IP Configuration
IPv4 Management and Interfaces
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4 297
16
 
DHCP Snooping Binding Database
DHCP Snooping builds a database (known as the DHCP Snooping Binding database) derived 
from information taken from DHCP packets entering the device through trusted ports. 
The DHCP Snooping Binding database contains the following data: input port, input VLAN, 
MAC address of the client and IP address of the client if it exists. 
The DHCP Snooping Binding database is also used by IP Source Guard and Dynamic ARP 
Inspection features to determine legitimate packet sources.
DHCP Trusted Ports
Ports can be either DHCP trusted or untrusted. By default, all ports are untrusted. To create a 
port as trusted, use the Interface Settings page. Packets from these ports are automatically 
forwarded. Packets from trusted ports are used to create the Binding database and are handled 
as described below.
If DHCP Snooping is not enabled, all ports are trusted by default.
Option 82 
Insertion 
Disabled
Packet is sent 
without Option 
82
Packet is sent 
with the 
original Option 
82
Relay discards 
Option 82
Bridge - 
Packet is sent 
without Option 
82
Relay
1. If reply originates 
on the device, packet is 
sent without Option 82
2. If reply does not 
originate on the 
device, discards the 
packet
Bridge – Packet is sent 
with the original 
Option 82
Option 82 
Insertion 
Enabled
Packet is sent 
without Option 
82
Packet is sent 
without Option 
82
Relay – 
discards 
Option 82
Bridge – 
Packet is sent 
without Option 
82
Packet is sent without 
Option 82
DHCP Relay
VLAN with IP Address
DHCP Relay
VLAN without IP Address