The DHCP snooping ARP packet check function, also called DAI function on some products can be configured to defend against invalid ARP packets. The implementations of these two functions are similar.
An attacker sends a large number of ARP packets carrying incorrect source MAC address, source IP address, VLAN ID, or interface information to attack the DHCP server.
Configure the DHCP snooping ARP packet check function on an interface.
<HUAWEI> system-view [~HUAWEI] interface gigabitethernet0/1/0 [~HUAWEI-Gigabitethernet0/1/0] dhcp snooping check arpenable [*HUAWEI-Gigabitethernet0/1/0] commit
Note that configuring this function affects user access.