To allow only authorized users (users who obtain IP addresses through authorized DHCP servers or...

Huawei H12-891_V1.0 Question Answer

To allow only authorized users (users who obtain IP addresses through authorized DHCP servers or use specified static IP addresses) to access the network shown in the figure, which of the following solutions can be used?

DAI + Port Security

DHCP Snooping + IPSG

DHCP Snooping + DAI

DAI + IPSG

Explanation:

Understanding Network Security for Authorized User Access

????Problem Scenario:

Only authorized users should be allowed network access.

Users can obtain IP addresses either via DHCP or a predefined static IP list.

Unauthorized users (e.g., attackers using rogue DHCP servers or spoofed IPs) must be blocked.

????Required Technologies for Securing Access:

1️⃣DHCP Snooping– Protects againstrogue DHCP serversand builds abinding table of legitimate DHCP clients.

2️⃣IP Source Guard (IPSG)– Ensures that onlyauthorized IP-MAC bindingscan send traffic.

Analysis of the Answer Choices:

❌A. DAI + Port Security (Incorrect)

DAI (Dynamic ARP Inspection)prevents ARP spoofingbut doesnot validate IP-MAC-DHCP bindings.

Port Securityonlylimits MAC addresses per portbut doesnot verify IP addresses.

Does NOT protect against unauthorized static IP users.

✅B. DHCP Snooping + IPSG (Correct)

DHCP Snooping:

Preventsrogue DHCP servers from assigning unauthorized IPs.

Builds aDHCP binding table(IP-MAC-Port).

IP Source Guard (IPSG):

Blocks trafficfrom IPs not listed in the DHCP snooping binding table.

Can be configured to allow manually specified static IP addresses.

Best choice to allow only authorized users (both DHCP and static IP users).

❌C. DHCP Snooping + DAI (Incorrect)

DAI (Dynamic ARP Inspection) prevents ARP spoofingbutdoes not block unauthorized static IP users.

Lacks IP-level access controlneeded to enforce static IP policies.

❌D. DAI + IPSG (Incorrect)

IPSG (IP Source Guard) needs DHCP Snooping to build the binding table.

Without DHCP Snooping, IPSG cannot function properly.

DAI does not provide complete protection against unauthorized users.

Why is the Answer B (DHCP Snooping + IPSG)?

✅Ensures only users assigned a DHCP IP (or authorized static IPs) can send traffic.

✅Blocks rogue DHCP servers and unauthorized static IP users.

Real-World Application:

Enterprise Networks:Prevents unauthorizedstatic IP users or attackers from accessing VLANs.

Public Wi-Fi Security:Ensures onlyauthorized users receive IPs and can send traffic.

✅Reference:Huawei HCIE-Datacom Guide – DHCP Snooping and IPSG Security Mechanisms

H12-891_V1.0 PDF/Engine

Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions

Get 65% Discount on All Products, Use Coupon: "ac4s65"

Refer to the output information of a device below.

When a client invokes the iMaster NCE-Campus RESTful API, it sends an HTTP request.

New Year Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

To allow only authorized users (users who obtain IP addresses through authorized DHCP servers or...

The Answer Is:

Explanation:

Quick Links