DHCPsuojaus

DHCPsuojaus, often translated as DHCP Guard or DHCP Snooping, is a security feature implemented on network switches. Its primary function is to prevent rogue DHCP servers from operating on a local area network (LAN). A rogue DHCP server can maliciously assign IP addresses to clients, potentially redirecting their network traffic to unintended destinations, leading to man-in-the-middle attacks or denial-of-service conditions.

DHCPsuojaus works by classifying switch ports into two categories: trusted and untrusted. Trusted ports are typically

When DHCPsuojaus is enabled, the switch allows DHCP server messages (like OFFER and ACK) to pass only