Information About DHCP Snooping
DHCP snooping functions like a firewall between untrusted hosts and trusted DHCP servers by doing the following:
-
Validates DHCP messages received from untrusted sources and filters out invalid response messages from DHCP servers.
-
Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.
-
Uses the DHCP snooping binding database to validate subsequent requests from untrusted hosts.
Dynamic ARP Inspection (DAI) and IP Source Guard also use information stored in the DHCP snooping binding database.
DHCP snooping is enabled globally and per VLAN. By default, DHCP snooping is inactive on all VLANs. You can enable the feature on a single VLAN or a range of VLANs.