What is Dynamic ARP Inspection (DAI)?
Answer
Dynamic ARP Inspection (DAI) is a security feature that validates ARP packets in a network to prevent ARP spoofing/poisoning attacks. ARP spoofing allows attackers to associate their MAC address with the IP of another host (like the default gateway), intercepting traffic. DAI intercepts all ARP packets on untrusted ports and validates them against the DHCP snooping binding table (which records legitimate IP-MAC-port-VLAN mappings). If the ARP packet's IP-MAC binding matches the binding table, it is forwarded; otherwise, it is dropped and logged. DAI requires DHCP snooping to be enabled first (since it uses the binding table). For devices with static IPs (servers, routers), create ARP ACLs: arp access-list SERVER-ACL; permit ip host 10.0.0.1 mac host 00:11:22:33:44:55. Enable: ip arp inspection vlan 10; ip arp inspection trust on uplinks. DAI operates at Layer 2 and effectively eliminates ARP poisoning attacks from the local network.
Previous
What is DHCP snooping?
Next
What is the difference between convergence time in routing protocols?