Newly deploy NSX-T Segments in NSX-T receive the default “segment security policy” which, prevents DHCP from working.
This can be quickly resolved by creating a new “segment security policy” which allows DHCP, which must be assigned to the NSX-T Segments as described in https://kb.vmware.com/s/article/79072
When your environment has a bunch of segments, this can be a daunting task. But not anymore:
This script enables you to change the “segment security policy” for all segments which are connected to a Transport Zone in one go.
You can find the script here.