---------------------
Configuring Advanced Threat Protection
DHCP Snooping
Configuring Authorized Server Addresses
If authorized server addresses are configured, a packet from a DHCP server
must be received on a trusted port AND have a source address in the autho-
rized server list in order to be considered valid. If no authorized servers are
configured, all servers are considered valid. You can configure a maximum of
20 authorized servers.
To configure a DHCP authorized server address, enter this command in the
global configuration context:
ProCurve(config)# dhcp-snooping authorized-server
<ip-address>
ProCurve(config)# show dhcp-snooping
DHCP Snooping Information
DHCP Snooping : Yes
Enabled Vlans : 4
Verify MAC : No
Option 82 untrusted policy : drop
Option 82 Insertion : Yes
Option 82 remote-id : subnet-ip
Authorized Servers
111.222.3.4
Figure 10-5. Example of Authorized Servers for DHCP Snooping
Using DHCP Snooping with Option 82
DHCP adds Option 82 (relay information option) to DHCP request packets
received on untrusted ports by default. (See the preceding section Config-
uring DHCP Relay for more information on Option 82.)
When DHCP is enabled globally and also enabled on a VLAN, and the switch
is acting as a DHCP relay, the settings for the DHCP relay Option 82 command
are ignored when snooping is controlling Option 82 insertion. Option 82
inserted in this manner allows the association of the client’s lease with the
correct port, even when another device is acting as a DHCP relay or when the
server is on the same subnet as the client.
10-8
