--- title: DAI Dynamic Arp Inspection --- ###### tags: `__ccna_EN` Protect network from device https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/dynarp.html dhcp snooping   DAI intercept all request address & Responses Invalid ARP Packets are dropped Determines the validity of ARP packet => Store in a trusted db Build with DHCP snooping (on vlan) Dynamic Arp Inspection protège le réseaux des périphériques qui mentent sur la couche 2. Ca, validate ARP packets against user cfg ARP ACL in order to handle host _INSERT_IMG use ## statically cfg IP@ Interface Truste State, Security Coverage and Network cfg Trusted state => By pass DAI validation Untrusted state => Go thourgh DAI validation Best praticte All port connected to host = untrusted all ports connected to switch = trusted DAI => db Mac@/IP@ Binding through snooping ARP ACL > DHCP Snooping db Logging of dennied Packet Question CCNA Si sur un Vlan on active le ip arp inspection le status passe de trusted à untrusted