KB.15.15

Figure 260 Setting Trusted Ports

DHCP server packets are forwarded only if received on a trusted port; DHCP server packets received

on an untrusted port are dropped. Use the no form of the command to remove the trusted

configuration from a port.

Configuring authorized server addresses

If authorized server addresses are configured, a packet from a DHCP server must be received on

a trusted port AND have a source address in the authorized server list in order to be considered

valid. If no authorized servers are configured, all servers are considered valid. You can configure

a maximum of 20 authorized servers.

To configure a DHCP authorized server address, enter this command in the global configuration

context:

HP Switch(config)# dhcp-snooping authorized-server <ip-address>

Figure 261 Authorized servers for DHCP snooping

Configuring MAC Lockdown

Syntax:

[no] static-mac <mac-addr> [vlan] <vid> [interface]

<port-number>

Locks down a given MAC address and VLAN to a specific port.

A separate command is necessary for each MAC/VLAN pair you wish to lock

down. If not specifying a VID, the switch inserts "1".

Configuring 363