Skip to content

300+ DevOps learning assets — start with the Portal

GrokDevOps Wiki

Grading Checklist: Proxy ARP Causing Unexpected Routing Behavior

grokdatum/grokdevops

Home
Portal
Practice
Lessons
Ansible
Linux
Networking
Datacenter & Hardware
Kubernetes
DevOps & Tooling
CLI Tools
Observability
Security
Cloud
Deep Dives
Cheatsheets
Guides

GrokDevOps Wiki

grokdatum/grokdevops

Home
Portal
Practice
Lessons
Ansible
Linux
Networking
Datacenter & Hardware
Kubernetes
DevOps & Tooling
CLI Tools
Observability
Security
Cloud
Deep Dives
Cheatsheets
Guides

case-study networking tcp_ip

Grading Checklist: Proxy ARP Causing Unexpected Routing Behavior¶

Identified proxy ARP as the mechanism allowing cross-subnet communication
Explained how proxy ARP works: router responds to ARP requests for IPs on other connected subnets
Checked router interface configuration for ip proxy-arp setting
Examined host ARP tables and identified router MAC for remote IPs
Noted that traceroute appears as one hop because ARP resolution is "local"
Explained the security implications of proxy ARP bypassing subnet segmentation
Proposed disabling proxy ARP: no ip proxy-arp on router interfaces
Warned that disabling proxy ARP may break hosts without a default gateway configured
Verified that all hosts have correct default gateway settings before disabling
Mentioned that proxy ARP is enabled by default on many Cisco platforms
Discussed alternative scenarios where proxy ARP is legitimate (e.g., DHCP relay, unnumbered interfaces)
Recommended flushing ARP caches on hosts after disabling proxy ARP

March 27, 2026 01:19:38 March 5, 2026 18:35:55

Made with Material for MkDocs