Exam 300-410 topic 1 question 430 discussion

Q#427 - DUBC89x DHCPv6 Guard Overview The DHCPv6 Guard feature blocks reply and advertisement messages that come from unauthorized DHCP servers and relay agents. Packets are classified into one of the three DHCP type messages. All client messages are always switched regardless of device role. DHCP server messages are only processed further if the device role is set to server. Further processing of server messages includes DHCP server advertisements(for source validation and server preference) and DHCP server replies (for permitted prefixes). If the device is configured as a DHCP server, all the messages need to be switched, regardless of the device role configuration. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-sy/dhcp-15-sy-book/ip6-dhcpv6-guard.pdf

B is saying that only DHCP request are allowed. (Not true) Packets are classified into one of the three DHCP type messages. All client messages are always switched regardless of device role.

If it is configured as a client, messages are switched regardless of the assigned role: This is incorrect because DHCPv6 Guard does not allow all messages to pass through. It specifically filters the traffic based on the role of the device (client in this case).

"end device" i will assume the objective about a client not server.

A is correct

A answer is correct Explanation The DHCPv6 Guard feature blocks reply and advertisement messages that come from unauthorized DHCP servers and relay agents. Packets are classified into one of the three DHCP type messages. All client messages are always switched regardless of device role. DHCP server messages are only processed further if the device role is set to server. Further processing of server messages includes DHCP server advertisements (for source validation and server preference) and DHCP server replies (for permitted prefixes). If the device is configured as a DHCP server, all the messages need to be switched, regardless of the device role configuration.

Correct option is A. The DHCPv6 Guard classifies the information into one of the three DHCP type messages (client message, server message, and relay message), and takes action depending on the device role. All client messages are switched regardless of the device role, and the DHCP server messages are only processed further if the device role is set to server.

B. If it is configured as a client, only DHCP requests are permitted. When an end device is configured with DHCPv6 guard, its role is to act as a DHCPv6 client. DHCPv6 guard is a security feature in IPv6 networks that helps prevent rogue DHCPv6 servers from providing unauthorized IPv6 configuration information to clients. With DHCPv6 guard enabled on an end device configured as a client, it will only allow DHCPv6 requests to be sent and received. This means that the device will ignore any unauthorized DHCPv6 server responses or advertisements, helping to ensure that IPv6 configuration information is obtained only from trusted and authorized DHCPv6 servers on the network. This is important for maintaining network security and preventing potential misconfigurations or security risks.

Correct answer is B. If it is configured as a client, only requests are permitted. The link HungarianDish linked states that all client messages are forwarded, not that all packets are forwarded when a port is configured as a client. All packets are forwarded when the port is configured a server. "If the device is configured as a DHCP server, all the messages need to be switched, regardless of the device role configuration."

correct option A