I wish to deploy DAI (Dynamic ARP Inspection) for a non-DHCP Environment where all connected hosts are assigned with a static IP address.
ARP ACL as recommended in Cisco Docs can be used to achieve this so that ARP spoofing / poisoning can be mitigated.
This does not seem to be a scalable solution for my deployment scenario.
Multiple (more than 15) /25 Subnets, presently having a different numbers of hosts in each subnet.
Prediction or probability of addition of new hosts in these subnets is also not possible. Hosts are added as per requirement.
Creation of ARP ACL manually seems to be working. But it requires manual configuration overhead and results in a lengthy multiple ACL entries.
Will "ip device-tracking" feature be helpful in some way for utilization with DAI for non-DHCP environment?