Académique Documents
Professionnel Documents
Culture Documents
DHCP snooping is a layer 2 security technology feature that acts like a firewall
between untrusted hosts and trusted DHCP servers
Validates DHCP messages received from untrusted sources and filters out
invalid messages.
Builds and maintains the DHCP snooping binding database, which contains
information about untrusted hosts with leased IP addresses.
Untrusted Sources
Trusted Source
How it works
DHCP snooping will drop DHCP messages from a DHCP server that is not trusted.
DHCP server messages will be dropped if attempting to flow through a switchport that
is not trusted.
DHCP messages where the source MAC and embedded client hardware MAC do not
match will also be dropped
DHCP snooping will also drop messages that release a lease or decline an offer
Note:For DHCP snooping to function properly, all DHCP servers must be connected to the
switch through trusted interfaces, as untrusted DHCP messages will be forwarded only to
trusted interfaces.
Thank You