Dynamic ARP Inspection (DAI) is a security feature that verifies address resolution protocol (ARP) requests and responses in a network.
ARP allows hosts within a Layer 2 broadcast domain to communicate. It does this by mapping an IP address to the individual host's media access control (MAC) address. If a particular host wants to send information to another host but does not have the second host's MAC address in its ARP cache, it sends a message to all hosts throughout the domain seeking that information. The second host then responds with its MAC address.Content Continues Below
These transmissions can be vulnerable to man in the middle attacks. DAI stops these attacks by intercepting all ARP requests and responses and dropping packets with invalid IP-to-MAC address bindings. This approach ensures that only valid ARP requests and responses are passed through.