This section describes the basic concepts of Dynamic Host Configuration Protocol (DHCP) snooping.
Dynamic Host Configuration Protocol (DHCP) snooping is a DHCP security feature that functions in a similar way to a firewall between DHCP clients and servers. A DHCP-snooping-capable device monitors DHCP packets and uses information carried in the packets to create a DHCP snooping binding table. This table records hosts' media access control (MAC) addresses, IP addresses, IP address lease time, virtual local area network (VLAN) IDs, and interface information. The device uses this table to check the validity of received DHCP packets. If a DHCP reply packet is received from an untrusted interface, the device discards the packet.