Your network is configured with dynamic ARP inspection (DAI) using the default parameters for all the DHCP and ARP related configurations. You just added a new device connected to a trunk port and configured it to obtain an IP address using DHCP.
Which two statements are correct in this scenario? (Choose two.)
The DHCP server assigns the IP addressing information to the new device. This is a fundamental characteristic of DHCP, which is responsible for dynamically assigning IP addresses within a network. DHCP snooping adds the DHCP assigned IP address for the new device to its database. DHCP snooping is designed to protect the integrity of an IP network by keeping track of the IP addresses allocated to clients by the DHCP server, and this information is then used to validate incoming ARP packets. Dynamic ARP Inspection (DAI) typically relies on data stored in the DHCP snooping database to validate ARP packets, but since trunk ports are trusted by default, ARP inspections on trunk ports are bypassed.
i think the answer should be A, C because the question is only upto the DHCP process.
Answer is CD, Trunk ports are trusted by default From Juniper Website: Junos OS for EX Series switches and the QFX Series uses DAI for ARP packets received on access ports because these ports are untrusted by default. Trunk ports are trusted by default, and therefore ARP packets bypass DAI on them.
DHCP snooping & DAI ignore trunk interfaces: SRC ARP packet *DAI and DHCPACK from Server towards DHCP Client *Snooping DAI* works with binding from DHCP Snooping. So it's bypass yes. A * C right answers.
The Answer is A & D. The Trunk is trusted, so the DHCP request will be passed on, and the DHCP server will (in all likelihood) respond with an IP address. Once this address is passed on , the switch will add the entry to the DHCP snooping DB. ARP inspection shouldn't be involved at this point, as there is no IP address assigned to the server yet. See Link: https://www.juniper.net/documentation/en_US/junos/topics/concept/port-security-dhcp-snooping-els.html
From Juniper website "By default, all trunk ports on the switch are trusted". So the ARP request will be "exempt" Correct Answer A and C
JUNOS for EX-series software uses DAI for ARP packets received on access ports, because these ports are, by default, untrusted . By default, Trunk ports are trusted , so ARP packets bypass DAI on them. Ans- A and C https://kb.juniper.net/InfoCenter/index?page=content&id=KB10960
In my opinion it should be valid A y C trunk port->By default, all trunk ports on the switch are trusted 'Packets arriving on trusted interfaces bypass all DAI validation checks' 'If the ARP packet is received on a trusted interface, the switch forwards the packet without any checks'
A and C are the correct answers. Trunk ports are *EXEMPT* from DAI
The fact that the ports are part of a trunk and therefore trusted, together with the fact that the configuration is set to the default parameters, makes me think that the snooping db will be bypassed. The IP address has to be assigned by the DHCP server in any case.
B is incorrect, only ARP packets received on untrusted ports are validated against the DHCP snooping database to prevent ARP spoofing.
"DAI inspects ARP packets received on untrusted interfaces. Access ports are untrusted by default but can be changed to trusted ports through user configuration. ARP packets bypass DAI on trusted interfaces. Trunk ports are trusted by default."
I think everyone is missing the point and focusing on certain words and not really what the question is asking. This question in my opinion is about the device acquiring an IP from the DHCP server. It's asking when a device is connected to the network and the DHCP server is on the other side of a Trunk link, and configuration settings are default what will happen, so the answer is A and B. Will the device get an IP address? YES Will DAI validate the information against the DHCP table? YES What is in the DHCP binding DB? The MAC and the IP addresses assigned to the device, which DAI uses.
Trunk port is trusted by default, so no inspection
Trunk ports are *EXEMPT* from DAI :: https://supportportal.juniper.net/s/article/What-is-Dynamic-Arp-Inspection-DAI-and-how-to-configure-it-on-EX-switches?language=en_US
The DORA process to obtain an ip address is a broadcast all the way, so there is no ARP involved. the device sends a broadcast request : src ip 0.0.0.0 , dest ip 255.255.255.255 , src MAC is the device`s MAC, and the dest MAC is ff.ff.ff.ff.ff.ff. the DHCP answers with an offer src ip DHCP`s ip addr and dest ip 255.255.255.255. So no ARP involved and the answer should be A, D .