Why Is Traffic Snooping And Inspection Necessary; Default Traffic Snooping And Inspection Values - Dell Networking N4000 Series Configuration Manual

re-enable the port. DAI rate limiting cannot be enabled on trusted interfaces.
Use the no ip arp inspection limit command to disable diagnostic disabling
of untrused ports due to DAI.

Why Is Traffic Snooping and Inspection Necessary?

DHCP Snooping, IPSG, and DAI are security features that can help protect
the switch and the network against various types of accidental or malicious
attacks. It might be a good idea to enable these features on ports that provide
network access to hosts that are in physically unsecured locations or if
network users connect nonstandard hosts to the network.
For example, if an employee unknowingly connects a workstation to the
network that has a DHCP server, and the DHCP server is enabled, hosts that
attempt to acquire network information from the legitimate network DHCP
server might obtain incorrect information from the rogue DHCP server.
However, if the workstation with the rogue DHCP server is connected to a
port that is configured as untrusted and is a member of a DHCP Snooping-
enabled VLAN, the port discards the DHCP server messages.

Default Traffic Snooping and Inspection Values

DHCP snooping is disabled globally and on all VLANs by default. Ports are
untrusted by default.
Table 27-1. Traffic Snooping Defaults
Parameter
DHCP snooping mode
DHCP snooping VLAN mode
Interface trust state
DHCP logging invalid packets
DHCP snooping rate limit
DHCP snooping burst interval
DHCP snooping binding database
storage
DHCP snooping binding database
write delay
Default Value
Disabled
Disabled on all VLANs
Disabled (untrusted)
Disabled
15 packets per second
1 second
Local
300 seconds
Snooping and Inspecting Traffic
885