PROXY ARP should be used in networks where the host is not configured with default gateway or there is no routing policy.

PROXY ARP has negative effects:

1. ARP traffic on one network segment is increased

2. The host needs a larger ARP table to process the mapping from IP address to MAC address

3. Security problems are available, such as ARP spoofing (spoofing)

4. Does not work for a network that does not use ARP to parse addresses

5. Network topology cannot be summarized and promoted


Disable the functions related to Proxy ARP:

ZXR10 (config)#arp
ZXR10 (config-arp)#interface fei-0/1/1/13
ZXR10 (config-arp-if)#no proxy
ZXR10 (config-arp-if)#no inter-vlan-proxy
ZXR10 (config-arp-if)#no proxy local
ZXR10 (config-arp-if)#no local-proxy-arp

Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system ZTE_ROSNG.