with the correct port, even when another device is acting as a DHCP relay or when the server is
on the same subnet as the client.
NOTE: DHCP snooping only overrides Option 82 settings on a VLAN with snooping enabled,
not on VLANS without snooping enabled.
If DHCP snooping is enabled on a switch where an edge switch is also using DHCP snooping, HP
recommends that you have the packets forwarded so the DHCP bindings are learned. To configure
the policy for DHCP packets from untrusted ports that already have Option 82 present, use the
following command in the global configuration context.
Syntax:
[no] dhcp-snooping option 82 [ remote-id <mac | subnet-ip | mgmt-ip> ]
[ untrusted-policy <drop | keep | replace> ]
Enables DHCP Option 82 insertion in the packet, using the following parameters:
remote-id Set the value for the remote-id field to one of the following.
DetailTaskParameter
Default.The switch MAC address for the
remote-id.
mac
If subnet-ip is specified but the value is
not set, the MAC address is used.
The IP address of the VLAN the packet
was received on for the remote-id.
subnet-ip
If mgmt-ip is specified but the value is not
set, the MAC address is used.
The management VLAN IP address of
the remote-id.
mgmt-ip
untrusted-policy: Configure DHCP snooping behavior when forwarding a DHCP packet from an
untrusted port that already contains DHCP relay information (Option 82).
TaskParameter
The packet is dropped (default).drop
The packet is forwarded without replacing the option information.keep
The existing option is replaced with a new Option 82 generated by the switch.replace
NOTE: The default drop policy remains in effect if any untrusted nodes, such as clients, are
directly connected to this switch.
Changing remote-id from a MAC to an IP address
By default, DHCP snooping uses the MAC address of the switch as the remote-id in Option 82
additions. To use the IP address of the VLAN where the packet was received or the IP address of
the management VLAN, enter the following command with the associated parameter:
HP Switch(config)# dhcp-snooping option 82 remote-id <mac|subnet-ip|mgmt-ip>
Configuring advanced threat protection 11
To Next Page
Loading...
Need help?
General
