DAI
Dynamic ARP Inspection (DAI)
Optical LAN ONTs support Layer 2-based support for Dynamic ARP (Address Resolution Protocol) that allows the device to prevent any DHCP snooping or unauthorized attacks occurring on subscriber ports. The feature is designed with the purpose of learning the MAC to IP address binding from the DHCP Acknowledgment messages populated in the Forwarding DB table. The Forwarding DB table contains MAC addresses that should be equivalent to the IP addresses validating port packets arriving upstream.
When DHCP snooping is enabled for VLANs, the Dynamic ARP Inspection check box is provided in the VLAN Property table. VLANs that are chosen for ARP inspection will send the same MAC to IP bindings as designated subscriber ports.
The following table displays the DAI attributes.
|
Attribute |
Description |
Notes |
|
Admin State |
Allows or disallows Dynamic ARP inspection service on the OLT. Values are Enable or Disable. |
Default is Disabled. |
|
Logging Admin State |
Allows or disallows the logging of DAI events. Values are Enable or Disable |
Default is Disabled. |
|
Logging Type |
Defines whether to log permitted ARPs, Denied ARPs or Both. Values are Deny, Permit or Both |
Default is Deny. |
|
Enable Designated MAC Check |
Ensures that the destination MAC of the Ethernet header agrees with the target MAC in the ARP body in ARP responses. Select check box to enable MAC check. Values are Enable or Disable |
Default is Enable |
|
Enable ARP IP Check |
Ensures that the IP address is a valid IP address. It will exclude all multicast addresses, or IPs that are all zeros. The IP will be checked in ARP requests and responses. Select check box to enable IP check. Values are Enable or Disable. |
Default is Enable |
|
Enable Source MAC Check |
Validates that the ARP header and body have the same source MAC address for both ARP requests and responses. Values are Enable or Disable. |
Default is Enable |
|
Enable IP Source Protection |
Ensures that IP source protection is enforced by the OLT and the MAC to Source IP bindings are learned form the DHCP requests or from the ARPs, when a static IP is used. Values are Enable or Disable. |
Default is Enable |
- clicking on the DAI button, the DAI screen is displayed.
- Make the necessary changes to the DAI parameters and click on the Apply button to add the changes to the protocol.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy80MTcwMy81NDk1Mi9ja2ZpbmRlci9pbWFnZXMvcXUvMjAyNS9pbWFnZSgxMTUpLnBuZyIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTc2MjE2NjU3MX19fV19&Signature=InVZ-OnyEHgmuGTs31WWTaRxlzEZtzpWCnwRLqueS-yneRvJbwgdgFos1eC1gF9li2l-KdFpWvtf21BJf2SQBZ2NX7c-p2vY6h9Zj5syM7oe7l7ZgVZ6Q61NAE5qCtgjjvCefcQhA3-2nDJmE~QRbyQu48IzN9DXCOTVn92zFnkd~vBqMHlEnOSbeD1qPRgewqhSNOjNa3P81LOpPrGhpVGZgNIupbsVuoRC47q8BKG6qYkG49oWCymXLE1a9dGG-T1L6105dtOKrInehJUJUNHMrFk8BgOInEGX7WeU0ywTZfTKRx1w~Kd4MXKebqd6a9I-zJuuUYWdFTjD47SPQw__&Key-Pair-Id=K2TK3EG287XSFC)
On this page