NSE4 Question #328: Real Exam Question with Answer & Explanation

Question

An administrator has configured two VLAN interfaces: A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the VLAN5 interface. However, the DHCP client cannot get a dynamic IP address from the DHCP server. What is the cause of the problem?

Options

• ABoth interfaces must be in different VDOMs
• BBoth interfaces must have the same VLAN ID.
• CThe role of the VLAN10 interface must be set to server.
• DBoth interfaces must belong to the same forward domain.

Explanation

For a DHCP client on one VLAN interface to receive an IP address from a DHCP server on another VLAN interface managed by the same FortiGate, both VLAN interfaces must belong to the same forward domain to allow Layer 2 broadcast communication if part of a virtual switch.

Common mistakes.

• A. Both interfaces being in different VDOMs would further isolate them and prevent DHCP communication without specific inter-VDOM links or routing.
• B. VLAN interfaces are typically distinct Layer 2 segments identified by their VLAN ID; having the same VLAN ID would not create two distinct VLAN interfaces as described.
• C. The role of a FortiGate interface (e.g., LAN, WAN) does not dictate its ability to function as a DHCP server or client; the issue is connectivity, not the interface's functional role.

Concept tested. FortiGate forward domains and DHCP communication

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/526710/setting-the-interface-role

No community discussion yet for this question.