DHCP snooping is enabled for selected VLANs to provide security on the network. How do the
switch ports handle the DHCP messages?
A.
A DHCPOFFER packet from a DHCP server received on Ports Fa2/1 and Fa2/2 is dropped.
B.
A DHCP packet received on ports Fa2/1 and Fa2/2 is dropped if the source MAC address and
the DHCP client hardware address does not match Snooping database.
C.
A DHCP packet received on ports Fa2/1 and Fa2/2 is forwarded without being tested.
D.
A DHCPRELEASE message received on ports Fa2/1 and Fa2/2 has a MAC address in the
DHCP snooping binding database, but the interface information in the binding database does not
match the interface on which the message was received and is dropped.
Explanation:
Trusted ports are allowed to send all types of DHCP messages. Untrusted ports can send only
DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down. In this
case, Fa2/1 & Fa2/2 are trusted (can send all types of DHCP messages) while Fa3/1 is untrusted
(can only send DHCP requests).