I understand what dhcp-snooping, source-guard, DAI should do as we've been doing it with our Cisco gear for years. The problem I'm running into is that even when the dhcp snooping database is built, I still see DAI failures on my voice vlan. It just is not working like it should. For example, here is the snooping binding:
cscott@ermag# run show dhcp-security binding
IP address MAC address Vlan Expires State Interface
10.183.19.10 0c:85:25:3f:84:89 voice 947 BOUND ge-0/0/36.0
10.183.19.40 00:cc:fc:40:57:d0 voice 962 BOUND ge-0/0/23.0
but we can still see DAI failtures:
May 16 11:23:44 ermag fpc0 DAI FAILED: ARP REQUEST received, interface ge-0/0/36.0 [index 596], vlan-id 4000, sender ip/mac 10.183.15.10/0c:85:25:3f:84:89, receiver ip/mac 10.183.15.1/00:00:00:00:00:00
May 16 11:23:46 ermag fpc0 DAI FAILED: ARP REQUEST received, interface ge-0/0/36.0 [index 596], vlan-id 4000, sender ip/mac 10.183.19.10/0c:85:25:3f:84:89, receiver ip/mac 10.183.19.10/00:00:00:00:00:00
May 16 11:23:46 ermag fpc0 DAI FAILED: ARP REQUEST received, interface ge-0/0/36.0 [index 596], vlan-id 4000, sender ip/mac 10.183.19.10/0c:85:25:3f:84:89, receiver ip/mac 10.183.19.1/00:00:00:00:00:00
May 16 11:24:01 ermag fpc0 DAI FAILED: ARP REQUEST received, interface ge-0/0/23.0 [index 583], vlan-id 4000, sender ip/mac 10.183.19.40/00:cc:fc:40:57:d0, receiver ip/mac 10.183.19.40/00:00:00:00:00:00