• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

When to enable / disable proxy-arp

C

Cooky

Golden Member
So the definition I've seen is basically the router would answer the arp requests on behalf of a remote host on different subnet.

Exactly what are the pros & cons if you have it enabled?
I'm told it's better to have it disabled due to security & performance...is that true?
When would you want to have it enabled?
 
There's no need in this day and age to have it enabled. It is a security risk.

It was used for hosts that didn't understand the concept of a default gateway. Not needed these days.
 
Originally posted by: Cooky
So the definition I've seen is basically the router would answer the arp requests on behalf of a remote host on different subnet.

Exactly what are the pros & cons if you have it enabled?
I'm told it's better to have it disabled due to security & performance...is that true?
When would you want to have it enabled?
Click to expand...

+1 disable in all circumstances unless you have an explicit need and no other options. My last such occurrence was earlier this year for an ethernet-managed PRI->GSM channel bank manufactured by 2N (Ateus Stargate) that relied on proxy-arp to be accessible. Such occurrences are rare.
 
Why does Cisco have proxy-arp enabled by default on their routers, if it's not desirable to have it on?
 
Many things in cisco land are done that way because that's always they way they did it, and they don't want to confuse you by changing the defaults. They have done just that a few times, though, when there's a security reason and not much downside to changing. But there are enough brain-damaged networks that depend on proxy ARP without really knowing it that they can't flip this default easily.

Proxy ARP is evil and should be disabled unless you know exactly what you're doing.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top