DAI Flashcards

1
Q

What is DAI?

A

Dynamic Arp Inspection. DAI makes sure that hosts are only replying to the ARP requests that they should be.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does DAI work?

A

As DHCP packets come through the network, the switch builds a table mapping MAC addresses to IP addresses. If a host replies to a ARP request for an IP he isn’t mapped to, the reply is dropped by the switch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What must be enabled for DAI to work?

A

DHCP snooping.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When does DAI take action?

A

When ARP replies are TRANSMITTED, not received.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are trusted ports?

A

Ports configured by the admin that DAI will not take action on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

According to best practice, all ___ should be set to trusted.

A

Uplink ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What can be used by the switch for DAI in addition to the dynamically learned DHCP addresses?

A

Static ARP entries configured by the admin.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

List the steps to configure DAI.

A
  1. Enable DHCP snooping.
  2. Use the “ip arp inspection” command to enable DAI on each VLAN.
  3. Use the “ip arp inspection” command to set your validation method (IP is standard).
  4. Set your trusted ports.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In what context is DAI configured?

A

Globally (except when configuring trusted ports).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly