Hello @zeelsoni513,

your current version does not support SNMP traps for DHCP snooping.

Since the latest 16.12 versions still do not support it and the End of SW Maintenance Releases Date for these switches has passed almost 3 years ago, it is also clear that this situation will not change.

The common workaround is to use your NMS/SIEM to parse the syslog messages and then trigger SNMP traps or alerts as needed.

HTH!

try below

event manager applet DHCP_ASSIGN_SNMP
event syslog pattern "%DHCPD-6-ADDRESS_ASSIGN:" <<- this need enable logging trap
action 1.0 snmp-trap strdata "DHCP address assigned" <<- read more about strdata

MHM

Hi @zeelsoni513 ,

You're correct — as of IOS XE 16.3.8, SNMP trap support for DHCP Snooping events (like bindings, conflicts, or rogue detections) is not available. The snmp-server enable traps dhcp command only applies to DHCP server and relay operations, not snooping.

Currently:

• There’s no built-in SNMP trap support for DHCP Snooping events on Catalyst 3K running Denali 16.3.8.

• No workaround exists via CLI to generate SNMP traps directly from snooping events.

Possible alternatives:

• You can periodically poll the DHCP snooping binding table using CLI or EEM scripts and export logs externally.

• For real-time visibility, consider using Syslog events combined with external log monitoring tools or SIEM platforms.

There’s no official Cisco roadmap mentioning trap support for DHCP Snooping in newer releases yet. You may want to check with your Cisco account team or open a TAC case to request feature enhancement.

Hope this helps clarify.

Thank you for your response.

Could you also confirm the IOS version from which support for DHCP Snooping Traps is available?

DHCP Snooping is a critical security feature on Cisco devices that helps prevent malicious or rogue DHCP servers from distributing incorrect IP addresses within a network. By filtering DHCP messages and allowing only trusted ports to respond to DHCP requests, DHCP Snooping protects the integrity of IP address assignments and enhances overall network security.

Cisco devices support DHCP Snooping traps via SNMP (Simple Network Management Protocol) to alert network administrators when suspicious DHCP activities or violations occur. These traps can notify events such as:

• DHCP Snooping violation detected: When an untrusted port tries to act as a DHCP server.

• IP address conflict detection: When a duplicate IP address is detected.

• Rate limiting exceeded: When the number of DHCP packets from a port exceeds configured thresholds.

• DHCP message dropped: When DHCP messages are discarded due to security policy violations.

To enable DHCP Snooping traps on Cisco devices, administrators need to:

1. Enable DHCP Snooping globally and on VLANs.

2. Configure trusted ports to allow DHCP server responses.

3. Enable SNMP traps specifically for DHCP Snooping events using commands like:

   pgsql

   CopyEdit

   snmp-server enable traps dhcp snooping

4. Configure SNMP community strings or SNMPv3 users for trap delivery.

5. Use a network management system (NMS) that listens for these traps to provide real-time alerts.

Supported Cisco platforms include Cisco Catalyst switches and Cisco IOS XE devices, where the DHCP Snooping feature is widely available.

Integrating DHCP Snooping traps enhances proactive security management by providing immediate notifications of potential DHCP-based threats, helping network teams respond swiftly to protect the network infrastructure.