DHCP Snooping
DHCP snooping is a layer 2 security technology incorporated into the operating system of a network switch. This security layer blocks any network traffic via DHCP (Dynamic Host Configuration Protocol) that is recognized as dangerous or untrusted. DHCP snooping prevents unauthorized DHCP servers from offering IP addresses to DHCP clients. DHCP snooping determines whether incoming DHCP messages originate from trusted or untrusted sources and intercepts them accordingly. This security technology makes use of the DHCP snooping database to check whether the messages are from authorized sources. All hosts that are identified as untrusted are listed in the database.