After the DAI or IPSG function is enabled on an interface, why can the interface forward packets that do not match a bound list

1

Run the dhcp snooping trusted command on the AR router to check whether the DHCP snooping function is configured on the interface. If yes, all packets under this interface are considered valid and therefore can be forwarded, in spite of the fact that the DAI or IPSG function has been enabled on the interface.

Other related questions:
After I enable DAI or IPSG on an interface, why can the interface still forward packets that do not match the binding table
If the dhcp snooping trusted command is run on the interface, the interface considers all packets to be valid and forwards all packets regardless of whether Dynamic ARP Inspection (DAI) or IP Source Guard (IPSG) is configured.

Why cannot a DAI-enabled switch forward valid ARP packets at line rate
In earlier versions of V200R001, a DAI-enabled switch checks ARP packets based on ACL rules delivered to the chip. Therefore, packets are directly forwarded at line rate. In V200R001 and later versions, the DAI-enabled switch checks ARP packets and forwards valid ARP packets using software. The forwarding rate depends on the CIR value of the ARP packet and CPU usage.

Why does an Ethernet sub-interface fail to forward packets
The arp broadcast enable command is not executed on this subinterface.

Why cannot a DAI-enabled S series switch forward valid ARP packets at line rate
For S series switches, in versions earlier than V200R001, a DAI-enabled switch checks ARP packets based on ACL rules delivered to the chip. Therefore, packets are directly forwarded at line rate. In V200R001 and later versions, a DAI-enabled switch checks ARP packets and forwards valid ARP packets using software. The forwarding rate depends on factors such as the CPCAR value of the ARP packet and CPU usage. For E series switches, a DAI-enabled switch checks ARP packets and forwards valid ARP packets using software. The forwarding rate depends on factors such as the CPCAR value of the ARP packet and CPU usage.

Why is multicast forwarding interrupted on an interface after the interface receives Hello messages
After static IGMP groups are configured on an interface, the device uses the PIM protocol to set up multicast forwarding entries. Multicast data can be forwarded through the interface as long as the interface is included in the downstream interface list in the corresponding multicast forwarding entry. If the source address of a received PIM Hello message is larger than the interface address, or the DR priority of the PIM Hello message is larger than the priority of the interface, the switch can no longer function as the DR. All data packets on a shared network segment are forwarded by the DR is no Assert election occurs. Therefore, the device considers that multicast data packets will be forwarded by the new DR and then prunes the downstream interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top