DHCP Snooping Operations
Last updated
Last updated
If a DHCP message is received on a trusted port, forward it as normal without inspection.
If a DHCP message is received on an untrusted port, inspect it and act as follows:
If it is a DHCP Server message, discard it.
If it is a DHCP Client message, perform the following checks:
DISCOVER/REQUEST messages: Check if the frame's source MAC address and the DHCP message's CHADDR fields match. Match = forward, mismatch = discard.
RELEASE/DECLINE messages: Check if the packet's source IP address and the receiving interface match the entry in the DHCP Snooping Binding Table. Match = forward, mismatch = discard.
When a client successfully leases an IP address from a server, create a new entry in the DHCP Snooping Binding Table.
RELEASE/DECLINE messages will be checked to make sure their IP address/interface ID match the entry in the DHCP snooping table.
