No relevant resource is found in the selected language.
Your browser version is too early. Some functions of the website may be unavailable. To obtain better user experience, upgrade the browser to the latest version.
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
The system detected attacks from
a user with a specified source MAC address.
Attributes
Attribute
Description
Alarm or Event
Event
Trap Severity
Warning
Mnemonic Code
hwStrackUserInfo
Trap OID
1.3.6.1.4.1.2011.5.25.165.2.2.1.1
Alarm ID
This is an event trap and does not involve alarm ID.
Alarm Type
This is an event trap and does not involve alarm type.
Raise or Clear
This is an event trap and does not involve alarm generation or clearance.
Match trap
This is an event trap and does not involve the matching trap.
Parameters
Parameter
Description
Interface
Interface index
SourceMAC
Source MAC address
CVLAN
Inner VLAN tag of an attack packet sent by a user
PVLAN
Outer VLAN tag of an attack packet sent by a user
EndTime
Time when the last attack packet is received
TotalPackets
Number of received attack packets
VB
VB OID
VB Name
VB Index
1.3.6.1.4.1.2011.5.25.165.2.1.1.6
hwStrackPacketIfName
N/A
1.3.6.1.4.1.2011.5.25.165.2.1.1.3
hwStrackSourceMac
N/A
1.3.6.1.4.1.2011.5.25.165.2.1.1.5
hwStrackPacketCVlan
N/A
1.3.6.1.4.1.2011.5.25.165.2.1.1.4
hwStrackPacketPVlan
N/A
1.3.6.1.4.1.2011.5.25.165.2.1.1.2
hwStrackEndTime
N/A
1.3.6.1.4.1.2011.5.25.165.2.1.1.1
hwStrackTotalPacket
N/A
Impact on the System
The CPU is too busy processing attack packets that
some normal packets are not processed in a timely manner or even dropped.
Possible Causes
The rate at which packets were sent by a user (MAC
+ VLAN) to the CPU exceeded the alarm threshold.
Procedure
The rate at which packets were sent by a user (MAC + VLAN)
to the CPU exceeded the alarm threshold.
Run the display auto-defend
attack-source command to check potential attack sources
and to determine whether the packet transmission rate is abnormal.
If the packet transmission rate is abnormal, go to Step 2.
If the packet transmission rate is normal, no action is required.
Add the user who sent attack packets to a blacklist
in the cpu-defend policy template so that the system will not
send packets from this user to the CPU. Then, check whether the fault
is rectified. If the fault persists, go to Step 3.
Collect trap, log, and configuration information, and
contact technical support personnel.
