DHCP Snooping

DHCP Snooping is a network security feature that allows hosts to lease IP addresses from DHCP servers connected to trusted ports. DHCP servers connected to ports not configured as trusted are deemed to be rogue DHCP servers. This feature allows you to:
  • Configure DHCP Snooping for EXOS/Switch Engine globally within a switch template
  • Define DHCP snooping actions within the VLAN attributes section
  • Enable or disable trusted ports within port types
Common use-cases for DHCP Snooping are:
  • The ability to configure DHCP Snooping protection on edge switches to prevent rogue DHCP packets from traversing ports.
  • The ability to globally enable the feature for all edge switches in specific VLANs assigned to a network policy.
  • The ability to support DHCP snooping being disabled using switch template VLAN attributes override or device level configuration override.
  • Provide flexibility to enable a trusted port on specific ports where DHCP servers may exist on a switch with mixed ports (untrusted and trusted) for DHCP snooping. Visibility of violations and additional information such as DHCP lease time is also required to be visible when the DHCP snooping feature is enabled.
9039019-00 Rev AA