DAI (Dynamic Arp Inspection) is built on DHCP snooping. It utilizes its database. IMHO, I think that you would have to have option1 combined with option2 together.
On Thu, Mar 3, 2011 at 10:42 AM, Serious CCIE <[email protected]> wrote: > Hi, > > Will these do the same job? option#2 will save some time in typing as it > applies to the whole vlan/port while option#2 is for an specific port. > > what are your thoughts? > > Option#1 > ! > ip dhcp snooping binding aaa.aaa.aaa vlan 10 11.11.11.11 interface 48 > ip arp inspection vlan 10 > ! > > -----------Vs--------------- > > option#2 > ! > arp access-list ARP_ACL > permit ip host 11.11.11.11 mac host aaa.aaa.aaa > ! > ip arp inspection filter ARP_ACL vlan 10 > ip arp inspection vlan 10 > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
