For example, I’ll take a FoxGate S6224-S4 switch; on other models, the configuration is almost the same.
First, enable the dhcp snooping function:
ip dhcp snooping enable
Configure the blocking mode on the required ports (turning off the port / dropping packets):
interface ethernet 1/1-24 ip dhcp snooping action shutdown/blackhole ip dhcp snooping action blackhole recovery 60 exit interface ethernet 1/26-28 ip dhcp snooping action shutdown/blackhole ip dhcp snooping action blackhole recovery 60 exit
Port 25 in my case is uplink, so on it we allow the passage of DHCP packets from a DHCP server:
interface ethernet 1/25 ip dhcp snooping trust exit
Check your settings:
show ip dhcp snooping
Done, in this example, packets are blocked from DHCP servers on ports 1 through 24 and from 26 to 28.
For FoxGate S6224-S2, the interfaces are chosen as follows:
interface ethernet 0/0/1-24 ... exit interface ethernet 0/0/26 ... exit
See also my article:
How to catch broadcast storms on FoxGate switches