A DHCP configured router is connected directly to a switch that has been provisioned with DHCP snooping. IP Source Guard with the ip verify source port-security
command is configured under the interfaces that connect to all DHCP clients on the switch. However, clients are not receiving an IP address via the DHCP server.
Which option is the cause of this issue?
A.
The DHCP server does not support information option 82.
B.
The DHCP client interfaces have storm control configured.
C.
Static DHCP bindings are not configured on the switch.
D.
DHCP snooping must be enabled on all VLANs, even if they are not utilized for dynamic address allocation.
Explanation:
When you enable both IP Source Guard and Port Security, using the ip verify source port-security interface configuration command, there are two caveats:
·The DHCP server must support option 82, or the client is not assigned an IP address. ·The MAC address in the DHCP packet is not learned as a secure address.
The MAC address of the DHCP client is learned as a secure address only when the switch receives non-DHCP data traffic.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12- 2_25_see/configuration/guide/3550SCG/
swdhcp82.html#wp1069615