Configuring Advanced Threat Protection

DHCP Snooping

option: Add relay information option (Option 82) to DHCP client packets that are being forwarded out trusted ports. The default is yes, add relay information.

trust: Configure trusted ports. Only server packets received

on trusted ports are forwarded. Default: untrusted.

verify: Enables DHCP packet validation. The DHCP client hardware address field and the source MAC address must be the same for packets received on untrusted ports or the packet is dropped. Default: Yes

vlan: Enable DHCP snooping on a vlan. DHCP snooping

must be enabled already. Default: No

To display the DHCP snooping configuration, enter this command:

ProCurve(config)# show dhcp-snooping

An example of the output is shown below.

ProCurve(config)# show dhcp-snooping

DHCP Snooping Information

 

DHCP Snooping

: Yes

Enabled Vlans

:

Verify MAC

: Yes

Option 82 untrusted policy

: drop

Option 82 Insertion

: Yes

Option 82 remote-id

: mac

Store

lease database : Not

configured

Port

Trust

 

-----

-----

 

B1

No

 

B2

No

 

Figure 8-1. An Example of the DHCP Snooping Command Output

To display statistics about the DHCP snooping process, enter this command:

ProCurve(config)# show dhcp-snooping stats

An example of the output is shown below.

8-6