receiving, at the first leaf node device and from a second leaf node device, a Border Gateway Protocol (BGP) update message including an advertisement of a route from the switch fabric to a host device using an Internet Protocol (IP) to Media Access Control (MAC) pairing, wherein the first leaf node device includes a first Dynamic Host Configuration Protocol (DHCP) snoop database and the second leaf node device includes a second DHCP snoop database storing an indication that the route from the switch fabric to the host device is authenticated as secure;

determining, at the first leaf node device, that the BGP update message includes a BGP Extended Community attribute that is populated with a value that indicates the IP-to-MAC pairing is valid and the route from the switch fabric and to the host device is authenticated as secure;

by the first leaf node device, in response to determining that the BGP update message includes the value that indicates the IP-to-MAC pairing is valid and the route to the host device is secure, creating or updating an entry indicating the route for the host device in the first DHCP snoop database of the first leaf node device; and

based at least in part on the entry in the first DHCP snoop database, enabling, by the first leaf node device, secure data traffic from the host device prior to the host device otherwise communicating with the first leaf node device to make the first leaf node device aware that the host device is connected to the first leaf node device.