• Pick a language
  • English
  • German
  • Spanish
  • French
  • Italian
  • Portuguese
  • Russian
  • Dutch
  • Greek
  • Japanese
  • Korean
  • Chinese
  • Chinese
  • Arabic

• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Data Link Layer FAQs
• How do I change a MAC address?
• What is a MAC address?
• How do I find my MAC Address?/
• What is a switch?
• What are LAN switches?
• What is Ethernet?
• What Is the Ethernet Cable Pinout?
• What is an Ethernet Hub?
• What is an Ethernet Switch?
• What is Power over Ethernet?
• What is CSMA/CD?
• What is EtherCAT?
• What is 802.1p?
• What is Token Ring?
• What is ATM?
• What is a VLAN?
• What is VLAN hopping?
• What is DSL?
• What is an ADSL Router?
• What is SDSL?
• What is Symmetric DSL?
• DSL vs Cable Modem?
• What is the difference between ISDN and DSL?
• Is DSL Faster than Satellite Internet?
• What is DOCSIS?
• What is broadband over power lines?
• What is ISDN?
• What is an ISDN BRI?
• What is an ISDN PRI?
• What is ISDN 2?
• What is ISDN 30?
• What is MTU?
• What is ARP?
• What is the ARP cache?
• How do I clear the ARP cache?
• What is proxy ARP?
• What is tunneling?
• What is PPP?
• What are the PPP authentication protocols?
• What is a USB to Ethernet adapter?
• Main Menu
• + Networking
• + Physical Layer
• + Data Link Layer
• + Network Layer
• + Network Security
• + Wireless Networks
• + VoIP
• + Telephony
• + Mobile Telephony
• + Radio
• + Television
• + Cryptology
• + Passwords
• + Smart Cards
• + Privacy
• + Malware
• + Vulnerabilities
• + Unix
• + Macintosh
• + Microsoft Windows
• + The Web
• + Web Publishing
• + E-mail
• + Instant Messaging
• + Databases
• + Computer Hardware
• + CPU's
• + Memory
• + Storage
• + Video
• + Audio
• + Multimedia
• + Satellite
• + Java
• + IT Management
• + Science
• + Miscellaneous

Tech-FAQ Tip: Click Here to Check for PC Errors

What is Proxy Arp?

Arp or the address resolution protocol, is used by network systems to convert system communications from the routable layer 3 ip protocol to the non-routable layer 2 data link layer protocols. In most cases, you don't need to modify this behavior at all, and system communications are optimal. In special circumstances it is preferrable to have another system or network device answer arp requests for another system. This process is called proxy arp, because on network system is proxying for anothers ARP communications.

Environments that use proxy arp

There are few situations where proxy arp is needed, but some do arise in a networked environment. A few examples are:

• Environments which have layer 3 firewalls performing network address translation.
• Environments which have layer 2 firewalls which filter based on IP address sources and destinations.
• Some dial-in technologies where you have a concentrator forwarding packets for multiple networks behind the dial-in system.
• Environments with security devices that are designed to cleanse packet traffic before it reaches the desintation.
• Environments which use bastion hosts not participating in dynamic routing protocols.
• Troubleshooting environments using network switches that have no network monitor, span, or rspan capability.

Creating static arp entries

For one system to proxy arp for another, it is necessary for the administrator to create static arp entries for the proxy system. This is a simple process. Several examples follow:

• For many unix systems use "arp -s ".
• For windows XP systems use "arp -s ". In older versions of windows operating systems, it was necessary for you to state that the arp entry should be "published" to make the static entry actually persistent. Keep this in mind.
• For cisco routers running IOS use "arp arpa".

Creating unnecessary static arp entries, or implementing them incorrectly can cause network interruptions on a very wide scale, use them with caution.

Static arp entries are important for some environments

It is common for hackers to use static arp to hijack connections, reroute traffic, sniff traffic for passwords, and to perform monkey-in-the-middle attacks. These types of attacks usually cause performance issues, but may not be self evident. It is common for administrators to create static arp entries on systems and routers for high risk systems, such as web servers. Creating static entries for those systems on the connected router can assist in preventing the attacks above. There may be an small impact on performance because of this.

Latest Blog Posts

• Fathers Day Gift Idea

• Do you Smile at Work? You will Now!

• Craigslist Fights Back Against eBay

• Google to Use YouTube Videos for Buzz Targeting

• Alienware and XPS Will Remain Active Dell Brands

• Nintendo Wii is just Insane! Right?

• LED Faucet Lights Add a Nice Conversation Piece to Your Office

• Problems Getting Up in the Morning? What About That Earthquake?

• Security Vulnerabilities

• Comodo Firewall Pro 3.0 - a poweruser's dream come true