Switch SW1 has been configured to use Dynamic ARP Inspection with DHCP Snooping in VLAN 5. An ARP request arrives on port G0/1. Which answer describes two items DAI always compares regardless of the configuration?
- The message’s ARP origin hardware address and the message’s Ethernet header source MAC address
- The message’s ARP origin hardware address and the DHCP Snooping binding table
- The message’s ARP target IP address and the DHCP Snooping binding table
- The message’s ARP target IP address and the switch’s ARP table
Explanation: DAI always uses a core function that examines incoming ARP messages, specifically the ARP message origin hardware and origin IP address fields, versus tables of data in the switch about correct pairs of MAC and IP addresses. DAI on a switch can use DHCP Snooping’s binding table as the table of data with valid MAC/IP address pairs or use the logic in configured ARP ACLs. The question stem states that DAI uses DHCP Snooping, so the correct answer notes that the switch will compare the ARP message’s origin hardware address to the switch’s DHCP Snooping binding table.
One incorrect answer mentions a comparison of the message’s ARP origin MAC (hardware) address with the message’s Ethernet source MAC address. DAI can perform that check, but that feature can be configured to be enabled or disabled, so DAI would not always perform this comparison. The other incorrect answers list logic never performed by DAI.
Please login or Register to submit your answer