DHCP Snooping

What is DHCP Snooping

DHCP snooping is a layer 2 security technology feature that acts like a firewall
between untrusted hosts and trusted DHCP servers

The DHCP snooping feature performs the following activities:

o

Validates DHCP messages received from untrusted sources and filters out
invalid messages.

Rate-limits DHCP traffic from trusted and untrusted sources

Builds and maintains the DHCP snooping binding database, which contains
information about untrusted hosts with leased IP addresses.

Utilizes the DHCP snooping binding database to validate subsequent requests

from untrusted hosts.

Trusted and Untrusted Sources

Untrusted Sources

Host ports and unknown DHCP servers are generally treated as

untrusted sources.

Any device beyond the firewall or outside your network is an untrusted

source

Trusted Source

Devices under your administrative control are trusted sources

These devices include the switches, routers, and servers in your

network

How it works

DHCP snooping will drop DHCP messages from a DHCP server that is not trusted.

DHCP server messages will be dropped if attempting to flow through a switchport that
is not trusted.

DHCP messages where the source MAC and embedded client hardware MAC do not
match will also be dropped

DHCP snooping will also drop messages that release a lease or decline an offer

Note:For DHCP snooping to function properly, all DHCP servers must be connected to the
switch through trusted interfaces, as untrusted DHCP messages will be forwarded only to
trusted interfaces.

How does DHCP snooping track

information

DHCP snooping stores its observations in a database containing the

client MAC address, DHCP assigned IP address, remaining lease time,
VLAN, and switchport stored in device flash

Thank You