DHCP Snooping Port Mode
In a DHCP snooping context, there are three configurable port modes that determine anti-spoofing behavior:
- Trusted – When port mode is set to trusted, DHCP server traffic is accepted and used to create bindings in the source MAC address to IP address binding table for the user. Binding verification does not take place on trusted ports.
- Bypass – When port mode is set to bypass, snooping of DHCP server traffic does not take place on the port.
- Untrusted – When port mode is set to untrusted, the untrusted server counter is incremented when DHCP server traffic is detected on the port. Client traffic on these ports is processed when MAC verification is enabled on these ports.
Bindings created as a result of DHCP exchanges on trusted ports using DHCP snooping take precedence over bindings created through dynamic ARP inspection or IP source guard.