PROXY ARP should be used in networks where the host is not configured with default gateway or there is no routing policy.
PROXY ARP has negative effects:
1. ARP traffic on one network segment is increased
2. The host needs a larger ARP table to process the mapping from IP address to MAC address
3. Security problems are available, such as ARP spoofing (spoofing)
4. Does not work for a network that does not use ARP to parse addresses
5. Network topology cannot be summarized and promoted
Disable the functions related to Proxy ARP:
ZXR10 (config-arp)#interface fei-0/1/1/13
ZXR10 (config-arp-if)#no proxy
ZXR10 (config-arp-if)#no inter-vlan-proxy
ZXR10 (config-arp-if)#no proxy local
ZXR10 (config-arp-if)#no local-proxy-arp
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system ZTE_ROSNG.