Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5260
Views
0
Helpful
1
Replies

IP proxy-arp

schilder1
Community Member

‎12-17-2010 10:21 AM - edited ‎03-06-2019 02:35 PM

Hello,

I am in need of some expert advise.  I have been tasked with remediating potential security risks for a client.  One of those is hardening the Cisco devices which required turning off ip proxy-arp.  My problem is this:  There is no documentation of where this is in use in the network but I have been told it is being used.  What I am trying to figure out is this:

Is there a way to do some kind of diagnostics to definatvley determine if proxy arp is being used from the cli?

are there some counters that would show this?

I need to turn it off or justify it's use but my first step is to isolate where it is being used, then i can figure out why.  I do not have the option to turn it off and reinstate it if something breaks.  One option is sniffers but this is unfeasible in the timeframe and the devices are dispersed everywhere so I have ruled that out as a viable option.

Basically I am trying to work through this logic:

  1. identify where it is on (done)
  2. obtain positive confirmation of it's use  (stuck here)
  3. if not in use turn it off
  4. if it is used find out why, and determine if we leave it or perform steps to fix the underlying issue so we can turn off
  5. if it has to be left in place what steps can be taken to reduce the security risk

On step 5 I would also like some suggestions.  Ie are there throttles or thresholds I can set for proxy arp that will minimize the potential for a DOS attack.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎12-17-2010 11:32 AM

Anthony

If you are trying to determine where proxy arp is enabled then the most accurate thing to do is to examine the output of show ip interface . There is a line in the output that will say that proxy arp is enabled or is disabled.

If you are trying to find where proxy arp is actually active I believe that you can look in the output of show ip traffic. There is a section of the output for ARP statistics and within this there is a counter which appears to count the number of replies for proxy arp.

I am not aware of any throttles or thresholds, or anything else that you can do to control the behavior or proxy arp.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents