Hyper-V Networking–DHCP Guard

If you start digging into the advanced settings section of a virtual network adapter – there is a lot of interesting stuff to look at.  Today I’m going to talk about the DHCP guard setting:

image

This setting stops the virtual machine from making DHCP offers over this network interface.  To be clear – this does not affect the ability to receive a DHCP offer (i.e. if you need to use DHCP to acquire an IP address that will work) it only blocks the ability for the virtual machine to act as a DHCP server.

Two questions that I often get about this feature are:

  1. Why would I want to enable this option?

    Imagine you have a DHCP server virtual machine that is connected to multiple virtual networks.  You want to make sure that DHCP offers are only provided on one specific virtual network.  In this case you would enable the DHCP guard on any networks where you did not want the virtual machine to act as a DHCP server.

  2. Why isn’t this option enabled by default everywhere?

    DHCP guard does have a, relatively minimal, impact on performance.  Given that most virtual machines are not running DHCP servers it is not enabled by default, as it is not needed.

You can configure this setting through the UI or with PowerShell.  To configure it with PowerShell you should use the DHCPGuard parameter on the Set-VMNetworkAdapter cmdlet:

image

Cheers,
Ben