DHCP snooping can prevent unauthorized DHCP servers to reply to DHCP requests. A switch can define interfaces as trusted or untrusted. A trusted interface is where a DHCP server should be connected. On such interfaces, DHCP server messages are allowed. On all other untrusted ports, DHCP server messages are droped. Also, while this feature runs, the switch builds a DHCP binding database, where it maps all MAC addresses to the IP addresses they received via DHCP.
To enable DHCP snooping, use: