Details

PROXY ARP should be used in networks where the host is not configured with default gateway or there is no routing policy.



PROXY ARP has negative effects:


1. ARP traffic on one network segment is increased


2. The host needs a larger ARP table to process the mapping from IP address to MAC address


3. Security problems are available, such as ARP spoofing (spoofing)


4. Does not work for a network that does not use ARP to parse addresses


5. Network topology cannot be summarized and promoted


Solution

Disable the functions related to Proxy ARP:

ZXR10 (config)#arp
ZXR10 (config-arp)#interface fei-0/1/1/13
ZXR10 (config-arp-if)#no proxy
ZXR10 (config-arp-if)#no inter-vlan-proxy
ZXR10 (config-arp-if)#no proxy local
ZXR10 (config-arp-if)#no local-proxy-arp


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system ZTE_ROSNG.


References


Source