DHCP

DHCP configuration manages both IPv4 and IPv6 relay, snooping, and related services on NX-OS devices, enabling centralized IP address assignment and security enforcement across network segments. Global settings are organized under hierarchical sub-sections: ip_dhcp_relay controls relay enablement, information options, VPN awareness, trust, server ID override, circuit ID customization, sub-option formatting, and DHCPv4-over-v6; ipv6_dhcp_relay controls IPv6 relay enablement, option79, VPN awareness, smart relay, and IAPD route addition; ip_dhcp_snooping controls snooping enablement, MAC address verification, and information options. DHCP interface-level relay configuration provides per-interface control over relay addresses with VRF support, trusted information options, smart relay, subnet broadcast, and IPv6 relay addresses across loopback, VLAN, Ethernet, and port-channel interfaces.

Diagram

Classes

configuration (nxos.devices)

Name	Type	Constraint	Mandatory	Default Value
dhcp	Class	`[dhcp]`	No

dhcp (nxos.devices.configuration)

Name	Type	Constraint	Mandatory
ip_dhcp_relay	Class	`[ip_dhcp_relay]`	No
ipv6_dhcp_relay	Class	`[ipv6_dhcp_relay]`	No
ip_dhcp_snooping	Class	`[ip_dhcp_snooping]`	No
ip_dhcp_relay	Class	`[ip_dhcp_relay]`	No
ip_dhcp_smart_relay_global	Boolean	`true`, `false`	No
ip_dhcp_packet_strict_validation	Boolean	`true`, `false`	No
ipv6_dhcp_relay	Class	`[ipv6_dhcp_relay]`	No
ip_dhcp_snooping	Class	`[ip_dhcp_snooping]`	No

loopbacks (nxos.devices.configuration.interfaces)

Name	Type	Constraint	Mandatory	Default Value
loopbacks	List	`[loopbacks]`	No

vlans (nxos.devices.configuration.interfaces)

Name	Type	Constraint	Mandatory	Default Value
vlans	List	`[vlans]`	No

ethernets (nxos.devices.configuration.interfaces)

Name	Type	Constraint	Mandatory	Default Value
ethernets	List	`[ethernets]`	No

port_channels (nxos.devices.configuration.interfaces)

Name	Type	Constraint	Mandatory	Default Value
port_channels	List	`[port_channels]`	No

ip_dhcp_relay (nxos.devices.configuration.dhcp)

Name	Type	Constraint	Mandatory
enabled	Boolean	`true`, `false`	No
information_option	Boolean	`true`, `false`	No
information_option_trust	Boolean	`true`, `false`	No
information_option_vpn	Boolean	`true`, `false`	No
information_trust_all	Boolean	`true`, `false`	No
information_option_server_id_override	Boolean	`true`, `false`	No
sub_option_circuit_id_customized	Boolean	`true`, `false`	No
sub_option_circuit_id_format_string	String		No
sub_option_type_cisco	Boolean	`true`, `false`	No
sub_option_format_non_tlv	Boolean	`true`, `false`	No
v4_over_v6	Boolean	`true`, `false`	No
enabled	Boolean	`true`, `false`	No
information_option	Boolean	`true`, `false`	No
information_option_trust	Boolean	`true`, `false`	No
information_option_vpn	Boolean	`true`, `false`	No
information_trust_all	Boolean	`true`, `false`	No
information_option_server_id_override	Boolean	`true`, `false`	No
sub_option_circuit_id_customized	Boolean	`true`, `false`	No
sub_option_circuit_id_format_string	String		No
sub_option_type_cisco	Boolean	`true`, `false`	No
sub_option_format_non_tlv	Boolean	`true`, `false`	No
v4_over_v6	Boolean	`true`, `false`	No

ipv6_dhcp_relay (nxos.devices.configuration.dhcp)

Name	Type	Constraint	Mandatory
enabled	Boolean	`true`, `false`	No
information_option_vpn	Boolean	`true`, `false`	No
option_type_cisco	Boolean	`true`, `false`	No
option79	Boolean	`true`, `false`	No
iapd_route_add	Boolean	`true`, `false`	No
smart_relay_global	Boolean	`true`, `false`	No
enabled	Boolean	`true`, `false`	No
information_option_vpn	Boolean	`true`, `false`	No
option_type_cisco	Boolean	`true`, `false`	No
option79	Boolean	`true`, `false`	No
iapd_route_add	Boolean	`true`, `false`	No
smart_relay_global	Boolean	`true`, `false`	No

ip_dhcp_snooping (nxos.devices.configuration.dhcp)

Name	Type	Constraint	Mandatory
enabled	Boolean	`true`, `false`	No
information_option	Boolean	`true`, `false`	No
verify_mac_address	Boolean	`true`, `false`	No
sub_option_format_non_tlv	Boolean	`true`, `false`	No
sub_option_circuit_id_format_string	String		No
enabled	Boolean	`true`, `false`	No
information_option	Boolean	`true`, `false`	No
verify_mac_address	Boolean	`true`, `false`	No
sub_option_format_non_tlv	Boolean	`true`, `false`	No
sub_option_circuit_id_format_string	String		No

ip (nxos.devices.configuration.interfaces.loopbacks.ip_dhcp_relay)

Name	Type	Constraint	Mandatory
address	IP		No
secondary_addresses	List	IP	No
forward	Boolean	`true`, `false`	No
drop_glean	Boolean	`true`, `false`	No
unnumbered	String		No
directed_broadcast	Boolean	`true`, `false`	No
directed_broadcast_acl	String		No
redirects	Boolean	`true`, `false`	No
unreachables	Boolean	`true`, `false`	No
port_unreachable	Boolean	`true`, `false`	No
verify_unicast_source_reachable_via	Choice	`disabled`, `strict`, `loose`, `loose-allow-default`, `strict-allow-vni-hosts`	No
access_group_in	String		No
access_group_out	String		No
dhcp_relay_information_trusted	Boolean	`true`, `false`	No
dhcp_relay_smart_relay	Boolean	`true`, `false`	No
dhcp_relay_subnet_broadcast	Boolean	`true`, `false`	No
dhcp_relay_information_option	Boolean	`true`, `false`	No
dhcp_relay_source_subnet	String		No
dhcp_relay_addresses	List	`[dhcp_relay_addresses]`	No

ipv6 (nxos.devices.configuration.interfaces.loopbacks.ip_dhcp_relay)

Name	Type	Constraint	Mandatory
address_autoconfig	Boolean	`true`, `false`	No
nd_default_route	Boolean	`true`, `false`	No
forward	Boolean	`true`, `false`	No
link_local_use_bia	Boolean	`true`, `false`	No
address_use_link_local_only	Boolean	`true`, `false`	No
verify_unicast_source_reachable_via	Choice	`disabled`, `strict`, `loose`, `loose-allow-default`, `strict-allow-vni-hosts`	No
address_link_local	String		No
addresses	List	`[addresses]`	No
dhcp_smart_relay	Boolean	`true`, `false`	No
dhcp_relay_addresses	List	`[dhcp_relay_addresses]`	No

ospf (nxos.devices.configuration.interfaces.loopbacks.ip_dhcp_relay)

Name	Type	Constraint	Mandatory
process	String		Yes
advertise_secondaries	Boolean	`true`, `false`	No
advertise_subnet	Boolean	`true`, `false`	No
area	String		No
bfd	Boolean	`true`, `false`	No
cost	Integer	min: `0`, max: `65535`	No
dead_interval	Integer	min: `0`, max: `65535`	No
hello_interval	Integer	min: `0`, max: `65535`	No
mtu_ignore	Boolean	`true`, `false`	No
network	Choice	`unspecified`, `p2p`, `bcast`	No
prefix_attribute_n_flag	Choice	`unspecified`, `clear`	No
passive_interface	Boolean	`true`, `false`	No
priority	Integer	min: `0`, max: `255`	No
retransmit_interval	Integer	min: `1`, max: `65535`	No
transmit_delay	Integer	min: `1`, max: `450`	No
authentication_key	String		No
message_digest_key_id	Integer	min: `0`, max: `255`	No
authentication_key_secure_mode	Boolean	`true`, `false`	No
authentication_key_chain	String		No
message_digest_key	String		No
message_digest_key_secure_mode	Boolean	`true`, `false`	No
authentication	Choice	`unspecified`, `simple`, `md5`, `none`	No

ospfv3 (nxos.devices.configuration.interfaces.loopbacks.ip_dhcp_relay)

Name	Type	Constraint	Mandatory
process	String		Yes
advertise_secondaries	Boolean	`true`, `false`	No
area	String		No
bfd	Boolean	`true`, `false`	No
cost	Integer	min: `0`, max: `65535`	No
dead_interval	Integer	min: `0`, max: `65535`	No
hello_interval	Integer	min: `1`, max: `65535`	No
network	Choice	`none`, `p2p`, `bcast`	No
passive_interface	Boolean	`true`, `false`	No
priority	Integer	min: `0`, max: `255`	No
instance_id	Integer	min: `0`, max: `255`	No
mtu_ignore	Boolean	`true`, `false`	No
retransmit_interval	Integer	min: `1`, max: `65535`	No
transmit_delay	Integer	min: `1`, max: `450`	No

pim (nxos.devices.configuration.interfaces.loopbacks.ip_dhcp_relay)

Name	Type	Constraint	Mandatory
bfd_instance	Boolean	`true`, `false`	No
dr_priority	Integer	min: `1`, max: `4294967295`	No
passive	Boolean	`true`, `false`	No
sparse_mode	Boolean	`true`, `false`	No
border	Boolean	`true`, `false`	No
dr_delay	Integer	min: `1`, max: `65535`	No
jp_policy	String		No
neighbor_policy_route_map	String		No
neighbor_policy_prefix_list	String		No
strict_rfc_compliant	Boolean	`true`, `false`	No

isis (nxos.devices.configuration.interfaces.loopbacks.ip_dhcp_relay)

Name	Type	Constraint	Mandatory
instance_name	String		Yes
circuit_type	Choice	`l1`, `l2`, `l12`	No
ipv4	Boolean	`true`, `false`	No
ipv6	Boolean	`true`, `false`	No
network_point_to_point	Choice	`off`, `on`, `use-all-is-mac`	No
passive_interface	Choice	`l1`, `l2`, `l12`, `no-l1`, `no-l2`, `no-l12`, `inherit-def`	No
metric_level_1	Integer	min: `0`, max: `16777216`	No
metric_level_2	Integer	min: `0`, max: `16777216`	No
ipv6_metric_level_1	Integer	min: `0`, max: `16777216`	No
ipv6_metric_level_2	Integer	min: `0`, max: `16777216`	No
priority_level_1	Integer	min: `0`, max: `127`	No
priority_level_2	Integer	min: `0`, max: `127`	No
hello_interval	Integer	min: `1`, max: `65535`	No
hello_interval_level_1	Integer	min: `1`, max: `65535`	No
hello_interval_level_2	Integer	min: `1`, max: `65535`	No
hello_multiplier	Integer	min: `3`, max: `1000`	No
hello_multiplier_level_1	Integer	min: `3`, max: `1000`	No
hello_multiplier_level_2	Integer	min: `3`, max: `1000`	No
hello_padding	Choice	`always`, `transient`, `never`	No
authentication_check	Boolean	`true`, `false`	No
authentication_check_level_1	Boolean	`true`, `false`	No
authentication_check_level_2	Boolean	`true`, `false`	No
authentication_key_chain	String		No
authentication_key_chain_level_1	String		No
authentication_key_chain_level_2	String		No
authentication_type	Choice	`clear`, `md5`, `unknown`	No
authentication_type_level_1	Choice	`clear`, `md5`, `unknown`	No
authentication_type_level_2	Choice	`clear`, `md5`, `unknown`	No
mtu_check	Boolean	`true`, `false`	No
mtu_check_level_1	Boolean	`true`, `false`	No
mtu_check_level_2	Boolean	`true`, `false`	No
bfd	Boolean	`true`, `false`	No
ipv6_bfd	Boolean	`true`, `false`	No
csnp_interval_level_1	Integer	min: `1`, max: `65535`	No
csnp_interval_level_2	Integer	min: `1`, max: `65535`	No
lsp_interval	Integer	min: `10`, max: `65535`	No
retransmit_interval	Integer	min: `1`, max: `65535`	No
retransmit_throttle_interval	Integer	min: `20`, max: `65535`	No
mesh_group	Integer	min: `0`, max: `4294967295`	No
mesh_group_blocked	Boolean	`true`, `false`	No
n_flag_clear	Boolean	`true`, `false`	No
suppress_prefix	Boolean	`true`, `false`	No

nd (nxos.devices.configuration.interfaces.loopbacks.ip_dhcp_relay)

Name	Type	Constraint	Mandatory
ra_boot_file_url	String		No
suppress_ra	Boolean	`true`, `false`	No
suppress_ra_mtu	Boolean	`true`, `false`	No
managed_config_flag	Boolean	`true`, `false`	No
other_config_flag	Boolean	`true`, `false`	No
redirects	Boolean	`true`, `false`	No
dad_attempts	Integer	min: `0`, max: `15`	No
dad_ns_interval	Integer	min: `1000`, max: `6000`	No
delete_adjacency_on_mac_delete	Boolean	`true`, `false`	No
dns_search_list_suppress	Boolean	`true`, `false`	No
dns_suppress	Boolean	`true`, `false`	No
hop_limit	Integer	min: `0`, max: `255`	No
mac_extract	Choice	`none`, `nud-phase`, `exclude-nud-phase`	No
mtu	Integer	min: `1280`, max: `65535`	No
ns_interval	Integer	min: `1000`, max: `3600000`	No
ra_interval	Integer	min: `4`, max: `1800`	No
ra_interval_minimum	Integer	min: `3`, max: `1350`	No
ra_lifetime	Integer	min: `0`, max: `9000`	No
reachable_time	Integer	min: `0`, max: `3600000`	No
retrans_timer	Integer	min: `0`, max: `4294967295`	No
suppress_ra_route	Boolean	`true`, `false`	No
router_preference	Choice	`unspecified`, `low`, `medium`, `high`	No

hsrp (nxos.devices.configuration.interfaces.vlans.ip_dhcp_relay)

Name	Type	Constraint	Mandatory
version	Integer	min: `1`, max: `2`	No
bfd	Boolean	`true`, `false`	No
use_bia	Boolean	`true`, `false`	No
use_bia_scope	Choice	`global`, `local`	No
delay_minimum	Integer	min: `0`, max: `10000`	No
delay_reload	Integer	min: `0`, max: `10000`	No
mac_refresh	Integer	min: `0`, max: `10000`	No
groups	List	`[groups]`	No

switchport (nxos.devices.configuration.interfaces.ethernets.ip_dhcp_relay)

Name	Type	Constraint	Mandatory
enabled	Boolean	`true`, `false`	No
mode	Choice	`access`, `trunk`, `fex-fabric`, `dot1q-tunnel`, `promiscuous`, `host`, `trunk-secondary`, `trunk-promiscuous`, `vntag`	No
access_vlan	Integer	min: `1`, max: `4094`	No
trunk_native_vlan	Integer	min: `1`, max: `4094`	No
trunk_allowed_vlans	Class	`[trunk_allowed_vlans]`	No
transparent_mode	Boolean	`true`, `false`	No
voice_cos	Integer	min: `-1`, max: `7`	No
voice_trust	Boolean	`true`, `false`	No
voice_vlan	Integer	min: `1`, max: `4092`	No
voice_vlan_type	Choice	`none`, `tagged`, `dot1p`, `untagged`	No

subinterfaces (nxos.devices.configuration.interfaces.ethernets.ip_dhcp_relay)

Name	Type	Constraint	Mandatory
id	Integer		Yes
interface_groups	List	String	No
shutdown	Boolean	`true`, `false`	No
bandwidth	Integer	min: `0`, max: `3200000000`	No
delay	Integer	min: `1`, max: `16777215`	No
description	String		No
encapsulation	String		No
logging_event_port_link_status	Boolean	`true`, `false`	No
medium	Choice	`broadcast`, `p2p`	No
mtu	Integer	min: `576`, max: `9216`	No
mtu_inherit	Boolean	`true`, `false`	No
mac_address	String		No
mac_ipv6_extract	Boolean	`true`, `false`	No
snmp_trap_link_status	Boolean	`true`, `false`	No
vrf	String		No
hsrp	Class	`[hsrp]`	No

spanning_tree (nxos.devices.configuration.interfaces.ethernets.ip_dhcp_relay)

Name	Type	Constraint	Mandatory
bpdufilter	Boolean	`true`, `false`	No
bpduguard	Boolean	`true`, `false`	No
cost	Integer	min: `0`, max: `200000000`	No
guard	Choice	`root`, `loop`, `none`	No
link_type	Choice	`auto`, `p2p`, `shared`	No
port_type	Choice	`edge`, `network`, `normal`	No
port_priority	Integer	min: `0`, max: `224`	No

dhcp_relay_addresses (nxos.devices.configuration.interfaces.loopbacks.ip_dhcp_relay.ip)

Name	Type	Constraint	Mandatory	Default Value
address	String		Yes
vrf	String		No

addresses (nxos.devices.configuration.interfaces.loopbacks.ip_dhcp_relay.ipv6)

Name	Type	Constraint	Mandatory
address	String		Yes
type	Choice	`primary`, `secondary`	No
tag	Integer	min: `0`, max: `4294967295`	No
eui64	Boolean	`true`, `false`	No
route_preference	Integer	min: `0`, max: `255`	No

dhcp_relay_addresses (nxos.devices.configuration.interfaces.loopbacks.ip_dhcp_relay.ipv6)

Name	Type	Constraint	Mandatory	Default Value
address	String		Yes
vrf	String		No

groups (nxos.devices.configuration.interfaces.vlans.ip_dhcp_relay.hsrp)

Name	Type	Constraint	Mandatory
id	Integer	min: `0`, max: `4095`	Yes
address_family	Choice	`ipv4`, `ipv6`	Yes
authentication_md5_compatibility	Boolean	`true`, `false`	No
authentication_md5_key_chain	String		No
authentication_md5_key_string	String		No
authentication_md5_key_string_type	Choice	`unencrypted`, `hidden`	No
authentication_md5_timeout	Integer	min: `0`, max: `32767`	No
authentication_md5_type	Choice	`key-chain`, `key-string`	No
authentication_text	String		No
authentication_type	Choice	`simple`, `md5`	No
follow	String		No
forwarding_threshold_lower	Integer	min: `0`, max: `255`	No
timers_hello_interval	Integer	min: `250`, max: `254000`	No
timers_hold_interval	Integer	min: `750`, max: `255000`	No
ip	String		No
mac_address	String		No
name	String		No
preempt	Boolean	`true`, `false`	No
preempt_delay_minimum	Integer	min: `0`, max: `3600`	No
preempt_delay_reload	Integer	min: `0`, max: `3600`	No
preempt_delay_sync	Integer	min: `0`, max: `3600`	No
priority	Integer	min: `0`, max: `255`	No

trunk_allowed_vlans (nxos.devices.configuration.interfaces.ethernets.ip_dhcp_relay.switchport)

Name	Type	Constraint	Mandatory	Default Value
ids	List	Integer[min: `1`, max: `4094`]	No
ranges	List	`[ranges]`	No

ranges (nxos.devices.configuration.interfaces.ethernets.ip_dhcp_relay.switchport.trunk_allowed_vlans)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `1`, max: `4094`	Yes
to	Integer	min: `1`, max: `4094`	Yes

Examples

Example 1: Basic DHCP relay with option 82 insertion for a leaf switch

nxos:
  devices:
    - name: LEAF1
      configuration:
        dhcp:
          ip_dhcp_relay:
            enabled: true
            information_option: true
            information_option_vpn: true

Example 2: DHCP snooping with MAC verification for access layer security

nxos:
  devices:
    - name: LEAF2
      configuration:
        dhcp:
          ip_dhcp_relay:
            enabled: true
            information_option: true
            information_option_trust: true
          ip_dhcp_snooping:
            enabled: true
            information_option: true
            verify_mac_address: true

Example 3: Full DHCP configuration with IPv6 relay, smart relay, and custom circuit ID

nxos:
  devices:
    - name: BORDER-LEAF1
      configuration:
        dhcp:
          ip_dhcp_relay:
            enabled: true
            information_option: true
            information_option_vpn: true
            information_option_trust: true
            information_option_server_id_override: true
            sub_option_circuit_id_customized: true
            sub_option_circuit_id_format_string: "%p:%v"
            sub_option_type_cisco: true
          ipv6_dhcp_relay:
            enabled: true
            option79: true
            smart_relay_global: true
          ip_dhcp_snooping:
            enabled: true
            verify_mac_address: true
          ip_dhcp_packet_strict_validation: true

Example 4: Interface-level DHCP relay with IPv4 and IPv6 relay addresses on a VLAN SVI

nxos:
  devices:
    - name: LEAF1
      configuration:
        interfaces:
          vlans:
            - id: 100
              ip_dhcp_relay:
                addresses:
                  - address: 10.1.1.1
                  - address: 10.1.1.2
                    vrf: management
              ipv6_dhcp_relay_addresses:
                - address: 2001:db8::1
                  vrf: management