350-701 · Question #268
A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface. How does the switch behave in this situation?
The correct answer is A. It forwards the packet without validation.. DAI determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping binding database. This database is built by DHCP snooping if DHCP snooping is enabled on the VLANs and on the switch. If the ARP packet is receiv
Question
A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface. How does the switch behave in this situation?
Options
- AIt forwards the packet without validation.
- BIt forwards the packet after validation by using the MAC Binding Table.
- CIt drops the packet after validation by using the IP & MAC Binding Table.
- DIt drops the packet without validation.
How the community answered
(49 responses)- A84% (41)
- B6% (3)
- C2% (1)
- D8% (4)
Explanation
DAI determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping binding database. This database is built by DHCP snooping if DHCP snooping is enabled on the VLANs and on the switch. If the ARP packet is received on a trusted interface, the switch forwards the packet without any checks. On untrusted interfaces, the switch forwards the packet only if it is valid.
Topics
Community Discussion
No community discussion yet for this question.