Skip navigation
Cisco Learning Home > Certifications > Routing & Switching (CCNP) > SWITCH Exam > Discussions


390 Views 1 Reply Latest reply: May 18, 2012 3:00 AM by Cristian F. Stoica RSS

Currently Being Moderated

DHCP Snooping

May 18, 2012 2:20 AM

DickieKu 5 posts since
Dec 22, 2011

Hello Everyone,


I have studied about DHCP Snooping, I am not sure whether my understanding is wrong or not. Please help to verify.


(1)DHCP Snooping maintains a binding table which is either updated manually via CLI or dynamically by examining the DHCPACK message (untrusted host leased an IP address from a TRUSTED DHCP server)


(2)Any packet received at untrusted port which does not match any entry in the binding table will be dropped <--- this functions belongs to DHCP Snooping or IP Source Guard?


So, is that the functions of the DHCP Snooping are:

1) Blocking untrusted DHCP server leases IP to hosts

2) Maintaining the binding table for IP Source Guard and Dynamic ARP Inspection

any more ?




  • Cristian F. Stoica 361 posts since
    Aug 7, 2011
    Currently Being Moderated
    1. May 18, 2012 3:00 AM (in response to DickieKu)
    Re: DHCP Snooping

    IP Source Guard indeed blocks IP traffic based on the DHCP snooping binding database, or manually configured. DHCP Snooping acts by filtering DHCP responses from rogues servers, and maintains the DHCP snooping binding database that can be used by IP Source Guard and DAI to filter out traffic that does not match the configured bindings.


More Like This

  • Retrieving data ...

Bookmarked By (0)