What traffic will DHCP snooping drop?

08 Jun

DHCP snooping will drop DHCP messages from a DHCP server that is not trusted. Trusted DHCP servers are identified by configuring a switchport’s DHCP snooping trust state. DHCP server messages can flow through switchports that have a DHCP snooping trusted state. DHCP server messages will be dropped if attempting to flow through a switchport that is not trusted.

Learn more: how DHCP works?

DHCP messages where the source MAC and embedded client hardware MAC do not match will also be dropped, although this protection can be defeated; badly written vendor IP implementations can cause this to happen with a surprising amount of frequency, the most common scenario being a DHCP request for one interface being forwarded through another interface on that same device.

DHCP snooping will also drop messages that release a lease or decline an offer, if the release or decline message is received on a switchport other than the port that the original DHCP conversation was held. This prevents a third party from terminating a lease or declining a DHCP offer on behalf of the actual DHCP client.

* The email will not be published on the website.