Here are the commands used to configure DAI shown in Figures.

It
is generally advisable to configure all Access switch ports as untrusted and to
configure all uplink ports connected to other switches as trusted. Here is an
example of the configuration required on Switch 2 in the figure with port
FastEthernet 3/3 as the uplink port toward the DHCP server.
Example:
DAI Implementation
This example
shows
how to configure dynamic ARP inspection for hosts on VLAN1 where client devices
are located for Switch 2 in the figure. All client ports are untrusted by
default. Only port 3/3 is trusted as this is the only port where DHCP replies
would be expected:
Switch(config)#ip arp inspection vlan
1
Switch(config)#interface fastethernet
3/3
Switch(config-if)#ip arp inspection
trust