Home > DHCP Questions

DHCP Questions

February 6th, 2017 Go to comments

Question 1


The command “show ip dhcp conflict” is used to display address conflicts found by a Cisco IOS DHCP Server when addresses are offered to the client. An example of the output of this command is shown below:


Question 2


We can use the “lease” command to specify the duration of the lease: lease {days [hours][minutes] | infinite}

The default is a one-day lease.

Question 3


An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from the pool. The address will not be assigned until the administrator resolves the conflict.

(Reference: http://www.cisco.com/en/US/docs/ios/12_1/iproute/configuration/guide/1cddhcp.html)

Question 4


The following example shows how to configure a DHCP Server on a Cisco router:

Configuration Description
Router(config)#ip dhcp pool CLIENTS Create a DHCP Pool named CLIENTS
Router(dhcp-config)#network /24 Specifies the subnet and mask of the DHCP address pool
Router(dhcp-config)#default-router Set the default gateway of the DHCP Clients
Router(dhcp-config)#dns-server Configure a Domain Name Server (DNS)
Router(dhcp-config)#domain-name 9tut.com Configure a domain-name
Router(dhcp-config)#lease 0 12 Duration of the lease (the time during which a client computer can use an assigned IP address). The syntax is “lease {days[hours] [minutes] | infinite}”. In this case the lease is 12 hours. The default is a one-day lease.
Before the lease expires, the client typically needs to renew its address lease assignment with the server
Router(config)# ip dhcp excluded-address The IP range that a DHCP Server should not assign to DHCP Clients. Notice this command is configured under global configuration mode

Note: We checked with both Cisco IOS v12.4 and v15.4 but found no “ip dhcp-server pool” command:


Therefore the answer “ip dhcp-server pool …” is not correct.

Question 5


Quick review of DHCP Spoofing and DHCP snooping:


DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a “man-in-the-middle”.

The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is “closer” than the DHCP Server then he doesn’t need to do anything. Or he can DoS the DHCP Server so that it can’t send the DHCP Response.

DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.


Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down -> Answer D is correct.

The DHCP snooping binding database has the MAC address, the IP address, the lease time, the binding type, the VLAN number, and the interface information that corresponds to the local untrusted interfaces of a switch. By using this database, DHCP can bind a particular IP Address to a particular client via its unique MAC address. This is called DHCP Reservation -> B is correct.

Question 6

Comments (10) Comments
  1. anonymous
    February 19th, 2017

    Question 5 are you sure that the answer is not C,D instead of B,D?

    as many other websites saying

  2. punisher
    February 21st, 2017

    C is definitely correct. Don’t understand B…

  3. dodgy
    March 1st, 2017

    Question 1, Explanation IP address Both class B addresses x.x.1.32-x.x.1.64 wheres the conflict? WHAT am I missing!!

  4. theunreal
    March 4th, 2017

    @anonymous: C is definitely correct, but let’s look into D “prevent untrusted host and servers to connect”: I don’t think it’s correct, as DCHP snooping prevents only DHCP servers to send DHCP response through a port configured as untrusted. But it doesn’t deny any untrusted host (which here, in my opinion, is quite generic if referred to devices and servers) to connect to the network, as the term “untrusted” is referred only to ports, as you can see from the picture explanation above. So, the only acceptable answer if I exclude D, is B. The explanation for B is above in answer explanation.
    Please write a comment if you think I am wrong

  5. joetheplummer
    March 17th, 2017

    this is more of an example of poor grammar i think. dchp reservation can be set, and it’s just like microsoft. you can make a reservation and not snooping is not required. preventing untrusted hosts and servers i think means both disallowing the connection between the two, as well as preventing access via port management.


  6. CLAO
    March 21st, 2017

    please, help me with the questionns, I need study pleasee. Thanks.

  7. New*Dumps
    April 4th, 2017

    DOWNLOAD Files at below link
    100%, guaranteed passing material get Download package, (AllinONE) that you need to clear exam.
    All LABS in Packet Tracer
    VCE + PDF


  8. Kenya
    May 11th, 2017

    Which command is used to build DHCP pool?
    A. ip dhcp pool DHCP
    B. ip dhcp conflict
    C. ip dhcp-server pool DHCP
    D. ip dhcp-client pool DHCP

    Is it A or C?

  9. Arte718
    May 12th, 2017

    Where can I get the question s please sent me link very please a r t e m 7 1 8 @ gmail. C o m

  10. Muhammad Mohyuddin
    May 16th, 2017

    Which command is used to build DHCP pool?
    A. ip dhcp pool DHCP
    B. ip dhcp conflict
    C. ip dhcp-server pool DHCP
    D. ip dhcp-client pool DHCP

    A is correct answer