[c-nsp] Proxy ARP -- To disable, or not to disable..
Fred Reimer
freimer at ctiusa.com
Sat Mar 22 11:32:58 EDT 2008
"brainwashed crap" Are you trolling?
If you read the RFC's for gateway requirements it does not say that gateways
MUST or SHOULD use proxy ARP. However, it is strongly suggestive that most
gateways DO use proxy ARP, and makes references to other RFC's which state
plainly that it is in common use. "Because it has to be" refers to the need
for it is most clueless networks where the network administrators don't
understand octet boundary subnetting, let alone subnet boundaries on any bit
position or, God help them, variable subnet masks.
If the network administrator has a clue, it should be no big deal in
remembering to turn it off. There are a host of things that need to be
setup on a router, some of which can't have appropriate defaults because
they require network-specific settings. I did not think it was necessary to
explain this.
HTH,
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697
-----Original Message-----
From: Gert Doering [mailto:gert at greenie.muc.de]
Sent: Saturday, March 22, 2008 3:07 AM
To: Fred Reimer
Cc: Gert Doering; Eric Cables; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Proxy ARP -- To disable, or not to disable..
Hi,
On Fri, Mar 21, 2008 at 08:47:18PM -0400, Fred Reimer wrote:
> I believe it is on by default because it has to be.
"because it has to be"? What sort of brainwashed crap is that?
It's on because someone in the past thought it might be a good idea (and
when I was young and green and before the first nasty surprises, I even
agreed...) - and Cisco really dislikes changing defaults.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
gert at greenie.muc.de
fax: +49-89-35655025
gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3080 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20080322/f9bdc141/attachment.bin
More information about the cisco-nsp
mailing list