Hyper-V Program Manager
If you start digging into the advanced settings section of a virtual network adapter – there is a lot of interesting stuff to look at. Today I’m going to talk about the DHCP guard setting:
This setting stops the virtual machine from making DHCP offers over this network interface. To be clear – this does not affect the ability to receive a DHCP offer (i.e. if you need to use DHCP to acquire an IP address that will work) it only blocks the ability for the virtual machine to act as a DHCP server.
Two questions that I often get about this feature are:
You can configure this setting through the UI or with PowerShell. To configure it with PowerShell you should use the DHCPGuard parameter on the Set-VMNetworkAdapter cmdlet:
If the MS implementation works the same way as the Cisco DHCP Snooping feature, it does not block the DHCP offer packet. It blocks the DHCP Discover packet reaching any non-trusted DHCP server. So the rogue DHCP server does not even have a chance to respond to client requests, because the DHCP discover packet is not transmitted to those rogue servers. Big difference allowing the request received but not allowing to transmit a rogue answer OR not even allowing to receive the request.
You are correct. We block both discover and outbound offer packets.
Using this functional impact on performance?