Configuring DHCP snooping
DHCP snooping works between the DHCP client and server, or between the DHCP client and DHCP relay agent. It guarantees that DHCP clients obtain IP addresses from authorized DHCP servers. Also, it records
DHCP snooping does not work between the DHCP server and DHCP relay agent.
Overview
DHCP snooping defines trusted and untrusted ports to make sure clients obtain IP addresses only from authorized DHCP servers.
•
•
DHCP snooping reads
Application of trusted ports
Configure ports facing the DHCP server as trusted ports, and configure other ports as untrusted ports.
As shown in Figure 283, configure the DHCP snooping device's port that is connected to the DHCP server as a trusted port. The trusted port forwards response messages from the DHCP server to the client. The untrusted port connected to the unauthorized DHCP server discards incoming DHCP response messages.
306