When the DAI feature is enabled, some ports might be considered trusted, and some others not.
But why might not a port be considered trusted ? As we don't really know who can ARPing Who and who can ARP reply Who in advance ?
Give me a situation we might need to work like that ?
And if the swith does have the DHCP binding table (DAI and DHCP snooping enabled), why does not it answer the ARP request instead of letting the frame go through and inspect the reply which in my opinion is delivered by a server (trusted, if some conditions of security are granted)