Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
To bind ARP entry as IPSG entry, IPSG should be enabled on interface first.
9.10 DAI
DAI (Dynamic ARP Inspection) is used to check the legality of received packet by using the
DHCP snooping table and IPSG static ARP table. The illegal ARP messages will be discarded.
Functions are as follows:
1. Use DHCP snooping table and IPSG static table to create a credible, real and safe ARP
cache library for resisting ARP spoofing.
2. The non-trusted interface ARP responses will be blocked and matched to check if the
interface is matched; otherwise, the unmatched one should be discarded.
3. The trusted interface will not be blocked and matched.
4. Limit the ARP packet rate for non-trusted interface.
9.10.1 Global
Click Security> DAI> Global, the configuration page is displayed as follows.
Figure 9-46 Global Settings