Never thought there would be a firewall rule on the switchport blocking DHCP but sure enough.

For someone else finding this thread:

Advanced Networking & Security > Networking > Switches > Switching Profiles

Select nsx-default-switch-security-vif-profile > Actions >  Clone Profile

Uncheck Server Block under DHCP

Then click on Ports and select your DHCP server(s) > Edit > Switching Profiles

Change Switch Security to the new profile you just created

That'll keep DHCP Server blocked for all other servers except the one(s) you want DHCP available from

Thanks

It is not actually a firewall but common security features available on L2 switches. This control regarding DHCP is like DHCP snooping with trusted interfaces on any common switch.

Hello @mauricioamorim  

in DHCP snooping i can add a interface that i trust to relay.

But in this can i add a server that is trusted? 

so in vlan 2 can i add a server that is trusted to handel DHCP ? 

Thank you for posting this, but apparently they changed it in NSX 4.

I found it in Networking, Segments, Profiles.

I could not clone the default profile, so I created a new profile.  Add Segment Profile, Segment Security, turned the Server Block turned off.

Then went to the Distributed Port Groups tab, and on each Distributed Port Group, changed the segment security profile to the new one I created.

I hope this helps, because it's panic time when you implement NSX and suddenly users are not getting DHCP addresses.

And I don't see where you can add the DHCP servers that you want to allow (in NSX 4)

I assume you'll need to add a relay to get DHCP to work so 

networking >> DHCP & add a DHCP relay profile. Then add the profile to the segment.