8-8
Configuring Advanced Threat Protection
DHCP Snooping
Configuring DHCP Snooping Trusted Ports
By default, all ports are untrusted. To configure a port or range of ports as
trusted, enter this command:
ProCurve(config)# dhcp-snooping trust <port-list>
You can also use this command in the interface context, in which case you are
not able to enter a list of ports.
Figure 8-4. Example of Setting Trusted Ports
DHCP server packets are forwarded only if received on a trusted port; DHCP
server packets received on an untrusted port are dropped.
Use the no form of the command to remove the trusted configuration from a
port.
ProCurve(config)# dhcp-snooping trust B1-B2
ProCurve(config)# show dhcp-snooping
DHCP Snooping Information
DHCP Snooping : Yes
Enabled Vlans : 4
Verify MAC : Yes
Option 82 untrusted policy : drop
Option 82 Insertion : Yes
Option 82 remote-id : mac
Store lease database : Not configured
Port Trust
----- -----
B1 Yes
B2 Yes
B3 No
