11-8
Configuring Advanced Threat Protection
DHCP Snooping
Figure 11-4. Example of Setting Trusted Ports
DHCP server packets are forwarded only if received on a trusted port; DHCP
server packets received on an untrusted port are dropped.
Use the no form of the command to remove the trusted configuration from a
port.
Configuring Authorized Server Addresses
If authorized server addresses are configured, a packet from a DHCP server
must be received on a trusted port AND have a source address in the autho-
rized server list in order to be considered valid. If no authorized servers are
configured, all servers are considered valid. You can configure a maximum of
20 authorized servers.
To configure a DHCP authorized server address, enter this command in the
global configuration context:
HP Switch(config)# dhcp-snooping authorized-server
<ip-address>
HP Switch(config)# dhcp-snooping trust B1-B2
HP Switch(config)# show dhcp-snooping
DHCP Snooping Information
DHCP Snooping : Yes
Enabled Vlans : 4
Verify MAC : Yes
Option 82 untrusted policy : drop
Option 82 Insertion : Yes
Option 82 remote-id : mac
Store lease database : Not configured
Port Trust
----- -----
B1 Yes
B2 Yes
B3 No
To Next Page
Loading...
Need help?
General
