DHCP snooping
DHCP snooping is a Layer 2 security technology that prevents rogue DHCP servers from offering IP addresses to DHCP clients. Malicious attackers often use rogue DHCP servers in man-in-the-middle or denial-of-service (DoS) attacks.
You can configure DHCP snooping globally on your switch or on individual VLANs, set trusted ports that you know have DHCP servers connected to them, and have the switch verify all DHCP traffic on untrusted ports.
Settings
Go to My Products > Switches > Switches, select the switch or site where you want to configure DHCP snooping, and go to L3 protocols > DHCP snooping > Settings to configure the DHCP snooping.
Status
Status turns DHCP snooping on or off globally for the switch or site.
Select Enabled or Disabled to turn DHCP snooping on or off.
Select Not set to use the DHCP snooping status configured locally on the switch.
Once you've selected an option, select whether or not you want to synchronize the settings to the switches immediately, then click Save.
MAC address verification
When you turn on MAC address verification, the switch verifies the DHCP packets on untrusted ports to make sure that the source MAC address and the endpoint hardware address match.
Select Enabled or Disabled to turn MAC address verification on or off.
Select Not set to use the MAC address verification settings configured locally on the switch.
Once you've selected an option, select whether or not you want to synchronize the settings to the switches immediately, then click Save.
VLAN settings
You can turn DHCP snooping on or off for each VLAN on the switch.
Select Enabled or Disabled to turn DHCP snooping on or off for the specified VLAN.
Select Not set to use the DHCP snooping status configured locally on the switch.
Once you've selected an option, select whether or not you want to synchronize the settings to the switches immediately, then click Save.
Configuration source shows the origin of the DHCP snooping settings for that VLAN.
Trust port settings
You can configure each port on your switch as trusted or untrusted. Trusted ports are ports connected to DHCP servers. The switch allows DHCP traffic to flow through trusted ports and automatically forwards DHCP messages on them.
Note
If you turn off DHCP snooping, the switch treats all ports as trusted.
Select Trusted or Untrusted to set the status of the specified port.
Select Not set to use the trust port status configured locally on the switch.
Once you've selected an option, select whether or not you want to synchronize the settings to the switches immediately, then click Save.
Configuration source shows the origin of the port's trust status.
Binding list
The Binding list shows the MAC address to IP bindings, including the VLAN and port the device connects to.