HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 282
Configuring Authorized Server Addresses, Using DHCP Snooping with Option 82,
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 282 highlights
Configuring Advanced Threat Protection DHCP Snooping Configuring Authorized Server Addresses If authorized server addresses are configured, a packet from a DHCP server must be received on a trusted port AND have a source address in the authorized server list in order to be considered valid. If no authorized servers are configured, all servers are considered valid. You can configure a maximum of 20 authorized servers. To configure a DHCP authorized server address, enter this command in the global configuration context: ProCurve(config)# dhcp-snooping authorized-server ProCurve(config)# show dhcp-snooping DHCP Snooping Information DHCP Snooping : Yes Enabled Vlans : 4 Verify MAC : No Option 82 untrusted policy : drop Option 82 Insertion : Yes Option 82 remote-id : subnet-ip Authorized Servers 111.222.3.4 10 0 0 11 Figure 8-5. Example of Authorized Servers for DHCP Snooping Using DHCP Snooping with Option 82 DHCP adds Option 82 (relay information option) to DHCP request packets received on untrusted ports by default. (See the preceding section Configuring DHCP Relay for more information on Option 82.) When DHCP is enabled globally and also enabled on a VLAN, and the switch is acting as a DHCP relay, the settings for the DHCP relay Option 82 command are ignored when snooping is controlling Option 82 insertion. Option 82 inserted in this manner allows the association of the client's lease with the correct port, even when another device is acting as a DHCP relay or when the server is on the same subnet as the client. 8-9