No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

E9000 Server V100R001 HMM Alarm Handling 19

This document describes E9000 server alarms in terms of the meaning, impact on the system, possible causes, and solutions.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SECURITY

SECURITY

SECURITY_1.3.6.1.4.1.2011.5.25.165.2.2.2.1 hwArpsGatewayConflict

Description

Received an ARP packet with a duplicate IP address from the interface. (InterfaceName=[InterfaceName], IpAddress=[IpAddress], MacAddress=[MacAddress], PE-VLAN=[PeVLAN], CE-VLAN=[CeVLAN])

The device detects attack packets whose source IP addresses are the same as the gateway IP address.

Attributes

Attribute

Description

Trap OID

1.3.6.1.4.1.2011.5.25.165.2.2.2.1

Trap severity

Warning

Parameters

Parameter

Description

InterfaceName

Indicates the source interface of ARP packets.

IpAddress

Indicates the source IP address of ARP packets.

MacAddress

Indicates the source MAC address of ARP packets.

PE-VLAN

Indicates the outer VLAN ID of ARP packets.

CE-VLAN

Indicates the inner VLAN ID of ARP packets.

Impact on the System

If this alarm is generated, the user gateway information may be modified by an attacker. As a result, the user is attacked and user services are interrupted.

Possible Causes

The source IP address in an ARP packet is the same as the IP address of the interface that receives the ARP packet.

Procedure
  1. Find the interface where the gateway conflict occurs according to the value of InterfaceName.
  2. Lock the user who sends gateway conflict packets according to the values of MacAddress and PE-VLAN.
  3. Check whether the allocated address of the user conflicts with the gateway address.

    • If the address conflicts, go to Step 4.
    • If the address does not conflict, the user may be the attacker, go to Step 5.

  4. Run the ip address ip-address { mask | mask-length } command to reconfigure an IP address different from the existing ones.
  5. Collect trap, log, and configuration information, and contact Huawei technical support personnel.

SECURITY 1.3.6.1.4.1.2011.5.25.165.2.2.2.2 hwArpsEntryCheck

Description

ARP entry attack.(SourceInterface=[InterfaceName], SourceIP=[IpAddress], SourceMAC=[MacAddress], PeVLAN=[PeVlan], CeVLAN=[CeVlan])

The device suffered ARP spoofing attacks.

Attributes

Attribute

Description

Trap OID

1.3.6.1.4.1.2011.5.25.165.2.2.2.2

Trap severity

Warning

Parameters

Parameter

Description

SourceInterface

Interface that receives ARP packets

SourceIP

Source IP addresses of the received ARP packets

SourceMAC

Source MAC addresses of the received ARP packets

PeVLAN

Outer VLAN IDs of the received ARP packets

CeVLAN

Inner VLAN IDs of the received ARP packets

Impact on the System

If the trap is generated, the user's ARP entries on the device may be modified to those of the attacker. As a result, the attacker intercepts user traffic and services are interrupted.

Possible Causes

After being configured with fixed ARP, the device received ARP packets sent by attacks to update the existing ARP entries.

Procedure
  • This trap message is informational only, and no action is required.

SECURITY 1.3.6.1.4.1.2011.5.25.165.2.2.2.3 hwArpsPacketCheck

Description

Invalid packet.(SourceInterface=[InterfaceName], SourceIP=[IpAddress], SourceMAC=[MacAddress], PeVLAN=[PeVlan], CeVLAN=[CeVlan])

The received ARP packets were invalid.

Attributes

Attribute

Description

Trap OID

1.3.6.1.4.1.2011.5.25.165.2.2.2.3

Trap severity

Warning

Parameters

Parameter

Description

SourceInterface

Interface that receives ARP packets

SourceIP

Source IP addresses of the received ARP packets

SourceMAC

Source MAC addresses of the received ARP packets

PeVLAN

Outer VLAN IDs of the received ARP packets

CeVLAN

Inner VLAN IDs of the received ARP packets

Impact on the System

When invalid ARP packets are received, the device may be attacked. If there are a large number of invalid ARP packets, the device will be busy processing packets. As a result, valid user services are interrupted.

Possible Causes

Invalid ARP packets were received.

Procedure
  • This trap message is informational only, and no action is required.

SECURITY 1.3.6.1.4.1.2011.5.25.165.2.2.2.7 hwArpVlanSpeedLimitALarm

Description

The vlan's ARP packet speed exceed the configured speed-limit value.(Suppress Value=[SpeedLmtValue], Vlan=[VlanId])

The transmit rate of ARP packets in a VLAN exceeded the configured rate limit in the VLAN.

Attributes

Attribute

Description

Trap OID

1.3.6.1.4.1.2011.5.25.165.2.2.2.7

Trap severity

Warning

Parameters

Parameter

Description

Suppress Value

Rate limit of ARP packets in a VLAN

Vlan

VLAN in which rate limit is configured for ARP packets

Impact on the System

If the trap is generated, the transmit rate of ARP packets in a specified VLAN exceeds the configured rate limit. As a result, some ARP packets are discarded and traffic cannot be forwarded normally.

Possible Causes

The transmit rate of ARP packets in a specified VLAN exceeded the configured rate limit.

Procedure
  • This trap message is informational only, and no action is required.

SECURITY 1.3.6.1.4.1.2011.5.25.165.2.2.2.10 hwArpMissVlanSpeedLimitALarm

Description

The vlan's ARP-MISS message speed exceed the configured speed-limit value.(Suppress Value=[SpeedLmtValue], Vlan=[VlanId])

The transmit rate of ARP Miss messages in a VLAN exceeded the configured rate limit in the VLAN.

Attributes

Attribute

Description

Trap OID

1.3.6.1.4.1.2011.5.25.165.2.2.2.10

Trap severity

Warning

Parameters

Parameter

Description

Suppress Value

Rate limit of ARP Miss messages in a VLAN

VLAN

VLAN in which rate limit is configured for ARP Miss messages

Impact on the System

If the trap is generated, the transmit rate of ARP Miss messages in a specified VLAN exceeds the configured rate limit. As a result, some ARP Miss messages are discarded and ARP Request messages cannot be triggered. Therefore, traffic cannot be forwarded normally.

Possible Causes

The transmit rate of ARP Miss messages in a specified VLAN exceeded the configured rate limit.

Procedure
  • This trap message is informational only, and no action is required.

SECURITY_1.3.6.1.4.1.2011.5.25.165.2.2.2.14 hwArpsLearnStrictCheck

Description

The received ARP packet is not in response to the request packet that the device send. (Interface=[Interface], SourceIP=[SourceIP], SourceMAC=[SourceMAC], VLAN=[VLAN])

A received ARP packet was not an ARP reply packet in response to the ARP request packet sent by the device.

Trap Attributes

Trap Attribute

Description

Trap OID

1.3.6.1.4.1.2011.5.25.165.2.2.2.14

Trap severity

Warning

Parameters

Parameter

Description

Interface

Interface that receives an ARP packet

SourceIP

Source IP address in the ARP packet received by an interface

SourceMAC

Source MAC address in the ARP packet received by an interface

VLAN

VLAN to which the interface that receives an ARP packet belongs

Impact on the System

Some ARP request and reply packets will be incorrectly discarded.

Possible Causes

The arp learning strict { force-enable | force-disable | trust }, or arp learning strict command was run. As a result, the device discarded the ARP reply packet that is not in response to the ARP request packets sent by itself. With strict ARP learning, the device only learns the ARP reply packets in response to the ARP request packets sent by itself.

Procedure
  • The trap is informational only, and no action is required.
Translation
Download
Updated: 2018-08-16

Document ID: EDOC1000015902

Views: 211338

Downloads: 1591

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next