DHCP snooping is a layer two security technology that drops DHCP traffic determined to be unacceptable.
Primarily, DHCP snooping is used to prevent unauthorized (rogue) DHCP servers from offering IP addresses to DHCP clients. Rogue DHCP servers are often used by malicious attackers in man-in-the-middle or denial-of-service (DoS) attacks.
To configure DHCP snooping, do as follows:
- Go to Switches, select the switch you want to configure, then select L3 protocols.
- Select DHCP snooping.
- Select Settings.
Select the status for DHCP snooping either globally or per VLAN. The options are as follows:
Option Description Not set DHCP snooping isn't configured. Enabled Turn on DHCP snooping. Disabled Turn off DHCP snooping.
The Binding list shows the MAC address to IP bindings, including the VLAN and port on which the device is connected.