[c-nsp] Proxy ARP -- To disable, or not to disable..

sthaug at nethelp.no sthaug at nethelp.no
Sat Mar 22 12:35:41 EDT 2008


> "brainwashed crap"  Are you trolling?

It's quite clear that proxy ARP doesn't *have* to be turned on (proof by
example: Juniper M series routers).

> If you read the RFC's for gateway requirements it does not say that gateways
> MUST or SHOULD use proxy ARP.  However, it is strongly suggestive that most
> gateways DO use proxy ARP, and makes references to other RFC's which state
> plainly that it is in common use.  "Because it has to be" refers to the need
> for it is most clueless networks where the network administrators don't
> understand octet boundary subnetting, let alone subnet boundaries on any bit
> position or, God help them, variable subnet masks.

And the opinion of lots of people (myself included) is that leaving proxy
ARP on here is likely to create much more problems than it solves.

The Cisco default *may* have been sensible many years ago. In 2008 it's
an extremely bad default.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no


More information about the cisco-nsp mailing list