with the correct port, even when another device is acting as a DHCP relay or when the server is
on the same subnet as the client.
DHCP snooping only overrides Option 82 settings on a VLAN with snooping enabled,
not on VLANS without snooping enabled.
If DHCP snooping is enabled on a switch where an edge switch is also using DHCP snooping, HP
recommends that you have the packets forwarded so the DHCP bindings are learned. To configure
the policy for DHCP packets from untrusted ports that already have Option 82 present, use the
following command in the global configuration context.
[no] dhcp-snooping option 82 [ remote-id <mac | subnet-ip | mgmt-ip> ]
[ untrusted-policy <drop | keep | replace> ]
Enables DHCP Option 82 insertion in the packet, using the following parameters:
remote-id Set the value for the remote-id field to one of the following.
untrusted-policy: Configure DHCP snooping behavior when forwarding a DHCP packet from an
untrusted port that already contains DHCP relay information (Option 82).
The default drop policy remains in effect if any untrusted nodes, such as clients, are
directly connected to this switch.
Changing remote-id from a MAC to an IP address
By default, DHCP snooping uses the MAC address of the switch as the remote-id in Option 82
additions. To use the IP address of the VLAN where the packet was received or the IP address of
the management VLAN, enter the following command with the associated parameter:
HP Switch(config)# dhcp-snooping option 82 remote-id <mac|subnet-ip|mgmt-ip>
The switch MAC address for the
The IP address of the VLAN the packet
was received on for the remote-id.
The management VLAN IP address of
The packet is dropped (default).
The packet is forwarded without replacing the option information.
The existing option is replaced with a new Option 82 generated by the switch.
If subnet-ip is specified but the value is
not set, the MAC address is used.
If mgmt-ip is specified but the value is not
set, the MAC address is used.
Configuring advanced threat protection