Meraki

Community

Do we trust or untrust ports that connect to Access Point when configure DAI

chuyendang
Getting noticed
‎Jul 11 2019 6:05 PM
‎Jul 11 2019 6:05 PM

Do we trust or untrust ports that connect to Access Point when configure DAI

I'm configuring DAI and wondering if we should put the port that connect to Access Point (Meraki) as trust or untrust port?

 

Thanks,

0 Kudos
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 11 2019 8:59 PM
‎Jul 11 2019 8:59 PM

I think I would mark them as DAI trusted.  APs often use proxy arp on the wireless side to reduce the broadcasting of ARP packets - the very thing DAI relies on.

 

I suspect it would cause issues using DAI on an AP port.

In response to PhilipDAth
chuyendang
Getting noticed
‎Jul 12 2019 6:37 AM
‎Jul 12 2019 6:37 AM

We have seen a case that Wireless clients sniff the default gateway. If we trust the AP port, won't DAI block bad ARP? 

0 Kudos
In response to chuyendang
redsector
Head in the Cloud
‎Jul 15 2019 6:24 AM
‎Jul 15 2019 6:24 AM

We have got all user ports untrusted even with MR accesspoints. No issues up to now (with MS10.45, MS11.22 and MR25.13 softwared networks/devices). Only the uplink-ports are trusted. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.