ARP Proxy on AP130s

  • 1
  • Question
  • Updated 1 week ago
Hi All

I'm trying to figure if I can disable ARP proxy in my network policy. 

There are two SSID's guest and corporate, each being in its own VLAN, in addition AP's themselves are in management VLAN.

Access points are connected to L2 switches where all the above vlans exist and are stretched across to L3 switch which acts as a DHCP relay for all3 vlans. There is no ARP proxy on the switches.

Now I'm not sure whether I need ARP proxy to be enabled in this setup. I believe it's due to arp proxy that clients in guest SSID are able to probe with ARP for IP's/MAC's beyond their own subnet.
 
Photo of Patryk Szenfeld

Patryk Szenfeld

  • 34 Posts
  • 0 Reply Likes

Posted 2 months ago

  • 1
Photo of Patryk Szenfeld

Patryk Szenfeld

  • 34 Posts
  • 0 Reply Likes

Reason I'm asking as it is possible from WIFI client perspective use certain tools utilizing ARP to query IP addresses beyond network they are in, mainly switches. This is causing some security concerns that we are trying to address.


Photo of Brian Powers

Brian Powers, Champ

  • 388 Posts
  • 89 Reply Likes
ARP-Proxy is able to be disabled via your Management Options that are tied to your Network Policy.  For legacy HM, it's under Additional Settings -> Service Settings -> Management Options and checking a box.  Unsure for HMNG as I dont have one readily available to look at. 
Photo of Patryk Szenfeld

Patryk Szenfeld

  • 34 Posts
  • 0 Reply Likes
Thanks Brian but I'm trying to figure what would be potential implications of turning it off. Not sure whether any of proprietary  Aerohive protocols rely on proxy arp in any way
Photo of Brian Powers

Brian Powers, Champ

  • 388 Posts
  • 89 Reply Likes
Sorry, misread your original post.  I cant imagine any Aerohive specific protocols relying on that.  The ARP request would simply get passed down from the AP to the clients vs. the AP responding directly to them - thus saving the client devices some additional sleep time (battery saving potentially).