DHCP Snooping 3
November 16th, 2019
Go to comments
Question 1
Explanation
The command “ip dhcp snooping information option allow-untrusted” enables untrusted ports to accept incoming DHCP packets with option-82 information.
Question 2
Question 3
Question 4
Question 5
Question 6a
Q6a and Q6b are the same, but answers are different. which one is correct?
Which two device types does DHCP snooping treat as untrusted in an ISP environment? (Choose two.)
A. end host devices
B. customer edge services
C. user-facing provider edge devices
D. provider edge devices
E. provider devices
A and B correct ??
Q3
I don’t think the question’s wording is correct.
First of all as far as I am aware there is no IP address in Option 82. By default Cisco devices use two sub-options – circuit ID which represents the port where the packet was originated from and agent ID which represent switch hostname. If in this question they are referring to the Gateway IP address that is added by a relay agent than it is a separate field in the DHCP packet not part of option 82.
Secondly it is important to define what kind of packet it is. If it is a DHCP offer message received on on the switch where the client is connected then indeed the Option 82 will be stripped and the message forwarded through the client’s port. If however it is a DHCP discover received on trusted port Option 82 will be kept and the packet forwarded. On untrusted ports packets with option 82 where the giaddr field is different from 0.0.0.0 are dropped. You will see the following message:
%DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPDISCOVER,