• Post author:
  • Post category:Blog
  • Reading time:2 mins read
  • Post last modified:March 16, 2024

Why is DHCP snooping required when using the Dynamic ARP Inspection feature?

  • It uses the MAC address table to verify the default gateway IP address.
  • It redirects ARP requests to the DHCP server for verification.
  • It relies on the settings of trusted and untrusted ports set by DHCP snooping.
  • It uses the MAC-address-to-IP-address binding database to validate an ARP packet.

DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and builds a bindings database of valid tuples (MAC address, IP address, VLAN interface).

When DAI is enabled, the switch drops ARP packet if the sender MAC address and sender IP address do not match an entry in the DHCP snooping bindings database. However, it can be overcome through static mappings. Static mappings are useful when hosts configure static IP addresses, DHCP snooping cannot be run, or other switches in the network do not run dynamic ARP inspection. A static mapping associates an IP address to a MAC address on a VLAN.

For more Questions and Answers:

CCNA 2 v7 – SRWE v7.02 Final Exam Answers Full 100%