Eric Cables wrote: > A recent network audit has discovered that Proxy ARP is enabled on pretty > much every L3 interface in the network. As a Cisco default, this isn't > surprising, since no template configs have it disabled. > > The question is: whether or not I should go back and disable it, or just > leave it be, since it doesn't appear to be causing any problems.
Pros of leaving it on: devices with incorrect subnet masks and/or gateways can still function. Those with incorrect subnet masks probably have a portion of the Internet that's invisible, but are otherwise functioning. Pros of turning it off: devices with incorrect subnet masks and/or gateways will be exposed. We had other issues with our Adtran TA 600 series IADs by leaving it on, but I can't remember what they were. We've made it standard practice to turn off proxy arp anywhere and everywhere. pt _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
