DHCP snooping and IP Source Guard have been configured on a switch that connects to several client workstations. The IP address of one of the workstations
does not match any entries found in the DHCP binding database. Which statement describes the outcome of this scenario?
A.
Packets from the workstation will be rate limited according to the default values set on the switch.
B.
The interface that is connected to the workstation in question will be put into the errdisabled state.
C.
Traffic will pass accordingly after the new IP address is populated into the binding database.
D.
The packets originating from the workstation are assumed to be spoofed and will be discarded.
Explanation:
The IP source binding table has bindings that are learned by DHCP snooping or are manually configured (static IP source bindings). An entry in this table has an IP
address, its associated MAC address, and its associated VLAN number. The switch uses the IP source binding table only wIen IP source guard is enabled.
You can configure IP source guard with source IP address filtering, or with source IP and MAC address filtering. When IP source guard is enabled with this option,
IP traffic is filtered based on the source IP address. The switch forwards IP traffic when the source IP address matches an entry in the DHCP snooping binding
database or a binding in the IP source binding table. When IP source guard is enabled with this option, IP traffic is filtered based on the source IP and MAC
addresses. The switch forwards traffic only when the source IP and MAC addresses match an entry in the IP source binding table. If there is no match, the packets
are assumed to be spoofed and will be discarded.
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series- switches/72846-layer2-secftrs-catl3fixed.html#ipsourceguard