Trying to get my head around these two features. The way I understand it: - DAI: applied per VLAN and used to prevent an evil host from poisoning your ARP cache and thus intercepting traffic on its way to the legit destination - SG: applied per port and used to prevent an evil host from spoofing an IP address and intercepting your traffic Both build off of the DHCP snooping database and provide a means of entering static information
Configuration doesn't seem that difficult either, but what I can't quite grasp is when it would be best to use one over the other. While they're two different features that go about their goals in different ways, it seems to me they both achieve the same objective of preventing said evil host from getting your data. Or am I missing something? _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
