DAI Flashcards
What is DAI?
Dynamic Arp Inspection. DAI makes sure that hosts are only replying to the ARP requests that they should be.
How does DAI work?
As DHCP packets come through the network, the switch builds a table mapping MAC addresses to IP addresses. If a host replies to a ARP request for an IP he isn’t mapped to, the reply is dropped by the switch.
What must be enabled for DAI to work?
DHCP snooping.
When does DAI take action?
When ARP replies are TRANSMITTED, not received.
What are trusted ports?
Ports configured by the admin that DAI will not take action on.
According to best practice, all ___ should be set to trusted.
Uplink ports.
What can be used by the switch for DAI in addition to the dynamically learned DHCP addresses?
Static ARP entries configured by the admin.
List the steps to configure DAI.
- Enable DHCP snooping.
- Use the “ip arp inspection” command to enable DAI on each VLAN.
- Use the “ip arp inspection” command to set your validation method (IP is standard).
- Set your trusted ports.
In what context is DAI configured?
Globally (except when configuring trusted ports).