Detection of IP Address Conflicts
From R81, the Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Operating System detects IPv4 address conflicts - if a different device on a directly connected network uses an IPv4 address that belongs to one of the Gaia interfaces.
Example: Gaia interface eth1
has the IPv4 address 10.1.1.1, and some other device on the network connected to eth1
uses the same IPv4 address 10.1.1.1. The device causes an IP address conflict.
|
Best Practice - Enable this feature only for interfaces connected to your internal networks. If you enable this feature for all interfaces, or for interfaces connected to external networks, this feature generates too many log messages in the |
|
Important - The detection of IP address conflicts:
|
Configuration in Gaia Clish
|
Important:
|
Syntax
|
|
|
|
Important - After you add, configure, or delete features, run the " |
Parameters
Command |
Description |
||
---|---|---|---|
|
Specifies the interfaces, on which Gaia monitors for :
|
||
|
Enables ( |
||
|
Shows the interfaces, on which Gaia detects IP address conflicts. |
||
|
Shows the current state of the feature ( |
||
|
Specifies the interfaces, on which Gaia stops to detect IP address conflicts:
|
|
Log Messages
After you enable and configure this feature, it generates one of these messages in the /var/log/messages
file:
Log Message |
Description |
---|---|
|
Gaia detected a new MAC address on a directly connected network and a new IP address is assigned to that MAC address. |
|
Gaia detected that an IP address stored in the binding database is assigned to a new MAC address on a directly connected network. |
|
The second recent binding of a MAC address to an IP address is currently the most recent binding in the binding database. This potentially indicates an IP address conflict on the network. |
|
The third (or older) recent binding of a MAC address to an IP address is currently the most recent binding in the binding database. This very likely indicates a 3-way (or greater) IP address conflict. |
To see the applicable log messages:
Example:
[Expert@MyGaia:0]# grep "arpwatch:" /var/log/messages* Aug 3 19:23:16 2020 MyGaia arpwatch: listening on eth0 Aug 3 19:23:16 2020 MyGaia arpwatch: new station 192.168.3.51 00:50:56:a3:73:26 Aug 3 19:23:17 2020 MyGaia arpwatch: new station 192.168.3.29 00:50:56:a3:68:60 ... ... (truncated for brevity) ... ... [Expert@MyGaia:0]# |
Additional Information
-
The detection of IP address conflicts is based on the Linux arpwatch tool.
-
When you enable this feature, Gaia runs the
/bin/arpwatch_launcher
daemon. This daemon is responsible to run the/etc/rc.d/init.d/arpwatch
service. -
Gaia saves the applicable configuration in the Gaia database and in the
/etc/sysconfig/arpwatch
file.Gaia generates the
/etc/sysconfig/arpwatch
file automatically. -
Gaia saves the MAC-to-IP address binding information in the
/var/lib/arpwatch/arp.dat.<Name of Interface>
file.The information includes:
-
The detected MAC address
-
The IP address assigned to that MAC address
-
The time of detection (in Unix epoch format)
It can take several minutes for Gaia to populate this database.
-