Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring Dynamic ARP Inspection to Protect Switching Devices Against ARP Spoofing (CLI Procedure)


Dynamic ARP inspection (DAI) protects switching devices against ARP spoofing. DAI inspects ARP packets on the LAN and uses the information in the DHCP snooping database on the switching devices to validate ARP packets and to protect against ARP cache poisoning.

Before you can enable DAI on a bridge domain, you must configure a bridge domain. See Configuring a Bridge Domain.

  • To enable DAI on a VLAN by using the CLI:

[edit bridge-domains bridge-domain-name forwarding-options dhcp-security]

user@device# set arp-inspection