Configuring Advanced Threat Protection

DHCP Snooping

Changing the Remote-id from a MAC to an IP Address

By default, DHCP snooping uses the MAC address of the switch as the remote- id in Option 82 additions. The IP address of the VLAN the packet was received on or the IP address of the management VLAN can be used instead by entering this command with the associated parameter:

ProCurve(config)# dhcp-snooping option 82 remote-id <macsubnet-ipmgmt-ip>

ProCurve(config)# dhcp-snooping option 82 remote-id subnet- ip

ProCurve(config)# show dhcp-snooping

DHCP Snooping Information

 

 

DHCP Snooping

: Yes

Enabled Vlans

:

4

Verify MAC

 

:

Yes

Option 82

untrusted policy :

drop

Option 82

Insertion

:

Yes

Option 82

remote-id

:

subnet-ip

Figure 8-6. Example of DHCP Snooping Option 82 using the VLAN IP Address

Disabling the MAC Address Check

DHCP snooping drops DHCP packets received on untrusted ports when the check address (chaddr) field in the DHCP header does not match the source MAC address of the packet (default behavior). To disable this checking, use the no form of this command.

ProCurve(config)# dhcp-snooping verify mac

8-11