Configuring Authorized Server Addresses; Using Dhcp Snooping With Option 82 - HP ProCurve Switch 6120G/XG Manual

Hp procurve series 6120 blade switches access security guide
Hide thumbs Also See for ProCurve Switch 6120G/XG:
Table of Contents

Advertisement

Configuring Authorized Server Addresses

If authorized server addresses are configured, a packet from a DHCP server
must be received on a trusted port AND have a source address in the autho-
rized server list in order to be considered valid. If no authorized servers are
configured, all servers are considered valid. You can configure a maximum of
20 authorized servers.
To configure a DHCP authorized server address, enter this command in the
global configuration context:
ProCurve(config)# dhcp-snooping authorized-server
ProCurve(config)# show dhcp-snooping
DHCP Snooping Information
DHCP Snooping
Enabled Vlans
Verify MAC
Option 82 untrusted policy : drop
Option 82 Insertion
Option 82 remote-id
Authorized Servers
---------------------
111.222.3.4
10 0 0 11
Figure 8-5. Example of Authorized Servers for DHCP Snooping

Using DHCP Snooping with Option 82

DHCP adds Option 82 (relay information option) to DHCP request packets
received on untrusted ports by default. (See the preceding section Config-
uring DHCP Relay for more information on Option 82.)
When DHCP is enabled globally and also enabled on a VLAN, and the switch
is acting as a DHCP relay, the settings for the DHCP relay Option 82 command
are ignored when snooping is controlling Option 82 insertion. Option 82
inserted in this manner allows the association of the client's lease with the
correct port, even when another device is acting as a DHCP relay or when the
server is on the same subnet as the client.
Configuring Advanced Threat Protection
<ip-address>
: Yes
: 4
: No
: Yes
: subnet-ip
DHCP Snooping
8-9

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

Procurve switch 6120xgProcurve 6120 series

Table of Contents