HUAWEI-SECURITY-MIB

S600-E V200R019C10 MIB Reference

This document provides the function overview, relationships between tables, description of single objects, description of MIB tables, and description of alarm objects.

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

HUAWEI-SECURITY-MIB

Functions Overview

HUAWEI-SECURITY-MIB is used to obtain security data, for example, information about attack packets, thresholds for ARP and ICMP packets, number of attack packets discarded by DAI and IPSG, alarm thresholds for attack packets, CPU usage thresholds, and CPU usage.

Root directory:

iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).huawei(2011).huaweiMgmt(5).hwDatacomm(25).hwSecurityMIB(165)

Relationship Between Tables

None

Description of Single Objects

None

hwOlcSlotStr

OID	Object Name	Data Type	Max Access	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.25.165.2.1.11.1	hwOlcSlotStr	OCTET	accessible-for-notify	This object indicates the slot ID of the card where the OLC function is started.	This object is implemented as defined in the corresponding MIB file.

hwOlcThreshold1

OID	Object Name	Data Type	Max Access	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.25.165.2.1.11.2	hwOlcThreshold1	Integer32	accessible-for-notify	This object indicates the level-1 CPU usage threshold.	This object is implemented as defined in the corresponding MIB file.

hwOlcCurrentCpuUsage

OID	Object Name	Data Type	Max Access	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.25.165.2.1.11.3	hwOlcCurrentCpuUsage	Integer32	accessible-for-notify	This object indicates the current CPU usage.	This object is implemented as defined in the corresponding MIB file.

hwOlcCpuSampleCycle

OID	Object Name	Data Type	Max Access	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.25.165.2.1.11.4	hwOlcCpuSampleCycle	Integer32	accessible-for-notify	This object indicates the sampling interval of the CPU usage.	This object is implemented as defined in the corresponding MIB file.

Description of MIB Tables

hwTrafficSuppressionTable

This MIB table lists the parameters used to configure broadcast traffic suppression.

The index of this table is hwTrafficSuppressionIfIndex.

OID	Object Name	Syntax	Max Access	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.25.165.2.3.1.1	hwTrafficSuppressionIfIndex	Integer32	Not-accessible	This object indicates the index of an interface.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.25.165.2.3.1.2	hwTrafficSuppressionBcastRatio	Integer32	Read-write	This object indicates the rate limit for broadcast traffic, expressed in the percentage of interface bandwidth. The value ranges from 1 to 100.	This object is implemented as defined in the corresponding MIB file.

Creation Restriction

The restrictions for creating entries in this table are the same as the restriction for configuring broadcast traffic suppression using commands. For example, creating an entry for an interface fails if storm control has been configured on the interface.
The hwTrafficSuppressionIfIndex object must be set when you create an entry in this table.
The interface specified by the hwTrafficSuppressionIfIndex object must work properly.

Modification Restriction

The object specified by hwTrafficSuppressionIfIndex must exist in the table. If the specified object does not exist, the system creates the object.
The interface specified by the hwTrafficSuppressionIfIndex object must work properly.

Deletion Restriction

To delete an entry, set hwTrafficSuppressionBcastRatio to 50.

Access Restriction

This table can be read without restriction.

Description of Alarm Nodes

hwStrackUserInfo

OID	Object Name	Binding Variable	Description	Status
1.3.6.1.4.1.2011.5.25.165.2.2.1.1	hwStrackUserInfo	hwStrackPacketIfName hwStrackSourceMac hwStrackPacketCVlan hwStrackPacketPVlan hwStrackEndTime hwStrackTotalPacket	The attack source tracing function detects an attack from a user.	-

OID

Object Name

Binding Variable

Description

Status

1.3.6.1.4.1.2011.5.25.165.2.2.1.1

hwStrackUserInfo

hwStrackPacketIfName

hwStrackSourceMac

hwStrackPacketCVlan

hwStrackPacketPVlan

hwStrackEndTime

hwStrackTotalPacket

The attack source tracing function detects an attack from a user.

hwStrackIfVlanInfo

OID	Object Name	Binding Variable	Description	Status
1.3.6.1.4.1.2011.5.25.165.2.2.1.2	hwStrackIfVlanInfo	hwStrackPacketIfName hwStrackPacketCVlan hwStrackPacketPVlan hwStrackEndTime hwStrackTotalPacket	The attack source tracing function detects an attack from a port.	-

OID

Object Name

Binding Variable

Description

Status

1.3.6.1.4.1.2011.5.25.165.2.2.1.2

hwStrackIfVlanInfo

hwStrackPacketIfName

hwStrackPacketCVlan

hwStrackPacketPVlan

hwStrackEndTime

hwStrackTotalPacket

The attack source tracing function detects an attack from a port.

hwStrackDenyPacket

OID	Object Name	Binding Variable	Description	Status
1.3.6.1.4.1.2011.5.25.165.2.2.1.3	hwStrackDenyPacket	hwStrackPacketIfName hwStrackSourceMac hwStrackSourceIp hwStrackPacketCVlan hwStrackPacketPVlan	This object indicates that the system has detected an attack source and dropped packets sent from this source.	-

OID

Object Name

Binding Variable

Description

Status

1.3.6.1.4.1.2011.5.25.165.2.2.1.3

hwStrackDenyPacket

hwStrackPacketIfName

hwStrackSourceMac

hwStrackSourceIp

hwStrackPacketCVlan

hwStrackPacketPVlan

This object indicates that the system has detected an attack source and dropped packets sent from this source.

hwStrackErrorDown

OID	Object Name	Binding Variable	Description	Status
1.3.6.1.4.1.2011.5.25.165.2.2.1.4	hwStrackErrorDown	hwStrackPacketIfName	This object indicates that the system has detected an attack source and set the interface where attack packets are received to Error-Down state.	-

hwArpsEntryCheck

OID	Object Name	Binding Variable	Description	Status
1.3.6.1.4.1.2011.5.25.165.2.2.2.2	hwArpsEntryCheck	hwArpsSourceInterface hwArpsSourceIp hwArpsSourceMac hwArpsPVlan hwArpsCVlan	The device receives an ARP packet containing invalid content.	-

OID

Object Name

Binding Variable

Description

Status

1.3.6.1.4.1.2011.5.25.165.2.2.2.2

hwArpsEntryCheck

hwArpsSourceInterface

hwArpsSourceIp

hwArpsSourceMac

hwArpsPVlan hwArpsCVlan

The device receives an ARP packet containing invalid content.

hwArpsPacketCheck

OID	Object Name	Binding Variable	Description	Status
1.3.6.1.4.1.2011.5.25.165.2.2.2.3	hwArpsPacketCheck	hwArpsSourceInterface hwArpsSourceIp hwArpsSourceMac hwArpsPVlan hwArpsCVlan	The device receives an ARP packet that attempts to modify an existing ARP entry.	-

OID

Object Name

Binding Variable

Description

Status

1.3.6.1.4.1.2011.5.25.165.2.2.2.3

hwArpsPacketCheck

hwArpsSourceInterface

hwArpsSourceIp

hwArpsSourceMac

hwArpsPVlan hwArpsCVlan

The device receives an ARP packet that attempts to modify an existing ARP entry.

hwArpsDaiDropALarm

OID	Object Name	Binding Variable	Description	Status
1.3.6.1.4.1.2011.5.25.165.2.2.2.4	hwArpsDaiDropALarm	hwArpsPacketDropNum hwArpsAlarmThreshold hwArpsSourceInterface	The number of ARP packets discarded by DAI in an interface reaches the alarm threshold.	-

OID

Object Name

Binding Variable

Description

Status

1.3.6.1.4.1.2011.5.25.165.2.2.2.4

hwArpsDaiDropALarm

hwArpsPacketDropNum

hwArpsAlarmThreshold

hwArpsSourceInterface

The number of ARP packets discarded by DAI in an interface reaches the alarm threshold.

hwArpGlobleSpeedLimitALarm

OID	Object Name	Binding Variable	Description	Status
1.3.6.1.4.1.2011.5.25.165.2.2.2.5	hwArpGlobleSpeedLimitALarm	hwArpsAlarmThreshold	The global ARP packet rate reaches the alarm threshold.	-

hwArpIfSpeedLimitALarm

OID	Object Name	Binding Variable	Description	Status
1.3.6.1.4.1.2011.5.25.165.2.2.2.6	hwArpIfSpeedLimitALarm	hwArpsAlarmThreshold hwArpsSourceInterface	The ARP packet rate on the interface reaches the alarm threshold.	-

OID

Object Name

Binding Variable

Description

Status

1.3.6.1.4.1.2011.5.25.165.2.2.2.6

hwArpIfSpeedLimitALarm

hwArpsAlarmThreshold

hwArpsSourceInterface

The ARP packet rate on the interface reaches the alarm threshold.

hwArpVlanSpeedLimitALarm

OID	Object Name	Binding Variable	Description	Status
1.3.6.1.4.1.2011.5.25.165.2.2.2.7	hwArpVlanSpeedLimitALarm	hwArpsAlarmThreshold hwArpsPVlan	The ARP packet rate in the VLAN reaches the alarm threshold.	-

OID

Object Name

Binding Variable

Description

Status

1.3.6.1.4.1.2011.5.25.165.2.2.2.7

hwArpVlanSpeedLimitALarm

hwArpsAlarmThreshold

hwArpsPVlan

The ARP packet rate in the VLAN reaches the alarm threshold.

hwArpSourceIpSpeedLimitALarm

OID	Object Name	Bound Variable	Description	Access
1.3.6.1.4.1.2011.5.25.165.2.2.2.11	hwArpSourceIpSpeedLimitALarm	hwArpsSourceIp hwArpsAlarmThreshold	This object indicates that the rate of ARP packets from IP address X.X.X.X reaches the alarm threshold.	-

OID

Object Name

Bound Variable

Description

Access

1.3.6.1.4.1.2011.5.25.165.2.2.2.11

hwArpSourceIpSpeedLimitALarm

hwArpsSourceIp

hwArpsAlarmThreshold

This object indicates that the rate of ARP packets from IP address X.X.X.X reaches the alarm threshold.

hwArpIfRateLimitBlockALarm

OID	Object Name	Bound Variable	Description	Access
1.3.6.1.4.1.2011.5.25.165.2.2.2.13	hwArpIfRateLimitBlockALarm	hwArpsSourceInterface hwArpsBlockTime	If the rate of ARP packets exceeds the configured rate limit, ARP packets are discarded in the blocking period.	The block action can be configured on a maximum of 16 interfaces.

OID

Object Name

Bound Variable

Description

Access

1.3.6.1.4.1.2011.5.25.165.2.2.2.13

hwArpIfRateLimitBlockALarm

hwArpsSourceInterface

hwArpsBlockTime

If the rate of ARP packets exceeds the configured rate limit, ARP packets are discarded in the blocking period.

The block action can be configured on a maximum of 16 interfaces.

hwIPSGDropALarm

OID	Object Name	Bound Variable	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.25.165.2.2.3.1	hwIPSGDropALarm	hwIPSGPacketDropNum hwIPSGAlarmThreshold hwIPSGSourceInterface	This object indicates that the number of IP packets in an interface discarded by IP source guard has reached the alarm threshold.	-

OID

Object Name

Bound Variable

Description

Implemented Specifications

1.3.6.1.4.1.2011.5.25.165.2.2.3.1

hwIPSGDropALarm

hwIPSGPacketDropNum

hwIPSGAlarmThreshold

hwIPSGSourceInterface

This object indicates that the number of IP packets in an interface discarded by IP source guard has reached the alarm threshold.

hwIPSGVlanDropALarm

OID	Object Name	Bound Variable	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.25.165.2.2.3.2	hwIPSGVlanDropALarm	hwIPSGVlan hwIPSGPacketDropNum hwIPSGAlarmThreshold hwIPSGPktInfo	This object indicates that the number of IP packets in a VLAN discarded by IP source guard has reached the alarm threshold.	-

OID

Object Name

Bound Variable

Description

Implemented Specifications

1.3.6.1.4.1.2011.5.25.165.2.2.3.2

hwIPSGVlanDropALarm

hwIPSGVlan

hwIPSGPacketDropNum

hwIPSGAlarmThreshold

hwIPSGPktInfo

This object indicates that the number of IP packets in a VLAN discarded by IP source guard has reached the alarm threshold.

hwIcmpGlobalDropALarm

OID	Object Name	Bound Variable	Description	Access
1.3.6.1.4.1.2011.5.25.165.2.2.4.1	hwIcmpGlobalDropALarm	hwIcmpAlarmThreshold	This object indicates that the global ICMP packet rate reaches the alarm threshold.	-

hwIcmpIfDropALarm

OID	Object Name	Bound Variable	Description	Access
1.3.6.1.4.1.2011.5.25.165.2.2.4.2	hwIcmpIfDropALarm	hwIcmpAlarmThreshold hwIcmpSourceInterface	This object indicates that the ICMP packet rate on the interface reaches the alarm threshold.	-

OID

Object Name

Bound Variable

Description

Access

1.3.6.1.4.1.2011.5.25.165.2.2.4.2

hwIcmpIfDropALarm

hwIcmpAlarmThreshold

hwIcmpSourceInterface

This object indicates that the ICMP packet rate on the interface reaches the alarm threshold.

hwStrackPortAtk

OID	Object Name	Bound Variable	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.25.165.2.2.9.1	hwStrackPortAtk	hwStrackPortPacketIfName hwStrackPortPacketType	Port attack defense is started.	-

OID

Object Name

Bound Variable

Description

Implemented Specifications

1.3.6.1.4.1.2011.5.25.165.2.2.9.1

hwStrackPortAtk

hwStrackPortPacketIfName

hwStrackPortPacketType

Port attack defense is started.

hwOlcStartAlarm

OID	Object Name	Bound Variable	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.25.165.2.2.11.1	hwOlcStartAlarm	hwOlcSlotStr hwOlcThreshold1 hwOlcCurrentCpuUsage hwOlcCpuSampleCycle	This object indicates that the OLC function is started when the CPU usage reaches the OLC start threshold.	This object is implemented as defined in the corresponding MIB file.

hwOlcStopAlarm

OID	Object Name	Bound Variable	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.25.165.2.2.11.2	hwOlcStopAlarm	hwOlcSlotStr hwOlcThreshold1 hwOlcCurrentCpuUsage hwOlcCpuSampleCycle	This object indicates that the OLC function is stopped when the CPU usage falls below the OLC stop threshold.	This object is implemented as defined in the corresponding MIB file.

hwWeakEAConfigAlarm

OID	Object Name	Bound Variable	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.25.165.2.2.13.1	hwWeakEAConfigAlarm	None	The authentication or encryption algorithm with low security is configured on the device.	This object is implemented as defined in the corresponding MIB file.

Unsupported Objects

The functions corresponding to the following objects are not supported on the device. Do not use these MIB objects to maintain the device.

Table 74-1 List of unsupported objects

Object ID	Object Name	Table
1.3.6.1.4.1.2011.5.25.165.2.1.4.1	hwIcmpPacketDropNum	Single object
1.3.6.1.4.1.2011.5.25.165.2.2.1.5	hwStrackIPInfo	Alarm object
1.3.6.1.4.1.2011.5.25.165.2.2.2.1	hwArpsGatewayConflict	Alarm object
1.3.6.1.4.1.2011.5.25.165.2.2.2.8	hwArpMissGlobleSpeedLimitALarm	Alarm object
1.3.6.1.4.1.2011.5.25.165.2.2.2.9	hwArpMissIfSpeedLimitALarm	Alarm object
1.3.6.1.4.1.2011.5.25.165.2.2.2.10	hwArpMissVlanSpeedLimitALarm	Alarm object
1.3.6.1.4.1.2011.5.25.165.2.2.2.12	hwArpMissSourceIpSpeedLimitALarm	Alarm object

Translation

简体中文

Download

Updated: 2020-10-20

Document ID: EDOC1100127211

Downloads: 6

Average rating:

This Document Applies to these Products

Reminder

Enterprise

Corporate

Consumer

Carrier

Africa

Latin America

Middle East

Asia Pacific

North America

Europe

This document provides the function overview, relationships between tables, description of single objects, description of MIB tables, and description of alarm objects.

Functions Overview

Relationship Between Tables

Description of Single Objects

hwOlcSlotStr

hwOlcThreshold1

hwOlcCurrentCpuUsage

hwOlcCpuSampleCycle

Description of MIB Tables

hwTrafficSuppressionTable

Creation Restriction

Modification Restriction

Deletion Restriction

Access Restriction

Description of Alarm Nodes

hwStrackUserInfo

hwStrackIfVlanInfo

hwStrackDenyPacket

hwStrackErrorDown

hwArpsEntryCheck

hwArpsPacketCheck

hwArpsDaiDropALarm

hwArpGlobleSpeedLimitALarm

hwArpIfSpeedLimitALarm

hwArpVlanSpeedLimitALarm

hwArpSourceIpSpeedLimitALarm

hwArpIfRateLimitBlockALarm

hwIPSGDropALarm

hwIPSGVlanDropALarm

hwIcmpGlobalDropALarm

hwIcmpIfDropALarm

hwStrackPortAtk

hwOlcStartAlarm

hwOlcStopAlarm

hwWeakEAConfigAlarm

Unsupported Objects

Related Version

Related Documents

About Huawei

How to Buy

Partner

Resources

Others

Enterpise App