Yes, proxy ARP is only required if clients are assuming they can directly reach addresses not on the local net, for example if they don't have a default gateway or they are mismasked.
In the real world, we always disable proxy ARP on LAN interfaces for security and to expose misconfigured clients. The place to watch out for it is if you have an Ethernet interface with a route that is directed to the interface without a next hop IP, the router will ARP for every destination it is trying to reach out that interface, thus it relies on the other router(s) on that interface to perform proxy ARP. Always want to make sure you have a next hop when pointing a route out an Ethernet interface. Bob -- Sent from my iPhone, please excuse any typos. On Dec 18, 2011, at 1:41 PM, Andrey Klyuchka <[email protected]> wrote: > If you can specify your router as default gateway on your pc, than you safely > can disable arp proxy. > > Best regards, > Andrey > > -- > Andrey Klyuchka :: CCIE #30274 (Security) > Twitter: http://twitter.com/bitstriker > LinkedIn: http://kz.linkedin.com/in/andreyklyuchka > > > > On Dec 19, 2011, at 12:14 AM, Imran Ali wrote: > >> hi all >> >> proxy arp is a security concern . and sometime it is recommended to >> disable it useing " no ip proxy arp " command . >> >> but what confuses me is it is also required for connectivity >> >> pc----l2sw---------router------cloud >> >> if proxy arp is disabled on router , isn;t it gonig to break connectivity ? >> >> so i need to understand in which case i can disable it with out breaking >> connectivity....... >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
