Exam 300-410 topic 1 question 427 discussion

DHCPv6 Guard Overview The DHCPv6 Guard feature blocks reply and advertisement messages that come from unauthorized DHCP servers and relay agents. Packets are classified into one of the three DHCP type messages. All client messages are always switched regardless of device role. DHCP server messages are only processed further if the device role is set to server. Further processing of server messages includes DHCP server advertisements(for source validation and server preference) and DHCP server replies (for permitted prefixes). If the device is configured as a DHCP server, all the messages need to be switched, regardless of the device role configuration. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-sy/dhcp-15-sy-book/ip6-dhcpv6-guard.pdf

C: No it blocks DHCP advertisement messages from rogue serverts D: We can use access-lists to match the DHCP server, and prefix-lists for allowed prefixes. C: True. We need to switch all client messages whether the port role is set as host or server, otherwise we break DHCPv6 Server messages on a host port are blocked. Server messages on a server port are allowed, but can be restricted with ACL's (to match allowed servers), or prefix-lists (to allow prefixes)

The option B. All client messages are always switched regardless of the device role is incorrect because the IPv6 DHCP Guard feature specifically filters and controls DHCP messages based on the role of the device (trusted or untrusted). The main purpose of this feature is to block DHCP messages from unauthorized or rogue DHCP servers, not to switch all client messages indiscriminately.

B is corerct

Correct