How DHCP snooping works

When enabled on a VLAN, DHCP snooping stands between untrusted ports (those connected to host ports) and trusted ports (those connected to DHCP servers). A VLAN with DHCP snooping enabled forwards DHCP request packets from clients and discards DHCP server reply packets on untrusted ports. DHCP server reply packets on trusted ports to DHCP clients are forwarded, as shown in the following figures.

Figure 10  DHCP snooping at work on an untrusted port
Figure 11  DHCP snooping at work on a trusted port
Parent topic: DHCP snooping