No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Alarm Handling

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document provides the explanations, causes, and recommended actions of alarms on the product.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ARP_1.3.6.1.4.1.2011.5.25.165.2.2.2.1 hwArpsGatewayConflict

ARP_1.3.6.1.4.1.2011.5.25.165.2.2.2.1 hwArpsGatewayConflict

Description

Received an ARP packet with a duplicate IP address from the interface. (InterfaceName=[InterfaceName], IpAddress=[IpAddress], MacAddress=[MacAddress], PE-VLAN=[PeVLAN], CE-VLAN=[CeVLAN])

The device detects attack packets whose source IP addresses are the same as the gateway IP address.

Attributes

Attribute

Description

Alarm or Event

Event

Trap Severity

Warning

Mnemonic Code

hwArpsGatewayConflict

Trap OID

1.3.6.1.4.1.2011.5.25.165.2.2.2.1

Alarm ID

This is an event trap and does not involve alarm ID.

Alarm Type

This is an event trap and does not involve alarm type.

Raise or Clear

This is an event trap and does not involve alarm generation or clearance.

Match trap

This is an event trap and does not involve the matching trap.

Parameters

Parameter

Description

InterfaceName

Indicates the source interface of ARP packets.

IpAddress

Indicates the source IP address of ARP packets.

MacAddress

Indicates the source MAC address of ARP packets.

PE-VLAN

Indicates the outer VLAN ID of ARP packets.

CE-VLAN

Indicates the inner VLAN ID of ARP packets.

VB

VB OID

VB Name

VB Index

1.3.6.1.4.1.2011.5.25.165.2.1.2.1

hwArpsSourceInterface

N/A

1.3.6.1.4.1.2011.5.25.165.2.1.2.2

hwArpsSourceIp

N/A

1.3.6.1.4.1.2011.5.25.165.2.1.2.3

hwArpsSourceMac

N/A

1.3.6.1.4.1.2011.5.25.165.2.1.2.4

hwArpsPVlan

N/A

1.3.6.1.4.1.2011.5.25.165.2.1.2.5

hwArpsCVlan

N/A

Impact on the System

If this alarm is generated, the user gateway information may be modified by an attacker. As a result, the user is attacked and user services are interrupted.

Possible Causes

The source IP address in an ARP packet is the same as the IP address of the interface that receives the ARP packet.

Procedure

  1. Find the interface where the gateway conflict occurs according to the value of InterfaceName.
  2. Lock the user who sends gateway conflict packets according to the values of MacAddress and PE-VLAN.
  3. Check whether the allocated address of the user conflicts with the gateway address.

    • If the address conflicts, go to Step 4.
    • If the address does not conflict, the user may be the attacker, go to Step 5.

  4. Reconfigure an IP address different from the existing ones.
  5. Collect trap, log, and configuration information, and contact technical support personnel.
Translation
Download
Updated: 2019-04-02

Document ID: EDOC1100074754

Views: 17394

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next