DHCP snooping

In computer networking, DHCP snooping is a series of techniques applied to improve the security of a DHCP infrastructure.

[1] DHCP servers allocate IP addresses to clients on a LAN.

DHCP snooping can be configured on LAN switches to exclude rogue DHCP servers and remove malicious or malformed DHCP traffic.

In addition, information on hosts which have successfully completed a DHCP transaction is accrued in a database of bindings which may then be used by other security or accounting features.

[2][3] Other features may use DHCP snooping database information to ensure IP integrity on a Layer 2 switched domain.

Example showing how DHCP snooping works