Do we trust or untrust ports that connect to Access Point when configure DAI

chuyendang
Getting noticed

Do we trust or untrust ports that connect to Access Point when configure DAI

I'm configuring DAI and wondering if we should put the port that connect to Access Point (Meraki) as trust or untrust port?

 

Thanks,

3 REPLIES 3
PhilipDAth
Kind of a big deal
Kind of a big deal

I think I would mark them as DAI trusted.  APs often use proxy arp on the wireless side to reduce the broadcasting of ARP packets - the very thing DAI relies on.

 

I suspect it would cause issues using DAI on an AP port.

We have seen a case that Wireless clients sniff the default gateway. If we trust the AP port, won't DAI block bad ARP? 

We have got all user ports untrusted even with MR accesspoints. No issues up to now (with MS10.45, MS11.22 and MR25.13 softwared networks/devices). Only the uplink-ports are trusted. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels