Configuring DHCP Snooping on AOS-S Switches

DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  snooping provides network security by filtering untrusted DHCP messages. Filtering is performed by distinguishing trusted ports connected to a DHCP server or switch and untrusted ports connected to end-users.

When you enable DHCP snooping DHCP snooping enables the switch to monitor and control DHCP messages received from untrusted devices that are connected to the switch., DHCP packets received at untrusted ports will be dropped, because all ports are configured as untrusted by default. You must configure the ports to be trusted in the Switches > Interface > Ports page.

You must also configure authorized DHCP servers for the network to have a functional DHCP server that serves clients on this switch.

By default, DHCP snooping is disabled for the switch.

Enabling DHCP Snooping on a Switch

To enable DHCP snooping on a switch, complete the following steps:

  1. In the Aruba Central app, select one of the following options:
    • To select a switch group in the filter:
      1. Set the filter to a group containing at least one switch.

        The dashboard context for the group is displayed.

      2. Under Manage, click Devices > Switches.
      3. Click the AOS-S or Config icon to view the switch configuration dashboard.
    • To select a switch in the filter:
      1. Set the filter to Global or a group containing at least one switch.
      2. Under Manage, click Devices > Switches.

        A list of switches is displayed in the List view.

      3. Click a switch under Device Name.

        The dashboard context for the switch is displayed.

      4. Under Manage, click Device.

        The tabs to configure the switch is displayed.

  2. Click Security > DHCP Snooping. The DHCP Snooping page is displayed.
  3. To enable DHCP snooping for the switch, move the DHCP Snooping toggle switch to the on position.
  4. To enable option-82 for the switch, move the DHCP Snooping Option-82 toggle switch to the on position.
    When you enable both DHCP snooping and option-82, the switch drops the option-82 information from the DHCP packets.
  5. Click Save Settings.

Adding Authorized DHCP Servers for a Switch

To add the list of IP addresses of authorized DHCP servers for a switch, complete the following steps:

  1. In the DHCP Snooping page, click + in the Authorized DHCP Servers IP table. The Add Authorized DHCP Server IP window is displayed.
  2. Enter the IP address in the Authorized DHCP Servers IP field.
  3. Click OK.
  4. Click Save Settings.

Deleting Authorized DHCP Servers for a Switch

To delete the authorized DHCP servers IP addresses, in the Authorized DHCP Servers IP table, point to IP address, and click the delete icon for the DHCP server IP you want to delete.

Enabling DHCP Snooping for a VLAN

To enable DHCP snooping for a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., complete the following steps:

  1. In the DHCP Snooping Settings table, select the VLAN row(s) for which you want to configure DHCP snooping, and click Edit.
  2. Select Enable or Disable from the DHCP Snooping drop-down.
  3. Click OK.
  4. Click Save Settings.