Configuring Advanced Threat Protection

DHCP Snooping

ProCurve(config)# show dhcp-snooping stats

Packet type

Action

Reason

Count

-----------

-------

----------------------------

---------

server

forward

from trusted port

8

client

forward

to trusted port

8

server

drop

received on untrusted port

2

server

drop

unauthorized server

0

client

drop

destination on untrusted port

0

client

drop

untrusted option 82 field

0

client

drop

bad DHCP release request

0

client

drop

failed verify MAC check

0

Figure 8-2. Example of Show DHCP Snooping Statistics

Enabling DHCP Snooping on VLANS

DHCP snooping on VLANs is disabled by default. To enable DHCP snooping on a VLAN or range of VLANs enter this command:

ProCurve(config)# dhcp-snooping vlan <vlan-id-range>

You can also use this command in the vlan context, in which case you cannot enter a range of VLANs for snooping.

Below is an example of DHCP snooping enabled on VLAN 4.

ProCurve(config)# dhcp-snooping vlan 4

ProCurve(config)# show dhcp-snooping

DHCP Snooping Information

 

 

DHCP Snooping

: Yes

 

 

 

Enabled Vlans

:

4

 

 

 

 

Verify MAC

 

:

Yes

Option 82

untrusted policy :

drop

Option 82

Insertion

:

Yes

Option 82

remote-id

:

mac

Figure 8-3. Example of DCHP Snooping on a VLAN

8-7