We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 637 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


364 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Forum Replies

  1. Hi Alberto,


    If you feel ARP poisoning is a risk on your network then you could implement it. However if you use static addresses then it’s probably not worth the effort.

    DAI is very useful when you use DHCP as it relies on the DHCP snooping database. When you use DHCP then DAI will work for all address leases and we use the static entries only for some static devices like routers or servers.

    If you have to implement this for all your users then it might be quite some work…


  2. Hello Rene,

    ARP poisoning attack can mitigate DAI and DAI works on DHCP snooping Database. So If there is no DHCP server, how can we mitigate ARP Poisoning attack?? Its like that if we want to mitigate ARP poisoning then must have to enable DHCP environment or any other way to mitigate ARP POISONING.


  3. Hi Zaman,

    There is one other method if you don’t have a DHCP server. You can create static ARP bindings in the ARP snooping database.


  4. So I am on the final run getting ready for my CCNP Switch some areas I am weaker in was DHCP Snooping and DAI.

    I created the following lab in CISCO VIRL Lab:


    I had three pages of information (lol) but decided to edit it out AS I was able to figure out everything by going back over your lesson and watching the video.

    Writing on the forums really helps me to get things straight in my brain and also not feel alone when studying and stuck on s

    ... Continue reading in our forum

  5. Hello florian

    My apologies for not responding sooner!

    Keep in mind that the Sender hardware address and the target hardware addresses found within the ARP packet are not the source and destination MAC addresses found in the Ethernet header. Now you are correct when you say that:

    ... Continue reading in our forum

14 more replies! Ask a question or join the discussion by visiting our Community Forum