DHCP snooping is a Layer 2 switch security feature that blocks rogue DHCP servers — only allowing DHCP responses from trusted (uplink) ports.
Rogue DHCP server attack: attacker's DHCP server assigns their IP as the gateway — MITM attack. DHCP snooping prevents this by filtering unauthorized DHCP responses.