Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SECE/4/STRACK_DENY
Message
SECE/4/STRACK_DENY: Some packets are dropped because an attack is detected.(Interface=[OCTET], sourceMAC=[OCTET], sourceIP=[IPADDR], CVLAN=[INTEGER], PVLAN=[INTEGER])
Parameters
| Parameter Name | Parameter Meaning |
|---|---|
| Interface | Indicates the interface that receives attack packets. |
| sourceMAC | Indicates the source MAC address of attack packets. The value is 0 if source IP address-based tracing is configured. |
| sourceIP | Indicates the source IP address of attack packets. The value is 0 if source MAC address-based tracing is configured. |
| CVLAN | Indicates the inner VLAN ID of attack packets. |
| PVLAN | Indicates the outer VLAN ID of attack packets. |
Possible Causes
The attack tracing module detects an attack, and the attack defense action is set to deny.
Procedure
- Check whether the discarded packets are sent from an authorized user.
- If the sender is an authorized user, run the auto-defend whitelist whitelist-num { acl acl_number | interface interface-type interface-number } command to add the user to the whitelist. Then packets sent from this user are not discarded.
- If the sender is an attacker, you do not need to perform any operation.
