HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Switches, Hubs, and Modems
Showing results for 
Search instead for 
Did you mean: 

Dhcp snooping And ARP-Protection

Go to solution
Occasional Contributor

Dhcp snooping And ARP-Protection

Just a questions :)
Where should i Configure ARP-Protect ? access switchs ,core switchs or both
ihave an issue with that .
AND,in configuring Trusted ports and vlans in dhcp snooping an arp-protect, should i protect all Vlans configured on switchs ?

there is my architecture


Respected Contributor

Re: Dhcp snooping And ARP-Protection

We use DHCP snooping only on edge switches where users are able to connect equipment. We secure all vlans except the switch management vlan.

Occasional Contributor

Re: Dhcp snooping And ARP-Protection

thank you for replying ,
is it the same thing for "arp-protect" service ,configure it only on edeg switches ? 
what about opton 82  in my case if you have seen my architecture,should i enable it ?     :)  :) 



best regards 

Respected Contributor

Re: Dhcp snooping And ARP-Protection

We do not use arp protection, so I cannot comment about that. We have basically the same architecture as you, and we have disabled option 82

no dhcp-snooping option 82


Re: Dhcp snooping And ARP-Protection

The Arp-protect feature we can use in the vlan context to protect the network gateway for this vlan, normally the  interface vlan located in the core switches or fixed ports switches working as core switches.

You can limit the number of arp entries according to the size of vlan´s network /24 /23 /22 with the command

arp max-learning-num XXXX

to preserve memory and processing.

It is necessary configure arp-protection trust feature in the uplink to the switch where is the interface vlan or gateway for the vlan.