DHCP Snooping

DHCP Snooping enables snooping of DHCP packets and creates a DHCP bindings database of IP to MAC addresses for static and dynamic VLANs.

DHCP servers connected to ports not configured as trusted are deemed to be rogue DHCP servers. This feature allows you to:
  • Configure DHCP Snooping for EXOS/Switch Engine globally within a switch template
  • Define DHCP snooping actions within the VLAN attributes section
  • Enable or disable trusted ports within port types
  • Enable dropping of rogue DHCP Packets action for static and dynamic VLANs.
Common use-cases for DHCP Snooping are:
  • The ability to configure DHCP Snooping protection on edge switches to prevent rogue DHCP packets from traversing ports.
  • The ability to globally enable the feature for all edge switches in specific VLANs assigned to a network policy.
  • The ability to support DHCP snooping being disabled using switch template VLAN attributes override or device level configuration override.
  • Provide flexibility to enable a trusted port on specific ports where DHCP servers may exist on a switch with mixed ports (untrusted and trusted) for DHCP snooping. Visibility of violations and additional information such as DHCP lease time is also required to be visible when the DHCP snooping feature is enabled.