Home > DHCP Questions

DHCP Questions

October 27th, 2018 Go to comments

Note: If you are not sure about DHCP, please read our DHCP tutorial.

Question 1


The command “show ip dhcp conflict” is used to display address conflicts found by a Cisco IOS DHCP Server when addresses are offered to the client. An example of the output of this command is shown below:


Question 2


We can use the “lease” command to specify the duration of the lease: lease {days [hours][minutes] | infinite}

The default is a one-day lease.

Question 3


An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from the pool. The address will not be assigned until the administrator resolves the conflict.

(Reference: http://www.cisco.com/en/US/docs/ios/12_1/iproute/configuration/guide/1cddhcp.html)

Question 4


The following example shows how to configure a DHCP Server on a Cisco router:

Configuration Description
Router(config)#ip dhcp pool CLIENTS Create a DHCP Pool named CLIENTS
Router(dhcp-config)#network /24 Specifies the subnet and mask of the DHCP address pool
Router(dhcp-config)#default-router Set the default gateway of the DHCP Clients
Router(dhcp-config)#dns-server Configure a Domain Name Server (DNS)
Router(dhcp-config)#domain-name 9tut.com Configure a domain-name
Router(dhcp-config)#lease 0 12 Duration of the lease (the time during which a client computer can use an assigned IP address). The syntax is “lease {days[hours] [minutes] | infinite}”. In this case the lease is 12 hours. The default is a one-day lease.
Before the lease expires, the client typically needs to renew its address lease assignment with the server
Router(config)# ip dhcp excluded-address The IP range that a DHCP Server should not assign to DHCP Clients. Notice this command is configured under global configuration mode

Note: We checked with both Cisco IOS v12.4 and v15.4 but found no “ip dhcp-server pool” command:


Therefore the answer “ip dhcp-server pool …” is not correct.

Question 5


Quick review of DHCP Spoofing and DHCP snooping:


DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a “man-in-the-middle”.

The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is “closer” than the DHCP Server then he doesn’t need to do anything. Or he can DoS the DHCP Server so that it can’t send the DHCP Response.

DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.


Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down -> Answer D is correct.

The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients. Rogue DHCP servers are often used in man in the middle or denial of service attacks for malicious purposes -> C is correct.

Question 6

Question 7


The DHCP snooping binding database is also referred to as the DHCP snooping binding table. The DHCP snooping feature dynamically builds and maintains the database using information extracted from intercepted DHCP messages. The database contains an entry for each untrusted host with a leased IP address if the host is associated with a VLAN that has DHCP snooping enabled. The database does not contain entries for hosts connected through trusted interfaces.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html

Question 8


The “show ip dhcp binding” command displays the IP address bindings and their associated leases. Below is an example of the output of this command.

R1#show ip dhcp binding
IP address       Hardware address        Lease expiration        Type      0100.0103.85e9.87       Apr 03 2017 08:55 PM    Automatic      0100.50da.2a5e.a2       Apr 03 2017 09:00 PM    Automatic      0100.0103.ea1b.ed       Apr 03 2017 08:58 PM    Automatic

Question 9


The command “show ip dhcp pool” is used to display information about the DHCP address pools. There are some information we can use to check the failure of address assignment. For example we can see how many IP addresses have been leased for a specific pool. If some IP addresses have been assigned from a pool but a client of that pool has not received the assignment then maybe the issue belongs to the client itself.

R1#show ip dhcp pool
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0 
 Total addresses                : 1
 Leased addresses               : 1
 Pending event                  : none
 0 subnet is currently in the pool :
 Current index        IP address range                    Leased addresses   -    1

Question 10


An address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by a DHCP server. Manual bindings are IP addresses that have been manually mapped to the MAC addresses of hosts that are found in the DHCP database.

All DHCP clients send a client identifier (DHCP option 61) in the DHCP packet. To configure manual bindings, you must enter the client-identifier DHCP pool configuration command with the appropriate hexadecimal values identifying the DHCP client. For example:

ip dhcp pool SERVER
client-identifier 01aa.bbcc.0003.00

Therefore two requirements for DHCP binding is the IP address and the hardware address (MAC address) of the client. Notice that in the above example “aabb.cc00.0300” is the MAC address of the client while prefix “01” represents the Ethernet media type.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfdhcp.html

In fact the “DHCP pool” option is also correct but two above choices are better.


Comments (28) Comments
  1. anonymous
    February 19th, 2017

    Question 5 are you sure that the answer is not C,D instead of B,D?

    as many other websites saying

  2. punisher
    February 21st, 2017

    C is definitely correct. Don’t understand B…

  3. dodgy
    March 1st, 2017

    Question 1, Explanation IP address Both class B addresses x.x.1.32-x.x.1.64 wheres the conflict? WHAT am I missing!!

  4. theunreal
    March 4th, 2017

    @anonymous: C is definitely correct, but let’s look into D “prevent untrusted host and servers to connect”: I don’t think it’s correct, as DCHP snooping prevents only DHCP servers to send DHCP response through a port configured as untrusted. But it doesn’t deny any untrusted host (which here, in my opinion, is quite generic if referred to devices and servers) to connect to the network, as the term “untrusted” is referred only to ports, as you can see from the picture explanation above. So, the only acceptable answer if I exclude D, is B. The explanation for B is above in answer explanation.
    Please write a comment if you think I am wrong

  5. joetheplummer
    March 17th, 2017

    this is more of an example of poor grammar i think. dchp reservation can be set, and it’s just like microsoft. you can make a reservation and not snooping is not required. preventing untrusted hosts and servers i think means both disallowing the connection between the two, as well as preventing access via port management.


  6. CLAO
    March 21st, 2017

    please, help me with the questionns, I need study pleasee. Thanks.

  7. Kenya
    May 11th, 2017

    Which command is used to build DHCP pool?
    A. ip dhcp pool DHCP
    B. ip dhcp conflict
    C. ip dhcp-server pool DHCP
    D. ip dhcp-client pool DHCP

    Is it A or C?

  8. Arte718
    May 12th, 2017

    Where can I get the question s please sent me link very please a r t e m 7 1 8 @ gmail. C o m

  9. Muhammad Mohyuddin
    May 16th, 2017

    Which command is used to build DHCP pool?
    A. ip dhcp pool DHCP
    B. ip dhcp conflict
    C. ip dhcp-server pool DHCP
    D. ip dhcp-client pool DHCP

    A is correct answer

  10. wiper
    June 22nd, 2017

    @Eduardo, how can I get it?

  11. JD
    July 23rd, 2017

    Hi 9tut!
    I think Q5 answers C and D are correct and the last sentence in the explanation (“This is called DHCP Reservation”) should be deleted as it is misused here – “DHCP Reservation” is surely a binding between mac address and IP address but only in DHCP Server configuration area – not in DHCP Snooping area. This binding here is for switchport to track whether the IP and Mac Address used on port are accordant to what DHCP leased for the device on this port – it supports security on the port – so i also prevents some rogue hosts on the port – so answer D is also correct. Answer C is correct no doubt, because preventing rouge DHCP server from leasing addresses is primary DHCP Snooping task to do.

  12. 9tut
    August 29th, 2017

    @JD, @moon: Yes, the correct answers for Q.5 should be C D. Thanks for your detection. We have just fixed it!

  13. dorel
    October 12th, 2017

    QUESTION 117
    Which two options are benefits of dhcp snooping?
    A. it prevents dhcp reservations
    B. it simplifies the process of adding DHCP Servers to the network
    C. it prevents the deployment of rogue DHCP Servers
    D. it prevents static reservations
    E. it Tracks the location of hosts in the network
    the answer c and d ???

  14. dorel
    October 12th, 2017

    QUESTION 122
    Which two features can dynamically assign IPv6 addresses? (Choose two.)
    A. IPv6 stateless autoconfiguration
    B. DHCP
    C. NHRP
    D. IPv6 stateful autoconfiguration
    E. ISATAP tunneling
    The Answer: A and B ???

  15. sachu
    December 16th, 2017

    Which command can you enter to display duplicate IP addresses that the DHCP server assigns?
    A. show ip dhcp conflict
    B. show ip dhcp database
    C. show ip dhcp server statistics
    D. show ip dhcp binding

    Can some tell me why the answer A is correct .
    I think answer D is correct because in the new iOS Version 15.2(4)S5, there is no option to enter the IP address after the command sh ip dhcp conflict (***).

  16. Anonymous
    January 27th, 2018

    qestions are not displayed

  17. potocki
    January 30th, 2018

    @Anonymous: because of copyrighted issues, all CCNA questions are on this site: http://congressreiki.ranm.org/?all=ccna-questions-and-answers

  18. cthelite
    April 1st, 2018

    None of these answers are actually correct. 9tut chose the closest. Obviously A, B, and C are not correct as we’re referring to DHCP. In regards to answer D:

    “sh ip dhcp binding” shows the DHCP table with all IPs, MACs, Lease Expirations for all pools (NOT trusted/untrusted ports).
    “sh ip dhcp database” shows info about the binding file itself, not what’s in it (file location, when written, last updated).
    “sh ip dhcp snooping” shows info about trusted/untrusted ports.
    “sh ip dhcp snooping database” shows info about the snooping file itself.

    Just the Binding Database refers to the DHCP table. Without snooping enabled there is no concept of Trusted/Untrusted. The Binding DBase and the Snooping DBase are two seperate files. Answer D probably originally included the keyword “snooping” in it. After snooping is enabled, the snooping dbase or snooping binding dbase would be the only place that would reference Trusted/Untrusted ports in DHCP.

  19. Dany1
    June 30th, 2018

    Q7: Partially agree with cthelite. Snooping Binding Database and Binding Database are different, because has no the same fields. Snooping binding database is per VLAN and have that field VLAN in snooping database (show ip dhcp snooping –> VLAN interface).
    Is no field called VLAN in binding database structure.
    On L3 switch, dhcp is running directly on interface VLAN or can use ip helper command.
    Is true, word “snooping” is missing from answer.
    Sachu: Correct.
    I guess they combined two commands in one: show ip dhcp conflict and clear ip dhcp conflict The last one is used when the conflict is solved and want to reuse ip address

  20. Anonymous
    July 12th, 2018

    hi everyone,

    Please send me the latest dump CCNA 200-125 to me if you’ll have, I am preparing for CCNA exam next month.

    guason (at) gmx . us , please


  21. Anonymous
    August 9th, 2018

    Share a useful link, the content inside is true and effective.

    http: / / t.cn/ RDf8DJW

  22. bos193
    December 11th, 2018

    Hello everyone,
    Only paid members can see the questions?
    I only see the answers, where are the questions?

  23. bill
    April 30th, 2019

    in exam there was question: what will stop a pc from receiving ip address from DHCP server?


    i had no idea so chose 802.1q

  24. nothing
    July 12th, 2019


  25. tita cuba
    July 24th, 2019

    Please send me actuals dumps> jodo9019 @ gmail . com >200-125<<

  26. Anonymous
    August 18th, 2019


  27. Anonymous
    December 14th, 2019

    heeeeeeelp please : can any one send me the last dumps my exam will be within a day

    marspalnet2002@ gmail . com

Add a Comment