[c-nsp] Proxy ARP -- To disable, or not to disable..
Raul Lopez Nevot
r.nevot at gmail.com
Sat Mar 22 16:05:41 EDT 2008
>
> Turn it off.
>
> To borrow off Team Cymru's secure IOS template, "Don't
> pretend to be something you're not. :-)".
>
Disable it now.
Last week we changed some networks behind a nortel contivity to be behind a
FWSM / CAT6500. One of these networks is a mixture of routers and servers
spreading on two switches. Servers could not see these routers on the same
network because FWSM was proxy-arp'ing its IPs.
Is more trouble to have it active than the benefits of using it. I don't
know why cisco is still having it active by default.
Regards
More information about the cisco-nsp
mailing list