiring a DHCP IP address by blocking DHCP requests. Even after setting “DHCP Server Block” to Disabled, DFW rules is required to allow the DHCP packets.
Resolution
Create a Segment Security Segment Profile with DHCP Server Block disabled
Replace default Segment security profile with Newly created security profile