Configuring Advanced Threat Protection
DHCP Snooping
ProCurve(config)# show dhcp-snooping stats
Packet type Action Reason
Count
----------- ------- ---------------------------- ---------
server forward from trusted port
8
client forward to trusted port
8
server
drop received on untrusted port
2
server
drop unauthorized server
0
client
drop destination on untrusted port 0
client
drop untrusted option 82 field
0
client
drop bad DHCP release request
0
client
drop failed verify MAC check
0
Figure 10-2. Example of Show DHCP Snooping Statistics
Enabling DHCP Snooping on VLANS
DHCP snooping on VLANs is disabled by default. To enable DHCP snooping
on a VLAN or range of VLANs enter this command:
ProCurve(config)# dhcp-snooping vlan <vlan-id-range>
You can also use this command in the vlan context, in which case you cannot
enter a range of VLANs for snooping.
Below is an example of DHCP snooping enabled on VLAN 4.
ProCurve(config)# dhcp-snooping vlan 4
ProCurve(config)# show dhcp-snooping
DHCP Snooping Information
DHCP Snooping
: Yes
Enabled Vlans
: 4
Verify MAC
: Yes
Option 82 untrusted policy : drop
Option 82 Insertion
: Yes
Option 82 remote-id
: mac
Figure 10-3. Example of DCHP Snooping on a VLAN
10-6
Summary of Contents for PROCURVE 2910AL
Page 1: ...Access Security Guide ProCurve Switches W 14 03 2910al www procurve com ...
Page 2: ......
Page 3: ...HP ProCurve 2910al Switch February 2009 W 14 03 Access Security Guide ...
Page 84: ...Configuring Username and Password Security Front Panel Security 2 36 ...
Page 156: ...TACACS Authentication Operating Notes 4 30 ...
Page 288: ...Configuring Secure Socket Layer SSL Common Errors in SSL setup 8 22 ...
Page 416: ...Configuring Advanced Threat Protection Using the Instrumentation Monitor 10 28 ...
Page 572: ...Using Authorized IP Managers Operating Notes 14 14 ...
Page 592: ...12 Index ...
Page 593: ......