DHCP snooping
{{Short description|Techniques to secure DHCP service}}
In computer networking, DHCP snooping is a series of techniques applied to improve the security of a DHCP infrastructure.{{cite web|last1=Banks|first1=Ethan|title=Five Things To Know About DHCP Snooping|url=http://packetpushers.net/five-things-to-know-about-dhcp-snooping/|website=Packet Pushers|accessdate=29 February 2016}}
DHCP servers allocate IP addresses to clients on a LAN. DHCP snooping can be configured on LAN switches to exclude rogue DHCP servers and remove malicious or malformed DHCP traffic. In addition, information on hosts which have successfully completed a DHCP transaction is accrued in a database of bindings which may then be used by other security or accounting features.{{cite web |title=What Is DHCP Snooping, all things you should know |url=https://www.qsfptek.com/article/what-is-dhcp-snooping-all-things-you-should-know |publisher=Leslie |access-date=22 March 2023}}{{cite web |title=DHCP Snooping |date=14 July 2020 |url=https://www.geeksforgeeks.org/dhcp-snooping/ |publisher=Adarsh Sahni}}
Other features may use DHCP snooping database information to ensure IP integrity on a Layer 2 switched domain. This information enables a network to:
- Track the physical location of IP addresses when combined with AAA accounting or SNMP.
- Ensure that hosts only use the IP addresses assigned to them when combined with source-guard a.k.a. source-lockdown{{cite web|last1=Cisco Systems, Inc|title=Catalyst 3750-X and Catalyst 3560-X Switch Software Configuration Guide, Cisco IOS Release 15.0(2)SE and Later|url=http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_2_se/configuration/guide/3750x_cg/swdhcp82.html#24258|website=Cisco.com|accessdate=29 February 2016}}
- Sanitize ARP requests when combined with arp-inspection a.k.a. arp-protect