Dynamic ARP inspection uses the MAC-to-IP binding database to ensure that ARP packets have the proper MAC-to-IP binding. When an ARP packet enters the switch, the source MAC and IP addresses are compared to the entry in the table. If the packet data conflicts with the binding in the table, the IP change is counted and logged, and any configured actions are taken against the user.
DAI can also be configured to populate the MAC-to-IP binding table. Successfully limiting ARPs to the bound addresses in the table prevents a malicious user from inserting himself in between the end user and a gateway and poisoning network devices' ARP caches or succeeding in MITM (man in the middle) attacks.