DHCPv6 Guard is a security feature designed to protect the network from rogue DHCPv6 servers by blocking unauthorized DHCPv6 messages. Specifically, it prevents DHCPv6 relay agents from sending messages to the legitimate DHCPv6 server. This helps ensure that only valid DHCPv6 servers can assign IP addresses to clients, preventing network misconfigurations and possible Man-in-the-Middle (MitM) attacks.
Answer is A
This module describes the Dynamic Host Configuration Protocol version 6 (DHCPv6) Guard feature. This
feature blocks DHCPreply and advertisement messages that originate from unauthorized DHCPservers and
relay agents that forward DHCP packets from servers to clients. Client messages or messages sent by relay
agentsfrom clientsto servers are not blocked.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-sy/dhcp-15-sy-book/ip6-dhcpv6-guard.pdf#:~:text=Feature%20Name%20The%20DHCP%E2%80%94DHCPv6%20Guard%20feature%20blocks,from%20clients%20to%20servers%20are%20not%20blocked.
This module describes the Dynamic Host Configuration Protocol version 6 (DHCPv6) Guard feature. This
feature blocks DHCPreply and advertisement messages that originate from unauthorized DHCPservers and
relay agents that forward DHCP packets from servers to clients. Client messages or messages sent by relay
agentsfrom clientsto servers are not blocked.
Does not block communication from relay to server
D is correct. From Cisco textbook: DHCPv6 Guard prevents rogue devices that are pretending to be legitimate DHCP servers from assigning improper IP information to clients. It blocks DHCP reply and advertisement messages that originate from unauthorized DHCP servers and relay agents that forward DHCP packets from servers to clients. Client messages or messages that are sent by relay agents from clients to servers are not blocked.
If we consider that DHCPv6 guard blocks some messages, and allows others, A could be correct. It definately doesn't block messages from relay to DHCP server.
Since the default mode of the switch is to “guard”, by default all ports configured with dhcpv6 guard will be in client mode. Thus all ports will be dropping any dhcpv6 server messages by default.https://community.cisco.com/t5/networking-knowledge-base/understanding-dhcpv6-guard/ta-p/3147653
We aren't blocking client to server messages so I don't agree with D. B makes no sense.
C seems okay but this isn't a purpose, and I'm not sure how it shows clients are affected.
A:
it messages between a server and client (and drops server messages that don't match the ACL or prefix-list match)
I'm going with A on this one: It messages between DHCPv6 server and client: True it blocks or lets the message get through.
D: It blocks DHCPv6 messages from a relay to a DHCPv6 server. If this is true can someone explain?
This section is not available anymore. Please use the main Exam Page.300-410 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Sammy3637
3 months, 1 week agoSammy3637
2 months, 1 week agoSammy3637
2 months, 2 weeks agoThomas12345678
5 months, 1 week agobk989
8 months agobk989
8 months agoFenix7
8 months, 1 week agobk989
8 months, 3 weeks agobk989
8 months, 1 week ago[Removed]
9 months, 1 week ago[Removed]
9 months, 1 week agoPietjeplukgeluk
9 months, 3 weeks agoPietjeplukgeluk
9 months, 3 weeks agokrobo
10 months, 1 week agobk989
9 months, 1 week agodapardo
10 months, 2 weeks ago