2. Function, Operation

2-32

Warnings about "IP address changes" occur frequently on routers or remote access servers (RAS). Please tell me how to configure the system so that these warnings are not triggered.

On routers or RAS servers, a single Ethernet interface's MAC address is sometimes shared by multiple IP addresses.

With such devices, the "IP address change" warning tends to occur frequently.

To suppress "IP address change" warnings for such devices, create a policy in the "Advanced Policy Settings" screen and register the corresponding MAC address information, or register the relevant MAC address under "Manager Settings" → "Register Exception MAC Addresses".

In addition, another possible cause is unintended Proxy ARP behavior, which may trigger frequent "IP address change" warnings.

For example, when using a Cisco router, the Proxy ARP function remains enabled on an interface unless it is explicitly disabled with the command no ip proxy-arp. As a result, that interface will send ARP replies in response to ARP requests for IP addresses assigned by Windows APIPA or for IP addresses belonging to other segments. This behavior causes the system to record frequent 'IP address change' events for the MAC address of that interface.

In this situation, the recommended approach is to properly disable the Proxy ARP function on the affected interface. However, if circumstances make it difficult to modify the router configuration, you can take an alternative measure by registering the router's MAC address under "Manager Settings" → "Register Exception MAC Addresses", or by creating a policy like the one shown below and registering the MAC address information there.

 

Configuration Example)

● Policy Name
　　　　　　　　　-> "Devices Allowed to Change IP Address"
● Rule Definition
　　　　　　　　　o Rule Type             -> Koban Alarm
　　　　　　　　　o View Registered Rules -> IP Changes
● Application Conditions
　　　　　　　　　o Application Condition Name -> "IP Address Change Allowable Device List"

　　　　　　　　　o Select the "Advanced Settings" button and add the MAC addresses of the target devices using OR conditions.
                    (The "*" character can be used as a wildcard.)

                         MAC Address == (00:1a:b2:ii:jj:kk)
                         MAC Address == (00:1a:b2:ll:mm:nn)
                         MAC Address == (00:1a:b2:oo:pp:qq)
                         MAC Address == (00:1a:b2:rr:ss:tt)
                         MAC Address == (00:1a:b2:a0:*:*)
　　　　　　　　　　　　　　　　　　:

● Action Settings
　　　　　　　　　o Action Name -> "Do Not Notify"

　　　　　　　　　o Select the "Do Not Notify" button