Dynamic Host Configuration Protocol (DHCP) Snooping

DHCP snooping is a layer 2 security technology built into the operating system of a capable network switch that drops DHCP traffic determined to be unacceptable. The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients.

Dynamic Host Configuration Protocol (DHCP) assigns dynamic IP addresses to devices on a network. DHCP ensures that network devices have a different IP address every time the device connects to the network.

To activate the DHCP Snooping

1. Navigate to Policies > Policy Hierarchy > Switch Policy.
2. Select the System tab and scroll down to the IGMP Snooping section.
3. Enable the toggle bar, DHCP Snooping Enable.
4. Enable the toggle bar Mac Verify. If the device receives a packet on an untrusted interface and the source MAC address and the DHCP client hardware address do not match, address verification causes the device to drop the packet, if you enable this option.