Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=switch-management-DHCP-snooping

DHCP snooping

DHCP snooping is a layer two security technology that drops DHCP traffic determined to be unacceptable.

Primarily, DHCP snooping is used to prevent unauthorized (rogue) DHCP servers from offering IP addresses to DHCP clients. Rogue DHCP servers are often used by malicious attackers in man-in-the-middle or denial-of-service (DoS) attacks.

Settings

To configure DHCP snooping, do as follows:

  1. Go to Switches, select the switch you want to configure, then select L3 protocols.
  2. Select DHCP snooping.
  3. Select Settings.

  4. Select the status for DHCP snooping either globally or per VLAN. The options are as follows:

    Option Description
    Not set DHCP snooping isn't configured.
    Enabled Turn on DHCP snooping.
    Disabled Turn off DHCP snooping.

Binding list

The Binding list shows the MAC address to IP bindings, including the VLAN and port on which the device is connected.