2-12 DHCP Snooping ConfigurationWhen configuring DHCP snooping, go to these sections for information you are interested in:z DHCP Snooping Overviewz Configuring DHCP Snooping Basic Functionsz Configuring DHCP Snooping to Support Option 82z Displaying and Maintaining DHCP Snoopingz DHCP Snooping Configuration ExamplesThe DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCPserver, and it can work when it is between the DHCP client and relay agent or between the DHCP clientand server.DHCP Snooping OverviewFunctions of DHCP SnoopingAs a DHCP security feature, DHCP snooping can implement the following:1) Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers2) Recording IP-to-MAC mappings of DHCP clientsEnsuring DHCP clients to obtain IP addresses from authorized DHCP serversIf there is an unauthorized DHCP server on a network, DHCP clients may obtain invalid IP addressesand network configuration parameters, and cannot normally communicate with other network devices.With DHCP snooping, the ports of a device can be configured as trusted or untrusted, ensuring theclients to obtain IP addresses from authorized DHCP servers.z Trusted: A trusted port forwards DHCP messages normally.z Untrusted: An untrusted port discards the DHCP-ACK or DHCP-OFFER messages from anyDHCP server.You should configure ports that connect to authorized DHCP servers or other DHCP snooping devicesas trusted, and other ports as untrusted. With such configurations, DHCP clients obtain IP addressesfrom authorized DHCP servers only, while unauthorized DHCP servers cannot assign IP addresses toDHCP clients.Recording IP-to-MAC mappings of DHCP clientsDHCP snooping reads DHCP-REQUEST messages and DHCP-ACK messages from trusted ports torecord DHCP snooping entries, including MAC addresses of clients, IP addresses obtained by the