Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DHCP Snooping Help


I am trying to enable DHCP snooping on one of my access switches. I have completed the following:

1. The DHCP snooping database file is specified on the switch (tftp to a server) and connectivity is verified (the switch has written its header to the file).

2. Specified my uplink port as trusted.

3. Globally activated DHCP snooping

4. Activated DHCP snooping for the vlan that end users are connecting to.

After that when users connect they get no DHCP services at all. There are no indication or log events on the switch to indicate that there are any problems, but also no bindings show.

Is there something I'm missing?

Thanks in advance for any help.

--Brian D. Zieroth


Re: DHCP Snooping Help

DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding table. An untrusted message is a message that is received from outside the network or firewall and that can cause traffic attacks within your network. The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type, VLAN number, and interface information that corresponds to the local untrusted interfaces of a switch; it does not contain information regarding hosts interconnected with a trusted interface. An untrusted interface is an interface that is configured to receive messages from outside the network or firewall. A trusted interface is an interface that is configured to receive only messages from within the network.

DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also gives you a way to differentiate between untrusted interfaces connected to the end-user and trusted interfaces connected to the DHCP server or another switch.