After DHCP snooping is enabled and a trusted interface is configured, the device ensures DHCP clients obtain IP addresses from the authorized DHCP server, preventing attacks from bogus DHCP servers. However, the location of the bogus DHCP server cannot be detected, meaning the network security is still at risk.
After DHCP server detection is enabled, the DHCP snooping-enabled device checks information about the DHCP server, such as its IP address and connecting port number, in the DHCP Reply messages and records the information in the log. You can refer to these logs to check whether bogus DHCP servers exist on the network.