Last Updated on August 1, 2021 by Admin 2
What command would be used to verify trusted DHCP ports?
- show mls qos
- show ip dhcp snooping
- show ip trust
- show ip arp trust
The command show ip dhcp snooping is used to verify trusted DHCP ports. This command is used to verify which ports are intended to have DHCP servers connected to them. DHCP snooping creates an IP address to MAC address database that Dynamic ARP Inspection (DAI) uses to validate ARP packets. It compares the MAC address and IP address in ARP packets and only permits the traffic if the addresses match. This eliminates attackers that are spoofing MAC addresses.
DHCP snooping is used to define ports as trusted for DHCP server connections. The purpose of DHCP snooping is to mitigate DHCP spoofing attacks. DHCP snooping can be used to determine what ports are able to send DHCP server packets, such as DHCPOFFER, DHCPACK, and DHCPNAK. DHCP snooping can also cache the MAC address to IP address mapping for clients receiving DHCP addresses from a valid DHCP server.
MLS QOS has no bearing on DHCP services, so show mls qos is not correct.
The other commands are incorrect because of invalid syntax.
Configure and verify switch security features