What is DHCP snooping?
DHCP snooping is a security feature set up to protect the DHCP infrastructure. It prevents unauthorized access to the DHCP network by unknown computers or malicious softwares. DHCP or Dynamic Host Configuration Protocol is involved in automatically assigning IP addresses to all computers attached to the network. With DHCP snooping, only registered users are allowed access to the entire network.
Using DHCP snooping, network administrators can limit on who or what can access to the network. Only computers with authorized IP addresses or MAC addresses are given access. At various ports, network administrators can limit the number of computers or DHCP clients that are permitted access. Through DHCP snooping, one would also know where a particular IP address was used at any given time.
The DHCP snooping process works by filtering out unwanted DHCP messages and maintaining a DHCP binding table. This DHCP messages are considered untrusted and may cause increased unnecessary network traffic. The DHCP binding table meanwhile maintains the IP address, MAC address, binding type, VLAN number, lease time, and information regarding an untrusted interface. DHCP snooping is more or less like some firewall or barrier between a particular untrusted and/or unwanted hosts and the DHCP server. Through this security feature also, one will be able to identify the differences between untrusted interfaces on the DHCP client computer and trusted interfaces linked to a particular switch or the DHCP server itself. DHCP snooping also has a subfeature called ARP security, wherein ARP packets are screened before given permission to join the network.
When a network administrator tries to configure DHCP snooping, the switch will start to identify which interfaces are trusted or not. And once DHCP snooping is active, all options to configure relay information will be deactivated. Any content on the DHCP network will only be visible to registered and trusted users if DHCP snooping is activated.