Configuring ARP Inspection on a Layer 2 Switch
Before configuring DAI, you need to think about the feature and make a few decisions based on
your goals, topology, and device roles. The decisions include the following:
Choose whether to rely on DHCP Snooping, ARP ACLs, or both.
If using DHCP Snooping, configure it and make the correct ports trusted for DHCP
Snooping.
Choose the VLAN(s) on which to enable DAI.
Make DAI trusted (rather than the default setting of untrusted) on select ports in those
VLANs, typically for the same ports you trusted for DHCP Snooping.