Configuring Advanced Threat Protection

DHCP Snooping

Configuring DHCP Snooping Trusted Ports

By default, all ports are untrusted. To configure a port or range of ports as trusted, enter this command:

ProCurve(config)# dhcp-snooping trust <port-list>

You can also use this command in the interface context, in which case you are not able to enter a list of ports.

ProCurve(config)# dhcp-snooping trust B1-B2

ProCurve(config)# show dhcp-snooping

DHCP Snooping Information

 

DHCP Snooping

: Yes

Enabled Vlans

: 4

Verify MAC

 

: Yes

Option 82

untrusted policy

: drop

Option 82

Insertion

: Yes

Option 82

remote-id

: mac

Store

lease database : Not

configured

Port

Trust

 

-----

-----

 

B1

Yes

 

 

B2

Yes

 

 

B3

No

 

 

 

 

Figure 8-4.

Example of Setting Trusted Ports

DHCP server packets are forwarded only if received on a trusted port; DHCP server packets received on an untrusted port are dropped.

Use the no form of the command to remove the trusted configuration from a port.

8-8