3.4.7
Configuring IPWATCHD
The IP WATCH Deamon (IPWATCHD) provides the function of detecting active or passive
IP collision. Regardless of IP collision attacker or victim, the information including source
ip/mac is transmitted as an evm fault event when the IP collision occurs. At the collision
time, the Gratuitous Address Resolution Protocol (GARP) reply is transmitted 3 times to
the unicast at every 1 second.
It supports the rate-limit function to deal with an intended ARP attack. Although ARP is
entered from a host that is not in the same subnet, it generates GARP by recognizing it as a
target if the host has the same APC IP.
Configuration using CLI
To configure the IPWATCHD function, enter into the configure mode of CLI.
Configure a TIMEOUT value (that a user wants) to detect an IP address collision.
Operator can enter a value between 10 and 300 seconds.
WEC8500# configure terminal
WEC8500/configure#
WEC8500/configure# ipwatch ?
defend-interval
WEC8500/configure# ipwatch defend-interval ?
10 - 300
WEC8500/configure# ipwatch defend-interval 30
Parameter
VALUE
The default TIMEOUT value for IP address collision detection is 30 seconds.
When the time is configured, the IPWATCHD daemon is restarted and a log and GARP is
generated if there is an IP collision.
Configuration using Web UI
In the menu bar of <WEC Main window>, select <Configuration> and then select the
<Controller> <Network> <ARP> menu in the sub-menus.
After entering a time value (10-300 seconds) that a user wants in the TIMEOUT FOR IP
ADDRESS CONFLICT DETECTION window, click the <Apply> button. Then, the
configuration is applied.
The default value before user configuration is 30 as shown in the below figure.
© SAMSUNG Electronics Co., Ltd.
Ipwatch defend-interval configuration
Ipwatch defend-interval value(seconds)
Enter a defend-interval (10-300 sec).
Figure 50. IPWATCHD Configuration Window
CHAPTER 3. Data Network Function
Description
page 124 of 689