What Does DHCP Snooping Mean in 200-301?
Quick Definition
A switch security feature that filters DHCP messages to prevent rogue DHCP servers.
Full Definition
DHCP Snooping filters DHCP traffic to prevent rogue DHCP servers from assigning incorrect IP addresses to clients. Switch ports are classified as trusted (connected to legitimate DHCP servers) or untrusted (connected to clients). DHCP server responses (OFFER, ACK) are only forwarded from trusted ports — responses from untrusted ports are dropped. DHCP Snooping also builds a binding table mapping MAC addresses, IP addresses, ports, and VLANs, used by Dynamic ARP Inspection (DAI).
CLI Command
ip dhcp snooping ip dhcp snooping vlan 10,20 interface GigabitEthernet0/1 ip dhcp snooping trust ! uplink to real DHCP server
Exam Trap — Don't Get Fooled
DHCP Snooping must be enabled globally and per VLAN. Ports facing DHCP servers must be explicitly trusted; all other ports are untrusted by default. Without trust, legitimate DHCP server responses are dropped.
Related 200-301 Terms
A protocol that automatically assigns IP addresses and network parameters to clients.
A switch feature that limits the number of MAC addresses allowed on a port.
A switch security feature that validates ARP packets using the DHCP Snooping binding table to prevent ARP spoofing.
Frequently Asked Questions
What does DHCP Snooping mean on the 200-301 exam?
DHCP Snooping filters DHCP traffic to prevent rogue DHCP servers from assigning incorrect IP addresses to clients. Switch ports are classified as trusted (connected to legitimate DHCP servers) or untrusted (connected to clients). DHCP server responses (OFFER, ACK) are only forwarded from trusted ports — responses from untrusted ports are dropped. DHCP Snooping also builds a binding table mapping MAC addresses, IP addresses, ports, and VLANs, used by Dynamic ARP Inspection (DAI).
How does DHCP Snooping appear as a trap on the 200-301?
DHCP Snooping must be enabled globally and per VLAN. Ports facing DHCP servers must be explicitly trusted; all other ports are untrusted by default. Without trust, legitimate DHCP server responses are dropped.
How important is DHCP Snooping on the 200-301 exam?
DHCP Snooping falls under the Security domain of the 200-301 exam. Understanding it in context with related terms like dhcp and dynamic-arp-inspection is essential for answering scenario-based questions correctly.