An engineer is troubleshooting IPv6 connectivity issues on a switch that has IPv6 First Hop Security features enabled. Clients are unable to obtain a valid IPv6 address via SLAAC. Which TWO configuration changes could resolve this issue? (Choose TWO.)
Correct. If RA Guard is blocking legitimate RAs, permitting the trusted port resolves the issue.
Why this answer
SLAAC relies on Router Advertisements (RAs) from a router. If RA Guard is blocking legitimate RAs, or if ND inspection is dropping them, clients cannot obtain addresses. Option A is correct: if RA Guard is blocking RAs from the legitimate router, adjusting the policy to permit that router's port will fix the issue.
Option D is correct: if ND inspection is enabled and the router's MAC is not in the allowed list, adding it will allow RAs to pass. Option B is incorrect: disabling DHCPv6 snooping would not help SLAAC, as SLAAC does not use DHCPv6. Option C is incorrect: enabling IPv6 Source Guard would not help; it filters source addresses, not RAs.
Option E is incorrect: configuring a DHCPv6 pool is for stateful DHCPv6, not SLAAC.