Refer to the exhibit.
DHCP snooping is enabled for selected VLANs to provide security on the network. How do
the switch ports handle the DHCP messages?
A.
A DHCPOFFER packet from a DHCP server received on Ports Fa2/1 and Fa2/2 is
dropped.
B.
A DHCP packet received on ports Fa2/1 and Fa2/2 is dropped if the source MAC address
and the DHCP client hardware address does not match Snooping database.
C.
A DHCP packet received on ports Fa2/1 and Fa2/2 is forwarded without being tested.
D.
A DHCPRELEASE message received on ports Fa2/1 and Fa2/2 has a MAC address in
the DHCP snooping binding database, but the interface information in the binding database
does not match the interface on which the message was received and is dropped.
Explanation:
Trusted ports are allowed to send all types of DHCP messages. Untrusted ports can send
only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut
down. In this case, Fa2/1 & Fa2/2 are trusted (can send all types of DHCP messages) while
Fa3/1 is untrusted (can only send DHCP requests).