Note
Snooping IP fragmented DHCP packets is not supported.The violation action setting determines what action(s) the switch takes when a rogue DHCP server packet is seen on an untrusted port or the IP address of the originating server is not among those of the configured trusted DHCP servers.
The DHCP server packets are DHCP OFFER, ACK and NAK. The following list describes the violation actions:
Note
You must enable DHCP snooping on both the DHCP server port as well as on the client port. The latter ensures that DHCP client packets (DHCP Request, DHCP Release etc.) are processed appropriately.Note
DHCP snooping does not work when the client and server are in different VRs and server reachability is established by inter-VR leaked routes on client VR.Any violation that occurs causes the switch to generate an Event Management System (EMS) log message. You can configure to suppress the log messages by configuring EMS log filters. For more information about EMS, see Using the Event Management System/Logging.