DHCP Snooping

DHCP snooping blocks rogue DHCP servers by trusting only specific ports.

Updated: 2026-03-05

Definition

DHCP snooping inspects DHCP messages and allows replies only from trusted ports (typically uplinks).

It prevents attackers from handing out bad gateway/DNS settings.

Key points

Trusted vs untrusted ports
Prevents rogue DHCP servers
Builds binding table used by other security features

Common mistakes

Forgetting to trust uplink ports (clients stop getting leases).
Not enabling on all relevant VLANs.

Related exams

Cisco CCNA (200-301)

Free CCNA 200-301 mini test. Continue in the app for offline packs and detailed explanations.

Related terms

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.