Home > DHCP Snooping 3

DHCP Snooping 3

November 16th, 2019 Go to comments

Question 1

Explanation

The command “ip dhcp snooping information option allow-untrusted” enables untrusted ports to accept incoming DHCP packets with option-82 information.

Question 2

Question 3

Question 4

Question 5

Question 6a

Comments
  1. Anonymous
    January 21st, 2020

    Q6a and Q6b are the same, but answers are different. which one is correct?

  2. Anonymous
    January 21st, 2020

    Which two device types does DHCP snooping treat as untrusted in an ISP environment? (Choose two.)
    A. end host devices
    B. customer edge services
    C. user-facing provider edge devices
    D. provider edge devices
    E. provider devices

    A and B correct ??

  3. Anybody
    January 22nd, 2020

    Q3
    I don’t think the question’s wording is correct.
    First of all as far as I am aware there is no IP address in Option 82. By default Cisco devices use two sub-options – circuit ID which represents the port where the packet was originated from and agent ID which represent switch hostname. If in this question they are referring to the Gateway IP address that is added by a relay agent than it is a separate field in the DHCP packet not part of option 82.
    Secondly it is important to define what kind of packet it is. If it is a DHCP offer message received on on the switch where the client is connected then indeed the Option 82 will be stripped and the message forwarded through the client’s port. If however it is a DHCP discover received on trusted port Option 82 will be kept and the packet forwarded. On untrusted ports packets with option 82 where the giaddr field is different from 0.0.0.0 are dropped. You will see the following message:

    %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPDISCOVER,

  1. No trackbacks yet.