I'm configuring DAI and wondering if we should put the port that connect to Access Point (Meraki) as trust or untrust port?
I think I would mark them as DAI trusted. APs often use proxy arp on the wireless side to reduce the broadcasting of ARP packets - the very thing DAI relies on.
I suspect it would cause issues using DAI on an AP port.
We have seen a case that Wireless clients sniff the default gateway. If we trust the AP port, won't DAI block bad ARP?
We have got all user ports untrusted even with MR accesspoints. No issues up to now (with MS10.45, MS11.22 and MR25.13 softwared networks/devices). Only the uplink-ports are trusted.