Which command sequence correctly enables DHCP snooping on a switch and configures VLANs and interface trust to prevent rogue DHCP servers from affecting the network?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the HPE Aruba Networking Certification. Enhance your skills with interactive quiz formats, detailed explanations, and valuable study resources. Ensure you're ready for the exam!

Multiple Choice

Which command sequence correctly enables DHCP snooping on a switch and configures VLANs and interface trust to prevent rogue DHCP servers from affecting the network?

Explanation:
DHCP snooping protects the network by allowing DHCP responses only from trusted servers and by tying client ports to the networks that have those servers. To implement this, you enable DHCP snooping globally, decide whether to use option 82 relay, specify which VLANs will participate, and mark the uplink or server-facing interfaces as trusted so legitimate DHCP replies can pass to clients. In the sequence that works, DHCP snooping is enabled globally, and option 82 is turned off (no dhcp-snooping option 82) to avoid injecting relay information unless you specifically need it. The relevant VLANs that carry client traffic are defined and have DHCP snooping enabled for them, ensuring only legitimate DHCP messages on those VLANs are processed. Finally, the uplink interface (the path to the DHCP servers or core) is configured as trusted, allowing the DHCP server responses to flow through, while client ports on access VLANs remain untrusted to block rogue servers from issuing IP addresses. The other options either mix up syntax or fail to enable DHCP snooping on the correct VLANs, omit enabling per-VLAN snooping, or neglect to designate a trusted uplink, which would leave client ports vulnerable to rogue DHCP servers.

DHCP snooping protects the network by allowing DHCP responses only from trusted servers and by tying client ports to the networks that have those servers. To implement this, you enable DHCP snooping globally, decide whether to use option 82 relay, specify which VLANs will participate, and mark the uplink or server-facing interfaces as trusted so legitimate DHCP replies can pass to clients.

In the sequence that works, DHCP snooping is enabled globally, and option 82 is turned off (no dhcp-snooping option 82) to avoid injecting relay information unless you specifically need it. The relevant VLANs that carry client traffic are defined and have DHCP snooping enabled for them, ensuring only legitimate DHCP messages on those VLANs are processed. Finally, the uplink interface (the path to the DHCP servers or core) is configured as trusted, allowing the DHCP server responses to flow through, while client ports on access VLANs remain untrusted to block rogue servers from issuing IP addresses.

The other options either mix up syntax or fail to enable DHCP snooping on the correct VLANs, omit enabling per-VLAN snooping, or neglect to designate a trusted uplink, which would leave client ports vulnerable to rogue DHCP servers.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy