When you configure the system as Normis explains, the router will no longer populate the ARP table from ARP packets it receives on that interface. The only way that an entry will (automatically) end up in the routers ARP table will be as a result of the DHCP assignment. It adds some security to the network as the router will only ever send IP traffic to the MAC address that was used in the DHCP request. If no DHCP request (and lease issued), no ARP entry.
Setting the interface arp to reply-only will ensure that the router will reply to ARP requests, but it will not populate the ARP table from ARP replies.
@Normis, can we add a feature to turn on this feature when the router is acting as a DHCP relay? I believe currently it only works if the router is the DHCP server and is not a DHCP relay.
Rich