🌐 Networking Intermediate

What is DHCP snooping?

Q: What is DHCP snooping?

DHCP snooping is a Layer 2 security feature on switches that prevents rogue DHCP servers from assigning IP addresses to clients. A rogue DHCP server could give clients a malicious gateway IP (man-in-the-middle) or exhaust the legitimate DHCP pool. DHCP snooping works by classifying switch ports as either trusted (connected to legitimate DHCP servers or uplinks) or untrusted (connected to end devices). DHCP server messages (OFFER, ACK) are only accepted on trusted ports — untrusted ports can on

Why Interviewers Ask This

This tests whether you can apply Networking knowledge to real-world scenarios. Interviewers are looking for clarity of thought and evidence that you've encountered this in production code.

Answer

DHCP snooping is a Layer 2 security feature on switches that prevents rogue DHCP servers from assigning IP addresses to clients. A rogue DHCP server could give clients a malicious gateway IP (man-in-the-middle) or exhaust the legitimate DHCP pool. DHCP snooping works by classifying switch ports as either trusted (connected to legitimate DHCP servers or uplinks) or untrusted (connected to end devices). DHCP server messages (OFFER, ACK) are only accepted on trusted ports — untrusted ports can only send DHCP REQUEST and DISCOVER messages. The snooping binding database records: client MAC, IP, VLAN, and port — used by other security features. Enable: ip dhcp snooping; ip dhcp snooping vlan 10-20. Mark uplinks trusted: interface GigabitEthernet0/1; ip dhcp snooping trust. DHCP snooping also enables Dynamic ARP Inspection (DAI) (validates ARP packets) and IP Source Guard (validates source IP against the binding table).

Pro Tip

Demonstrate both theoretical understanding and practical experience. Say what it is, then give an example of how you actually used it in a Networking codebase.

What is syslog in networking?

What is Dynamic ARP Inspection (DAI)?

What is DHCP snooping?

Answer

More Networking Questions