https://community.cisco.com/t5/cloud-networking-platform/dynamic-arp-inspection-dai/m-p/5457846#M13358 <P>Sorry if this is the wrong place, I couldn't find a general network section. My switches are Netgear (I know, I know), and I have DHCP Snooping enabled, and I'm also thinking about enabling Dynamic ARP Inspection (DAI). Do you guys have DHCP Snooping and DAI enabled at your production network?</P><P>I know DAI looks at the DHCP Snooping database to compare the MAC and IP, but with people working from their home, what happens when they return to work since their laptops will not be in the DHCP Snooping database. I know you can manually add them but that's a lot of work.</P><P>Also, what about 802.1X authentication, anyone using them on their production network?</P><P>I'm trying to make my production network more secure.</P> Mon, 30 Aug 2021 15:17:35 GMT tantony 2021-08-30T15:17:35Z https://community.cisco.com/t5/cloud-networking-platform/dynamic-arp-inspection-dai/m-p/5457846#M13358 <P>Sorry if this is the wrong place, I couldn't find a general network section. My switches are Netgear (I know, I know), and I have DHCP Snooping enabled, and I'm also thinking about enabling Dynamic ARP Inspection (DAI). Do you guys have DHCP Snooping and DAI enabled at your production network?</P><P>I know DAI looks at the DHCP Snooping database to compare the MAC and IP, but with people working from their home, what happens when they return to work since their laptops will not be in the DHCP Snooping database. I know you can manually add them but that's a lot of work.</P><P>Also, what about 802.1X authentication, anyone using them on their production network?</P><P>I'm trying to make my production network more secure.</P> Mon, 30 Aug 2021 15:17:35 GMT https://community.cisco.com/t5/cloud-networking-platform/dynamic-arp-inspection-dai/m-p/5457846#M13358 tantony 2021-08-30T15:17:35Z https://community.cisco.com/t5/cloud-networking-platform/dynamic-arp-inspection-dai/m-p/5457847#M13359 <P>If your clients connect to the switch and get a dhcp address the snooping table will fill. Only client with static assigned address need to have a static entry in the switch.</P> Mon, 30 Aug 2021 16:43:07 GMT https://community.cisco.com/t5/cloud-networking-platform/dynamic-arp-inspection-dai/m-p/5457847#M13359 ww^ 2021-08-30T16:43:07Z https://community.cisco.com/t5/cloud-networking-platform/dynamic-arp-inspection-dai/m-p/5457848#M13360 <P>Wouldn't the client's MAC already have to be in the DHCP Snooping table even to get DHCP? I'm talking about a new device that never connected before.</P> Mon, 30 Aug 2021 17:19:30 GMT https://community.cisco.com/t5/cloud-networking-platform/dynamic-arp-inspection-dai/m-p/5457848#M13360 tantony 2021-08-30T17:19:30Z https://community.cisco.com/t5/cloud-networking-platform/dynamic-arp-inspection-dai/m-p/5457849#M13361 <P>No.</P><P>Dhcp snooping prevent dhcp server side packets(offer,ack) from being send from untrusted ports. (You have to trust ports to the dhcp server like trunks and the port the dhcp server is on)</P><P>So it prevents from unwanted dhcp servers on your network</P><P>And it fills the dhcp snooping table based on the dhcp packets.</P> Mon, 30 Aug 2021 17:24:28 GMT https://community.cisco.com/t5/cloud-networking-platform/dynamic-arp-inspection-dai/m-p/5457849#M13361 ww^ 2021-08-30T17:24:28Z https://community.cisco.com/t5/cloud-networking-platform/dynamic-arp-inspection-dai/m-p/5457850#M13362 <P>Ah right, I forgot about that part. I already have the trunk and lags as trusted, and rest untrusted. </P><P>So far, I've only enabled DAI on one of the switch, and everything is working.</P> Mon, 30 Aug 2021 17:33:28 GMT https://community.cisco.com/t5/cloud-networking-platform/dynamic-arp-inspection-dai/m-p/5457850#M13362 tantony 2021-08-30T17:33:28Z https://community.cisco.com/t5/cloud-networking-platform/dynamic-arp-inspection-dai/m-p/5457851#M13363 <P>Love to hear if anyone is using 802.1X on their network also.</P> Mon, 30 Aug 2021 17:34:14 GMT https://community.cisco.com/t5/cloud-networking-platform/dynamic-arp-inspection-dai/m-p/5457851#M13363 tantony 2021-08-30T17:34:14Z