No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Enterprise
Worldwide
Huawei Global - English
Search
Support Documentation
Alarm Handling
S1700, S2720, S5700, and S6700 V200R019C10

This document provides the explanations, causes, and recommended actions of alarms on the product.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
IPSec

IPSec

IPSEC-VPN_1.3.6.1.4.1.2011.6.122.26.6.1 hwIPSecTunnelStart

Description

IPSEC-VPN/4/IPSECTUNNELSTART: OID [oid] The IPSec tunnel is established. (Ifindex=[Ifindex], SeqNum=[SeqNum],TunnelIndex=[TunnelIndex], RuleNum=[RuleNum], DstIP=[DstIP], InsideIP=[InsideIP], RemotePort=[RemotePort], CpuID=[CpuID], SrcIP=[SrcIP], FlowInfo=[FlowInfo], LifeSize=[LifeSize], LifeTime=[LifeTime], VsysName=[vsys-name], InterfaceName=[InterfaceName], SlotID=[SlotID], Role=[Role])

An IPSec tunnel is established.

Attribute

Alarm ID Alarm Severity Alarm Type
1.3.6.1.4.1.2011.6.122.26.6.1 Warning Communications alarm

Parameters

Name Meaning
oid Indicates the MIB object ID of the alarm.
Ifindex Indicates the interface index.
SeqNum Indicates the policy number.
TunnelIndex Indicates the tunnel index.
RuleNum Indicates the rule number.
DstIP Indicates the IP address of the peer end of the IPSec tunnel.
InsideIP Indicates the intranet IP address of the peer end of the tunnel.
RemotePort Indicates the port number of the peer end of the IPSec tunnel.
CpuID Indicates the CPU number.
SrcIP Indicates the IP address of the local end of the IPSec tunnel.
FlowInfo Indicates the data flow information of the IPSec tunnel, including the source address, destination address, ACL port number, ACL protocol number, and DSCP.
LifeSize Indicates the life cycle of the tunnel, in kbytes.
LifeTime Indicates the life cycle of the tunnel, in seconds.

vsys-name

Indicates the name of the virtual system to which the IPSec policy belongs.

NOTE:

The device does not support this parameter.
InterfaceName Indicates the interface name.
SlotID

Indicates the Slot number.

NOTE:

The device does not support this parameter.
Role

Device role during SA negotiation:

  • Initiator: The device functions as the SA negotiation initiator.
  • Responder: The device functions as the SA negotiation responder.

Impact on the System

None

Possible Causes

When an IPSec tunnel is established successfully, the alarm is generated.

Procedure

  • This trap message is informational only, and no action is required.

Related Information

IPSec_1.3.6.1.4.1.2011.6.122.26.6.2 hwIPSecTunnelStop

IPSEC-VPN_1.3.6.1.4.1.2011.6.122.26.6.2 hwIPSecTunnelStop

Description

IPSEC-VPN/4/IPSECTUNNELSTOP: OID [oid] The IPSec tunnel is deleted. (Ifindex=[Ifindex], SeqNum=[SeqNum],TunnelIndex=[TunnelIndex], RuleNum=[RuleNum], DstIP=[DstIP], InsideIP=[InsideIP], RemotePort=[RemotePort], CpuID=[CpuID], SrcIP=[SrcIP], FlowInfo=[FlowInfo], OfflineReason=[offlinereason], VsysName=[vsys-name], InterfaceName=[InterfaceName], SlotID=[SlotID])

An IPSec tunnel is deleted.

Attribute

Alarm ID Alarm Severity Alarm Type
1.3.6.1.4.1.2011.6.122.26.6.2 Warning Communications alarm

Parameters

Name Meaning
oid Indicates the MIB object ID of the alarm.
Ifindex Indicates the interface index.
SeqNum Indicates the policy number.
TunnelIndex Indicates the tunnel index.
RuleNum Indicates the rule number.
DstIP Indicates the IP address of the peer end of the IPSec tunnel.
InsideIP Indicates the intranet IP address of the peer end of the tunnel.
RemotePort Indicates the port number of the peer end of the IPSec tunnel.
CpuID Indicates the CPU number.
SrcIP Indicates the IP address of the local end of the IPSec tunnel.
FlowInfo Indicates the data flow information of the IPSec tunnel, including the source address, destination address, ACL port number, ACL protocol number, and DSCP.
offlinereason Indicates the reason why the IPSec tunnel was deleted.

vsys-name

Indicates the name of the virtual system to which the IPSec policy belongs.

NOTE:

The device does not support this parameter.
InterfaceName Indicates the interface name.
SlotID

Indicates the Slot number.

NOTE:

The device does not support this parameter.

Impact on the System

An IPSec tunnel has been deleted.

Possible Causes

An IPSec tunnel has been deleted due to the following causes:

  • dpd timeout: Dead peer detection (DPD) times out.
  • peer request: The remote end has sent a message, asking the local end to tear down the tunnel.
  • config modify or manual offline: An SA is deleted due to configuration modification or an SA is manually deleted.
  • phase1 hard expiry: Hard lifetime expires in phase 1 (no new SA negotiation success message is received).
  • phase2 hard expiry: Hard lifetime expires in phase 2.
  • heartbeat timeout: heartbeat detection times out.
  • modecfg address soft expiry: The IP address lease applied by the remote end from the server expires.
  • re-auth timeout: An SA is deleted due to reauthentication timeout.
  • aaa cut user: The AAA module disconnects users.
  • hard expiry triggered by port mismatch: A hard timeout occurs due to mismatch NAT port number.
  • spi conflict: An SPI conflict occurs.
  • phase1 sa replace: The new IKE SA replaces the old IKE SA.
  • phase2 sa replace: The new IPSec SA replaces the old IPsec SA.
  • receive invalid spi notify: The device receives an invalid SPI notification.
  • dns resolution status change: DNS resolution status changes.
  • ikev1 phase1-phase2 sa dependent offline: The device deletes the associated IPSec SA when deleting an IKEv1 SA.
  • exchange timeout: Packet interaction timeout.

Procedure

  • Cause: dpd timeout

    Perform the ping operation to check link reachability. If the link is unreachable, check the link and network configuration.

  • Cause: heartbeat timeout

    1. Perform the ping operation to check link reachability. If the link is unreachable, check the link configuration.

    2. Check the heartbeat configuration on the two ends. If the configuration is incorrect, correct it.

  • Cause: config modify or manual offline

    1. Check whether the tunnel is deleted manually or whether the SA is reset. If so, no operation is required.
    2. Check whether the IPSec configuration modified on the local end is correct. If not, correct the IPSec configuration.
    3. Check whether manually deleted IPSec policies are redundant. If they are not redundant, reapply IPSec policies to the interface.

  • Cause: phase1 hard expiry

    Check whether the IKE SA lifetime is proper. If not, modify the IKE SA lifetime.

  • Cause: phase2 hard expiry

    Check whether the IPSec SA lifetime is proper. If not, modify the IPSec SA lifetime.

  • Cause: hard expiry triggered by port mismatch

    Check whether the two ends use the same NAT port number. If not, modify the NAT port numbers to be the same.

  • Cause: peer request

    Check log information of the remote device and determine the causes for the IPSec tunnel fault accordingly.

  • Cause: receive invalid spi notify

    If this fault occurs frequently, check whether the remote device status or configurations are abnormal.

  • Cause: dns resolution status change

    1. Ensure that the link between the device and DNS server is normal.
    2. Ensure that the DNS server is working properly.
    3. Ensure that the domain name configured using the remote-address host-name command is correct.

  • Cause: ikev1 phase1-phase2 sa dependent offline

    This symptom is normal and no operation is required if the devices at two ends can renegotiate the IKE SA and IPSec SA. Otherwise, you are advised to run the undo ikev1 phase1-phase2 sa dependent command on the local device to cancel dependency between IPSec SA and IKE SA during IKEv1 negotiation.

  • Cause: exchange timeout

    Ensure that the link is normal and the IPSec configuration is correct.

  • Cause: kick old sa with same flow

    Run the ipsec remote traffic-identical accept command to allow branch or other users to quickly access the headquarters network.

  • Cause: aaa cut user, modecfg address soft expiry, re-auth timeout, phase1 sa replace, phase2 sa replace, spi conflict

    This symptom is normal and no operation is required.

Related Information

IPSec_1.3.6.1.4.1.2011.6.122.26.6.1 hwIPSecTunnelStart

IPSEC-VPN_1.3.6.1.4.1.2011.6.122.26.6.3 hwIPSecPolicyAdd

Description

IPSEC-VPN/4/IPSECPOLICYADD: OID [oid] An IPSec policy is added. (SeqNum=[sequence-number], PolicyName=[policy-name], VsysName=[vsys-name])

An IPSec policy is added.

Attribute

Alarm ID Alarm Severity Alarm Type

1.3.6.1.4.1.2011.6.122.26.6.3

Warning

Communications alarm

Parameters

Name Meaning

oid

Indicates the MIB object ID of the alarm.

sequence-number

Indicates the number of the IPSec policy.

policy-name

Indicates the name of the IPSec policy.

vsys-name

Indicates the name of the virtual system to which the IPSec policy belongs.

NOTE:

The device does not support this parameter.

Impact on the System

None

Possible Causes

When an IPSec policy is added, the alarm is generated.

Procedure

  • This log message is informational only, and no action is required.

Related Information

IPSec_1.3.6.1.4.1.2011.6.122.26.6.4 hwIPSecPolicyDel

IPSEC-VPN_1.3.6.1.4.1.2011.6.122.26.6.4 hwIPSecPolicyDel

Description

IPSEC-VPN/4/IPSECPOLICYDEL: OID [oid] An IPSec policy is deleted. (SeqNum=[sequence-number], PolicyName=[policy-name], VsysName=[vsys-name])

An IPSec policy is deleted.

Attribute

Alarm ID Alarm Severity Alarm Type

1.3.6.1.4.1.2011.6.122.26.6.4

Warning

Communications alarm

Parameters

Name Meaning

oid

Indicates the MIB object ID of the alarm.

sequence-number

Indicates the number of the IPSec policy.

policy-name

Indicates the name of the IPSec policy.

vsys-name

Indicates the name of the virtual system to which the IPSec policy belongs.

NOTE:

The device does not support this parameter.

Impact on the System

None

Possible Causes

When an IPSec policy is deleted, the alarm is generated.

Procedure

  • This log message is informational only, and no action is required.

Related Information

IPSec_1.3.6.1.4.1.2011.6.122.26.6.3 hwIPSecPolicyAdd

IPSEC-VPN_1.3.6.1.4.1.2011.6.122.26.6.5 hwIPSecPolicyAttach

Description

IPSEC-VPN/4/IPSECPOLICYATTACH: OID [oid] An IPSec policy is applied to an interface. (IfIndex=[interface-index], PolicyName=[policy-name], VsysName=[vsys-name], InterfaceName=[interface-name])

An IPSec policy is applied to an interface.

Attribute

Alarm ID Alarm Severity Alarm Type

1.3.6.1.4.1.2011.6.122.26.6.5

Warning

Communications alarm

Parameters

Name Meaning

oid

Indicates the MIB object ID of the alarm.

interface-index

Indicates the index of the interface to which the IPSec policy is applied.

policy-name

Indicates the name of the applied IPSec policy.

vsys-name

Indicates the name of the virtual system to which the IPSec policy belongs.

NOTE:

The device does not support this parameter.

interface-name

Indicates the interface name.

Impact on the System

None

Possible Causes

When an IPSec policy is applied to an interface, the alarm is generated.

Procedure

  • This trap message is informational only, and no action is required.

Related Information

IPSec_1.3.6.1.4.1.2011.6.122.26.6.6 hwIPSecPolicyDetach

IPSEC-VPN_1.3.6.1.4.1.2011.6.122.26.6.6 hwIPSecPolicyDetach

Description

IPSEC-VPN/4/IPSECPOLICYDETACH: OID [oid] An IPSec policy is cancelled on an interface. (IfIndex=[interface-index], PolicyName=[policy-name], VsysName=[vsys-name], InterfaceName=[interface-name])

The application of an IPSec policy is deleted from an interface.

Attribute

Alarm ID Alarm Severity Alarm Type

1.3.6.1.4.1.2011.6.122.26.6.6

Warning

Communications alarm

Parameters

Name Meaning

oid

Indicates the MIB object ID of the alarm.

interface-index

Indicates the index of the interface to which the IPSec policy is deleted.

policy-name

Indicates the name of the deleted IPSec policy.

vsys-name

Indicates the name of the virtual system to which the IPSec policy belongs.

NOTE:

The device does not support this parameter.

interface-name

Indicates the interface name.

Impact on the System

If tunnels exist, the running tunnel is disconnected.

If no tunnels exist, services are not affected.

Possible Causes

When the application of an IPSec policy is deleted from an interface, the alarm is generated.

Procedure

  • This trap message is informational only, and no action is required.

Related Information

IPSec_1.3.6.1.4.1.2011.6.122.26.6.5 hwIPSecPolicyAttach

IPSEC-VPN_1.3.6.1.4.1.2011.6.122.26.6.7 hwIPSecIKEReset

Description

IPSEC-VPN/4/IPSECRESETIKESA: OID [oid] Reset IKE SA. (VsysName=[vsys-name])

Reset IKE SA.

Attribute

Alarm ID Alarm Severity Alarm Type
1.3.6.1.4.1.2011.6.122.26.6.7 Warning Communications alarm

Parameters

Name Meaning
oid Indicates the MIB object ID of the alarm.

vsys-name

Indicates the name of the virtual system to which the IKE SA belongs.

NOTE:

The device does not support this parameter.

Impact on the System

The IPSec user is disconnected, and services are affected.

Possible Causes

This log message is generated when the reset ike sa command is executed.

Procedure

  • This log message is informational only, and no action is required.

IPSEC-VPN_1.3.6.1.4.1.2011.6.122.26.6.8 hwIPSecIPSecReset

Description

IPSEC-VPN/4/IPSECRESETIPSECSA: OID [oid] Reset IPSec SA. (VsysName=[vsys-name])

Reset IPSec SA.

Attribute

Alarm ID Alarm Severity Alarm Type
1.3.6.1.4.1.2011.6.122.26.6.8 Warning Communications alarm

Parameters

Name Meaning
oid Indicates the MIB object ID of the alarm.

vsys-name

Indicates the name of the virtual system to which the IPSec SA belongs.

NOTE:

The device does not support this parameter.

Impact on the System

The IPSec user is disconnected, and services are affected.

Possible Causes

This log message is generated when the reset ipsec sa command is executed.

Procedure

  • This log message is informational only, and no action is required.

IPSEC-VPN_1.3.6.1.4.1.2011.6.122.26.6.9 hwIPSecTunnelreachMax

Description

IPSEC-VPN/4/IPSECREACHMAXTUNNEL: OID [OID] Current counts of ipsec tunnel will reach max CPU limit or license limit, please check it.

The number of IPSec tunnels has reached 80% of the CPU or license limit threshold.

Attribute

Alarm ID Alarm Severity Alarm Type

1.3.6.1.4.1.2011.6.122.26.6.9

Warning

Communications alarm

Parameters

Name Meaning

OID

Indicates the MIB object ID of the alarm.

Impact on the System

New tunnels cannot be set up after the number of IPSec tunnels reaches the threshold.

Possible Causes

The number of IPSec tunnels has reached 80% of the CPU or license limit threshold.

Procedure

  1. Expand the CPU capacity or apply for a new license.

IPSEC-VPN_1.3.6.1.4.1.2011.6.122.26.6.10 hwIPSecTunnelreachMaxAtOnce

Description

IPSEC-VPN/4/IPSECREACHMAXTUNNELATONCE: OID [OID] Current counts of ipsec tunnel will reach max CPU limit or license limit, please check it at once.

The number of IPSec tunnels has reached 90% of the CPU or license limit threshold.

Attribute

Alarm ID Alarm Severity Alarm Type

1.3.6.1.4.1.2011.6.122.26.6.10

Warning

Communications alarm

Parameters

Name Meaning

OID

Indicates the MIB object ID of the alarm.

Impact on the System

New tunnels cannot be set up after the number of IPSec tunnels reaches the threshold.

Possible Causes

The number of IPSec tunnels has reached 90% of the CPU or license limit threshold.

Procedure

  1. Expand the CPU capacity or apply for a new license.

IPSEC-VPN_1.3.6.1.4.1.2011.6.122.26.6.13 hwIKESaPhase1Establish

Description

IPSEC-VPN/4/IKESAPHASE1ESTABLISHED: OID [OID] IKE phase1 sa established. (PeerAddress=[PeerAddress], PeerPort=[PeerPort], LocalAddress=[LocalAddress], AuthMethod=[AuthMethod], AuthID=[AuthID], IDType=[IDType], VsysName=[vsys-name], Role=[Role])

The IKE SA has been established.

Attribute

Alarm ID Alarm Severity Alarm Type
1.3.6.1.4.1.2011.6.122.26.6.13 Warning Communications alarm

Parameters

Name Meaning
OID Indicates the MIB object ID of the alarm.
PeerAddress Indicates the IP address of the tunnel's remote end.
PeerPort Indicates the port number of the peer end of the IPSec tunnel.
LocalAddress Indicates the IP address of the tunnel's local end.
AuthMethod Indicates the authentication method.
AuthID Indicates the ID of the tunnel's remote end.
IDType Indicates the type of the remote end ID.

vsys-name

Indicates the name of the virtual system to which the IKE SA belongs.

NOTE:

The device does not support this parameter.
Role

Device role during SA negotiation:

  • Initiator: The device functions as the SA negotiation initiator.
  • Responder: The device functions as the SA negotiation responder.

Impact on the System

Services are not affected.

Possible Causes

The IKE SA has been established.

Procedure

  • This log message is informational only, and no action is required.

IPSEC-VPN_1.3.6.1.4.1.2011.6.122.26.6.14 hwIPSecNegoFail

Description

IPSEC-VPN/4/IPSECNEGOFAIL: OID [OID] IPSec tunnel negotiation fails. (Ifindex=[Ifindex], SeqNum=[SeqNum], Reason=[Reason], ReasonCode=[ReasonCode], PeerAddress=[PeerAddress], PeerPort=[PeerPort], VsysName=[vsys-name], InterfaceName=[InterfaceName], ConnID=[ConnID])

IPSec tunnel negotiation fails.

Attribute

Alarm ID Alarm Severity Alarm Type

1.3.6.1.4.1.2011.6.122.26.6.14

Warning

Communications alarm

Parameters

Name Meaning

OID

Indicates the MIB object ID of the alarm.

Ifindex

Indicates the index of the interface on the IPSec tunnel.

SeqNum

Indicates the sequence number of the IPSec policy.

Reason

Indicates the reason of IPSec tunnel negotiation failure.

ReasonCode
Indicates the reason code of IPSec tunnel negotiation failure.
  • 1: phase1 proposal mismatch
  • 2: phase2 proposal or pfs mismatch
  • 3: encapsulation mode mismatch
  • 4: flow or peer mismatch
  • 5: version mismatch
  • 6: responder dh mismatch
  • 7: initiator dh mismatch
  • 12: peer address mismatch
  • 13: config ID mismatch
  • 14: construct local ID fail
  • 15: authentication fail
  • 16: rekey no find old sa
  • 17: rekey fail
  • 18: first packet limited
  • 21: invalid cookie
  • 24: invalid length
  • 26: unsupported version
  • 28: malformed payload
  • 30: malformed message
  • 31: cookie mismatch
  • 32: exchange mode mismatch
  • 33: unknown exchange type
  • 34: critical drop
  • 35: uncritical drop
  • 39: local address mismatch
  • 40: nat detection fail
  • 41: ipsec tunnel number reaches limitation
  • 42: dynamic peers number reaches limitation
  • 49: no policy applied on interface
  • 50: fragment packet limit
  • 51: fragment packet reassemble timeout

PeerAddress

Indicates the remote IP address.

PeerPort

Indicates the remote UDP port number.

vsys-name

Indicates the name of the virtual system to which the IPSec policy belongs.

NOTE:

The device does not support this parameter.

InterfaceName

Indicates the interface name.

ConnID

Indicates the connection ID of an SA.

Impact on the System

Creating an IPSec tunnel will fail.

Possible Causes

The possible causes are as follows:

  • phase1 proposal mismatch: IKE proposal parameters of the two ends do not match.
  • phase2 proposal or pfs mismatch: IPSec proposal parameters, pfs algorithm, or security ACL of the two ends do not match.
  • responder dh mismatch: The DH algorithm of the responder does not match.
  • initiator dh mismatch: The DH algorithm of the initiator does not match.
  • encapsulation mode mismatch: The encapsulation mode does not match.
  • flow or peer mismatch: The security ACL or IKE peer address of the two ends does not match.
  • version mismatch: The IKE version number of the two ends does not match.
  • peer address mismatch: The IKE peer address of the two ends does not match.
  • config ID mismatch: The IKE peer of the specified ID is not found.
  • exchange mode mismatch: The negotiation mode of the two ends does not match.
  • authentication fail: Identity authentication fails.
  • construct local ID fail: The local ID fails to be constructed.
  • rekey no find old sa: The old SA is not found during re-negotiation.
  • rekey fail: The old SA is going offline during re-negotiation.
  • first packet limited: The rate of the first packet is limited.
  • unsupported version: The IKE version number is not supported.
  • malformed message: Malformed message.
  • malformed payload: Malformed payload.
  • critical drop: Unidentified critical payload.
  • cookie mismatch: Cookie mismatch.
  • invalid cookie: Invalid cookie.
  • invalid length: Invalid packet length.
  • unknown exchange type: Unknown negotiation mode.
  • uncritical drop: Unidentified non-critical payload.
  • local address mismatch: The local IP address in IKE negotiation and interface IP address do not match.
  • dynamic peers number reaches limitation: The number of IKE peers reaches the upper limit.
  • ipsec tunnel number reaches limitation: The number of IPSec tunnels reaches the upper limit.
  • no policy applied on interface: No policy is applied to an interface.
  • nat detection fail: NAT detailed failed.
  • fragment packet limit: Fragment packets exceed the limit.
  • fragment packet reassemble timeout: Fragment packet reassembly times out.

Procedure

  • Cause: phase1 proposal mismatch

    Check IKE proposal parameters at both ends of the IPSec tunnel and ensure that the parameters are consistent at both ends.

  • Cause: phase2 proposal or pfs mismatch

    Check IPSec proposal parameters or PFS algorithms at both ends of the IPSec tunnel and ensure that the parameters or algorithms are consistent at both ends.

  • Cause: responder dh mismatch, initiator dh mismatch

    Check DH algorithms at both ends of the IPSec tunnel and ensure that the algorithms are consistent at both ends.

  • Cause: encapsulation mode mismatch

    Check encapsulation modes at both ends of the IPSec tunnel and ensure that the encapsulation modes are consistent at both ends.

  • Cause: peer address mismatch

    Check the IP addresses of IKE peers at both ends and ensure that the IP addresses match each other.

  • Cause: config ID mismatch

    Check identity authentication parameters, such as the ID type and ID value, and ensure that the parameters match each other.

  • Cause: authentication fail

    Check IKE proposal parameters or IKE peer parameters at both ends of the IPSec tunnel and ensure that the parameters are consistent at both ends.

  • Cause: exchange mode mismatch

    Check the IKEv1 phase 1 negotiation modes at both ends and ensure that the negotiation modes are consistent at both ends.

  • Cause: route limit

    Replace the device with the one that has a higher route specification and plan the network properly.

  • Cause: local address mismatch

    Check the local IP address and interface IP address used in IKE negotiation and ensure that the IP addresses are consistent.

  • Cause: ipsec tunnel number reaches limitation

    Delete unnecessary IPSec tunnels or expand the capacity.

  • Cause: dynamic peers number reaches limitation

    Expand the capacity and plan the network properly.

  • Cause: no policy applied on interface

    Apply the required IPSec policy to the interface.

  • Cause: fragment packet limit

    The number of received fragmented packets exceeds the limit. Adjust the MTU of the peer device correctly.

  • Cause: fragment packet reassemble timeout

    Ensure that the links at both ends are normal and the device status is normal.

  • If the fault persists, collect related information and contact technical support personnel.

IPSEC-VPN_1.3.6.1.4.1.2011.6.122.26.6.15 hwIPSecTunnelHaveReachMax

Description

IPSEC-VPN/4/IPSECREACHMAXTUNNELMAX: OID [OID] Current counts of ipsec tunnel has been reached max CPU limit or license li mit, please check it at once.

The number of IPSec tunnels has reached the limit supported by a single CPU or license.

Attribute

Alarm ID Alarm Severity Alarm Type
1.3.6.1.4.1.2011.6.122.26.6.15 Warning Indicates a communication alarm.

Parameters

Name Meaning
OID Indicates the MIB object ID of the alarm.

Impact on the System

New tunnels cannot be set up after the number of IPSec tunnels reaches the limit.

Possible Causes

The number of IPSec tunnels has reached the limit.

Procedure

  1. Delete unnecessary IPSec tunnels.
  2. Expand CPU capacity or apply for a new license.
Translation
日本語 简体中文
Download
Updated: 2022-05-25

Document ID: EDOC1100127008

Views: 75839

Downloads: 321

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :