Home
Join

6 Replies

  • the feature is called "dhcp snooping" see https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c01979055 the feature drops dhcp respoinses from non-trusted interfaces / or server IP.

    it appears the HP allows a list of trusted servers by ip address - which is actually unusual, it is more normal to trust specific ports. You may have to use a combination of these.

    You need to enable this on all switches, or those you suspect the rogue dhcp server is connected to. If you use vlans then enable it for the vlan. Set the uplink to core switch or uplink to the server as trusted. try adding the allowed server ip.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • m@ttshaw wrote:

    the feature is called "dhcp snooping" see https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c01979055 the feature drops dhcp respoinses from non-trusted interfaces / or server IP.

    it appears the HP allows a list of trusted servers by ip address - which is actually unusual, it is more normal to trust specific ports. You may have to use a combination of these.

    You need to enable this on all switches, or those you suspect the rogue dhcp server is connected to. If you use vlans then enable it for the vlan. Set the uplink to core switch or uplink to the server as trusted. try adding the allowed server ip.

    Ah thanks, i guess what makes this more complicated is that our configuration has 6 switches interlinked, we have the web gui thats accessible as the main commander for the poe units (which i think are the first two), then another commander thats the main gui for the 3 through 6 switches.

    Im guessing based on that link, that i need to telnet to one or both commanders and set those commands from there?  Can i just blanket the all ports as being allowed, it looks like it will be required to list out the ports.

    Was this post helpful? thumb_up thumb_down
  • I assume the gui can implement the commands - check the docs for "snooping" and "dhcp"

    you could try testing wiht just the allowed server IP option - that may work.

    If you need to also use the trust ports you have to work out which ports lead to the dhcp server - from a typical user switch this is usually just the uplink to the ohter or main switches. on a server switch it is the port linked to the server.

    Was this post helpful? thumb_up thumb_down
  • m@ttshaw wrote:

    I assume the gui can implement the commands - check the docs for "snooping" and "dhcp"

    you could try testing wiht just the allowed server IP option - that may work.

    If you need to also use the trust ports you have to work out which ports lead to the dhcp server - from a typical user switch this is usually just the uplink to the ohter or main switches. on a server switch it is the port linked to the server.

    Yeah im not seeing the option in the gui, of course, now im confused i logged in as "admin" but it says operator, so it may not be showing me the full set of options, if any.  EDIT: ah had to log in as "manager" but still no options.

    Was this post helpful? thumb_up thumb_down
  • different model but worth checking if the menu exists https://www.manualslib.com/manual/1156941/Hp-1910.html?page=349

    Otherwise you will have to try the command line interface. Quick tips are to enter "?" at any menu to see the options etc.

    Was this post helpful? thumb_up thumb_down
  • I don't see it in the GUI of any of my Aruba's.  Switching the GUI to "classic mode" shows additional options but alas, not that one.

    1 found this helpful thumb_up thumb_down

Read these next...