How DHCP snooping works
When enabled on a VLAN, DHCP snooping stands between untrusted ports (those connected to host ports) and trusted ports (those connected to DHCP servers). A VLAN with DHCP snooping enabled forwards DHCP request packets from clients and discards DHCP server reply packets on untrusted ports. DHCP server reply packets on trusted ports to DHCP clients are forwarded, as shown in the following figures.
Figure 10
DHCP snooping at work on an untrusted port
Figure 11
DHCP snooping at work on a trusted port