Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Configuring DHCP Snooping on AOS-S Switches
DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. snooping provides network security by filtering untrusted DHCP messages. Filtering is performed by distinguishing trusted ports connected to a DHCP server or switch and untrusted ports connected to end-users.
When you enable DHCP snooping DHCP snooping enables the switch to monitor and control DHCP messages received from untrusted devices that are connected to the switch., DHCP packets received at untrusted ports will be dropped, because all ports are configured as untrusted by default. You must configure the ports to be trusted in the > > page.
You must also configure authorized DHCP servers for the network to have a functional DHCP server that serves clients on this switch.
By default, DHCP snooping is disabled for the switch.
Enabling DHCP Snooping on a Switch
To enable DHCP snooping on a switch, complete the following steps:
- In the WebUI, select one of the following options:
- To select a switch group in the filter:
- Set the filter to a group containing at least one switch.
The dashboard context for the group is displayed.
- Under , click > .
- Click the AOS-S or icon to view the switch configuration dashboard.
- Set the filter to a group containing at least one switch.
- To select a switch in the filter:
- Set the filter to or a group containing at least one switch.
- Under
A list of switches is displayed in the
view. , click > . - Click a switch under
The dashboard context for the switch is displayed.
. - Under
The tabs to configure the switch is displayed.
, click .
- To select a switch group in the filter:
- Click > . The DHCP Snooping page is displayed.
- To enable DHCP snooping for the switch, move the toggle switch to the on position.
- To enable option-82 for the switch, move the
When you enable both DHCP snooping and option-82, the switch drops the option-82 information from the DHCP packets.
toggle switch to the on position. - Click .
Adding Authorized DHCP Servers for a Switch
To add the list of IP addresses of authorized DHCP servers for a switch, complete the following steps:
- In the DHCP Snooping page, click + in the table. The Add Authorized DHCP Server IP window is displayed.
- Enter the IP address in the field.
- Click .
- Click .
Deleting Authorized DHCP Servers for a Switch
To delete the authorized DHCP servers IP addresses, in the
table, point to IP address, and click the delete icon for the DHCP server IP you want to delete.Enabling DHCP Snooping for a VLAN
To enable DHCP snooping for a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., complete the following steps:
- In the table, select the VLAN row(s) for which you want to configure DHCP snooping, and click .
- Select or from the drop-down.
- Click .
- Click .