DHCP Snooping
Prevents rogue DHCP servers from connecting to the network.
Blocks DHCP server to client messages on untrusted ports: DHCP Offer, and DHCP ACK
All ports are untrusted by default.
- ID Trusted ports for DHCP servers and trunk ports towards a DHCP server
- Enable on switch
- Enable on VLAN
ip dhcp snooping
ip dhcp snooping database flash:/snoop.db
ip dhcp snooping vlan 123
int gi1/0/1
ip dhcp snooping trustOptional configuration on client ports
int range gi1/0/2-24
ip dhcp snooping limit rate 10If using an IOS device as the DHCP server
ip dhcp relay information trustVerification commands
show ip dhcp snooping
show ip dhcp snooping binding
