Is Cisco Meraki MR unable to disable Proxy arp?

330
Conversationalist

Is Cisco Meraki MR unable to disable Proxy arp?

Is Cisco Meraki MR unable to disable Proxy arp?

 

According to Document (Article ID: 5420), Proxy arp is enabled by default and there is no description of how to change it.
If you know how to change, please let me know.

 

Thanks!

4 Replies 4
AjitKumar
Head in the Cloud

Hi 

I understand disabling Proxy ARP may not be possible. Lowering the bit rate under SSID configuration seems to be a method to control this.

 

I found an interesting article explaining this. Kindly have a look if already not.

 

https://meraki.cisco.com/blog/2018/02/floods-and-broadcasts/

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
PhilipDAth
Kind of a big deal
Kind of a big deal

In a WiFi environment ARP is really expensive - because it uses broadcasts.

 

Lets say you have 100 users attached to your WiFi, and a broadcast ARP packet comes in.  The APs have to replicate that packet 100 times, and send one copy to each attached user.

 

The APs already know every associated user,  so the AP can easily reply on behalf of a user without wasting huge amounts of bandwidth.

330
Conversationalist

Thank you for the interesting information.

I understand the need for Proxy ARP, but I thought that I could temporarily disable it because of unauthorized connection management by MAC address.

If a non-registered MAC address is connected to the wireless LAN, the system's ARP attack will degrade the response.

For wireless, consider another method.
PhilipDAth
Kind of a big deal
Kind of a big deal

>If a non-registered MAC address is connected to the wireless LAN, the system's ARP attack will degrade the response.

 

If you could disable proxy-arp then it would make doing an attack easier.  A client could simply send lots of ARP queries causing a massive broadcast flood completely using up the RF spectrum.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels