No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Alarm Handling

S9300, S9300E, and S9300X V200R010C00

This document provides the explanations, causes, and recommended actions of alarms on the product.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SECE_1.3.6.1.4.1.2011.5.25.165.2.2.1.4 hwStrackErrorDown

SECE_1.3.6.1.4.1.2011.5.25.165.2.2.1.4 hwStrackErrorDown

Description

SECE/4/STRACK_ERROR_DOWN:OID [oid] Interface's status is changed to error-down because an attack is detected, Interface [OCTET].

The system detected an attack source and set the source interface of the attack packets to error-down state.

Attribute

Alarm ID Alarm Severity Alarm Type
1.3.6.1.4.1.2011.5.25.165.2.2.1.4 Warning securityServiceOrMechanismViolation(10)

Parameters

Name Meaning
OID Indicates the ID of the MIB object.
Interface Indicates the access interface of the attacker.

Impact on the System

The interface in error-down state cannot work.

Possible Causes

The device received a large number of packets from the interface, and the number of received packets exceeded the threshold for identifying an attack. Therefore, the device identified the interface as an attack source.

Procedure

  1. Run the display auto-defend attack-source detail command to check the detected attack source and check whether it is an authorized user.
  2. If the interface is attacked and it connects to only one user, you do not need to take any actions because the attack has been blocked. Go to step 5.
  3. If the interface is connected to multiple users and some users initiate attacks, you can configure the blacklist.
  4. If only entries exist on the interface or entries cannot be determined, collect alarm, log, and configuration information, and contact technical support personnel.
  5. End.

Related Information

None

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000142054

Views: 192032

Downloads: 44

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next