What Is DHCP Snooping and How It Works?
DHCP snooping when enabled on the switch, prevents the unauthorized (rogue) DHCP server from offering the IP parameters to the DHCP clients.
The DHCP snooping feature validates the DHCP server messages (offer and acknowledgement). It filters out the DHCP messages sourced from an unrtusted port.
It builds and maintains the DHCP snooping binding database.
When DHCP snooping is enabled on the switch, all the switchports are moved into untrusted category. The DHCP server message sourced from the Trusted port is valid. Therefore, we need to configure the switchport conencted to DHCP server as ‘trusted’, so that it can send the OFFER and ACK message. All the other switchports are still in untrusted category, even the port on which the rogure DHCP server is conencted is an untrusted port.
Thus, the DHCP server messages from the trusted ports are accepted and the “man in the middle attack” is prevented by not letting the rogue DHCP server to Offer IP parameters to the clients.
Hope it helps!
Thanks!