Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
The defined pool of IP addresses a DHCP server leases to clients, plus subnet mask, gateway, and DNS options for one subnet.
DHCP Scope Definition: The defined pool of IP addresses a DHCP server leases to clients, plus subnet mask, gateway, and DNS options for one subnet.
A DHCP scope is the configured range of IP addresses that a Dynamic Host Configuration Protocol (DHCP) server is authorized to lease to clients on a given subnet, together with the associated options it hands out, such as subnet mask, default gateway, DNS servers, and lease duration. It is the core unit of automated IP address management for one network segment.
When a client broadcasts a DHCPDISCOVER, the server selects an available address from the matching scope and offers it through the DORA exchange (Discover, Offer, Request, Acknowledge). Each scope defines a start and end address, excluded ranges or reservations for static devices, and scope-level options. The server tracks active leases and their expiration so addresses return to the pool when leases lapse, preventing exhaustion and duplicate assignments.
Scope design matters for security and reliability. An oversized or overlapping scope can cause address conflicts and outages, while a scope with no controls lets rogue devices obtain addresses and reach internal resources. Attackers exploit weak DHCP environments with starvation attacks that drain a scope or rogue DHCP servers that hand out malicious gateway and DNS settings, enabling man-in-the-middle interception. DHCP snooping on switches mitigates this by trusting only authorized scopes and servers.
For example, a network engineer configures scope 10.20.0.100 through 10.20.0.250 for the staff VLAN, sets the gateway to 10.20.0.1, points DNS to internal resolvers, and excludes 10.20.0.100 through 10.20.0.110 for printers and switches assigned statically. When a laptop joins the VLAN it automatically receives 10.20.0.137 with the correct options. Pairing this scope with DHCP snooping ensures that if an attacker plugs in a rogue DHCP server, the switch drops its offers and clients keep receiving the legitimate scope's settings.
DHCP Scope is one of the topics you'll master in the CCNA Boot Camp.
CCNA Boot Camp →