- Released At: 12-04-2021
- Page Views:
- Downloads:
- Table of Contents
- Related Documents
-
|
H3C S12500X-AF Switch Series |
System Log Messages Reference |
|
|
Document version: 6W102-20210406
Copyright © 2021 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Contents
Managing and obtaining system log messages
Obtaining log messages from the console terminal
Obtaining log messages from a monitor terminal
Obtaining log messages from the log buffer
Obtaining log messages from the log file
Obtaining log messages from a log host
ACL_ACCELERATE_NONCONTIGUOUSMASK
ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP
ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG
ARP_ACTIVE_ACK_NOREQUESTED_REPLY
ATK_ICMPV6_DEST_UNREACH_RAW_SZ
ATK_ICMPV6_GROUPREDUCTION_RAW_SZ
ATK_ICMPV6_PACKETTOOBIG_RAW_SZ
ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ
ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ
ATK_IPOPT_LOOSESRCROUTE_RAW_SZ
ATK_IPOPT_STRICTSRCROUTE_RAW_SZ
ATK_IPV6_EXT_HEADER_ABNORMAL_RAW_SZ
ATK_IPV6_EXT_HEADER_ABNORMAL_SZ
DOT1X_NOTENOUGH_EADFREERULE_RES
DOT1X_NOTENOUGH_EADMACREDIR_RES
DOT1X_NOTENOUGH_EADPORTREDIR_RES
DOT1X_NOTENOUGH_ENABLEDOT1X_RES
EDEV_FAILOVER_GROUP_STATE_CHANGE
ETH_VLAN_TERMINATION_NOT_SUPPORT
ETHOAM_CONNECTION_FAIL_TIMEOUT
ETHOAM_CONNECTION_FAIL_UNSATISF
ETHOAM_ENTER_LOOPBACK_CTRLLING
ETHOAM_LOCAL_ERROR_FRAME_PERIOD
ETHOAM_LOCAL_ERROR_FRAME_SECOND
ETHOAM_LOOPBACK_EXIT_ERROR_STATU
ETHOAM_REMOTE_ERROR_FRAME_PERIOD
ETHOAM_REMOTE_ERROR_FRAME_SECOND
FCLINK_FDISC_REJECT_NORESOURCE
FCLINK_FLOGI_REJECT_NORESOURCE
FCOE_INTERFACE_NOTSUPPORT_FCOE
FLEXE_BANDWIDTH_MISMATCH_RECOVER
FLEXE_BANDWIDTH_REDUCE_RECOVER
FLEXE_CLIENTID_MISMATCH_RECOVER
FLEXE_GROUPMEMBER_FAULT_RECOVER
FLEXE_PHYGROUP_MISMATCH_RECOVER
IP_ADD_INTERFACE_ANTITCPSYNFLD
IP_DEL_INTERFACE_ANTITCPSYNFLD
IP_INSERT_FAILED_ANTITCPSYNFLD
IP_SETTING_FAILED_ANTITCPSYNFLD
L2PT_CREATE_TUNNELGROUP_FAILED
L2TPV2_SESSIONS_LOWER_THRESHOLD
L2TPV2_SESSIONS_RECOVER_NORMAL
L2TPV2_SESSIONS_UPPER_THRESHOLD
LAGG_INACTIVE_RESOURCE_INSUFICIE
NAT_SERVICE_CARD_RECOVER_FAILURE
ND_SET_VLAN_REDIRECT_NORESOURCE
NQA_TWAMP_LIGHT_PACKET_INVALID
OFC_DATAPATH_CHANNEL_DISCONNECT
OFP_FLOW_ADD_TABLE_MISS_FAILED
OFP_FLOW_DEL_TABLE_MISS_FAILED
OFP_FLOW_MOD_TABLE_MISS_FAILED
PFILTER_VLAN_IPV4_DACT_UNK_ERR
PFILTER_VLAN_IPV6_DACT_UNK_ERR
PORTSEC_PORTMODE_NOT_EFFECTIVE
PTP_TIME_OFFSE_EXCEED_THRESHOLD
QOS_QMPROFILE_MODIFYQUEUE_FAIL
REDISDBM_NOTIFY_STATE_SUCCEEDED
RPR_LAGGCONFIG_INCONSISTENT_OVER
RPR_PROTECTION_INCONSISTENT_OVER
RPR_TOPOLOGY_INCONSISTENT_OVER
STAMGR_AUTHORUSERPROFILE_FAILURE
STRUNK_DROPPACKET_INCONSISTENCY
UPMGR_CP_PROTOCOL_STATE_CHANGE
UPMGR_UP_PROTOCOL_STATE_CHANGE
Introduction
This document includes the following system messages:
· Messages specific to the switch.
· Messages for the Comware 7 software platform version based on which the switch release was produced. Some platform system messages might not be available on the switch.
This document assumes that the readers are familiar with data communications technologies and H3C networking products.
System log message format
By default, the system log messages use one of the following formats depending on the output destination:
· Log host:
<PRI>TIMESTAMP Sysname %%vendorMODULE/severity/MNEMONIC: location; CONTENT
· Destinations except for the log host:
Prefix TIMESTAMP Sysname MODULE/severity/MNEMONIC: CONTENT
|
NOTE: Log message examples in this document use the format for destinations except the log host. They do not contain elements available only for the log host, including the location element. |
Table 1 System log message elements
Element |
Description |
<PRI> |
Priority identifier. It is calculated by using the following formula: Priority identifier=facilityx8+severity Where: · Facility is specified by using the info-center loghost command. A log host uses this parameter to identify log sources and filter log messages. · Severity represents the importance of the message. For more information about severity levels, see Table 2. |
Prefix |
Message type identifier. This element is contained in the system log messages sent to non-log-host destinations. The element uses the following symbols to indicate message severity: · Percentage sign (%)—Informational and higher levels. · Asterisk (*)—Debug level. |
TIMESTAMP |
Date and time when the event occurred. The following are commands for configuring the timestamp format: · Log host—Use the info-center timestamp loghost command. · Non-log host destinations—Use the info-center timestamp command. |
Sysname |
Name or IP address of the device that generated the message. |
%%vendor |
Manufacturer flag. This element is %%10 for H3C. This element is contained only in messages sent to the log host. |
MODULE |
Name of the module that produced the message. |
severity |
Severity level of the message. (For more information about severity levels, see Table 2.) |
MNEMONIC |
Text string that uniquely identifies the system message. The maximum length is 32 characters. |
location |
This element presents location information for the message in the following format: -attribute1=x-attribute2=y…-attributeN=z The following are examples of location attributes: · -MDC=XX, which represents the MDC on which the message occurred. · -DevIp=XXX.XXX.XXX.XXX, which represents the source IP of the message. · -Slot=XX, which represents the slot on which the message occurred. · -Chassis=XX-Slot=XX, which represents the chassis and slot on which the message occurred. This element is separated from the message description by using a semicolon (;). |
CONTENT |
Text string that contains detailed information about the event or error. For variable fields in this element, this document uses the representations in Table 3. |
System log messages are classified into eight severity levels from 0 to 7. The lower the number, the higher the severity, as shown in Table 2.
Table 2 System log message severity levels
Level |
Severity |
Description |
0 |
Emergency |
The system is unusable. For example, the system authorization has expired. |
1 |
Alert |
Action must be taken immediately. For example, traffic on an interface exceeds the upper limit. |
2 |
Critical |
Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails. |
3 |
Error |
Error condition. For example, the link state changes or a storage card is unplugged. |
4 |
Warning |
Warning condition. For example, an interface is disconnected, or the memory resources are used up. |
5 |
Notification |
Normal but significant condition. For example, a terminal logs in to the device, or the device reboots. |
6 |
Informational |
Informational message. For example, a command or a ping operation is executed. |
7 |
Debug |
Debugging message. |
For variable fields in the message text, this document uses the representations in Table 3. The values are case insensitive, even though the representations are uppercase letters.
Table 3 Variable field representations
Representation |
Information type |
INT16 |
Signed 16-bit decimal number. |
UINT16 |
Unsigned 16-bit decimal number. |
INT32 |
Signed 32-bit decimal number. |
UINT32 |
Unsigned 32-bit decimal number. |
INT64 |
Signed 64-bit decimal number. |
UINT64 |
Unsigned 64-bit decimal number. |
DOUBLE |
Two dot-separated signed 32-bit decimal numbers. The format is [INTEGER].[INTEGER]. |
HEX |
Hexadecimal number. |
CHAR |
Single character. |
STRING |
Character string. |
IPADDR |
IP address. |
MAC |
MAC address. |
DATE |
Date. |
TIME |
Time. |
Managing and obtaining system log messages
You can manage system log messages by using the information center.
By default, the information center is enabled. Log messages can be output to the console, monitor terminal, log buffer, log host, and log file.
To filter log messages, use the info-center source command to specify log output rules. A log output rule specifies the source modules and the lowest severity level of log messages that can be output to a destination. A log message is output if its severity level is higher than or equal to the specified level. For example, if you specify a severity level of 6 (informational), log messages that have a severity level from 0 to 6 are output.
For more information about using the information center, see the network management and monitoring configuration guide for the product.
Obtaining log messages from the console terminal
Access the device through the console port. Real-time log messages are displayed on the console terminal.
Obtaining log messages from a monitor terminal
Monitor terminals refer to terminals that access the device through the AUX, VTY, or TTY lines (for example, Telnet). To obtain log messages from a monitor terminal, use the following guidelines:
· To display log messages on the monitor terminal, you must configure the terminal monitor command.
· For monitor terminals, the lowest level of log messages that can be displayed is determined by both the terminal logging level and info-center source commands.
|
NOTE: Settings for the terminal monitor and terminal logging level commands take effect only on the current login session. The default settings for the commands restore at a relogin. |
Obtaining log messages from the log buffer
Use the display logbuffer command to display history log messages in the log buffer.
Obtaining log messages from the log file
By default, the log file feature automatically saves logs from the log file buffer to the log file every 24 hours. You can use the info-center logfile frequency command to change the automatic saving internal.
To manually save logs to the log file, use the logfile save command. The log file buffer is cleared each time a save operation is performed.
By default, you can obtain the log file from the cfa0:/logfile/ path if the CF card is not partitioned. If the CF card is partitioned, the file path is cfa1:/logfile/.
To view the contents of the log file on the device, use the more command.
Obtaining log messages from a log host
Use the info-center loghost command to specify the service port number and IP address of a log host. To specify multiple log hosts, repeat the command.
For a successful log message transmission, make sure the specified port number is the same as the port number used on the log host. The default service port number is 514.
Software module list
Table 4 lists all software modules that might produce system log messages. This document uses "OPENSRC" to represent all open source modules.
Module name representation |
Module name expansion |
AAA |
Authentication, Authorization and Accounting |
ACL |
Access Control List |
AFT |
Address Family Translation |
ANCP |
Access Node Control Protocol |
APMGR |
Access Point Management |
ARP |
Address Resolution Protocol |
ATK |
Attack Detection and Prevention |
ATM |
|
BFD |
Bidirectional Forwarding Detection |
BGP |
Border Gateway Protocol |
BLS |
Blacklist |
CFD |
Connectivity Fault Detection |
CFGMAN |
Configuration Management |
Clock Management |
|
CONNLMT |
Connection Limit |
DEV |
Device Management |
DHCPR |
IPv4 DHCP Relay |
DHCPS |
DHCP Server |
DHCPS6 |
DHCPv6 Server |
DHCPSP4 |
DHCP Snooping |
DHCPSP6 |
DHCPv6 Snooping |
DIAG |
Diagnosis |
DLDP |
Device Link Detection Protocol |
DOT1X |
802.1X |
DP |
Data plane backup |
DRVPLAT |
Drive Plat |
EDEV |
|
EIGRP |
Enhanced Interior Gateway Routing Protocol |
ERPS |
Ethernet Ring Protection Switching |
ETH |
Ethernet |
ETHOAM |
Ethernet Operation, Administration and Maintenance |
EVB |
Edge Virtual Bridging |
EVIISIS |
Ethernet Virtual Interconnect Intermediate System-to-Intermediate System |
FCLINK |
Fibre Channel Link |
FCOE |
Fibre Channel Over Ethernet |
FCZONE |
Fibre Channel Zone |
FIB |
Forwarding Information Base |
FILTER |
Filter |
FIPSNG |
FIP Snooping |
gRPC |
Google Remote Procedure Call |
HA |
High Availability |
HQOS |
Hierarchical QoS |
HTTPD |
Hypertext Transfer Protocol Daemon |
IFNET |
Interface Net Management |
IKE |
Internet Key Exchange |
IP6ADDR |
IPv6 Addressing |
IP6FW |
IPv6 Forwarding |
IPADDR |
IP Addressing |
IPFW |
IP Forwarding |
IPOE |
IP over Ethernet |
IPSEC |
IP Security |
IRDP |
ICMP Router Discovery Protocol |
IRF |
Intelligent Resilient Framework |
ISIS |
Intermediate System-to-Intermediate System |
ISSU |
In-Service Software Upgrade |
L2PT |
Layer 2 Protocol Tunneling |
L2TPV2 |
Layer 2 Tunneling Protocol Version 2 |
L2VPN |
Layer 2 VPN |
LAGG |
Link Aggregation |
LDP |
Label Distribution Protocol |
LLDP |
Link Layer Discovery Protocol |
LOAD |
Load Management |
LOCAL |
Local |
LOGIN |
Login |
LPDT |
Loopback Detection |
LS |
Local Server |
LSM |
Label Switch Management |
LSPV |
LSP Verification |
MAC |
Media Access Control |
MACA |
MAC Authentication |
MACSEC |
MAC Security |
MBFD |
MPLS BFD |
MBUF |
Memory Buffer |
MDC |
Multitenant Device Context |
MFIB |
Multicast Forwarding Information Base |
MGROUP |
Mirroring group |
MPLS |
Multiprotocol Label Switching |
MTLK |
Monitor Link |
MTP |
Maintenance Probe |
NAT |
Network Address Translation |
ND |
Neighbor Discovery |
NETCONF |
Network Configuration Protocol |
NQA |
Network Quality Analyzer |
NTP |
Network Time Protocol |
OFP |
OpenFlow Protocol |
OPENSRC (RSYNC) |
Open Source (Remote Synchronization) |
OPTMOD |
Optical Module |
OSPF |
Open Shortest Path First |
OSPFV3 |
Open Shortest Path First Version 3 |
PBB |
Provider Backbone Bridge |
PBR |
Policy-Based Routing |
PEX |
Port Extender |
PFILTER |
Packet Filter |
PIM |
Protocol Independent Multicast |
PING |
Packet Internet Groper |
PKI |
Public Key Infrastructure |
PKT2CPU |
Packet to CPU |
PKTCPT |
Packet Capture |
PORTAL |
Portal |
PORTSEC |
Port Security |
PPP |
Point to Point Protocol |
PTP |
Precision Time Protocol |
PWDCTL |
Password Control |
QOS |
Quality of Service |
RADIUS |
Remote Authentication Dial In User Service |
RDDC |
Redundancy |
REDISDBM |
Redis Database Manager |
RIP |
Routing Information Protocol |
RIPNG |
Routing Information Protocol Next Generation |
RM |
Routing Management |
RPR |
Resilient Packet Ring |
RRPP |
Rapid Ring Protection Protocol |
RSVP |
Resource Reservation Protocol |
RTM |
Real-Time Event Manager |
SCM |
Service Control Manager |
SCRLSP |
Static CRLSP |
SESSION |
Session |
SHELL |
Shell |
SLSP |
Static LSP |
SMLK |
Smart Link |
SNMP |
Simple Network Management Protocol |
SSHC |
Secure Shell Client |
SSHS |
Secure Shell Server |
STAMGR |
Station Management |
STM |
Stack Topology Management |
STP |
Spanning Tree Protocol |
STRUNK |
Smart Trunk |
SYSEVENT |
System Event |
SYSLOG |
System Log |
TACACS |
Terminal Access Controller Access Control System |
TE |
Traffic Engineering |
TRILL |
Transparent Interconnect of Lots of Links |
UCM |
User Connection Management |
UPMGR |
User Plane Management |
VLAN |
Virtual Local Area Network |
VRRP |
Virtual Router Redundancy Protocol |
VSRP |
Virtual Service Redundancy Protocol |
VXLAN |
Virtual eXtensible LAN |
WEB |
Web |
WIPS |
Wireless Intrusion Prevention System |
Using this document
This document categorizes system log messages by software module. The modules are ordered alphabetically. Except for OPENSRC, the system log messages for each module are listed in alphabetic order of their mnemonic names. The OPENSRC messages are unordered because they use the same mnemonic name (SYSLOG). For each OPENSRC message, the section title uses a short description instead of the mnemonic name.
This document explains messages in tables. Table 5 describes information provided in these tables.
Table 5 Message explanation table contents
Item |
Content |
Example |
Message text |
Presents the message description. |
ACL [UINT32] [STRING] [UINT64] packet(s). |
Variable fields |
Briefly describes the variable fields in the order that they appear in the message text. The variable fields are numbered in the "$Number" form to help you identify their location in the message text. |
$1: ACL number. $2: ID and content of an ACL rule. $3: Number of packets that matched the rule. |
Severity level |
Provides the severity level of the message. |
6 |
Example |
Provides a real message example. The examples do not include the "<PRI>TIMESTAMP Sysname %%vendor" part or the "Prefix TIMESTAMP Sysname" part, because information in this part varies with system settings. |
ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s). |
Explanation |
Explains the message, including the event or error cause. |
Number of packets that matched an ACL rule. This message is sent when the packet counter changes. |
Recommended action |
Provides recommended actions. For informational messages, no action is required. |
No action is required. |
AAA messages
This section contains AAA messages.
AAA_FAILURE
Message text |
-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA failed. |
Variable fields |
$1: AAA type. $2: AAA scheme. $3: Service. $4: Username. |
Severity level |
5 |
Example |
AAA/5/AAA_FAILURE: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA failed. |
Explanation |
An AAA request was rejected. The following are the common reasons: · No response was received from the server. · The username or password was incorrect. · The service type that the user applied for was incorrect. |
Recommended action |
1. Verify that the device is correctly connected to the server. 2. Enter the correct username and password. 3. Verify that the server settings are the same as the settings on the device. 4. If the problem persists, contact H3C Support. |
AAA_LAUNCH
Message text |
-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA launched. |
Variable fields |
$1: AAA type. $2: AAA scheme. $3: Service. $4: Username. |
Severity level |
6 |
Example |
AAA/6/AAA_LAUNCH: -AAAType=AUTHEN-AAADomain=domain1-Service=login-UserName=cwf@system; AAA launched. |
Explanation |
An AAA request was received. |
Recommended action |
No action is required. |
AAA_SUCCESS
Message text |
-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA succeeded. |
Variable fields |
$1: AAA type. $2: AAA scheme. $3: Service. $4: Username. |
Severity level |
6 |
Example |
AAA/6/AAA_SUCCESS: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA succeeded. |
Explanation |
An AAA request was accepted. |
Recommended action |
No action is required. |
ACL messages
This section contains ACL messages.
ACL_ACCELERATE_NO_RES
Message text |
Failed to accelerate [STRING] ACL [UINT32]. The resources are insufficient. |
Variable fields |
$1: ACL type. $2: ACL number. |
Severity level |
4 |
Example |
ACL/4/ACL_ACCELERATE_NO_RES: Failed to accelerate IPv6 ACL 2001. The resources are insufficient. |
Explanation |
Hardware resources were insufficient for accelerating an ACL. |
Recommended action |
Delete some rules or disabled ACL acceleration for other ACLs to release hardware resources. |
ACL_ACCELERATE_NONCONTIGUOUSMASK
Message text |
Failed to accelerate ACL [UINT32]. ACL acceleration supports only contiguous wildcard masks. |
Variable fields |
$1: ACL number. |
Severity level |
4 |
Example |
ACL/4/ACL_ACCELERATE_NONCONTIGUOUSMASK: Failed to accelerate ACL 2001. ACL acceleration supports only contiguous wildcard masks. |
Explanation |
ACL acceleration failed because rules containing noncontiguous wildcard masks exist in the ACL. |
Recommended action |
Check the ACL rules and delete the unsupported configuration. |
ACL_ACCELERATE_NOT_SUPPORT
Message text |
Failed to accelerate [STRING] ACL [UINT32]. The operation is not supported. |
Variable fields |
$1: ACL type. $2: ACL number. |
Severity level |
4 |
Example |
ACL/4/ACL_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 ACL 2001. The operation is not supported. |
Explanation |
ACL acceleration failed because the system does not support ACL acceleration. |
Recommended action |
No action is required. |
ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP
Message text |
Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support the rules that contain the hop-by-hop keywords. |
Variable fields |
$1: ACL number. |
Severity level |
4 |
Example |
ACL/4/ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support the rules that contain the hop-by-hop keywords. |
Explanation |
ACL acceleration failed for the IPv6 ACL because rules containing the hop-by-hop keyword exist in the ACL. |
Recommended action |
Check the ACL rules and delete the unsupported configuration. |
ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG
Message text |
Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support specifying multiple TCP flags in one rule. |
Variable fields |
$1: ACL number. |
Severity level |
4 |
Example |
ACL/4/ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support specifying multiple TCP flags in one rule. |
Explanation |
ACL acceleration failed for the IPv6 ACL because rules containing multiple TCP flags exist in the ACL. |
Recommended action |
Check the ACL rules and delete the unsupported configuration. |
ACL_ACCELERATE_UNK_ERR
Message text |
Failed to accelerate [STRING] ACL [UINT32]. |
Variable fields |
$1: ACL type. $2: ACL number. |
Severity level |
4 |
Example |
ACL/4/ACL_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 ACL 2001. |
Explanation |
ACL acceleration failed because of an unknown error. |
Recommended action |
No action is required. |
ACL_IPV6_STATIS_INFO
Message text |
IPv6 ACL [UINT32] [STRING] [UINT64] packet(s). |
Variable fields |
$1: ACL number. $2: ID and content of an IPv6 ACL rule. $3: Number of packets that matched the rule. |
Severity level |
6 |
Example |
ACL/6/ACL_IPV6_STATIS_INFO: IPv6 ACL 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s). |
Explanation |
The number of packets matching the IPv6 ACL rule changed. |
Recommended action |
No action is required. |
ACL_NO_MEM
Message text |
Failed to configure [STRING] ACL [UINT] due to lack of memory. |
Variable fields |
$1: ACL type. $2: ACL number. |
Severity level |
3 |
Example |
ACL/3/ACL_NO_MEM: Failed to configure ACL 2001 due to lack of memory. |
Explanation |
Configuring the ACL failed because memory is insufficient. |
Recommended action |
Use the display memory-threshold command to check the memory usage. |
ACL_STATIS_INFO
Message text |
ACL [UINT32] [STRING] [UINT64] packet(s). |
Variable fields |
$1: ACL number. $2: ID and content of an IPv4 ACL rule. $3: Number of packets that matched the rule. |
Severity level |
6 |
Example |
ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s). |
Explanation |
The number of packets matching the IPv4 ACL rule changed. |
Recommended action |
No action is required. |
AFT messages
This section contains AFT messages.
AFT_ADDRESS_CONFLICT
Message text |
Address range (StartIp=[ IPADDR];EndIp=[ IPADDR]) assigned by the CP conflicts with an existing address group. |
Variable fields |
$1: Start IPv4 address. $2: End IPv4 address. |
Severity level |
6 |
Example |
AFT/6/AFT_ADDRESS_CONFLICT: Address range (StartIp=1.1.0.0;EndIp=1.1.0.255) assigned by the CP conflicts with an existing address group. |
Explanation |
On the control-/user-plane separated network, the address range that the CP assigned to the UP conflicts with an existing AFT address group on the UP. |
Recommended action |
Modify the AFT address group configuration on the UP. |
AFT_LOG_FLOW
Message text |
AFT PORTBLOCK was [STRING]: IPv6addr=[IPADDR]; VPNNameV6=[STRING]; ipv4addr=[IPADDR]; VPNNameV4=[STRING]; PortBlockSize=[UINT16]-[UINT16]; BeginTime_e=[STRING]; EndTime_e=[STRING]. |
Variable fields |
$1: Event type: ¡ allocated—Port block assignment. ¡ free—Port block release. $2: IPv6 address. $3: Name of the VPN instance to which the IPv6 address belongs. $4: IPv4 address. $5: Name of the VPN instance to which the IPv4 address belongs.. $6: Start port number of a port block that is assigned. $7: End port number of a port block that is assigned. $8: Time when the port block is assigned. $9: Time when the port block is released. |
Severity level |
6 |
Example |
AFT/6/AFT_LOG_FLOW: AFT PORTBLOCK was free: IPv6addr=1000::1b; VPNNameV6=-; IPv4addr=10.0.0.140; VPNNameV4=-; PortBlockSize=1024-1535; BeginTime_e=03232017053558; EndTime_e=03232017065040. |
Explanation |
This message is generated when the port block is released or allocated. |
Recommended action |
No action is required. |
AFT_V6TOV4_FLOW
Message text |
Protocol(1001)= [STRING];SrcIPv6Addr(1036)= [IPADDR];SrcPort(1004)= [UINT16];NatSrcIPAddr(1005)= [IPADDR];NatSrcPort(1006)= [UINT16];DstIPv6Addr(1037)= [IPADDR];DstPort(1008)= [UINT16];NatDstIPAddr(1009)= [IPADDR];NatDstPort(1010)= [UINT16];InitPktCount(1044)= [UINT32];InitByteCount(1046)= [UINT32];RplyPktCount(1045)= [UINT32];RplyByteCount(1047)= [UINT32];RcvVPNInstance(1042)= [STRING];SndVPNInstance(1043)= [STRING];BeginTime_e(1013)= [STRING];EndTime_e(1014)= [STRING];Event(1048)= ([UNIT16])[STRING]. |
Variable fields |
$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation. S6: Destination IPv6 address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Total number of incoming packets. $11: Total number of incoming bytes. $12: Total number of outgoing packets. $13: Total number of outgoing bytes. $14: Source VPN instance name. $15: Destination VPN instance name. $16: Time when the session is established. $17: Time when the session is removed. $18: Event type. $19: Event description: ¡ Session created. ¡ Session ended. ¡ Session aged out. ¡ Session deleted through configuration. ¡ Other. |
Severity level |
6 |
Example |
AFT/6/AFT_V6TOV4_FLOW: Protocol(1001)=IPv6-ICMP;SrcI Pv6Addr(1036)=1000::10;SrcPort(1004)=1;NatSrcIPAddr(1005)=9.9.9.9;NatSrcPort(100 6)=1027;DstIPv6Addr(1037)=2000::201:102;DstPort(1008)=32768;NatDstIPAddr(1009)=2 .1.1.2;NatDstPort(1010)=2048;InitPktCount(1044)=177411959;InitByteCount(1046)=21 22604543;RplyPktCount(1045)=1895856127;RplyByteCount(1047)=30720;RcvVPNInstance( 1042)=;SndVPNInstance(1043)=;BeginTime_e(1013)=05052017134514;EndTime_e(1014)=;E vent(1048)=(8)Session created. |
Explanation |
This message is generated when an IPv6-initiated session is established or deleted. |
Recommended action |
No action is required. |
AFT_V4TOV6_FLOW
Message text |
Protocol(1001)= [STRING]; SrcIPAddr(1003)= [IPADDR];SrcPort(1004)= [UINT16]; NatSrcIPv6Addr(1038)= [IPADDR];NatSrcPort(1006)= [UINT16]; DstIPAddr(1003)= [IPADDR];DstPort(1008)= [UINT16]; NatDstIPv6Addr(1039)= [IPADDR];NatDstPort(1010)= [UINT16];InitPktCount(1044)= [UINT32];InitByteCount(1046)= [UINT32];RplyPktCount(1045)= [UINT32];RplyByteCount(1047)= [UINT32];RcvVPNInstance(1042)= [STRING];SndVPNInstance(1043)= [STRING];BeginTime_e(1013)= [STRING];EndTime_e(1014)= [STRING];Event(1048)= ([UNIT16])[STRING]. |
Variable fields |
$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation. S6: Destination IPv6 address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Total number of incoming packets. $11: Total number of incoming bytes. $12: Total number of outgoing packets. $13: Total number of outgoing bytes. $14: Source VPN instance name. $15: Destination VPN instance name. $16: Time when the session is established. $17: Time when the session is removed. $18: Event type. $19: Event description: ¡ Session created. ¡ Session ended. ¡ Session aged out. ¡ Session deleted through configuration. ¡ Other. |
Severity level |
6 |
Example |
AFT/6/AFT_V4TOV6_FLOW: Protocol(1001)=ICMP;SrcIPAddr(1003 )=2.1.1.4;SrcPort(1004)=197;NatSrcIPv6Addr(1038)=2000::201:104;NatSrcPort(1006)= 197;DstIPAddr(1003)=5.5.5.5;DstPort(1008)=2048;NatDstIPv6Addr(1039)=1000::;NatDs tPort(1010)=32768;InitPktCount(1044)=2092588805;InitByteCount(1046)=1166331903;R plyPktCount(1045)=1895856127;RplyByteCount(1047)=30720;RcvVPNInstance(1042)=;Snd VPNInstance(1043)=;BeginTime_e(1013)=05052017152731;EndTime_e(1014)=;Event(1048) =(8)Session created. |
Explanation |
This message is generated when an IPv4-initiated session is established or deleted. |
Recommended action |
No action is required. |
ANCP messages
This section contains ANCP messages.
ANCP_INVALID_PACKET
Message text |
-NeighborName=[STRING]-State=[STRING]-MessageType=[STRING];The [STRING] value [STRING] is wrong, and the value [STRING] is expected. |
Variable fields |
$1: ANCP neighbor name. $2: Neighbor state. $4: Field. $5: Wrong value of the field. $6: Expected value of the field. |
Severity level |
6 |
Example |
ANCP/6/ANCP_INVALID_PACKET: -NeighborName=Dslam-State=SYNSENT-MessageType=SYNACK;The Sender Instance value 0 is wrong, and the value 1 is expected. |
Explanation |
The system received an adjacency message that had a field with a wrong value. |
Recommended action |
No action is required. |
ARP messages
This section contains ARP messages.
ARP_ACTIVE_ACK_NO_REPLY
Message text |
No ARP reply from IP [STRING] was received on interface [STRING]. |
Variable fields |
$1: IP address. $2: Interface name. |
Severity level |
6 |
Example |
ARP/6/ARP_ACTIVE_ACK_NO_REPLY: No ARP reply from IP 192.168.10.1 was received on interface GigabitEthernet1/0/1. |
Explanation |
The ARP active acknowledgement feature did not receive an ARP reply after it sent an ARP request to the sender IP of an ARP message. This message indicates the risk of attacks. |
Recommended action |
1. Verify that the learned ARP entries on the device are consistent with the existing legal devices. When gateways and servers are on the network, check the ARP entries for these devices first. 2. If the ARP entries are correct and the attack continues, contact H3C Support. |
ARP_ACTIVE_ACK_NOREQUESTED_REPLY
Message text |
Interface [STRING] received from IP [STRING] an ARP reply that was not requested by the device. |
Variable fields |
$1: Interface name. $2: IP address. |
Severity level |
6 |
Example |
ARP/6/ARP_ACTIVE_ACK_NOREQUESTED_REPLY: Interface Ethernet0/1/0 received from IP 192.168.10.1 an ARP reply that was not requested by the device. |
Explanation |
The ARP active acknowledgement feature received an unsolicited ARP reply from a sender IP. This message indicates the risk of attacks. |
Recommended action |
No action is required. The device discards the ARP reply automatically. |
ARP_BINDRULETOHW_FAILED
Message text |
Failed to download binding rule to hardware on the interface [STRING], SrcIP [IPADDR], SrcMAC [MAC], VLAN [UINT16], Gateway MAC [MAC]. |
Variable fields |
$1: Interface name. $2: Source IP address. $3: Source MAC address. $4: VLAN ID. $5: Gateway MAC address. |
Severity level |
5 |
Example |
ARP/5/ARP_BINDRULETOHW_FAILED: Failed to download binding rule to hardware on the interface Ethernet1/0/1, SrcIP 1.1.1.132, SrcMAC 0015-E944-A947, VLAN 1, Gateway MAC 00A1-B812-1108. |
Explanation |
The system failed to set a binding rule to the hardware on an interface. The message is sent in any of the following situations: · The resources are not sufficient for the operation. · The memory is not sufficient for the operation. · A hardware error occurs. |
Recommended action |
To resolve the problem: 1. Execute the display qos-acl resource command to check if the ACL resources for the operation are sufficient. ¡ If yes, proceed to step 2. ¡ If no, delete unnecessary configuration to release ACL resources. If no configuration can be deleted, proceed to step 2. 2. Execute the display memory command to check if the memory for the operation is sufficient. ¡ If yes, proceed to step 3. ¡ If no, delete unnecessary configuration to release memory. If no configuration can be deleted, proceed to step 3. 3. Delete the configuration and perform the operation again. |
ARP_DUPLICATE_IPADDR_DETECT
Message text |
Detected an IP address conflict. The device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] and the device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] were using the same IP address [IPADDR]. |
Variable fields |
$1: MAC address. $2: Interface name. (The interface can be a tunnel interface, Layer 3 interface, or Ethernet service instance.) $3: VSI name. $4: MAC address. $5: Interface name. (The interface can be a tunnel interface, Layer 3 interface, or Ethernet service instance.) $6: VSI name. $7: Conflicting IP address. |
Severity level |
6 |
Example |
ARP/6/ARP_DUPLICATE_IPADDR_DETECT: Detected an IP address conflict. The device with MAC address 00-00-01 connected to interface Ethernet0/0/1 service-instance 1000 in VSI vpna and the device with MAC address 00-00-02 connected to interface tunnel 10 in VSI vpna were using the same IP address 192.168.1.1. |
Explanation |
This message is sent when an interface receives an ARP message in which the sender information conflicts with an existing ARP entry. The sender IP address is the same as the IP address in the entry, but the MAC addresses are different. |
Recommended action |
Change the IP address on either of the two devices. |
ARP_DYNAMIC
Message text |
The maximum number of dynamic ARP entries for the device reached. |
Variable fields |
N/A |
Severity level |
3 |
Example |
ARP/3/ARP_DYNAMIC: The maximum number of dynamic ARP entries for the device reached. |
Explanation |
The maximum number of dynamic ARP entries for the device was reached. |
Recommended action |
No action is required. |
ARP_DYNAMIC_IF
Message text |
The maximum number of dynamic ARP entries for interface [STRING] reached. |
Variable fields |
$1: Interface name. |
Severity level |
2 |
Example |
ARP/3/ARP_DYNAMIC_IF: The maximum number of dynamic ARP entries for interface GigabitEthernet1/0/1 reached. |
Explanation |
The maximum number of dynamic ARP entries for the specified interface was reached. |
Recommended action |
No action is required. |
ARP_DYNAMIC_SLOT
Message text |
Pattern 1: The maximum number of dynamic ARP entries for slot [INT32] reached. Pattern 2: The maximum number of dynamic ARP entries for chassis [INT32] slot [INT32] reached. |
Variable fields |
Pattern 1: $1: Slot number. Pattern 2: $1: Slot number. $2: Chassis number. |
Severity level |
3 |
Example |
ARP/3/ARP_DYNAMIC_SLOT: The maximum number of dynamic ARP entries for slot 2 reached. ARP/3/ARP_DYNAMIC_SLOT: The maximum number of dynamic ARP entries for chassis 1 slot 2 reached. |
Explanation |
Pattern 1: The maximum number of dynamic ARP entries for the slot was reached. Pattern 2: The maximum number of dynamic ARP entries for the slot on the chassis was reached. |
Recommended action |
No action is required. |
ARP_ENTRY_CONFLICT
Message text |
The software entry for [STRING] on [STRING] and the hardware entry did not have the same [STRING]. |
Variable fields |
$1: IP address. $2: VPN instance name. If the ARP entry belongs to the public network, this field displays the public network. $3: Inconsistent items: ¡ MAC address. ¡ output interface. ¡ output port. ¡ outermost layer VLAN ID. ¡ second outermost layer VLAN ID. ¡ VSI index. ¡ link ID. |
Severity level |
6 |
Example |
ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.1 on the VPN a and the hardware entry did not have the same MAC address, output port, VSI index, and link ID. ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.2 on the public network and the hardware entry did not have the same MAC address, output port, VSI index, and link ID. |
Explanation |
The software entry for the specified IP address was not the same as the hardware entry. For example, they did not have the same output interface. |
Recommended action |
No action is required. ARP automatically refreshes the hardware entries. |
ARP_HOST_IP_CONFLICT
Message text |
|
Variable fields |
$1: IP address. $2: Interface name. $3: Interface name. |
Severity level |
4 |
Example |
|
Explanation |
The sender IP address in a received ARP message conflicted with the IP address of a host connected to another interface. |
Recommended action |
Check whether the hosts that send the ARP messages are legitimate. Disconnect the illegal host from the network. |
ARP_RATE_EXCEEDED
Message text |
The ARP packet rate ([UINT32] pps) exceeded the rate limit ([UINT32] pps) on interface [STRING] in the last [UINT32] seconds. |
Variable fields |
$1: ARP packet rate. $2: ARP limit rate. $3: Interface name. $4: Interval time. |
Severity level |
4 |
Example |
ARP/4/ARP_RATE_EXCEEDED: The ARP packet rate (100 pps) exceeded the rate limit (80 pps) on interface Ethernet0/1/0 in the last 10 seconds. |
Explanation |
An interface received ARP messages at a higher rate than the rate limit. |
Recommended action |
Verify that the hosts at the sender IP addresses are legitimate. |
ARP_RATELIMIT_NOTSUPPORT
Message text |
Pattern 1: ARP packet rate limit is not support on slot [UINT32]. Pattern 2: ARP packet rate limit is not support on chassis [UINT32] slot [UINT32]. |
Variable fields |
Pattern 1: $1: Slot number. Pattern 2: $1: Slot number. $2: Chassis number. |
Severity level |
6 |
Example |
ARP/6/ARP_RATELIMIT_NOTSUPPORT: ARP packet rate limit is not support on slot 2. |
Explanation |
Pattern 1: ARP packet rate limit was not supported on the slot. Pattern 2: ARP packet rate limit was not supported on the slot of the chassis was reached. |
Recommended action |
Verify that the host at the sender IP address is legitimate. |
ARP_SENDER_IP_INVALID
Message text |
Sender IP [STRING] was not on the same network as the receiving interface [STRING]. |
Variable fields |
$1: IP address. $2: Interface name. |
Severity level |
6 |
Example |
ARP/6/ARP_SENDER_IP_INVALID: Sender IP 192.168.10.2 was not on the same network as the receiving interface GigabitEthernet1/0/1. |
Explanation |
The sender IP of a received ARP message was not on the same network as the receiving interface. |
Recommended action |
Verify that the host at the sender IP address is legitimate. |
ARP_SENDER_MAC_INVALID
Message text |
Sender MAC [STRING] was not identical to Ethernet source MAC [STRING] on interface [STRING]. |
Variable fields |
$1: MAC address. $2: MAC address. $3: Interface name. |
Severity level |
6 |
Example |
ARP/6/ARP_SENDER_MAC_INVALID: Sender MAC 0000-5E14-0E00 was not identical to Ethernet source MAC 0000-5C14-0E00 on interface GigabitEthernet1/0/1. |
Explanation |
An interface received an ARP message. The sender MAC address in the message body was not identical to the source MAC address in the Ethernet header. |
Recommended action |
Verify that the host at the sender MAC address is legitimate. |
ARP_SRC_MAC_FOUND_ATTACK
Message text |
An attack from MAC [STRING] was detected on interface [STRING]. |
Variable fields |
$1: MAC address. $2: Interface name. |
Severity level |
6 |
Example |
ARP/6/ARP_SRC_MAC_FOUND_ATTACK: An attack from MAC 0000-5E14-0E00 was detected on interface GigabitEthernet1/0/1. |
Explanation |
The source MAC-based ARP attack detection feature received more ARP packets from the same MAC address within 5 seconds than the specified threshold. This message indicates the risk of attacks. |
Recommended action |
Verify that the host at the source MAC address is legitimate. |
ARP_TARGET_IP_INVALID
Message text |
Target IP [STRING] was not the IP of the receiving interface [STRING]. |
Variable fields |
$1: IP address. $2: Interface name. |
Severity level |
6 |
Example |
ARP/6/ARP_TARGET_IP_INVALID: Target IP 192.168.10.2 was not the IP of the receiving interface Ethernet0/1/0. |
Explanation |
The target IP address of a received ARP message was not the IP address of the receiving interface. |
Recommended action |
Verify that the host at the sender IP address is legitimate. |
DUPIFIP
Message text |
Duplicate address [STRING] on interface [STRING], sourced from [STRING]. |
Variable fields |
$1: IP address. $2: Interface name. $3: MAC Address. |
Severity level |
6 |
Example |
ARP/6/DUPIFIP: Duplicate address 1.1.1.1 on interface Ethernet1/1/1, sourced from 0015-E944-A947. |
Explanation |
ARP detected a duplicate address. The sender IP in the received ARP packet was being used by the receiving interface. |
Recommended action |
Modify the IP address configuration. |
DUPIP
Message text |
IP address [STRING] conflicted with global or imported IP address, sourced from [STRING]. |
Variable fields |
$1: IP address. $2: MAC Address. |
Severity level |
6 |
Example |
ARP/6/DUPIP: IP address 30.1.1.1 conflicted with global or imported IP address, sourced from 0000-0000-0001. |
Explanation |
The sender IP address of the received ARP packet conflicted with the global or imported IP address. |
Recommended action |
Modify the IP address configuration. |
DUPVRRPIP
Message text |
IP address [STRING] conflicted with VRRP virtual IP address on interface [STRING], sourced from [STRING]. |
Variable fields |
$1: IP address. $2: Interface name. $3: MAC address. |
Severity level |
6 |
Example |
ARP/6/DUPVRRPIP: IP address 1.1.1.1 conflicted with VRRP virtual IP address on interface Ethernet1/1/1, sourced from 0015-E944-A947. |
Explanation |
The sender IP address of the received ARP packet conflicted with the VRRP virtual IP address. |
Recommended action |
Modify the IP address configuration. |
L3_COMMON
Message text |
Pattern 1: The Board on slot [INT32] doesn't support the ARP safe-guard function. Pattern 2: The Board on chassis t [INT32] slot [INT32] doesn't support the ARP safe-guard function. |
Variable fields |
Pattern 1: $1: Slot number. Pattern 2: $1: Slot number. $2: Chassis number. |
Severity level |
4 |
Example |
L3/4/L3_COMMON: -MDC=1-Slot=5; The Board on slot 5 doesn't support the ARP safe-guard function. |
Explanation |
Pattern 1: The slot did not support the ARP safe-guard feature. Pattern 2: The slot of the chassis did not support the ARP safe-guard feature. |
Recommended action |
Use a card that supports the ARP safe-guard feature. |
ATK messages
This section contains attack detection and prevention messages.
ATK_ICMP_ADDRMASK_REQ
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ADDRMASK_REQ:IcmpType(1058)=17; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP address mask request logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_ADDRMASK_REQ_RAW
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW:IcmpType(1058)=17; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP address mask request is received. |
Recommended action |
No action is required. |
ATK_ICMP_ADDRMASK_REQ_RAW_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW_SZ:IcmpType(1058)=17; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP address mask request is received. |
Recommended action |
No action is required. |
ATK_ICMP_ADDRMASK_REQ_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ADDRMASK_REQ_SZ:IcmpType(1058)=17; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP address mask request logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_ADDRMASK_RPL
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ADDRMASK_RPL:IcmpType(1058)=18; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--;DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP address mask reply logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_ADDRMASK_RPL_RAW
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW:IcmpType(1058)=18; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received. |
Recommended action |
No action is required. |
ATK_ICMP_ADDRMASK_RPL_RAW_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW_SZ:IcmpType(1058)=18; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received. |
Recommended action |
No action is required. |
ATK_ICMP_ADDRMASK_RPL_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ADDRMASK_RPL_SZ:IcmpType(1058)=18; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP address mask reply logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_ECHO_REQ
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ECHO_REQ:IcmpType(1058)=8; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP echo request logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_ECHO_REQ_RAW
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1004)=[UINT16]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Destination port number. $7: Name of the receiving VPN instance. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ECHO_REQ_RAW:IcmpType(1058)=8; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DstPort(1004)=22; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP echo request is received. |
Recommended action |
No action is required. |
ATK_ICMP_ECHO_REQ_RAW_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1004)=[UINT16]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Destination port number. $7: Name of the receiving VPN instance. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ECHO_REQ_RAW_SZ:IcmpType(1058)=8; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DstPort(1004)=22; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP echo request is received. |
Recommended action |
No action is required. |
ATK_ICMP_ECHO_REQ_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ECHO_REQ_SZ:IcmpType(1058)=8; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP echo request logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_ECHO_RPL
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ECHO_RPL:IcmpType(1058)=0; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP echo reply logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_ECHO_RPL_RAW
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ECHO_RPL_RAW:IcmpType(1058)=0; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP echo reply is received. |
Recommended action |
No action is required. |
ATK_ICMP_ECHO_RPL_RAW_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ECHO_RPL_RAW_SZ:IcmpType(1058)=0; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP echo reply is received. |
Recommended action |
No action is required. |
ATK_ICMP_ECHO_RPL_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_ECHO_RPL_SZ:IcmpType(1058)=0; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP echo reply logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_FLOOD:RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_ICMP_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_FLOOD_SZ:SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_ICMP_INFO_REQ
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_INFO_REQ:IcmpType(1058)=15; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP information request logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_INFO_REQ_RAW
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_INFO_REQ_RAW:IcmpType(1058)=15; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP information requests of the same attributes, thi s message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP information request is received. |
Recommended action |
No action is required. |
ATK_ICMP_INFO_REQ_RAW_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_INFO_REQ_RAW_SZ:IcmpType(1058)=15; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP information request is received. |
Recommended action |
No action is required. |
ATK_ICMP_INFO_REQ_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_INFO_REQ_SZ:IcmpType(1058)=15; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP information request logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_INFO_RPL
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_INFO_RPL:IcmpType(1058)=16; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP information reply logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_INFO_RPL_RAW
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_INFO_RPL_RAW:IcmpType(1058)=16; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP information reply is received. |
Recommended action |
No action is required. |
ATK_ICMP_INFO_RPL_RAW_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_INFO_RPL_RAW_SZ:IcmpType(1058)=16; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP information reply is received. |
Recommended action |
No action is required. |
ATK_ICMP_INFO_RPL_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_INFO_RPL_SZ:IcmpType(1058)=16; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP information reply logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_LARGE
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_LARGE:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
Explanation |
This message is sent when large ICMP packet logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_LARGE_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_LARGE_RAW:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMP packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_LARGE_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_LARGE_RAW_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMP packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_LARGE_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_LARGE_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
Explanation |
This message is sent when large ICMP packet logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_PARAPROBLEM
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_PARAPROBLEM:IcmpType(1058)=12; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP parameter problem logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_PARAPROBLEM_RAW
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_PARAPROBLEM_RAW:IcmpType(1058)=12; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_PARAPROBLEM_RAW_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_PARAPROBLEM_RAW_SZ:IcmpType(1058)=12; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_PARAPROBLEM_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_PARAPROBLEM_SZ:IcmpType(1058)=12; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP parameter problem logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_PINGOFDEATH
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_PINGOFDEATH:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0. |
Recommended action |
No action is required. |
ATK_ICMP_PINGOFDEATH_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_PINGOFDEATH_RAW:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_PINGOFDEATH_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_PINGOFDEATH_RAW_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_PINGOFDEATH_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_PINGOFDEATH_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0. |
Recommended action |
No action is required. |
ATK_ICMP_REDIRECT
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_REDIRECT:IcmpType(1058)=5; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP redirect logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_REDIRECT_RAW
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_REDIRECT_RAW:IcmpType(1058)=5; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_REDIRECT_RAW_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_REDIRECT_RAW_SZ:IcmpType(1058)=5; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_REDIRECT_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_REDIRECT_SZ:IcmpType(1058)=5; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP redirect logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_SMURF
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_SMURF:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides. |
Recommended action |
No action is required. |
ATK_ICMP_SMURF_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_SMURF_RAW:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides. If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time a request is received. |
Recommended action |
No action is required. |
ATK_ICMP_SMURF_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_SMURF_RAW_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides. If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time a request is received. |
Recommended action |
No action is required. |
ATK_ICMP_SMURF_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_SMURF_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides. |
Recommended action |
No action is required. |
ATK_ICMP_SOURCEQUENCH
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_SOURCEQUENCH:IcmpType(1058)=4; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP source quench logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_SOURCEQUENCH_RAW
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_SOURCEQUENCH_RAW:IcmpType(1058)=4; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP source quench packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP source quench packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_SOURCEQUENCH_RAW_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_SOURCEQUENCH_RAW_SZ:IcmpType(1058)=4; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP source quench packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP source quench packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_SOURCEQUENCH_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_SOURCEQUENCH_SZ:IcmpType(1058)=4; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP source quench logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_TIMEEXCEED
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TIMEEXCEED:IcmpType(1058)=11; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP time exceeded logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_TIMEEXCEED_RAW
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TIMEEXCEED_RAW:IcmpType(1058)=11; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_TIMEEXCEED_RAW_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TIMEEXCEED_RAW_SZ:IcmpType(1058)=11; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_TIMEEXCEED_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TIMEEXCEED_SZ:IcmpType(1058)=11; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP time exceeded logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_TRACEROUTE
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_TRACEROUTE:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for ICMP time exceeded packets of code 0. |
Recommended action |
No action is required. |
ATK_ICMP_TRACEROUTE_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_TRACEROUTE_RAW:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet of code 0 is received. |
Recommended action |
No action is required. |
ATK_ICMP_TRACEROUTE_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_TRACEROUTE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet of code 0 is received. |
Recommended action |
No action is required. |
ATK_ICMP_TRACEROUTE_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMP_TRACEROUTE_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for ICMP time exceeded packets of code 0. |
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_REQ
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TSTAMP_REQ:IcmpType(1058)=13; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP timestamp logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_REQ_RAW
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TSTAMP_REQ_RAW:IcmpType(1058)=13; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP timestamp packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_REQ_RAW_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TSTAMP_REQ_RAW_SZ:IcmpType(1058)=13; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP timestamp packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_REQ_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TSTAMP_REQ_SZ:IcmpType(1058)=13; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP timestamp logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_RPL
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TSTAMP_RPL:IcmpType(1058)=14; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP timestamp reply logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_RPL_RAW
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TSTAMP_RPL_RAW:IcmpType(1058)=14; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP timestamp replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp reply is received. |
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_RPL_RAW_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TSTAMP_RPL_RAW_SZ:IcmpType(1058)=14; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP timestamp replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp reply is received. |
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_RPL_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TSTAMP_RPL_SZ:IcmpType(1058)=14; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP timestamp reply logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_TYPE
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TYPE:IcmpType(1058)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for user-defined ICMP packets. |
Recommended action |
No action is required. |
ATK_ICMP_TYPE_RAW
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TYPE_RAW:IcmpType(1058)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for user-defined ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMP packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_TYPE_RAW_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TYPE_RAW_SZ:IcmpType(1058)=38; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for user-defined ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMP packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_TYPE_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_TYPE_SZ: IcmpType(1058)=38; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for user-defined ICMP packets. |
Recommended action |
No action is required. |
ATK_ICMP_UNREACHABLE
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_UNREACHABLE:IcmpType(1058)=3; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP destination unreachable logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMP_UNREACHABLE_RAW
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_UNREACHABLE_RAW:IcmpType(1058)=3; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP destination unreachable packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_UNREACHABLE_RAW_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_UNREACHABLE_RAW_SZ:IcmpType(1058)=3; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMP destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP destination unreachable packet is received. |
Recommended action |
No action is required. |
ATK_ICMP_UNREACHABLE_SZ
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMP_UNREACHABLE_SZ:IcmpType(1058)=3; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMP destination unreachable logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_DEST_UNREACH
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_DEST_UNREACH:Icmpv6Type(1059)=133; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 destination unreachable logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_DEST_UNREACH_RAW
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_DEST_UNREACH_RAW:Icmpv6Type(1059)=133; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 destination unreachable packet is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_DEST_UNREACH_RAW_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_DEST_UNREACH_RAW_SZ:Icmpv6Type(1059)=133; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 destination unreachable packet is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_DEST_UNREACH_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_DEST_UNREACH_SZ:Icmpv6Type(1059)=133; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 destination unreachable logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_REQ
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_ECHO_REQ:Icmpv6Type(1059)=128; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 echo request logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_REQ_RAW
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_ECHO_REQ_RAW:Icmpv6Type(1059)=128; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo request is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_REQ_RAW_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_ECHO_REQ_RAW_SZ:Icmpv6Type(1059)=128; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo request is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_REQ_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_ECHO_REQ_SZ:Icmpv6Type(1059)=128; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 echo request logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_RPL
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_ECHO_RPL:Icmpv6Type(1059)=129; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 echo reply logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_RPL_RAW
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_ECHO_RPL_RAW:Icmpv6Type(1059)=129; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo reply is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_RPL_RAW_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_ECHO_RPL_RAW_SZ:Icmpv6Type(1059)=129; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo reply is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_RPL_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_ECHO_RPL_SZ:Icmpv6Type(1059)=129; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 echo reply logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMPV6_FLOOD:RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1007)=2002::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of ICMPv6 packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_ICMPV6_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMPV6_FLOOD_SZ:SrcZoneName(1025)=Trust; DstIPv6Addr(1007)=2002::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of ICMPv6 packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPQUERY
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_GROUPQUERY:Icmpv6Type(1059)=130; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 multicast listener query logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPQUERY_RAW
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_GROUPQUERY_RAW:Icmpv6Type(1059)=130; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 multicast listener queries of the same attributes, this message is sent only when the first query is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener query is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPQUERY_RAW_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_GROUPQUERY_RAW_SZ:Icmpv6Type(1059)=130; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 multicast listener queries of the same attributes, this message is sent only when the first query is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener query is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPQUERY_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_GROUPQUERY_SZ:Icmpv6Type(1059)=130; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 multicast listener query logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREDUCTION
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_GROUPREDUCTION:Icmpv6Type(1059)=132; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 multicast listener done logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREDUCTION_RAW
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_GROUPREDUCTION_RAW:Icmpv6Type(1059)=132; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 multicast listener done packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener done packet is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREDUCTION_RAW_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_GROUPREDUCTION_RAW_SZ:Icmpv6Type(1059)=132; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 multicast listener done packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener done packet is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREDUCTION_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_GROUPREDUCTION_SZ:Icmpv6Type(1059)=132; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 multicast listener done logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREPORT
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_GROUPREPORT:Icmpv6Type(1059)=131; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 multicast listener report logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREPORT_RAW
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_GROUPREPORT_RAW:Icmpv6Type(1059)=131; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 multicast listener reports of the same attributes, this message is sent only when the first report is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener report is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREPORT_RAW_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_GROUPREPORT_RAW_SZ:Icmpv6Type(1059)=131; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 multicast listener reports of the same attributes, this message is sent only when the first report is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener report is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREPORT_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_GROUPREPORT_SZ:Icmpv6Type(1059)=131; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 multicast listener report logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_LARGE
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMPV6_LARGE:RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when large ICMPv6 packet logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_LARGE_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMPV6_LARGE_RAW:RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for large ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMPv6 packet is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_LARGE_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMPV6_LARGE_RAW_SZ:SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for large ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMPv6 packet is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_LARGE_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMPV6_LARGE_SZ:SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when large ICMPv6 packet logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_PACKETTOOBIG
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_PACKETTOOBIG:Icmpv6Type(1059)=136; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 packet too big logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_PACKETTOOBIG_RAW
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_PACKETTOOBIG_RAW:Icmpv6Type(1059)=136; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 packet too big packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 packet too big packet is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_PACKETTOOBIG_RAW_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_PACKETTOOBIG_RAW_SZ:Icmpv6Type(1059)=136; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 packet too big packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 packet too big packet is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_PACKETTOOBIG_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_PACKETTOOBIG_SZ:Icmpv6Type(1059)=136; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 packet too big logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_PARAPROBLEM
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_PARAPROBLEM:Icmpv6Type(1059)=135; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 parameter problem logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_PARAPROBLEM_RAW
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_PARAPROBLEM_RAW:Icmpv6Type(1059)=135; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 parameter problem packet is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_PARAPROBLEM_RAW_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_PARAPROBLEM_RAW_SZ:Icmpv6Type(1059)=135; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 parameter problem packet is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_PARAPROBLEM_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_PARAPROBLEM_SZ:Icmpv6Type(1059)=135; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 parameter problem logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_TIMEEXCEED
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_TIMEEXCEED:Icmpv6Type(1059)=134; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 time exceeded logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_TIMEEXCEED_RAW
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_TIMEEXCEED_RAW:Icmpv6Type(1059)=134; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_TIMEEXCEED_RAW_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_TIMEEXCEED_RAW_SZ:Icmpv6Type(1059)=134; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for ICMPv6 time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_TIMEEXCEED_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_TIMEEXCEED_SZ:Icmpv6Type(1059)=134; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when ICMPv6 time exceeded logs are aggregated. |
Recommended action |
No action is required. |
ATK_ICMPV6_TRACEROUTE
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMPV6_TRACEROUTE:RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for ICMPv6 time exceeded packets of code 0. |
Recommended action |
No action is required. |
ATK_ICMPV6_TRACEROUTE_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMPV6_TRACEROUTE_RAW:RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435. |
Explanation |
If log aggregation is enabled, for ICMPv6 time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet of code 0 is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_TRACEROUTE_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMPV6_TRACEROUTE_RAW_SZ:SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435. |
Explanation |
If log aggregation is enabled, for ICMPv6 time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet of code 0 is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_TRACEROUTE_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_ICMPV6_TRACEROUTE_SZ:SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for ICMPv6 time exceeded packets of code 0. |
Recommended action |
No action is required. |
ATK_ICMPV6_TYPE
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_TYPE:Icmpv6Type(1059)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for user-defined ICMPv6 packets. |
Recommended action |
No action is required. |
ATK_ICMPV6_TYPE _RAW_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_TYPE_RAW_SZ:Icmpv6Type(1059)=38; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for user-defined ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMPv6 packet is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_TYPE_RAW
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_TYPE_RAW:Icmpv6Type(1059)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for user-defined ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMPv6 packet is received. |
Recommended action |
No action is required. |
ATK_ICMPV6_TYPE_SZ
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_ICMPV6_TYPE_SZ:Icmpv6Type(1059)=38; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for user-defined ICMPv6 packets. |
Recommended action |
No action is required. |
ATK_IP_OPTION
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IP_OPTION:IPOptValue(1057)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with a user-defined IP option. |
Recommended action |
No action is required. |
ATK_IP_OPTION_RAW
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IP_OPTION_RAW:IPOptValue(1057)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--;DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with a user-defined IP option and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with a user-defined IP option is received. |
Recommended action |
No action is required. |
ATK_IP_OPTION_RAW_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IP_OPTION_RAW_SZ:IPOptValue(1057)=38; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with a user-defined IP option and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with a user-defined IP option is received. |
Recommended action |
No action is required. |
ATK_IP_OPTION_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IP_OPTION_SZ: IPOptValue(1057)=38; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with a user-defined IP option. |
Recommended action |
No action is required. |
ATK_IP4_ACK_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_ACK_FLOOD:RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 ACK packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_ACK_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_ACK_FLOOD_SZ:SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 ACK packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_DIS_PORTSCAN
Message text |
RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; TcpFlag(1074)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Protocol name. $3: TCP packet type. (This field is available only for TCP packets.) $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_DIS_PORTSCAN:RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=TCP; TcpFlag(1074)=[SYN]; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=vpn1; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009052955. |
Explanation |
This message is sent when an IPv4 distributed port scan attack is detected. |
Recommended action |
No action is required. |
ATK_IP4_DIS_PORTSCAN_SZ
Message text |
SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Protocol name. $3: Destination IP address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_DIS_PORTSCAN_SZ:SrcZoneName(1025)=Trust; Protocol(1001)=TCP; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=vpn1; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009052955. |
Explanation |
This message is sent when an IPv4 distributed port scan attack is detected. |
Recommended action |
No action is required. |
ATK_IP4_DNS_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_DNS_FLOOD:RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 DNS queries sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_DNS_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_DNS_FLOOD_SZ:SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 DNS queries sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_FIN_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_FIN_FLOOD:RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 FIN packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_FIN_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_FIN_FLOOD_SZ:SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 FIN packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_FRAGMENT
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_FRAGMENT:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for IPv4 packets with an offset smaller than 5 but bigger than 0. |
Recommended action |
No action is required. |
ATK_IP4_FRAGMENT_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_FRAGMENT_RAW:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
Explanation |
This message is for the IPv4 fragment attack. The attack uses IPv4 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_FRAGMENT_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_FRAGMENT_RAW_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
Explanation |
This message is for the IPv4 fragment attack. The attack uses IPv4 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_FRAGMENT_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_FRAGMENT_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for IPv4 packets with an offset smaller than 5 but bigger than 0. |
Recommended action |
No action is required. |
ATK_IP4_HTTP_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_HTTP_FLOOD:RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 HTTP Get packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_HTTP_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_HTTP_FLOOD_SZ:SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 HTTP Get packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_IMPOSSIBLE
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_IMPOSSIBLE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for IPv4 packets whose source IPv4 address is the same as the destination IPv4 address. |
Recommended action |
No action is required. |
ATK_IP4_IMPOSSIBLE_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_IMPOSSIBLE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
Explanation |
This message is for the IPv4 impossible packet attack. The attack uses IPv4 packets whose source IPv4 address is the same as the destination IPv4 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_IMPOSSIBLE_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_IMPOSSIBLE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
Explanation |
This message is for the IPv4 impossible packet attack. The attack uses IPv4 packets whose source IPv4 address is the same as the destination IPv4 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_IMPOSSIBLE_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_IMPOSSIBLE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for IPv4 packets whose source IPv4 address is the same as the destination IPv4 address. |
Recommended action |
No action is required. |
ATK_IP4_IPSWEEP
Message text |
RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Protocol name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_IPSWEEP:RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=TCP; SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009060657. |
Explanation |
This message is sent when an IPv4 sweep attack is detected. |
Recommended action |
No action is required. |
ATK_IP4_IPSWEEP_SZ
Message text |
SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Protocol name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_IPSWEEP_SZ:SrcZoneName(1025)=Trust; Protocol(1001)=TCP; SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009060657. |
Explanation |
This message is sent when an IPv4 sweep attack is detected. |
Recommended action |
No action is required. |
ATK_IP4_PORTSCAN
Message text |
RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; DstIPAddr(1007)=[IPADDR]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Protocol name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Name of the receiving VPN instance. $6: Destination IP address. $7: Actions against the attack. $8: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_PORTSCAN:RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=TCP; SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; DstIPAddr(1007)=6.1.1.5; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009052955. |
Explanation |
This message is sent when an IPv4 port scan attack is detected. |
Recommended action |
No action is required. |
ATK_IP4_PORTSCAN_SZ
Message text |
SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; DstIPAddr(1007)=[IPADDR]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Protocol name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Name of the receiving VPN instance. $6: Destination IP address. $7: Actions against the attack. $8: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_PORTSCAN_SZ:SrcZoneName(1025)=Trust; Protocol(1001)=TCP; SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; DstIPAddr(1007)=6.1.1.5; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009052955. |
Explanation |
This message is sent when an IPv4 port scan attack is detected. |
Recommended action |
No action is required. |
ATK_IP4_RST_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_RST_FLOOD:RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 RST packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_RST_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_RST_FLOOD_SZ:SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10;Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 RST packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_SYN_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_SYN_FLOOD:RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 SYN packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_SYN_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_SYN_FLOOD_SZ:SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 SYN packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_SYNACK_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_SYNACK_FLOOD:RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 SYN-ACK packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_SYNACK_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_SYNACK_FLOOD_SZ:SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 SYN-ACK packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_TCP_ALLFLAGS
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_ALLFLAGS:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have all flags set. |
Recommended action |
No action is required. |
ATK_IP4_TCP_ALLFLAGS_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_ALLFLAGS_RAW:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TCP_ALLFLAGS_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING];DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_ALLFLAGS_RAW_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TCP_ALLFLAGS_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_ALLFLAGS_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have all flags set. |
Recommended action |
No action is required. |
ATK_IP4_TCP_FINONLY
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_FINONLY: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have only the FIN flag set. |
Recommended action |
No action is required. |
ATK_IP4_TCP_FINONLY_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_FINONLY_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TCP_FINONLY_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_FINONLY_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TCP_FINONLY_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_FINONLY_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have only the FIN flag set. |
Recommended action |
No action is required. |
ATK_IP4_TCP_INVALIDFLAGS
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_INVALIDFLAGS: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. |
Recommended action |
No action is required. |
ATK_IP4_TCP_INVALIDFLAGS_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_INVALIDFLAGS_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TCP_INVALIDFLAGS_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_INVALIDFLAGS_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. |
Recommended action |
No action is required. |
ATK_IP4_TCP_LAND
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_LAND: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets whose source IP address is the same as the destination IP address. |
Recommended action |
No action is required. |
ATK_IP4_TCP_LAND_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_LAND_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for the IPv4 land attack. The attack uses IPv4 TCP packets whose source IP address is the same as the destination IP address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TCP_LAND_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_LAND_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for the IPv4 land attack. The attack uses IPv4 TCP packets whose source IP address is the same as the destination IP address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TCP_LAND_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_LAND_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets whose source IP address is the same as the destination IP address. |
Recommended action |
No action is required. |
ATK_IP4_TCP_NULLFLAG
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_NULLFLAG: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=4. |
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have no flag set. |
Recommended action |
No action is required. |
ATK_IP4_TCP_NULLFLAG_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_NULLFLAG_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TCP_NULLFLAG_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_NULLFLAG_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TCP_NULLFLAG_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_NULLFLAG_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=4. |
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have no flag set. |
Recommended action |
No action is required. |
ATK_IP4_TCP_SYNFIN
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_SYNFIN: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have SYN and FIN flags set. |
Recommended action |
No action is required. |
ATK_IP4_TCP_SYNFIN_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_SYNFIN_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TCP_SYNFIN_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_SYNFIN_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TCP_SYNFIN_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_SYNFIN_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have SYN and FIN flags set. |
Recommended action |
No action is required. |
ATK_IP4_TCP_WINNUKE
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_WINNUKE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=5. |
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. |
Recommended action |
No action is required. |
ATK_IP4_TCP_WINNUKE_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_WINNUKE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for the IPv4 WinNuke attack. The attack uses IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TCP_WINNUKE_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_WINNUKE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for the IPv4 WinNuke attack. The attack uses IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TCP_WINNUKE_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TCP_WINNUKE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=5. |
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. |
Recommended action |
No action is required. |
ATK_IP4_TEARDROP
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TEARDROP: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for IPv4 overlapping fragments. |
Recommended action |
No action is required. |
ATK_IP4_TEARDROP_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TEARDROP_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for IPv4 overlapping fragments of the same attributes, this message is sent only when the first overlapping fragment is received. If log aggregation is disabled, this message is sent every time an IPv4 overlapping fragment is received. |
Recommended action |
No action is required. |
ATK_IP4_TEARDROP_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TEARDROP_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for IPv4 overlapping fragments of the same attributes, this message is sent only when the first overlapping fragment is received. If log aggregation is disabled, this message is sent every time an IPv4 overlapping fragment is received. |
Recommended action |
No action is required. |
ATK_IP4_TEARDROP_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TEARDROP_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for IPv4 overlapping fragments. |
Recommended action |
No action is required. |
ATK_IP4_TINY_FRAGMENT
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TINY_FRAGMENT: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=6. |
Explanation |
This message is sent when logs are aggregated for IPv4 packets with a datagram smaller than 68 bytes and the MF flag set. |
Recommended action |
No action is required. |
ATK_IP4_TINY_FRAGMENT_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TINY_FRAGMENT_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
Explanation |
This message is for the IPv4 tiny fragment attack. The attack uses IPv4 packets with a datagram smaller than 68 bytes and the MF flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TINY_FRAGMENT_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TINY_FRAGMENT_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
Explanation |
This message is for the IPv4 tiny fragment attack. The attack uses IPv4 packets with a datagram smaller than 68 bytes and the MF flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_TINY_FRAGMENT_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_TINY_FRAGMENT_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=6. |
Explanation |
This message is sent when logs are aggregated for IPv4 packets with a datagram smaller than 68 bytes and the MF flag set. |
Recommended action |
No action is required. |
ATK_IP4_UDP_BOMB
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_UDP_BOMB: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header. |
Recommended action |
No action is required. |
ATK_IP4_UDP_BOMB_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_UDP_BOMB_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 UDP bomb attack. The attack uses IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_UDP_BOMB_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_UDP_BOMB_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 UDP bomb attack. The attack uses IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_UDP_BOMB_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_UDP_BOMB_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header. |
Recommended action |
No action is required. |
ATK_IP4_UDP_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_UDP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 UDP packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_UDP_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_UDP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
Explanation |
This message is sent when the number of IPv4 UDP packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP4_UDP_FRAGGLE
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_UDP_FRAGGLE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=11. |
Explanation |
This message is sent when logs are aggregated for IPv4 UDP packets with source port 7 and destination port 19. |
Recommended action |
No action is required. |
ATK_IP4_UDP_FRAGGLE_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_UDP_FRAGGLE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 UDP fraggle attack. The attack uses IPv4 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_UDP_FRAGGLE_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_UDP_FRAGGLE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 UDP fraggle attack. The attack uses IPv4 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_UDP_FRAGGLE_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_UDP_FRAGGLE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=11. |
Explanation |
This message is sent when logs are aggregated for IPv4 UDP packets with source port 7 and destination port 19. |
Recommended action |
No action is required. |
ATK_IP4_UDP_SNORK
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_UDP_SNORK: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv4 UDP packets with source port 7, 19, or 135, and destination port 135. |
Recommended action |
No action is required. |
ATK_IP4_UDP_SNORK_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_UDP_SNORK_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 UDP snork attack. The attack uses IPv4 UDP packets with source port 7, 19, or 135, and destination port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_UDP_SNORK_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_UDP_SNORK_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv4 UDP snork attack. The attack uses IPv4 UDP packets with source port 7, 19, or 135, and destination port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP4_UDP_SNORK_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP4_UDP_SNORK_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv4 UDP packets with source port 7, 19, or 135, and destination port 135. |
Recommended action |
No action is required. |
ATK_IP6_ACK_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_ACK_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 ACK packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_ACK_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_ACK_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 ACK packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_DIS_PORTSCAN
Message text |
RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Protocol name. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_DIS_PORTSCAN: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=UDP; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009100928. |
Explanation |
This message is sent when an IPv6 distributed port scan attack is detected. |
Recommended action |
No action is required. |
ATK_IP6_DIS_PORTSCAN_SZ
Message text |
SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Protocol name. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_DIS_PORTSCAN_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009100928. |
Explanation |
This message is sent when an IPv6 distributed port scan attack is detected. |
Recommended action |
No action is required. |
ATK_IP6_DNS_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_DNS_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 DNS queries sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_DNS_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_DNS_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 DNS queries sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_FIN_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_FIN_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 FIN packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_FIN_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_FIN_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 FIN packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_FRAGMENT
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_FRAGMENT: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging; BeginTime_c(1011)=20131011103335; EndTime_c(1012)=20131011103835; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 packets with an offset smaller than 5 but bigger than 0. |
Recommended action |
No action is required. |
ATK_IP6_FRAGMENT_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_FRAGMENT_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging. |
Explanation |
This message is for the IPv6 fragment attack. The attack uses IPv6 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_FRAGMENT_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_FRAGMENT_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging. |
Explanation |
This message is for the IPv6 fragment attack. The attack uses IPv6 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_FRAGMENT_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_FRAGMENT_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging; BeginTime_c(1011)=20131011103335; EndTime_c(1012)=20131011103835; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 packets with an offset smaller than 5 but bigger than 0. |
Recommended action |
No action is required. |
ATK_IP6_HTTP_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_HTTP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 HTTP Get packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_HTTP_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_HTTP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 HTTP Get packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_IMPOSSIBLE
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_IMPOSSIBLE: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging; BeginTime_c(1011)=20131011103335; EndTime_c(1012)=20131011103835; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 packets whose source IPv6 address is the same as the destination IPv6 address. |
Recommended action |
No action is required. |
ATK_IP6_IMPOSSIBLE_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_IMPOSSIBLE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging. |
Explanation |
This message is for the IPv6 impossible packet attack. The attack uses IPv6 packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_IMPOSSIBLE_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_IMPOSSIBLE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging. |
Explanation |
This message is for the IPv6 impossible packet attack. The attack uses IPv6 packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_IMPOSSIBLE_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_IMPOSSIBLE_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging; BeginTime_c(1011)=20131011103335; EndTime_c(1012)=20131011103835; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 packets whose source IPv6 address is the same as the destination IPv6 address. |
Recommended action |
No action is required. |
ATK_IP6_IPSWEEP
Message text |
RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Protocol name. $3: Source IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_IPSWEEP: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=UDP; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009100639. |
Explanation |
This message is sent when an IPv6 sweep attack is detected. |
Recommended action |
No action is required. |
ATK_IP6_IPSWEEP_SZ
Message text |
SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Protocol name. $3: Source IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_IPSWEEP_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009100639. |
Explanation |
This message is sent when an IPv6 sweep attack is detected. |
Recommended action |
No action is required. |
ATK_IP6_PORTSCAN
Message text |
RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Protocol name. $3: Source IPv6 address. $4: Name of the receiving VPN instance. $5: Destination IPv6 address. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_PORTSCAN: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=UDP; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; DstIPv6Addr(1037)=2::2; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009100455. |
Explanation |
This message is sent when an IPv6 port scan attack is detected. |
Recommended action |
No action is required. |
ATK_IP6_PORTSCAN_SZ
Message text |
SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Protocol name. $3: Source IPv6 address. $4: Name of the receiving VPN instance. $5: Destination IPv6 address. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_PORTSCAN_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; DstIPv6Addr(1037)=2::2; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009100455. |
Explanation |
This message is sent when an IPv6 port scan attack is detected. |
Recommended action |
No action is required. |
ATK_IP6_RST_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_RST_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 RST packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_RST_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_RST_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 RST packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_SYN_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_SYN_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 SYN packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_SYN_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_SYN_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 SYN packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_SYNACK_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_SYNACK_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 SYN-ACK packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_SYNACK_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_SYNACK_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 SYN-ACK packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_TCP_ALLFLAGS
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_ALLFLAGS: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have all flags set. |
Recommended action |
No action is required. |
ATK_IP6_TCP_ALLFLAGS_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_ALLFLAGS_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv6 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_TCP_ALLFLAGS_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_ALLFLAGS_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv6 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_TCP_ALLFLAGS_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_ALLFLAGS_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have all flags set. |
Recommended action |
No action is required. |
ATK_IP6_TCP_FINONLY
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_FINONLY: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have only the FIN flag set. |
Recommended action |
No action is required. |
ATK_IP6_TCP_FINONLY_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_FINONLY_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv6 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_TCP_FINONLY_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_FINONLY_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv6 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_TCP_FINONLY_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_FINONLY_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have only the FIN flag set. |
Recommended action |
No action is required. |
ATK_IP6_TCP_INVALIDFLAGS
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_INVALIDFLAGS: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. |
Recommended action |
No action is required. |
ATK_IP6_TCP_INVALIDFLAGS_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_INVALIDFLAGS_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_TCP_INVALIDFLAGS_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_INVALIDFLAGS_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. |
Recommended action |
No action is required. |
ATK_IP6_TCP_LAND
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_LAND: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address. |
Recommended action |
No action is required. |
ATK_IP6_TCP_LAND_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_LAND_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for the IPv6 land attack. The attack uses IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_TCP_LAND_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_LAND_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for the IPv6 land attack. The attack uses IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_TCP_LAND_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_LAND_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address. |
Recommended action |
No action is required. |
ATK_IP6_TCP_NULLFLAG
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_NULLFLAG: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have no flag set. |
Recommended action |
No action is required. |
ATK_IP6_TCP_NULLFLAG_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_NULLFLAG_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv6 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_TCP_NULLFLAG_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_NULLFLAG_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv6 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_TCP_NULLFLAG_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_NULLFLAG_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have no flag set. |
Recommended action |
No action is required. |
ATK_IP6_TCP_SYNFIN
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_SYNFIN: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have SYN and FIN flags set. |
Recommended action |
No action is required. |
ATK_IP6_TCP_SYNFIN_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_SYNFIN_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv6 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_TCP_SYNFIN_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_SYNFIN_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv6 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_TCP_SYNFIN_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_SYNFIN_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have SYN and FIN flags set. |
Recommended action |
No action is required. |
ATK_IP6_TCP_WINNUKE
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_WINNUKE: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. |
Recommended action |
No action is required. |
ATK_IP6_TCP_WINNUKE_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_WINNUKE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for the IPv6 WinNuke attack. The attack uses IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_TCP_WINNUKE_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_WINNUKE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for the IPv6 WinNuke attack. The attack uses IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_TCP_WINNUKE_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_TCP_WINNUKE_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. |
Recommended action |
No action is required. |
ATK_IP6_UDP_FLOOD
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_UDP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 UDP packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_UDP_FLOOD_SZ
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_UDP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
Explanation |
This message is sent when the number of IPv6 UDP packets sent to a destination per second exceeds the rate limit. |
Recommended action |
No action is required. |
ATK_IP6_UDP_FRAGGLE
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_UDP_FRAGGLE: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 UDP packets with source port 7 and destination port 19. |
Recommended action |
No action is required. |
ATK_IP6_UDP_FRAGGLE_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_UDP_FRAGGLE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv6 UDP fraggle attack. The attack uses IPv6 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_UDP_FRAGGLE_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_UDP_FRAGGLE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv6 UDP fraggle attack. The attack uses IPv6 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_UDP_FRAGGLE_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_UDP_FRAGGLE_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 UDP packets with source port 7 and destination port 19. |
Recommended action |
No action is required. |
ATK_IP6_UDP_SNORK
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_UDP_SNORK: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 UDP packets with source port 7, 19, or 135, and destination port 135. |
Recommended action |
No action is required. |
ATK_IP6_UDP_SNORK_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_UDP_SNORK_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv6 UDP snork attack. The attack uses IPv6 UDP packets with source port 7, 19, or 135, and port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_UDP_SNORK_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_UDP_SNORK_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
This message is for IPv6 UDP snork attack. The attack uses IPv6 UDP packets with source port 7, 19, or 135, and port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
Recommended action |
No action is required. |
ATK_IP6_UDP_SNORK_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IP6_UDP_SNORK_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 UDP packets with source port 7, 19, or 135, and destination port 135. |
Recommended action |
No action is required. |
ATK_IPOPT_ABNORMAL
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IPOPT_ABNORMAL: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011072002; EndTime_c(1012)=20131011072502; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with more than two IP options. |
Recommended action |
No action is required. |
ATK_IPOPT_ABNORMAL_RAW
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IPOPT_ABNORMAL_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
This message is for packets that each has more than two IP options. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with more than two IP options is received. |
Recommended action |
No action is required. |
ATK_IPOPT_ABNORMAL_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IPOPT_ABNORMAL_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
This message is for packets that each has more than two IP options. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with more than two IP options is received. |
Recommended action |
No action is required. |
ATK_IPOPT_ABNORMAL_SZ
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IPOPT_ABNORMAL_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011072002; EndTime_c(1012)=20131011072502; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with more than two IP options. |
Recommended action |
No action is required. |
ATK_IPOPT_LOOSESRCROUTE
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)= [UINT32]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_LOOSESRCROUTE: IPOptValue(1057)=131; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with IP option 131. |
Recommended action |
No action is required. |
ATK_IPOPT_LOOSESRCROUTE_RAW
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_LOOSESRCROUTE_RAW: IPOptValue(1057)=131; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with IP option 131 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 131 is received. |
Recommended action |
No action is required. |
ATK_IPOPT_LOOSESRCROUTE_RAW_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_LOOSESRCROUTE_RAW_SZ: IPOptValue(1057)=131; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with IP option 131 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 131 is received. |
Recommended action |
No action is required. |
ATK_IPOPT_LOOSESRCROUTE_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)= [UINT32]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_LOOSESRCROUTE_SZ: IPOptValue(1057)=131; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with IP option 131. |
Recommended action |
No action is required. |
ATK_IPOPT_RECORDROUTE
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_RECORDROUTE: IPOptValue(1057)=7; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with IP option 7. |
Recommended action |
No action is required. |
ATK_IPOPT_RECORDROUTE_RAW
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_RECORDROUTE_RAW: IPOptValue(1057)=7; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with IP option 7 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 7 is received. |
Recommended action |
No action is required. |
ATK_IPOPT_RECORDROUTE_RAW_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_RECORDROUTE_RAW_SZ: IPOptValue(1057)=7; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with IP option 7 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 7 is received. |
Recommended action |
No action is required. |
ATK_IPOPT_RECORDROUTE_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_RECORDROUTE_SZ: IPOptValue(1057)=7; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with IP option 7. |
Recommended action |
No action is required. |
ATK_IPOPT_ROUTEALERT
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_ROUTEALERT: IPOptValue(1057)=148; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with IP option 148. |
Recommended action |
No action is required. |
ATK_IPOPT_ROUTEALERT_RAW
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_ROUTEALERT_RAW: IPOptValue(1057)=148; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with IP option 148 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 148 is received. |
Recommended action |
No action is required. |
ATK_IPOPT_ROUTEALERT_RAW_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_ROUTEALERT_RAW_SZ: IPOptValue(1057)=148; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with IP option 148 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 148 is received. |
Recommended action |
No action is required. |
ATK_IPOPT_ROUTEALERT_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_ROUTEALERT_SZ: IPOptValue(1057)=148; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with IP option 148. |
Recommended action |
No action is required. |
ATK_IPOPT_SECURITY
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_SECURITY: IPOptValue(1057)=130; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131009091022; EndTime_c(1012)=20131009091522; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for packets with IP option 130. |
Recommended action |
No action is required. |
ATK_IPOPT_SECURITY_RAW
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_SECURITY_RAW: IPOptValue(1057)=130; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with IP option 130 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 130 is received. |
Recommended action |
No action is required. |
ATK_IPOPT_SECURITY_RAW_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_SECURITY_RAW_SZ: IPOptValue(1057)=130; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with IP option 130 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 130 is received. |
Recommended action |
No action is required. |
ATK_IPOPT_SECURITY_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_SECURITY_SZ: IPOptValue(1057)=130; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131009091022; EndTime_c(1012)=20131009091522; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for packets with IP option 130. |
Recommended action |
No action is required. |
ATK_IPOPT_STREAMID
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_STREAMID: IPOptValue(1057)=136; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with IP option 136. |
Recommended action |
No action is required. |
ATK_IPOPT_STREAMID_RAW
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_STREAMID_RAW: IPOptValue(1057)=136; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with IP option 136 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 136 is received. |
Recommended action |
No action is required. |
ATK_IPOPT_STREAMID_RAW_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_STREAMID_RAW_SZ: IPOptValue(1057)=136; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with IP option 136 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 136 is received. |
Recommended action |
No action is required. |
ATK_IPOPT_STREAMID_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_STREAMID_SZ: IPOptValue(1057)=136; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with IP option 136. |
Recommended action |
No action is required. |
ATK_IPOPT_STRICTSRCROUTE
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_STRICTSRCROUTE: IPOptValue(1057)=137; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with IP option 137. |
Recommended action |
No action is required. |
ATK_IPOPT_STRICTSRCROUTE_RAW
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_STRICTSRCROUTE_RAW: IPOptValue(1057)=137; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with IP option 137 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 137 is received. |
Recommended action |
No action is required. |
ATK_IPOPT_STRICTSRCROUTE_RAW_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_STRICTSRCROUTE_RAW_SZ: IPOptValue(1057)=137; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with IP option 137 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 137 is received. |
Recommended action |
No action is required. |
ATK_IPOPT_STRICTSRCROUTE_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_STRICTSRCROUTE_SZ: IPOptValue(1057)=137; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with IP option 137. |
Recommended action |
No action is required. |
ATK_IPOPT_TIMESTAMP
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_TIMESTAMP: IPOptValue(1057)=68; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with IP option 68. |
Recommended action |
No action is required. |
ATK_IPOPT_TIMESTAMP_RAW
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_TIMESTAMP_RAW: IPOptValue(1057)=68; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with IP option 68 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 68 is received. |
Recommended action |
No action is required. |
ATK_IPOPT_TIMESTAMP_RAW_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_TIMESTAMP_RAW_SZ: IPOptValue(1057)=68; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for packets with IP option 68 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 68 is received. |
Recommended action |
No action is required. |
ATK_IPOPT_TIMESTAMP_SZ
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPOPT_TIMESTAMP_SZ: IPOptValue(1057)=68; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
Explanation |
This message is sent when logs are aggregated for packets with IP option 68. |
Recommended action |
No action is required. |
ATK_IPV6_EXT_HEADER
Message text |
IPv6ExtHeader(1060)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IPv6 extension header value. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPV6_EXT_HEADER: IPv6ExtHeader(1060)=43; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 packets with a user-defined extension header. |
Recommended action |
No action is required. |
ATK_IPV6_EXT_HEADER_ABNORMAL_RAW_SZ
Message text |
SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
Severity level |
3 |
Example |
ATK/3/ATK_IPV6_EXT_HEADER_ABNORMAL_RAW_SZ: SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=--;Action(1053)=logging. |
Explanation |
If log aggregation is disabled, the message is sent every time the device receives an abnormal IPv6 packet in which the number of extension headers exceeds the specified upper limit. |
Recommended action |
No action is required. |
ATK_IPV6_EXT_HEADER_ABNORMAL_SZ
Message text |
SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32]. |
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
Severity level |
3 |
Example |
ATK/3/ATK_IPV6_EXT_HEADER_ABNORMAL_SZ: SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=--;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2. |
Explanation |
If log aggregation is enabled, the message is sent when logs are aggregated for receving abnormal IPv6 packets. The abnormal IPv6 packets include the following: · IPv6 packets in which the number of extension headers exceeds the specified upper limit. · IPv6 packets in which a duplicate-disallowed extension header appears more than once. |
Recommended action |
No action is required. |
ATK_IPV6_EXT_HEADER_RAW
Message text |
IPv6ExtHeader(1060)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IPv6 extension header value. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPV6_EXT_HEADER_RAW: IPv6ExtHeader(1060)=43; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for IPv6 packets with a user-defined extension header and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an IPv6 packet with a user-defined extension header is received. |
Recommended action |
No action is required. |
ATK_IPV6_EXT_HEADER_RAW_SZ
Message text |
IPv6ExtHeader(1060)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
Variable fields |
$1: IPv6 extension header value. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
Severity level |
5 |
Example |
ATK/5/ATK_IPV6_EXT_HEADER_RAW_SZ: IPv6ExtHeader(1060)=43; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
Explanation |
If log aggregation is enabled, for IPv6 packets with a user-defined extension header and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an IPv6 packet with a user-defined extension header is received. |
Recommended action |
No action is required. |
ATK_IPV6_EXT_HEADER_SZ
Message text |
IPv6ExtHeader(1060)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
Variable fields |
$1: IPv6 extension header value. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
Severity level |
5 |
Example |
ATK/5/ATK_IPV6_EXT_HEADER_SZ: IPv6ExtHeader(1060)=43; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
Explanation |
This message is sent when logs are aggregated for IPv6 packets with a user-defined extension header. |
Recommended action |
No action is required. |
BFD messages
This section contains BFD messages.
BFD_CHANGE_FSM (Severity 4)
Message text |
Sess[STRING], Ver, Sta: [STRING]->[STRING], Diag: [UINT32] |
Variable fields |
$1: Source address, destination address, interface, message type, and MPLS FEC of the BFD session. For LSP sessions, this field contains the destination address, mask, and next hop address of LSPs. For PW sessions, this field contains the LSR ID of the peer PE and the PW ID. For TE tunnel sessions, this field contains the source address, destination address, tunnel ID, and LSP ID. $2: BFD session state before changing. $3: BFD session state after changing. Options include UP and DOWN. $4: Diagnostic information: · 0 (No Diagnostic). · 1 (Control Detection Time Expired)—A control packet mode BFD session goes down, because local detection times out. · 2 (Echo Function Failed)—An echo packet mode BFD session goes down, because local detection times out or the source IP address of echo packets is deleted. · 3 (Neighbor Signaled Session Down)—The remote end notifies the local end of BFD session down. · 7 (Administratively Down)—The local system prevents a BFD session from being established. |
Severity level |
4 |
Example |
BFD/4/BFD_CHANGE_FSM: Sess[20.0.4.2/20.0.4.1,LD/RD:533/532, Interface:Vlan204, SessType:Ctrl, LinkType:INET], Ver.1, Sta: INIT->UP, Diag: 0 (No Diagnostic). BFD/4/BFD_CHANGE_FSM: Sess[20.0.4.2/20.0.4.1,LD/RD:533/532, Interface: Vlan204, SessType: Ctrl, LinkType: LSP, FEC: LSP, 20.0.4.0/24/10.1.1.1], Ver.1, Sta: INIT->UP, Diag: 0 (No Diagnostic). BFD/4/BFD_CHANGE_FSM: Sess[20.0.4.2/20.0.4.1,LD/RD:533/532, Interface: Vlan204, SessType: Ctrl, LinkType: LSP, FEC: PW FEC-128, 20.0.4.2/1], Ver.1, Sta: INIT->UP, Diag: 0 (No Diagnostic). BFD/4/BFD_CHANGE_FSM: Sess[20.0.4.2/20.0.4.1,LD/RD:533/532, Interface: Vlan204, SessType: Ctrl, LinkType: LSP, FEC: TE Tunnel, 20.0.4.2/20.0.4.1/100/100], Ver.1, Sta: INIT->UP, Diag: 0 (No Diagnostic). |
Explanation |
The FSM of the BFD session has changed. This message appears when a BFD session changes to the UP or DOWN state. Unexpected session loss might indicate high error or packet loss rate in the network. |
Recommended action |
Check for incorrect BFD configuration or network congestion. |
BFD_CHANGE_FSM (Severity 5)
Message text |
Sess[STRING], Ver, Sta: [STRING]->[STRING], Diag: [UINT32] |
Variable fields |
$1: Source address, destination address, interface, message type, and MPLS FEC of the BFD session. For LSP sessions, this field contains the destination address, mask, and next hop address of LSPs. For PW sessions, this field contains the LSR ID of the peer PE and the PW ID. For TE tunnel sessions, this field contains the source address, destination address, tunnel ID, and LSP ID. $2: BFD session state before changing. $3: BFD session state after changing. Options include INIT, ADMIN-DOWN, and FAIL. $4: Diagnostic information: · 0 (No Diagnostic). · 1 (Control Detection Time Expired)—A control packet mode BFD session goes down, because local detection times out. · 2 (Echo Function Failed)—An echo packet mode BFD session goes down, because local detection times out or the source IP address of echo packets is deleted. · 3 (Neighbor Signaled Session Down)—The remote end notifies the local end of BFD session down. · 7 (Administratively Down)—The local system prevents a BFD session from being established. |
Severity level |
5 |
Example |
BFD/5/BFD_CHANGE_FSM: Sess[20.0.4.2/20.0.4.1,LD/RD:533/532, Interface:Vlan204, SessType:Ctrl, LinkType:INET], Ver.1, Sta: DOWN->INIT, Diag: 0 (No Diagnostic). BFD/5/BFD_CHANGE_FSM: Sess[20.0.4.2/20.0.4.1,LD/RD:533/532, Interface: Vlan204, SessType: Ctrl, LinkType: LSP, FEC: LSP, 20.0.4.0/24/10.1.1.1], Ver.1, Sta: DOWN->INIT, Diag: 0 (No Diagnostic). BFD/5/BFD_CHANGE_FSM: Sess[20.0.4.2/20.0.4.1,LD/RD:533/532, Interface: Vlan204, SessType: Ctrl, LinkType: LSP, FEC: PW FEC-128, 20.0.4.2/1], Ver.1, Sta: DOWN->INIT, Diag: 0 (No Diagnostic). BFD/5/BFD_CHANGE_FSM: Sess[20.0.4.2/20.0.4.1,LD/RD:533/532, Interface: Vlan204, SessType: Ctrl, LinkType: LSP, FEC: TE Tunnel, 20.0.4.2/20.0.4.1/100/100], Ver.1, Sta: DOWN->INIT, Diag: 0 (No Diagnostic). |
Explanation |
The FSM of the BFD session has been changed. This informational message appears when a BFD session changes to the INIT, ADMIN-DOWN, or FAIL state. Unexpected session loss might indicate high error or packet loss rates in the network. |
Recommended action |
Check for incorrect BFD configuration or network congestion. |
BFD_CHANGE_SESS
Message text |
Sess[STRING], Ver, Sta: [STRING], Diag: [UINT32] |
Variable fields |
$1: Source address, destination address, interface, message type, and MPLS FEC of the BFD session. For LSP sessions, this field contains the destination address, mask, and next hop address of LSPs. For PW sessions, this field contains the LSR ID of the peer PE and the PW ID. For TE tunnel sessions, this field contains the source address, destination address, tunnel ID, and LSP ID. $2: Session state. $3: Diagnostic code. |
Severity level |
5 |
Example |
BFD/5/BFD_CHANGE_SESS: Sess[17.1.1.2/17.1.1.1, LD/RD:1537/1537, Interface:GE1/0/1, SessType:Ctrl, LinkType:INET], Ver:1, Sta: Deleted, Diag: 7 (Administratively Down) |
Explanation |
This informational message appears when a BFD session is deleted. |
Recommended action |
Check the BFD session configuration. |
BFD_REACHED_UPPER_LIMIT
Message text |
The total number of BFD sessions [ULONG] reached the upper limit. Can’t create a new session. |
Variable fields |
$1: Total number of BFD sessions. |
Severity level |
3 |
Example |
BFD/3/BFD_REACHED_UPPER_LIMIT: The total number of BFD session 100 reached upper limit. |
Explanation |
The total number of BFD sessions has reached the upper limit. |
Recommended action |
Check the BFD session configuration. |
BGP messages
This section contains BGP messages.
BGP_EXCEED_ROUTE_LIMIT
Message text |
BGP [STRING].[STRING]: The number of routes ([UINT32]) from peer [STRING] ([STRING]) exceeds the limit [UINT32]. |
Variable fields |
$1: BGP instance name. $2: VPN instance name. This field is blank for the public network. $3: Number of received routes. $4: IP address of the BGP peer. $5: Address family of the BGP peer. $6: Maximum number of routes. |
Severity level |
4 |
Example |
BGP/4/BGP_EXCEED_ROUTE_LIMIT: BGP default.vpn1: The number of routes (101) from peer 1.1.1.1 (IPv4-UNC) exceeds the limit 100. |
Explanation |
The number of routes received from a peer exceeded the maximum number of routes that can be received from the peer. |
Recommended action |
Determine whether it is caused by attacks: · If yes, configure the device to defend against the attacks. · If not, increase the maximum number of routes. |
BGP_REACHED_THRESHOLD
Message text |
BGP [STRING].[STRING]: The ratio of the number of routes ([UINT32]) received from peer [STRING] ([STRING]) to the number of allowed routes ([UINT32]) has reached the threshold ([UINT32]%). |
Variable fields |
$1: BGP instance name. $2: VPN instance name. This field is blank for the public network. $3: Number of received routes. $4: IP address of the BGP peer. $5: Address family of the BGP peer. $6: Maximum number of routes that can be received from the peer. $7: Percentage of received routes to the maximum allowed routes. |
Severity level |
4 |
Example |
BGP/4/BGP_REACHED_THRESHOLD: BGP default.vpn1: The ratio of the number of routes (3) received from peer 1.1.1.1 (IPv4-UNC) to the number of allowed routes (2) has reached the threshold (75%). |
Explanation |
The percentage of received routes to the maximum allowed routes reached the threshold. |
Recommended action |
Determine whether it is caused by attacks: · If yes, configure the device to defend against the attacks. · If not, increase the threshold value or the maximum number of routes that can be received from the peer. |
BGP_LOG_ROUTE_FLAP
Message text |
BGP [STRING].[STRING]: The route [STRING] [STRING]/[UINT32] learned from peer [STRING] ([STRING]) flapped. |
Variable fields |
$1: BGP instance name. $2: VPN instance name. This field is blank for the public network. $3: RD of the BGP route. This field is blank for a route without an RD. $4: BGP route prefix. $5: Mask of the BGP route prefix. $6: IP address of the BGP peer. $7: Address family of the BGP peer. |
Severity level |
4 |
Example |
BGP/4/BGP_LOG_ROUTE_FLAP: BGP default.vpn1: The route 15.1.1.1/24 learned from peer 1.1.1.1 (IPv4-UNC) flapped. |
Explanation |
The route learned from a BGP peer flapped. |
Recommended action |
If a large number of routes flap, determine the route flapping cause and develop a solution. |
BGP_LABEL_CONFLICT
Message text |
BGP egress-engineering incoming label [STRING] conflicts with current configuration. |
Variable fields |
$1: SID value. |
Severity level |
4 |
Example |
BGP/4/BGP_LABEL_CONFLICT: BGP egress-engineering incoming label 3000 conflicts with current configuration. |
Explanation |
The SID value assigned by BGP Egress Peer Engineering (EPE) has been used. |
Recommended action |
Verify that the SID value specified in the routing policy used by BGP EPE has not been used. |
BGP_LABEL_OUTOFRANGE
Message text |
BGP egress-engineering incoming label [STRING] is out of range. |
Variable fields |
$1: SID value. |
Severity level |
4 |
Example |
BGP/4/BGP_LABEL_OUTOFRANGE: BGP egress-engineering incoming label 1024 is out of range. |
Explanation |
The SID value assigned by BGP EPE is out of range. |
Recommended action |
Verify that the SID value specified in the routing policy used by BGP EPE is valid. |
BGP_MEM_ALERT
Message text |
BGP [STRING] instance received system memory alert [STRING] event. |
Variable fields |
$1: BGP instance name. $2: Type of the memory alarm, stop and start. |
Severity level |
5 |
Example |
BGP/5/BGP_MEM_ALERT: BGP default instance received system memory alert start event. |
Explanation |
BGP received a memory alarm. |
Recommended action |
If BGP received a system memory alert start event, check the system memory and try to free some memory by adjusting modules that occupied too much memory. |
BGP_PEER_LICENSE_REACHED
Message text |
BGP [STRING]: Number of peers in Established state reached the license limit. |
Variable fields |
$1: BGP instance name. |
Severity level |
3 |
Example |
BGP/3/BGP_PEER_LICENSE_REACHED: BGP default: Number of peers in Established state reached the license limit. |
Explanation |
The number of peers in Established state reached the license limit. |
Recommended action |
Determine whether a new license is required. |
BGP_ROUTE_LICENSE_REACHED
Message text |
BGP [STRING]: Number of [STRING] routes reached the license limit. |
Variable fields |
$1: BGP instance name. $2: BGP address family: · IPv4-UNC public—IPv4 unicast routes for the public network. · IPv6-UNC public—IPv6 unicast routes for the public network. · IPv4 private—IPv4 unicast routes, VPNv4 routes, and nested VPN routes for the private network. · IPv6 private—IPv6 unicast routes and VPNv6 routes for the private network. |
Severity level |
3 |
Example |
BGP/3/BGP_ROUTE_LICENSE_REACHED: BGP default: Number of IPv4-UNC public routes reached the license limit. |
Explanation |
The number of routes in the specified address family reached the license limit. |
Recommended action |
Determine whether a new license is required. After the number of routes in the specified family falls below the license limit or the license limit increases, you must manually restore the discarded routes. |
BGP_STATE_CHANGED
Message text |
BGP [STRING].[STRING]: [STRING] state has changed from [STRING] to [STRING]. |
Variable fields |
$1: BGP instance name. $2: VPN instance name. This field is blank for the public network. $3: IP address of the BGP peer. $4: Name of FSM before the state change. $5: Name of FSM after the state change. |
Severity level |
3 |
Example |
BGP/3/BGP_STATE_CHANGED: BGP default.vpn1: 192.99.0.2 state has changed from ESTABLISHED to IDLE. |
Explanation |
The FSM of a BGP peer has changed. This informational message appears when a BGP peer comes up or goes down. |
Recommended action |
If a peer goes down unexpectedly, determine whether an error or packet loss occurs. |
BLS messages
This section contains blacklist messages.
BLS_ENTRY_ADD
Message text |
SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; TTL(1051)=[STRING]; Reason(1052)=[STRING]. |
Variable fields |
$1: Blacklisted IP address. $2: Peer address of the DS-Lite tunnel. $3: VPN instance name. $4: TTL of a blacklist entry. $5: Reason why the blacklist entry was added. |
Severity level |
5 |
Example |
BLS/5/BLS_ENTRY_ADD: SrcIPAddr(1003)=1.1.1.6; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=; TTL(1051)=; Reason(1052)=Configuration. BLS/5/BLS_ENTRY_ADD: SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; TTL(1051)=10; Reason(1052)=Scan behavior detected. |
Explanation |
A blacklist entry was added. The message is sent when a blacklist entry is manually configured or dynamically created according to the scanning result. |
Recommended action |
No action is required. |
BLS_ENTRY_DEL
Message text |
SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; Reason(1052)=[STRING]. |
Variable fields |
$1: Blacklisted IP address. $2: Peer address of the DS-Lite tunnel. $3: VPN instance name. $4: Reason why the blacklist entry was deleted. |
Severity level |
5 |
Example |
BLS/5/BLS_ENTRY_DEL: SrcIPAddr(1003)=1.1.1.3; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=; Reason(1052)=Configuration. BLS/5/BLS_ENTRY_DEL: SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; Reason(1052)=Aging. |
Explanation |
A blacklist entry was deleted. The message is sent when a blacklist entry is manually deleted or dynamically deleted due to the aging. |
Recommended action |
No action is required. |
BLS_IPV6_ENTRY_ADD
Message text |
SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; TTL(1051)=[STRING]; Reason(1052)=[STRING]. |
Variable fields |
$1: Blacklisted IPv6 address. $2: VPN instance name. $3: TTL of a blacklist entry. $4: Reason why the blacklist entry was added. |
Severity level |
5 |
Example |
BLS/5/BLS_IPV6_ENTRY_ADD: SrcIPv6Addr(1036)=2::2; RcvVPNInstance(1041)=; TTL(1051)=; Reason(1052)=Configuration. BLS/5/BLS_IPV6_ENTRY_ADD: SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; TTL(1051)=10; Reason(1052)=Scan behavior detected. |
Explanation |
A blacklist entry was added. The message is sent when a blacklist entry is manually configured or dynamically created according to the scanning result. |
Recommended action |
No action is required. |
BLS_IPV6_ENTRY_DEL
Message text |
SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Reason(1052)=[STRING]. |
Variable fields |
$1: Blacklisted IPv6 address. $2: VPN instance name. $3: Reason why the blacklist entry was deleted. |
Severity level |
5 |
Example |
BLS/5/BLS_IPV6_ENTRY_DEL: SrcIPv6Addr(1036)=2::2; RcvVPNInstance(1041)=; Reason(1052)=Configuration. |
Explanation |
A blacklist entry was deleted. The message is sent when a blacklist entry is manually deleted or dynamically deleted due to the aging. |
Recommended action |
No action is required. |
CFD messages
This section contains CFD messages.
CFD_CROSS_CCM
Message text |
MEP [UINT16] in SI [INT32] received a cross-connect CCM. It’s SrcMAC is [MAC], SeqNum is [INT32], RMEP is [UINT16], MD ID is [STRING], MA ID is [STRING]. |
Variable fields |
$1: Service instance ID. $2: Local MEP ID. $3: Source MAC address. $4: Sequence number. $5: Remote MEP ID. $6: MD ID. If no MD ID is available, "without ID" is displayed. $7: MA ID. |
Severity level |
6 |
Example |
CFD/6/CFD_CROSS_CCM: MEP 13 in SI 10 received a cross-connect CCM. Its SrcMAC is 0011-2233-4401, SeqNum is 78, RMEP is 12, MD ID is without ID, MA ID is 0. |
Explanation |
A MEP received a cross-connect CCM containing a different MA ID or MD ID. |
Recommended action |
Check the configurations of MEPs on both ends. Make sure the MEPs have consistent configurations, including MD, MA, and level. |
CFD_ERROR_CCM
Message text |
MEP [UINT16] in SI [INT32] received an error CCM. It’s SrcMAC is [MAC], SeqNum is [INT32], RMEP is [UINT16], MD ID is [STRING], MA ID is [STRING]. |
Variable fields |
$1: Service instance ID. $2: Local MEP ID. $3: Source MAC address. $4: Sequence number. $5: Remote MEP ID. $6: MD ID. If no MD ID is available, "without ID" is displayed. $7: MA ID. |
Severity level |
6 |
Example |
CFD/6/CFD_ERROR_CCM: MEP 2 in SI 7 received an error CCM. Its SrcMAC is 0011-2233-4401, SeqNum is 21, RMEP is 2, MD ID is 7, MA ID is 1. |
Explanation |
A MEP received an error CCM containing an unexpected MEP ID or lifetime. |
Recommended action |
Check the CCM configuration. Make sure the CCM intervals are consistent on both ends, and the remote MEP ID is included in the MEP list of the local end. |
CFD_LOST_CCM
Message text |
MEP [UINT16] in SI [INT32] failed to receive CCMs from RMEP [UINT16]. |
Variable fields |
$1: Local MEP ID. $2: Service instance ID. $3: Remote MEP ID. |
Severity level |
6 |
Example |
CFD/6/CFD_LOST_CCM: MEP 1 in SI 7 failed to receive CCMs from RMEP 2. |
Explanation |
A MEP failed to receive CCMs within 3.5 sending intervals because the link is faulty or the remote MEP does not send CCM within 3.5 sending intervals. |
Recommended action |
Check the link status and the configuration of the remote MEP. If the link is down or faulty (becomes unidirectional, for example), restore the link. If the remote MEP is configured with the same service instance, make sure the CCM sending intervals are consistent on both ends. |
CFD_NO_HRD_RESOURCE
Message text |
Failed to start CCM on service instance [INT32] because of insufficient hardware frequency resources. |
Variable fields |
$1: Service instance ID. |
Severity level |
6 |
Example |
CFD/6/CFD_NO_HRD_RESOURCE: -MDC=1; Failed to start CCM on service instance 7 because of insufficient hardware frequency resources. |
Explanation |
This message is generated when CCM fails to be stared in a service instance because of insufficient hardware frequency resources. |
Recommended action |
Contact H3C Support. |
CFD_REACH_LOWERLIMIT
Message text |
[STRING] reached or fell below the lower limit [STRING] on MEP [UINT16] in service instance [INT32]. |
Variable fields |
$1: Monitored indicator: ¡ Far-end frame loss ratio. ¡ Near-end frame loss ratio. ¡ Frame delay. $2: Threshold. $3: Local MEP ID. $4: Service instance ID. |
Severity level |
6 |
Example |
CFD/6/ CFD_REACH_LOWERLIMIT: Far-end frame loss ratio reached or fell below the lower limit 4% on MEP 2 in service instance 3. |
Explanation |
This message is generated when a monitored indicator reaches or falls below the lower limit. |
Recommended action |
No action is required. |
CFD_REACH_UPPERLIMIT
Message text |
[STRING] reached or exceeded the upper limit [STRING] on MEP [UINT16] in service instance [INT32]. |
Variable fields |
$1: Monitored indicator: ¡ Far-end frame loss ratio. ¡ Near-end frame loss ratio. ¡ Frame delay. $2: Threshold. $3: Local MEP ID. $4: Service instance ID. |
Severity level |
6 |
Example |
CFD/6/ CFD_REACH_LOWERLIMIT: Far-end frame loss ratio reached or fell below the lower limit 4% on MEP 2 in service instance 3. |
Explanation |
This message is generated when a monitored indicator reaches or exceeds the upper limit. |
Recommended action |
No action is required. |
CFD_RECEIVE_CCM
Message text |
MEP [UINT16] in SI [INT32] received CCMs from RMEP [UINT16] |
Variable fields |
$1: Local MEP ID. $2: Service instance ID. $3: Remote MEP ID. |
Severity level |
6 |
Example |
CFD/6/CFD_RECEIVE_CCM: MEP 1 in SI 7 received CCMs from RMEP 2. |
Explanation |
A MEP received CCMs from a remote MEP. |
Recommended action |
No action is required. |
CFGMAN messages
This section contains configuration management messages.
CFGMAN_CFGCHANGED
Message text |
-EventIndex=[INT32]-CommandSource=[INT32]-ConfigSource=[INT32]-ConfigDestination=[INT32]; Configuration changed. |
Variable fields |
$1: Event index in the range of 1 to 2147483647. $2: Configuration change source: ¡ cli—The configuration change came from the CLI. ¡ snmp—The configuration change came from SNMP or was a configuration database change detected by SNMP. ¡ other—The configuration change came from other sources. $3: Source configuration: ¡ erase—Deleting or renaming a configuration file. ¡ running—Saving the running configuration. ¡ commandSource—Copying a configuration file. ¡ startup—Saving the running configuration to the next-startup configuration file. ¡ local—Saving the running configuration to a local file. ¡ networkFtp—Using FTP to transfer and save a configuration file to the device as the running configuration or next-startup configuration file. ¡ hotPlugging—A card hot swapping caused the configuration to be deleted or become ineffective. $4: Destination configuration: ¡ erase—Deleting or renaming a configuration file. ¡ running—Saving the running configuration. ¡ commandSource—Copying a configuration file. ¡ startup—Saving the running configuration to the next-startup configuration file. ¡ local—Saving the running configuration to a local file. ¡ networkFtp—Using FTP to transfer and save a configuration file to the device as the running configuration or next-startup configuration file. ¡ hotPlugging—A card hot swapping caused the configuration to be deleted or become ineffective. |
Severity level |
5 |
Example |
CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=[6]-CommandSource=[snmp]-ConfigSource=[startup]-ConfigDestination=[running]; Configuration changed. |
Explanation |
The running configuration changed in the past 10 minutes. |
Recommended action |
No action is required. |
CFGMAN_OPTCOMPLETION
Message text |
-OperateType=[INT32]-OperateTime=[INT32]-OperateState=[INT32]-OperateEndTime=[INT32]; Operation completed. |
Variable fields |
$1: Operation type: ¡ running2startup—Saves the running configuration to the next-startup configuration file. ¡ startup2running—Loads the configuration in the next-startup configuration file. ¡ running2net—Saves the running configuration to a host on the network. ¡ net2running—Transfers a configuration file from a host on the network and loads the configuration. ¡ net2startup—Transfers a configuration file from a host on the network and specifies the file as the next-startup configuration file. ¡ startup2net—Copies the next-startup configuration file to a host on the network. $2: Operation start time. $3: Operation status: ¡ InProcess—Operation is in progress. ¡ success—Operation succeeded. ¡ InvalidOperation—Invalid operation. ¡ InvalidProtocol—Invalid protocol. ¡ InvalidSource—Invalid source file name. ¡ InvalidDestination—Invalid destination file name. ¡ InvalidServer—Invalid server address. ¡ DeviceBusy—The device is busy. ¡ InvalidDevice—Invalid device address. ¡ DeviceError—An error occurred on the device. ¡ DeviceNotWritable—The storage medium on the device is write protected. ¡ DeviceFull—The device does not have enough free storage space for the file. ¡ FileOpenError—Failed to open the file. ¡ FileTransferError—Failed to transfer the file. ¡ ChecksumError—File checksum error. ¡ LowMemory—The memory space is not sufficient. ¡ AuthFailed—User authentication failed. ¡ TransferTimeout—Transfer timed out. ¡ UnknownError—An unknown error occurred. ¡ invalidConfig—Invalid configuration. $4: Operation end time. |
Severity level |
5 |
Example |
CFGMAN/5/CFGMAN_OPTCOMPLETION: -OperateType=[running2startup]-OperateTime=[248]-OperateState=[success]-OperateEndTime=[959983]; Operation completed. |
Explanation |
The device is performing or has completed an operation. |
Recommended action |
If the operation is not successful, locate and resolve the issue. |
CLKM messages
This section contains clock monitoring module messages.
CLKM_ESMC_PKT_ALARM
Message text |
ESMC packets were lost. (PortName=[STRING]) |
Variable fields |
$1: Name of the interface that receives ESMC packets. |
Severity level |
4 |
Example |
CLKM/4/CLKM_ESMC_PKT_ALARM: ESMC packets were lost. (PortName=G1/0/1) |
Explanation |
The device issues this message when ESMC packets were lost. |
Recommended action |
To resolve the issue: 1. Determine whether both the local and peer interfaces are ESMC-enabled. ¡ If both of them are ESMC-enabled, go to 3. ¡ If one or neither of them is ESMC-enabled, go to 2. ¡ If the device continues to output this message, go to 3. ¡ If the device does not output this message any more, the issue is resolved. 3. Collect alarm, log, and configuration information and contact the support. |
CONNLMT messages
This section contains connection limit messages.
CONNLMT_IPV4_OVERLOAD
Message text |
RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];UpperLimit(1049)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING]; |
Variable fields |
$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IP address. $4: Destination IP address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper threshold. $10: Rule ID. $11: Event message. |
Severity level |
6 |
Example |
CONNLMT/6/CONNLMT_IPV4_OVERLOAD: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=10.10.10.1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;UpperLimit(1049)=1000;LimitRuleNum(1051)=1;Event(1048)=Exceeded upper threshold; |
Explanation |
The number of concurrent connections exceeded the upper threshold. |
Recommended action |
No action is required. |
CONNLMT_IPV4_RECOVER
Message text |
RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];DropPktCount(1052)=[UINT32];LowerLimit(1050)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING]; |
Variable fields |
$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IP address. $4: Destination IP address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Number of dropped packets. $10: Lower threshold. $11: Rule ID. $12: Event message. |
Severity level |
6 |
Example |
CONNLMT/6/CONNLMT_IPV4_RECOVER: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=10.10.10.1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;DropPktCount(1052)=306004;LowerLimit(1050)=10;LimitRuleNum(1051)=1;Event(1048)=Dropped below lower threshold; |
Explanation |
The number of concurrent connections dropped to the lower threshold from the upper threshold. |
Recommended action |
No action is required. |
CONNLMT_IPV6_OVERLOAD
Message text |
RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];UpperLimit(1049)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING]; |
Variable fields |
$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper threshold. $10: Rule ID. $11: Event message. |
Severity level |
6 |
Example |
CONNLMT/6/CONNLMT_IPV6_OVERLOAD: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPv6Addr(1036)=2001::1;DstIPv6Addr(1037)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;UpperLimit(1049)=1000;LimitRuleNum(1051)=1;Event(1048)=Exceeded upper threshold; |
Explanation |
The number of concurrent connections exceeded the upper threshold. |
Recommended action |
No action is required. |
CONNLMT_IPV6_RECOVER
Message text |
RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];DropPktCount(1052)=[UINT32];LowerLimit(1050)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING]; |
Variable fields |
$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Number of dropped packets. $10: Lower threshold. $11: Rule ID. $12: Event message. |
Severity level |
6 |
Example |
CONNLMT/6/CONNLMT_IPV6_RECOVER: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=2001::1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;DropPktCount(1052)=306004;LowerLimit(1050)=10;LimitRuleNum(1051)=1;Event(1048)=Dropped below lower threshold; |
Explanation |
The number of concurrent connections dropped to the lower threshold from the upper threshold. |
Recommended action |
No action is required. |
Data plane backup messages
This section contains data plane backup messages.
DP_SWITCH_SUCCESS
Message text |
Device with IP address [STRING] in DP backup group [UINT] switched to master. |
Variable fields |
$1: IP address of the new master device. $2: ID of the data plane backup group. |
Severity level |
6 |
Example |
DP/6/DP_SWITCH_SUCCESS: Device with IP address 1.1.1.1 in DP backup group 4 switched to master. |
Explanation |
A master/backup switchover occurred in a data plane backup group. The specified device became the new master. |
Recommended action |
No action is required. |
DEV messages
This section contains device management messages.
BOARD_REBOOT
Message text |
Board is rebooting on [STRING]. |
Variable fields |
$1: Chassis number and slot number or slot number. |
Severity level |
5 |
Example |
DEV/5/BOARD_REBOOT: Board is rebooting on slot 1. |
Explanation |
A card was manually or automatically rebooted. |
Recommended action |
If an unexpected automatic reboot occurred, perform the following tasks: 1. Execute the display version command after the slot starts up. 2. Check the Last reboot reason field for the reboot reason. 3. If an exception caused the reboot, contact HP Support. |
BOARD_INSERTED
Message text |
Board was inserted on [STRING], type is unknown. |
Variable fields |
$1: Chassis number and slot number or slot number. |
Severity level |
5 |
Example |
DEV/5/BOARD_INSERTED: Board was inserted on slot 2, type is unknown. |
Explanation |
A card was installed, but the card type was unknown because the card had not finish booting. |
Recommended action |
No action is required. |
BOARD_REMOVED
Message text |
Board was removed from [STRING], type is [STRING]. |
Variable fields |
$1: Chassis number and slot number or slot number. $2: Card type. |
Severity level |
3 |
Example |
DEV/3/BOARD_REMOVED: Board was removed from slot 1, type is LSQ1FV48SA. |
Explanation |
An LPU or a standby MPU was removed from a member device, causing the device to leave the IRF fabric. |
Recommended action |
If the LPU or MPU was not manually removed, perform the following tasks: 1. Verify that the card is securely seated. 2. Replace the card if the message persists. 3. Reboot the device to make it join the IRF fabric. 4. If the issue persists, contact HP Support. |
BOARD_STATE_FAULT
Message text |
Board state changed to Fault on [STRING], type is [STRING]. |
Variable fields |
$1: Chassis number and slot number or slot number. $2: Card type. |
Severity level |
2 |
Example |
DEV/2/BOARD_STATE_FAULT: Board state changed to Fault on slot 1, type is LSQ1FV48SA. |
Explanation |
The card was starting up (initializing or loading software) or was not operating correctly. |
Recommended action |
· If the card was newly installed, wait for the card to start up. The required startup time varies by card model and software version and is typically less than 10 minutes. · If the card was not newly installed, contact HP Support. |
BOARD_STATE_NORMAL
Message text |
Board state changed to Normal on [STRING], type is [STRING]. |
Variable fields |
$1: Chassis number and slot number or slot number. $2: Card type. |
Severity level |
5 |
Example |
DEV/5/BOARD_STATE_NORMAL: Board state changed to Normal on slot 1, type is LSQ1FV48SA. |
Explanation |
A newly installed LPU or standby MPU completed initialization. |
Recommended action |
No action is required. |
CFCARD_FAILED
Message text |
CF card state changed to Fault in [STRING] [STRING]. |
Variable fields |
$1: Chassis number and slot number, slot number, or the device. $2: CF card slot number. This field is displayed only if the device supports multiple CF cards. |
Severity level |
3 |
Example |
DEV/3/CFCARD_FAILED: CF card state changed to Fault in slot 1 CF card slot 1. |
Explanation |
A CF card failed. |
Recommended action |
1. Remove and install the CF card again. 2. If the issue persists, replace the CF card. |
CFCARD_INSERTED
Message text |
CF card was inserted in [STRING] [STRING]. |
Variable fields |
$1: Chassis number and slot number, slot number, or the device. $2: CF card slot number. This field is displayed only if the device supports multiple CF cards. |
Severity level |
4 |
Example |
DEV/4/CFCARD_INSERTED: CF card was inserted in slot 1 CF card slot 1. |
Explanation |
A CF card was installed. |
Recommended action |
No action is required. |
CFCARD_REMOVED
Message text |
CF card was removed from [STRING] [STRING]. |
Variable fields |
$1: Chassis number and slot number, slot number, or the device. $2: CF card slot number. This field is displayed only if the device supports multiple CF cards. |
Severity level |
3 |
Example |
DEV/3/CFCARD_REMOVED: CF card was removed from slot 1 CF card slot 1. |
Explanation |
A CF card was removed. |
Recommended action |
If the CF card was not manually removed, perform the following tasks: 1. Verify that the card is securely seated. 2. Replace the card if the message persists. 3. If the issue persists, contact HP Support. |
CHASSIS_REBOOT
Message text |
Chassis [STRING] is rebooting now. |
Variable fields |
$1: Chassis number. |
Severity level |
5 |
Example |
DEV/5/CHASSIS_REBOOT: Chassis 1 is rebooting now. |
Explanation |
The chassis was manually or automatically rebooted. |
Recommended action |
If an unexpected automatic reboot occurs, perform the following tasks: 1. Execute the display version command after the chassis starts up. 2. Check the Last reboot reason field for the reboot reason. 3. If an exception caused the reboot, contact HP Support. |
CPU_STATE_NORMAL
Message text |
Cpu state changed to Normal on [STRING]. |
Variable fields |
$1: Chassis number, slot number, and CPU number, or slot number and CPU number. The CPU number is displayed only if multiple CPUs are supported. |
Severity level |
5 |
Example |
DEV/5/CPU_STATE_NORMAL: Cpu state changed to Normal on slot 1 cpu 1. |
Explanation |
CPU status changed to normal. |
Recommended action |
No action is required. |
DEV_CLOCK_CHANGE
Message text |
-User=[STRING]-IPAddr=[IPADDR]; System clock changed from [STRING] to [STRING]. |
Variable fields |
$1: Username of the login user. $2: IP address of the login user. $3: Old time. $4: New time. |
Severity level |
5 |
Example |
DEV/5/DEV_CLOCK_CHANGE: -User=admin-IPAddr=192.168.1.2; System clock changed from 15:49:52 01/02/2013 to 15:50:00 01/02/2013. |
Explanation |
The system time changed. |
Recommended action |
No action is required. |
DEV_FAULT_TOOLONG
Message text |
Card in [STRING] is still in Fault state for [INT32] minutes. |
Variable fields |
$1: Chassis number and slot number or slot number. $2: Time duration during which the card stayed in Fault state. |
Severity level |
4 |
Example |
DEV/4/DEV_FAULT_TOOLONG: Card in slot 1 is still in Fault state for 60 minutes. |
Explanation |
A card stayed in Fault state for a long period of time. |
Recommended action |
1. Reboot the card. 2. If the issue persists, contact HP Support. |
DEV_REBOOT_UNSTABLE
Message text |
A reboot command was executed while the system status was not Stable. |
Variable fields |
N/A |
Severity level |
5 |
Example |
DEV/5/DEV_REBOOT_UNSTABLE: A reboot command was executed while the system status was not Stable. |
Explanation |
The reboot command was executed while the system status was not Stable. |
Recommended action |
Do not execute the reboot command while the system is starting up. It takes some time for the system to enter Stable state. If the system does not enter Stable state after a period, perform the following tasks: 1. Execute the display system stable state command to identify the components that are not in Stable state. 2. Troubleshoot the components that are not in Stable state. |
DYINGGASP
Message text |
Power failure or manual power-off occurred. |
Variable fields |
N/A |
Severity level |
0 |
Example |
DYINGGASP/0/DYINGGASP: Power failure or manual power-off occurred. |
Explanation |
The device detected an abrupt loss of power. |
Recommended action |
1. Verify that the power source is supplying power correctly. 2. Verify that the power cord is connected firmly. 3. Check the installed power modules. If one or more power modules have problems, replace the power modules. 4. If the issue persists, contact HP Support. |
FAN_ABSENT
Message text |
Pattern 1: Fan [INT32] is absent. Pattern 2: Chassis [INT32] fan [INT32] is absent. |
Variable fields |
Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number. |
Severity level |
3 |
Example |
DEV/3/FAN_ABSENT: Fan 2 is absent. |
Explanation |
A fan tray was not in place. |
Recommended action |
1. Check the fan tray slot: ¡ If the fan tray slot is empty, the temperature might have increased and the system recommends that you install a fan tray. ¡ If a fan tray is present, verify that the fan tray is securely seated. 2. Replace the fan tray if the message persists. 3. If the issue persists, contact HP Support. |
FAN_DIRECTION_NOT_PREFERRED
Message text |
Fan [INT32] airflow direction is not preferred on [STRING], please check it. |
Variable fields |
$1: Fan tray number. $2: Chassis number and slot number or slot number. |
Severity level |
1 |
Example |
DEV/1/FAN_DIRECTION_NOT_PREFERRED: Fan 1 airflow direction is not preferred on slot 1, please check it. |
Explanation |
The airflow direction of the fan tray is different from the airflow direction setting. |
Recommended action |
1. Verify that the airflow direction setting is correct. 2. Verify that the fan tray model provides the same airflow direction as the configured setting. 3. If the issue persists, contact HP Support. |
FAN_FAILED
Message text |
Pattern 1: Fan [INT32] failed. Pattern 2: Chassis [STRING] fan [INT32] failed. |
Variable fields |
Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number. |
Severity level |
2 |
Example |
DEV/2/FAN_FAILED: Fan 2 failed. |
Explanation |
The fan tray stopped because of an exception. |
Recommended action |
Replace the fan tray. |
FAN_RECOVERED
Message text |
Pattern 1: Fan [INT32] recovered. Pattern 2: Chassis [STRING] fan [INT32] recovered. |
Variable fields |
Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number. |
Severity level |
2 |
Example |
DEV/2/FAN_RECOVERED: Fan 2 recovered. |
Explanation |
The fan tray started to operate correctly after it was installed. |
Recommended action |
No action is required. |
MAD_DETECT
Message text |
Multi-active devices detected, please fix it. |
Variable fields |
N/A |
Severity level |
1 |
Example |
DEV/1/MAD_DETECT: Multi-active devices detected, please fix it. |
Explanation |
Multiple member devices were found active. |
Recommended action |
1. Use the display irf command to view which member devices have left the original IRF fabric. 2. Use the display irf link command to locate the IRF link with problems. 3. Fix the IRF link in DOWN state. |
POWER_ABSENT
Message text |
Pattern 1: Power [INT32] is absent. Pattern 2: Chassis [STRING] power [INT32] is absent. |
Variable fields |
Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number. |
Severity level |
3 |
Example |
DEV/3/POWER_ABSENT: Power 1 is absent. |
Explanation |
A power supply was removed. |
Recommended action |
1. Check the power supply slot. ¡ If the power supply slot is empty, install a power supply. ¡ If a power supply is present, verify that the power supply is securely seated. 2. If the issue persists, replace the power supply. 3. If the issue persists, contact HP Support. |
POWER_FAILED
Message text |
Pattern 1: Power [INT32] failed. Pattern 2: Chassis [STRING] power [INT32] failed. |
Variable fields |
Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number. |
Severity level |
2 |
Example |
DEV/2/POWER_FAILED: Power 1 failed. |
Explanation |
A power supply failed. |
Recommended action |
Replace the power supply. |
POWER_MONITOR_ABSENT
Message text |
Pattern 1: Power monitor unit [INT32] is absent. Pattern 2: Chassis [STRING] power monitor unit [INT32] is absent. |
Variable fields |
Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number. |
Severity level |
3 |
Example |
DEV/3/POWER_MONITOR_ABSENT: Power monitor unit 1 is absent. |
Explanation |
A power monitoring module was removed. |
Recommended action |
1. Check the power monitoring module slot. ¡ If the power monitoring module slot is empty, install a power monitoring module. ¡ If a power monitoring module is present, verify that the power monitoring module is securely seated. 2. If the issue persists, replace the power monitoring module. 3. If the issue persists, contact HP Support. |
POWER_MONITOR_FAILED
Message text |
Pattern 1: Power monitor unit [INT32] failed. Pattern 2: Chassis [STRING] power monitor unit [INT32] failed. |
Variable fields |
Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number. |
Severity level |
2 |
Example |
DEV/2/POWER_MONITOR_FAILED: Power monitor unit 1 failed. |
Explanation |
A power monitoring module failed. |
Recommended action |
Replace the power monitoring module. |
POWER_MONITOR_RECOVERED
Message text |
Pattern 1: Power monitor unit [INT32] recovered. Pattern 2: Chassis [STRING] power monitor unit [INT32] recovered. |
Variable fields |
Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number. |
Severity level |
2 |
Example |
DEV/2/POWER_MONITOR_RECOVERED: Power monitor unit 1 recovered. |
Explanation |
The power monitoring module started to operate correctly after it was installed. |
Recommended action |
No action is required. |
POWER_RECOVERED
Message text |
Pattern 1: Power [INT32] recovered. Pattern 2: Chassis [STRING] power [INT32] recovered. |
Variable fields |
Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number. |
Severity level |
2 |
Example |
DEV/2/POWER_RECOVERED: Power 1 recovered. |
Explanation |
The power supply started to operate correctly after it was installed. |
Recommended action |
No action is required. |
RPS_ABSENT
Message text |
Pattern 1: RPS [INT32] is absent. Pattern 2: Chassis [STRING] RPS [INT32] is absent. |
Variable fields |
Pattern 1: $1: RPS number. Pattern 2: $1: Chassis number. $2: RPS number. |
Severity level |
3 |
Example |
DEV/3/RPS_ABSENT: RPS 1 is absent. |
Explanation |
An RPS was removed. |
Recommended action |
1. Check the RPS slot. ¡ If the RPS slot is empty, install an RPS. ¡ If an RPS is present, verify that the RPS is securely seated. 2. If the issue persists, replace the RPS. 3. If the issue persists, contact HP Support. |
RPS_NORMAL
Message text |
Pattern 1: RPS [INT32] is normal. Pattern 2: Chassis [STRING] RPS [INT32] is normal. |
Variable fields |
Pattern 1: $1: RPS number. Pattern 2: $1: Chassis number. $2: RPS number. |
Severity level |
5 |
Example |
DEV/5/RPS_NORMAL: RPS 1 is normal. |
Explanation |
The RPS started to operate correctly after it was installed. |
Recommended action |
No action is required. |
SUBCARD_FAULT
Message text |
Subcard state changed to Fault on [STRING] subslot [INT32], type is [STRING]. |
Variable fields |
$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type. |
Severity level |
2 |
Example |
DEV/2/SUBCARD_FAULT: Subcard state changed to Fault on slot 1 subslot 1, type is MIM-1ATM-OC3SML. |
Explanation |
The subcard failed, or its status changed to Fault after it was rebooted. |
Recommended action |
Track the status of the subcard. · If the status of the subcard changes to Normal later, no action is required. · If the status is always Fault, replace the subcard. |
SUBCARD_INSERTED
Message text |
Subcard was inserted in [STRING] subslot [INT32], type is [STRING]. |
Variable fields |
$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type. |
Severity level |
4 |
Example |
DEV/4/SUBCARD_INSERTED: Subcard was inserted in slot 1 subslot 1, type is MIM-1ATM-OC3SML. |
Explanation |
A subcard was installed. |
Recommended action |
No action is required. |
SUBCARD_REBOOT
Message text |
Subcard is rebooting on [STRING] subslot [INT32]. |
Variable fields |
$1: Chassis number and slot number or slot number. $2: Subslot number. |
Severity level |
5 |
Example |
DEV/5/SUBCARD_REBOOT: Subcard is rebooting on slot 1 subslot 1. |
Explanation |
The subcard was manually or automatically rebooted. |
Recommended action |
· If the subcard operates correctly after it starts up, no action is required. · If you want to know the reboot reason or the subcard keeps rebooting, contact HP Support. |
SUBCARD_REMOVED
Message text |
Subcard was removed from [STRING] subslot [INT32], type is [STRING]. |
Variable fields |
$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type. |
Severity level |
3 |
Example |
DEV/3/SUBCARD_REMOVED: Subcard was removed from slot 1 subslot 1, type is MIM-1ATM-OC3SML. |
Explanation |
A subcard was removed. |
Recommended action |
If the subcard was not manually removed, perform the following tasks: 1. Verify that the subcard is securely seated. 2. Replace the subcard if the message persists. 3. If the issue persists, contact HP Support. |
SYSTEM_REBOOT
Message text |
System is rebooting now. |
Variable fields |
N/A |
Severity level |
4 |
Example |
DEV/4/SYSTEM_REBOOT: System is rebooting now. |
Explanation |
The system was manually or automatically rebooted. |
Recommended action |
If an unexpected automatic reboot occurred, perform the following tasks: 1. Execute the display version command after the system starts up. 2. Check the Last reboot reason field for the reboot reason. 3. If an exception caused the reboot, contact HP Support. |
TEMPERATURE_ALARM
Message text |
Pattern 1: Temperature is greater than the high-temperature alarming threshold on sensor [STRING] [USHOT]. Pattern 2: Temperature is greater than the high-temperature alarming threshold on [STRING] sensor [STRING] [USHOT]. Pattern 3: Temperature is greater than the high-temperature alarming threshold on [STRING] [STRING] sensor [STRING] [USHOT]. |
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. |
Severity level |
4 |
Example |
DEV/4/TEMPERATURE_ALARM: Temperature is greater than the high-temperature alarming threshold on slot 1 sensor inflow 1. |
Explanation |
A sensor's temperature exceeded the high-temperature alarming threshold. The ambient temperature was too high or the fan tray was not operating correctly. |
Recommended action |
1. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 2. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it. |
TEMPERATURE_LOW
Message text |
Pattern 1: Temperature is less than the low-temperature threshold on sensor [STRING] [INT32]. Pattern 2: Temperature is less than the low-temperature threshold on [STRING] sensor [STRING] [INT32]. Pattern 3: Temperature is less than the low-temperature threshold on [STRING] [STRING] sensor [STRING] [INT32]. |
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. |
Severity level |
4 |
Example |
DEV/4/TEMPERATURE_LOW: Temperature is less than the low-temperature threshold on slot 1 sensor inflow 1. |
Explanation |
A sensor's temperature fell below the low-temperature threshold. |
Recommended action |
Adjust the ambient temperature higher. |
TEMPERATURE_NORMAL
Message text |
Pattern 1: Temperature changed to normal on sensor [STRING] [INT32]. Pattern 2: Temperature changed to normal on [STRING] sensor [STRING] [INT32]. Pattern 3: Temperature changed to normal on [STRING] [STRING] sensor [STRING] [INT32]. |
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. |
Severity level |
4 |
Example |
DEV/4/TEMPERATURE_NORMAL: Temperature changed to normal on slot 1 sensor inflow 1. |
Explanation |
A sensor's temperature was normal (between the low-temperature threshold and the high-temperature warning threshold). |
Recommended action |
No action is required. |
TEMPERATURE_POWEROFF
Message text |
Powering off [STRING]: Temperature exceeded the shutdown threshold. |
Variable fields |
$1: Chassis number and slot number or slot number. |
Severity level |
5 |
Example |
DEV/2/TEMPERATURE_POWEROFF: Powering off slot 1: Temperature exceeded the shutdown threshold. |
Explanation |
The specified slot was powered off because the sensor's temperature exceeded the shutdown threshold. |
Recommended action |
1. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 2. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it. 3. Power on the slot manually. |
TEMPERATURE_SHUTDOWN
Message text |
Pattern 1: Temperature is greater than the high-temperature shutdown threshold on sensor [STRING] [INT32]. The slot will be powered off automatically. Pattern 2: Temperature is greater than the high-temperature shutdown threshold on [STRING] sensor [STRING] [INT32]. The slot will be powered off automatically. Pattern 3: Temperature is greater than the high-temperature shutdown threshold on [STRING] [STRING] sensor [STRING] [INT32]. The slot will be powered off automatically. |
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. |
Severity level |
2 |
Example |
DEV/2/TEMPERATURE_SHUTDOWN: Temperature is greater than the high-temperature shutdown threshold on slot 1 sensor inflow 1. The slot will be powered off automatically. |
Explanation |
A sensor's temperature exceeded the high-temperature shutdown threshold. The ambient temperature was too high or the fan tray was not operating correctly. |
Recommended action |
1. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 2. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it. |
TEMPERATURE_WARNING
Message text |
Pattern 1: Temperature is greater than the high-temperature warning threshold on sensor [STRING] [INT32]. Pattern 2: Temperature is greater than the high-temperature warning threshold on [STRING] sensor [STRING] [INT32]. Pattern 3: Temperature is greater than the high-temperature warning threshold on [STRING] [STRING] sensor [STRING] [INT32]. |
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. |
Severity level |
4 |
Example |
DEV/4/TEMPERATURE_WARNING: Temperature is greater than the high-temperature warning threshold on slot 1 sensor inflow 1. |
Explanation |
A sensor's temperature exceeded the high-temperature warning threshold. The ambient temperature was too high or the fan tray was not operating correctly. |
Recommended action |
1. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 2. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it. |
VCHK_VERSION_INCOMPATIBLE
Message text |
Software version of [STRING] is incompatible with that of the MPU. |
Variable fields |
$1: Chassis number and slot number or slot number. |
Severity level |
1 |
Example |
DEV/1/VCHK_VERSION_INCOMPATIBLE: Software version of slot 1 is incompatible with that of the MPU. |
Explanation |
A PEX that was starting up detected that its software version is incompatible with the parent device's software version. |
Recommended action |
Specify a set of startup software images for the PEX. Make sure the images are compatible with the parent device's software images. |
DHCP
This section contains DHCP messages.
DHCP_NOTSUPPORTED
Message text |
Failed to apply filtering rules for DHCP packets because some rules are not supported. |
Variable fields |
N/A |
Severity level |
3 |
Example |
DHCP/3/DHCP_NOTSUPPORTED: Failed to apply filtering rules for DHCP packets because some rules are not supported. |
Explanation |
The system failed to apply filtering rules for DHCP packets because some rules are not supported on the device. |
Recommended action |
No action is required. |
DHCP_NORESOURCES
Message text |
Failed to apply filtering rules for DHCP packets because hardware resources are insufficient. |
Variable fields |
N/A |
Severity level |
3 |
Example |
DHCP/3/DHCP_NORESOURCES: Failed to apply filtering rules for DHCP packets because hardware resources are insufficient. |
Explanation |
The system failed to apply filtering rules for DHCP packets because the hardware resources are insufficient. |
Recommended action |
Release hardware resources and then apply the rules again. |
DHCPR
This section contains DHCP relay agent messages.
DHCPR_SERVERCHANGE
Message text |
Switched to the server of pool [STRING] at [IPADDR] because the current server did not respond. Switched to the server of interface [STRING] at [IPADDR] because the current server did not respond. |
Variable fields |
$1: IP pool on the relay agent. $2: IP address of the DHCP server. $3: Interface enabled with the DHCP relay agent. |
Severity level |
3 |
Example |
DHCPR/3/DHCPR_SERVERCHANGE: -MDC=1; Switched to the server of pool 1 at 2.2.2.2 because the current server did not respond. DHCPR/3/DHCPR_SERVERCHANGE: -MDC=1; Switched to the server of interface GigabitEthernet1/0/1 at 2.2.2.2 because the current server did not respond. |
Explanation |
The DHCP relay agent did not receive any responses from the current DHCP server and switched to another DHCP server for IP address acquisition. |
Recommended action |
No action is required. |
DHCPR_SWITCHMASTER
Message text |
Switched to the master DHCP server at [IPADDR]. |
Variable fields |
$1: IP address of the master DHCP server. |
Severity level |
3 |
Example |
DHCPR/3/DHCPR_SWITCHMASTER: -MDC=1; Switched to the master DHCP server at 2.2.2.2. |
Explanation |
After a switchback delay time, the DHCP relay agent switched from a backup DHCP server back to the master DHCP server for IP address acquisition. |
Recommended action |
No action is required. |
DHCPS messages
This section contains DHCP server messages.
DHCPS_ALLOCATE_IP
Message text |
DHCP server received a DHCP client's request packet on interface [STRING], and allocated an IP address [IPADDR](lease [UINT32] seconds) for the DHCP client(MAC [MAC]) from [STRING] pool. |
Variable fields |
$1: Name of the interface on which the DHCP server is configured. $2: IPv4 address assigned to the DHCP client. $3: Lease duration of the assigned IPv4 address. $4: MAC address of the DHCP client. $5: Name of the IP pool to which the assigned IPv4 address belongs. |
Severity level |
5 |
Example |
DHCPS/5/DHCPS_ALLOCATE_IP: DHCP server received a DHCP client’s request packet on interface GigabitEthernet1/0/2, and allocated an IP address 1.0.0.91(lease 86400 seconds) for the DHCP client(MAC 0000-0000-905a) from p1 pool. |
Explanation |
The DHCP server assigned an IPv4 address with a lease to a DHCP client. |
Recommended action |
No action is required. |
DHCPS_CONFLICT_IP
Message text |
A conflict IP [IPADDR] from [STRING] pool was detected by DHCP server on interface [STRING]. |
Variable fields |
$1: IPv4 address that is in conflict. $2: Name of the IP pool to which the conflicting IPv4 address belongs. $3: Name of the interface on which DHCP server is configured. |
Severity level |
5 |
Example |
DHCPS/5/DHCPS_CONFLICT_IP: A conflict IP 100.1.1.1 from p1 pool was detected by DHCP server on interface GigabitEthernet1/0/2. |
Explanation |
The DHCP server deleted a conflicting IPv4 address from an IP pool. |
Recommended action |
No action is required. |
DHCPS_EXTEND_IP
Message text |
DHCP server received a DHCP client's request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IP [IPADDR], MAC [MAC]). |
Variable fields |
$1: Name of the interface on which DHCP server is configured. $2: Name of the IP pool to which the client's IPv4 address belongs. $3: IPv4 address of the DHCP client. $4: MAC address of the DHCP client. |
Severity level |
5 |
Example |
DHCPS/5/DHCPS_EXTEND_IP: DHCP server received a DHCP client’s request packet on interface GigabitEthernet1/0/2, and extended lease from p1 pool for the DHCP client (IP 1.0.0.91, MAC 0000-0000-905a). |
Explanation |
The DHCP server extended the lease for a DHCP client. |
Recommended action |
No action is required. |
DHCPS_FILE
Message text |
Failed to save DHCP client information due to lack of storage resources. |
Variable fields |
N/A |
Severity level |
4 |
Example |
DHCPS/4/DHCPS_FILE: Failed to save DHCP client information due to lack of storage resources. |
Explanation |
The DHCP server failed to back up DHCP bindings to the backup file due to lack of storage resources. |
Recommended action |
Delete unnecessary files to release resources. |
DHCPS_RECLAIM_IP
Message text |
DHCP server reclaimed a [STRING] pool’s lease(IP [IPADDR], lease [UINT32] seconds), which is allocated for the DHCP client (MAC [MAC]). |
Variable fields |
$1: Name of the IP pool to which the assigned IPv4 address belongs. $2: IPv4 address assigned to the DHCP client. $3: Lease duration of the assigned IPv4 address. $4: MAC address of the DHCP client. |
Severity level |
5 |
Example |
DHCPS/5/DHCPS_RECLAIM_IP: DHCP server reclaimed a p1 pool’s lease(IP 1.0.0.91, lease 86400 seconds), which is allocated for the DHCP client (MAC 0000-0000-905a). |
Explanation |
The DHCP server reclaimed the IPv4 address assigned to a DHCP client. |
Recommended action |
No action is required. |
DHCPS_THRESHOLD_EXCEED
Message text |
The IP address utilization of the address pool [STRING] has exceeded the threshold. |
Variable fields |
$1: IP pool name. |
Severity level |
4 |
Example |
The IP address utilization of the address pool 1 has exceeded the threshold. |
Explanation |
The IP pool usage has exceeded the threshold. |
Recommended action |
Replan address resources in the IP pool. |
DHCPS_THRESHOLD_RECOVER
Message text |
The IP address usage of pool [STRING] has descended to 90% of the threshold. |
Variable fields |
$1: IP pool name. |
Severity level |
4 |
Example |
DHCPS/5/DHCPS_THRESHOLD_RECOVER: The IP address usage of pool 1 has descended to 90% of the threshold. |
Explanation |
The IP pool usage has descended to 90% of the threshold. |
Recommended action |
No action is required. |
DHCPS_VERIFY_CLASS
Message text |
Illegal DHCP client-PacketType=[STRING]-ClientAddress=[MAC]; |
Variable fields |
$1: Type of the packet. $2: Hardware address of the DHCP client. |
Severity level |
5 |
Example |
|
Explanation |
The DHCP server verified that the DHCP client was not on the user class whitelist. |
Recommended action |
Check the validity of the DHCP client. |
DHCPS_WARNING_EXHAUSTION
Message text |
Address pool [STRING] has run out of IP addresses. |
Variable fields |
$1: IP pool name. |
Severity level |
3 |
Example |
DHCPS/5/DHCPS_WARNING_EXHAUSTION: Address pool 1 has run out of IP addresses. |
Explanation |
The IP pool has run out of IP addresses. |
Recommended action |
Replan address resources in the IP pool. |
DHCPS6 messages
This section contains DHCPv6 server messages.
DHCPS6_ALLOCATE_ADDRESS
Message text |
DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 address [IPADDR] (lease [UINT32] seconds) for the DHCP client(DUID [HEX], IAID [HEX]) from [STRING] pool. |
Variable fields |
$1: Name of the interface on which DHCPv6 server is configured. $2: IPv6 address assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 address. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. $6: Name of the address pool to which the assigned IPv6 address belongs. |
Severity level |
5 |
Example |
DHCPS6/5/DHCPS6_ALLOCATE_ADDRESS: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and allocated an IPv6 address 2000::3(lease 60 seconds) for the DHCP client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool. |
Explanation |
The DHCPv6 server assigned an IPv6 address with a lease to a DHCPv6 client. |
Recommended action |
No action is required. |
DHCPS6_ALLOCATE_PREFIX
Message text |
DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 prefix [IPADDR] (lease [UINT32] seconds) for the DHCP client(DUID [HEX], IAID [HEX]) from [STRING] pool. |
Variable fields |
$1: Name of the interface on which DHCPv6 server is configured. $2: IPv6 prefix assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 prefix. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. $6: Name of the address pool to which the assigned IPv6 prefix belongs. |
Severity level |
5 |
Example |
DHCPS6/5/DHCPS6_ALLOCATE_PREFIX: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and allocated an IPv6 prefix 2000::(lease 60 seconds) for the DHCP client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool. |
Explanation |
The DHCPv6 server assigned an IPv6 prefix with a lease to a DHCPv6 client. |
Recommended action |
No action is required. |
DHCPS6_CONFLICT_ADDRESS
A conflict IPv6 address [IPADDR] from [STRING] pool was detected by DHCPv6 server on interface [STRING]. |
|
Variable fields |
$1: IPv6 address that is in conflict. $2: Name of the address pool to which the conflicting IPv6 address belongs. $3: Name of the interface on which DHCPv6 server is configured. |
Severity level |
5 |
Example |
DHCPS6/5/DHCPS6_CONFLICT_ADDRESS: A conflict IPv6 address 33::1 from p1 pool was detected by DHCPv6 server on interface Ethernet0/2. |
Explanation |
The DHCPv6 server deleted a conflicting IPv6 address from an address pool. |
Recommended action |
No action is required. |
DHCPS6_EXTEND_ADDRESS
Message text |
DHCPv6 server received a DHCP client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IPv6 address [IPADDR], DUID [HEX], IAID [HEX]). |
Variable fields |
$1: Name of the interface on which DHCPv6 server is configured. $2: Name of the address pool to which the client's IPv6 address belongs. $3: IPv6 address of the DHCPv6 client. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. |
Severity level |
5 |
Example |
DHCPS6/5/DHCPS6_EXTEND_ADDRESS: DHCPv6 server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IPv6 address 2000::3, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f). |
Explanation |
The DHCPv6 server extended the address lease for a DHCPv6 client. |
Recommended action |
No action is required. |
DHCPS6_EXTEND_PREFIX
Message text |
DHCPv6 server received a DHCP client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IPv6 prefix [IPADDR], DUID [HEX], IAID [HEX]). |
Variable fields |
$1: Name of the interface on which DHCPv6 server is configured. $2: Name of the address pool to which the client's IPv6 prefix belongs. $3: IPv6 prefix of the DHCPv6 client. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. |
Severity level |
5 |
Example |
DHCPS6/5/DHCPS6_EXTEND_PREFIX: DHCPv6 server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IPv6 prefix 2000::, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f). |
Explanation |
The DHCPv6 server extended the prefix lease for a DHCPv6 client. |
Recommended action |
No action is required. |
DHCPS6_FILE
Message text |
Failed to save DHCP client information due to lack of storage resources. |
Variable fields |
N/A |
Severity level |
4 |
Example |
DHCPS6/4/DHCPS6_FILE: Failed to save DHCP client information due to lack of storage resources. |
Explanation |
The DHCPv6 server failed to back up DHCPv6 bindings to the backup file due to lack of storage resources. |
Recommended action |
Delete unnecessary files to release resources. |
DHCPS6_RECLAIM_ADDRESS
Message text |
DHCPv6 server reclaimed a [STRING] pool's lease(IPv6 address [IPADDR], lease [UINT32] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]). |
Variable fields |
$1: Name of the address pool to which the assigned IPv6 address belongs. $2: IPv6 address assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 address. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. |
Severity level |
5 |
Example |
DHCPS6/5/DHCPS6_RECLAIM_ADDRESS: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 address 2000::3, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f). |
Explanation |
The DHCPv6 server reclaimed the IPv6 address assigned to a DHCPv6 client. |
Recommended action |
No action is required. |
DHCPS6_RECLAIM_PREFIX
Message text |
DHCPv6 server reclaimed a [STRING] pool’s lease(IPv6 prefix [IPADDR], lease [INTEGER] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]). |
Variable fields |
$1: Name of the address pool to which the assigned IPv6 prefix belongs. $2: IPv6 prefix assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 prefix. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. |
Severity level |
5 |
Example |
DHCPS6/5/DHCPS6_RECLAIM_PREFIX: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 prefix 2000::, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f). |
Explanation |
The DHCPv6 server reclaimed the IPv6 prefix assigned to a DHCPv6 client. |
Recommended action |
No action is required. |
DHCPSP4
This section contains DHCP snooping messages.
DHCPSP4_FILE
Message text |
Failed to save DHCP client information due to lack of storage resources. |
Variable fields |
N/A |
Severity level |
4 |
Example |
DHCPSP4/4/DHCPSP4_FILE: Failed to save DHCP client information due to lack of storage resources. |
Explanation |
The DHCP snooping device failed to back up DHCP snooping entries to the backup file due to lack of storage resources. |
Recommended action |
Delete unnecessary files to release resources. |
DHCPSP6
This section contains DHCPv6 snooping messages.
DHCPSP6_FILE
Message text |
Failed to save DHCP client information due to lack of storage resources. |
Variable fields |
N/A |
Severity level |
4 |
Example |
DHCPSP6/4/DHCPSP6_FILE: Failed to save DHCP client information due to lack of storage resources. |
Explanation |
The DHCPv6 snooping device failed to back up DHCPv6 snooping entries to the backup file due to lack of storage resources. |
Recommended action |
Delete unnecessary files to release resources. |
DIAG messages
This section contains diagnostic messages.
CPU_MINOR_RECOVERY
Message text |
CPU usage recovered to normal state. |
Variable fields |
N/A |
Severity level |
5 |
Example |
DIAG/5/CPU_MINOR_THRESHOLD: CPU usage recovered to normal state. |
Explanation |
The CPU usage dropped to or below the recovery threshold. The minor alarm was removed. |
Recommended action |
No action is required. |
CPU_MINOR_THRESHOLD
Message text |
CPU usage is in minor alarm state. |
Variable fields |
N/A |
Severity level |
4 |
Example |
DIAG/4/CPU_MINOR_THRESHOLD: CPU usage is in minor alarm state. |
Explanation |
The CPU usage increased above the minor alarm threshold and entered minor alarm state. In minor alarm state, the device sends this message regularly until the alarm is removed. |
Recommended action |
Configure the device to reduce CPU usage. |
CPU_SEVERE_RECOVERY
Message text |
CPU usage severe alarm removed. |
Variable fields |
N/A |
Severity level |
5 |
Example |
DIAG/5/CPU_RECOVERY: CPU usage severe alarm removed. |
Explanation |
The CPU usage dropped to or below the minor alarm threshold. The severe alarm was removed. |
Recommended action |
No action is required. |
CPU_SEVERE_THRESHOLD
Message text |
CPU usage is in severe alarm state. |
Variable fields |
N/A |
Severity level |
3 |
Example |
DIAG/3/CPU_THRESHOLD: CPU usage is in severe alarm state. |
Explanation |
The CPU usage increased above the severe alarm threshold and entered severe alarm state. In severe alarm state, the device sends this message regularly until the alarm is removed. |
Recommended action |
Use the display current-configuration | include "monitor cpu-usage" command to display the CPU alarm thresholds. If the settings are not appropriate, use the monitor cpu-usage command to change the settings. |
CORE_EXCEED_THRESHOLD
Message text |
Usage of CPU [INT] core [INT] exceeded the threshold ([string]). |
Variable fields |
$1: CPU number. $2: CPU core number. $3: Severe usage alarm threshold. |
Severity level |
3 |
Example |
DIAG/3/CORE_EXCEED_THRESHOLD: Usage of CPU 0 core 2 exceeded the threshold (90%). |
Explanation |
The usage of the specified CPU core exceeded the severe usage alarm threshold. The CPU core usage was in severe alarm state. |
Recommended action |
1. Execute the display process cpu and monitor thread commands to display CPU usage information about all processes. 2. Contact the technical support. |
CORE_MINOR_RECOVERY
Message text |
Core usage minor alarm CPU [INT] core [INT] removed. |
Variable fields |
$1: CPU number. $2: CPU core number. |
Severity level |
5 |
Example |
DIAG/5/CORE_MINOR_RECOVERY: Core usage alarm CPU 0 core 1 removed. |
Explanation |
The usage of the specified CPU core dropped to or below the minor usage alarm threshold. The minor alarm was removed. |
Recommended action |
No action is required. |
CORE_MINOR_THRESHOLD
Message text |
Usage of CPU [INT] core [INT] exceeded the threshold ([string]). |
Variable fields |
$1: CPU number. $2: CPU core number. $3: Minor usage alarm threshold. |
Severity level |
4 |
Example |
DIAG/4/CORE_MINOR_THRESHOLD: Usage of CPU 0 core 2 exceeded the threshold (80%). |
Explanation |
The usage of the specified CPU core was greater than the minor usage alarm threshold. The CPU core usage was in minor alarm state. |
Recommended action |
1. Execute the display process cpu and monitor thread commands to display CPU usage information about all processes. 2. Contact the technical support. |
CORE_RECOVERY
Message text |
Core usage alarm CPU [INT] core [INT] removed. |
Variable fields |
$1: CPU number. $2: CPU core number. |
Severity level |
5 |
Example |
DIAG/5/CORE_RECOVERY: Core usage alarm CPU 0 core 1 removed. |
Explanation |
The usage of the specified CPU core dropped to or below the severe usage alarm threshold. The severe alarm was removed. |
Recommended action |
No action is required. |
DIAG_STORAGE_BELOW_THRESHOLD
Message text |
The usage of [STRING] ([UINT32]%) was below or equal to the threshold of [UINT32]%. |
Variable fields |
$1: Name of the storage medium. $2: Usage of the storage medium. $3: Usage threshold of the storage medium. |
Severity level |
1 |
Example |
DIAG/1/DIAG_STORAGE_BELOW_THRESHOLD: The usage of flash (90%) was below or equal to the threshold of 95%. |
Explanation |
The usage of the storage medium was below or equal to the threshold. |
Recommended action |
No action is required. |
DIAG_STORAGE_EXCEED_THRESHOLD
Message text |
The usage of [STRING] ([UINT32]%) exceeded the threshold of [UINT32]%. |
Variable fields |
$1: Name of the storage medium. $2: Usage of the storage medium. $3: Usage threshold of the storage medium. |
Severity level |
1 |
Example |
DIAG/1/DIAG_STORAGE_EXCEED_THRESHOLD: The usage of flash (96%) exceeded the threshold of 95%. |
Explanation |
The usage of the storage medium exceeded the threshold. |
Recommended action |
Back up the files that are not used for a long time to the PC and then delete the files, or delete the files directly by using the delete command. The files include logs and software packages for earlier versions. |
MEM_ALERT
Message text |
system memory info: total used free shared buffers cached Mem: [ULONG] [ULONG] [ULONG] [ULONG] [ULONG] [ULONG] -/+ buffers/cache: [ULONG] [ULONG] Swap: [ULONG] [ULONG] [ULONG] Lowmem: [ULONG] [ULONG] [ULONG] |
Variable fields |
· Mem—Memory information of the whole system: ¡ $1: Total size of allocatable physical memory. The system physical memory contains allocatable physical memory and unallocatable physical memory. Unallocatable physical memory is mainly used for kernel code storage, kernel management, and running of basic functions. Allocatable physical memory is used for such tasks as running service modules and storing files. The size of unallocatable physical memory is automatically calculated based on the system operation requirements. The size of allocatable physical memory is the total physical memory size minus the unallocatable physical memory size. ¡ $2: Size of the physical memory used by the system. ¡ $3: Size of free physical memory of the system. ¡ $4: Total size of physical memory shared by processes. ¡ $5: Size of physical memory used for buffers. ¡ $6: Size of physical memory used for caches. · -/+ buffers/cache—Memory usage information of applications: ¡ $7: -/+ Buffers/Cache:used = Mem:Used – Mem:Buffers – Mem:Cached, which indicates the size of physical memory used by applications. ¡ $8: -/+ Buffers/Cache:free = Mem:Free + Mem:Buffers + Mem:Cached, which indicates the size of physical memory available for applications. · Swap—Swap memory usage information: ¡ $9: Total size of swap memory. ¡ $10: Size of used swap memory. ¡ $11: Size of free swap memory. · Lowmem—Low memory usage information: ¡ $12: Total size of low memory. ¡ $13: Size of used low memory. ¡ $14: Size of free low memory. |
Severity level |
4 |
Example |
DIAG/4/MEM_ALERT: system memory info: total used free shared buffers cached Mem: 1784424 920896 863528 0 0 35400 -/+ buffers/cache: 885496 898928 Swap: 0 0 0 Lowmem: 735848 637896 97952 |
Explanation |
A memory alarm was generated, displaying memory usage information. The system generates this message when the used memory is greater than or equal to the minor, severe, or critical threshold of memory usage. |
Recommended action |
You can perform the following tasks to help remove the alarm: Verify that appropriate alarm thresholds are set. To view the alarm thresholds, use the display memory-threshold command. Then you can use the memory-threshold command to modify the alarm thresholds if required. · Verify that the device is not under attack by checking the ARP table and routing table. · Examine and optimize the network, for example, reduce the number of routes, or replace the device with a higher-performance device. |
MEM_BELOW_THRESHOLD
Message text |
Memory usage has dropped below [STRING] threshold. |
Variable fields |
$1: Memory usage threshold name: minor, severe, or critical. |
Severity level |
1 |
Example |
DIAG/1/MEM_BELOW_THRESHOLD: Memory usage has dropped below critical threshold. |
Explanation |
A memory alarm was removed. The message is sent when the system free memory is greater than a memory alarm recovery threshold. |
Recommended action |
No action is required. |
MEM_EXCEED_THRESHOLD
Message text |
Memory [STRING] threshold has been exceeded. |
Variable fields |
$1: Memory usage threshold name: minor, severe, or critical. |
Severity level |
1 |
Example |
DIAG/1/MEM_EXCEED_THRESHOLD: Memory minor threshold has been exceeded. |
Explanation |
A memory alarm was notified. When the used memory size is greater than or equal to the minor, severe, or critical threshold of memory usage, the system generates this message and notifies services modules to perform auto repair, such as releasing memory and stopping requesting memory. |
Recommended action |
You can perform the following tasks to help remove the alarm: · Verify that appropriate alarm thresholds are set. To view the alarm thresholds, use the display memory-threshold command. Then you can use the memory-threshold command to modify the alarm thresholds if required. · Verify that the device is not under attack by checking the ARP table and routing table. · Examine and optimize the network, for example, reduce the number of routes or replace the device with a higher-performance device. |
DLDP messages
This section contains DLDP messages.
DLDP_AUTHENTICATION_FAILED
Message text |
The DLDP packet failed the authentication because of unmatched [STRING] field. |
Variable fields |
$1: Authentication field. · AUTHENTICATION PASSWORD—Authentication password mismatch. · AUTHENTICATION TYPE—Authentication type mismatch. · INTERVAL—Advertisement interval mismatch. |
Severity level |
5 |
Example |
DLDP/5/DLDP_AUTHENTICATION_FAILED: The DLDP packet failed the authentication because of unmatched INTERVAL field. |
Explanation |
The packet authentication failed. Possible reasons include unmatched authentication type, unmatched authentication password, and unmatched advertisement interval. |
Recommended action |
Check the DLDP authentication type, authentication password, and advertisement interval are consistent with peer end. |
DLDP_LINK_BIDIRECTIONAL
Message text |
DLDP detected a bidirectional link on interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
DLDP/6/DLDP_LINK_BIDIRECTIONAL: DLDP detected a bidirectional link on interface Ethernet1/1. |
Explanation |
DLDP detected a bidirectional link on an interface. |
Recommended action |
No action is required. |
DLDP_LINK_SHUTMODECHG
Message text |
DLDP automatically blocked the interface [STRING] because the port shutdown mode was changed to auto mode. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
DLDP/5/DLDP_LINK_SHUTMODECHG: DLDP automatically blocked the interface Ethernet1/1 because the port shutdown mode was changed to auto mode. |
Explanation |
DLDP automatically shut down the interface because the port shutdown mode was changed to auto mode. |
Recommended action |
No action is required. |
DLDP_LINK_UNIDIRECTIONAL
Message text |
DLDP detected a unidirectional link on interface [STRING]. [STRING]. |
Variable fields |
$1: Interface name. $2: Action according to the port shutdown mode: · DLDP automatically blocked the interface. · Please manually shut down the interface. |
Severity level |
3 |
Example |
DLDP/3/DLDP_LINK_UNIDIRECTIONAL: DLDP detected a unidirectional link on interface Ethernet1/1. DLDP automatically blocked the interface. |
Explanation |
DLDP detected a unidirectional link on an interface. |
Recommended action |
Check for incorrect cable connection, cable falloff, or other problems. |
DLDP_NEIGHBOR_AGED
Message text |
A neighbor on interface [STRING] was deleted because the neighbor was aged. The neighbor's system MAC is [MAC], and the port index is [UINT16]. |
Variable fields |
$1: Interface name. $2: MAC address. $3: Port index. |
Severity level |
5 |
Example |
DLDP/5/DLDP_NEIGHBOR_AGED: A neighbor on interface Ethernet1/1 was deleted because the neighbor was aged. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1. |
Explanation |
The interface deleted an aged neighbor. |
Recommended action |
No action is required. |
DLDP_NEIGHBOR_CONFIRMED
Message text |
A neighbor was confirmed on interface [STRING]. The neighbor's system MAC is [MAC], and the port index is [UINT16]. |
Variable fields |
$1: Interface name. $2: MAC address. $3: Port index. |
Severity level |
6 |
Example |
DLDP/6/DLDP_NEIGHBOR_CONFIRMED: A neighbor was confirmed on interface Ethernet1/1. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1. |
Explanation |
The interface detected a confirmed neighbor. |
Recommended action |
No action is required. |
DLDP_NEIGHBOR_DELETED
Message text |
A neighbor on interface [STRING] was deleted because a [STRING] packet arrived. The neighbor's system MAC is [MAC], and the port index is [UINT16]. |
Variable fields |
$1: Interface name. $2: Packet type, DISABLE or LINKDOWN. $3: MAC address. $4: Port index. |
Severity level |
5 |
Example |
DLDP/5/DLDP_NEIGHBOR_DELETED: A neighbor on interface Ethernet1/1 was deleted because a DISABLE packet arrived. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1. |
Explanation |
The interface deleted a confirmed neighbor because it received a DISABLE or LINKDOWN packet. |
Recommended action |
No action is required. |
DOT1X messages
This section contains 802.1X messages.
DOT1X_LOGIN_FAILURE
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; User failed 802.1X authentication. |
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. |
Severity level |
6 |
Example |
DOT1X/6/DOT1X_LOGIN_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa; User failed 802.1X authentication. |
Explanation |
The user failed 802.1X authentication. |
Recommended action |
Locate the failure cause and handle the problem according to the failure cause. |
DOT1X_LOGIN_SUCC
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; User passed 802.1X authentication and came online. |
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. |
Severity level |
6 |
Example |
DOT1X/6/DOT1X_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa; User passed 802.1X authentication and came online. |
Explanation |
The user passed 802.1X authentication. |
Recommended action |
No action is required. |
DOT1X_LOGOFF
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-ErrCode=[STRING]; 802.1X user was logged off. |
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: Error code. |
Severity level |
6 |
Example |
DOT1X/6/DOT1X_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa-ErrCode=11; 802.1X user was logged off. |
Explanation |
The 802.1X user was logged off. |
Recommended action |
Locate the logoff cause and remove the problem. If the logoff was requested by the user, no action is required. |
DOT1X_NOTENOUGH_EADFREEIP_RES
Message text |
Failed to assign a rule for free IP [IPADDR] on interface [STRING] due to lack of ACL resources. |
Variable fields |
$1: Free IP. $2: Interface type and number. |
Severity level |
3 |
Example |
DOT1X/3/DOT1X_NOTENOUGH_EADFREEIP_RES: Failed to assign a rule for free IP 1.1.1.0 on interface Ethernet3/1/2 due to lack of ACL resources. |
Explanation |
The device failed to assign an ACL rule to permit a free IP on an interface because of ACL resource shortage. |
Recommended action |
No action is required. |
DOT1X_NOTENOUGH_EADFREERULE_RES
Message text |
Failed to assign a rule for permitting DHCP and DNS packets on interface [STRING] due to lack of ACL resources. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
DOT1X/3/DOT1X_NOTENOUGH_EADFREERULE_RES: Failed to assign a rule for permitting DHCP and DNS packets on interface Ethernet3/1/2 due to lack of ACL resources. |
Explanation |
The device failed to assign an ACL rule to permit DHCP and DNS packets on an interface because of ACL resource shortage. |
Recommended action |
No action is required. |
DOT1X_NOTENOUGH_EADMACREDIR_RES
Message text |
Failed to assign a rule for redirecting HTTP packets with source MAC address [MAC] on interface [STRING]. |
Variable fields |
$1: Source MAC address of HTTP packets. $2: Interface type and number. |
Severity level |
3 |
Example |
DOT1X/3/DOT1X_NOTENOUGH_EADMACREDIR_RES: Failed to assign a rule for redirecting HTTP packets with source MAC address 00e0-fc00-5915 on interface Ethernet3/1/2. |
Explanation |
The device failed to redirect HTTP packet with the designated source MAC on an interface because of ACL resource shortage. |
Recommended action |
No action is required. |
DOT1X_NOTENOUGH_EADPORTREDIR_RES
Message text |
Failed to assign a rule for redirecting HTTP packets on interface [STRING] due to lack of ACL resources. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
DOT1X/3/DOT1X_NOTENOUGH_EADPORTREDIR_RES: Failed to assign a rule for redirecting HTTP packets on interface Ethernet3/1/2 due to lack of ACL resources. |
Explanation |
The device failed to assign an ACL rule to redirect HTTP packets on an interface because of ACL resource shortage. |
Recommended action |
No action is required. |
DOT1X_NOTENOUGH_ENABLEDOT1X_RES
Message text |
Failed to enable 802.1X on interface [STRING] due to lack of ACL resources. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
DOT1X/3/DOT1X_NOTENOUGH_ENABLEDOT1X_RES: Failed to enable 802.1X on interface Ethernet3/1/2 due to lack of ACL resources. |
Explanation |
Failed to enable 802.1X on an interface because of ACL resource shortage. |
Recommended action |
Disable 802.1X on the interface, and then re-enable 802.1X. |
DOT1X_SMARTON_FAILURE
Message text |
-IfName=[STRING]-MACAddr=[STRING]; User failed SmartOn authentication because [STRING]. |
Variable fields |
$1: Interface type and number. $2: MAC address. $3: Cause of failure: · the password was wrong. · the switch ID was wrong. |
Severity level |
6 |
Example |
DOT1X/6/DOT1X_SMARTON_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; User failed SmartOn authentication because the password was wrong. |
Explanation |
SmartOn authentication failed for a specific reason. |
Recommended action |
Handle the problem according to the failure cause. |
DOT1X_UNICAST_NOT_EFFECTIVE
Message text |
The unicast trigger feature is enabled but is not effective on interface [STRING]. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
DOT1X/3/DOT1X_UNICAST_NOT_EFFECTIVE: The unicast trigger feature is enabled but is not effective on interface Ethernet3/1/2. |
Explanation |
The unicast trigger setting does not take effect on an interface, because the interface does not support unicast trigger. |
Recommended action |
1. Reconnect the 802.1X clients to another interface that supports the unicast trigger feature. 2. Enable the unicast trigger feature on the new interface. |
DRVPLAT messages
This section contains DRVPLAT messages.
DrvDebug
Message text |
Chip [UINT32] temperature([UINT32]) in slot [UINT32] is too high and the board will be shutdown. |
Variable fields |
$1: Chip ID. $2: Temperature value. $3: Slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Chip 0 temperature(54) in slot 3 is too high and the board will be shutdown. |
Explanation |
The temperature of a chip on the specified card has exceeded the upper temperature threshold. The card will be shut down. |
Recommended action |
1. Check the fan tray status. Resolve the fan tray issue if any. 2. If it is not a fan tray issue, contact technical support. |
Message text |
hotspot [UINT32] in slot [UINT32] temperature([UINT32]) is too high, please check it. |
Variable fields |
$1: Hotspot ID. $2: Slot number. $3: Temperature value. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: hotspot 1 in slot 2 temperature(90) is too high, please check it. |
Explanation |
The temperature of the specified card has exceeded the upper temperature threshold. A check is required. |
Recommended action |
1. Check the fan tray status. Resolve the fan tray issue if any. 2. If it is not a fan tray issue, contact technical support. |
Message text |
hotspot [UINT32] in slot [UINT32] temperature([UINT32]) is too high and the board will be shutdown. |
Variable fields |
$1: Hotspot ID. $2: Slot number. $3: Temperature value. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: hotspot 1 in slot 2 temperature(90) is too high and the board will be shutdown. |
Explanation |
The temperature of the specified card has exceeded the upper temperature threshold. The card will be shut down. |
Recommended action |
1. Check the fan tray status. Resolve the fan tray issue if any. 2. If it is not a fan tray issue, contact technical support. |
Message text |
Warning: cpu temperature([UINT32]) in slot [UINT32] is too high, please check it. |
Variable fields |
$1: Temperature value. $2: Slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Warning: cpu temperature(90) in slot 2 is too high, please check it. |
Explanation |
The CPU temperature of the specified card has exceeded the upper temperature threshold. A check is required. |
Recommended action |
1. Check the fan tray status. Resolve the fan tray issue if any. 2. If it is not a fan tray issue, contact technical support. |
Message text |
Warning:Chip [UINT32] temperature([UINT32]) in slot [UINT32] is too high, please check it. |
Variable fields |
$1: Chip ID. $2: Temperature value. $3: Slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Warning:Chip 0 temperature(90) in slot 2 is too high, please check it. |
Explanation |
The temperature of a chip on the specified card has exceeded the upper temperature threshold. A check is required. |
Recommended action |
1. Check the fan tray status. Resolve the fan tray issue if any. 2. If it is not a fan tray issue, contact technical support. |
Message text |
FPGA [UINT32] temperature([UINT32]) in slot [UINT32] is too high and the board will be shutdown. |
Variable fields |
$1: FPGA chip ID. $2: Temperature value. $3: Slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: FPGA 0 temperature(90) in slot 2 is too high and the board will be shutdown. |
Explanation |
The temperature of an FPGA chip on the card has exceeded the upper temperature threshold. The card will be shut down. |
Recommended action |
1. Check the fan tray status. Resolve the fan tray issue if any. 2. If it is not a fan tray issue, contact technical support. |
Message text |
SubCard cpu CN7809 temperature([UINT32]) in slot [UINT32] is too high and the board will be shutdown. |
Variable fields |
$1: Temperature value. $2: Slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: SubCard cpu CN7809 temperature(90) in slot 2 is too high and the board will be shutdown. |
Explanation |
The temperature of the subcard CPU on the specified card has exceeded the upper temperature threshold. The card will be shut down. |
Recommended action |
1. Check the fan tray status. Resolve the fan tray issue if any. 2. If it is not a fan tray issue, contact technical support. |
Message text |
Power Error, there is no input in Power [UINT32]. |
Variable fields |
$1: Power supply ID. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Power Error, there is no input in Power 1. |
Explanation |
The specified power supply does not have power input. |
Recommended action |
Check the power supply status. If the power supply is abnormal, replace it or contact technical support. |
Message text |
Warning: Only one power exist! |
Variable fields |
N/A |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Warning: Only one power exist! |
Explanation |
The device has only one power supply present. |
Recommended action |
· Check the status of the other power supplies. If they are abnormal, replace them. · Install more power supplies. |
Message text |
Warning: Only one power [UINT32] exist ! |
Variable fields |
$1: Power supply ID. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Warning: Only one power [UINT32] exist ! |
Explanation |
Only one power supply slot on the device has a power supply present. |
Recommended action |
· Check the status of the power supplies in the other power supply slots. If they are abnormal, replace them. · Install power supplies in the other power supply slots. |
Message text |
Warning: Power [UINT32] differs from power [UINT32] in types! |
Variable fields |
$1: Power supply ID_1. $2: Power supply ID_2. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Warning: Power 1 differs from power 2 in types! |
Explanation |
The two specified power supplies are different in type. |
Recommended action |
Use power supplies of the same type. |
Message text |
Warning: power [UINT32] voltage is [UINT32], please check! |
Variable fields |
$1: Power supply ID. $2: Voltage. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Warning: power 1 voltage is 220, please check! |
Explanation |
The voltage of the specified power supply is not in the acceptable range. |
Recommended action |
Check the power supply status. If the power supply is abnormal, replace it or contact technical support. |
Message text |
Warning: Chassis [UINT32] Fan [UINT32] is absent! |
Variable fields |
$1: Chassis ID $2: Fan tray ID. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Warning: Chassis 1 Fan 1 is absent! |
Explanation |
The specified fan tray is in absent state. |
Recommended action |
Check the fan tray status. If the fan tray is abnormal, replace it or contact technical support.. |
Message text |
Frame [HEX] power [HEX] state error! |
Variable fields |
$1: Chassis ID. $2: Power supply ID. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Frame 0x01 power 0x01 state error! |
Explanation |
The specified power supply is in error state. |
Recommended action |
1. Replace the power supply. 2. If the issue persists, contact technical support. |
Message text |
Frame [HEX] fan [HEX] state error! |
Variable fields |
$1: Chassis ID. $2: Fan tray ID. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Frame 0x01 fan 0x01 state error! |
Explanation |
The specified fan tray is in error state. |
Recommended action |
1. Replace the fan tray. 2. If the issue persists, contact technical support. |
Message text |
Frame [UINT32] fan command sending failed! |
Variable fields |
$1: Chassis ID. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Frame 1 fan command sending failed! |
Explanation |
On the specified chassis, fan tray commands failed to be issued. |
Recommended action |
· Check the fan tray status. Resolve the fan tray issue if any. · Contact technical support. |
Message text |
Frame [UINT32] fan [UINT32] state: [HEX], write reg[HEX]:[HEX], reg[HEX]:[HEX] read reg[HEX]:[HEX], reg[HEX]:[HEX], reg[HEX]:[HEX] |
Variable fields |
$1: Chassis ID. $2: Fan tray ID. $3: State. $4: Write register ID. $5: Value written to the register. $6: Write register ID. $7: Value written to the register. $8: Read register ID. $9: Value read from the register. $10: Read register ID. $11: Value read from the register. $12: Read register ID. $13: Value read from the register. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Frame 1 fan 2 state:0x0, write reg0x30:0x12, reg0x31:0x12 read reg0x32:0x12, reg0x33:0x12, reg0x34:0x12 |
Explanation |
The system has written data to and read data from the registers of the fan tray. |
Recommended action |
No action is required. |
Message text |
Frame [UINT32] fan [UINT32] receive data [HEX] error! |
Variable fields |
$1: Chassis ID. $2: Fan tray ID. $3: Data value. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Frame 1 fan 1 receive data 0x30 error! |
Explanation |
The fan tray received error data. |
Recommended action |
· Check the fan tray status. Resolve the fan tray issue if any. · Contact technical support. |
Message text |
Please check your fabric boards, at least one of them must be normal! |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Please check your fabric boards, at least one of them must be normal! |
Explanation |
You are required to check the fabric modules and ensure that a minimum one of fabric modules is normal. |
Recommended action |
Check the fabric module status. |
Message text |
In chassis [UINT32],the specified fabric-board [UINT32] does not work. |
Variable fields |
$1: Chassis ID. $2: Fabric module ID. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: In chassis 1,the specified fabric-board 10 does not work. |
Explanation |
The specified fabric module is faulty. |
Recommended action |
Replace the fabric module or contact technical support. |
Message text |
In chassis [UINT32],the specified fabric-board [UINT32] resume work. |
Variable fields |
$1: Chassis ID. $2: Fabric module ID. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: In chassis 1,the specified fabric-board 10 resume work. |
Explanation |
The specified fabric module resumed work. |
Recommended action |
No action is required. |
Message text |
Warning: In chassis [UINT32] slot [UINT32],all interconnected ports from chip [UINT32] to chip [UINT32] are fault,please check. |
Variable fields |
$1: Chassis ID. $2: Slot number. $3: Chip ID_1. $4: Chip ID_2. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Warning: In chassis 1 slot 2,all interconnected ports from chip 0 to chip 1 are fault,please check. |
Explanation |
All interconnected ports between the two specified chips on the card are faulty. |
Recommended action |
Contact technical support. |
Message text |
Warning: In chassis [UINT32],all interconnected ports from slot [UINT32] to slot [UINT32] are fault,please check. |
Variable fields |
$1: Chassis ID. $2: Slot number_1. $3: Slot number_2. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Warning: In chassis 1,all interconnected ports from slot 2 to slot 3 are fault,please check. |
Explanation |
All interconnected ports between the two specified cards are faulty. |
Recommended action |
Contact technical support. |
Message text |
On chip [UINT32] in chassis [UINT32] slot [UINT32], at least two internal ports are down. Please check the internal ports.The down ports are sfi[UINT32] |
Variable fields |
$1: Chip ID. $2: Chassis ID. $3: Slot number. $4: Port number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: On chip 2 in chassis 1 slot 2, at least two internal ports are down. Please check the internal ports.The down ports are sfi35 |
Explanation |
SFI interfaces on the chip were shut down. |
Recommended action |
Contact technical support. |
Message text |
In chassis [UINT32],from chip [UINT32] in slot [UINT32] to chip [UINT32] in slot [UINT32], the packet flow is dropped. |
Variable fields |
$1: Chassis ID. $2: Chip ID_1. $3: Slot number_1. $4: Chip ID_2. $5: Slot number_2. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: In chassis 1, from chip 0 in slot 1 to chip 0 in slot 2, the packet flow is dropped. |
Explanation |
Packet loss occurred from the source chip to the destination chip. |
Recommended action |
Contact technical support. |
Message text |
Fabric S in chassis [UINT32] slot [UINT32] can't start because Fabric B is inserted before, please reboot the system. |
Variable fields |
$1: Chassis ID. $2: Slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Fabric S in chassis 1 slot 10 can't start because Fabric B is inserted before, please reboot the system. |
Explanation |
Type S and Type B fabric modules are installed on the same device. The system must be rebooted. |
Recommended action |
Reboot the device. |
Message text |
Fabric A in chassis [UINT32] slot [UINT32] can't start because Fabric B is inserted before, please reboot the system. |
Variable fields |
$1: Chassis ID. $2: Slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Fabric A in chassis 1 slot 10 can't start because Fabric B is inserted before, please reboot the system. |
Explanation |
Type A and Type B fabric modules are installed on the same device. The system must be rebooted. |
Recommended action |
Reboot the device. |
Message text |
Fabric B in chassis [UINT32] slot [UINT32] can't start because Fabric S is inserted before, please reboot the system. |
Variable fields |
$1: Chassis ID. $2: Slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Fabric B in chassis 1 slot 10 can't start because Fabric S is inserted before, please reboot the system. |
Explanation |
Type B and Type S fabric modules are installed on the same device. The system must be rebooted. |
Recommended action |
Reboot the device. |
Message text |
Fabric B in chassis [UINT32] slot [UINT32] can't start because Fabric A is inserted before, please reboot the system. |
Variable fields |
$1: Chassis ID. $2: Slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Fabric B in chassis 1 slot 10 can't start because Fabric A is inserted before, please reboot the system. |
Explanation |
Type B and Type A fabric modules are installed on the same device. The system must be rebooted. |
Recommended action |
Reboot the device. |
Message text |
The port [UINT32] does not support the Enhance HigMode, please check. |
Variable fields |
$1: Port number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: The port 17 does not support the Enhance HigMode, please check. |
Explanation |
The specified port does not support Enhance HigMode. |
Recommended action |
Contact technical support. |
Message text |
Power [UINT32] Remove. |
Variable fields |
$1: Power supply ID. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Power 2 Remove. |
Explanation |
The specified power supply was removed. |
Recommended action |
No action is required. |
Message text |
The power of this device is not enough. |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: The power of this device is not enough. |
Explanation |
Power is not sufficient for the device. |
Recommended action |
Install more power supplies on the device. |
Message text |
Fan Fault! Chassis [UINT32] Frame [UINT32] fan [UINT32] speed < 500(R.P.M). |
Variable fields |
$1: Chassis ID. $2: Fan tray ID. $3: Fan ID. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Fan Fault! Chassis 1 Frame 1 fan 2 speed < 500(R.P.M). |
Explanation |
A fan is the specified fan tray is faulty. |
Recommended action |
Replace the fan tray. |
Message text |
Fan Adjusting failed! Chassis [UINT32] Frame [UINT32] fan [UINT32] speed is [UINT32](R.P.M), is too low! |
Variable fields |
$1: Chassis ID. $2: Fan tray ID. $3: Fan ID. $4: Fan speed. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Fan Adjusting failed! Chassis 1 Frame 2 fan 3 speed is 1800(R.P.M), is too low! |
Explanation |
Fan speed adjustment failed. The speed of a fan on a specified fan tray is over low. |
Recommended action |
1. Replace the fan tray. 2. If the issue persists, contact technical support. |
Message text |
Fan Adjusting failed! Chassis [UINT32] Frame [UINT32] fan [UINT32] speed is [UINT32](R.P.M), is too high! |
Variable fields |
$1: Chassis ID. $2: Fan tray ID. $3: Fan ID. $4: Fan speed. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Fan Adjusting failed! Chassis 1 Frame 2 fan 3 speed is 10000(R.P.M), is too high! |
Explanation |
Fan speed adjustment failed. The speed of a fan on a specified fan tray is too high. |
Recommended action |
1. Replace the fan tray. 2. If the issue persists, contact technical support. |
Message text |
All fabric boards are absent! Reboot all lpu boards. |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: All fabric boards are absent! Reboot all lpu boards. |
Explanation |
No fabric modules were present. All LPUs will be rebooted. |
Recommended action |
Check the installation status of the fabric modules. If they are installed correctly, contact technical support. |
Message text |
Warning:Fans stop running in chassis [UINT32], please check it right now, otherwize all lpu boards will be powered down after [UINT32] minutes. |
Variable fields |
$1: Chassis ID. $2: Length of time. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Warning:Fans stop running in chassis 1, please check it right now, otherwize all lpu boards will be powered off after 5 minutes. |
Explanation |
Fan trays stop rotating on the specified chassis. All LPUs will be powered off after the specified length of time. |
Recommended action |
· Check the fan tray status and identify the cause of the issue. · Replace the fan trays. |
Message text |
There is maybe some wrong with the ADM1029 temperature chip! |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: There is maybe some wrong with the ADM1029 temperature chip! |
Explanation |
The ADM1029 temperature sensor chip is faulty. |
Recommended action |
Contact technical support. |
Message text |
There is maybe some wrong with the LM75 temperature chip! |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: There is maybe some wrong with the LM75 temperature chip! |
Explanation |
The LM75 temperature sensor chip is faulty. |
Recommended action |
Contact technical support. |
Message text |
The Temperature is beyond the shutdown temperature limit, The POE Power is SHUT DOWN! |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: The Temperature is beyond the shutdown temperature limit, The POE Power is SHUT DOWN! |
Explanation |
The temperature had exceeded the PoE shutdown temperature threshold. PoE was shut down. |
Recommended action |
1. Check the card temperature and fan tray status. Replace fan trays with high-speed ones or install filler panels in unused slots. 2. If the issue persists, contact technical support. |
Message text |
The Temperature is below the turn on temperature limit, The POE Power is TURN ON! |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: The Temperature is below the turn on temperature limit, The POE Power is TURN ON! |
Explanation |
The temperature had dropped below the PoE turn-on temperature threshold. PoE was turned on. |
Recommended action |
Make sure the ambient temperature of the device is in the acceptable range. For more information, see the installation guide for the device. |
Message text |
Warning: Slot [UINT32] temperature too high, power off it, please check it right now, otherwize all lpu boards will be powered down after [UINT32] minutes. |
Variable fields |
$1: Slot number. $2: Length of time. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Warning: Slot 2 temperature too high, power off it, please check it right now, otherwize all lpu boards will be powered off after 5 minutes. |
Explanation |
The temperature of the specified card is too high. All LPUs will be powered off after the specified length of time. |
Recommended action |
Check the fan tray status and determine whether a fan tray issue has occurred. If it is not a fan tray issue, replace the fan trays with high-speed ones and install filler panels in empty slots or contact technical support. |
Message text |
Warning: Power off all lpu boards, please check it right now. |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Warning: Power off all lpu boards, please check it right now. |
Explanation |
All LPUs were powered off. |
Recommended action |
Check the power supply status and identify the reason causing the issue, or contact technical support. |
Message text |
All lpu boards were powered down because Fans stopped running. |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: All lpu boards were powered down because Fans stopped running. |
Explanation |
Fan trays stopped operation and all LPUs were powered off. |
Recommended action |
1. Check the fan tray status. If the fan trays are abnormal, replace the fan trays. 2. If the issue persists, contact technical support. |
Message text |
Warning: Not enough power to power on board chassis [UINT32] slot [UINT32]. Board power is [UINT32], system available power is [UINT32]. |
Variable fields |
$1: Chassis ID. $2: Slot number. $3: Power supply ID_1 $4: Power supply ID_2. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Warning: Not enough power to power on board chassis 1 slot 2. Board power is 3, system available power is 4. |
Explanation |
Power is insufficient. |
Recommended action |
Install more power supplies. |
Message text |
Warning: Try to supply power to slot [UINT32] fail! |
Variable fields |
$1: Slot number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Warning: Try to supply power to slot 2 fail! |
Explanation |
Failed to supply power to the specified card. |
Recommended action |
Identify the reason causing the issue and contact technical support. |
Message text |
Warning: the device bearing power is over charge ! Do not supply power to slot [UINT32] ! |
Variable fields |
$1: Slot number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Warning: the device bearing power is over charge ! Do not supply power to slot 2! |
Explanation |
The power is insufficient. The device stops power supply to the specified card. |
Recommended action |
Check the power supplies to identify the reason causing the issue, and contact technical support. |
Message text |
Do not support this kind of hardware device! |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Do not support this kind of hardware device! |
Explanation |
A hardware device not supported by the device was installed. |
Recommended action |
Replace the hardware device with one compatible with the device. |
Message text |
This device does not support this kind of board! |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: This device does not support this kind of board! |
Explanation |
A card not supported by the device was inserted. |
Recommended action |
Replace the card with one supported by the device. |
Message text |
Warning: Board on chassis [UINT32] slot [UINT32] is not compatible with master board. Board type and function is [UINT32]. |
Variable fields |
$1: Chassis ID. $2: Slot number. $3: Card ID. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Warning: Board on chassis 2 slot 2 is not compatible with master board. Board type and function is 28. |
Explanation |
The specified card is not compatible with the MPU. |
Recommended action |
Replace the card with one that is compatible with the MPU or replace the MPU. |
Message text |
Warning: Standby board on chassis [UINT32] slot [UINT32] is not compatible with master board, Standby board type is [UINT32]. |
Variable fields |
$1: Chassis ID. $2: Slot number. $3: Card type. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Warning: Standby board on chassis 1 slot 1 is not compatible with master board, Standby board type is 30. |
Explanation |
The specified standby MPU is not compatible with the active MPU. |
Recommended action |
Use active/standby MPUs compatible with each other. |
Message text |
Warning: The LPU board on chassis [UINT32] slot [UINT32] is not compatible with MPU board, its board type is [UINT32]. |
Variable fields |
$1: Chassis ID. $2: Slot number. $3: Card type. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Warning: The LPU board on chassis 1 slot 2 is not compatible with MPU board, its board type is 30. |
Explanation |
The specified LPU is not compatible with the MPU. |
Recommended action |
Replace the LPU with one compatible with the MPU, or replace the MPU. |
Message text |
Standby board software version differs from master board . Please download the same version! |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Standby board software version differs from master board . Please download the same version! |
Explanation |
The active and standby MPUs run different software versions. |
Recommended action |
Install the same software version for the active and standby MPUs. |
Message text |
Reboot Standby board for different version! |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Reboot Standby board for different version! |
Explanation |
The active and standby MPUs are of different versions. You are required to reboot the standby MPU. |
Recommended action |
Reboot the standby MPU. |
Message text |
Standby board type differs from master board . Warning: Standby board and master board must be same!!! |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Standby board type differs from master board . Warning: Standby board and master board must be same!!! |
Explanation |
The active and standby MPUs are of different models. You must use MPUs of same models. |
Recommended action |
Use MPUs of the same model. |
Message text |
WARNING: Ucast IPC packets were blocked between slot [UINT32] and slot [UINT32]. |
Variable fields |
$1: Physical slot number. $2: Physical slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Ucast IPC packets were blocked between slot 1 and slot 2. |
Explanation |
Unicast IPC packets were blocked between the two specified LPUs. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Ucast IPC packets from slot [UINT32] to slot [UINT32] were blocked. |
Variable fields |
$1: Source physical slot number. $2: Destination physical slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Ucast IPC packets from slot 1 to slot 2 were blocked |
Explanation |
Unicast IPC packets from the source LPU to the destination LPU were blocked. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Bcast IPC packets from chassis [UINT32] slot [UINT32] to chassis [UINT32] slot [UINT32] were blocked. |
Variable fields |
$1: Source chassis ID. $2: Source physical slot number. $3: Destination chassis ID. $4: Destination physical slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Bcast IPC packets from chassis 1 slot 2 to chassis 2 slot 4 were blocked |
Explanation |
Broadcast IPC packets from the source LPU to the destination LPU were blocked. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Bcast IPC packets were blocked between slot [UINT32] and slot [UINT32] |
Variable fields |
$1: Physical slot number. $2: Physical slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Bcast IPC packets were blocked between slot 1 and slot 2 |
Explanation |
Broadcast IPC packets were blocked between the two specified LPUs. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Bcast IPC packets from slot [UINT32] to slot [UINT32] were blocked. |
Variable fields |
$1: Source physical slot number. $2: Destination physical slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Bcast IPC packets from slot 1 to slot 2 were blocked |
Explanation |
Broadcast IPC packets from the source LPU to the destination LPU were blocked. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Slot [UINT32]: heartbeat with master board timed out |
Variable fields |
$1: Physical slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Slot 1: heartbeat with master board timed out |
Explanation |
The specified card failed to receive heartbeat packets from the MPU within the timeout period. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Heartbeat with slot [UINT32] timed out |
Variable fields |
$1: Physical slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Heartbeat with slot 1 timed out |
Explanation |
The MPU failed to receive the heartbeat packets from the specified card within the timeout period. |
Recommended action |
Contact technical support. |
Message text |
WARNING: A minimum of three heartbeat timeouts occurred to slot [UINT32]. The slot will be isolated. Please replace it. |
Variable fields |
$1: Physical slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: A minimum of three heartbeat timeouts occurred to slot 1. The slot will be isolated. Please replace it |
Explanation |
The MPU failed to receive heartbeat packets from the specified card after three or more heartbeat timeout periods expired. The card will be isolated. |
Recommended action |
Replace the card or contact technical support. |
Message text |
WARNING: Heartbeat with slot [UINT32] timed out. The card in the slot will reboot automatically |
Variable fields |
$1: Physical slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Heartbeat with slot 1 timed out. The card in the slot will reboot automatically |
Explanation |
The MPU failed to receive heartbeat packets from the specified card within the timeout period. The card will reboot automatically. |
Recommended action |
Reboot the card and determine whether the issue is resolved. If the issue persists, contact technical support. |
Message text |
WARNING: Detected persistent FCS error condition on inner port ([UINT32], [UINT32]). |
Variable fields |
$1: Chip ID. $2: Port number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Detected persistent FCS error condition on inner port (0, 96). |
Explanation |
FCS errors were detected continuously on the specified port of the device. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Inner port ([UINT32], [UINT32]) was down. |
Variable fields |
$1: Chip ID. $2: Port number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Inner port (0, 96) was down. |
Explanation |
The specified inner port of the device went down. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Link flappings occurred on inner port ([UINT32], [UINT32]). |
Variable fields |
$1: Chip ID. $2: Port number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Link flappings occurred on inner port (1, 2). |
Explanation |
The specified internal port came up and went down frequently. |
Recommended action |
Contact technical support. |
Message text |
Task: CPU [UINT32] is occupied by process [STRING] for more than 15 seconds. |
Variable fields |
$1: CPU ID. $2: Process ID. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: Task: CPU 2 is occupied by process ifmgr for more than 15 seconds. |
Explanation |
The CPU was occupied by the specified process for a long time. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Slot [UINT32] is isolated already. Maybe caused by the hardware failure, please remove and check it |
Variable fields |
$1: Slot number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Slot 1 is isolated already. Maybe caused by the hardware failure, please remove and check it |
Explanation |
The specified card might have a hardware fault and has been isolated. |
Recommended action |
Replace the card. |
Message text |
WARNING: Chip [UINT32] IPT CRC [UINT32], please check. |
Variable fields |
$1: Chip ID. $2: IPT CRC error count. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Chip 1 IPT CRC 15, please check |
Explanation |
The specified chip has IPT CRC errors. A check is required. |
Recommended action |
Contact technical support. |
Message text |
WARNING: CPU Port has no packet input and output, please check |
Variable fields |
N/A |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: CPU Port has no packet input and output, please check |
Explanation |
The CPU port failed to send or receive packets correctly. |
Recommended action |
Contact technical support. |
Message text |
WARNING: CPU Port has no packet output, please check |
Variable fields |
N/A |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: CPU Port has no packet output, please check |
Explanation |
The CPU port failed to send packets correctly. |
Recommended action |
Contact technical support. |
Message text |
WARNING: CPU Port has no packet input, please check |
Variable fields |
N/A |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: CPU Port has no packet input, please check |
Explanation |
The CPU port failed to receive packets correctly. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Slot [UINT32] Chip [UINT32] has timeout in scanning channel,please check! |
Variable fields |
$1: Global slot number. $2: Chip ID. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Slot 8 Chip 1 has timeout in scanning channel,please check! |
Explanation |
An issue has occurred on the inner channels on the specified card. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Chassis [UINT32] Slot [UINT32] Chip [UINT32] has timeout in scanning channel,please check! |
Variable fields |
$1: Chassis ID. $2: Global slot number. $3: Chip ID. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: WARNING: Chassis 1 Slot 3 Chip 0 has timeout in scanning channel,please check! |
Explanation |
An issue has occurred on the inner channels on the specified card. |
Recommended action |
Contact technical support. |
Message text |
The max-ecmp-num configuration should be the same on devices in one IRF. |
Variable fields |
N/A |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: The max-ecmp-num configuration should be the same on devices in one IRF. |
Explanation |
The devices in the IRF fabric support different maximum numbers of ECMP routes. |
Recommended action |
Configure the same maximum number of ECMP routes for the devices in the IRF fabric. |
Message text |
The Systemworking mode configuration should be the same on devices in one IRF. |
Variable fields |
N/A |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: The Systemworking mode configuration should be the same on devices in one IRF. |
Explanation |
The devices in the IRF fabric do not operate in the same system working mode. |
Recommended action |
Specify the same system working mode for the devices in the IRF fabric. |
Message text |
The device does not support board in chassis [UINT32] slot [UINT32] ,type is unknown([HEX]), Please check. |
Variable fields |
$1: Chassis ID. $2: Slot ID. $3: Card type. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: The device does not support board in chassis 1 slot 2 ,type is unknown(0x18), Please check. |
Explanation |
The card type in the specified slot is not supported by the device. |
Recommended action |
Replace the card with one supported by the device. |
Message text |
The port [STRING] has been changed to inactive status, please check. |
Variable fields |
$1: Port type and number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: The port Ten-GigabitEthernet1/3/0/1 has been changed to inactive status, please check. |
Explanation |
The specified port became inactive. |
Recommended action |
Check the IRF configuration and port status and identify the reason causing the issue. If the issue cannot be resolved, contact technical support. |
Message text |
The port [STRING] has been changed to active status. |
Variable fields |
$1: Port type and number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: The port Ten-GigabitEthernet1/3/0/1 has been changed to active status. |
Explanation |
The specified port became active. |
Recommended action |
No action is required. |
Message text |
The port [STRING] can't receive irf pkt and has been changed to inactive status, please check. |
Variable fields |
$1: Port type and number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: The port Ten-GigabitEthernet1/3/0/1 can't receive irf pkt and has been changed to inactive status, please check. |
Explanation |
The specified port failed to receive IRF packets and became inactive. |
Recommended action |
Check the IRF configuration and port status and identify the reason causing the issue. If the issue cannot be resolved, contact technical support. |
Message text |
The port [STRING] can't receive irf pkt, please check. |
Variable fields |
$1: Port type and number. |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: The port Ten-GigabitEthernet1/3/0/1 can’t receive irf pkt, please check. |
Explanation |
The specified port failed to receive IRF packets. |
Recommended action |
Check the IRF configuration and port status and identify the reason causing the issue. If the issue cannot be resolved, contact technical support. |
Message text |
At least one fabric module slot is empty. Make sure a blank filler module has been installed in each empty slot so the switch can work correctly. |
Variable fields |
N/A |
Severity level |
4 |
Example |
DRVPLAT/4/DrvDebug: At least one fabric module slot is empty. Make sure a blank filler module has been installed in each empty slot so the switch can work correctly. |
Explanation |
A minimum of one fabric module slot is empty. You are required to install a filler panel in each fabric module slot. |
Recommended action |
Install a filler panel in each empty fabric module slot. |
Message text |
All fabric boards are absent! Reboot all lpu boards. |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: All fabric boards are absent! Reboot all lpu boards. |
Explanation |
No fabric modules are present. All LPUs will be rebooted. |
Recommended action |
Verify the installation of the fabric modules. If they are installed correctly, contact technical support. |
Message text |
Loopback exists on the interface [UINT32] [STRING]. |
Variable fields |
$1: Interface index. $2: Interface type and number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Loopback exists on the interface 3 Ten-GigabitEthernet3/0/1. |
Explanation |
A loopback is present on the specified interface. |
Recommended action |
Check the port status and identify the reason causing the loopback. If the issue cannot be resolved, contact technical support. |
Message text |
This device do not support LSQ1IAGSC0 on chassis [UINT32] slot [UINT32]! |
Variable fields |
$1: Chassis ID $2: Slot number |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: This device do not support LSQ1IAGSC0 on chassis 1 slot 10! |
Explanation |
The device does not support the LSQ1IAGSC0 card. |
Recommended action |
Replace the LSQ1IAGSC0 card with one compatible with the device. |
Message text |
WARNING: FCS error occurred on [UINT32]. |
Variable fields |
$1: Port number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: WARNING: FCS error occurred on 1/3/0/10. |
Explanation |
An FCS error occurred on the specified IRF port. |
Recommended action |
Check the IRF link status. If the IRF link status is normal, contact technical support. |
Message text |
Interface [UINT32] is isolated, it's will be cancelled after a down/up. |
Variable fields |
$1: Port number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Interface 1/3/0/10 is isolated, it's will be cancelled after a down/up. |
Explanation |
FCS errors occurred on the specified IRF port. The port will be isolated. |
Recommended action |
Locate the reason causing the FCS errors and resolve the issue. |
Message text |
WARNING: [UINT32] went down. |
Variable fields |
$1: Port number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: WARNING: 1/3/0/10 went down. |
Explanation |
The specified IRF port went down. |
Recommended action |
Check the IRF link status. |
Message text |
WARNING: Chip [UINT32] Port [UINT32] has no packet input and output, please check. |
Variable fields |
$1: Chip ID. $2: Port number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: WARNING: Chip 1 Port 2 has no packet input and output, please check. |
Explanation |
The specified IPC port failed to send or receive packets. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Ucast IPC packets from slot [UINT32] to slot [UINT32] were occasionally dropped. |
Variable fields |
$1: Slot number. $2: Slot number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: WARNING: Ucast IPC packets from slot 1 to slot 2 were occasionally dropped. |
Explanation |
Minor IPC unicast packet loss occurred from the source card to the destination card. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Heavy Ucast IPC packet drops occurred in the direction from slot [UINT32] to slot [UINT32]. |
Variable fields |
$1: Slot number. $2: Slot number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: WARNING: Heavy Ucast IPC packet drops occurred in the direction from slot 1 to slot 2. |
Explanation |
Severe IPC unicast packet loss occurred from the source card to the destination card. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Bcast IPC packets from slot [UINT32] to slot [UINT32] were occasionally dropped. |
Variable fields |
$1: Slot number. $2: Slot number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: WARNING: Bcast IPC packets from slot 1 to slot 2 were occasionally dropped. |
Explanation |
Minor IPC broadcast packet loss occurred from the source card to the destination card. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Heavy Bcast IPC packet drops occurred in the direction from slot [UINT32] to slot [UINT32]. |
Variable fields |
$1: Slot number. $2: Slot number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: WARNING: Heavy Bcast IPC packet drops occurred in the direction from slot 1 to slot 2. |
Explanation |
Severe IPC broadcast packet loss occurred from the source card to the destination card. |
Recommended action |
Contact technical support. |
Message text |
Forwarding Fault: Slot [UINT32] Chip [UINT32] to Slot [UINT32] chip [UINT32] |
Variable fields |
$1: Slot number. $2: Chip ID. $3: Slot number. $4: Chip ID. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Forwarding Fault: Slot 1 Chip 2 to Slot 3 chip 4 |
Explanation |
Forwarding failure occurred from the source chip to the destination chip. |
Recommended action |
Contact technical support. |
Message text |
Forwarding Warning: Slot [UINT32] Chip [UINT32] to Slot [UINT32] chip [UINT32] |
Variable fields |
$1: Slot number. $2: Chip ID. $3: Slot number. $4: Chip ID. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Forwarding Warning: Slot 1 Chip 2 to Slot 3 chip 4 |
Explanation |
Packet loss occurred from the source chip to the destination chip. |
Recommended action |
Contact technical support. |
Message text |
Interface [STRING] has MMU error. MMU: [UINT32], please check. |
Variable fields |
$1: Port number. $2: MMU cell count when the error occurs. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Interface 1/0/0/23 has MMU error. MMU:150, please check. |
Explanation |
An MMU error occurred on the specified interface. |
Recommended action |
Check the device for hardware issues. If a software issue occurred, reboot the card to recover the services. |
Message text |
MMU error analysis failed, MMU interrupt disabled |
Variable fields |
N/A |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: MMU error analysis failed, MMU interrupt disabled |
Explanation |
MMU error analysis failed, and MMU interrupt was disabled. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Ucast IPC packets from chassis [UINT32] slot [UINT32] to chassis [UINT32] slot [UINT32] were blocked. |
Variable fields |
$1: Chassis ID. $2: Slot number. $3: Chassis ID. $4: Slot number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: WARNING: Ucast IPC packets from chassis 1 slot 2 to chassis 3 slot 4 were blocked. |
Explanation |
Unicast IPC packets were blocked from the source card to the destination card. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Ucast IPC packets were blocked between chassis [UINT32] slot [UINT32] and chassis [UINT32] slot [UINT32]. |
Variable fields |
$1: Chassis ID. $2: Slot number. $3: Chassis ID. $4: Slot number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: WARNING: Ucast IPC packets were blocked between chassis 1 slot 2 and chassis 3 slot 4. |
Explanation |
Unicast IPC packets were blocked between the two specified cards. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Bcast IPC packets were blocked between chassis [UINT32] slot [UINT32] and chassis [UINT32] slot [UINT32]. |
Variable fields |
$1: Chassis ID. $2: Slot number. $3: Chassis ID. $4: Slot number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: WARNING: Bcast IPC packets were blocked between chassis 1 slot 2 and chassis 3 slot 4. |
Explanation |
Broadcast IPC packets were blocked between the two specified cards. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Heartbeat with chassis [UINT32] slot [UINT32] timed out. |
Variable fields |
$1: Chassis ID. $2: Slot number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: WARNING: Heartbeat with chassis %1 slot %2 timed out. |
Explanation |
The MPU failed to receive a heartbeat message from the specified card within the timeout period. |
Recommended action |
Contact technical support. |
Message text |
WARNING: Heartbeat with chassis [UINT32] slot [UINT32] timed out. The card in the slot will reboot automatically. |
Variable fields |
$1: Chassis ID. $2: Slot number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: WARNING: Heartbeat with chassis 1 slot 2 timed out. The card in the slot will reboot automatically. |
Explanation |
The MPU failed to receive a heartbeat message from the specified card within the timeout period. The card will reboot automatically. |
Recommended action |
Identify the cause of the issue. If the issue persists after the card reboots, contact technical support. |
Message text |
WARNING: A minimum of three heartbeat timeouts occurred to chassis [UINT32] slot [UINT32]. The slot will be isolated. Please replace it. |
Variable fields |
$1: Chassis ID. $2: Slot number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: WARNING: A minimum of three heartbeat timeouts occurred to chassis 1 slot 2. The slot will be isolated. Please replace it. |
Explanation |
The MPU failed to receive a heartbeat message from the specified card after three or more heartbeat timeout periods expired. The card will be isolated. You are required to replace the card. |
Recommended action |
Replace the card. |
Message text |
WARNING: Chassis [UINT32] slot [UINT32] is isolated already. Maybe caused by the hardware failure, please remove and check it. |
Variable fields |
$1: Chassis ID. $2: Slot number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: WARNING: Chassis 1 slot 2 is isolated already. Maybe caused by the hardware failure, please remove and check it. |
Explanation |
The specified card was isolated, possibly because a hardware failure had occurred. |
Recommended action |
Replace the card. |
Message text |
Forwarding Fault: Chassis [UINT32] Slot [UINT32] Chip [UINT32] to Chassis [UINT32] Slot [UINT32]chip [UINT32] |
Variable fields |
$1: Chassis ID. $2: Slot number. $3: Chip ID. $4: Chassis ID. $5: Slot number. $6: Chip ID. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: Forwarding Fault: Chassis 1 Slot 2 Chip 0 to Chassis 2 Slot 1 chip 0 |
Explanation |
Traffic forwarding from the source chip to the destination chip failed. |
Recommended action |
Identify whether an exception or packet loss has occurred on the forwarding path. If no exception or packet loss has occurred, contact technical support. |
Message text |
The spring-clips on the switching fabric module in slot [UINT16] are not closed. Please close the spring-clips. |
Variable fields |
$1: Slot number. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: The spring-clips on the switching fabric module in slot 1 are not closed. Please close the spring-clips. |
Explanation |
The spring clips on the specified fabric module are not closed. |
Recommended action |
Close the spring clips. |
Message text |
The spring-clips on the switching fabric module in slot [UINT16] of chassis [UINT32] are not closed. Please close the spring-clips. |
Variable fields |
$1: Slot number. $2: Chassis ID. |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: The spring-clips on the switching fabric module in slot 1 of chassis 2 are not closed. Please close the spring-clips. |
Explanation |
The spring clips on the specified fabric module are not closed. |
Recommended action |
Close the spring clips. |
Message text |
(In standalone mode.) Warning: The card in slot [INT32] has a high power consumption and therefore a high cooling requirement. To continue to provide fan tray redundancy, substitute high speed fan trays. (In IRF mode.) Warning: The card in chassis [INT32] slot [INT32] has a high power consumption and therefore a high cooling requirement. To continue to provide fan tray redundancy, substitute high speed fan trays. |
Variable fields |
$1: Slot number. (In standalone mode.) $1: IRF member device ID. (In IRF mode.) $2: Slot number. (In IRF mode.) |
Severity level |
2 |
Example |
DRVPLAT/2/DrvDebug: (In standalone mode.) Warning: The card in slot 9 has a high power consumption and therefore a high cooling requirement. To continue to provide fan tray redundancy, substitute high speed fan trays. |
Explanation |
A high-power card was installed on the device. To ensure adequate cooling for the device, you are required to replace all fan trays with high-speed ones. |
Recommended action |
Replace all fan trays on the device with high-speed ones. |
EDEV messages
This section contains messages for extended-device management.
EDEV_FAILOVER_GROUP_STATE_CHANGE
Message text |
Status of stateful failover group [STRING] with ID [UINT32] changed to [STRING]. |
Variable fields |
$1: Failover group name. $2: Failover group ID. $3: Failover group state. |
Severity level |
5 |
Example |
|
Explanation |
The status of a failover group changed. |
Recommended action |
No action is required. |
EIGRP messages
This section contains EIGRP messages.
RID_CHANGE
Message text |
EIGRP [UINT32]: New elected router ID will take effect after EIGRP address family is reset. |
Variable fields |
$1: EIGRP process ID. |
Severity level |
5 |
Example |
EIGRP/5/RID_CHANGE: EIGRP 1: New elected router ID will take effect after EIGRP address family is reset. |
Explanation |
A change of interface IP address causes the change of router ID for the EIGRP router. You must restart the EIGRP IPv4 address family to make the new router ID take effect. |
Recommended action |
Execute the reset eigrp process command to make the new router ID take effect. |
PEER_CHANGE
Message text |
EIGRP [UINT32]: Neighbor [STRING] ([STRING]) is [STRING]: [STRING]. |
Variable fields |
$1: EIGRP process ID. $2: IP address of the neighbor router. $3: Interface that is connected to the neighbor router. $4: Neighbor state, Up or Down. $5: Reason for the EIGRP neighbor state change. For information about the neighbor state change reasons, see Table 6. |
Severity level |
5 |
Example |
EIGRP/5/PEER_CHANGE: EIGRP 2: Neighbor 100.100.10.2 (GigabitEthernet1/0/1) is Up: New neighbor. |
Explanation |
The EIGRP neighbor state changed for a specific reason. |
Recommended action |
Take an action according to the neighbor state change reason. For more information, see Table 6. |
Table 6 Neighbor state change reasons and recommended actions
Reason |
Remarks |
Recommended action |
New neighbor |
N/A |
No action is required. |
Interface down |
N/A |
Check the network connectivity. |
Reset operation |
The reset eigrp process or reset eigrp peer command was executed. |
No action is required. |
Delete operation |
The process or address family was deleted. |
No action is required. |
Hold timer expired |
N/A |
Check the network status or check whether the hold timer is appropriate. |
Maximum retransmission times reached |
N/A |
Check the network status. |
Inconsistent K values |
N/A |
Check whether the K values are consistent on both ends. |
Neighbor restart |
N/A |
Check the network status and check whether an operation that affects neighbor relationship has been performed on the neighbor router. |
Stuck in active |
N/A |
Check the network status and CPU usage on the neighbor router. |
Peer termination |
The neighbor actively terminated the neighbor relationship. |
Check whether an operation that affects neighbor relationship has been performed on the neighbor router. |
Configuration changed |
N/A |
Check whether the configuration is correct. |
Process switchover |
EIGRP process switchover occurred. |
No action is required. |
Insufficient memory |
The memory threshold was reached. |
Check system memory and release available memory by adjusting the modules that occupy too much memory. |
ERPS messages
This section contains ERPS messages.
ERPS_STATE_CHANGED
Message text |
Ethernet ring [UINT16] instance [UINT16] changed state to [STRING] |
Variable fields |
$1: ERPS ring ID. $2: ERPS instance ID. $3: ERPS instance status. |
Severity level |
6 |
Example |
ERPS/4/ERPS_STATE_CHANGED: Ethernet ring 1 instance 1 changed state to Idle. |
Explanation |
The status of the ERPS instance changed. |
Recommended action |
No action is required. |
ETH messages
This section contains Ethernet module messages.
ETH_VLAN_TERMINATION_FAILED
Message text |
The vlan-type dot1q configuration on [STRING] failed. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
ETH/4/ETH_VLAN_TERMINATION_FAILED: -MDC=1; The vlan-type dot1q configuration on GigabitEthernet1/0/1.1 failed. |
Explanation |
The system failed to assign an interface the VLAN termination configuration commands started with the vlan-type dot1q keywords. The possible reason is insufficient hardware resources. |
Recommended action |
Please contact H3C Support. |
ETH_VLAN_TERMINATION_NOT_SUPPORT
Message text |
The vlan-type dot1q configuration on [STRING] is not supported. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
ETH/4/ETH_VLAN_TERMINATION_NOT_SUPPORT: -MDC=1; The vlan-type dot1q configuration on GigabitEthernet1/0/1.1 is not supported. |
Explanation |
An interface does not support VLAN termination configuration commands started with the vlan-type dot1q keywords. |
Recommended action |
Verify that the card where the interface resides supports VLAN termination. |
ETH_VMAC_INEFFECTIVE
Message text |
Interface [STRING] failed to add a virtual MAC: [STRING]. |
Variable fields |
$1: Interface name. $2: Reason why the device failed to add a virtual MAC address to the interface. |
Severity level |
3 |
Example |
ETH/3/ETH_VMAC_INEFFECTIVE: Interface GigabitEthernet1/0/1 failed to add a virtual MAC: Insufficient hardware resources. |
Explanation |
The device failed to add a virtual MAC address to an interface. |
Recommended action |
Troubleshoot the operation failure. For example, if hardware resources are insufficient because the number of virtual MAC addresses for VRRP on an interface has reached the upper limit, remove free VRRP groups to release resources. |
ETHOAM messages
This section contains Ethernet OAM messages.
ETHOAM_CONNECTION_FAIL_DOWN
Message text |
The link is down on interface [string] because a remote failure occurred on peer interface. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
ETHOAM/5/ETHOAM_CONNECTION_FAIL_DOWN: The link is down on interface Ethernet1/0/1 because a remote failure occurred on peer interface. |
Explanation |
The link goes down because a remote failure occurred on the peer interface. |
Recommended action |
Check the link status or the OAM status on the peer. |
ETHOAM_CONNECTION_FAIL_TIMEOUT
Message text |
Interface [string] removed the OAM connection because it received no Information OAMPDU before the timer times out. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
ETHOAM/5/ETHOAM_CONNECTION_FAIL_TIMEOUT: Interface Ethernet1/0/1 removed the OAM connection because it received no Information OAMPDU before the timer times out. |
Explanation |
The interface removed the OAM connection because it had not received Information OAMPDUs before the timer timed out. |
Recommended action |
Check the link status or the OAM status on the peer. |
ETHOAM_CONNECTION_FAIL_UNSATISF
Message text |
Interface [string] failed to establish an OAM connection because the peer doesn’t match the capacity of the local interface. |
Variable fields |
$1: Interface name. |
Severity level |
3 |
Example |
ETHOAM/3/ETHOAM_CONNECTION_FAIL_UNSATISF: Interface Ethernet1/0/1 failed to establish an OAM connection because the peer doesn’t match the capacity of the local interface. |
Explanation |
Failed to establish an OAM connection because the peer does not match the OAM protocol state of the local interface. |
Recommended action |
Check the State field of the OAMPDUs sent from both ends. |
ETHOAM_CONNECTION_SUCCEED
Message text |
An OAM connection is established on interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ETHOAM_CONNECTION_SUCCEED: An OAM connection is established on interface Ethernet1/0/1. |
Explanation |
An OAM connection is established. |
Recommended action |
No action is required. |
ETHOAM_DISABLE
Message text |
Ethernet OAM is now disabled on interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ETHOAM_DISABLE: Ethernet OAM is now disabled on interface Ethernet1/0/1. |
Explanation |
Ethernet OAM is disabled. |
Recommended action |
No action is required. |
ETHOAM_DISCOVERY_EXIT
Message text |
OAM interface [string] quit the OAM connection. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
ETHOAM/5/ ETHOAM_DISCOVERY_EXIT: OAM interface Ethernet1/0/1 quit the OAM connection. |
Explanation |
The local interface ended the OAM connection. |
Recommended action |
No action is required. |
ETHOAM_ENABLE
Message text |
Ethernet OAM is now enabled on interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ETHOAM_ENABLE: Ethernet OAM is now enabled on interface Ethernet1/0/1. |
Explanation |
Ethernet OAM is enabled. |
Recommended action |
No action is required. |
ETHOAM_ENTER_LOOPBACK_CTRLLED
Message text |
The local OAM entity enters remote loopback as controlled DTE on OAM interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ ETHOAM_ENTER_LOOPBACK_CTRLLED: The local OAM entity enters remote loopback as controlled DTE on OAM interface Ethernet1/0/1. |
Explanation |
The local OAM entity enters remote loopback as controlled DTE after you enable OAM loopback on the peer end. |
Recommended action |
No action is required. |
ETHOAM_ENTER_LOOPBACK_CTRLLING
Message text |
The local OAM entity enters remote loopback as controlling DTE on OAM interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ ETHOAM_ENTER_LOOPBACK_CTRLLING: The local OAM entity enters remote loopback as controlling DTE on OAM interface Ethernet1/0/1. |
Explanation |
The local OAM entity enters remote loopback as controlling DTE after you enable OAM loopback on the interface. |
Recommended action |
No action is required. |
ETHOAM_LOCAL_DYING_GASP
Message text |
A local Dying Gasp event has occurred on [string]. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
ETHOAM/4/ETHOAM_LOCAL_DYING_GASP: A local Dying Gasp event occurred on interface Ethernet1/0/1. |
Explanation |
A local Dying Gasp event occurs when you reboot the local device or shut down the interface. |
Recommended action |
Do not use the link until it recovers. |
ETHOAM_LOCAL_ERROR_FRAME
Message text |
An errored frame event occurred on local interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME: An errored frame event occurred on local interface Ethernet1/0/1. |
Explanation |
An errored frame event occurred on the local interface. |
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_LOCAL_ERROR_FRAME_PERIOD
Message text |
An errored frame period event occurred on local interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME_PERIOD: An errored frame period event occurred on local interface Ethernet1/0/1. |
Explanation |
An errored frame period event occurred on the local interface. |
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_LOCAL_ERROR_FRAME_SECOND
Message text |
An errored frame seconds event occurred on local interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME_SECOND: An errored frame seconds event occurred on local interface Ethernet1/0/1. |
Explanation |
An errored frame seconds event occurred on the local interface. |
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_LOCAL_LINK_FAULT
Message text |
A local Link Fault event occurred on interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
ETHOAM/4/ETHOAM_LOCAL_LINK_FAULT: A local Link Fault event occurred on interface Ethernet1/0/1. |
Explanation |
A local Link Fault event occurred when the local link goes down. |
Recommended action |
Re-connect the Rx end of the fiber on the local interface. |
ETHOAM_LOOPBACK_EXIT
Message text |
OAM interface [string] quit remote loopback. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
ETHOAM/4/ETHOAM_LOOPBACK_EXIT: OAM interface Ethernet1/0/1 quit remote loopback. |
Explanation |
The OAM interface ended remote loopback after one of the following events occurred: · Remote loopback was disabled on the interface before the OAM connection was established. · The established OAM connection was torn down. |
Recommended action |
No action is required. |
ETHOAM_LOOPBACK_EXIT_ERROR_STATU
Message text |
OAM interface [string] quit remote loopback due to incorrect multiplexer or parser status. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ETHOAM_LOOPBACK_EXIT_ERROR_STATU: OAM interface Ethernet1/0/1 quit remote loopback due to incorrect multiplexer or parser status. |
Explanation |
OAM interface Ethernet1/0/1 ended remote loopback due to incorrect multiplexer or parser status. |
Recommended action |
Disable and then re-enable Ethernet OAM on the OAM entity. |
ETHOAM_LOOPBACK_NO_RESOURCE
Message text |
OAM interface [string] can’t enter remote loopback due to insufficient resources. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
ETHOAM/4/ETHOAM_LOOPBACK_NO_RESOURCE: OAM interface Ethernet1/0/1 can’t enter remote loopback due to insufficient resources. |
Explanation |
The OAM interface cannot enter remote loopback due to insufficient resources when you execute the oam remote-loopback start command on the local or remote OAM entity. |
Recommended action |
To enable remote loopback on an interface, you must set the hardware forwarding resources on the interface. Enabling remote loopback on a large number of interfaces might cause insufficient resources. Disable remote loopback on other interfaces, and execute the oam remote-loopback start command on the interface again. |
ETHOAM_LOOPBACK_NOT_SUPPORT
Message text |
OAM interface [string] can’t enter remote loopback because the operation is not supported. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
ETHOAM/4/ETHOAM_LOOPBACK_NOT_SUPPORT: OAM interface Ethernet1/0/1 can't enter remote loopback because the operation is not supported. |
Explanation |
The OAM interface cannot enter remote loopback because the operation is not supported on the device. |
Recommended action |
No action is required. |
ETHOAM_QUIT_LOOPBACK_CTRLLED
Message text |
The local OAM entity quit remote loopback as controlled DTE on OAM interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ ETHOAM_QUIT_LOOPBACK_CTRLLED: The local OAM entity quit remote loopback as controlled DTE on OAM interface Ethernet1/0/1. |
Explanation |
As the Loopback Control OAMPDUs receiving end, the local end quit remote loopback after you disabled OAM loopback on the peer end. |
Recommended action |
No action is required. |
ETHOAM_QUIT_LOOPBACK_CTRLLING
Message text |
The local OAM entity quit remote loopback as controlling DTE on OAM interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ETHOAM_QUIT_LOOPBACK_CONTROLLING: The local OAM entity quit remote loopback as controlling DTE on OAM interface Ethernet1/0/1. |
Explanation |
The local end quit remote loopback after you disabled OAM loopback on the local interface. |
Recommended action |
No action is required. |
ETHOAM_REMOTE_CRITICAL
Message text |
A remote Critical event occurred on interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
ETHOAM/4/ETHOAM_REMOTE_CRITICAL: A remote Critical event occurred on interface Ethernet1/0/1. |
Explanation |
A remote critical event occurred. |
Recommended action |
Do not use the link until it recovers. |
ETHOAM_REMOTE_DYING_GASP
Message text |
A remote Dying Gasp event occurred on interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
ETHOAM/4/ETHOAM_REMOTE_DYING_GASP: A remote Dying Gasp event occurred on interface Ethernet1/0/1. |
Explanation |
A remote Dying Gasp event occurred when you reboot the remote device and shut down the interface. |
Recommended action |
Do not use this link until it recovers. |
ETHOAM_REMOTE_ERROR_FRAME
Message text |
An errored frame event occurred on the peer interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME: An errored frame event occurred on the peer interface Ethernet1/0/1. |
Explanation |
An errored frame event occurred on the peer. |
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_REMOTE_ERROR_FRAME_PERIOD
Message text |
An errored frame period event occurred on the peer interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME_PERIOD: An errored frame period event occurred on the peer interface Ethernet1/0/1. |
Explanation |
An errored frame period event occurred on the peer interface. |
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_REMOTE_ERROR_FRAME_SECOND
Message text |
An errored frame seconds event occurred on the peer interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME_SECOND: An errored frame seconds event occurred on the peer interface Ethernet1/0/1. |
Explanation |
An errored frame seconds event occurred on the peer. |
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_REMOTE_ERROR_SYMBOL
Message text |
An errored symbol event occurred on the peer interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
ETHOAM/6/ETHOAM_REMOTE_ERROR_SYMBOL: An errored symbol event occurred on the peer interface Ethernet1/0/1. |
Explanation |
An errored symbol event occurred on the peer. |
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_REMOTE_EXIT
Message text |
OAM interface [string] quit OAM connection because Ethernet OAM is disabled on the peer interface. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
ETHOAM/5/ ETHOAM_REMOTE_EXIT: OAM interface Ethernet1/0/1 quit OAM connection because Ethernet OAM is disabled on the peer interface. |
Explanation |
The local interface ended the OAM connection because Ethernet OAM was disabled on the peer interface. |
Recommended action |
No action is required. |
ETHOAM_REMOTE_FAILURE_RECOVER
Message text |
Peer interface [string] recovered. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
ETHOAM/5/ ETHOAM_REMOTE_FAILURE_RECOVER: Peer interface Ethernet1/0/1 recovered. |
Explanation |
The Link fault was cleared from the peer interface and the OAM connection was restored. |
Recommended action |
No action is required. |
ETHOAM_REMOTE_LINK_FAULT
Message text |
A remote Link Fault event occurred on interface [string]. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
ETHOAM/4/ETHOAM_REMOTE_LINK_FAULT: A remote Link Fault event occurred on interface Ethernet1/0/1. |
Explanation |
A remote Link Fault event occurred when the remote link went down. |
Recommended action |
Reconnect the Rx end of the fiber on the remote interface. |
ETHOAM_NO_ENOUGH_RESOURCE
Message text |
The configuration failed on OAM interface [string] because of insufficient resources. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
ETHOAM/4/ ETHOAM_NO_ENOUGH_RESOURCE: The configuration failed on OAM interface Ethernet1/0/1 because of insufficient resources. |
Explanation |
The configuration failed on the OAM interface because of insufficient system resources. |
Recommended action |
Remove useless configurations to release the resources, and execute the command again. |
ETHOAM_NOT_CONNECTION_TIMEOUT
Message text |
Interface [string] quit Ethernet OAM because it received no Information OAMPDU before the timer times out. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
ETHOAM/5/ ETHOAM_NOT_CONNECTION_TIMEOUT: Interface Ethernet1/0/1 quit Ethernet OAM because it received no Information OAMPDU before the timer times out. |
Explanation |
The local interface ended Ethernet OAM because it had not received Information OAMPDUs before the timer timed out. |
Recommended action |
Check the link status and the OAM status on the peer. |
EVB messages
This section contains EVB messages.
EVB_AGG_FAILED
Message text |
Remove port [STRING] from aggregation group [STRING]. Otherwise, the EVB feature does not take effect. |
Variable fields |
$1: Port name. $2: Aggregation port name. |
Severity level |
6 |
Example |
EVB/6/EVB_AGG_FAILED: Remove port GigabitEthernet5/0/5 from aggregation group Bridge-Aggregation5. Otherwise, the EVB feature does not take effect. |
Explanation |
EVB bridge fails to process a port in an aggregation group. |
Recommended action |
Remove the port from the aggregation group. |
EVB_LICENSE_EXPIRE
Message text |
The EVB feature's license will expire in [UINT32] days. |
Variable fields |
$1: Number of days. |
Severity level |
6 |
Example |
EVB/6/EVB_LICENSE_EXPIRE: The EVB feature's license will expire in 15 days. |
Explanation |
The license for EVB will expire in the specified number of days. |
Recommended action |
Purchase and register a new license for the EVB feature. |
EVB_VSI_OFFLINE
Message text |
VSI [STRING] went offline. |
Variable fields |
$1: VSI interface/VSI aggregate interface name. |
Severity level |
6 |
Example |
EVB/6/EVB_VSI_OFFLINE: VSI Schannel-Aggregation1:2.0 went offline. |
Explanation |
The VSI interface or VSI aggregate interface is deleted when either of the following events occurs: · The EVB bridge receives a VDP packet from the EVB station. · The EVB bridge has not received an acknowledgement after a VDP packet times out. |
Recommended action |
No action is required. |
EVB_VSI_ONLINE
Message text |
VSI [STRING] came online, status is [STRING]. |
Variable fields |
$1: VSI interface/VSI aggregate interface name. $2: VSI status. |
Severity level |
6 |
Example |
EVB/6/EVB_VSI_ONLINE: VSI Schannel-Aggregation1:2.0 came online, status is association. |
Explanation |
The EVB bridge receives a VDP packet and creates a VSI interface or VSI aggregate interface successfully. |
Recommended action |
No action is required. |
EVIISIS messages
This section contains EVI IS-IS messages.
EVIISIS_LICENSE
Message text |
The EVIISIS feature has [STRING] license. |
Variable fields |
$1: License state: ¡ available—A valid license was found. ¡ no available—The current license became invalid, or no valid license was found. |
Severity level |
5 |
Example |
EVIISIS/5/EVIISIS_LICENSE: The EVIISIS feature has available license. |
Explanation |
This message is generated when EVI IS-IS license status changes. For example, an EVI IS-IS license is installed or becomes invalid. |
Recommended action |
Install a valid EVI IS-IS license if the current EVI IS-IS license is invalid or no license is available. |
EVIISIS_NBR_CHG
Message text |
EVIISIS [UINT32], [STRING] adjacency [STRING] ([STRING]), state changed to: [STRING]. |
Variable fields |
$1: EVI IS-IS process ID. $2: EVI IS-IS neighbor level. $3: Neighbor system ID. $4: Interface name. $5: Adjacency state: ¡ up—Adjacency was set up. ¡ initializing—Neighbor state was initializing. ¡ down—Adjacency was lost. |
Severity level |
5 |
Example |
EVIISIS/5/EVIISIS_NBR_CHG: EVIISIS 1, Level-1 adjacency 0011.2200.1501 (Evi-Link0), state changed to: down. |
Explanation |
The EVI IS-IS adjacency state changed on an interface. |
Recommended action |
When the adjacency with a neighbor changes to down or initializing on an interface, check for EVI IS-IS configuration errors or loss of network connectivity. |
FCLINK messages
This section contains FC link messages.
FCLINK_FDISC_REJECT_NORESOURCE
Message text |
VSAN [UINT16], Interface [STRING]: An FDISC was rejected because the hardware resource is not enough. |
Variable fields |
$1: VSAN ID. $2: Interface name. |
Severity level |
4 |
Example |
FCLINK/4/FCLINK_FDISC_REJECT_NORESOURCE: VSAN 1, Interface FC2/0/1: An FDISC was rejected because the hardware resource is not enough. |
Explanation |
An FDISC is received when the hardware resources are insufficient. |
Recommended action |
Reduce the number of nodes. |
FCLINK_FLOGI_REJECT_NORESOURCE
Message text |
VSAN [UINT16], Interface [STRING]: An FLOGI was rejected because the hardware resource is not enough. |
Variable fields |
$1: VSAN ID. $2: Interface name. |
Severity level |
4 |
Example |
FCLINK/4/FCLINK_FLOGI_REJECT_NORESOURCE: VSAN 1, Interface FC2/0/1: An FLOGI was rejected because the hardware resource is not enough. |
Explanation |
An FLOGI is received when the hardware resources are insufficient. |
Recommended action |
Reduce the number of nodes. |
FCOE messages
This section contains FCoE messages.
FCOE_INTERFACE_NOTSUPPORT_FCOE
Message text |
Because the aggregate interface [STRING] has been bound to a VFC interface, assigning the interface [STRING] that does not support FCoE to the aggregate interface might cause incorrect processing. |
Variable fields |
$1: Aggregate interface name. $2: Ethernet interface name. |
Severity level |
4 |
Example |
FCOE/4/FCOE_INTERFACE_NOTSUPPORT_FCOE: Because the aggregate interface Bridge-Aggregation 1 has been bound to a VFC interface, assigning the interface Ten-GigabitEthernet 2/0/1 that does not support FCoE to the aggregate interface might cause incorrect processing. |
Explanation |
This message is generated when an interface that does not support FCoE is assigned to an aggregate interface that has been bound to a VFC interface. |
Recommended action |
Assign an interface that supports FCoE to the aggregate interface, or remove the binding from the VFC interface. |
FCOE_LAGG_BIND_ACTIVE
Message text |
The binding between aggregate interface [STRING] and the VFC interface takes effect again, because the member port is unbound from its bound VFC interface or removed from the aggregate interface. |
Variable fields |
$1: Aggregate interface name. |
Severity level |
4 |
Example |
FCOE/4/FCOE_LAGG_BIND_ACTIVE: The binding between aggregate interface Bridge-Aggregation1 and the VFC interface takes effect again, because the member port is unbound from its bound VFC interface or removed from the aggregate interface. |
Explanation |
This message is generated when a member port of an aggregate interface is unbound from its bound VFC interface or removed from the aggregate interface. |
Recommended action |
No action is required. |
FCOE_LAGG_BIND_DEACTIVE
Message text |
The binding between aggregate interface [STRING] and the VFC interface is no longer in effect, because the new member port has been bound to a VFC interface. |
Variable fields |
$1: Aggregate interface name. |
Severity level |
4 |
Example |
FCOE/4/FCOE_LAGG_BIND_DEACTIVE: The binding between aggregate interface Bridge-Aggregation1 and the VFC interface is no longer in effect, because the new member port has been bound to a VFC interface. |
Explanation |
This message is generated when a new member port of an aggregate interface has been bound to a VFC interface. |
Recommended action |
No action is required. |
FCZONE messages
This section contains FC zone messages.
FCZONE_HARDZONE_DISABLED
Message text |
-VSAN=[UINT16]: No enough hardware resource for zone rule, switched to soft zoning. |
Variable fields |
$1: VSAN ID. |
Severity level |
4 |
Example |
FCZONE/4/FCZONE_HARDZONE_DISABLED: -VSAN=2: No enough hardware resource for zone rule, switched to soft zoning. |
Explanation |
Insufficient hardware resources. |
Recommended action |
Activate a smaller zone set. |
FCZONE_HARDZONE_ENABLED
Message text |
-VSAN=[UINT16]: Hardware resource for zone rule is restored, switched to hard zoning. |
Variable fields |
$1: VSAN ID. |
Severity level |
6 |
Example |
FCZONE/6/FCZONE_HARDZONE_ENABLED: -VSAN=2: Hardware resource for zone rule is restored, switched to hard zoning. |
Explanation |
Hard zoning is enabled in a VSAN because the hardware resources are restored. |
Recommended action |
No action is required. |
FCZONE_ISOLATE_NEIGHBOR
Message text |
|
Variable fields |
$1: VSAN ID. $2: Neighbor's switch WWN. |
Severity level |
4 |
Example |
|
Explanation |
All E_Ports connected to a neighbor were isolated because a merge operation with the neighbor failed. |
Recommended action |
To resolve the problem: 1. Use the display current-configuration command on the local switch and the neighbor switch to view their zoning configurations. 2. Modify those noncompliant configurations on both switches to be compliant with merge rules. 3. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation. |
FCZONE_ISOLATE_ALLNEIGHBOR
Message text |
|
Variable fields |
$1: VSAN ID. |
Severity level |
4 |
Example |
|
Explanation |
E_Ports connected to all neighbors were isolated because the length of the locally generated MR packet exceeded the limit. |
Recommended action |
To resolve the problem: 1. Use the display current-configuration command on the local switch to view the zoning configuration. 2. Delete unnecessary zoning configuration of the active zone set. 3. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation. Or 4. Activate a smaller zone set. 5. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation. |
FCZONE_ISOLATE_CLEAR_VSAN
Message text |
-Interface=[STRING]-VSAN=[UINT16]; Isolation status was cleared. |
Variable fields |
$1: Interface name. $2: VSAN ID. |
Severity level |
6 |
Example |
FCZONE/6/FCZONE_ISOLATE_CLEAR_VSAN: -Interface=Fc1/0/1-VSAN=2; Isolation status was cleared. |
Explanation |
The isolation status of an interface was cleared in a VSAN. |
Recommended action |
No action is required. |
FCZONE_ISOLATE_CLEAR_ALLVSAN
Message text |
-Interface=[STRING]; Isolation status was cleared in all supported VSANs. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
|
Explanation |
The isolation status of an interface was cleared in all supported VSANs. |
Recommended action |
No action is required. |
FCZONE_DISTRIBUTE_FAILED
Message text |
|
Variable fields |
$1: VSAN ID. |
Severity level |
4 |
Example |
|
Explanation |
A distribution operation failed. Consequently, the zoning configurations might be inconsistent across the fabric. |
Recommended action |
To resolve the problem if the distribution operation is triggered by using the zoneset activate command: 1. Verify that the contents of the active zone set are consistent on all switches by using the display current-configuration command. 2. Reactivate the zone set and distribute it to the entire fabric by using the zoneset activate command. 3. To resolve the problem if the distribution operation is triggered by using the zoneset distribute command: 4. Verify that the contents of the active zone set and zone database are consistent on all switches by using the display current-configuration command. 5. Trigger a new complete distribution by using the zoneset distribute command. 6. To resolve the problem if the distribution operation is triggered by a zoning mode switchover: 7. Verify that the zoning mode is the same on all switches by using the display zone status command. 8. Trigger a new complete distribution by using the zoneset distribute command. |
FIB messages
This section contains FIB messages.
FIB_FILE
Message text |
Failed to save the IP forwarding table due to lack of storage resources. |
Variable fields |
N/A |
Severity level |
4 |
Example |
FIB/4/FIB_FILE: -MDC=1; Failed to save the IP forwarding table due to lack of storage resources. |
Explanation |
Failed to save the IP forwarding table due to lack of storage resources. |
Recommended action |
Delete unused files to release storage space. |
FILTER messages
This section contains filter messages.
FILTER_EXECUTION_ICMP
Message text |
RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];IcmpType(1062)=[STRING]([UINT16]);IcmpCode(1063)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING]; |
Variable fields |
$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: Layer 4 protocol name. $6: Source IP address. $7: Destination IP address. $8: ICMP message type. $9: ICMP message code. $10: Match count. $11: Event information. |
Severity level |
6 |
Example |
FILTER/6/FILTER_EXECUTION_ICMP: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1067)=inbound;AclType(1064)=ACL;Acl(1065)=3000;Protocol(1001)=ICMP;SrcIPAddr(1003)=100.1.1.1;DstIPAddr(1007)=200.1.1.1;IcmpType(1059)=Echo(8);IcmpCode(1060)=0;MatchAclCount(1066)=1000;Event(1048)=Permit; |
Explanation |
ICMP packets matched the packet filter. This message is sent when the first ICMP packet of a flow matches the packet filter, and it will be sent regularly for the flow. |
Recommended action |
No action is required. |
FILTER_EXECUTION_ICMPV6
Message text |
RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];Icmpv6Type(1064)=[STRING]([UINT16]);Icmpv6Code(1065)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING]; |
Variable fields |
$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: Layer 4 protocol name. $6: Source IPv6 address. $7: Destination IPv6 address. $8: ICMPv6 message type. $9: ICMPv6 message code. $10: Match count. $11: Event information. |
Severity level |
6 |
Example |
FILTER/6/FILTER_EXECUTION_ICMPV6: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1067)=inbound;AclType(1064)=ACL;Acl(1065)=3000;Protocol(1001)=ICMPV6;SrcIPv6Addr(1036)=2001::1;DstIPv6Addr(1037)=3001::1;Icmpv6Type(1064)=Echo(128);Icmpv6Code(1065)=0;MatchAclCount(1066)=1000;Event(1048)=Permit; |
Explanation |
ICMPv6 packets matched the packet filter. This message is sent when the first ICMPv6 packet of a flow matches the packet filter, and it will be sent regularly for the flow. |
Recommended action |
No action is required. |
FILTER_IPV4_EXECUTION
Message text |
RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING]; |
Variable fields |
$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: Layer 4 protocol name. $6: Source IP address. $7: Source port. $8: Destination IP address. $9: Destination port number. $10: Match count. $11: Event information. |
Severity level |
6 |
Example |
FILTER/6/FILTER_IPV4_EXECUTION: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;AclType(1067)=ACL;Acl(1068)=3000;Protocol(1001)=TCP;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchAclCount(1069)=1000;Event(1048)=Permit; |
Explanation |
Packets other than ICMP packets matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and it will be sent regularly for the flow. |
Recommended action |
No action is required. |
FILTER_IPV6_EXECUTION
Message text |
RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING]; |
Variable fields |
$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: Layer 4 protocol name. $6: Source IPv6 address. $7: Source port number. $8: Destination IPv6 address. $9: Destination port number. $10: Match count. $11: Event information. |
Severity level |
6 |
Example |
FILTER/6/FILTER_IPV6_EXECUTION: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;AclType(1067)=ACL;Acl(1068)=3000;Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3001::1;DstPort(1008)=1026;MatchAclCount(1069)=1000;Event(1048)=Permit; |
Explanation |
Packets other than ICMPv6 packets matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and it will be sent regularly for the flow. |
Recommended action |
No action is required. |
FIPSNG messages
This section contains FIP snooping messages.
FIPSNG_HARD_RESOURCE_NOENOUGH
Message text |
No enough hardware resource for FIP snooping rule. |
Variable fields |
N/A |
Severity level |
4 |
Example |
FIPSNG/4/FIPSNG_HARD_RESOURCE_NOENOUGH: No enough hardware resource for FIP snooping rule. |
Explanation |
Hardware resources are insufficient. |
Recommended action |
No action is required. |
FIPSNG_HARD_RESOURCE_RESTORE
Message text |
Hardware resource for FIP snooping rule is restored. |
Variable fields |
N/A |
Severity level |
6 |
Example |
FIPSNG/6/FIPSNG_HARD_RESOURCE_RESTORE: Hardware resource for FIP snooping is restored. |
Explanation |
Hardware resources for FIP snooping rules are restored. |
Recommended action |
No action is required. |
FTP messages
This section contains File Transfer Protocol messages.
FTP_ACL_DENY
Message text |
The FTP Connection [IPADDR]([STRING]) request was denied according to ACL rules. |
Variable fields |
$1: IP address of the FTP client. $2: VPN instance to which the FTP client belongs.. |
Severity level |
5 |
Example |
FTP/5/FTP_ACL_DENY: The FTP Connection 1.2.3.4(vpn1) request was denied according to ACL rules. |
Explanation |
The FTP server denied a connection request based on the access control ACL.. |
Recommended action |
N/A |
FTP_REACH_SESSION_LIMIT
Message text |
FTP client [STRING] failed to log in. The current number of FTP sessions is [NUMBER]. The maximum number allowed is ([NUMBER]). |
Variable fields |
$1: IP address of the FTP client. $2: Current number of FTP sessions. $3: Maximum number of FTP sessions allowed by the device. |
Severity level |
|
Example |
|
Explanation |
The number of FTP connections reached the limit. |
Recommended action |
1. Use the display current-configuration | include session-limit command to view the current limit for FTP connections. If the command does not display the limit, the device is using the default setting. 2. If you want to set a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required. |
gRPC messages
This section contains gRPC messages.
GRPC_ENABLE_WITHOUT_TLS
Message text |
PKI domain [STRING] isn't associated with a valid local certificate. The gRPC process will start without the PKI domain. |
Variable fields |
$1: PKI domain name. |
Severity level |
4 |
Example |
GRPC/4/GRPC_ENABLE_WITHOUT_TLS: PKI domain xxx isn't associated with a valid local certificate. The gRPC process will start without the PKI domain. |
Explanation |
Because the specified PKI domain was not associated with a valid local certificate, gRPC failed to use the PKI domain to establish a secure connection with the collector. The connection between the device and collector cannot provide the data encryption service. |
Recommended action |
To provide the data encryption service for the gRPC connection, perform the following steps: 1. Make sure the PKI domain associated with gRPC has a valid local certificate and key. 2. Disable gRPC by using the undo grpc enable command. 3. Specify the PKI domain for gRPC by using the grpc pki domain command. 4. Enable gRPC by using the grpc enable command. |
GRPC_LOGIN
Message text |
[STRING] logged in from [STRING], session id [INT32]. |
Variable fields |
$1: Username. $2: Client ID. $3: Session ID. |
Severity level |
6 |
Example |
GRPC/6/GRPC_LOGIN: user logged in from 127.0.0.1, session id 1. |
Explanation |
A user logged in successfully. |
Recommended action |
No action is required. |
GRPC_LOGIN_FAILED
Message text |
[STRING] from [STRING] login failed. Or: [STRING] from [STRING] login failed. [STRING] |
Variable fields |
$1: Username. $2: Client ID. $3: Login failure reason. The value might be Number of the gRPC sessions reached the limit. |
Severity level |
4 |
Example |
GRPC/4/GRPC_LOGIN_FAILED: user from 127.0.0.1 login failed. |
Explanation |
A user failed to log in. |
Recommended action |
1. If no failure reason is displayed, verify that the user is configured and the user entered the correct username and password. 2. If the maximum number of gRPC sessions was already reached, release gRPC sessions as required. |
GRPC_LOGOUT
Message text |
[STRING] logged out, session id [INT32]. |
Variable fields |
$1: Username. $2: Session ID. |
Severity level |
6 |
Example |
GRPC/6/GRPC_LOGOUT: user logged out, session id 1. |
Explanation |
A user logged out successfully. |
Recommended action |
No action is required. |
GRPC_SERVER_FAILED
Message text |
Failed to enable gRPC server. |
Variable fields |
N/A |
Severity level |
4 |
Example |
GRPC/4/GRPC_SERVER_FAILED: Failed to enable gRPC server. |
Explanation |
A port conflict caused a gRPC server connection failure. |
Recommended action |
Identify whether a port conflict exist. If yes, modify the port settings as required. |
GRPC_SUBSCRIBE_EVENT_FAILED
Message text |
Failed to subscribe event [STRING]. |
Variable fields |
$ 1: Event name. |
Severity level |
4 |
Example |
GRPC/4/GRPC_SUBSCRIBE_EVENT_FAILED: Failed to subscribe event syslog. |
Explanation |
Failed to subscribe to an event. |
Recommended action |
No action is required. |
GRPC_RECEIVE_SUBSCRIPTION
Message text |
Received a subscription of module [STRING]. |
Variable fields |
$ 1: Module name. |
Severity level |
6 |
Example |
GRPC/6/GRPC_RECEIVE_SUBSCRIPTION: Received a subscription of module syslog. |
Explanation |
The device received a subscription request for a module. |
Recommended action |
No action is required. |
HA messages
This section contains HA messages.
HA_BATCHBACKUP_FINISHED
Message text |
Batch backup of standby board in [STRING] has finished. |
Variable fields |
$1: MPU location if the MPU supports only one CPU, or CPU location if the MPU supports multiple CPUs. |
Severity level |
5 |
Example |
HA/5/HA_BATCHBACKUP_FINISHED: Batch backup of standby board in slot 1 CPU 0 has finished. |
Explanation |
Batch backup from the active MPU to the standby MPU or a CPU on the standby MPU has finished. |
Recommended action |
No action is required. |
HA_BATCHBACKUP_STARTED
Message text |
Batch backup of standby board in [STRING] started. |
Variable fields |
$1: MPU location if the MPU supports only one CPU, or CPU location if the MPU supports multiple CPUs. |
Severity level |
5 |
Example |
HA/5/HA_BATCHBACKUP_STARTED: Batch backup of standby board in slot 1 CPU 0 started. |
Explanation |
Batch backup from the active MPU to the standby MPU or a CPU on the standby MPU has started. |
Recommended action |
No action is required. |
HA_STANDBY_NOT_READY
Message text |
Standby board in [STRING] is not ready, reboot ... |
Variable fields |
$1: MPU location if the MPU supports only one CPU, or CPU location if the MPU supports multiple CPUs. |
Severity level |
4 |
Example |
HA/4/HA_STANDBY_NOT_READY: Standby board in slot 1 CPU 0 is not ready, reboot ... |
Explanation |
This message appears on the standby MPU. When batch backup is not complete on the standby MPU or a CPU on the standby MPU, performing active and standby MPU switchover results in restart of the active and standby MPUs. |
Recommended action |
Do not perform active and standby MPU switchover before batch backup is complete on the standby MPU or a CPU on the standby MPU. |
HA_STANDBY_TO_MASTER
Message text |
Standby board in [STRING] changed to the master. |
Variable fields |
$1: MPU location if the MPU supports only one CPU, or CPU location if the MPU supports multiple CPUs. |
Severity level |
4 |
Example |
HA/4/HA_STANDBY_TO_MASTER: Standby board in slot 1 CPU 0 changed to the master. |
Explanation |
An active and standby MPU switchover occurs. The standby MPU or a CPU on the standby MPU changed to the active MPU or CPU. |
Recommended action |
No action is required. |
HQOS messages
This section contains HQoS messages.
HQOS_DP_SET_FAIL
Message text |
Failed to set drop profile [STRING] globally. |
Variable fields |
$1: Drop profile name. |
Severity level |
4 |
Example |
HQOS/4/HQOS_DP_SET_FAIL: Failed to set drop profile b globally. |
Explanation |
The system failed to perform one of the following actions: · Apply a drop profile globally. · Modify a drop profile applied globally. |
Recommended action |
Check the drop profile settings. |
HQOS_FP_SET_FAIL
Message text |
Failed to set [STRING] in forwarding profile [STRING] globally. |
Variable fields |
$1: Policy type: · gts. · bandwidth. · queue. · drop profile. $2: Forwarding profile name. |
Severity level |
4 |
Example |
HQOS/4/HQOS_FP_SET_FAIL: Failed to set gts in forwarding profile b globally. |
Explanation |
The system failed to perform one of the following actions: · Apply a forwarding profile globally. · Modify a forwarding profile applied globally. |
Recommended action |
Examine the forwarding profile, and make sure it is supported and has no conflicted contents. |
HQOS_POLICY_APPLY_FAIL
Message text |
Failed to apply some forwarding classes or forwarding groups in scheduler policy [STRING] to the [STRING] direction of interface [STRING]. |
Variable fields |
$1: Scheduler policy name. $2: Policy direction: inbound or outbound. $3: Interface name. |
Severity level |
4 |
Example |
HQOS/4/HQOS_POLICY_APPLY_FAIL: Failed to apply some forwarding classes or forwarding groups in scheduler policy b to the inbound direction of interface Ethernet3/1/2. |
Explanation |
The system failed to perform one of the following actions: · Apply a scheduler policy to a specific direction of an interface. · Modify a scheduler policy applied to a specific direction of an interface. |
Recommended action |
Use the display qos scheduler-policy diagnosis interface command to identify the nodes that failed to be applied and the failure causes, and modify the running configuration. |
HQOS_POLICY_APPLY_FAIL
Message text |
Failed to recover scheduler policy [STRING] to the [STRING] direction of interface [STRING] due to [STRING]. |
Variable fields |
$1: Scheduler policy name. $2: Policy direction: inbound or outbound. $3: Interface name. $4: Cause. |
Severity level |
4 |
Example |
HQOS/4/HQOS_POLICY_RECOVER_FAIL: Failed to recover scheduler policy b to the outbound direction of interface Ethernet3/1/2 due to conflicting with QoS configuration. |
Explanation |
The system failed to recover an applied scheduler policy after the card or device rebooted, because the scheduler policy conflicted with the QoS configuration on the interface. |
Recommended action |
Check the scheduler policy configuration according to the failure cause. |
HTTPD messages
This section contains HTTP daemon messages.
HTTPD_CONNECT
Message text |
[STRING] client [STRING] connected to the server successfully. |
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
Severity level |
6 |
Example |
HTTPD/6/HTTPD_CONNECT: HTTP client 192.168.30.117 connected to the server successfully. |
Explanation |
The HTTP or HTTPS server accepted the request from a client. An HTTP or HTTPS connection was set up. |
Recommended action |
No action is required. |
HTTPD_CONNECT_TIMEOUT
Message text |
[STRING] client [STRING] connection idle timeout. |
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
Severity level |
6 |
Example |
HTTPD/6/HTTPD_CONNECT_TIMEOUT: HTTP client 192.168.30.117 connection to server idle timeout. |
Explanation |
An HTTP or HTTPS connection was disconnected because the idle timeout timer expires. |
Recommended action |
No action is required. |
HTTPD_DISCONNECT
Message text |
[STRING] client [STRING] disconnected from the server. |
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
Severity level |
6 |
Example |
HTTPD/6/HTTPD_DISCONNECT: HTTP client 192.168.30.117 disconnected from the server. |
Explanation |
An HTTP or HTTPS client was disconnected from the server. |
Recommended action |
No action is required. |
HTTPD_FAIL_FOR_ACL
Message text |
[STRING] client [STRING] failed the ACL check and could not connect to the server. |
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
Severity level |
6 |
Example |
HTTPD/6/HTTPD_FAIL_FOR_ACL: HTTP client 192.168.30.117 failed the ACL check and cannot connect to the server. |
Explanation |
An HTTP or HTTPS client was filtered by the ACL. |
Recommended action |
No action is required. |
HTTPD_FAIL_FOR_ACP
Message text |
[STRING] client [STRING] was denied by the certificate access control policy and could not connect to the server. |
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
Severity level |
6 |
Example |
HTTPD/6/HTTPD_FAIL_FOR_ACP: HTTP client 192.168.30.117 was denied by the certificate attribute access control policy and could not connect to the server. |
Explanation |
An HTTP or HTTPS client was denied by the certificate access control policy. |
Recommended action |
No action is required. |
HTTPD_REACH_CONNECT_LIMIT
Message text |
[STRING] client [STRING] failed to connect to the server, because the number of connections reached the upper limit. |
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
Severity level |
6 |
Example |
HTTPD/6/HTTPD_REACH_CONNECT_LIMIT: HTTP client 192.168.30.117 failed to connect to the server, because the number of connections reached the upper limit. |
Explanation |
The number of connections reached the limit. |
Recommended action |
1. Use the display current-configuration | include session-limit command to view the current limit for connections of the specified type. If the command does not display the limit, the device is using the default setting. 2. If you want to specify a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required. |
IFNET messages
This section contains interface management messages.
FLEXE_BANDWIDTH_MISMATCH
Message text |
The bandwidth of local FlexE logical interface [STRING] did not match the bandwidth of the peer interface with the same client ID. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
IFNET/4/FLEXE_BANDWIDTH_MISMATCH: The bandwidth of local FlexE logical interface FlexE2/1/129 did not match the bandwidth of the peer interface with the same client ID. |
Explanation |
FlexE logical interfaces configured with the same client ID on two ends were configured with different available bandwidth. |
Recommended action |
Use the flexe-group bandwidth command to modify the available bandwidth of FlexE interfaces to ensure configuration consistency. |
FLEXE_BANDWIDTH_MISMATCH_RECOVER
Message text |
The bandwidth of local FlexE logical interface [STRING] matched the bandwidth of the peer interface with the same client ID. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
IFNET/5/FLEXE_BANDWIDTH_MISMATCH_RECOVER: The bandwidth of local FlexE logical interface FlexE2/1/129 matched the bandwidth of the peer interface with the same client ID. |
Explanation |
FlexE logical interfaces configured with the same client ID on two ends were configured with the same available bandwidth. |
Recommended action |
No action is required. |
FLEXE_BANDWIDTH_REDUCE
Message text |
The actual bandwidth [INT32] Gbps of FlexE logical interface [STRING] became less than the configured bandwidth. |
Variable fields |
$1: Interface bandwidth. $2: Interface name. |
Severity level |
4 |
Example |
IFNET/4/FLEXE_BANDWIDTH_REDUCE: The actual bandwidth 50 Gbps of FlexE logical interface FlexE2/1/129 became less than the configured bandwidth. |
Explanation |
A FlexE physical interface went down. As a result, the bandwidth of the corresponding FlexE logical interface became less. |
Recommended action |
Check the physical connection of the FlexE physical interface and identify whether the link fails. |
FLEXE_BANDWIDTH_REDUCE_RECOVER
Message text |
The actual bandwidth [INT32] Gbps of FlexE logical interface [STRING] became equal to the configured bandwidth. |
Variable fields |
$1: Interface bandwidth. $2: Interface name. |
Severity level |
5 |
Example |
IFNET/5/FLEXE_BANDWIDTH_REDUCE_RECOVER: The actual bandwidth 100 Gbps of FlexE logical interface FlexE2/1/129 became equal to the configured bandwidth. |
Explanation |
A FlexE physical interface came up. As a result, the bandwidth of the corresponding FlexE logical interface recovered. |
Recommended action |
No action is required. |
FLEXE_CLIENTID_MISMATCH
Message text |
The client ID of local FlexE logical interface [STRING] did not match the client ID of a peer interface. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
IFNET/4/FLEXE_CLIENTID_MISMATCH: The client ID of local FlexE logical interface FlexE2/1/129 did not match the client ID of a peer interface. |
Explanation |
FlexE logical interfaces on two ends were configured with different client IDs. |
Recommended action |
Use the flexe client-id command to modify the client IDs of FlexE logical interfaces to ensure configuration consistency. |
FLEXE_CLIENTID_MISMATCH_RECOVER
Message text |
The client ID of local FlexE logical interface [STRING] matched the client ID of a peer interface. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
IFNET/5/FLEXE_CLIENTID_MISMATCH_RECOVER: The client ID of local FlexE logical interface FlexE2/1/129 matched the client ID of a peer interface. |
Explanation |
The FlexE logical interfaces on two ends were configured with the same client ID. |
Recommended action |
No action is required. |
FLEXE_GROUP_FAULT
Message text |
FlexE interface group [INT32] state changed to fault. |
Variable fields |
$1: FlexE interface group number. |
Severity level |
4 |
Example |
IFNET/4/FLEXE_GROUP_FAULT: FlexE interface group 1 state changed to fault. |
Explanation |
All FlexE physical interfaces in an FlexE interface group went down. As a result, the FlexE interface group failed. |
Recommended action |
Check the physical connections of the FlexE physical interfaces and identify whether the link fails. |
FLEXE_GROUP_FAULT_RECOVER
Message text |
FlexE interface group [INT32] state changed to normal |
Variable fields |
$1: FlexE interface group number. |
Severity level |
5 |
Example |
IFNET/5/FLEXE_GROUP_FAULT_RECOVER: FlexE interface group 1 state changed to normal. |
Explanation |
FlexE physical interfaces in up state existed in the FlexE interface group, and the FlexE interface group recovered. |
Recommended action |
No action is required. |
FLEXE_GROUPMEMBER_FAULT
Message text |
FlexE physical interface [STRING] in FlexE interface group [INT32] failed. |
Variable fields |
$1: Interface name. $2: FlexE interface group number. |
Severity level |
4 |
Example |
IFNET/4/FLEXE_GROUPMEMBER_FAULT: FlexE physical interface FlexE-50G2/1/1 in FlexE interface group 1 failed. |
Explanation |
FlexE physical interfaces in the FlexE interface group failed. |
Recommended action |
1. Check the physical connection of the FlexE physical interface and identify whether the link fails. 2. Identify whether the peer device fails. |
FLEXE_GROUPMEMBER_FAULT_RECOVER
Message text |
FlexE physical interface [STRING] in FlexE interface group [INT32] recovered. |
Variable fields |
$1: Interface name. $2: FlexE interface group number. |
Severity level |
5 |
Example |
IFNET/5/FLEXE_GROUPMEMBER_FAULT_RECOVER: FlexE physical interface FlexE-50G2/1/1 in FlexE interface group 1 recovered. |
Explanation |
FlexE physical interfaces in the FlexE interface group recovered. |
Recommended action |
No action is required. |
FLEXE_PHYFCSSD_ALARM
Message text |
FCS-SD error occurred on local FlexE physical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
IFNET/4/FLEXE_PHYFCSSD_ALARM: FCS-SD error occurred on local FlexE physical interface FlexE-50G2/1/1. |
Explanation |
An FCS-SD error occurred on a FlexE physical interface. |
Recommended action |
Identify whether the physical link of the FlexE physical interface is normal. |
FLEXE_PHYFCSSD_ALARM_RECOVER
Message text |
FCS-SD error on local FlexE physical interface [STRING] was cleared. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
IFNET/5/FLEXE_PHYFCSSD_ALARM_RECOVER: FCS-SD error on local FlexE physical interface FlexE-50G2/1/1 was cleared. |
Explanation |
The FCS-SD error on a FlexE physical interface was cleared. |
Recommended action |
No action is required. |
FLEXE_PHYGROUP_MISMATCH
Message text |
FlexE interface group [INT32] of local FlexE physical interface [STRING] did not match the FlexE interface group [INT32] of the peer interface. |
Variable fields |
$1: Local FlexE interface group number. $2: Interface name. $3: Peer FlexE interface group number. |
Severity level |
4 |
Example |
IFNET/4/FLEXE_PHYGROUP_MISMATCH: FlexE interface group 1 of local FlexE physical interface FlexE-50G2/1/1 did not match the FlexE interface group 2 of the peer interface. |
Explanation |
Two FlexE physical interfaces interconnected were in different FlexE interface groups. |
Recommended action |
Use the port flexe-group command to modify the FlexE interface groups of FlexE physical interfaces and assign the two interconnected FlexE physical interfaces to the same FlexE interface group. |
FLEXE_PHYGROUP_MISMATCH_RECOVER
Message text |
FlexE interface group [INT32] of local FlexE physical interface [STRING] matched the FlexE interface group [INT32] of the peer interface. |
Variable fields |
$1: Local FlexE interface group number. $2: Interface name. $3: Peer FlexE interface group number. |
Severity level |
5 |
Example |
IFNET/5/FLEXE_PHYGROUP_MISMATCH_RECOVER: FlexE interface group 1 of local FlexE physical interface FlexE-50G2/1/1 matched the FlexE interface group 1 of the peer interface. |
Explanation |
Two interconnected FlexE physical interfaces were assigned to the same FlexE interface group. |
Recommended action |
No action is required. |
FLEXE_PHYLOCAL_FAULT
Message text |
Local FlexE physical interface [STRING] failed and a port failure alarm was sent to the peer interface. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
IFNET/4/FLEXE_PHYLOCAL_FAULT: Local FlexE physical interface FlexE-50G2/1/1 failed and a port failure alarm was sent to the peer interface. |
Explanation |
A failure occurred on a local FlexE physical interface and an alarm was generated to notify the peer FlexE physical interface. |
Recommended action |
Identify whether the physical connection of the local FlexE physical interface is normal or whether the local FlexE physical interface is manually shut down. |
FLEXE_PHYLOCAL_FAULT_RECOVER
Message text |
Local FlexE physical interface [STRING] recovered. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
IFNET/5/FLEXE_PHYLOCAL_FAULT_RECOVER: Local FlexE physical interface FlexE-50G2/1/1 recovered. |
Explanation |
The failure on the local FlexE physical interface recovered. |
Recommended action |
No action is required. |
FLEXE_PHYNUM_MISMATCH
Message text |
PHY number [INT32] of local FlexE physical interface [STRING] did not match the PHY number [INT32] of the peer interface. |
Variable fields |
$1: PHY number for the local FlexE physical interface. $2: Interface name. $3: PHY number for the peer FlexE physical interface. |
Severity level |
4 |
Example |
IFNET/4/FLEXE_PHYNUM_MISMATCH: PHY number 10 of local FlexE physical interface Flex-50GE-2/1/1 did not match the PHY number 20 of the peer interface. |
Explanation |
Two interconnected FlexE physical interfaces were configured with different PHY numbers. |
Recommended action |
Use the phy-number command to modify PHY numbers of FlexE physical interfaces to ensure configuration consistency. |
FLEXE_PHYNUM_MISMATCH_RECOVER
Message text |
PHY number [INT32] of local FlexE physical interface [STRING] matched the PHY number [INT32] of the peer interface. |
Variable fields |
$1: PHY number for the local FlexE physical interface. $2: Interface name. $3: PHY number for the peer FlexE physical interface. |
Severity level |
5 |
Example |
IFNET/5/FLEXE_PHYNUM_MISMATCH_RECOVER: PHY number 10 of local FlexE physical interface FlexE-50G2/1/1 matched the PHY number 10 of the peer interface. |
Explanation |
Two interconnected FlexE physical interfaces were configured with the same PHY number. |
Recommended action |
No action is required. |
FLEXE_PHYREMOTE_FAULT
Message text |
The peer interface of local FlexE physical interface [STRING] failed. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
IFNET/4/FLEXE_PHYREMOTE_FAULT: The peer interface of local FlexE physical interface FlexE-50G2/1/1 failed. |
Explanation |
The peer FlexE physical interface failed. |
Recommended action |
Identify whether the physical connection of the peer FlexE physical interface is normal or whether the peer FlexE physical interface is manually shut down. |
FLEXE_PHYREMOTE_FAULT_RECOVER
Message text |
The peer interface of local FlexE physical interface [STRING] recovered. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
IFNET/5/FLEXE_PHYREMOTE_FAULT_RECOVER: The peer interface of local FlexE physical interface FlexE-50G2/1/1 recovered. |
Explanation |
The peer FlexE physical interface recovered. |
Recommended action |
No action is required. |
FLEXE_STSG_MISMATCH
Message text |
The sub-timeslot granularity [INT32] Gbps of the subcard where local FlexE physical interface [STRING] resides did not match that of the subcard where the peer interface resides. |
Variable fields |
$1: Sub-timeslot granularity. $2: Interface name. |
Severity level |
4 |
Example |
IFNET/4/FLEXE_STSG_MISMATCH: The sub-timeslot granularity 5 Gbps of the subcard where local FlexE interface FlexE-50G2/1/1 resides did not match that of the subcard where the peer interface resides. |
Explanation |
The subcards of two interconnected FlexE physical interfaces were configured with different sub-timeslot granularities. |
Recommended action |
Use the flexe sub-time-slot granula command to modify the sub-timeslot granularities of two interconnected devices to ensure configuration consistency. |
FLEXE_STSG_MISMATCH_RECOVER
Message text |
The sub-timeslot granularity [INT32] Gbps of the subcard where local FlexE physical interface [STRING] resides matched that of the subcard where the peer interface resides. |
Variable fields |
$1: Sub-timeslot granularity. $2: Interface name. |
Severity level |
5 |
Example |
IFNET/5/FLEXE_STSG_MISMATCH_RECOVER: The sub-timeslot granularity 5 Gbps of the subcard where local FlexE interface FlexE-50G2/1/1 resides matched that of the subcard where the peer interface resides. |
Explanation |
The subcards of two interconnected FlexE physical interfaces were configured with the same sub-timeslot granularity. |
Recommended action |
No action is required. |
IF_JUMBOFRAME_WARN
Message text |
The specified size of jumbo frames on the aggregate interface [STRING] is not supported on the member port [STRING]. |
Variable fields |
$1: Aggregate interface name. $1: Member port name. |
Severity level |
3 |
Example |
IFNET/3/IF_JUMBOFRAME_WARN: -MDC=1-Slot=3; The specified size of jumbo frames on the aggregate interface Bridge-Aggregation1 is not supported on the member port GigabitEthernet1/0/1. |
Explanation |
Some member ports do not support the jumbo frame size configured on the aggregate interface. |
Recommended action |
1. Identity the value range for the jumbo frame size supported on member ports. 2. Specify a jumbo frame size supported by member ports for the aggregate interface. |
INTERFACE_NOTSUPPRESSED
Message text |
Interface [STRING] is not suppressed. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
IFNET/6/INTERFACE_NOTSUPPRESSED: Interface GigabitEthernet1/0/1 is not suppressed. |
Explanation |
The interface changed from suppressed state to unsuppressed state. When the interface is unsuppressed, the upper-layer services can detect the physical state changes of the interface. |
Recommended action |
No action is required. |
INTERFACE_SUPPRESSED
Message text |
Interface [STRING] was suppressed. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
IFNET/5/INTERFACE_SUPPRESSED: Interface GigabitEthernet1/0/1 was suppressed. |
Explanation |
The interface was suppressed because its state frequently changed. When the interface is suppressed, the upper-layer services cannot detect the physical state changes of the interface. |
Recommended action |
1. Check whether the network cable of the interface or peer interface is frequently plugged and unplugged. 2. Configure physical state change suppression to adjust the suppression parameters. |
LINK_UPDOWN
Message text |
Line protocol state on the interface [STRING] changed to [STRING]. |
Variable fields |
$1: Interface name. $2: State of link layer protocol, which can be up or down. |
Severity level |
4 |
Example |
IFNET/4/LINK_UPDOWN: Line protocol state on the interface GigabitEthernet1/0/1 changed to down. |
Explanation |
The link layer protocol state changed on an interface. |
Recommended action |
When the link layer protocol state of an interface is down, use the display interface command to display the link layer protocol state and locate the reason for which the link layer protocol state changed to down on the interface. |
PHY_UPDOWN
Message text |
Physical state on the interface [STRING] changed to [STRING]. |
Variable fields |
$1: Interface name. $2: Link state, which can be up or down. |
Severity level |
3 |
Example |
IFNET/3/PHY_UPDOWN: Physical state on the GigabitEthernet1/0/1 changed to down. |
Explanation |
The physical state changed on an interface. |
Recommended action |
When the interface is physically down, check whether a physical link is present or whether the link fails. |
PROTOCOL_UPDOWN
Message text |
Protocol [STRING] state on the interface [STRING] changed to [STRING]. |
Variable fields |
$1: Protocol name. $2: Interface name. $3: Protocol state, which can be up or down. |
Severity level |
5 |
Example |
IFNET/5/PROTOCOL_UPDOWN: Protocol IPX state on the interface GigabitEthernet1/0/1 changed to up. |
Explanation |
The state of a protocol has been changed on an interface. |
Recommended action |
When the state of a network layer protocol is down, check the network layer protocol configuration. |
VLAN_MODE_CHANGE
Message text |
Dynamic VLAN [INT32] has changed to a static VLAN. |
Variable fields |
$1: VLAN ID. |
Severity level |
5 |
Example |
IFNET/5/VLAN_MODE_CHANGE: Dynamic VLAN 20 has changed to a static VLAN. |
Explanation |
Creating a VLAN interface for a VLAN cause the dynamic VLAN to become a static VLAN. |
Recommended action |
No action is required. |
IKE messages
This section contains IKE messages.
IKE_P1_SA_ESTABLISH_FAIL
Message text |
Failed to establish phase 1 SA for the reason of [STRING]. The SA's source address is [STRING], and its destination address is [STRING]. |
Variable fields |
$1: no matching proposal | invalid ID information | unavailable certificate | unsupported DOI | unsupported situation | invalid proposal syntax | invalid SPI | invalid protocol ID | invalid certificate | authentication failure | invalid message header | invalid transform ID | malformed payload | retransmission timeout | incorrect configuration. $2: Source address. $3: Destination address. |
Severity level |
6 |
Example |
IKE/6/IKE_P1_SA_ESTABLISH_FAIL: Failed to establish phase 1 SA for the reason of no matching proposal. The SA’s source address is 1.1.1.1 and its destination address is 2.2.2.2. |
Explanation |
An IKE SA cannot be established in phase 1. The failure reason is displayed. |
Recommended action |
Check the IKE configuration on the local and remote devices. |
IKE_P2_SA_ESTABLISH_FAIL
Message text |
Failed to establish phase 2 SA for the reason of [STRING]. The SA's source address is [STRING], and its destination address is [STRING]. |
Variable fields |
$1: invalid key information | invalid ID information | unavailable proposal | unsupported DOI | unsupported situation | invalid proposal syntax | invalid SPI | invalid protocol ID | invalid hash information | invalid message header | malformed payload | retransmission timeout | incorrect configuration. $2: Source address. $3: Destination address. |
Severity level |
6 |
Example |
IKE/6/IKE_P2_SA_ESTABLISH_FAIL: Failed to establish phase 2 SA for the reason of invalid key information. The SA’s source address is 1.1.1.1, and its destination address is 2.2.2.2. |
Explanation |
An IPsec SA cannot be established in phase 2. The failure reason is displayed. |
Recommended action |
Check the IKE and IPsec configurations on the local and remote devices. |
IKE_P2_SA_TERMINATE
Message text |
The IKE phase 2 SA was deleted for the reason of [STRING]. The SA's source address is [STRING], and its destination address is [STRING]. |
Variable fields |
$1: Reason that the SA is deleted, which is SA expiration. $2: Source address. $3: Destination address. |
Severity level |
6 |
Example |
IKE/6/IKE_P2_SA_TERMINATE: The IKE phase 2 SA was deleted for the reason of SA expiration. The SA’s source address is 1.1.1.1, and its destination address is 2.2.2.2. |
Explanation |
An IPsec SA is deleted in phase 2 because it expires. |
Recommended action |
No action is required. |
INTRACE messages
This section contains Internet Protocol Control Block (INPCB) messages.
WHITELIST
Message text |
-[STRING]; Failed to add ACL rule [STRING]:[UINT16] -> [STRING]:[UINT16] to the whitelist, VRF: [UINT16], error code: 0x[UINT32]. |
Variable fields |
$1: Card number. $2: Local address. $3: Local port number. $4: Remote address. $5: Remote port number. $6: VRF (VPN instance) index. $7: Error code: ¡ 0x22010002—The ACL rule already exists. ¡ 0x22010008—The number of rules in the whitelist has reached the upper limit. ¡ 0x40010001—Other errors, for example, the MDC control block does not exist. ¡ 0x4001000B—Insufficient resources. |
Severity level |
3 |
Example |
INTRACE/3/WHITELIST: -Chassis=2-Slot=3; Failed to add ACL rule 1.1.1.1:36523 -> 1.1.1.2:179 to the whitelist, VRF: 0, error code: 0x22010002. |
Explanation |
A TCP-based service failed to add an ACL rule to the whitelist. |
Recommended action |
Verify that the TCP connection is correct for the TCP-based service. |
Message text |
-[STRING]; Failed to delete ACL rule [STRING]:[UINT16] -> [STRING]:[UINT16] from the whitelist, VRF: [UINT16], error code: 0x[UINT32]. |
Variable fields |
$1: Card number. $2: Local address. $3: Local port number. $4: Remote address. $5: Remote port number. $6: VRF (VPN instance) index. $7: Error code: ¡ 0x40010001—Other errors, for example, the MDC control block does not exist. ¡ 0x40010008—Incorrect input parameters. ¡ 0x4001000B—Insufficient resources. |
Severity level |
3 |
Example |
INTRACE/3/WHITELIST:-Chassis=2-Slot=3; Failed to delete ACL rule 1.1.1.1:36523 -> 1.1.1.2:179 from the whitelist, VRF: 0, error code: 0x22010001. |
Explanation |
A TCP-based service failed to remove an ACL rule from the whitelist. |
Recommended action |
Verify that the TCP-based service and the whitelist run correctly. |
IP6ADDR
This section contains IPv6 addressing messages.
IP6ADDR_CREATEADDRESS_ERROR
Message text |
Failed to create an address by the prefix. Reason: [STRING] on [STRING] and [STRING] on [STRING] overlap. |
Variable fields |
$1: IPv6 prefix. $2: Interface name. $3: IPv6 prefix. $4: Interface name. |
Severity level |
4 |
Example |
IP6ADDR/4/IP6ADDR_CREATEADDRESS_ERROR: Failed to create an address by the prefix. Reason: 2001::/ 64 on GigabitEthernet1/0/2 and 2001::/64 on GigabitEthernet1/0/1 overlap. |
Explanation |
The device failed to use a prefix to generate an IPv6 address for an interface because the prefixes overlapped on this interface and another interface. |
Recommended action |
Cancel the IPv6 address configuration on the conflicting interface and configure the interface to generate an IPv6 address by using a different prefix. |
IP6ADDR_CREATEADDRESS_INVALID
Message text |
Can't configure the unspecified address or loopback address on [STRING] by using a prefix with all zeros. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
IP6ADDR/4/IP6ADDR_CREATEADDRESS_INVALID: Can't configure the unspecified address or loopback address on GigabitEthernet1/0/1 by using a prefix with all zeros. |
Explanation |
This message is sent when you use the ipv6 prefix command to configure an all-zero IPv6 prefix and then specify this prefix in the ipv6 address prefix-number command to configure an unspecified or loopback IPv6 address for an interface. Interfaces do not support the unspecified or loopback IPv6 address. |
Recommended action |
Cancel the configuration and reconfigure an IPv6 address for the interface. |
IP6FW messages
This section contains IPv6 Forwarding (IP6FW) messages.
IP6FW_ABNORMAL_HEADERS
Message text |
Received an IPv6 packet with repeated extension headers. |
Variable fields |
None. |
Severity level |
6 |
Example |
IP6FW/6/IP6FW_ABNORMAL_HEADERS: Received an IPv6 packet with repeated extension headers. |
Explanation |
This message is sent when the device received an IPv6 packet with repeated extension headers. |
Recommended action |
Verify the packet source. |
IP6FW_FAILED_TO_SET_MTU
Message text |
Failed to set MTU [UINT32] on interface [STRING] for IPv6 packets. |
Variable fields |
$1: MTU value. $2: Interface name. |
Severity level |
5 |
Example |
IP6FW/5/IP6FW_FAILED_TO_SET_MTU: Failed to set MTU 9600 on interface GigabitEthernet6/3/8 for IPv6 packets. |
Explanation |
Failed to set an MTU value on an interface. |
Recommended action |
Modify the MTU value for the interface. |
IPADDR messages
This section contains IP addressing messages.
IPADDR_HA_EVENT_ERROR
Message text |
A process failed HA upgrade because [STRING]. |
Variable fields |
$1: HA upgrade failure reason: ¡ IPADDR failed the smooth upgrade. ¡ IPADDR failed to reupgrade to the master process. ¡ IPADDR stopped to restart the timer. ¡ IPADDR failed to upgrade to the master process. ¡ IPADDR failed to restart the upgrade. ¡ IPADDR failed to add the unicast object to the master task epoll. ¡ IPADDR failed to create an unicast object. ¡ IPADDR role switchover failed when the standby process switched to the master process. ¡ IPADDR switchover failed when the master process switched to the standby process. ¡ IPADDR HA upgrade failed. ¡ IPADDR failed to set the interface filtering criteria. ¡ IPADDR failed to register interface events. ¡ IPADDR failed to subscribe port events. ¡ IPADDR failed to add a VPN port event to the master epoll. ¡ IRDP failed to open DBM. ¡ IRDP failed to initiate a connection to the device management module. ¡ IRDP failed to add the master task epoll with the handle used to connect to the device management module. ¡ IRDP failed to register device management events. ¡ IRDP failed to subscribe port events. ¡ IRDP failed to add the master task epoll with the handle used to subscribe port events. ¡ IRDP failed to set the interface filtering criteria. ¡ IRDP failed to register interface events. ¡ IRDP failed to register network events. ¡ IRDP failed to create the interface control block storage handle. ¡ IRDP failed to create the timer. ¡ IRDP failed to add the master task epoll with the handle used to create the timer. ¡ IRDP failed to set the schedule time for the timer. ¡ IRDP failed to set the timer to unblocked status. ¡ IRDP failed to create a timer instance. |
Severity level |
4 |
Example |
IPADDR/4/IPADDR_HA_EVENT_ERROR: A process failed HA upgrade because IPADDR failed the smooth upgrade. |
Explanation |
A process failed HA upgrade and the message showed the failure reason. |
Recommended action |
Please contact H3C Support. |
IPADDR_HA_STOP_EVENT
Message text |
The device received an HA stop event. |
Variable fields |
None. |
Severity level |
4 |
Example |
IPADDR/4/IPADDR_HA_STOP_EVENT: The device received an HA stop event. |
Explanation |
This message is sent when the device receives an HA stop event. |
Recommended action |
Please contact H3C Support. |
IPFW messages
This section contains IP Forwarding (IPFW) messages.
IP_ADD_FLOW_ANTITCPSYNFLD
Message text |
Add a flow-based entry: Packet type=[STRING]; SrcIP=[IPADDR]; DstPort=[UINT16]; VPN=[STRING]. |
Variable fields |
$1: Packet type: MPLS or IP. $2: Source IP address of the attack packet. $3: Destination port number of the attack packet. $4: VPN instance name. The field value is the public network if the attack packet belongs to the public network and is N/A if no name is obtained. |
Severity level |
4 |
Example |
IPFW/4/IP_ADD_FLOW_ANTITCPSYNFLD: Add a flow-based entry: Packet type=IP; SrcIP=2000::1; DstPort=23; VPN=the public network |
Explanation |
The device detected a flow-based TCP SYN flood attack and added a flow-based TCP SYN flood attack prevention entry. |
Recommended action |
Check the attack source. |
IP_ADD_FLOW_ANTIUDPFLD
Message text |
Add a flow-based entry: Packet type=[STRING]; SrcIP=[IPADDR]; DstPort=[UINT16]; VPN=[STRING]. |
Variable fields |
$1: Packet type: MPLS or IP. $2: Source IP address of the attack packet. $3: Destination port number of the attack packet. $4: VPN instance name. The field value is the public network if the attack packet belongs to the public network and is N/A if no name is obtained. |
Severity level |
4 |
Example |
IPFW/4/IP_ADD_FLOW_ANTIUDPFLD: Add a flow-based entry: Packet type=IP; SrcIP=2000::1; DstPort=69; VPN=the public network. |
Explanation |
The device detected a flow-based UDP flood attack and added a flow-based UDP flood attack prevention entry. |
Recommended action |
Check the attack source. |
IP_ADD_INTERFACE_ANTITCPSYNFLD
Message text |
Add an interface-based entry: Packet type=[STRING]; Interface=[STRING]. |
Variable fields |
$1: Packet type: MPLS or IP. $2: Interface name. |
Severity level |
4 |
Example |
IPFW/4/IP_ADD_INTERFACE_ANTITCPSYNFLD: Add an interface-based entry: Packets type=MPLS; Interface=GigabitEthernet1/0/1. |
Explanation |
The device detected an interface-based TCP SYN flood attack and added an interface-based TCP SYN flood attack prevention entry. |
Recommended action |
Check the attack source. |
IP_ADD_INTERFACE_ANTIUDPFLD
Message text |
Add an interface-based entry: Packet type=[STRING]; Interface=[STRING]. |
Variable fields |
$1: Packet type: MPLS or IP. $2: Interface name. |
Severity level |
4 |
Example |
IPFW/4/IP_ADD_INTERFACE_ANTIUDPFLD: Add an interface-based entry: Packets type=MPLS; Interface=GigabitEthernet1/0/1. |
Explanation |
The device detected an interface-based UDP flood attack and added an interface-based UDP flood attack prevention entry. |
Recommended action |
Check the attack source. |
IP_DEL_FLOW_ANTITCPSYNFLD
Message text |
Delete a flow-based entry: Packet type=[STRING]; SrcIP=[IPADDR]; DstPort=[UINT16]; VPN=[STRING]. |
Variable fields |
$1: Packet type: MPLS or IP. $2: Source IP address of the attack packet. $3: Destination port number of the attack packet. $4: VPN instance name. The field value is the public network if the attack packet belongs to the public network and is N/A if no name is obtained. |
Severity level |
4 |
Example |
IPFW/4/IP_DEL_FLOW_ANTITCPSYNFLD: Delete a flow-based entry: Packet type=MPLS; SrcIP=192.168.1.2; DstPort=80; VPN=vpn1. |
Explanation |
A flow-based TCP SYN flood attack prevention entry was deleted. The packet type of the entry is MPLS, the source IP address is 192.168.1.2, the destination port number 80, and the VPN instance is vpn1. |
Recommended action |
No action is required. |
IP_DEL_FLOW_ANTIUDPFLD
Message text |
Delete a flow-based entry: Packet type=[STRING]; SrcIP=[IPADDR]; DstPort=[UINT16]; VPN=[STRING]. |
Variable fields |
$1: Packet type: MPLS or IP. $2: Source IP address of the attack packet. $3: Destination port number of the attack packet. $4: VPN instance name. The field value is the public network if the attack packet belongs to the public network and is N/A if no name is obtained. |
Severity level |
4 |
Example |
IPFW/4/IP_DEL_FLOW_ANTIUDPFLD: Delete a flow-based entry: Packet type=MPLS; SrcIP=192.168.1.2; DstPort=80; VPN=vpn1. |
Explanation |
A flow-based UDP flood attack prevention entry was deleted. The packet type of the entry is MPLS, the source IP address is 192.168.1.2, the destination port number 80, and the VPN instance is vpn1. |
Recommended action |
No action is required. |
IP_DEL_INTERFACE_ANTITCPSYNFLD
Message text |
Delete an interface-based entry: Packet type=[STRING]; Interface=[STRING]. |
Variable fields |
$1: Packet type: MPLS or IP. $2: Interface name. |
Severity level |
4 |
Example |
IPFW/4/IP_DEL_INTERFACE_ANTITCPSYNFLD: Delete an interface-based entry: Packets type=IP, Interface=GigabitEthernet1/0/1. |
Explanation |
An interface-based TCP SYN flood attack prevention entry for GigabitEthernet 1/0/1 with packet type IP was deleted. |
Recommended action |
No action is required. |
IP_DEL_INTERFACE_ANTIUDPFLD
Message text |
Delete an interface-based entry: Packet type=[STRING]; Interface=[STRING]. |
Variable fields |
$1: Packet type: MPLS or IP. $2: Interface name. |
Severity level |
4 |
Example |
IPFW/4/IP_DEL_INTERFACE_ANTIUDPFLD: Delete an interface-based entry: Packets type=IP, Interface=GigabitEthernet1/0/1. |
Explanation |
An interface-based UDP flood attack prevention entry for GigabitEthernet 1/0/1 with packet type IP was deleted. |
Recommended action |
No action is required. |
IP_INSERT_FAILED_ANTITCPSYNFLD
Message text |
Insert into AVL tree failed for flow-based entry: Family=[UINT32]; DstPort=[UINT16]; VPN=[UINT16]. |
Variable fields |
$1: Protocol family number. $2: Destination port number. $3: VPN instance name. |
Severity level |
5 |
Example |
IPFW/5/IP_INSERT_FAILED_ANTITCPSYNFLD: Insert into AVL tree failed for flow-based entry : Family=2; DstPort=80; VPN=2. |
Explanation |
The device failed to insert a flow-based TCP SYN flood attack prevention entry to the AVL tree. The protocol family number is 2, the destination port number is 80, and the VPN instance name is 2. |
Recommended action |
No action is required. |
IP_INSERT_FAILED_ANTIUDPFLD
Message text |
Insert into AVL tree failed for flow-based entry: Family=[UINT32]; DstPort=[UINT16]; VPN=[UINT16]. |
Variable fields |
$1: Protocol family number. $2: Destination port number. $3: VPN instance name. |
Severity level |
5 |
Example |
IPFW/5/IP_INSERT_FAILED_ANTIUDPFLD: Insert into AVL tree failed for flow-based entry : Family=2; DstPort=80; VPN=2. |
Explanation |
The device failed to insert a flow-based UDP flood attack prevention entry to the AVL tree. The protocol family number is 2, the destination port number is 80, and the VPN instance name is 2. |
Recommended action |
No action is required. |
IP_NOTSUPPORT_ANTITCPSYNFLD
Message text |
TCP SYN flood attack prevention is not supported. |
Variable fields |
N/A |
Severity level |
6 |
Example |
IPFW/6/IP_NOTSUPPORT_ANTITCPSYNFLD: TCP SYN flood attack prevention is not supported. |
Explanation |
The TCP SYN flood attack prevention feature is not supported. |
Recommended action |
No action is required. |
IP_NOTSUPPORT_ANTIUDPFLD
Message text |
UDP flood attack prevention is not supported. |
Variable fields |
N/A |
Severity level |
6 |
Example |
IPFW/6/IP_NOTSUPPORT_ANTIUDPFLD: UDP flood attack prevention is not supported. |
Explanation |
The UDP flood attack prevention feature is not supported. |
Recommended action |
No action is required. |
IP_SETTING_FAILED_ANTITCPSYNFLD
Message text |
Setting entry to drive failed. Total failures=[UINT32]. |
Variable fields |
$1: Total number of TCP SYN flood attack prevention entries that have been failed to be set to the drive. |
Severity level |
5 |
Example |
IPFW/5/IP_SETTING_FAILED_ANTITCPSYNFLD: Setting entry to drive failed. Total failures = 12345. |
Explanation |
A total of 12345 TCP SYN flood attack prevention entries have been failed to be set to the drive. |
Recommended action |
No action is required. |
IP_SETTING_FAILED_ANTIUDPFLD
Message text |
Setting entry to drive failed. Total failures=[UINT32]. |
Variable fields |
$1: Total number of UDP flood attack prevention entries that have been failed to be set to the drive. |
Severity level |
5 |
Example |
IPFW/5/IP_SETTING_FAILED_ANTIUDPFLD: Setting entry to drive failed. Total failures = 12345. |
Explanation |
A total of 12345 UDP flood attack prevention entries have been failed to be set to the drive. |
Recommended action |
No action is required. |
IP_CLEARDRVSTAT_ANTITCPSYNFLD
Message text |
Failed to clear drive's statistics. |
Variable fields |
N/A |
Severity level |
4 |
Example |
IPFW/4/IP_CLEARDRVSTAT_ANTITCPSYNFLD: Failed to clear drive's statistics. |
Explanation |
The system failed to clear TCP SYN flood attack prevention statistics from the drive. |
Recommended action |
No action is required. |
IP_CLEARDRVSTAT_ANTIUDPFLD
Message text |
Failed to clear drive's statistics. |
Variable fields |
N/A |
Severity level |
4 |
Example |
IPFW/4/IP_CLEARDRVSTAT_ANTIUDPFLD: Failed to clear drive's statistics. |
Explanation |
The system failed to clear UDP flood attack prevention statistics from the drive. |
Recommended action |
No action is required. |
IPFW_BPA_NORESOURCE
Message text |
Not enough resources are available on [STRING] to enable BGP policy accounting for interface [STRING]. |
Variable fields |
$1: Chassis number and slot number, or slot number. $2: Interface name. |
Severity level |
6 |
Example |
IPFW/6/IPFW_BPA_NORESOURCE: -MDC=1-Slot=2; Not enough resources are available on slot2 to enable BGP policy accounting for interface Route-Aggregation1. |
Explanation |
The system failed to enable BGP policy accounting on an interface because resources were insufficient for a slot when the bgp-policy accounting command was executed. |
Recommended action |
No action is required. |
IPFW_FAILED_TO_SET_MTU
Message text |
Failed to set MTU [UINT32] on interface [STRING] for IPv4 packets. |
Variable fields |
$1: MTU value. $2: Interface name. |
Severity level |
5 |
Example |
IPFW/5/IPFW_FAILED_TO_SET_MTU: Failed to set MTU 9600 on interface GigabitEthernet6/3/8 for IPv4 packets. |
Explanation |
Failed to set an MTU value on an interface. |
Recommended action |
Modify the MTU value for the interface. |
IPFW_INFO
Message text |
The specified IP load sharing mode is not supported on this slot. |
Variable fields |
N/A |
Severity level |
6 |
Example |
IPFW/6/IPFW_INFO: -MDC=1-Slot=2; The specified IP load sharing mode is not supported on this slot. |
Explanation |
The specified IP load sharing mode is not supported on this slot. |
Recommended action |
Configure an IP load sharing mode that is supported on this slot. |
Message text |
Failed to configure IP load sharing mode on this slot. |
Variable fields |
N/A |
Severity level |
6 |
Example |
IPFW/6/IPFW_INFO: -MDC=1-Slot=2; Failed to configure IP load sharing mode on this slot. |
Explanation |
Failed to configure IP load sharing mode on this slot. |
Recommended action |
Configure an IP load sharing mode that is supported on this slot. |
IPoE messages
This section contains IPoE messages.
IPOE_ENABLE_ERROR
Message text |
Failed to [STRING] [STRING] [STRING] for the reason of [STRING] on [STRING]. |
Variable fields |
$1: Operation type. Options are: ¡ enable. ¡ disable. $2: Protocol stack type. Options are: ¡ IPv4. ¡ IPv6. $3: Function type. Options are: ¡ IPOE—IPoE or sending unclassified-IP packets to the CPU. ¡ IPOE set web mode—Web or Web MAC authentication. ¡ IPOE http fast reply—HTTP packet fast reply. $4: Failure reason. For more information, see Table 1. $5: Interface name. |
Severity level |
3 |
Example |
IPOE/3/IPOE_ENABLE_ERROR: Failed to enable IPv4 IPOE for the reason of not enough resources on Route-Aggregation1023. |
Explanation |
Failed to enable or disable IPoE on an interface because resources are insufficient, this operation is not supported, or because of other unknown errors. |
Recommended action |
See Table 1. |
Reason for failure to be issued to the driver |
Description |
Recommended action |
this operation is not supported |
This operation is not supported |
Identify whether the interface supports IPoE. |
not enough resources |
Resources are insufficient |
Contact Technical Support. |
other unknown errors |
Other unknown errors |
Contact Technical Support. |
IPOE_SESSIONS_LOWER_THRESHOLD
Message text |
The IPoE session number is below the lower warning threshold (LowerThreshold=[INT32]). |
Variable fields |
$1: Lower online IPoE session count alarm threshold. |
Severity level |
4 |
Example |
IPOE/4/IPOE_SESSIONS_LOWER_THRESHOLD:The IPoE session number is below the lower warning threshold (LowerThreshold=20). |
Explanation |
The online IPoE session count is below the lower threshold. |
Recommended action |
Identify whether a large number of IPoE users go offline abnormally. |
IPOE_SESSIONS_RECOVER_NORMAL
Message text |
The IPoE session number has recovered to normal state. |
Variable fields |
N/A |
Severity level |
5 |
Example |
IPOE/5/IPOE_SESSIONS_RECOVER_NORMAL:The IPoE session number has recovered to normal state. |
Explanation |
The online IPoE session count has recovered to the normal state. |
Recommended action |
No action is required. |
IPOE_SESSIONS_UPPER_THRESHOLD
Message text |
The IPoE session number is above the upper warning threshold (UpperThreshold=[INT32]). |
Variable fields |
$1: Upper online IPoE session count alarm threshold. |
Severity level |
4 |
Example |
IPOE/4/IPOE_SESSIONS_UPPER_THRESHOLD:The IPoE session number is above the upper warning threshold (UpperThreshold=20). |
Explanation |
The online IPoE session count is above the upper threshold. |
Recommended action |
Identify whether a large number of illegal IPoE users come online. |
IPSEC messages
This section contains IPsec messages.
IPSEC_FAILED_ADD_FLOW_TABLE
Message text |
Failed to add flow-table due to [STRING]. |
Variable fields |
$1: Reason for the failure. |
Severity level |
4 |
Example |
IPSEC/4/IPSEC_FAILED_ADD_FLOW_TABLE: Failed to add flow-table due to no enough resource. |
Explanation |
Failed to add the flow table. Possible reasons include not enough hardware resources. |
Recommended action |
If the failure is caused by not enough hardware resources, contact H3C Support. |
IPSEC_PACKET_DISCARDED
Message text |
IPsec packet discarded, Src IP:[STRING], Dst IP:[STRING], SPI:[UINT32], SN:[UINT32], Cause:[STRING]. |
Variable fields |
$1: Source IP address. $2: Destination IP address. $3: Security parameter index (SPI). $4: Sequence number of the packet. $5: Reason for dropping this packet: · Anti-replay checking failed. · AH authentication failed. · ESP authentication failed. · Invalid SA. · ESP decryption failed. · Source address of packet does not match the SA. · No ACL rule matched. |
Severity level |
6 |
Example |
IPSEC/6/IPSEC_PACKET_DISCARDED: IPsec packet discarded, Src IP:1.1.1.2, Dest IP:1.1.1.4, SPI:1002, SN:0, Cause:ah authentication failed |
Explanation |
An IPsec packet is dropped. Possible reasons include anti-replay checking failed, AH/ESP authentication failed, invalid SA, ESP decryption failed, source address of packet does not match the SA, and no ACL rule matched. |
Recommended action |
No action is required. |
IPSEC_SA_ESTABLISH
Message text |
Established IPsec SA. The SA's source address is [STRING], destination address is [STRING], protocol is [STRING], and SPI is [UINT32]. |
Variable fields |
$1: Source address. $2: Destination address. $3: Security protocol. $4: SPI. |
Severity level |
6 |
Example |
IPSEC/6/IPSEC_SA_ESTABLISH: Established IPsec SA. The SA's source address is 1.1.1.1, destination address is 2.2.2.2, protocol is AH, and SPI is 2435. |
Explanation |
An IPsec SA is established. |
Recommended action |
No action is required. |
IPSEC_SA_ESTABLISH_FAIL
Message text |
Failed to establish IPsec SA for the reason of [STRING]. The SA's source address is [STRING], and its destination address is [STRING]. |
Variable fields |
$1: Reason for the IPsec SA establishment failure: · Tunnel establishment failure. · Incomplete configuration. · Unavailable transform set. $2: Source address. $3: Destination address. |
Severity level |
6 |
Example |
IPSEC/6/IPSEC_SA_ESTABLISH_FAIL: Failed to establish IPsec SA for the reason of creating tunnel failure. The SA’s source address is 1.1.1.1, and its destination address is 2.2.2.2. |
Explanation |
Failed to establish the IPsec SA. Possible reasons include creating tunnel failure, incomplete configuration, and unavailable transform set. |
Recommended action |
Verify the IPsec configurations on the local and remote devices. |
IPSEC_SA_INITINATION
Message text |
Began to establish IPsec SA. The SA's source address is [STRING], and its destination address is [STRING]. |
Variable fields |
$1: Source address. $2: Destination address. |
Severity level |
6 |
Example |
IPSEC/6/IPSEC_SA_INITINATION: Began to establish IPsec SA. The SA's source address is 1.1.1.1, and its destination address is 2.2.2.2. |
Explanation |
An IPsec SA is to be established. |
Recommended action |
No action is required. |
IPSEC_SA_TERMINATE
Message text |
The IPsec SA was deleted for the reason of [STRING]. The SA's source address is [STRING], destination address is [STRING], protocol is [STRING], and SPI is [UINT32]. |
Variable fields |
$1: Reason for the IPsec SA removal: · SA idle timeout. · reset command executed. $2: Source address. $3: Destination address. $4: Security protocol. $5: SPI. |
Severity level |
6 |
Example |
IPSEC/6/IPSEC_SA_TERMINATE: The IPsec SA was deleted for the reason of SA idle timeout. The SA’s source address is 1.1.1.1, destination address is 2.2.2.2, protocol is ESP, and SPI is 34563. |
Explanation |
An IPsec SA is deleted. Possible reasons include SA idle timeout and using the reset command. |
Recommended action |
No action is required. |
IPSG messages
This section contains IPSG messages.
IPSG_ADDENTRY_ERROR
Message text |
Failed to add an IP source guard binding (IP [STRING], MAC [STRING], and VLAN [STRING]) on interface [STRING]. [STRING]. |
Variable fields |
$1: IP address. If you do not specify an IP address, this field displays N/A. $2: MAC address. If you do not specify a MAC address, this field displays N/A. $3: VLAN ID. If you do not specify a VLAN, this field displays N/A. $4: Interface name. If you do not specify an interface, this field displays N/A. $5: Failure reason. Available options include: ¡ Feature not supported ¡ Not enough resources ¡ Unknown error |
Severity level |
6 |
Example |
IPSG/6/IPSG_ADDENTRY_ERROR: Failed to add an IP source guard binding (IP 1.1.1.1, MAC 0001-0001-0001, and VLAN 1) on interface Vlan-interface1. Not enough resources. |
Explanation |
IPSG failed to issue a static or dynamic IPSG binding. The message is sent in any of the following situations: · The IPSG feature is not supported. · The hardware resources are not sufficient for the operation. · An unknown error occurs. |
Recommended action |
To resolve the problem, you can perform the following tasks: · Clear the memory to release hardware resources when the failure is caused by insufficient hardware resources. · Add the IPSG binding again if you are adding a static binding. · Contact H3C Support if the failure is caused by an unknown error. |
IPSG_DELENTRY_ERROR
Message text |
Failed to delete an IP source guard binding (IP [STRING], MAC [STRING], and VLAN [STRING]) on interface [STRING]. [STRING]. |
Variable fields |
$1: IP address. If you do not specify an IP address, this field displays N/A. $2: MAC address. If you do not specify a MAC address, this field displays N/A. $3: VLAN ID. If you do not specify a VLAN, this field displays N/A. $4: Interface name. If you do not specify an interface, this field displays N/A. $5: Failure reason. Available options include: ¡ Feature not supported ¡ Unknown error |
Severity level |
6 |
Example |
IPSG/6/IPSG_DELENTRY_ERROR: Failed to delete an IP source guard binding (IP 1.1.1.1, MAC 0001-0001-0001, and VLAN 1) on interface Vlan-interface1. Unknown error. |
Explanation |
IPSG failed to delete a global static IPSG binding. The message is sent in any of the following situations: · The IPSG feature is not supported. · An unknown error occurs. |
Recommended action |
To resolve the problem, you can perform the following tasks: · Delete the global static IPSG binding again. · Contact H3C Support if the failure is caused by an unknown error. |
IRDP messages
This section contains IRDP messages.
IRDP_EXCEED_ADVADDR_LIMIT
Message text |
The number of advertisement addresses on interface [STRING] exceeded the limit 255. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
IRDP/6/IRDP_EXCEED_ADVADDR_LIMIT: The number of advertisement addresses on interface GigabitEthernet1/0/1 exceeded the limit 255. |
Explanation |
The number of addresses to be advertised on an interface exceeds the upper limit. |
Recommended action |
Remove unused addresses on the interface. |
ISIS messages
This section contains IS-IS messages.
ISIS_LSP_CONFLICT
Message text |
IS-IS [UINT16], [STRING] LSP, LSPID=[STRING], SeqNum=[HEX], system ID conflict might exist. |
Variable fields |
$1: IS-IS process ID. $2: IS type: Level-1 or Level-2. $3: LSP ID. $4: LSP sequence number. |
Severity level |
4 |
Example |
ISIS/4/ISIS_LSP_CONFLICT: -MDC=1; IS-IS 1, Level-1 LSP, LSPID=1111.1111.1111.00-00, SeqNum=0x000045bf, system ID conflict might exist. |
Explanation |
System ID conflict might exist. |
Recommended action |
Determine whether the system ID of the device that generates the LSP conflicts with the system ID of another device. |
ISIS_MEM_ALERT
Message text |
ISIS Process received system memory alert [STRING] event. |
Variable fields |
$1: Type of the memory alarm. |
Severity level |
5 |
Example |
ISIS/5/ISIS_MEM_ALERT: ISIS Process received system memory alert start event. |
Explanation |
IS-IS received a memory alarm. |
Recommended action |
Check the system memory and release memory for the modules that occupy too many memory resources. |
ISIS_NBR_CHG
Message text |
IS-IS [UINT16], [STRING] adjacency [STRING] ([STRING]), state changed to [STRING], Reason: [STRING]. |
Variable fields |
$1: IS-IS process ID. $2: Neighbor level. $3: Neighbor ID. $4: Interface name. $5: Current neighbor state. This field might display DOWN, UP, or INIT. $6: Reason of neighbor state change. Possible reasons are as follows: ¡ circuit data clean—The neighbor state changed to DOWN because routing information was cleared. ¡ holdtime expired—The neighbor state changed to DOWN because no hello packets were received within the hold time. ¡ BFD session down—The neighbor state changed to DOWN because BFD detected a link failure. ¡ peer reset—The neighbor state changed to DOWN because the reset isis peer command was executed. ¡ circuit ID conflicts—The neighbor state changed to DOWN because a P2P hello packet with incorrect circuit ID was received. ¡ P2P peer GR down—The neighbor state changed to DOWN because a P2P hello packet with no GR option was received during GR. ¡ 2way-pass—The neighbor state changed to UP because the neighbor relationship was established. ¡ 2way-fail—The neighbor state changed to INIT because a one-way hello packet was received from the neighbor. |
Severity level |
3 |
Example |
ISIS/3/ISIS_NBR_CHG: IS-IS 1, Level-1 adjacency 0000.0000.0001 (GigabitEthernet1/0/1), state changed to DOWN, Reason: circuit data clean. |
Explanation |
The neighbor state changed. |
Recommended action |
When the neighbor state changes to DOWN or INIT, check the reason and take recommended actions. · circuit data clean—Check the interface state, IS-IS configuration, and network connectivity. · holdtime expired—Verify whether a hello packet has been received from the neighbor within the hold time. · BFD session down—Check the connectivity to the neighbor. · peer reset—Check whether the reset isis peer command has been executed. · circuit ID conflicts—Check whether the IS-IS interface settings have been edited multiples times on the neighbor. · P2P peer GR down—Check whether the neighbor supports GR. · 2way-fail—Check the following: ¡ Check whether the reset isis peer command has been executed. ¡ Verify whether a hello packet has been received from the neighbor within the hold time. ¡ Check whether the authentication settings are the same on the device and the neighbor. |
ISSU messages
This section contains ISSU messages.
ISSU_ROLLBACKCHECKNORMAL
Message text |
The rollback might not be able to restore the previous version for [STRING] because the status is not normal. |
Variable fields |
$1: Chassis number and slot number or slot number. |
Severity level |
4 |
Example |
ISSU/4/ISSU_ROLLBACKCHECKNORMAL: The rollback might not be able to restore the previous version for chassis 1 slot 2 because the state is not normal. |
Explanation |
While an ISSU was in switching state, a user executed the issu rollback command or the ISSU automatic-rollback timer expired. However, the status of the MPU was not normal. |
Recommended action |
No action is required. |
ISSU_PROCESSWITCHOVER
Message text |
Switchover completed. The standby process became the active process. |
Variable fields |
N/A |
Severity level |
5 |
Example |
ISSU/5/ISSU_PROCESSWITCHOVER: Switchover completed. The standby process became the active process. |
Explanation |
A user executed the issu run switchover command. |
Recommended action |
No action is required. |
KHTTP messages
This section contains KHTTP messages.
KHTTP_BIND_PORT_ALLOCETED
Message text |
Failed to bind TCP connection [STRING]/[UINT32] to VPN instance [UINT32] because the port was already allocated. |
Variable fields |
$1: IP address. $2: TCP port number. $3: VPN instance index. |
Severity level |
3 |
Example |
KHTTP/3/KHTTP_BIND_PORT_ALLOCETED: Failed to bind TCP connection 192.168.30.117/10000 to VPN instance 0 because the port was already allocated. |
Explanation |
This message is generated when the binding of an IP address, TCP port, and VPN instance failed because the TCP port was already allocated. |
Recommended action |
Use an available TCP port for the binding. To view the available TCP ports, execute the display tcp-proxy port-info or display ipv6 tcp-proxy port-info command. |
KHTTP_BIND_ADDRESS_INUSED
Message text |
Failed to bind TCP connection [STRING]/[UINT32] to VPN instance [UINT32] because the address was already used. |
Variable fields |
$1: IP address. $2: TCP port number. $3: VPN instance index. |
Severity level |
3 |
Example |
KHTTP/3/KHTTP_BIND_ADDRESS_INUSED: Failed to bind TCP connection 192.168.30.117/10000 to VPN instance 0 because the address was already used. |
Explanation |
This message is generated when the binding of an IP address, TCP port, and VPN instance failed because the IP address was already used and was not allowed to be used by multiple systems. |
Recommended action |
Use an available IP address for the binding. To view the available IP addresses, execute the display tcp-proxy command. |
L2PT messages
This section contains L2PT messages.
L2PT_SET_MULTIMAC_FAILED
Message text |
|
Variable fields |
$1: MAC address. |
Severity level |
4 |
Example |
L2PT/4/L2PT_SET_MULTIMAC_FAILED: Failed to set a tunnel destination MAC address to 010f-e200-0003. |
Explanation |
Failed to specify the destination multicast MAC address for tunneled packets. |
Recommended action |
No action is required. |
L2PT_CREATE_TUNNELGROUP_FAILED
Message text |
|
Variable fields |
$1: Protocol name. |
Severity level |
4 |
Example |
L2PT/4/L2PT_CREATE_TUNNELGROUP_FAILED: Failed to create a VLAN tunnel group for STP. |
Explanation |
Failed to create a VLAN tunnel group for a protocol. |
Recommended action |
No action is required. |
L2PT_ADD_GROUPMEMBER_FAILED
Message text |
Failed to add [STRING] as a member to the VLAN tunnel group for [STRING]. |
Variable fields |
$1: Interface name. $2: Protocol name. |
Severity level |
4 |
Example |
|
Explanation |
Failed to add an interface to a VLAN tunnel group for a protocol. |
Recommended action |
No action is required. |
L2PT_ENABLE_DROP_FAILED
Message text |
|
Variable fields |
$1: Protocol name. $2: Interface name. |
Severity level |
4 |
Example |
L2PT/4/L2PT_ENABLE_DROP_FAILED: Failed to enable STP packet drop on GigabitEthernet2/0/1. |
Explanation |
Failed to enable L2PT drop for a protocol on an interface. |
Recommended action |
No action is required. |
L2TPv2 messages
This section contains L2TPv2 messages.
L2TPV2_SESSION_EXCEED_LIMIT
Message text |
|
Variable fields |
N/A |
Severity level |
4 |
Example |
L2TPV2/4/L2TPV2_SESSION_EXCEED_LIMIT: Number of L2TP sessions exceeded the limit. |
Explanation |
The number of established L2TP sessions has reached the limit. |
Recommended action |
No action is required. |
L2TPV2_TUNNEL_EXCEED_LIMIT
Message text |
|
Variable fields |
N/A |
Severity level |
4 |
Example |
L2TPV2/4/L2TPV2_TUNNEL_EXCEED_LIMIT: Number of L2TP tunnels exceeded the limit. |
Explanation |
The number of established L2TP tunnels has reached the limit. |
Recommended action |
1. Perform one of the following tasks: ¡ Execute the reset l2tp tunnel command to disconnect an idle tunnel. ¡ Wait for the device to automatically disconnect an idle tunnel after the hello interval elapses. 2. If the problem persists, contact H3C Support. |
L2TPV2_SESSIONS_LOWER_THRESHOLD
Message text |
The L2TP session number is below the lower warning threshold (LowerThreshold=[INT32]). |
Variable fields |
$1: Lower online L2TP session count alarm threshold. |
Severity level |
4 |
Example |
L2TPV2/4/L2TPV2_SESSIONS_LOWER_THRESHOLD: The L2TP session number is below the lower warning threshold (LowerThreshold=20). |
Explanation |
The online L2TP session count is below the lower threshold. |
Recommended action |
1. Execute the display l2tp session statistic command to display the L2TP session statistics. 2. Identify whether a large number of L2TP users go offline abnormally. |
L2TPV2_SESSIONS_RECOVER_NORMAL
Message text |
The L2TP session number has recovered to normal state. |
Variable fields |
N/A |
Severity level |
4 |
Example |
L2TPV2/4/L2TPV2_SESSIONS_RECOVER_NORMAL: The L2TP session number has recovered to normal state. |
Explanation |
The online L2TP session count has recovered to the normal state. |
Recommended action |
No action is required. |
L2TPV2_SESSIONS_UPPER_THRESHOLD
Message text |
The L2TP session number is above the upper warning threshold (UpperThreshold=[INT32]). |
Variable fields |
$1: Upper online L2TP session count alarm threshold. |
Severity level |
4 |
Example |
L2TPV2/4/L2TPV2_SESSIONS_UPPER_THRESHOLD: The L2TP session number is above the upper warning threshold (UpperThreshold=80). |
Explanation |
The online L2TP session count is above the upper threshold. |
Recommended action |
1. Execute the display l2tp session statistic command to display the L2TP session statistics. 2. Identify whether a large number of illegal L2TP users come online. |
L2VPN messages
This section contains L2VPN messages.
L2VPN_BGPVC_CONFLICT_LOCAL
Message text |
Remote site ID [INT32] (From [STRING], route distinguisher [STRING]) conflicts with local site. |
Variable fields |
$1: ID of a remote site. $2: IP address of the remote site. $3: Route distinguisher of the remote site. |
Severity level |
4 |
Example |
L2VPN/4/L2VPN_BGPVC_CONFLICT_LOCAL: Remote site ID 1 (From 1.1.1.1, route distinguisher 1:1) conflicts with local site. |
Explanation |
A remote site ID conflicted with the local site ID. This message is generated when one of the following situations occurs: · The received remote site ID is the same as the local site ID. · The local site ID is configured the same as a received remote site ID. |
Recommended action |
Modify the site ID configuration on the local device or remote device. Or, configure the remote site ID in a different VPLS instance than the local site ID. |
L2VPN_BGPVC_CONFLICT_REMOTE
Message text |
Remote site ID [INT32] (From [STRING], route distinguisher [STRING]) conflicts with another remote site. |
Variable fields |
$1: ID of a remote site. $2: IP address of the remote site. $3: Route distinguisher of the remote site. |
Severity level |
4 |
Example |
L2VPN/4/L2VPN_BGPVC_CONFLICT_REMOTE: Remote site ID 1 (From 1.1.1.1, route distinguisher 1:1) conflicts with another remote site. |
Explanation |
Two remote site IDs conflicted. This message is generated when the received remote site ID is the same as another received remote site ID. |
Recommended action |
Modify the site ID configuration on one remote device. Or, configure the two remote site IDs in different VPLS instances. |
L2VPN_HARD_RESOURCE_NOENOUGH
Message text |
No enough hardware resource for L2VPN. |
Variable fields |
N/A |
Severity level |
4 |
Example |
L2VPN/4/L2VPN_HARD_RESOURCE_NOENOUGH: No enough hardware resource for L2VPN. |
Explanation |
Hardware resources for L2VPN were insufficient. |
Recommended action |
Check whether unnecessary VSIs, PWs, or ACs had been generated. If yes, delete them. |
L2VPN_HARD_RESOURCE_RESTORE
Message text |
Hardware resources for L2VPN are restored. |
Variable fields |
N/A |
Severity level |
2 |
Example |
L2VPN/2/L2VPN_HARD_RESOURCE_RESTORE: Hardware resources for L2VPN are restored. |
Explanation |
Hardware resources for L2VPN were restored. |
Recommended action |
No action is required. |
L2VPN_LABEL_DUPLICATE
Message text |
Incoming label [INT32] for a static PW in [STRING] [STRING] is duplicate. |
Variable fields |
$1: Incoming label value. $2: Type of L2VPN, Xconnect-group or VSI. $3: Name of the Xconnect-group or VSI. |
Severity level |
4 |
Example |
L2VPN/4/L2VPN_LABEL_DUPLICATE: Incoming label 1024 for a static PW in Xconnect-group aaa is duplicate. |
Explanation |
The incoming label of a static PW in this Xconnect-group or VSI was occupied by another configuration, for example, by a static LSP or by a static CRLSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static PW with an incoming label which is occupied by another configuration. · Enable MPLS when a static PW whose incoming label is occupied by another configuration already exists. |
Recommended action |
Remove this static PW, and reconfigure it with another incoming label. |
L2VPN_MACLIMIT_FALL_AC
Message text |
The number of MAC address entries on the AC fell below the upper limit. (VSI name=[STRING], link ID=[UINT32], max-mac-entries=[UINT32], current-mac-entries=[UINT32]) |
Variable fields |
$1: Name of the VSI associated with the AC. $2: Link ID of the AC. $3: Maximum number of MAC addresses that the AC can learn. If this field displays unlimited, no limit is set. $4: Number of MAC addresses that the AC has learned. |
Severity level |
4 |
Example |
L2VPN/4/L2VPN_MACLIMIT_FALL_AC: -MDC=1-Slot=5; The number of MAC address entries on the AC fell below the upper limit. (VSI name=aaa, link ID=1, max-mac-entries=100, current-mac-entries=80) |
Explanation |
The number of MAC address entries on the AC fell below 90% of the maximum. |
Recommended action |
N/A |
L2VPN_MACLIMIT_FALL_PW
Message text |
The number of MAC address entries on the PW fell below the upper limit. (VSI name=[STRING], link ID=[UINT32], max-mac-entries=[UINT32], current-mac-entries=[UINT32]) |
Variable fields |
$1: Name of the VSI where the PW resides. $2: Link ID of the PW. $3: Maximum number of MAC addresses that the PW can learn. If this field displays unlimited, no limit is set. $4: Number of MAC addresses that the PW has learned. |
Severity level |
4 |
Example |
L2VPN/4/L2VPN_MACLIMIT_FALL_PW: -MDC=1-Slot=5; The number of MAC address entries on the PW fell below the upper limit. (VSI name=aaa, link ID=100, max-mac-entries=50, current-mac-entries=30) |
Explanation |
The number of MAC address entries on the PW fell below 90% of the maximum. |
Recommended action |
N/A |
L2VPN_MACLIMIT_FALL_VSI
Message text |
The number of MAC address entries on the VSI fell below the upper limit. (VSI name=[STRING], max-mac-entries=[UINT32], current-mac-entries=[UINT32]) |
Variable fields |
$1: Name of the VSI. $2: Maximum number of MAC addresses that the VSI can learn. If this field displays unlimited, no limit is set. $3: Number of MAC addresses that the VSI has learned. |
Severity level |
4 |
Example |
L2VPN/4/L2VPN_MACLIMIT_FALL_VSI: -MDC=1-Slot=5; The number of MAC address entries on the VSI fell below the upper limit. (VSI name=aaa, max-mac-entries=200, current-mac-entries=150) |
Explanation |
The number of MAC address entries in the VSI fell below 90% of the maximum. |
Recommended action |
N/A |
L2VPN_MACLIMIT_MAX_AC
Message text |
The number of MAC address entries on the AC reached the upper limit. (VSI name=[STRING], link ID=[UINT32], max-mac-entries=[UINT32]) |
Variable fields |
$1: Name of the VSI associated with the AC. $2: Link ID of the AC. $3: Maximum number of MAC addresses that the AC can learn. |
Severity level |
4 |
Example |
L2VPN/4/L2VPN_MACLIMIT_MAX_AC: -MDC=1-Slot=5; The number of MAC address entries on the AC reached the upper limit. (VSI name=aaa, link ID=1, max-mac-entries=100) |
Explanation |
The number of MAC addresses that the AC has learned reached the maximum. |
Recommended action |
N/A |
L2VPN_MACLIMIT_MAX_PW
Message text |
The number of MAC address entries on the PW reached the upper limit. (VSI name=[STRING], link ID=[UINT32], max-mac-entries=[UINT32]) |
Variable fields |
$1: Name of the VSI where the PW resides. $2: Link ID of the PW. $3: Maximum number of MAC addresses that the PW can learn. |
Severity level |
4 |
Example |
L2VPN/4/L2VPN_MACLIMIT_MAX_PW: -MDC=1-Slot=5; The number of MAC address entries on the PW reached the upper limit. (VSI name=aaa, link ID=100, max-mac-entries=50) |
Explanation |
The number of MAC addresses that the PW has learned reached the maximum. |
Recommended action |
N/A |
L2VPN_MACLIMIT_MAX_VSI
Message text |
The number of MAC address entries on the VSI reached the upper limit. (VSI name=[STRING], max-mac-entries=[UINT32]) |
Variable fields |
$1: Name of the VSI. $2: Maximum number of MAC addresses that the VSI can learn. |
Severity level |
4 |
Example |
L2VPN/4/L2VPN_MACLIMIT_MAX_VSI: -MDC=1-Slot=5; The number of MAC address entries on the VSI reached the upper limit. (VSI name=aaa, max-mac-entries=200) |
Explanation |
The number of MAC addresses that the VSI has learned reached the maximum. |
Recommended action |
N/A |
LAGG messages
This section contains link aggregation messages.
LAGG_ACTIVE
Message text |
Member port [STRING] of aggregation group [STRING] changed to the active state. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
6 |
Example |
LAGG/6/LAGG_ACTIVE: Member port GE1/0/1 of aggregation group BAGG1 changed to the active state. |
Explanation |
A member port in an aggregation group changed to the Selected state. |
Recommended action |
No action is required. |
LAGG_INACTIVE_AICFG
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the member port and the aggregate interface have different attribute configurations. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
6 |
Example |
LAGG/6/LAGG_INACTIVE_AICFG: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the member port and the aggregate interface have different attribute configurations. |
Explanation |
A member port in an aggregation group changed to the Unselected state because the member port and the aggregate interface had different attribute configurations. |
Recommended action |
Modify the attribute configurations of the member port to be consistent with the aggregate interface. |
LAGG_INACTIVE_BFD
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the BFD session state of the port was down. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
6 |
Example |
LAGG/6/LAGG_INACTIVE_BFD: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the BFD session state of the port is down. |
Explanation |
A member port in an aggregation group changed to the Unselected state because the BFD session on the port went down. |
Recommended action |
To resolve this issue, you can perform the following tasks: · Verify that link failure has occurred and troubleshoot the failure. · Modify the port information and configuration for the port to have the same operational key and attribute configuration as the reference port. |
LAGG_INACTIVE_CONFIGURATION
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the aggregation configuration of the port is incorrect. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
6 |
Example |
LAGG/6/LAGG_INACTIVE_CONFIGURATION: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the aggregation configuration of the port is incorrect. |
Explanation |
A member port in an aggregation group changed to the Unselected state because the member port and the aggregate interface had different aggregation configurations. |
Recommended action |
No action is required. |
LAGG_INACTIVE_DUPLEX
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the duplex mode is different between the member port and the reference port. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
6 |
Example |
LAGG/6/LAGG_INACTIVE_DUPLEX: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the duplex mode is different between the member port and the reference port. |
Explanation |
A member port in an aggregation group changed to the Unselected state because the duplex mode was different between the member port and the reference port. |
Recommended action |
Change the duplex mode of the member port to be the same as the reference port. |
LAGG_INACTIVE_HARDWAREVALUE
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because of the port's hardware restriction. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
6 |
Example |
LAGG/6/LAGG_INACTIVE_HARDWAREVALUE: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because of the port's hardware restriction. |
Explanation |
A member port in an aggregation group changed to the Unselected state because of the port's hardware restriction. |
Recommended action |
No action is required. |
LAGG_INACTIVE_LINKQUALITY_LOW
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the member port has low link quality. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
6 |
Example |
LAGG/6/LAGG_INACTIVE_LINKQUALITY_LOW: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the member port has low link quality. |
Explanation |
A member port in an aggregation group was set to the inactive state because of low link quality. |
Recommended action |
To resolve this issue: · Verify that the cable is securely connected and is in a good condition. Replace the cable if its quality has degraded. · Check the interface module for hardware failure. |
LAGG_INACTIVE_IRFSELECTMODE
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the port does not meet the Selected port requirements of the IRF member device it belongs to. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
6 |
Example |
LAGG/6/LAGG_INACTIVE_IRFSELECTMODE: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the port does not meet the Selected port requirements of the IRF member device it belongs to. |
Explanation |
A member port in an aggregation group changed to the Unselected state because the lacp irf-select command was executed. This command restricts the Selected ports in a dynamic multichassis link aggregation to one IRF member device. |
Recommended action |
No action is required. |
LAGG_INACTIVE_LOWER_LIMIT
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the number of active ports is below the lower limit. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
6 |
Example |
LAGG/6/LAGG_INACTIVE_LOWER_LIMIT: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the number of active ports is below the lower limit. |
Explanation |
A member port in an aggregation group was placed in Unselected state because the required minimum number of Selected ports was not reached. |
Recommended action |
Make sure the minimum number of Selected ports is met. |
LAGG_INACTIVE_PARTNER
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the aggregation configuration of its peer port is incorrect. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
6 |
Example |
LAGG/6/LAGG_INACTIVE_PARTNER: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the aggregation configuration of its peer port is incorrect. |
Explanation |
A member port in an aggregation group changed to the Unselected state because the port's partner changed to the Unselected state. |
Recommended action |
No action is required. |
LAGG_INACTIVE_PHYSTATE
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the physical state of the port is down. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
6 |
Example |
LAGG/6/LAGG_INACTIVE_PHYSTATE: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the physical state of the port is down. |
Explanation |
A member port in an aggregation group changed to the Unselected state because the port went down. |
Recommended action |
Bring up the member port. |
LAGG_INACTIVE_RESOURCE_INSUFICIE
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because all aggregate resources are occupied. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
3 |
Example |
LAGG/3/LAGG_INACTIVE_RESOURCE_INSUFICIE: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because all aggregate resources are occupied. |
Explanation |
A member port in an aggregation group changed to the Unselected state because all aggregation resources were used. |
Recommended action |
No action is required. |
LAGG_INACTIVE_SECONDARY
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because it was the secondary member port in the aggregation group in 1+1 backup mode. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
6 |
Example |
LAGG/6/LAGG_INACTIVE_SECONDARY: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because it was the secondary member port in the aggregation group in 1+1 backup mode. |
Explanation |
A member port in a 1+1 backup aggregation group changed to the Unselected state because it was assigned the secondary role. |
Recommended action |
No action is required. |
LAGG_INACTIVE_SPEED
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the speed configuration of the port is incorrect. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
6 |
Example |
LAGG/6/LAGG_INACTIVE_SPEED: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the speed configuration of the port is incorrect. |
Explanation |
A member port in an aggregation group changed to the Unselected state because the speed was different between the member port and the reference port. |
Recommended action |
Change the speed of the member port to be the same as the reference port. |
LAGG_INACTIVE_STRUNK_DOWN
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the role of the aggregate interface is secondary in a smart trunk. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
6 |
Example |
LAGG/6/LAGG_INACTIVE_STRUNK_DOWN: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the role of the aggregate interface is secondary in a smart trunk. |
Explanation |
A member port of an aggregate interface changed to the Unselected state because the aggregate interface's role changed to secondary in a smart trunk. |
Recommended action |
No action is required. |
LAGG_INACTIVE_UPPER_LIMIT
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the number of active ports has reached the upper limit. |
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
Severity level |
3 |
Example |
LAGG/3/LAGG_INACTIVE_UPPER_LIMIT: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the number of active ports has reached the upper limit. |
Explanation |
The number of Selected ports reached the upper limit in a dynamic aggregation group. A member port in the aggregation group changed to the Unselected state because a more eligible port joined the aggregation group. |
Recommended action |
No action is required. |
LB messages
This section contains LB messages.
LB_SLB_LICENSE_INSTALLED
Message text |
The license for SLB has been installed. Server load balancing is available. |
Variable fields |
N/A |
Severity level |
5 |
Example |
LB/5/LB_SLB_LICENSE_INSTALLED: The license for SLB has been installed. Server load balancing is available. |
Explanation |
The license for SLB had been installed. Server load balancing was available. |
Recommended action |
No action is required. |
LB_SLB_LICENSE_UNINSTALLED
Message text |
The license for SLB has been uninstalled. Server load balancing is not available. |
Variable fields |
N/A |
Severity level |
5 |
Example |
LB/5/LB_SLB_LICENSE_UNINSTALLED: The license for SLB has been uninstalled. Server load balancing is not available. |
Explanation |
The license for SLB had been uninstalled. Server load balancing was unavailable. |
Recommended action |
Install the license for SLB. |
LDP messages
This section contains LDP messages.
LDP_SESSION_CHG
Message text |
Session ([STRING], [STRING]) is [STRING] ([STRING]). ([STRING]) |
Variable fields |
$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session, up or down. $4: Reason for the down state error. This field is displayed only when the state is down. $5: Session information. This field is displayed only when the state is down. The following information will be displayed: · LocalTransportAddr—Local transport address. · PeerTransportAddr—Peer transport address. · SessionRole—Role of the local LSR in the session, which can be Active or Passive. · SessionUpTime—Period of time (in DD:HH:MM format) during which the session was in Operational state. · KeepaliveTime—Negotiated keepalive time, in seconds. · KeepaliveSentCount—Number of keepalive messages sent locally. · KeepaliveRcvdCount—Number of keepalive messages received locally. · GracefulRestart—Indicates the LDP GR capability of the peer. ¡ On—LDP GR is enabled on the peer. ¡ Off—LDP GR is disabled on the peer. · SocketID—Socket ID of the session. · WaitSendMsgCount—Number of TCP messages to be sent. · MemoryState—Memory usage threshold level when the session was down. ¡ Normal—Memory usage is normal. ¡ Minor—Memory usage has reached the level 1 threshold. ¡ Severe—Memory usage has reached the level 2 threshold. ¡ Critical—Memory usage has reached the level 3 threshold. |
Severity level |
4 |
Example |
LDP/4/LDP_SESSION_CHG: Session (22.22.22.2:0, public instance) is up. LDP/4/LDP_SESSION_CHG: Session (22.22.22.2:0, VPN instance: vpn1) is down (hello hold timer expired). (LocalTransportAddr=11.1.1.1, PeerTransportAddr=22.2.2.2, SessionRole=Passive, SessionUpTime=0000:00:35, KeepaliveTime=45s, KeepaliveSentCount=143, KeepaliveRcvdCount=148, GracefulRestart=Off, SocketID=35, WaitSendMsgCount=0, MemoryState=Normal) |
Explanation |
The session state changed. |
Recommended action |
When the session state is up, no action is required. When the session state is down, check the interface state, link state, and other configurations depending on the reason displayed. Possible reasons include: · interface not operational. · MPLS disabled on interface. · LDP disabled on interface. · LDP auto-configure disabled on interface. · VPN instance changed on interface. · LDP instance deleted. · targeted peer deleted. · L2VPN disabled targeted peer. · TE tunnel disabled targeted peer. · session protection disabled targeted peer. · OSPF Remote LFA disabled targeted peer. · IS-IS Remote LFA disabled targeted peer. · process deactivated. · failed to receive the initialization message. · graceful restart reconnect timer expired. · failed to recover adjacency by NSR. · failed to upgrade session by NSR. · closed the GR session. · keepalive hold timer expired. · adjacency hold timer expired. · session reset. · TCP connection down. · received a fatal notification message. · internal error. · memory in critical state. · transport address changed on interface. · MD5 password changed |
LDP_SESSION_GR
Message text |
Session ([STRING], [STRING]): ([STRING]). |
Variable fields |
$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session graceful restart: · Start reconnection. · Reconnection failed. · Start recovery. · Recovery completed. |
Severity level |
5 |
Example |
LDP/5/LDP_SESSION_GR: Session (22.22.22.2:0, VPN instance: vpn1): Start reconnection. |
Explanation |
State of the session graceful restart. When a GR-capable LDP session is down, the LDP GR started. This message is generated during the GR of the LDP session, indicating the current GR state. |
Recommended action |
Check for the reason of session graceful restart, which can be obtained from the LDP_SESSION_CHG log message. When the graceful restart state Reconnection failed is displayed, verify the interface state, link state, and other configurations according to the reason for the session graceful restart. No action is required for other graceful restart states. |
LDP_SESSION_SP
Message text |
Session ([STRING], [STRING]): ([STRING]). |
Variable fields |
$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session protection: · Hold up the session. · Session recovered successfully. · Session recovery failed. |
Severity level |
5 |
Example |
LDP/5/LDP_SESSION_SP: Session (22.22.22.2:0, VPN instance: vpn1): Hold up the session. |
Explanation |
When the last link adjacency of the session was lost, session protection started. This message is generated during the session protection process, indicating the current session protection state. |
Recommended action |
Verify the interface state and link state. |
LDP_ADJACENCY_DOWN
Message text |
ADJ ([STRING], [STRING], [STRING]) is down [STRING]. ([STRING]) |
Variable fields |
$1: LDP ID of the peer. Value 0.0.0.0:0 indicates that the peer LDP ID cannot be obtained. $2: Name of the VPN instance. Value public instance indicates that the session belongs to the public network. $3: Interface name. This field is not available for a targeted hello. $4: Reason for the down state of the adjacency. $: Information about the adjacency: · Type—Adjacency type. ¡ Link—Link Hello adjacency. ¡ Target—Targeted Hello adjacency. · SourceAddr—Source address of the adjacency. · DestinationAddr—Destination address of the adjacency. · TransportAddr—Transport address of the adjacency. · ADJUpTime—Duration of the adjacency in up state. The duration time is in DD:HH:MM format. · HelloHoldTime—Hello holding time, in seconds. · HelloSentCount—Number of Hello message sent locally. · HelloRcvdCount—Number of Hello message received locally. |
Severity level |
5 |
Example |
LDP/5/LDP_ADJACENCY_DOWN: ADJ (10.200.0.60:0, public instance, GE2/0/1) is down (Hello timer expired). (Type=Link, SourceAddr=100.12.1.2, DestinationAddr=224.0.0.2, TransportAddr=22.2.2.2, ADJUpTime=0000:00:02, HelloHoldTime=15s, HelloSentCount=27, HelloRcvdCount=25) |
Explanation |
An LDP adjacency was down, and related information for the adjacency was displayed. |
Recommended action |
When an LDP adjacency is down, check the interface state, link state, and other configurations depending on the reason displayed. Possible reasons include: · VPN instance changed on interface. · LDP disabled on interface. · LDP auto-configure disabled on interface. · MPLS disabled on interface. · interface not operational. · targeted peer deleted. · L2VPN disabled targeted peer. · TE tunnel disabled targeted peer. · session protection disabled targeted peer. · OSPF Remote LFA disabled targeted peer. · IS-IS Remote LFA disabled targeted peer. · process deactivated. · LDP instance deleted. · hello hold timer expired. · no IPv6 transport address. |
LLDP messages
This section contains LLDP messages.
LLDP_CREATE_NEIGHBOR
Message text |
[STRING] agent new neighbor created on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING]. |
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID. |
Severity level |
6 |
Example |
LLDP/6/LLDP_CREATE_NEIGHBOR: Nearest bridge agent neighbor created on port GigabitEthernet1/0/1 (IfIndex 599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet1/0/2. |
Explanation |
The port received an LLDP message from a new neighbor. |
Recommended action |
No action is required. |
LLDP_DELETE_NEIGHBOR
Message text |
[STRING] agent neighbor deleted on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING]. |
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID. |
Severity level |
6 |
Example |
LLDP/6/LLDP_DELETE_NEIGHBOR: Nearest bridge agent neighbor deleted on port GigabitEthernet1/0/1 (IfIndex 599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet1/0/2. |
Explanation |
The port received a deletion message when a neighbor was deleted. |
Recommended action |
No action is required. |
LLDP_LESS_THAN_NEIGHBOR_LIMIT
Message text |
The number of [STRING] agent neighbors maintained by port [STRING] (IfIndex [UINT32]) is less than [UINT32], and new neighbors can be added. |
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Maximum number of neighbors a port can maintain. |
Severity level |
6 |
Example |
LLDP/6/LLDP_LESS_THAN_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by port GigabitEthernet1/0/1 (IfIndex 599) is less than 5, and new neighbors can be added. |
Explanation |
New neighbors can be added for the port because the limit has not been reached. |
Recommended action |
No action is required. |
LLDP_NEIGHBOR_AGE_OUT
Message text |
[STRING] agent neighbor aged out on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING]. |
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID. |
Severity level |
4 |
Example |
LLDP/4/LLDP_NEIGHBOR_AGE_OUT: Nearest bridge agent neighbor aged out on port GigabitEthernet1/0/1 (IfIndex599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet1/0/2. |
Explanation |
This message is generated when the port failed to receive LLDPDUs from the neighbor within a certain period of time. |
Recommended action |
Verify the link status or the receive/transmit status of LLDP on the peer. |
LLDP_PVID_INCONSISTENT
Message text |
PVID mismatch discovered on [STRING] (PVID [UINT32]), with [STRING] [STRING] (PVID [STRING]). |
Variable fields |
|
Severity level |
|
Example |
|
Explanation |
|
Recommended action |
LLDP_REACH_NEIGHBOR_LIMIT
Message text |
The number of [STRING] agent neighbors maintained by the port [STRING] (IfIndex [UINT32]) has reached [UINT32], and no more neighbors can be added. |
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Maximum number of neighbors a port can maintain. |
Severity level |
3 |
Example |
LLDP/3/LLDP_REACH_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by the port GigabitEthernet1/0/1 (IfIndex 599) has reached 5, and no more neighbors can be added. |
Explanation |
This message is generated when the port with its maximum number of neighbors reached received an LLDP packet. |
Recommended action |
No action is required. |
LOAD messages
This section contains load management messages.
BOARD_LOADING
Message text |
Board in chassis [INT32] slot [INT32] is loading software images. |
Variable fields |
$1: Chassis number. $2: Slot number. |
Severity level |
4 |
Example |
LOAD/4/BOARD_LOADING: Board in chassis 1 slot 5 is loading software images. |
Explanation |
The card is loading software images during the boot process. |
Recommended action |
No action is required. |
LOAD_FAILED
Message text |
Board in chassis [INT32] slot [INT32] failed to load software images. |
Variable fields |
$1: Chassis number. $2: Slot number. |
Severity level |
3 |
Example |
LOAD/3/LOAD_FAILED: Board in chassis 1 slot 5 failed to load software images. |
Explanation |
The card failed to load software images during the boot process. |
Recommended action |
1. Execute the display boot-loader command to identify the startup software images. 2. Execute the dir command to verify that the startup software images exist. If the startup software images do not exist or are damaged, re-upload the software images to the device or set another one as the startup software images. 3. If the problem persists, contract H3C Support. |
LOAD_FINISHED
Message text |
Board in chassis [INT32] slot [INT32] has finished loading software images. |
Variable fields |
$1: Chassis number. $2: Slot number. |
Severity level |
5 |
Example |
LOAD/5/LOAD_FINISHED: Board in chassis 1 slot 5 has finished loading software images. |
Explanation |
The card has finished loading software images. |
Recommended action |
No action is required. |
Local messages
This section contains local messages.
LOCAL_CMDDENY
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Permission denied for visiting user [STRING]. |
Variable fields |
$1: User line name. This field displays two asterisks (**) if a login user is not assigned a user line. $2: IP address of the login user. This field displays two asterisks (**) if the system does not obtain the IP address of the login user. $3: Name of the login user. This field displays two asterisks (**) if the login user does not have a username. $4: Name of a local user. |
Severity level |
5 |
Example |
LOCAL/5/LOCAL_CMDDENY: -Line=vty0-IPAddr=111.8.10.111-User=opt; Permission denied for visiting user admin. |
Explanation |
The system rejected to enter the view of a local user because the login user does not have the access permission. |
Recommended action |
No action is required. |
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Permission denied for adding user [STRING]. |
Variable fields |
$1: User line name. This field displays two asterisks (**) if a login user is not assigned a user line. $2: IP address of the login user. This field displays two asterisks (**) if the system does not obtain the IP address of the login user. $3: Name of the login user. This field displays two asterisks (**) if the login user does not have a username. $4: Name of a local user. |
Severity level |
5 |
Example |
LOCAL/5/LOCAL_CMDDENY: -Line=vty0-IPAddr=111.8.10.111-User=opt; Permission denied for adding user admin. |
Explanation |
The system rejected to add a local user because the login user does not have the access permission. |
Recommended action |
No action is required. |
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Permission denied for deleting user [STRING]. |
Variable fields |
$1: User line name. This field displays two asterisks (**) if a login user is not assigned a user line. $2: IP address of the login user. This field displays two asterisks (**) if the system does not obtain the IP address of the login user. $3: Name of the login user. This field displays two asterisks (**) if the login user does not have a username. $4: Name of a local user. |
Severity level |
5 |
Example |
LOCAL/5/LOCAL_CMDDENY: -Line=vty0-IPAddr=111.8.10.111-User=opt; Permission denied for deleting user admin. |
Explanation |
The system rejected to delete a local user because the login user does not have the access permission. |
Recommended action |
No action is required. |
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Permission denied for configuring user [STRING]'s [STRING]. |
Variable fields |
$1: User line name. This field displays two asterisks (**) if a login user is not assigned a user line. $2: IP address of the login user. This field displays two asterisks (**) if the system does not obtain the IP address of the login user. $3: Name of the login user. This field displays two asterisks (**) if the login user does not have a username. $4: Name of a local user. $5: User attribute. The following options are available: ¡ password—User password. ¡ state—User state. ¡ service-type—Type of service. ¡ authorization-attribute—Authorization attribute. ¡ bind-attribute—Binding attribute. ¡ group—User group. ¡ access-limit—Maximum number of concurrent logins for a local user. |
Severity level |
5 |
Example |
LOCAL/5/LOCAL_CMDDENY: -Line=vty0-IPAddr=111.8.10.111-User=opt; Permission denied for configuring user admin's access-limit. |
Explanation |
The system rejected to configure an attribute for a local user because the login user does not have the access permission. |
Recommended action |
No action is required. |
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Permission denied for visiting group [STRING]. |
Variable fields |
$1: User line name. This field displays two asterisks (**) if a login user is not assigned a user line. $2: IP address of the login user. This field displays two asterisks (**) if the system does not obtain the IP address of the login user. $3: Name of the login user. This field displays two asterisks (**) if the login user does not have a username. $4: Name of a user group. |
Severity level |
5 |
Example |
LOCAL/5/LOCAL_CMDDENY: -Line=vty0-IPAddr=111.8.10.111-User=opt; Permission denied for visiting group system. |
Explanation |
The system rejected to enter the view of a user group because the login user does not have the access permission. |
Recommended action |
No action is required. |
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Permission denied for adding group [STRING]. |
Variable fields |
$1: User line name. This field displays two asterisks (**) if a login user is not assigned a user line. $2: IP address of the login user. This field displays two asterisks (**) if the system does not obtain the IP address of the login user. $3: Name of the login user. This field displays two asterisks (**) if the login user does not have a username. $4: Name of a user group. |
Severity level |
5 |
Example |
LOCAL/5/LOCAL_CMDDENY: -Line=vty0-IPAddr=111.8.10.111-User=opt; Permission denied for adding group system. |
Explanation |
The system rejected to add a user group because the login user does not have the access permission. |
Recommended action |
No action is required. |
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Permission denied for deleting group [STRING]. |
Variable fields |
$1: User line name. This field displays two asterisks (**) if a login user is not assigned a user line. $2: IP address of the login user. This field displays two asterisks (**) if the system does not obtain the IP address of the login user. $3: Name of the login user. This field displays two asterisks (**) if the login user does not have a username. $4: Name of a user group. |
Severity level |
5 |
Example |
LOCAL/5/LOCAL_CMDDENY: -Line=vty0-IPAddr=111.8.10.111-User=opt; Permission denied for deleting group system. |
Explanation |
The system rejected to delete a user group because the login user does not have the access permission. |
Recommended action |
No action is required. |
LOGIN messages
This section contains login messages.
LOGIN_AUTHENTICATION_FAILED
Message text |
Authentication failed for [STRING] from [STRING] because of [STRING]. |
Variable fields |
$1: Username. $2: Line name or IP address. $3: Failure reason: ¡ no AAA response from any server during the authentication—No response was received from the AAA server. ¡ invalid username or password or service type mismatch—The username or password was invalid or the used service type was not granted. ¡ configuration error or other errors—A configuration error found or an unknown error occurred. |
Severity level |
5 |
Example |
LOGIN/5/LOGIN_AUTHENTICATION_FAILED: Authentication failed for Usera from console0 because of no AAA response from any server during the authentication. |
Explanation |
A login attempt failed. |
Recommended action |
Identify the failure reason and take actions accordingly. |
LOGIN_FAILED
Message text |
[STRING] failed to log in from [STRING]. |
Variable fields |
$1: Username. $2: Line name or IP address. |
Severity level |
5 |
Example |
LOGIN/5/LOGIN_FAILED: TTY failed to log in from console0. LOGIN/5/LOGIN_FAILED: usera failed to log in from 192.168.11.22. |
Explanation |
A login attempt failed. |
Recommended action |
No action is required. |
LOGIN_ INVALID_USERNAME_PWD
Message text |
Invalid username or password from [STRING]. |
Variable fields |
$1: User line name and user IP address. |
Severity level |
5 |
Example |
LOGIN/5/LOGIN_INVALID_USERNAME_PWD: Invalid username or password from console0. LOGIN/5/LOGIN_INVALID_USERNAME_PWD: Invalid username or password from 192.168.11.22. |
Explanation |
A user entered an invalid username or password. |
Recommended action |
No action is required. |
LPDT messages
This section contains loop detection messages.
LPDT_LOOPED
Message text |
A loop was detected on [STRING]. |
Variable fields |
$1: Port name. |
Severity level |
4 |
Example |
LPDT/4/LPDT_LOOPED: A loop was detected on Ethernet 6/4/2. |
Explanation |
The first intra-VLAN loop was detected on a port. |
Recommended action |
Check the links and configuration on the device for the loop, and remove the loop. |
LPDT_QINQ_LOOPED
Message text |
A loop was detected on [STRING] in SVLAN [UINT16] and CVLAN [UINT16]. |
Variable fields |
$1: Port name. $2: SVLAN ID. $3: CVLAN ID. |
Severity level |
4 |
Example |
LPDT/4/LPDT_QINQ_LOOPED: A loop was detected on Ethernet6/4/1 in SVLAN 1 and CVLAN 1. |
Explanation |
A looped was detected by double-tagged loop detection. |
Recommended action |
Check the links and configuration on the device for the loop, and remove the loop. |
LPDT_QINQ_RECOVERED
Message text |
A loop was removed on [STRING] in SVLAN [UINT16] and CVLAN [UINT16]. |
Variable fields |
$1: Port name. $2: SVLAN ID. $3: CVLAN ID. |
Severity level |
5 |
Example |
LPDT/5/LPDT_QINQ_RECOVERED: A loop was removed on Ethernet6/4/1 in SVLAN 1 and CVLAN 1. |
Explanation |
A loop was removed by double-tagged loop detection. |
Recommended action |
No action is required. |
LPDT_RECOVERED
Message text |
All loops were removed on [STRING]. |
Variable fields |
$1: Port name. |
Severity level |
5 |
Example |
LPDT/5/LPDT_RECOVERED: All loops were removed on Ethernet6/4/1. |
Explanation |
All intra-VLAN loops on a port were removed. |
Recommended action |
No action is required. |
LPDT_VLAN_LOOPED
Message text |
A loop was detected on [STRING] in VLAN [UINT16]. |
Variable fields |
$1: Port name. $2: VLAN ID. |
Severity level |
4 |
Example |
LPDT/4/LPDT_VLAN_LOOPED: A loop was detected on Ethernet6/4/1 in VLAN 1. |
Explanation |
A loop in a VLAN was detected on a port. |
Recommended action |
Check the links and configurations in the VLAN for the loop, and remove the loop. |
LPDT_VLAN_RECOVERED
Message text |
A loop was removed on [STRING] in VLAN [UINT16]. |
Variable fields |
$1: Port name. $2: VLAN ID. |
Severity level |
5 |
Example |
LPDT/5/LPDT_VLAN_RECOVERED: A loop was removed on Ethernet6/4/1 in VLAN 1. |
Explanation |
A loop in a VLAN was removed on a port. |
Recommended action |
No action is required. |
LS messages
This section contains Local Server messages.
LOCALSVR_PROMPTED_CHANGE_PWD
Message text |
Please change the password of [STRING] [STRING], because [STRING]. |
Variable fields |
$1: Password type: ¡ device management user. ¡ user line. ¡ user line class. $2: Username, user line name, or user line class name. $3: Reason for password change: ¡ the current password is a weak-password. ¡ the current password is the default password. ¡ it is the first login of the current user or the password had been reset. ¡ the password had expired. |
Severity level |
6 |
Example |
LOCALSVR/6/LOCALSVR_PROMPTED_CHANGE_PWD: Please change the password of device management user hhh, because the current password is a weak password. |
Explanation |
The device generated a log message to prompt a user to change the password of the user, user line, or user line class. The device will generate such a log message every 24 hours after the user logs in to the device if the password does not meet the password control requirements. |
Recommended action |
Change the user password as required: · If scheme authentication is used, change the local password of the user. · If password authentication is used, change the authentication password of the user line or user line class for the user. |
LS_ADD_USER_TO_GROUP
Message text |
Admin [STRING] added user [STRING] to group [STRING]. |
Variable fields |
$1: Admin name. $2: Username. $3: User group name. |
Severity level |
4 |
Example |
LS/4/LS_ADD_USER_TO_GROUP: Admin admin added user user1 to group group1. |
Explanation |
The administrator added a user into a user group. |
Recommended action |
No action is required. |
LS_AUTHEN_FAILURE
Message text |
User [STRING] from [STRING] failed authentication. [STRING] |
Variable fields |
$1: Username. $2: IP address. $3: Failure reason: ¡ User not found. ¡ Password verified failed. ¡ User not active. ¡ Access type mismatch. ¡ Binding attribute is failed. ¡ User in blacklist. |
Severity level |
5 |
Example |
LS/5/LS_AUTHEN_FAILURE: User cwf@system from 192.168.0.22 failed authentication. "User not found." |
Explanation |
The local server rejected a user's authentication request. |
Recommended action |
No action is required. |
LS_AUTHEN_SUCCESS
Message text |
User [STRING] from [STRING] was authenticated successfully. |
Variable fields |
$1: Username. $2: IP address. |
Severity level |
6 |
Example |
LS/6/LS_AUTHEN_SUCCESS: User cwf@system from 192.168.0.22 was authenticated successfully. |
Explanation |
The local server accepted a user's authentication request. |
Recommended action |
No action is required. |
LS_DEL_USER_FROM_GROUP
Message text |
Admin [STRING] delete user [STRING] from group [STRING]. |
Variable fields |
$1: Admin name. $2: Username. $3: User group name. |
Severity level |
4 |
Example |
LS/4/LS_DEL_USER_FROM_GROUP: Admin admin delete user user1 from group group1. |
Explanation |
The administrator deleted a user from a user group. |
Recommended action |
No action is required. |
LS_DELETE_PASSWORD_FAIL
Message text |
Failed to delete the password for user [STRING]. |
Variable fields |
$1: Username. |
Severity level |
4 |
Example |
LS/4/LS_DELETE_PASSWORD_FAIL: Failed to delete the password for user abcd. |
Explanation |
Failed to delete the password for a user. |
Recommended action |
Check the file system for errors. |
LS_PWD_ADDBLACKLIST
Message text |
User [STRING] was added to the blacklist due to multiple login failures, [STRING]. |
Variable fields |
$1: Username. $2: Options include: ¡ but could make other attempts. ¡ and is permanently blocked. ¡ and was temporarily blocked for [UINT32] minutes. |
Severity level |
4 |
Example |
LS/4/LS_PWD_ADDBLACKLIST: User user1 was added to the blacklist due to multiple login failures, but could make other attempts. |
Explanation |
A user was added to the blacklist because of multiple login failures. |
Recommended action |
Check the user's password. |
LS_PWD_CHGPWD_FOR_AGEDOUT
Message text |
User [STRING] changed the password because it was expired. |
Variable fields |
$1: Username. |
Severity level |
4 |
Example |
LS/4/LS_PWD_CHGPWD_FOR_AGEDOUT: User aaa changed the password because it was expired. |
Explanation |
A user changed the password because the password expired. |
Recommended action |
No action is required. |
LS_PWD_CHGPWD_FOR_AGEOUT
Message text |
User [STRING] changed the password because it was about to expire. |
Variable fields |
$1: Username. $2: Aging time. |
Severity level |
4 |
Example |
LS/4/LS_PWD_CHGPWD_FOR_AGEOUT: User aaa changed the password because it was about to expire. |
Explanation |
A user changed the password because the password was about to expire. |
Recommended action |
No action is required. |
LS_PWD_CHGPWD_FOR_COMPOSITION
Message text |
User [STRING] changed the password because it had an invalid composition. |
Variable fields |
$1: Username. |
Severity level |
4 |
Example |
LS/4/LS_PWD_CHGPWD_FOR_COMPOSITION: User aaa changed the password because it had an invalid composition. |
Explanation |
A user changed the password because it had an invalid composition. |
Recommended action |
No action is required. |
LS_PWD_CHGPWD_FOR_FIRSTLOGIN
Message text |
User [STRING] changed the password at the first login. |
Variable fields |
$1: Username. |
Severity level |
4 |
Example |
LS/4/LS_PWD_CHGPWD_FOR_FIRSTLOGIN: User aaa changed the password at the first login. |
Explanation |
A user changed the password at the first login. |
Recommended action |
No action is required. |
LS_PWD_CHGPWD_FOR_LENGTH
Message text |
User [STRING] changed the password because it was too short. |
Variable fields |
$1: Username. |
Severity level |
4 |
Example |
LS/4/LS_PWD_CHGPWD_FOR_LENGTH: User aaa changed the password because it was too short. |
Explanation |
A user changed the password because it was too short. |
Recommended action |
No action is required. |
LS_PWD_FAILED2WRITEPASS2FILE
Message text |
Failed to write the password records to file. |
Variable fields |
N/A |
Severity level |
4 |
Example |
LS/4/LS_PWD_FAILED2WRITEPASS2FILE: Failed to write the password records to file. |
Explanation |
Failed to write the password records to file. |
Recommended action |
No action is required. |
LS_PWD_MODIFY_FAIL
Message text |
Admin [STRING] from [STRING] could not modify the password for user [STRING], because [STRING]. |
Variable fields |
$1: Admin name. $2: IP address. $3: Username. $4: Failure reason: ¡ passwords do not match. ¡ the password history cannot be written. ¡ the password cannot be verified. |
Severity level |
4 |
Example |
LS/4/LS_PWD_MODIFY_FAIL: Admin admin from 1.1.1.1 could not modify the password for user user1, because passwords do not match. |
Explanation |
An administrator failed to modify a user's password. |
Recommended action |
No action is required. |
LS_PWD_MODIFY_SUCCESS
Message text |
Admin [STRING] from [STRING] modify the password for user [STRING] successfully. |
Variable fields |
$1: Admin name. $2: IP address. $3: Username. |
Severity level |
6 |
Example |
LS/6/LS_PWD_MODIFY_SUCCESS: Admin admin from 1.1.1.1 modify the password for user abc successfully. |
Explanation |
An administrator successfully modified a user's password. |
Recommended action |
No action is required. |
LS_REAUTHEN_FAILURE
Message text |
User [STRING] from [STRING] failed reauthentication. |
Variable fields |
$1: Username. $2: IP address. |
Severity level |
5 |
Example |
LS/5/LS_REAUTHEN_FAILURE: User abcd from 1.1.1.1 failed reauthentication. |
Explanation |
A user failed reauthentication. |
Recommended action |
Check the old password. |
LS_UPDATE_PASSWORD_FAIL
Message text |
Failed to update the password for user [STRING]. |
Variable fields |
$1: Username. |
Severity level |
4 |
Example |
LS/4/LS_UPDATE_PASSWORD_FAIL: Failed to update the password for user abc. |
Explanation |
Failed to update the password for a user. |
Recommended action |
Check the file system for errors. |
LS_USER_CANCEL
Message text |
User [STRING] from [STRING] cancelled inputting the password. |
Variable fields |
$1: Username. $2: IP address. |
Severity level |
5 |
Example |
LS/5/LS_USER_CANCEL: User 1 from 1.1.1.1 cancelled inputting the password. |
Explanation |
A user cancelled inputting the password or did not input the password in 90 seconds. |
Recommended action |
No action is required. |
LS_USER_PASSWORD_EXPIRE
Message text |
User [STRING]'s login idle timer timed out. |
Variable fields |
$1: Username. |
Severity level |
5 |
Example |
LS/5/LS_USER_PASSWORD_EXPIRE: User 1's login idle timer timed out. |
Explanation |
The login idle time for a user expired. |
Recommended action |
No action is required. |
LS_USER_ROLE_CHANGE
Message text |
Admin [STRING] [STRING] the user role [STRING] for [STRING]. |
Variable fields |
$1: Admin name. $2: Added/Deleted. $3: User role. $4: Username. |
Severity level |
4 |
Example |
LS/4/LS_USER_ROLE_CHANGE: Admin admin add the user role network-admin for abcd. |
Explanation |
An administrator added a user role for a user. |
Recommended action |
No action is required. |
LSM messages
This section contains LSM messages.
LSM_SR_LABEL_CONFLICT
Message text |
Protocol [STRING] assigned label ([STRING]) for prefix ([STRING]), which already has label ([STRING]) assigned by protocol [STRING]. |
Variable fields |
$1: Routing protocol 1. $2: Label 1. $3: Prefix and the mask. $4: Label 2. $5: Routing protocol 2. |
Severity level |
4 |
Example |
LSM/4/LSM_SR_LABEL_CONFLICT: Protocol ISIS assigned label (16000) to prefix (5.5.5.5/32), which already has label (17000) assigned by protocol OSPF. |
Explanation |
Two routing protocols running on the same SR node assigned different labels to the same prefix. |
Recommended action |
Perform one the following tasks: · Configure the routing protocols to assign the same label to the same prefix. · Remove one of the routing protocol process so only one routing protocol assigns labels to prefixes. |
LSM_SR_PREFIX_CONFLICT
Message text |
Label ([STRING]) for prefix ([STRING]) has been used by prefix ([STRING]). |
Variable fields |
$1: Label value. $2: Prefix 1 and the mask. $2: Prefix 2 and the mask. |
Severity level |
4 |
Example |
LSM/4/LSM_SR_PREFIX_CONFLICT: The label(16700) for prefix(8.8.8.8/32) has been used by prefix(5.5.5.5/32). |
Explanation |
A label was assigned to two prefixes. |
Recommended action |
Assign a different label to one of the prefixes. |
LSPV messages
This section contains LSP verification messages.
LSPV_PING_STATIS_INFO
Message text |
Ping statistics for [STRING]: [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packets loss, round-trip min/avg/max = [UINT32]/[UINT32]/[UINT32] ms. |
Variable fields |
$1: FEC. $2: Number of echo requests sent. $3: Number of echo replies received. $4: Percentage of the non-replied packets to the total requests. $5: Minimum round-trip delay. $6: Average round-trip delay. $7: Maximum round-trip delay. |
Severity level |
6 |
Example |
LSPV/6/LSPV_PING_STATIS_INFO: Ping statistics for FEC 192.168.1.1/32: 5 packets transmitted, 5 packets received, 0.0% packets loss, round-trip min/avg/max = 1/2/5 ms. |
Explanation |
Ping statistics for an LSP tunnel or a PW. This message is generated when the ping mpls command is executed. |
Recommended action |
If no reply is received, verify the connectivity of the LSP tunnel or the PW. |
MAC messages
This section contains MAC messages.
MAC_TABLE_FULL_GLOBAL
Message text |
The number of MAC address entries exceeded the maximum number [UINT32]. |
Variable fields |
$1: Maximum number of MAC addresses. |
Severity level |
4 |
Example |
MAC/4/MAC_TABLE_FULL_GLOBAL: The number of MAC address entries exceeded the maximum number 1024. |
Explanation |
The number of entries in the global MAC address table exceeded the maximum number supported by the table. |
Recommended action |
No action is required. |
MAC_TABLE_FULL_PORT
Message text |
The number of MAC address entries exceeded the maximum number [UINT32] for interface [STRING]. |
Variable fields |
$1: Maximum number of MAC addresses. $2: Interface name. |
Severity level |
4 |
Example |
MAC/4/MAC_TABLE_FULL_PORT: The number of MAC address entries exceeded the maximum number 1024 for interface GigabitEthernet2/0/32. |
Explanation |
The number of entries in the MAC address table for an interface exceeded the maximum number supported by the table. |
Recommended action |
No action is required. |
MAC_TABLE_FULL_VLAN
Message text |
The number of MAC address entries exceeded the maximum number [UINT32] in VLAN [UINT32]. |
Variable fields |
$1: Maximum number of MAC addresses. $2: VLAN ID. |
Severity level |
4 |
Example |
MAC/4/MAC_TABLE_FULL_VLAN: The number of MAC address entries exceeded the maximum number 1024 in VLAN 2. |
Explanation |
The number of entries in the MAC address table for a VLAN exceeded the maximum number supported by the table. |
Recommended action |
No action is required. |
MACA messages
This section contains MAC authentication messages.
MACA_ENABLE_NOT_EFFECTIVE
Message text |
MAC authentication is enabled but is not effective on interface [STRING]. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
MACA/3/MACA_ENABLE_NOT_EFFECTIVE: MAC authentication is enabled but is not effective on interface Ethernet3/1/2. |
Explanation |
MAC authentication configuration does not take effect on an interface, because the interface does not support MAC authentication. |
Recommended action |
1. Disable MAC authentication on the interface. 2. Reconnect the connected devices to another interface that supports MAC authentication. 3. Enable MAC authentication on the new interface. |
MACA_LOGIN_FAILURE
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; User failed MAC authentication. |
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. |
Severity level |
6 |
Example |
MACA/6/MACA_LOGIN_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; User failed MAC authentication. |
Explanation |
The user failed MAC authentication. |
Recommended action |
Locate the failure cause and handle the problem according to the failure cause. |
MACA_LOGIN_SUCC
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; User passed MAC authentication and came online. |
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. |
Severity level |
6 |
Example |
MACA/6/MACA_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; User passed MAC authentication and came online. |
Explanation |
The user passed MAC authentication. |
Recommended action |
No action is required. |
MACA_LOGOFF
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; MAC authentication user was logged off. |
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. |
Severity level |
6 |
Example |
MACA/6/MACA_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; MAC authentication user was logged off. |
Explanation |
The MAC authentication user was logged off. |
Recommended action |
Locate the logoff cause and remove the problem. If the logoff was requested by the user, no action is required. |
MACSEC messages
This section contains MACsec messages.
MACSEC_MKA_KEEPALIVE_TIMEOUT
Message text |
The live peer with SCI [STRING] and CKN [STRING] aged out on interface [STRING]. |
Variable fields |
$1: SCI. $2: CKN. $3: Interface name. |
Severity level |
4 |
Example |
MACSEC/4/MACSEC_MKA_KEEPALIVE_TIMEOUT: The live peer with SCI 00E00100000A0006 and CKN 80A0EA0CB03D aged out on interface GigabitEthernet1/0/1. |
Explanation |
A live peer aged out on an interface, because the local participant had not received any MKA packets from the peer before the keepalive timer expired. The local participant removed the peer information from the port. |
Recommended action |
Check the link between the local participant and the live peer for link failure. If the link is down, recover the link. |
MACSEC_MKA_PRINCIPAL_ACTOR
Message text |
The actor with CKN [STRING] became principal actor on interface [STRING]. |
Variable fields |
$1: CKN. $2: Interface name. |
Severity level |
6 |
Example |
MACSEC/6/MACSEC_MKA_PRINCIPAL_ACTOR: The actor with CKN 80A0EA0CB03D became principal actor on interface GigabitEthernet1/0/1. |
Explanation |
The actor with the highest key server priority became the principal actor. |
Recommended action |
No action is required. |
MACSEC_MKA_SAK_REFRESH
Message text |
The SAK has been refreshed on interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
MACSEC/6/MACSEC_MKA_SAK_REFRESH: The SAK has been refreshed on interface GigabitEthernet1/0/1. |
Explanation |
The participant on the interface derived or received a new SAK. |
Recommended action |
No action is required. |
MACSEC_MKA_SESSION_REAUTH
Message text |
The MKA session with CKN [STRING] was re-authenticated on interface [STRING]. |
Variable fields |
$1: CKN. $2: Interface name. |
Severity level |
6 |
Example |
MACSEC/6/MACSEC_MKA_SESSION_REAUTH: The MKA session with CKN 80A0EA0CB03D was re-authenticated on interface GigabitEthernet1/0/1. |
Explanation |
The interface performed 802.1X reauthentication. After the 802.1X reauthentication, the participants received a new CAK, and used it to re-establish the MKA session. |
Recommended action |
No action is required. |
MACSEC_MKA_SESSION_SECURED
Message text |
The MKA session with CKN [STRING] was secured on interface [STRING]. |
Variable fields |
$1: CKN. $2: Interface name. |
Severity level |
6 |
Example |
MACSEC/6/MACSEC_MKA_SESSION_SECURED: The MKA session with CKN 80A020EA0CB03D was secured on interface GigabitEthernet1/0/1. |
Explanation |
The MKA session on the interface was secured. Packets are encrypted and transmitted in cipher text. The event occurs in the following situations: · The MKA session state changes from unsecured to secured. · The local participant and the peer negotiate a new MKA session when the following conditions exist: ¡ Both the key server and the peer support MACsec. ¡ A minimum of one participant is enabled with the MACsec desire feature. |
Recommended action |
No action is required. |
MACSEC_MKA_SESSION_START
Message text |
The MKA session with CKN [STRING] started on interface [STRING]. |
Variable fields |
$1: CKN. $2: Interface name. |
Severity level |
6 |
Example |
MACSEC/6/MACSEC_MKA_SESSION_START: The MKA session with CKN 80A020EA0CB03D started on interface GigabitEthernet1/0/1. |
Explanation |
The MKA session negotiation was initiated. Possible reasons include: · New CAK is available after MKA is enabled. · The user re-establishes the MKA session. · The interface that failed MKA session negotiation receives an MKA packet. |
Recommended action |
No action is required. |
MACSEC_MKA_SESSION_STOP
Message text |
The MKA session with CKN [STRING] stopped on interface [STRING]. |
Variable fields |
$1: CKN. $2: Interface name. |
Severity level |
5 |
Example |
MACSEC/5/MACSEC_MKA_SESSION_STOP: The MKA session with CKN 80A020EA0CB03D stopped on interface GigabitEthernet1/0/1. |
Explanation |
The MKA session was terminated. Possible reasons include: · The user removes or re-establishes the MKA session on the interface. · The link associated to the session is down. |
Recommended action |
1. Use the display mka session command to check whether the session exists: ¡ If the session has been re-established, ignore the message. ¡ If the session does not exist and is not removed by the user, check the link associated with the session for link failure. 2. Recover the link if the link is down. |
MACSEC_MKA_SESSION_UNSECURED
Message text |
The MKA session with CKN [STRING] was not secured on interface [STRING]. |
Variable fields |
$1: CKN. $2: Interface name. |
Severity level |
5 |
Example |
MACSEC/5/MACSEC_MKA_SESSION_UNSECURED: The MKA session with CKN 80A020EA0CB03D was not secured on interface GigabitEthernet1/0/1. |
Explanation |
The MKA session on the interface was not secured. Packets are transmitted in plain text. The event occurs in the following situations: · The MKA session state changes from secured to unsecured. · The local participant and the peer negotiate a new MKA session when the following conditions exist: ¡ The key server and the peer are not both MACsec capable. ¡ No participant is enabled with the MACsec desire feature. |
Recommended action |
To secure the MKA session, perform the following tasks: · Verify that both the key server and the peer support MACsec. · Verify that a minimum of one participant is enabled with the MACsec desire feature. |
MBFD messages
This section contains MPLS BFD messages.
MBFD_TRACEROUTE_FAILURE
Message text |
[STRING] is failed. ([STRING].) |
Variable fields |
$1: LSP information. $2: Reason for the LSP failure. |
Severity level |
4 |
Example |
MBFD/4/MBFD_TRACEROUTE_FAILURE: LSP (LDP IPv4: 22.22.2.2/32, nexthop: 20.20.20.2) is failed. (Replying router has no mapping for the FEC.) MBFD/4/MBFD_TRACEROUTE_FAILURE: TE tunnel (RSVP IPv4: Tunnel1) is failed. (No label entry.) |
Explanation |
LSP/MPLS TE tunnel failure was detected by periodic MPLS tracert. This message is generated when the system receives an MPLS echo reply with an error return code. |
Recommended action |
Verify the configuration for the LSP or MPLS TE tunnel. |
MBUF messages
This section contains MBUF messages.
MBUF_DATA_BLOCK_CREATE_FAIL
Message text |
Failed to create an MBUF data block because of insufficient memory. Failure count: [UINT32]. |
Variable fields |
$1: Failure count. |
Severity level |
2 |
Example |
MBUF/2/MBUF_DATA_BLOCK_CREATE_FAIL: Failed to create an MBUF data block because of insufficient memory. Failure count: 128. |
Explanation |
The message is output when the system fails to create an MBUF data block 1 minute or more after the most recent creation failure. |
Recommended action |
1. Execute the display system internal kernel memory pool | include mbuf command in probe view to view the number of the allocated MBUF data blocks. 2. Execute the display memory command in system view to display the total size of the system memory. 3. Determine whether an excessive number of MBFU data blocks are allocated by comparing the size of the allocated MBUF data blocks with that of the system memory. ¡ If it is not an excessive number, use the memory management commands to check for the memory-intensive modules. ¡ If it is an excessive number, go to step 4 4. Execute the display system internal mbuf socket statistics command in probe view to view the number of the MBUF data blocks buffered in the socket. Determine whether a process has too many MBUF data blocks buffered in the socket buffer. ¡ If it is too many, locate the reason why the MBUF data blocks cannot be released from the socket buffer. ¡ If it is not too many, use other means to locate the reasons for excessive allocation of MBUF data blocks. 5. If the problem persists, contact H3C Support. |
MDC messages
This section contains MDC messages.
MDC_CREATE_ERR
Message text |
Failed to create MDC [UINT16] for insufficient resources. |
Variable fields |
$1: MDC ID. |
Severity level |
5 |
Example |
MDC/5/MDC_CREATE_ERR: -Slot=1; Failed to create MDC 2 for insufficient resources. |
Explanation |
The standby MPU did not have enough resources to create the MDC. At startup, the standby MPU obtains MDC configuration information from the active MPU. If the standby MPU does not have enough resources to create an MDC, it outputs this log message. |
Recommended action |
1. Use the display mdc resource command to display the CPU, memory, and disk space resources on the standby MPU. 2. Perform one of the following tasks: ¡ If the memory space is insufficient, increase the memory space. If the disk space is insufficient, delete unused files. ¡ Use the undo mdc command to delete the specified MDC. ¡ Replace the standby MPU with an MPU that has sufficient resources. |
MDC_CREATE
Message text |
MDC [UINT16] was created. |
Variable fields |
$1: MDC ID. |
Severity level |
5 |
Example |
MDC/5/MDC_CREATE: MDC 2 was created. |
Explanation |
An MDC was created successfully. |
Recommended action |
No action is required. |
MDC_DELETE
Message text |
MDC [UINT16] was deleted. |
Variable fields |
$1: MDC ID. |
Severity level |
5 |
Example |
MDC/5/MDC_DELETE: MDC 2 was deleted. |
Explanation |
An MDC was deleted successfully. |
Recommended action |
No action is required. |
MDC_EVENT_ERROR
Message text |
Function [STRING] returned [STRING] when handling event [UINT32] on virtual OS [UINT32]. Reason: [STRING]. |
Variable fields |
$1: Address of the function. $2: Handling result of the function. $3: Event ID. $4: MDC ID. $5: Reasons for the handling result of the function: ¡ Not enough resources available for this MDC. ¡ Not enough memory space to complete the operation. ¡ Other reason. |
Severity level |
4 |
Example |
MDC/4/MDC_EVENT_ERROR: -MDC=1; Function 0xfacd26b1 returned 0x40010001 when handling event 1 on virtual OS 2. Reason: Other reason. |
Explanation |
Failed to handle an MDC event. |
Recommended action |
Contact HP Support. |
MDC_KERNEL_EVENT_TOOLONG
Message text |
[STRING] [UINT32] kernel event in sequence [STRING] function [STRING] failed to finish within [UINT32] minutes. |
Variable fields |
$1: Object type, MDC or Context. $2: MDC ID or context ID. $3: Kernel event phase. $4: Address of the function corresponding to the kernel event. $5: Time duration. |
Severity level |
4 |
Example |
MDC/4/MDC_KERNEL_EVENT_TOOLONG: -slot=1; MDC 2 kernel event in sequence 0x4fe5 function 0xff245e failed to finish within 15 minutes. |
Explanation |
A kernel event stayed unfinished for a long period of time. |
Recommended action |
1. Reboot the card in the specified slot. 2. If the problem persists, contact HP Support. |
MDC_LICENSE_EXPIRE
Message text |
The MDC feature's license will expire in [UINT32] days. |
Variable fields |
$1: Number of days, in the range of 1 to 30. |
Severity level |
5 |
Example |
MDC/5/MDC_LICENSE_EXPIRE: The MDC feature’s license will expire in 5 days. |
Explanation |
The license for the MDC feature was about to expire. |
Recommended action |
Install a new license. |
MDC_NO_FORMAL_LICENSE
Message text |
The feature MDC has no formal license. |
Variable fields |
N/A |
Severity level |
5 |
Example |
MDC/5/MDC_NO_FORMAL_LICENSE: The feature MDC has no formal license. |
Explanation |
The standby MPU became the active MPU but it did not have a formal license. The MDC feature has a free trial period. To use the feature after the period elapses, you must install a license for the standby MPU. |
Recommended action |
Install a formal license. |
MDC_NO_LICENSE_EXIT
Message text |
The MDC feature is being disabled, because it has no license. |
Variable fields |
N/A |
Severity level |
5 |
Example |
MDC/5/MDC_NO_LICENSE_EXIT: The MDC feature is being disabled, because it has no license. |
Explanation |
The MDC feature was disabled because the license for the MDC feature expired or was uninstalled. |
Recommended action |
Install the required license. |
MDC_OFFLINE
Message text |
MDC [UINT16] is offline now. |
Variable fields |
$1: MDC ID. |
Severity level |
5 |
Example |
MDC/5/MDC_OFFLINE: MDC 2 is offline now. |
Explanation |
An MDC was stopped. |
Recommended action |
No action is required. |
MDC_ONLINE
Message text |
MDC [UINT16] is online now. |
Variable fields |
$1: MDC ID. |
Severity level |
5 |
Example |
MDC/5/MDC_ONLINE: MDC 2 is online now. |
Explanation |
An MDC was started. |
Recommended action |
No action is required. |
MDC_STATE_CHANGE
Message text |
MDC [UINT16] status changed to [STRING]. |
Variable fields |
$1: MDC ID. $2: MDC status: ¡ updating–The system is assigning interface cards to the MDC (executing the location command). ¡ stopping–The system is stopping the MDC (executing the undo mdc start command). ¡ inactive–The MDC is inactive. ¡ starting–The system is starting the MDC (executing the mdc start command). ¡ active–The MDC is operating correctly. |
Severity level |
5 |
Example |
MDC/5/MDC_STATE_CHANGE: MDC 2 status changed to active. |
Explanation |
The status of an MDC changed. |
Recommended action |
No action is required. |
MFIB messages
This section contains MFIB messages.
MFIB_CFG_NOT_SUPPORT
Message text |
Failed to apply [STRING] configuration because the operation is not supported. |
Variable fields |
$1: IP multicast command. |
Severity level |
4 |
Example |
MFIB/4/MFIB_OIF_NOT_SUPPORT: Failed to apply multicast rpf-fail-pkt flooding configuration because the operation is not supported. |
Explanation |
The system failed to apply a configuration because the configuration is not supported by the hardware. |
Recommended action |
No action is required. |
MFIB_MTI_NO_ENOUGH_RESOURCE
Message text |
Failed to create [STRING] because of insufficient resources. |
Variable fields |
$1: Name of a multicast tunnel. |
Severity level |
4 |
Example |
MFIB/4/MFIB_MTI_NO_ENOUGH_RESOURCE: Failed to create MTunnel1 because of insufficient resources. |
Explanation |
The system failed to create a multicast tunnel because of insufficient hardware resources. |
Recommended action |
Use the undo group group-address source source-address command to delete unused multicast tunnels to release multicast tunnel resources. |
MFIB_OIF_NOT_SUPPORT
Message text |
Failed to add oif to entry ([[STRING], [STRING]) because some oifs are not supported. |
Variable fields |
$1: Multicast source address. $2: Multicast group address. |
Severity level |
4 |
Example |
MFIB/4/MFIB_OIF_NOT_SUPPORT: Failed to add oif to entry (1.1.1.1, 225.0.0.1) because some oifs are not supported. |
Explanation |
The system failed to add a type of outgoing interfaces to a multicast entry because the hardware does not support adding the type of outgoing interfaces. |
Recommended action |
Verify that outgoing interfaces of the entry on the slot where this message occurs are not configured with the following commands: · igmp static-group group-address [ source source-address ] { dot1q vid vlan-list | dot1q vid vlan-id second-dot1q vlan-list } · igmp user-vlan-aggregation dot1q vid vlan-id [ second-dot1q vlan-id ] · mld static-group ipv6-group-address [ source ipv6-source-address ] { dot1q vid vlan-list | dot1q vid vlan-id second-dot1q vlan-list } · mld user-vlan-aggregation dot1q vid vlan-id [ second-dot1q vlan-id ] Remove the configuration if any of these commands is configured. |
MGROUP messages
This section contains mirroring group messages.
MGROUP_APPLY_SAMPLER_FAIL
Message text |
Failed to apply the sampler for mirroring group [UINT16], because the sampler resources are insufficient. |
Variable fields |
$1: Mirroring group ID. |
Severity level |
3 |
Example |
MGROUP/3/MGROUP_APPLY_SAMPLER_FAIL: Failed to apply the sampler for mirroring group 1, because the sampler resources are insufficient. |
Explanation |
A sampler was not applied to the mirroring group because the sampler resources were insufficient. |
Recommended action |
No action is required. |
MGROUP_RESTORE_CPUCFG_FAIL
Message text |
Failed to restore configuration for mirroring CPU of [STRING] in mirroring group [UINT16], because [STRING] |
Variable fields |
$1: Slot number. $2: Mirroring group ID. $3: Failure reason. |
Severity level |
3 |
Example |
MGROUP/3/MGROUP_RESTORE_CPUCFG_FAIL: Failed to restore configuration for mirroring CPU of chassis 1 slot 2 in mirroring group 1, because the type of the monitor port in the mirroring group is not supported. |
Explanation |
When the CPU of the card in the slot is the source CPU in the mirroring group, configuration changes after the card is removed. When the card is reinstalled into the slot, restoring the source CPU configuration might fail. |
Recommended action |
Check for the failure reason. If the reason is that the system does not support the changed configuration, delete the unsupported configuration, and reconfigure the source CPU in the mirroring group. |
MGROUP_RESTORE_IFCFG_FAIL
Failed to restore configuration for interface [STRING] in mirroring group [UINT16], because [STRING] |
|
Variable fields |
$1: Interface name. $2: Mirroring group ID. $3: Failure reason. |
Severity level |
3 |
Example |
MGROUP/3/MGROUP_RESTORE_IFCFG_FAIL: Failed to restore configuration for interface Ethernet3/1/2 in mirroring group 1, because the type of the monitor port in the mirroring group is not supported. |
Explanation |
When the interface of the card in the slot is the monitor port in the mirroring group, configuration changes after the card is removed. When the card is reinstalled into the slot, restoring the monitor port configuration might fail. |
Recommended action |
Check for the failure reason. If the reason is that the system does not support the changed configuration, delete the unsupported configuration, and reconfigure the monitor port in the mirroring group. |
MGROUP_SYNC_CFG_FAIL
Message text |
Failed to restore configuration for mirroring group [UINT16] in [STRING], because [STRING] |
Variable fields |
$1: Mirroring group ID. $2: Slot number. $3: Failure reason. |
Severity level |
3 |
Example |
MGROUP/3/MGROUP_SYNC_CFG_FAIL: Failed to restore configuration for mirroring group 1 in chassis 1 slot 2, because monitor resources are insufficient. |
Explanation |
When the complete mirroring group configuration was synchronized on the card in the slot, restoring configuration failed because resources on the card were insufficient. |
Recommended action |
Delete the mirroring group. |
MPLS messages
This section contains MPLS messages.
MPLS_HARD_RESOURCE_NOENOUGH
Message text |
No enough hardware resource for MPLS. |
Variable fields |
N/A |
Severity level |
4 |
Example |
MPLS/4/MPLS_HARD_RESOURCE_NOENOUGH: No enough hardware resource for MPLS. |
Explanation |
Hardware resources for MPLS were insufficient. |
Recommended action |
Check whether unnecessary LSPs had been generated. If yes, configure or modify the LSP generation policy, label advertisement policy, and label acceptance policy to filter out unnecessary LSPs. |
MPLS_HARD_RESOURCE_RESTORE
Message text |
Hardware resources for MPLS are restored. |
Variable fields |
N/A |
Severity level |
6 |
Example |
MPLS/6/MPLS_HARD_RESOURCE_RESTORE: Hardware resources for MPLS are restored. |
Explanation |
Hardware resources for MPLS were restored. |
Recommended action |
No action is required. |
MSC messages
This section contains MSC messages.
MSC_NO_RTP_IN2SECS
Message text |
No RTP or RTCP packets received in [UINT32] seconds. |
Variable fields |
$1: RTP traffic detection interval. |
Severity level |
6 |
Example |
MSC/6/MSC_NO_RTP_IN2SECS: No RTP or RTCP packets received in 2 seconds. |
Explanation |
No RTP or RTCP traffic was detected within the specified period after a call was established. |
Recommended action |
Check whether both the calling party and the called party are silent. |
MSC_NO_RTP_IN2XNSECS
Message text |
No RTP or RTCP packets received in [UINT32] seconds ([UINT32] probes). |
Variable fields |
$1: RTP traffic detection interval. $2: Total times of RTP traffic detection. |
Severity level |
4 |
Example |
MSC/4/MSC_NO_RTP_IN2XNSECS: No RTP or RTCP packets received in 2 seconds (30 probes). |
Explanation |
No RTP or RTCP traffic was detected within the specified period for certain times after a call was established. |
Recommended action |
Check whether a transient line fault or network failure exists. |
MSC_NO_RTP_IN120SECS
Message text |
No RTP or RTCP packets received in [UINT32] seconds. A release message was sent. |
Variable fields |
$1: Length of time for detecting RTP traffic. |
Severity level |
4 |
Example |
MSC/4/MSC_NO_RTP_IN120SECS: No RTP or RTCP packets received in 120 seconds. A release message was sent. |
Explanation |
No RTP or RTCP traffic was detected within a certain period of time after a call was established, and a release message was sent. |
Recommended action |
Check whether a network failure exists. |
MTLK messages
This section contains Monitor Link messages.
MTLK_UPLINK_STATUS_CHANGE
Message text |
The uplink of monitor link group [UINT32] is [STRING]. |
Variable fields |
$1: Monitor link group ID. $2: Monitor Link group status, up or down. |
Severity level |
6 |
Example |
MTLK/6/MTLK_UPLINK_STATUS_CHANGE: The uplink of monitor link group 1 is up. |
Explanation |
The uplink of a monitor link group went up or down. |
Recommended action |
Troubleshoot the uplink when it fails. |
MTP messages
This section contains MTP messages.
MTP_PING_INFO
Message text |
Ping information, (Base: [STRING]), (Result: [STRING]). |
Variable fields |
$1: Basic information about the ping operation, including time, destination IP address, VRF index, protocol module information (module name and instance name), and the number of sent ping packets. The instance name in the protocol module information can be empty. $2: Result of the ping operation, including the number of successfully sent ping packets and ping packet result information. The ping packet result information includes the ping packet length, sequence, and result. |
Severity level |
6 |
Example |
MTP/6/MTP_PING_INFO: Ping information, (Base: Time = 09:39:18, Destination IP = 10.11.1.1, VrfIndex = 0, Protocol Module = BGP (default), Packet Number = 9), (Result: Success = 9, Length 100 ping 1 success, Length 100 ping 2 success, Length 100 ping 3 success, Length 1000 ping 4 success, Length 1000 ping 5 success, Length 1000 ping 6 success, Length 4000 ping 7 success, Length 4000 ping 8 success, Length 4000 ping 9 success). |
Explanation |
With MTP enabled, the device automatically pinged a neighbor and recorded the ping result when the neighbor's hold timer expired. |
Recommended action |
Troubleshoot the link according to the ping result information. |
MTP_TRACERT_INFO
Message text |
Tracert information, (Base: [STRING]), (Result: [STRING]). |
Variable fields |
$1: Basic information about the tracert operation, including time, destination IP address, VRF index, maximum number of hops allowed for a probe packet, number of probe packets to send per hop, and protocol module information (module name and instance name). The instance name in the protocol module information can be empty. $2: Result of the tracert operation, including the IP address of each hop, number of the AS that each hop belongs to (optional), and the number of probe successes. If a hop does not respond, no result will be displayed for the hop. |
Severity level |
6 |
Example |
MTP/6/MTP_TRACERT_INFO: Tracert information, (Base: Time = 10:39:18, Destination IP = 10.11.1.1, VrfIndex = 0, MaxHop = 30, Packet Number = 3, Protocol Module = BGP (default)), (Result: TTL 1 Response IP = 10.2.1.1 Success = 3, TTL 2 Response IP = 10.11.1.1 [ AS 100 ] Success = 3). |
Explanation |
With MTP enabled, the device automatically traced the route to the neighbor and recorded the tracert result when the neighbor's hold timer expired. |
Recommended action |
Troubleshoot the link according to the tracert result information. |
NAT messages
This section contains NAT messages.
DSLITE_SYSLOG
Message text |
All port block resources ran out in address group [UINT 16]. |
Variable fields |
$1: Address group name. |
Severity level |
3 |
Example |
NAT/3/DSLITE_SYSLOG: All port block resources ran out in address group 1. |
Explanation |
This message is sent when DS-Lite B4 port block assignment fails due to insufficient port block resources in the address group. |
Recommended action |
No action is required. |
EIM_MODE_PORT_USAGE_ALARM
Message text |
[STRING] Port usage reaches [STRING]%; SrcIPAddr=[IPADDR]; VPNInstance=[STRING]; NATIPAddr=[IPADDR]; ConnectCount=[UINT16]. |
Variable fields |
$1: Protocol type. $2: Percentage. $3: Source IP address. $4: Source VPN instance name. $5: Source IP address after translation. $6: Numbers of ports that are assigned. |
Severity level |
6 |
Example |
NAT/6/EIM_MODE_PORT_USAGE_ALARM: UDP Port usage reaches 40%; SrcIPAddr=1.1.1.211; VPNInstance=-; NATIPAddr=198.1.1.16; ConnectCount=40. |
Explanation |
This message is sent in the following conditions: · The port usage in a port block equals or exceeds the threshold set by the nat log port-block port-usage threshold command. · The Endpoint-Independent Mapping mode is applied. |
Recommended action |
No action is required. |
NAT_ADDR_BIND_CONFLICT
Message text |
Failed to activate NAT configuration on interface [STRING], because global IP addresses already bound to another service card. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
NAT/4/NAT_ADDR_BIND_CONFLICT: Failed to activate NAT configuration on interface GigabitEthernet1/0/1, because global IP addresses already bound to another service card. |
Explanation |
The NAT configuration did not take effect, because the global IP addresses that the interface references have been bound to another service card. |
Recommended action |
If multiple interfaces reference the same global IP addresses, you must specify the same service card to process NAT traffic passing through these interfaces. To resolve the problem: 1. Use the display nat all command to check the current configuration. 2. Remove the service card configuration on the interface. 3. Specify the same service card for interfaces referencing the same global IP addresses. |
NAT_EIM
Message text |
Protocol(1001)=[STRING];LocalIPAddr(1003)=[IPADDR];LocalPort(1004)=[UINT16];GlobalIPAddr(1005)=[IPADDR];GlobalPort(1006)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=[STRING]; |
Variable fields |
$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Source DS-Lite tunnel. $9: Time when the EIM entry was created. $10: Time when the EIM entry was removed. $11: Event description: ¡ NAT EIM entry created. ¡ NAT EIM entry deleted. |
Severity level |
6 |
Example |
NAT/6/NAT_EIM: -Protocol(1001)=UDP;LocalIPAddr(1003)=1.1.1.2;LocalPort(1004)=1024;GlobalIPAddr(1005)=30.3.1.231;GlobalPort(1006)=1026;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;BeginTime_e(1013)=10261971001739;EndTime_e(1014)=;Event(1048)=Nat eim created; |
Explanation |
This message is sent when a NAT EIM entry is created or removed. |
Recommended action |
No action is required. |
NAT_FAILED_ADD_FLOW_RULE
Message text |
Failed to add flow-table due to: [STRING]. |
Variable fields |
$1: Reason for the failure. |
Severity level |
4 |
Example |
NAT/4/NAT_FAILED_ADD_FLOW_RULE: Failed to add flow-table due to: Not enough resources are available to complete the operation. |
Explanation |
The system failed to deploy flow entries. Possible reasons include insufficient hardware resources or memory. |
Recommended action |
Contact H3C Support. |
NAT_FAILED_ADD_FLOW_TABLE
Message text |
Failed to add flow-table due to [STRING]. |
Variable fields |
$1: Failure reason: · no enough resource. · The item already exists. |
Severity level |
4 |
Example |
NAT/4/NAT_FAILED_ADD_FLOW_TABLE: Failed to add flow-table due to no enough resource. |
Explanation |
The system failed to add a flow table due to insufficient hardware resources or NAT address overlapping. |
Recommended action |
If the failure is caused by insufficient hardware resources, contact H3C Support. If the failure is caused by address overlapping, reconfigure the NAT addresses. Make sure the NAT address ranges do not overlap. |
NAT_FLOW
Message text |
Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING]; |
Variable fields |
$1: Protocol type. $2: Application layer protocol. $3: Source IP address. $4: Source port number. $5: Source IP address after translation. $6: Source port number after translation. $7: Destination IP address. $8: Destination port number. $9: Destination IP address after translation. $10: Destination port number after translation. $11: Total number of incoming packets. $12: Total number of incoming bytes. $13: Total number of outgoing packets. $14: Total number of outgoing bytes. $15: Source VPN instance name. $16: Destination VPN instance name. $17: Source DS-Lite tunnel. $18: Destination DS-Lite tunnel. $19: Time when the session is created. $20: Time when the session is removed. $21: Event time. $22: Event description: ¡ Session created. ¡ Active data flow timeout ¡ Normal over. ¡ Aged for timeout. ¡ Aged for reset or config-change. ¡ Other. |
Severity level |
6 |
Example |
NAT/6/NAT_FLOW: Protocol(1001)=UDP;Application(1002)=other;SrcIPAddr(1003)=1.1.1.2;SrcPort(1004)=1024;NatSrcIPAddr(1005)=30.3.1.231;NatSrcPort(1006)=1026;DstIPAddr(1007)=2.1.1.2;DstPort(1008)=1024;NatDstIPAddr(1009)=2.1.1.2;NatDstPort(1010)=1024;InitPktCount(1044)=1;InitByteCount(1046)=110;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=03232017091640;EndTime_e(1014)=;Event(1048)=(8)Session created; |
Explanation |
This message is sent in one of the following conditions: · A NAT session is created or removed. · Regularly during a NAT session. · The traffic threshold or aging time of a NAT session is reached. |
Recommended action |
No action is required. |
NAT_INSTANCE_SERVER_INVALID
Message text |
The NAT server with Easy IP is invalid because its global settings conflict with that of another NAT server in the same instance. |
Variable fields |
N/A |
Severity level |
4 |
Example |
NAT/4/NAT_INSTANCE_SERVER_INVALID: The NAT server with Easy IP is invalid because its global settings conflict with that of another NAT server in the same instance. |
Explanation |
This message is sent when the same public network information has been configured for both the NAT server mapping with Easy IP and another NAT server mapping in the same NAT instance. |
Recommended action |
Modify the conflicting NAT server mapping. The mapping of the protocol type, public address, and public port number must be unique for an internal server in a NAT instance. |
NAT_RESOURCE_MEMORY_WARNING
Message text |
Insufficient memory to alloc nat resource pool. |
Variable fields |
N/A |
Severity level |
4 |
Example |
NAT/4/NAT_RESOURCE_MEMORY_WARNING:Insufficient memory to alloc nat resource pool. |
Explanation |
The device did not have enough memory when the EIM mode was switched to the CDM mode. |
Recommended action |
No action is required. |
NAT_SERVER_INVALID
Message text |
The NAT server with Easy IP is invalid because its global settings conflict with that of another NAT server on this interface. |
Variable fields |
N/A |
Severity level |
4 |
Example |
NAT/4/NAT_SERVER_INVALID: The NAT server with Easy IP is invalid because its global settings conflict with that of another NAT server on this interface. |
Explanation |
The NAT Server with Easy IP did not take effect because its global settings conflict with that the global settings of another NAT Server on the same interface. |
Recommended action |
Modify the NAT Server configuration on the interface. The combination of protocol type, global IP addresses and global ports must be unique for each NAT Server on the same interface. |
NAT_SERVICE_CARD_RECOVER_FAILURE
Message text |
Pattern 1: Failed to recover the configuration of binding the service card on slot [UINT16] to interface [STRING], because [STRING]. Pattern 2: Failed to recover the configuration of binding the service card on chassis [UINT16] slot [UINT16] to interface [STRING], because [STRING]. |
Variable fields |
Pattern 1: $1: Slot number. $2: Interface name. $3: Reasons why restoring the binding between the service card and the interface fails. Pattern 2: $1: Chassis number. $2: Slot number. $3: Interface name. $4: Reasons why restoring the binding between the service card and the interface fails. |
Severity level |
4 |
Example |
NAT/4/NAT_SERVICE_CARD_RECOVER_FAILURE: Failed to recover the configuration of binding the service card on slot 3 to interface GigabitEthernet0/0/2, because NAT service is not supported on this service card. |
Explanation |
Restoring the binding between the service card and the interface failed. |
Recommended action |
· If the operation fails because the NAT addresses have already been bound to another service card: ¡ Use the display nat all command to check the current configuration. ¡ Specify the same service card for interfaces referencing the same NAT addresses. · Check the service card for hardware problems if the failure is caused by one of the following reasons: ¡ NAT service is not supported on this service card. ¡ The hardware resources are not enough. ¡ Unknown error. |
NAT444_SYSLOG
Message text |
All port block resources ran out in address group [UINT 16]. |
Variable fields |
$1: Address group name. |
Severity level |
6 |
Example |
NAT/6/NAT444_SYSLOG: All port block resources ran out in address group 1. |
Explanation |
This message is sent when NAT444 port block assignment fails due to insufficient port block resources in the address group. |
Recommended action |
No action is required. |
PORT_USAGE_ALARM
Message text |
Port usage reaches [STRING]%; SrcIPAddr=[IPADDR]; VPNInstance=[STRING]; NATIPAddr=[IPADDR]; ConnectCount=[UINT16]. |
Variable fields |
$1: Percentage. $2: Source IP address. $3: Source VPN instance name. $4: Source IP address after translation. $5: Numbers of ports that are assigned. |
Severity level |
4 |
Example |
NAT/4/PORT_USAGE_ALARM: Port usage reaches 40%; SrcIPAddr=1.1.1.211; VPNInstance=-; NATIPAddr=16.1.1.198; ConnectCount=40. |
Explanation |
This message is sent in the following conditions: · The port usage in a port block equals or exceeds the threshold set by the nat log port-block port-usage threshold command. · The Connection-Dependent Mapping mode is applied. |
Recommended action |
No action is required. |
PORTBLOCK_ALARM
Message text |
Address group [UINT16]; total port blocks [UINT16]; active port blocks [UINT16]; usage over [UINT16]%. |
Variable fields |
$1: Address group name. $2: Total number of port blocks. $3: Numbers of port blocks that are allocated. $4: Port block usage. |
Severity level |
4 |
Example |
NAT/4/PORTBLOCK_ALARM: Address group 3; total port blocks 16575; active port blocks 6630; usage over 40%. |
Explanation |
This message is sent when the port block usage equals or exceeds the threshold set by the nat log port-block usage threshold command. |
Recommended action |
No action is required. |
PORTBLOCKGRP_MEMORY_WARNING
Message text |
Insufficient memory caused by excessive public addresses in port block group [UINT16]. Please reconfigure the public address space. |
Variable fields |
$1: NAT port block group ID. |
Severity level |
4 |
Example |
NAT/4/PORTBLOCKGRP_MEMORY_WARNING: Insufficient memory caused by excessive public addresses in port block group 1. Please reconfigure the public address space. |
Explanation |
This message is sent when a public address range in a NAT port block group is too large and causes insufficient memory. |
Recommended action |
Reconfigure the public address range. |
ND messages
This section contains ND messages.
ND_CONFLICT
Message text |
[STRING] is inconsistent. |
Variable fields |
$1: Configuration type: ¡ M_FLAG. ¡ O_FLAG. ¡ CUR_HOP_LIMIT. ¡ REACHABLE TIME. ¡ NS INTERVAL. ¡ MTU. ¡ PREFIX VALID TIME. ¡ PREFIX PREFERRED TIME. |
Severity level |
6 |
Example |
ND/6/ND_CONFLICT: PREFIX VALID TIME is inconsistent |
Explanation |
The configuration information in the received router advertisement was not consistent with the configuration on the device. A message is sent if an inconsistency is detected. |
Recommended action |
Verify that the configurations on the device and the neighboring router are consistent. |
ND_DUPADDR
Message text |
Duplicate address: [STRING] on the interface [STRING]. |
Variable fields |
$1: IPv6 address that is to be assigned to the interface. $2: Name of the interface. |
Severity level |
6 |
Example |
ND/6/ND_DUPADDR: Duplicate address: 33::8 on interface Vlan-interface9. |
Explanation |
The IPv6 address that was to be assigned to the interface is being used by another device. |
Recommended action |
Assign another IPv6 address to the interface. |
ND_HOST_IP_CONFLICT
Message text |
The host [STRING] connected to interface [STRING] cannot communicate correctly, because it uses the same IPv6 address as the host connected to interface [STRING]. |
Variable fields |
$1: IPv6 global unicast address of the host. $2: Name of the interface. $3: Name of the interface. |
Severity level |
4 |
Example |
ND/4/ND_HOST_IP_CONFLICT: The host 2::2 connected to interface GigabitEthernet1/0/1 cannot communicate correctly, because it uses the same IPv6 address as the host connected to interface GigabitEthernet1/0/1. |
Explanation |
The IPv6 global unicast address of the host is being used by another host that connects to the same interface. |
Recommended action |
Disconnect the host and assign another IPv6 global unicast address to the host. |
ND_MAC_CHECK
Message text |
Packet received on interface [STRING] was dropped because source MAC [STRING] was inconsistent with link-layer address [STRING]. |
Variable fields |
$1: Receiving interface of the ND packet. $2: Source MAC address in the Ethernet frame header of the ND packet. $3: Source link-layer address in the ND packet. |
Severity level |
6 |
Example |
ND/6/ND_MAC_CHECK: Packet received on interface Ethernet2/0/2 was dropped because source MAC 0002-0002-0001 was inconsistent with link-layer address 0002-0002-0002. |
Explanation |
The device dropped an ND packet because source MAC consistency check detected that source MAC address and the source link-layer address are not the same in the packet. |
Recommended action |
Verify the validity of the ND packet originator. |
ND_MAXNUM_DEV
Message text |
The number of dynamic neighbor entries for the device has reached the maximum. |
Variable fields |
N/A |
Severity level |
6 |
Example |
The number of dynamic neighbor entries for the device has reached the maximum. |
Explanation |
The number of dynamic neighbor entries on the device reached the upper limit. |
Recommended action |
No action is required. |
ND_MAXNUM_IF
Message text |
The number of dynamic neighbor entries on interface [STRING] has reached the maximum. |
Variable fields |
$1: Name of the interface. |
Severity level |
6 |
Example |
The number of dynamic neighbor entries on interface GigabitEthernet3/0/1 has reached the maximum. |
Explanation |
The number of dynamic neighbor entries on an interface reached the upper limit. |
Recommended action |
No action is required. |
ND_RAGUARD_DROP
Message text |
Dropped RA messages with the source IPv6 address [STRING] on interface [STRING]. [STRING] messages dropped in total on the interface. |
Variable fields |
$1: Source IPv6 address of the dropped RA messages. $2: Name of the interface that dropped the RA messages. $3: Total number of dropped RA messages on the interface. |
Severity level |
4 |
Example |
ND/6/ND_RAGUARD_DROP: Dropped RA messages with the source IPv6 address FE80::20 on interface GigabitEthernet1/0/1. 20 RA messages dropped in total on the interface. |
Explanation |
RA guard dropped RA messages and displayed the information when RA guard detected an attack. |
Recommended action |
Verify the validity of the RA message originator. |
ND_SET_PORT_TRUST_NORESOURCE
Message text |
Not enough resources to complete the operation. |
Variable fields |
N/A |
Severity level |
6 |
Example |
ND/6/ND_SET_PORT_TRUST_NORESOURCE: Not enough resources to complete the operation. |
Explanation |
Failed to execute the command because driver resources were not enough. |
Recommended action |
Release the driver resources and execute the command again. |
ND_SET_VLAN_REDIRECT_NORESOURCE
Message text |
Not enough resources to complete the operation. |
Variable fields |
N/A |
Severity level |
6 |
Example |
ND/6/ND_SET_VLAN_REDIRECT_NORESOURCE: Not enough resources to complete the operation. |
Explanation |
Failed to execute the command because driver resources were not enough. |
Recommended action |
Release the driver resources and execute the command again. |
NETCONF messages
This section contains NETCONF messages.
CLI
Message text |
User ([STRING], [STRING][STRING]) performed an CLI operation: [STRING] operation result=[STRING][STRING] |
Variable fields |
$1: Username or user line type. · If scheme login authentication was performed for the user, this field displays the username. · If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and the relative number of a user line. · For a Telnet or SSH user, this field displays the IP address of the user. · For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as console0. $3: ID of a NETCONF session. This field is not displayed for Web and RESTful sessions. $4: Message ID of the NETCONF request. This field is not displayed for Web and RESTful sessions. $5: Operation result, Succeeded or Failed. $6: Cause for an operation failure. This field is displayed only when the failure is caused by known reasons. |
Severity level |
6 |
Example |
XMLSOAP/6/CLI: -MDC=1; User (test, 169.254.5.222, session ID=1) performed an CLI operation: message ID=101, operation result=Succeeded. |
Explanation |
After a NETCONF operation is performed at the CLI, this message is generated to show the operation result. |
Recommended action |
No action is required. |
EDIT-CONFIG
Message text |
User ([STRING], [STRING][STRING])[STRING] operation=[STRING] [STRING] [STRING], result=[STRING]. No attributes. Or: User ([STRING], [STRING],[STRING]),[STRING] operation=[STRING] [STRING] [STRING], result=[STRING]. Attributes: [STRING]. |
Variable fields |
$1: Username or user line type. · If scheme login authentication was performed for the user, this field displays the username. · If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address, or user line type and relative line number. · For a Telnet or SSH user, this field displays the IP address of the user. · For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as console0. $3: ID of the NETCONF session. This field is not displayed if no NETCONF session ID exists. $4: Message ID of the NETCONF request. This field is not displayed if a NETCONF request does not contain a message ID. $5: Name of the NETCONF row operation. $6: Module name and table name. $7: Index information. If there are multiple indexes, this field uses a comma as the delimiter. This field is displayed only when there are indexes. $8: Operation result, Succeeded or Failed. $9: Attribute column information. This field is displayed only when the operation configures an attribute column. |
Severity level |
6 |
Example |
XMLSOAP/6/EDIT-CONFIG: -MDC=1; User (test, 192.168.200.220, session ID 1), message ID=101, operation=merge DHCP/DHCPServerPoolStatic (PoolIndex=1, Ipv4Address=1.1.1.1), result=Failed. Attributes: CID="aaaaa", HType=1. |
Explanation |
The device outputs this log message for each row operation after performing an <action> or <edit-config> operation. |
Recommended action |
No action is required. |
NETCONF_MSG_DEL
Message text |
A NETCONF message was dropped. Reason: Packet size exceeded the upper limit. |
Variable fields |
N/A |
Severity level |
7 |
Example |
NETCONF/7/NETCONF_MSG_DEL: A NETCONF message was dropped. Reason: Packet size exceeded the upper limit. |
Explanation |
The system dropped a NETCONF request message that was received from a NETCONF over SSH client or at the XML view. The reason is that the message size exceeded the upper limit. |
Recommended action |
1. Reduce the size of the request message. For example, delete blank spaces, carriage returns, and tab characters. 2. Contact H3C Support to segment the request message and then re-encapsulate the segments before sending them to the device. |
REPLY
Message text |
Sent a NETCONF reply to the client: Session ID=[UINT16], Content=[STRING]. Or: Sent a NETCONF reply to the client: Session ID=[UINT16], Content (partial)=[STRING]. |
Variable fields |
$1: ID of the NETCONF session. This field displays a hyphen (-) before the NETCONF session is established. $2: NETCONF packet that the device sent to the NETCONF client. |
Severity level |
7 |
Example |
XMLSOAP/7/REPLY: -MDC=1; Sent a NETCONF reply to the client: Session ID=1, Content=</env:Body></env:Envelope>. |
Explanation |
When sending a NETCONF packet to a client, the device outputs this log message for NETCONF debugging purposes. If a NETCONF packet cannot be sent in one log message, the device uses multiple log messages and adds the partial flag in each log message. |
Recommended action |
No action is required. |
THREAD
Message text |
Maximum number of NETCONF threads already reached. |
Variable fields |
N/A |
Severity level |
3 |
Example |
XMLCFG/3/THREAD: -MDC=1; Maximum number of NETCONF threads already reached. |
Explanation |
The number of NETCONF threads already reached the upper limit. |
Recommended action |
Please try again later. |
NQA messages
This section contains NQA messages.
NQA_BATCH_START_FAILURE
Message text |
Failed to batch start the [STRING] operation. Reason: [STRING] |
Variable fields |
$1: Type of the NQA operation. The value is Y.1564. $3: Failure reason: · Invalid configuration. · Not enough resources. |
Severity level |
6 |
Example |
NQA/6/NQA_BATCH_START_FAILURE: Failed to batch start the Y.1564 operation. Invalid configuration. |
Explanation |
This message is sent when NQA failed to start the service performance test of the Y.1564 operation in batch due to invalid configuration or insufficient resources. |
Recommended action |
1. Examine the parameters for the incorrect settings, modify the settings, and restart the Y.1564 operation. 2. If the problem persists, contact H3C Support. |
NQA_LOG_UNREACHABLE
Message text |
Server [STRING] unreachable. |
Variable fields |
$1: IP address of the NQA server. |
Severity level |
6 |
Example |
NQA/6/NQA_LOG_UNREACHABLE: Server 192.168.30.117 unreachable. |
Explanation |
An unreachable server was detected. |
Recommended action |
Check the network environment. |
NQA_PACKET_OVERSIZE
Message text |
NQA entry ([STRING]-[STRING]): The payload size exceeds 65503 bytes, and all IPv6 UDP probe packets will be dropped by the NQA server. |
Variable fields |
$1: Admin name of the NQA operation. $2: Operation tag of the NQA operation. |
Severity level |
6 |
Example |
NQA/6/NQA_PACKET_OVERSIZE: NQA entry (1-1): The payload size exceeds 65503 bytes, and all IPv6 UDP probe packets will be dropped by the NQA server. |
Explanation |
A packet oversize warning message was sent when the NQA client attempted to send to an IPv6 NQA server UDP probe packets with the data size exceeding 65503 bytes. The message indicated that the oversized probe packets will be dropped by the NQA server. |
Recommended action |
Modify the probe packet data size for the NQA operation. |
NQA_REFLECTOR_START_FAILURE
Message text |
NQA reflector [UINT32]: Failed to start the NQA reflector. Please check the parameters. |
Variable fields |
$1: ID of a reflector. |
Severity level |
6 |
Example |
NQAS/6/NQA_REFLECTOR_START_FAILURE: NQA reflector 1: Failed to start the NQA reflector, Please check the parameters. |
Explanation |
This message is sent when the NQA server failed to start the NQA reflector. This message asks you to examine the parameter settings. |
Recommended action |
1. Execete the display this command to examine the parameter settings of the nqa reflector command. 2. Re-execute the nqa reflector command with the required parameters according to your network requirements. |
NQA_REFRESH_FAILURE
Message text |
Failed to refresh the [STRING] operation. Reason: [STRING] |
Variable fields |
$1: Type of the NQA operation. The value is RFC2544. $3: Failure reason: · Invalid configuration. · Not enough resources. |
Severity level |
6 |
Example |
NQA/6/NQA_REFRESH_FAILURE: Failed to refresh the RFC2544 operation. Invalid configuration. |
Explanation |
This message is sent when NQA consecutively fails to start path quality analysis operations (RFC2544 operations) due to invalid configuration or insufficient resources. The device clears results of the started path quality analysis operations and stops all path quality analysis operations. |
Recommended action |
1. Examine the parameters for the incorrect settings, modify the settings, and restart the Y.1564 operation. 2. If the problem persists, contact H3C Support. |
NQA_REFRESH_START
Message text |
Start to refresh the [STRING] operation and reset the result. |
Variable fields |
$1: Type of the NQA operation. The value is RFC2544. |
Severity level |
6 |
Example |
NQA/6/NQA_REFRESH_START: Start to refresh the RFC2544 operation and reset the result. |
Explanation |
This message is sent when a new path quality analysis operation (RFC2544 operation) is started through the start command during an ongoing path quality analysis operation. The system clears the results of the ongoing path quality analysis operation and starts all path quality analysis operations. |
Recommended action |
No action is required. |
NQA_SCHEDULE_FAILURE
Message text |
NQA entry ([ STRING ]- [ STRING ]): Failed to start the scheduled NQA operation because port [ STRING] used by the operation is not available. |
Variable fields |
$1: Admin name of the NQA operation. $2: Operation tag of the NQA operation. $3: Port number. |
Severity level |
4 |
Example |
NQA/6/NQA_SCHEDULE_FAILURE: NQA entry (admin-tag): Failed to start the scheduled NQA operation because port 10000 used by the operation is not available. |
Explanation |
Failed to start a scheduled NQA operation because the port number used by the operation is not available. |
Recommended action |
Change the port number of the NQA operation or disable the service that uses the port number. |
NQA_SEVER_FAILURE
Message text |
Failed to enable the NQA server because listening port [ STRING ] is not available. |
Variable fields |
$1: Port number. |
Severity level |
4 |
Example |
NQA/6/NQA_SEVER_FAILURE: Failed to enable the NQA server because listening port 10000 is not available. |
Explanation |
Failed to enable the NQA server because the port number specified for a listening service is not available. |
Recommended action |
Change the port number of the listening service or disable the service that uses the port number. |
NQA_START_FAILURE
Message text |
NQA entry ([STRING]-[STRING]): [STRING] |
Variable fields |
$1: Admin name of the NQA operation. $2: Operation tag of the NQA operation. $3: Failure reason: · Operation failed due to configuration conflicts. · Operation failed because the driver was not ready to perform the operation. · Operation not supported. · Not enough resources to complete the operation. · Operation failed due to an unknown error. |
Severity level |
6 |
Example |
NQA/6/NQA_START_FAILURE: NQA entry 1-1: Operation failed due to configuration conflicts. |
Explanation |
The message is sent when the system fails to issue an NQA operation to the drive because of the configuration conflicts. |
Recommended action |
1. Examine the parameters for the incorrect settings, modify the settings, and restart the Y.1564 operation. 2. If the problem persists, contact H3C Support. |
NQA_TWAMP_LIGHT_PACKET_INVALID
Message text |
NQA TWAMP Light test session [UINT32] index [UINT32]: The number of packets captured for statistics collection is invalid. |
Variable fields |
$1: Test session ID. $2: Serial number of the statistics data. |
Severity level |
6 |
Example |
NQA/6/ NQA_TWAMP_LIGHT_PACKET_INVALID: NQA TWAMP Light test session 1 index 7: The number of packets captured for statistics collection is invalid. |
Explanation |
The number of probe packets was invalid in the TWAMP Light test because the test collection interval was shorter than the packet sending interval. |
Recommended action |
Verify that the test collection interval is no less than the packet sending interval. |
NQA_TWAMP_LIGHT_REACTION
Message text |
NQA TWAMP Light test session [UINT32] reaction entry [UINT32]: Detected continual violation of the [STRING] [STRING] threshold for a threshold violation monitor time of [UINT32] ms. |
Variable fields |
$1: Test session ID. $2: Reaction entry ID. $3: Reaction entry type: · Two-way delay. · Two-way loss. · Two-way jitter. $4: Threshold violation value: · upper—Be equal to or greater than the upper threshold limit. · lower—Be equal to or less than the lower threshold limit. $5: Statistics collection interval. |
Severity level |
6 |
Example |
NQA/6/NQA_TWAMP_LIGHT_REACTION: NQA TWAMP Light test session 1 reaction entry 1: Detected continual violation of the two-way loss upper threshold for a threshold violation monitor time of 2000 ms. |
Explanation |
In a TWAMP test, the device monitors the test result, and starts the monitoring time when either of the following conditions is met: · The monitoring result goes beyond the upper threshold limit. · The monitoring result drops below the lower threshold limit from a monitoring result higher than the lower limit. If either condition is always true during the monitoring time, a threshold violation occurs. |
Recommended action |
No action is required. |
NQA_TWAMP_LIGHT_START_FAILURE
Message text |
NQA TWAMP Light test session [UINT32]: Failed to start the test session. Please check the parameters. |
Variable fields |
$1: Test session ID. |
Severity level |
6 |
Example |
NQAS/6/NQA_TWAMP_LIGHT_START_FAILURE: NQA TWAMP Light test session 1: Failed to start the test session, Please check the parameters. |
Explanation |
This message is sent when the TWAMP Light responder failed to start the test session. The message asks you to examine the parameter settings. |
Recommended action |
1. Execete the display this command to examine the parameter settings of the test-session command. 2. Re-execute the test-session command with the required parameters according to your network requirements. |
NTP messages
This section contains NTP messages.
NTP_CLOCK_CHANGE
Message text |
System clock changed from [STRING] to [STRING], the NTP server's IP address is [STRING]. |
Variable fields |
$1: Time before synchronization. $2: Time after synchronization. $3: IP address. |
Severity level |
5 |
Example |
NTP/5/NTP_CLOCK_CHANGE: System clock changed from 02:12:58:345 12/28/2012 to 02:29:12:879 12/28/2012, the NTP server's IP address is 192.168.30.116. |
Explanation |
The NTP client has synchronized its time to the NTP server. |
Recommended action |
No action is required. |
NTP_LEAP_CHANGE
Message text |
System Leap Indicator changed from [UINT32] to [UINT32] after clock update. |
Variable fields |
$1: Original Leap Indicator. $2: Current Leap Indicator. |
Severity level |
5 |
Example |
NTP/5/NTP_LEAP_CHANGE: System Leap Indicator changed from 00 to 01 after clock update. |
Explanation |
The system Leap Indicator changed. For example, the NTP status changed from unsynchronized to synchronized. NTP Leap Indicator is a two-bit code warning of an impending leap second to be inserted in the NTP timescale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rolloverinterval) in the day of insertion to be increased or decreased by one. |
Recommended action |
No action is required. |
NTP_SOURCE_CHANGE
Message text |
NTP server's IP address changed from [STRING] to [STRING]. |
Variable fields |
$1: IP address of the original time source. $2: IP address of the new time source. |
Severity level |
5 |
Example |
NTP/5/NTP_SOURCE_CHANGE: NTP server's IP address changed from 1.1.1.1 to 1.1.1.2. |
Explanation |
The system changed the time source. |
Recommended action |
No action is required. |
NTP_SOURCE_LOST
Message text |
Lost synchronization with NTP server with IP address [STRING]. |
Variable fields |
$1: IP address. |
Severity level |
4 |
Example |
NTP/4/NTP_SOURCE_LOST: Lost synchronization with NTP server with IP address 1.1.1.1. |
Explanation |
The clock source of the NTP association is in unsynchronized state or it is unreachable. |
Recommended action |
1. Verify the NTP server and network connection. 2. For NTP server failures: ¡ Use the ntp-service unicast-server command to specify a new NTP server. ¡ Use the ntp-service multicast-client command to configure the device to operate in NTP multicast client mode and receive NTP multicast packets from a new NTP server. 3. If the problem persists, contract H3C Support. |
NTP_STRATUM_CHANGE
Message text |
System stratum changed from [UINT32] to [UINT32] after clock update. |
Variable fields |
$1: Original stratum. $2: Current stratum. |
Severity level |
5 |
Example |
NTP/5/NTP_STRATUM_CHANGE: System stratum changed from 6 to 5 after clock update. |
Explanation |
System stratum has changed. |
Recommended action |
No action is required. |
OBJP messages
This section contains object policy messages.
OBJP_ACCELERATE_NO_RES
Message text |
Failed to accelerate [STRING] object-policy [STRING]. The resources are insufficient. |
Variable fields |
$1: Object policy version. $2: Object policy name. |
Severity level |
4 |
Example |
OBJP/4/OBJP_ACCELERATE_NO_RES: Failed to accelerate IPv6 object-policy a. The resources are insufficient. |
Explanation |
Object policy acceleration failed because of insufficient hardware resources. |
Recommended action |
Delete unnecessary rules or disable acceleration for other object policies to release hardware resources. |
OBJP_ACCELERATE_NOT_SUPPORT
Message text |
Failed to accelerate [STRING] object-policy [STRING]. The operation is not supported. |
Variable fields |
$1: Object policy version. $2: Object policy name. |
Severity level |
4 |
Example |
OBJP/4/OBJP_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 object-policy a. The operation is not supported. |
Explanation |
Object policy acceleration failed because the system did not support acceleration. |
Recommended action |
No action is required. |
OBJP_ACCELERATE_UNK_ERR
Message text |
Failed to accelerate [STRING] object-policy [STRING]. |
Variable fields |
$1: Object policy version. $2: Object policy name. |
Severity level |
4 |
Example |
OBJP/4/OBJP_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 object-policy a. |
Explanation |
Object policy acceleration failed because of a system failure. |
Recommended action |
No action is required. |
OFP messages
This section contains OpenFlow messages.
OFC_DATAPATH_CHANNEL_CONNECT
Message text |
OpenFlow Controller datapath [STRING], channel with IP address [STRING] connected |
Variable fields |
$1: Datapath ID of the OpenFlow instance. $2: IP address of the OpenFlow switch connected to the controller. |
Severity level |
5 |
Example |
OFC/5/OFC_DATAPATH_CHANNEL_CONNECT: OpenFlow Controller datapath 0x174258ae43182, channel with IP address 169.28.25.123 connected |
Explanation |
The OpenFlow instance established an OpenFlow channel with the controller. |
Recommended action |
No action is required. |
OFC_DATAPATH_CHANNEL_DISCONNECT
Message text |
OpenFlow Controller datapath [STRING], channel with IP address [STRING] disconnected |
Variable fields |
$1: Datapath ID of the OpenFlow instance. $2: IP address of the OpenFlow switch connected to the controller. |
Severity level |
5 |
Example |
OFC/6/OFC_DATAPATH_CHANNEL_DISCONNECT:OpenFlow Controller datapath 0x174258ae43182, channel with IP address 169.28.25.123 disconnected |
Explanation |
The OpenFlow channel is disconnected from the controller. |
Recommended action |
No action is required. |
OFC_FLOW_ADD
Message text |
App [CHAR] added flow entry: [STRING]. |
Variable fields |
$1: App ID. $2: Flow entry content. The match field specifies the match fields. The action field specifies the action set. |
Severity level |
5 |
Example |
OFC/5/OFC_FLOW_ADD: App 1 added flow entry: match(context 0x12a56, ipaddr 1.1.1.1, vxlan id 1), action(set svlan 2, set cvlan 3, modify destination mac 0-0-5, output 11). |
Explanation |
An app on the controller deployed information for adding flow entries to the OpenFlow switch. |
Recommended action |
No action is required. |
OFC_FLOW_DEL
Message text |
App [CHAR] deleted flow entry: [STRING]. |
Variable fields |
$1: App ID. $2: Flow entry content. The match field specifies the match fields. The action field specifies the action set. |
Severity level |
5 |
Example |
OFC/5/OFC_FLOW_DEL: App 1 deleted flow entry: match(context 0x12a56, ipaddr 1.1.1.1, vxlan id 1), action(set svlan 2, set cvlan 3, modify destination mac 0-0-5, output 11). |
Explanation |
An app on the controller deployed information for deleting flow entries to the OpenFlow switch. |
Recommended action |
No action is required. |
OFC_FLOW_MOD
Message text |
App [CHAR] modified flow entry: [STRING]. |
Variable fields |
$1: App ID. $2: Flow entry content. The match field specifies the match fields. The action field specifies the action set. |
Severity level |
5 |
Example |
OFC/5/OFC_FLOW_MOD: App 1 modified flow entry: match(context 0x12a56, ipaddr 1.1.1.1, vxlan id 1), action(set svlan 2, set cvlan 3, modify destination mac 0-0-5, output 11). |
Explanation |
An app on the controller deployed information for modifying flow entries to the OpenFlow switch. |
Recommended action |
No action is required. |
OFP_ACTIVE
Message text |
Activate openflow instance [UINT16]. |
Variable fields |
$1: Instance ID. |
Severity level |
5 |
Example |
OFP/5/OFP_ACTIVE: Activate openflow instance 1. |
Explanation |
A command was received from comsh to activate an OpenFlow instance. |
Recommended action |
No action is required. |
OFP_ACTIVE_FAILED
Message text |
Failed to activate instance [UINT16]. |
Variable fields |
$1: Instance ID. |
Severity level |
4 |
Example |
OFP/4/OFP_ACTIVE_FAILED: Failed to activate instance 1. |
Explanation |
An OpenFlow instance failed to be activated. |
Recommended action |
No action is required. |
OFP_CONNECT
Message text |
Openflow instance [UINT16], controller [CHAR] is [STRING]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Connection status: connected or disconnected. |
Severity level |
5 |
Example |
OFP/5/OFP_CONNECT: Openflow instance 1, controller 0 is connected. |
Explanation |
The status of the connection between an OpenFlow instance and a controller changed. |
Recommended action |
No action is required. |
OFP_FAIL_OPEN
Message text |
Openflow instance [UINT16] is in fail [STRING] mode. |
Variable fields |
$1: Instance ID. $2: Connection interruption mode: secure or standalone. |
Severity level |
5 |
Example |
OFP/5/OFP_FAIL_OPEN: Openflow instance 1 is in fail secure mode. |
Explanation |
An activated instance failed to connect to a controller or was disconnected from all controllers. The connection interruption mode was displayed. |
Recommended action |
No action is required. |
OFP_FLOW_ADD
Message text |
Openflow instance [UINT16] controller [CHAR]: add flow entry [UINT32], xid 0x[HEX], cookie 0x[HEX], table id [CHAR]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: XID. $5: Cookie of the flow entry. $6: Table ID. |
Severity level |
5 |
Example |
OFP/5/OFP_FLOW_ADD: Openflow instance 1 controller 0: add flow entry 1, xid 0x1, cookie 0x0, table id 0. |
Explanation |
A flow entry was to be added to a flow table according to a flow table modification message that has passed the packet check. |
Recommended action |
No action is required. |
OFP_FLOW_ADD_DUP
Message text |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: XID. $5: Cookie. $6: Table ID. |
Severity level |
5 |
Example |
|
Explanation |
A duplicate flow entry was added. |
Recommended action |
No action is required. |
OFP_FLOW_ADD_FAILED
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to add flow entry [UINT32], table id [CHAR]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: Table ID. |
Severity level |
4 |
Example |
OFP/4/OFP_FLOW_ADD_FAILED: Openflow instance 1 controller 0: failed to add flow entry1, table id 0. |
Explanation |
A flow entry failed to be added. |
Recommended action |
No action is required. |
OFP_FLOW_ADD_TABLE_MISS
Message text |
Openflow instance [UINT16] controller [CHAR]: add table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID. |
Severity level |
5 |
Example |
OFP/5/OFP_FLOW_ADD_TABLE_MISS: Openflow instance 1 controller 0: add table miss flow entry, xid 0x1, cookie 0x0, table id 0. |
Explanation |
A table-miss flow entry was to be added to a flow table according to a flow table modification message that has passed the packet check. |
Recommended action |
No action is required. |
OFP_FLOW_ADD_TABLE_MISS_FAILED
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to add table miss flow entry, table id [CHAR]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Table ID. |
Severity level |
4 |
Example |
OFP/4/OFP_FLOW_ADD_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to add table miss flow entry, table id 0. |
Explanation |
A table-miss flow entry failed to be added. |
Recommended action |
No action is required. |
OFP_FLOW_DEL
Message text |
Openflow instance [UINT16] controller [CHAR]: delete flow entry, xid 0x[HEX], cookie 0x[HEX], table id [STRING]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID. |
Severity level |
5 |
Example |
OFP/5/OFP_FLOW_DEL: Openflow instance 1 controller 0: delete flow entry, xid 0x1, cookie 0x0, table id 0. |
Explanation |
A list of flow entries were to be deleted according to a flow table modification message that has passed the packet check. |
Recommended action |
No action is required. |
OFP_FLOW_DEL_TABLE_MISS
Message text |
Openflow instance [UINT16] controller [CHAR]: delete table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [STRING]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID. |
Severity level |
5 |
Example |
OFP/5/OFP_FLOW_DEL_TABLE_MISS: Openflow instance 1 controller 0: delete table miss flow entry, xid 0x1, cookie 0x0, table id 0. |
Explanation |
A list of table-miss flow entries were to be deleted according to a flow table modification message that has passed the packet check. |
Recommended action |
No action is required. |
OFP_FLOW_DEL_TABLE_MISS_FAILED
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to delete table miss flow entry, table id [STRING]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Table ID. |
Severity level |
4 |
Example |
OFP/4/OFP_FLOW_DEL_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to delete table miss flow entry, table id 0. |
Explanation |
A table-miss flow entry failed to be deleted. |
Recommended action |
No action is required. |
OFP_FLOW_MOD
Message text |
Openflow instance [UINT16] controller [CHAR]: modify flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID. |
Severity level |
5 |
Example |
OFP/5/OFP_FLOW_MOD: Openflow instance 1 controller 0: modify flow entry, xid 0x1, cookie 0x0, table id 0. |
Explanation |
A list of flow entries were to be modified according to a flow table modification message that has passed the packet check. |
Recommended action |
No action is required. |
OFP_FLOW_MOD_FAILED
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to modify flow entry, table id [CHAR]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Table ID. |
Severity level |
4 |
Example |
OFP/4/OFP_FLOW_MOD_FAILED: Openflow instance 1 controller 0: failed to modify flow entry, table id 0. |
Explanation |
A flow entry failed to be modified. |
Recommended action |
Retry to modify the flow entry. If the flow entry still cannot be modified, delete it. |
OFP_FLOW_MOD_TABLE_MISS
Message text |
Openflow instance [UINT16] controller [CHAR]: modify table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID. |
Severity level |
5 |
Example |
OFP/5/OFP_FLOW_MOD_TABLE_MISS: Openflow instance 1 controller 0: modify table miss flow entry, xid 0x1, cookie 0x0, table id 0. |
Explanation |
A list of table-miss flow entries were to be modified according to a flow table modification message that has passed the packet check. |
Recommended action |
No action is required. |
OFP_FLOW_MOD_TABLE_MISS_FAILED
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to modify table miss flow entry, table id [CHAR]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Table ID. |
Severity level |
4 |
Example |
OFP/4/OFP_FLOW_MOD_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to modify table miss flow entry, table id 0. |
Explanation |
A table-miss flow entry failed to be modified. |
Recommended action |
Retry to modify the table-miss flow entry. If the entry still cannot be modified, delete it. |
OFP_FLOW_RMV_GROUP
Message text |
The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted with a group_mod message. |
Variable fields |
$1: Rule ID. $2: Table ID. $3: Instance ID. |
Severity level |
5 |
Example |
|
Explanation |
A flow entry was deleted due to a group modification message. |
Recommended action |
No action is required. |
OFP_FLOW_RMV_HARDTIME
Message text |
|
Variable fields |
$1: Rule ID. $2: Table ID. $3: Instance ID. |
Severity level |
5 |
Example |
|
Explanation |
A flow entry was deleted because of a hard time expiration. |
Recommended action |
No action is required. |
OFP_FLOW_RMV_IDLETIME
Message text |
|
Variable fields |
$1: Rule ID. $2: Table ID. $3: Instance ID. |
Severity level |
5 |
Example |
|
Explanation |
A flow entry was deleted because of an idle time expiration. |
Recommended action |
No action is required. |
OFP_FLOW_RMV_METER
Message text |
The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted with a meter_mod message. |
Variable fields |
$1: Rule ID. $2: Table ID. $3: Instance ID. |
Severity level |
5 |
Example |
|
Explanation |
A flow entry was deleted due to a meter modification message. |
Recommended action |
No action is required. |
OFP_FLOW_UPDATE_FAILED
Message text |
OpenFlow instance [UINT16] table [CHAR]: failed to update or synchronize flow entry [UINT32]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Table ID. |
Severity level |
4 |
Example |
OFP/4/OFP_FLOW_UPDATE_FAILED: OpenFlow instance 1 table 0: failed to update or synchronize flow entry 10000. |
Explanation |
When an active/standby switchover occurred, the new active MPU failed to update flow entries. When a new interface card was installed on the device, the interface card failed to synchronize flow entries from the MPUs. When a master/subordinate switchover occurred in an IRF fabric, the new master device failed to update flow entries. When new member devices were added to an IRF fabric, the new member devices failed to synchronize flow entries from the master device. |
Recommended action |
Delete the flow entries that fail to be deployed. |
OFP_GROUP_ADD
Message text |
Openflow instance [UINT16] controller [CHAR]: add group [STRING], xid 0x[HEX]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID. |
Severity level |
5 |
Example |
OFP/5/OFP_GROUP_ADD: Openflow instance 1 controller 0: add group 1, xid 0x1. |
Explanation |
A group entry was to be added to a group table according to a group table modification message that has passed the packet check. |
Recommended action |
No action is required. |
OFP_GROUP_ADD_FAILED
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to add group [STRING]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Group ID. |
Severity level |
4 |
Example |
OFP/4/OFP_GROUP_ADD_FAILED: Openflow Instance 1 controller 0: failed to add group 1. |
Explanation |
A group entry failed to be added. |
Recommended action |
No action is required. |
OFP_GROUP_DEL
Message text |
Openflow instance [UINT16] controller [CHAR]: delete group [STRING], xid [HEX]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID. |
Severity level |
5 |
Example |
OFP/5/OFP_GROUP_DEL: Openflow instance 1 controller 0: delete group 1, xid 0x1. |
Explanation |
A group entry was to be deleted according to a group table modification message that has passed the packet check. |
Recommended action |
No action is required. |
OFP_GROUP_MOD
Message text |
Openflow instance [UINT16] controller [CHAR]: modify group [STRING], xid 0x[HEX]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID. |
Severity level |
5 |
Example |
OFP/5/OFP_GROUP_MOD: Openflow instance 1 controller 0: modify group 1, xid 0x1. |
Explanation |
A group entry was to be modified according to a group table modification message that has passed the packet check. |
Recommended action |
No action is required. |
OFP_GROUP_MOD_FAILED
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to modify group [STRING]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Group ID. |
Severity level |
4 |
Example |
OFP/4/OFP_GROUP_MOD_FAILED: Openflow instance 1 controller 0: failed to modify group 1. |
Explanation |
A group entry failed to be modified. |
Recommended action |
Retry to modify the group entry. If the group entry still cannot be modified, delete it. |
OFP_METER_ADD
Message text |
Openflow instance [UINT16] controller [CHAR]: add meter [STRING], xid 0x[HEX]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID. |
Severity level |
5 |
Example |
OFP/5/OFP_METER_ADD: Openflow instance 1 controller 0: add meter 1, xid 0x1. |
Explanation |
A meter entry was to be added to a meter table. |
Recommended action |
No action is required. |
OFP_METER_ADD_FAILED
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to add meter [STRING]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Meter ID. |
Severity level |
4 |
Example |
OFP/4/OFP_METER_ADD_FAILED: Openflow Instance 1 controller 0: failed to add meter 1. |
Explanation |
A meter entry failed to be added. |
Recommended action |
No action is required. |
OFP_METER_DEL
Message text |
Openflow instance [UINT16] controller [CHAR]: delete meter [STRING], xid 0x[HEX]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID. |
Severity level |
5 |
Example |
OFP/5/OFP_METER_DEL: Openflow instance 1 controller 0: delete meter 1, xid 0x1. |
Explanation |
A meter entry was to be deleted according to a meter table modification message that has passed the packet check. |
Recommended action |
No action is required. |
OFP_METER_MOD
Message text |
Openflow instance [UINT16] controller [CHAR]: modify meter [STRING], xid 0x[HEX]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID. |
Severity level |
5 |
Example |
OFP/5/OFP_METER_MOD: Openflow Instance 1 controller 0: modify meter 1, xid 0x1. |
Explanation |
A meter entry was to be modified according to a meter table modification message that has passed the packet check. |
Recommended action |
No action is required. |
OFP_METER_MOD_FAILED
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to modify meter [STRING]. |
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Meter ID. |
Severity level |
4 |
Example |
OFP/4/OFP_METER_MOD_FAILED: Openflow instance 1 controller 0: failed to modify meter 1. |
Explanation |
A meter entry failed to be modified. |
Recommended action |
Retry to modify the meter entry. If the meter entry still cannot be modified, delete it. |
OFP_MISS_RMV_GROUP
Message text |
The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted with a group_mod message. |
Variable fields |
$1: Table ID. $2: Instance ID. |
Severity level |
5 |
Example |
|
Explanation |
The table-miss flow entry was deleted due to a group modification message. |
Recommended action |
No action is required. |
OFP_MISS_RMV_HARDTIME
Message text |
|
Variable fields |
$1: Table ID. $2: Instance ID. |
Severity level |
5 |
Example |
|
Explanation |
The table-miss flow entry was deleted because of a hard time expiration. |
Recommended action |
No action is required. |
OFP_MISS_RMV_IDLETIME
Message text |
|
Variable fields |
$1: Table ID. $2: Instance ID. |
Severity level |
5 |
Example |
|
Explanation |
The table-miss flow entry was deleted because of an idle time expiration. |
Recommended action |
No action is required. |
OFP_MISS_RMV_METER
Message text |
The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted with a meter_mod message. |
Variable fields |
$1: Table ID. $2: Instance ID. |
Severity level |
5 |
Example |
|
Explanation |
The table-miss flow entry was deleted due to a meter modification message. |
Recommended action |
No action is required. |
OPENSRC (RSYNC) messages
This section contains OPENSRC RSYNC messages.
Synchronization success
Message text |
Rsync transfer statistics(sn=[STRING]):Src files([STRING]::[STRING]) sync transfer successfully. |
Variable fields |
$1: Sequence number of the device. $2: IPv4 address of the server. $3: Files or folders to be synchronized on the server. |
Severity level |
5 |
Example |
OPENSRC/5/SYSLOG: -MDC=1; Rsync transfer statistics(sn=2013AYU0711103):Src files(1.1.1.13::test/dir1) sync transfer successfully. |
Explanation |
The file synchronization succeeded. |
Recommended action |
No action is required. |
Synchronization failure
Message text |
Rsync error(sn=[STRING]):Src files([STRING]::[STRING]) [NUMBER] files transfer failed. |
Variable fields |
$1: Sequence number of the device. $2: IPv4 address of the server. $3: Files or folders to be synchronized on the server. $4: Number of files that failed to be synchronized. |
Severity level |
5 |
Example |
OPENSRC/5/SYSLOG: -MDC=1; Rsync transfer statistics(sn=2013AYU0711103):Src files(1.1.1.13::test/dir1) 2 files transfer failed. |
Explanation |
The device failed to synchronize files from the server and recorded the number of files that failed to be synchronized. |
Recommended action |
Take actions according to the failure reasons displayed in the synchronization error log. |
Synchronization error
Message text |
Rsync error(sn=[STRING]): [STRING]. |
Variable fields |
$1: Sequence number of the device. $2: Failure reasons. Available options include: ¡ error starting client-server protocol—The RSYNC process on the device has malfunctioned and cannot provide synchronization services. ¡ error in socket IO—An error occurred to the socket for synchronization. ¡ error in file IO—An error occurred during file system reading. ¡ some files/attrs were not transferred (see previous errors)—Some files or file attributes failed to be synchronized. ¡ error allocating core memory buffers—An error occurred in memory application. ¡ timeout waiting for daemon connection—The request for connection to the server timed out. |
Severity level |
5 |
Example |
OPENSRC/5/SYSLOG: -MDC=1; Rsync error(sn=2013AYU0711103): error starting client-server protocol . |
Explanation |
The device recorded the synchronization failure reasons. |
Recommended action |
To resolve the problem, you can perform the following tasks: · Verify that the rsync command syntax is correct. · Verify that the server is reachable. · Verify that the local disk is not full. · Verify that the user is authorized to perform the synchronization. |
OPTMOD messages
This section contains transceiver module messages.
BIAS_HIGH
Message text |
[STRING]: Bias current is high. |
Variable fields |
$1: Interface type and number. |
Severity level |
2 |
Example |
OPTMOD/2/BIAS_HIGH: GigabitEthernet1/0/1: Bias current is high. |
Explanation |
The bias current of the transceiver module exceeded the high threshold. |
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the bias current of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high bias current alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
BIAS_LOW
Message text |
[STRING]: Bias current is low. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/BIAS_LOW: GigabitEthernet1/0/1: Bias current is low. |
Explanation |
The bias current of the transceiver module went below the low threshold. |
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the bias current of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low bias current alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
BIAS_NORMAL
Message text |
[STRING]: Bias current is normal. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/BIAS_NORMAL: GigabitEthernet1/0/1: Bias current is normal. |
Explanation |
The bias current of the transceiver module returned to the acceptable range. |
Recommended action |
No action is required. |
CFG_ERR
Message text |
[STRING]: Transceiver type and port configuration mismatched. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/CFG_ERR: GigabitEthernet1/0/1: Transceiver type and port configuration mismatched. |
Explanation |
The transceiver module type does not match the port configurations. |
Recommended action |
Check for the transceiver module type and the current port configurations. If they mismatch, replace the transceiver module or update the port configurations. |
CHKSUM_ERR
Message text |
[STRING]: Transceiver information checksum error. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/CHKSUM_ERR: GigabitEthernet1/0/1: Transceiver information checksum error . |
Explanation |
Checksum verification on the register information on the transceiver module failed. |
Recommended action |
Replace the transceiver module, or contact H3C Support. |
FIBER_SFP MODULE_INVALID
Message text |
[STRING]: This transceiver module is not compatible with the interface card. HP does not guarantee the correct operation of the transceiver module. The transceiver module will be invalidated in [UINT32] days. Please replace it with a compatible one as soon as possible. |
Variable fields |
$1: Interface type and number. $2: Number of days that the transceiver module will be invalid. |
Severity level |
4 |
Example |
OPTMOD/4/FIBER_SFPMODULE_INVALID: GigabitEthernet1/0/1: This transceiver module is not compatible with the interface card. HP does not guarantee the correct operation of the transceiver module. The transceiver module will be invalidated in 3 days. Please replace it with a compatible one as soon as possible. |
Explanation |
The transceiver module is not compatible with the interface card. |
Recommended action |
Replace the transceiver module. |
FIBER_SFPMODULE_NOWINVALID
Message text |
[STRING]: This is not a supported transceiver for this platform. HP does not guarantee the normal operation or maintenance of unsupported transceivers. Please review the platform datasheet on the HP web site or contact your HP sales rep for a list of supported transceivers. |
Variable fields |
$1: Interface type and number. |
Severity level |
4 |
Example |
OPTMOD/4/FIBER_SFPMODULE_NOWINVALID: GigabitEthernet1/0/1: This is not a supported transceiver for this platform. HP does not guarantee the normal operation or maintenance of unsupported transceivers. Please review the platform datasheet on the HP web site or contact your HP sales rep for a list of supported transceivers. |
Explanation |
The system does not support the transceiver module. |
Recommended action |
Replace the transceiver module. |
IO_ERR
Message text |
[STRING]: The transceiver information I/O failed. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/IO_ERR: GigabitEthernet1/0/1: The transceiver information I/O failed. |
Explanation |
The device failed to access the register information of the transceiver module. |
Recommended action |
Execute the display transceiver diagnosis interface and display transceiver alarm interface commands. If both commands fail to be executed, the transceiver module is faulty. Replace the transceiver module. |
MOD_ALM_OFF
Message text |
[STRING]: [STRING] was removed. |
Variable fields |
$1: Interface type and number. $2: Fault type. |
Severity level |
3 |
Example |
OPTMOD/3/MOD_ALM_OFF: GigabitEthernet1/0/1: Module_not_ready was removed.. |
Explanation |
A fault was removed from the transceiver module. |
Recommended action |
No action is required. |
MOD_ALM_ON
Message text |
[STRING]: [STRING] was detected. |
Variable fields |
$1: Interface type and number. $2: Fault type. |
Severity level |
3 |
Example |
OPTMOD/3/MOD_ALM_ON: GigabitEthernet1/0/1: Module_not_ready wasdetected. |
Explanation |
A fault was detected on the transceiver module. |
Recommended action |
1. Execute the display transceive alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module. |
MODULE_IN
Message text |
[STRING]: The transceiver is [STRING]. |
Variable fields |
$1: Interface type and number. $2: Type of the transceiver module. |
Severity level |
4 |
Example |
OPTMOD/4/MODULE_IN: GigabitEthernet1/0/1: The transceiver is 1000_BASE_T_AN_SFP. |
Explanation |
When a transceiver module is inserted, the OPTMOD module generates the message to display the transceiver module type. |
Recommended action |
No action is required. |
MODULE_OUT
Message text |
[STRING]: Transceiver absent. |
Variable fields |
$1: Interface type and number. |
Severity level |
4 |
Example |
OPTMOD/4/MODULE_OUT: GigabitEthernet1/0/1: The transceiver is absent. |
Explanation |
The transceiver module was removed. |
Recommended action |
No action is required. |
PHONY_MODULE
Message text |
[STRING]: This transceiver is not sold by H3C. H3C does not guarantee the correct operation of the module or assume maintenance responsibility. |
Variable fields |
$1: Interface type and number. |
Severity level |
4 |
Example |
OPTMOD/4/PHONY_MODULE: GigabitEthernet1/0/1: This transceiver is not sold by H3C. H3C does not guarantee the correct operation of the module or assume maintenance responsibility. |
Explanation |
The transceiver module is not sold by H3C. |
Recommended action |
Replace the transceiver module. |
RX_ALM_OFF
Message text |
STRING]: [STRING] was removed. |
Variable fields |
$1: Interface type and number. $2: RX fault type. |
Severity level |
3 |
Example |
OPTMOD/3/RX_ALM_OFF: GigabitEthernet1/0/1: RX_not_ready was removed. |
Explanation |
An RX fault was removed from the transceiver module. |
Recommended action |
No action is required. |
RX_ALM_ON
Message text |
[STRING]: [STRING] was detected. |
Variable fields |
$1: Interface type and number. $2: RX fault type. |
Severity level |
3 |
Example |
OPTMOD/3/RX_ALM_ON: GigabitEthernet1/0/1: RX_not_ready was detected. |
Explanation |
An RX fault was detected on the transceiver module. |
Recommended action |
1. Execute the display transceiver alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module. |
RX_POW_HIGH
Message text |
[STRING]: RX power is high. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/RX_POW_HIGH: GigabitEthernet1/0/1: RX power is high. |
Explanation |
The RX power of the transceiver module exceeded the high threshold. |
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the RX power of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high RX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
RX_POW_LOW
Message text |
[STRING]: RX power is low. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/RX_POW_LOW: GigabitEthernet1/0/1: RX power is low. |
Explanation |
The RX power of the transceiver module went below the low threshold. |
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the RX power of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low RX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
RX_POW_NORMAL
Message text |
[STRING]: RX power is normal. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/RX_POW_NORMAL: GigabitEthernet1/0/1: RX power is normal. |
Explanation |
The RX power of the transceiver module returned to the acceptable range. |
Recommended action |
No action is required. |
TEMP_HIGH
Message text |
[STRING]: Temperature is high. |
Variable fields |
$1: Interface type and number |
Severity level |
3 |
Example |
OPTMOD/3/TEMP_HIGH: GigabitEthernet1/0/1: Temperature is high. |
Explanation |
The temperature of the transceiver module exceeded the high threshold. |
Recommended action |
1. Verify that the fan trays are operating correctly. ¡ If there are no fan trays, install fan trays. ¡ If the fan trays fail, replace the fan trays. 2. Verify that the ambient temperature is in the acceptable range. If it is out of the acceptable range, take measures to lower the temperature. 3. Replace the transceiver module. |
TEMP_LOW
Message text |
[STRING]: Temperature is low. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/TEMP_LOW: GigabitEthernet1/0/1: Temperature is low. |
Explanation |
The temperature of the transceiver module went below the low threshold. |
Recommended action |
1. Verify that the ambient temperature is in the acceptable range. If it is out of the acceptable range, take measures to raise the temperature. 2. Replace the transceiver module. |
TEMP_NORMAL
Message text |
[STRING]: Temperature is normal. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/TEMP_NORMAL: GigabitEthernet1/0/1: Temperature is normal. |
Explanation |
The temperature of the transceiver module returned to the acceptable range. |
Recommended action |
No action is required. |
TX_ALM_OFF
Message text |
[STRING]: [STRING] was removed. |
Variable fields |
$1: Interface type and number. $2: TX fault type. |
Severity level |
3 |
Example |
OPTMOD/3/TX_ALM_OFF: GigabitEthernet1/0/1: TX_fault was removed. |
Explanation |
A TX fault was removed from the transceiver module. |
Recommended action |
No action is required. |
TX_ALM_ON
Message text |
[STRING]: [STRING] was detected. |
Variable fields |
$1: Interface type and number. $2: TX fault type. |
Severity level |
3 |
Example |
OPTMOD/3/TX_ALM_ON: GigabitEthernet1/0/1: TX_fault was detected. |
Explanation |
A TX fault was detected on the transceiver module. |
Recommended action |
1. Execute the display transceiver alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module. |
TX_POW_HIGH
Message text |
[STRING]: TX power is high. |
Variable fields |
$1: Interface type and number. |
Severity level |
2 |
Example |
OPTMOD/2/TX_POW_HIGH: GigabitEthernet1/0/1: TX power is high. |
Explanation |
The TX power of the transceiver module exceeded the high threshold. |
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the TX power of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high TX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
TX_POW_LOW
Message text |
[STRING]: TX power is low. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/TX_POW_LOW: GigabitEthernet1/0/1: TX power is low. |
Explanation |
The TX power of the transceiver module went below the low threshold. |
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the TX power of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low TX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
TX_POW_NORMAL
Message text |
[STRING]: TX power is normal. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/TX_POW_NORMAL: GigabitEthernet1/0/1: TX power is normal. |
Explanation |
The TX power of the transceiver module returned to the acceptable range. |
Recommended action |
No action is required. |
TYPE_ERR
Message text |
[STRING]: The transceiver type is not supported by port hardware. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/TYPE_ERR: GigabitEthernet1/0/1: The transceiver type is not supported by port hardware. |
Explanation |
The transceiver module is not supported by the port. |
Recommended action |
Replace the transceiver module. |
VOLT_HIGH
Message text |
[STRING]: Voltage is high. |
Variable fields |
$1: Interface type and number |
Severity level |
3 |
Example |
OPTMOD/3/VOLT_HIGH: GigabitEthernet1/0/1: Voltage is high. |
Explanation |
The voltage of the transceiver module exceeded the high threshold. |
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the voltage of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high voltage alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
VOLT_LOW
Message text |
[STRING]: Voltage is low. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/VOLT_LOW: GigabitEthernet1/0/1: Voltage is low. |
Explanation |
The voltage of the transceiver module went below the low threshold. |
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the voltage of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low voltage alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
VOLT_NORMAL
Message text |
[STRING]: Voltage is normal. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
OPTMOD/3/VOLT_NORMAL: GigabitEthernet1/0/1: Voltage is normal. |
Explanation |
The voltage of the transceiver module returned to the acceptable range. |
Recommended action |
No action is required. |
OSPF messages
This section contains OSPF messages.
OSPF_DUP_RTRID_NBR
Message text |
OSPF [UINT16] Duplicate router ID [STRING] on interface [STRING], sourced from IP address [IPADDR]. |
Variable fields |
$1: OSPF process ID. $2: Router ID. $3: Interface name. $4: IP address. |
Severity level |
4 |
Example |
OSPF/4/OSPF_DUP_RTRID_NBR: OSPF 1 Duplicate router ID 11.11.11.11 on interface GigabitEthernet0/0/3, sourced from IP address 11.2.2.2. |
Explanation |
Two directly connected devices were configured with the same router ID. |
Recommended action |
Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect. |
OSPF_IP_CONFLICT_INTRA
Message text |
OSPF [UINT16] Received newer self-originated network-LSAs. Possible conflict of IP address [IPADDR] in area [STRING] on interface [STRING]. |
Variable fields |
$1: OSPF process ID. $2: IP address. $3: OSPF area ID. $4: Interface name. |
Severity level |
6 |
Example |
OSPF/6/OSPF_IP_CONFLICT_INTRA: OSPF 1 Received newer self-originated network-LSAs. Possible conflict of IP address 11.1.1.1 in area 0.0.0.1 on interface GigabitEthernet0/0/3. |
Explanation |
The interfaces on two devices in the same OSPF area might have the same primary IP address. At least one of the devices is a DR. |
Recommended action |
Modify IP address configuration after you make sure no router ID conflict occurs in the same OSPF area. |
OSPF_LAST_NBR_DOWN
Message text |
OSPF [UINT32] Last neighbor down event: Router ID: [STRING] Local address: [STRING] Remote address: [STRING] Reason: [STRING] |
Variable fields |
$1: OSPF process ID. $2: Router ID. $3: Local IP address. $4: Neighbor IP address. $5: Reason. |
Severity level |
6 |
Example |
OSPF/6/OSPF_LAST_NBR_DOWN: OSPF 1 Last neighbor down event: Router ID: 2.2.2.2 Local address: 10.1.1.1 Remote address: 10.1.1.2 Reason: Dead Interval timer expired. |
Explanation |
The device records the OSPF neighbor down event caused by a specific reason. |
Recommended action |
· When a down event occurred because of configuration changes (for example, interface parameter changes), check for the configuration errors. · When a down event occurred because of dead interval expiration, check for the dead interval configuration error and loss of network connectivity. · When a down event occurred because of BFD session down, check for the BFD detection time configuration error and loss of network connectivity. · When a down event occurred because of interface status changes, check for loss of network connectivity. |
OSPF_MEM_ALERT
Message text |
OSPF Process received system memory alert [STRING] event. |
Variable fields |
$1: Type of the memory alarm. |
Severity level |
5 |
Example |
OSPF/5/OSPF_MEM_ALERT: OSPF Process received system memory alert start event. |
Explanation |
OSPF received a memory alarm. |
Recommended action |
Check the system memory and release memory for the modules that occupy too many memory resources. |
OSPF_NBR_CHG
Message text |
OSPF [UINT32] Neighbor [STRING] ([STRING]) changed from [STRING] to [STRING] |
Variable fields |
$1: OSPF process ID. $2: Neighbor router ID. $3: Interface name. $4: Old adjacency state. $5: New adjacency state. |
Severity level |
3 |
Example |
OSPF/3/OSPF_NBR_CHG: OSPF 1 Neighbor 2.2.2.2 (Vlan-interface100) changed from Full to Down. |
Explanation |
The OSPF adjacency state changed on an interface. |
Recommended action |
When the adjacency with a neighbor changes from Full to another state on an interface, check for OSPF configuration errors and loss of network connectivity. |
OSPF_NBR_CHG_REASON
Message text |
OSPF [UINT32] Area [STRING] Router [STRING]([STRING]) CPU usage: [STRING], VPN name: [STRING], IfMTU: [UINT32], Neighbor address: [STRING], NbrID [STRING] changed from [STRING] to [STRING] at [STRING]. Last 4 hello packets received at: [STRING] Last 4 hello packets sent at: [STRING] |
Variable fields |
$1: OSPF process ID. $2: Area ID. $3: Router ID. $4: Abbreviated interface name. $5: CPU usage. $6: VPN instance name. $7: Interface MTU. $8: IP address of the neighbor. $9: Router ID of the neighbor. $10: Original neighbor state. $11: New neighbor state and the state change cause. $12: Time when the neighbor state changed. $13: Time when the last four hello packets were received before neighbor state change. $14: Time when the last four hello packets were sent before neighbor state change. |
Severity level |
5 |
Example |
OSPF/5/OSPF_NBR_CHG_REASON: OSPF 1 Area 0.0.0.0 Router 2.2.2.2(GE1/0/1) CPU usage:3.80%, VPN name: a, IfMTU:1500, Neighbor address:10.1.1.2, NbrID:1.1.1.1 changed from Full to Down because OSPF interface parameters changed at 2019-04-01 15:20:57:034. Last 4 hello packets received at: 2019-09-01 15:19:46:225 2019-09-01 15:19:56:224 2019-09-01 15:20:06:225 2019-09-01 15:20:16:225 Last 4 hello packets sent at: 2019-09-01 15:20:22:033 2019-09-01 15:20:32:033 2019-09-01 15:20:42:032 2019-09-01 15:20:52:033 |
Explanation |
The OSPF neighbor state changed on an interface. |
Recommended action |
Verify the OSPF settings and the network connectivity. |
OSPF_RT_LMT
Message text |
OSPF [UINT32] route limit reached. |
Variable fields |
$1: OSPF process ID. |
Severity level |
4 |
Example |
OSPF/4/OSPF_RT_LMT: OSPF 1 route limit reached. |
Explanation |
The number of routes of an OSPF process reached the upper limit. |
Recommended action |
1. Check for network attacks. 2. Reduce the number of routes. |
OSPF_RTRID_CHG
Message text |
OSPF [UINT32] New router ID elected, please restart OSPF if you want to make the new router ID take effect. |
Variable fields |
$1: OSPF process ID. |
Severity level |
5 |
Example |
OSPF/5/OSPF_RTRID_CHG: OSPF 1 New router ID elected, please restart OSPF if you want to make the new router ID take effect. |
Explanation |
The OSPF router ID was changed because the user had changed the router ID or the interface IP address used as the router ID had changed. |
Recommended action |
Use the reset ospf process command to make the new router ID take effect. |
OSPF_RTRID_CONFLICT_INTER
Message text |
OSPF [UINT16] Received newer self-originated ase-LSAs. Possible conflict of router ID [STRING]. |
Variable fields |
$1: OSPF process ID. $2: Router ID. |
Severity level |
6 |
Example |
OSPF/6/OSPF_RTRID_CONFILICT_INTER: OSPF 1 Received newer self-originated ase-LSAs. Possible conflict of router ID 11.11.11.11. |
Explanation |
Two indirectly connected devices in the same OSPF area might have the same router ID. One of the devices is an ASBR. |
Recommended action |
Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect. |
OSPF_RTRID_CONFLICT_INTRA
Message text |
OSPF [UINT16] Received newer self-originated router-LSAs. Possible conflict of router ID [STRING] in area [STRING]. |
Variable fields |
$1: OSPF process ID. $2: Router ID. $3: OSPF area ID. |
Severity level |
4 |
Example |
OSPF/4/OSPF_RTRID_CONFLICT_INTRA: OSPF 1 Received newer self-originated router-LSAs. Possible conflict of router ID 11.11.11.11 in area 0.0.0.1. |
Explanation |
Two indirectly connected devices in the same OSPF area might have the same router ID. |
Recommended action |
Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect. |
OSPF_VLINKID_CHG
Message text |
OSPF [UINT32] Router ID changed, reconfigure Vlink on peer |
Variable fields |
$1: OSPF process ID. |
Severity level |
5 |
Example |
OSPF/5/OSPF_VLINKID_CHG:OSPF 1 Router ID changed, reconfigure Vlink on peer |
Explanation |
A new OSPF router ID takes effect. |
Recommended action |
Check and modify the virtual link configuration on the peer router to match the new router ID. |
OSPFV3 messages
This section contains OSPFv3 messages.
OSPFV3_LAST_NBR_DOWN
Message text |
OSPFv3 [UINT32] Last neighbor down event: Router ID: [STRING] Local interface ID: [UINT32] Remote interface ID: [UINT32] Reason: [STRING]. |
Variable fields |
$1: OSPFv3 process ID. $2: Router ID. $3: Local interface ID. $4: Remote interface ID. $5: Reason. |
Severity level |
6 |
Example |
OSPFV3/6/OSPFV3_LAST_NBR_DOWN: OSPFv3 1 Last neighbor down event: Router ID: 2.2.2.2 Local interface ID: 1111 Remote interface ID: 2222 Reason: Dead Interval timer expired. |
Explanation |
The device records the OSPFv3 neighbor down event caused by a specific reason. |
Recommended action |
· When a down event occurred because of configuration changes (for example, interface parameter changes), check for the configuration errors. · When a down event occurred because of dead interval expiration, check for the dead interval configuration error and loss of network connectivity. · When a down event occurred because of BFD session down, check for the BFD detection time configuration error and loss of network connectivity. · When a down event occurred because of interface status changes, check for loss of network connectivity. |
OSPFV3_MEM_ALERT
Message text |
OSPFV3 Process received system memory alert [STRING] event. |
Variable fields |
$1: Type of the memory alarm. |
Severity level |
5 |
Example |
OSPFV3/5/OSPFV3_MEM_ALERT: OSPFV3 Process received system memory alert start event. |
Explanation |
OSPFv3 received a memory alarm. |
Recommended action |
Check the system memory and release memory for the modules that occupy too many memory resources. |
OSPFV3_NBR_CHG
Message text |
OSPFv3 [UINT32] Neighbor [STRING] ([STRING]) received [STRING] and its state changed from [STRING] to [STRING]. |
Variable fields |
$1: Process ID. $2: Neighbor router ID. $3: Interface name. $4: Neighbor event. $5: Old adjacency state. $6: New adjacency state. |
Severity level |
3 |
Example |
OSPFV3/3/OSPFV3_NBR_CHG: OSPFv3 1 Neighbor 2.2.2.2 (Vlan100) received 1-Way and its state changed from Full to Init. |
Explanation |
The OSPFv3 adjacency state changed on an interface. |
Recommended action |
When the adjacency with a neighbor changes from Full to another state on an interface, check for OSPFv3 configuration errors and loss of network connectivity. |
OSPFV3_RT_LMT
Message text |
OSPFv3 [UINT32] route limit reached. |
Variable fields |
$1: Process ID. |
Severity level |
3 |
Example |
OSPFV3/3/OSPFV3_RT_LMT:OSPFv3 1 route limit reached. |
Explanation |
The number of routes of an OSPFv3 process reached the upper limit. |
Recommended action |
1. Check for network attacks. 2. Reduce the number of routes. |
PBB messages
This section contains PBB messages.
PBB_JOINAGG_WARNING
Message text |
Because the aggregate interface [STRING] has been configured with PBB, assigning the interface [STRING] that does not support PBB to the aggregation group will cause incorrect processing. |
Variable fields |
$1: Aggregation group name. $2: Interface name. |
Severity level |
4 |
Example |
PBB/4/PBB_JOINAGG_WARNING: Because the aggregate interface Bridge-Aggregation1 has been configured with PBB, assigning the interface Ten-GigabitEthernet9/0/30 that does not support PBB to the aggregation group will cause incorrect processing. |
Explanation |
Assigning an interface that does not support PBB to an aggregation group that has been configured with PBB will cause incorrect processing. If an aggregate interface is a PBB uplink port, all its members should support PBB. |
Recommended action |
Remove the interface from the aggregation group. |
PBR messages
This section contains PBR messages.
PBR_HARDWARE_BIND_ERROR
Message text |
Failed to apply the policy [STRING] to interface [STRING] because of [STRING]. |
Variable fields |
$1: Policy name. $2: Interface name. $2: Hardware error reasons: · Insufficient hardware resources. · Unsupported operations. · Insufficient hardware resources and unsupported operations. |
Severity level |
4 |
Example |
PBR/4/PBR_HARDWARE_BIND_ERROR: Failed to apply the policy abc to interface GigabitEthernet1/0/1 because of unsupported operations. |
Explanation |
Failed to apply the unicast policy to the interface. |
Recommended action |
Modify the PBR policy configuration according to the failure reason. |
PBR_HARDWARE_ERROR
Message text |
Failed to update policy [STRING] due to [STRING]. |
Variable fields |
$1: Policy name. $2: Hardware error reasons: · Insufficient hardware resources. · Unsupported operations. · Insufficient hardware resources and unsupported operations. |
Severity level |
4 |
Example |
PBR/4/PBR_HARDWARE_ERROR: Failed to update policy aaa due to insufficient hardware resources and not supported operations. |
Explanation |
The device failed to update PBR configuration. |
Recommended action |
Modify the PBR policy configuration according to the failure reason. |
PBR_NEXTHOP_CHANGE
Message text |
The link to next hop [IPADDR] of policy [STRING] (node ID: [STRING], VPN instance: [STRING]) changed due to [STRING]. |
Variable fields |
$1: Next hop address. $2: Policy name. $3: Node ID. $4: VPN instance name. For the public network, this field displays Public network. $5: Link change reasons: · FIB change—The FIB information changed. · reachable status—The next hop address became reachable. · unreachable status—The next hop address became unreachable. · direct change—The next hop changed from indirect to direct or from direct to indirect. · track change—The track entry status changed. |
Severity level |
4 |
Example |
PBR/4/PBR_NEXTHOP_CHANGE: The link to next hop 1.1.1.1 of policy a (node ID: 0, VPN instance: Public network) changed due to FIB change. |
Explanation |
The link to the next hop of the policy changed. |
Recommended action |
Locate and fix the fault according to the link change reason. |
PCE messages
This section contains PCE messages.
PCE_PCEP_SESSION_CHG
Message text |
Session ([STRING], [STRING]) is [STRING]. |
Variable fields |
$1: Peer address of the session. $2: VPN instance name. Value unknown indicates that the VPN instance cannot be obtained. $3: State of the session, up or down. When the state is down, this field also displays the reason for the down state error. Possible reasons include: · TCP connection down. · received a close message. The device receives a close message from the peer when the peer encounters one of the following situations: ¡ No explanation provided. (The session is closed because the idle time of the session exceeds three minutes.) ¡ DeadTimer expired. ¡ Reception of a malformed PCEP message. ¡ Reception of an unacceptable number of unknown requests/replies. ¡ Reception of an unacceptable number of unrecognized PCEP messages. · reception of a malformed PCEP message. · internal error. · memory in critical state. · dead timer expired. · process deactivated. · remote peer unavailable/untriggered. · reception of an unacceptable number of unrecognized PCEP messages. · reception of an unacceptable number of unknown requests/replies. · PCE address changed. · initialization failed. |
Severity level |
3 |
Example |
PCE/3/PCE_PCEP_SESSION_CHG: Session (22.22.22.2, public instance) is up. PCE/3/PCE_PCEP_SESSION_CHG: Session (22.22.22.2, public instance) is down (dead timer expired). |
Explanation |
The session state changed. |
Recommended action |
When the session state is up, no action is required. When the session state is down, verify the network and configuration according to the reason displayed. |
PFILTER messages
This section contains packet filter messages.
PFILTER_GLB_IPV4_DACT_NO_RES
Message text |
Failed to apply or refresh the IPv4 default action to the [STRING] direction globally. The resources are insufficient. |
Variable fields |
$1: Traffic direction. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_GLB_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction globally. The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction globally. · Updating the IPv4 default action applied to a specific direction globally. |
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_GLB_IPV4_DACT_UNK_ERR
Message text |
Failed to apply or refresh the IPv4 default action to the [STRING] direction globally. |
Variable fields |
$1: Traffic direction. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_GLB_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction globally. |
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the IPv4 default action to a specific direction globally. · Updating the IPv4 default action applied to a specific direction globally. |
Recommended action |
No action is required. |
PFILTER_GLB_IPV6_DACT_NO_RES
Message text |
Failed to apply or refresh the IPv6 default action to the [STRING] direction globally. The resources are insufficient. |
Variable fields |
$1: Traffic direction. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_GLB_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction globally. The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction globally. · Updating the IPv6 default action applied to a specific direction globally. |
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_GLB_IPV6_DACT_UNK_ERR
Message text |
Failed to apply or refresh the IPv6 default action to the [STRING] direction globally. |
Variable fields |
$1: Traffic direction. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_GLB_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction globally. |
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction globally. · Updating the IPv6 default action applied to a specific direction globally. |
Recommended action |
No action is required. |
PFILTER_GLB_MAC_DACT_NO_RES
Message text |
Failed to apply or refresh the MAC default action to the [STRING] direction globally. The resources are insufficient. |
Variable fields |
$1: Traffic direction. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_GLB_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction globally. The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction globally. · Updating the MAC default action applied to a specific direction globally. |
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_GLB_MAC_DACT_UNK_ERR
Message text |
Failed to apply or refresh the MAC default action to the [STRING] direction globally. |
Variable fields |
$1: Traffic direction. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_GLB_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction globally. |
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction globally. · Updating the MAC default action applied to a specific direction globally. |
Recommended action |
No action is required. |
PFILTER_GLB_NO_RES
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. The resources are insufficient. |
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_GLB_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally. |
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_GLB_NOT_SUPPORT
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. The ACL is not supported. |
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_GLB_NOT_SUPPORT: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. The ACL is not supported. |
Explanation |
The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally. |
Recommended action |
Verify the ACL configuration and remove the settings that are not supported. |
PFILTER_GLB_ RES_CONFLICT
Message text |
Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction globally. [STRING] ACL [UINT] has already been applied globally. |
Variable fields |
$1: ACL type. $2: ACL number. $3: Traffic direction. $4: ACL type. $5: ACL number. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_GLB_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction globally. IPv6 ACL 3000 has already been applied globally. |
Explanation |
The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction globally. · Updating the ACL applied to a specific direction globally. |
Recommended action |
Remove the ACL of the same type. |
PFILTER_GLB_UNK_ERR
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. |
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_GLB_UNK_ERR: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. |
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally. |
Recommended action |
No action is required. |
PFILTER_IF_IPV4_DACT_NO_RES
Message text |
Failed to apply or refresh the IPv4 default action to the [STRING] direction of interface [STRING]. The resources are insufficient. |
Variable fields |
$1: Traffic direction. $2: Interface name. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_IF_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction of an interface. · Updating the IPv4 default action applied to a specific direction of an interface. |
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_IF_IPV4_DACT_UNK_ERR
Message text |
Failed to apply or refresh the IPv4 default action to the [STRING] direction of interface [STRING]. |
Variable fields |
$1: Traffic direction. $2: Interface name. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_IF_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction of interface Ethernet 3/1/2. |
Explanation |
The system failed to perform one of the following actions because an unknown error: · Applying the IPv4 default action to a specific direction of an interface. · Updating the IPv4 default action applied to a specific direction of an interface. |
Recommended action |
No action is required. |
PFILTER_IF_IPV6_DACT_NO_RES
Message text |
Failed to apply or refresh the IPv6 default action to the [STRING] direction of interface [STRING]. The resources are insufficient. |
Variable fields |
$1: Traffic direction. $2: Interface name. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_IF_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction of an interface. · Updating the IPv6 default action applied to a specific direction of an interface. |
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_IF_IPV6_DACT_UNK_ERR
Message text |
Failed to apply or refresh the IPv6 default action to the [STRING] direction of interface [STRING]. |
Variable fields |
$1: Traffic direction. $2: Interface name. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_IF_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction of interface Ethernet 3/1/2. |
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction of an interface. · Updating the IPv6 default action applied to a specific direction of an interface. |
Recommended action |
No action is required. |
PFILTER_IF_MAC_DACT_NO_RES
Message text |
Failed to apply or refresh the MAC default action to the [STRING] direction of interface [STRING]. The resources are insufficient. |
Variable fields |
$1: Traffic direction. $2: Interface name. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_IF_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction of an interface. · Updating the MAC default action applied to a specific direction of an interface. |
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_IF_MAC_DACT_UNK_ERR
Message text |
Failed to apply or refresh the MAC default action to the [STRING] direction of interface [STRING]. |
Variable fields |
$1: Traffic direction. $2: Interface name. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_IF_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction of interface Ethernet 3/1/2. |
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction of an interface. · Updating the MAC default action applied to a specific direction of an interface. |
Recommended action |
No action is required. |
PFILTER_IF_NO_RES
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. The resources are insufficient. |
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_IF_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface. |
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_IF_NOT_SUPPORT
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. The ACL is not supported. |
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_IF_NOT_SUPPORT: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2. The ACL is not supported. |
Explanation |
The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface. |
Recommended action |
Verify the ACL configuration and remove the settings that are not supported. |
PFILTER_IF_RES_CONFLICT
Message text |
Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction of interface [STRING]. [STRING] ACL [UINT] has already been applied to the interface. |
Variable fields |
$1: ACL type. $2: ACL number. $3: Traffic direction. $4: Interface name. $5: ACL type. $6: ACL number. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_IF_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction of interface Ethernet 3/1/2. IPv6 ACL 3000 has already been applied to the interface. |
Explanation |
The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction of an interface. · Updating the ACL applied to a specific direction of an interface. |
Recommended action |
Remove the ACL of the same type. |
PFILTER_IF_UNK_ERR
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. |
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_IF_UNK_ERR: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2. |
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface. |
Recommended action |
No action is required. |
PFILTER_IPV6_STATIS_INFO
Message text |
[STRING] ([STRING]): Packet-filter IPv6 [UINT32] [STRING] [STRING] [UINT64] packet(s). |
Variable fields |
$1: Destination to which packet filter applies. $2: Traffic direction. $3: ACL number. $4: ID and content of an ACL rule. $5: Number of packets that matched the rule. |
Severity level |
6 |
Example |
PFILTER/6/PFILTER_IPV6_STATIS_INFO: Ethernet0/4/0 (inbound): Packet-filter IPv6 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s). |
Explanation |
The number of packets matching the packet-filter IPv6 ACL rule changed. |
Recommended action |
No action is required. |
PFILTER_STATIS_INFO
Message text |
[STRING] ([STRING]): Packet-filter [UINT32] [STRING] [UINT64] packet(s). |
Variable fields |
$1: Destination to which packet filter applies. $2: Traffic direction. $3: ACL number. $4: ID and content of an ACL rule. $5: Number of packets that matched the rule. |
Severity level |
6 |
Example |
PFILTER/6/PFILTER_STATIS_INFO: Ethernet0/4/0 (inbound): Packet-filter 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s). |
Explanation |
The number of packets matching the packet-filter IPv4 ACL rule changed. |
Recommended action |
No action is required. |
PFILTER_VLAN_IPV4_DACT_NO_RES
Message text |
Failed to apply or refresh the IPv4 default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient. |
Variable fields |
$1: Traffic direction. $2: VLAN ID. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_VLAN_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction of VLAN 1. The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction of a VLAN. · Updating the IPv4 default action applied to a specific direction of a VLAN. |
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_VLAN_IPV4_DACT_UNK_ERR
Message text |
Failed to apply or refresh the IPv4 default action to the [STRING] direction of VLAN [UINT16]. |
Variable fields |
$1: Traffic direction. $2: VLAN ID. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_VLAN_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction of VLAN 1. |
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the IPv4 default action to a specific direction of a VLAN. · Updating the IPv4 default action applied to a specific direction of a VLAN. |
Recommended action |
No action is required. |
PFILTER_VLAN_IPV6_DACT_NO_RES
Message text |
Failed to apply or refresh the IPv6 default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient. |
Variable fields |
$1: Traffic direction. $2: VLAN ID. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_VLAN_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction of VLAN 1. The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction of a VLAN. · Updating the IPv6 default action applied to a specific direction of a VLAN. |
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_VLAN_IPV6_DACT_UNK_ERR
Message text |
Failed to apply or refresh the IPv6 default action to the [STRING] direction of VLAN [UINT16]. |
Variable fields |
$1: Traffic direction. $2: VLAN ID. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_VLAN_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction of VLAN 1. |
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction of a VLAN. · Updating the IPv6 default action applied to a specific direction of a VLAN. |
Recommended action |
No action is required. |
PFILTER_VLAN_MAC_DACT_NO_RES
Message text |
Failed to apply or refresh the MAC default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient. |
Variable fields |
$1: Traffic direction. $2: VLAN ID. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_VLAN_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction of VLAN 1. The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction of a VLAN. · Updating the MAC default action applied to a specific direction of a VLAN. |
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_VLAN_MAC_DACT_UNK_ERR
Message text |
Failed to apply or refresh the MAC default action to the [STRING] direction of VLAN [UINT16]. |
Variable fields |
$1: Traffic direction. $2: VLAN ID. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_VLAN_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction of VLAN 1. |
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction of a VLAN. · Updating the MAC default action applied to a specific direction of a VLAN. |
Recommended action |
No action is required. |
PFILTER_VLAN_NO_RES
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. The resources are insufficient. |
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_VLAN_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of VLAN 1. The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN. |
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_VLAN_NOT_SUPPORT
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. The ACL is not supported. |
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_VLAN_NOT_SUPPORT: Failed to apply or refresh ACL 2000 rule 1 to the inbound direction of VLAN 1. The ACL is not supported. |
Explanation |
The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN. |
Recommended action |
Verify the ACL configuration and remove the settings that are not supported. |
PFILTER_VLAN_RES_CONFLICT
Message text |
Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction of VLAN [UINT16]. [STRING] ACL [UINT] has already been applied to the VLAN. |
Variable fields |
$1: ACL type. $2: ACL number. $3: Traffic direction. $4: VLAN ID. $5: ACL type. $6: ACL number. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_VLAN_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction of VLAN 1. IPv6 ACL 3000 has already been applied to the VLAN. |
Explanation |
The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction of a VLAN. · Updating the ACL applied to a specific direction of a VLAN. |
Recommended action |
Remove the ACL of the same type. |
PFILTER_VLAN_UNK_ERR
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. |
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID. |
Severity level |
3 |
Example |
PFILTER/3/PFILTER_VLAN_UNK_ERR: Failed to apply or refresh ACL 2000 rule 1 to the inbound direction of VLAN 1. |
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN. |
Recommended action |
No action is required. |
PIM messages
This section contains PIM messages.
PIM_NBR_DOWN
Message text |
[STRING] Neighbor [STRING] ([STRING]) is down. |
Variable fields |
$1: VPN instance name enclosed in parentheses (()). If the PIM neighbor belongs to the public network, this field is not displayed. $2: IP address of the PIM neighbor. $3: Interface name. |
Severity level |
4 |
Example |
PIM/4/PIM_NBR_DOWN: Neighbor 10.1.1.1(Vlan-interface10) is down. |
Explanation |
A PIM neighbor went down. |
Recommended action |
Check the PIM configuration and network status. |
PIM_NBR_UP
Message text |
[STRING] Neighbor [STRING] ([STRING]) is up. |
Variable fields |
$1: VPN instance name enclosed in parentheses (()). If the PIM neighbor belongs to the public network, this field is not displayed. $2: IP address of the PIM neighbor. $3: Interface name. |
Severity level |
4 |
Example |
PIM/4/PIM_NBR_UP: Neighbor 10.1.1.1(Vlan-interface10) is up. |
Explanation |
A PIM neighbor came up. |
Recommended action |
No action is required. |
PING messages
This section contains ping messages.
PING_STATISTICS
Message text |
[STRING] statistics for [STRING]: [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms. |
Variable fields |
$1: The value can be Ping or Ping6. $2: IP address, IPv6 address, or host name for the destination. $3: Number of sent echo requests. $4: Number of received echo replies. $5: Percentage of unacknowledged packets against the total packets sent. $6: Minimum round-trip delay. $7: Average round-trip delay. $8: Maximum round-trip delay. $9: Standard deviation round-trip delay. |
Severity level |
6 |
Example |
PING/6/PING_STATISTICS: Ping statistics for 192.168.0.115: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms. |
Explanation |
The ping or ping ipv6 command was executed to test the reachability of a destination address on the public network. |
Recommended action |
If no ICMP echo reply packets were received, identify whether the interface is up. |
PING_VPN_STATISTICS
Message text |
[STRING] statistics for [STRING] in VPN instance [STRING] : [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms. |
Variable fields |
$1: The value can be Ping or Ping6. $2: IP address, IPv6 address, or host name for the destination. $3: VPN instance name. $4: Number of sent echo requests. $5: Number of received echo replies. $6: Percentage of unacknowledged packets against the total packets sent. $7: Minimum round-trip delay. $8: Average round-trip delay. $9: Maximum round-trip delay. $10: Standard deviation round-trip delay. |
Severity level |
6 |
Example |
PING/6/PING_VPN_STATISTICS: Ping statistics for 192.168.0.115 in VPN instance vpn1: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms. |
Explanation |
The ping or ping ipv6 command was executed to test the reachability of a destination address in a VPN instance. |
Recommended action |
If no ICMP echo reply packets were received, identify whether the interface is up and whether a valid route exists in the routing table. |
PKG messages
This section contains package management messages.
PKG_VERSION_CONSISTENT
Message text |
Pattern 1: Software images on slot [STRING] are not consistent with those on the active MPU. The slot will reboot to reload the images of the active MPU. Pattern 2: Software images on chassis [STRING] slot [STRING] are not consistent with those on the local active MPU. The slot will reboot to reload the images of the local active MPU. |
Variable fields |
Pattern 1: $1: Slot number. Pattern 2: $1: Cassis number. $2: Slot number. |
Severity level |
5 |
Example |
Pattern 1: PKG/5/PKG_VERSION_CONSISTENT: Software images on slot 2 are not consistent with those on the active MPU. The slot will reboot to reload the images of the active MPU. Pattern 2: PKG/5/PKG_VERSION_CONSISTENT: Software images on chassis 2 slot 2 are not consistent with those on the local active MPU. The slot will reboot to reload the images of the local active MPU. |
Explanation |
It is recommended that you install, uninstall, or upgrade software images when the system is stable. If you perform an installation, uninstallation, or upgrade operation when a card is being started, the results of the operation cannot be synchronized to that card. As a result, the card runs different software images than the active MPU after it completes startup. The system will restart the card to load the new software images from the active MPU. Before the system restarts the card, it prints this log. |
Recommended action |
Use the display system stable command to verify that the system is stable before you perform an installation, uninstallation, or upgrade operation. If the System State field displays Stable, the system is stable. |
PKI messages
This section contains PKI messages.
REQUEST_CERT_FAIL
Message text |
Failed to request certificate of domain [STRING]. |
Variable fields |
$1: PKI domain name |
Severity level |
5 |
Example |
PKI/5/REQUEST_CERT_FAIL: Failed to request certificate of domain abc. |
Explanation |
Failed to request certificate for a domain. |
Recommended action |
Check the configuration of the device and CA server, and the network between them. |
REQUEST_CERT_SUCCESS
Message text |
Request certificate of domain [STRING] successfully. |
Variable fields |
$1: PKI domain name |
Severity level |
5 |
Example |
PKI/5/REQUEST_CERT_SUCCESS: Request certificate of domain abc successfully. |
Explanation |
Successfully requested certificate for a domain. |
Recommended action |
No action is required. |
LOCAL_WILL_EXPIRE
Message text |
Local [STRING] certificate in domain [STRING] will expire in [INTEGER] days. |
Variable fields |
$1: Purpose of the certificate. $2: PKI domain name. $3: Number of days prior to expiration. |
Severity level |
5 |
Example |
PKI/5/LOCAL_WILL_EXPIRE: -MDC=1; Local general certificate in domain dm1 will expire in 8 days. |
Explanation |
The general-purpose local certificate in PKI domain dm1 will expire in eight days. |
Recommended action |
Delete the local certificate and import a new local certificate. |
LOCAL_HAS_EXPIRE
Message text |
Local [STRING] certificate in domain [STRING] has expired for [INTEGER] days. |
Variable fields |
$1: Purpose of the certificate. $2: PKI domain name. $3: Number of days after expiration. |
Severity level |
4 |
Example |
PKI/4/LOCAL_HAS_EXPIRED: -MDC=1; Local general certificate in domain dm2 has expired for 7 days. |
Explanation |
The general-purpose local certificate in PKI domain dm2 has expired for seven days. |
Recommended action |
Delete the local certificate and import a new local certificate. |
PKT2CPU messages
This section contains PKT2CPU messages.
PKT2CPU_NO_RESOURCE
Message text |
-Interface=[STRING]-ProtocolType=[UINT32]-MacAddr=[STRING]; The resources are insufficient. -Interface=[STRING]-ProtocolType=[UINT32]-SrcPort=[UINT32]-DstPort=[UINT32]; The resources are insufficient. |
Variable fields |
$1: Interface type and number. $2: Protocol type. $3: MAC address or source port. $4: Destination port. |
Severity level |
4 |
Example |
PKT2CPU/4/PKT2CPU_NO_RESOURCE: -Interface=Ethernet0/0/2-ProtocolType=21-MacAddr=0180-c200-0014; The resources are insufficient. |
Explanation |
Hardware resources were insufficient. |
Recommended action |
Cancel the configuration. |
PKTCPT
This section contains packet capture messages.
PKTCPT_AP_OFFLINE
Message text |
Failed to start packet capture. Reason: AP was offline. |
Variable fields |
N/A |
Severity level |
6 |
Example |
PKTCPT/6/PKTCPT_AP_OFFLINE: Failed to start packet capture. Reason: AP was offline. |
Explanation |
Packet capture failed to start because the AP configured with packet capture was offline. |
Recommended action |
1. Verify the AP configuration, and restart packet capture after the AP comes online. 2. If the problem persists, contact H3C Support. |
PKTCPT_AREADY_EXIT
Message text |
Failed to start packet capture. Reason: The AP was uploading frames captured during the previous capturing operation. |
Variable fields |
N/A |
Severity level |
6 |
Example |
PKTCPT/6/PKTCPT_AREADY_EXIT: Failed to start packet capture. Reason: The AP was uploading frames captured during the previous capturing operation. |
Explanation |
When packet capture is stopped on the AC, the fit AP might be still uploading the captured frames. This message is generated when the user restarted packet capture at that time. |
Recommended action |
1. Restart packet capture later. 2. If the problem persists, contact H3C Support. |
PKTCPT_CONN_FAIL
Message text |
Failed to start packet capture. Reason: Failed to connect to the FTP server. |
Variable fields |
N/A |
Severity level |
6 |
Example |
PKTCPT/6/PKTCPT_CONN_FAIL: Failed to start packet capture. Reason: Failed to connect to the FTP server. |
Explanation |
Packet capture failed to start because the device failed to be connected to the FTP server in the same network segment. |
Recommended action |
1. Verify that the URL of the FTP server is valid. Possible reasons for an invalid URL include the specified IP address does not exist or is not the FTP server address, and the specified FTP server port is disabled. 2. Verify that the domain name resolution is successful. 3. Verify that the FTP server is reachable for the device configured with packet capture. 4. Verify that the FTP server is online. 5. If the problem persists, contact H3C Support. |
PKTCPT_INVALID_FILTER
Message text |
Failed to start packet capture. Reason: Invalid expression for matching packets to be captured. |
Variable fields |
N/A |
Severity level |
6 |
Example |
PKTCPT/6/PKTCPT_INVALD_FILTER: Failed to start packet capture. Reason: Invalid expression for matching packets to be captured. |
Explanation |
Packet capture failed to start because the capture filter expression was invalid. |
Recommended action |
1. Correct the capture filter expression. 2. If the problem persists, contact H3C Support. |
PKTCPT_LOGIN_DENIED
Message text |
Packet capture aborted. Reason: FTP server login failure. |
Variable fields |
N/A |
Severity level |
6 |
Example |
PKTCPT/6/PKTCPT_LOGIN_DENIED: Packet capture aborted. Reason: FTP server login failure. |
Explanation |
Packet capture stopped because the user failed to log in to the FTP server. |
Recommended action |
1. Verify the username and password. 2. If the problem persists, contact H3C Support. |
PKTCPT_MEMORY_ALERT
Message text |
Packet capture aborted. Reason: Memory threshold reached. |
Variable fields |
N/A |
Severity level |
6 |
Example |
PKTCPT/6/PKTCPT_MEMORY_ALERT: Packet capture aborted. Reason: Memory threshold reached. |
Explanation |
Packet capture stopped because the memory threshold was reached. |
Recommended action |
N/A |
PKTCPT_OPEN_FAIL
Message text |
Failed to start packet capture. Reason: File for storing captured frames not opened. |
Variable fields |
N/A |
Severity level |
6 |
Example |
PKTCPT/6/PKTCPT_OPEN_FAIL: Failed to start packet capture. Reason: File for storing captured frames not opened. |
Explanation |
Packer capture failed to start because the file for storing the captured frames cannot be opened. |
Recommended action |
1. Verify that the user has the write permission to the file. If the user does not have the write permission, assign the permission to the user. 2. Verify that the specified file has been created and is not used by another feature. If the file is used by another feature, use another file. 3. If the problem persists, contact H3C Support. |
PKTCPT_OPERATION_TIMEOUT
Message text |
Failed to start or continue packet capture. Reason: Operation timed out. |
Variable fields |
N/A |
Severity level |
6 |
Example |
PKTCPT/6/PKTCPT_OPERATION_TIMEOUT: Failed to start or continue packet capture. Reason: Operation timed out. |
Explanation |
This message is generated when one of the following situations occurs: · Packet capture failed to start because the FTP server in a different network segment is not reachable and the connection timed out. · Packet capture stopped because the FTP server in a different network segment is offline and uploading the captured frames timed out. |
Recommended action |
1. Verify that the FTP server is reachable. 2. Verify that the FTP server is online. 3. If the problem persists, contact H3C Support. |
PKTCPT_SERVICE_FAIL
Message text |
Failed to start packet capture. Reason: TCP or UDP port binding faults. |
Variable fields |
N/A |
Severity level |
6 |
Example |
PKTCPT/6/PKTCPT_SERVICE_FAIL: Failed to start packet capture. Reason: TCP or UDP port binding faults. |
Explanation |
Packet capture failed to start because an error occurs during TCP or UDP port binding. |
Recommended action |
1. Verify that Wireshark has been closed before you start packet capture. If it is not closed, close Wireshark, and then restart packet capture. 2. Bind a new TCP or UDP port, and then restart packet capture. 3. If the problem persists, contact H3C Support. |
PKTCPT_UNKNOWN_ERROR
Message text |
Failed to start or continue packet capture. Reason: Unknown error. |
Variable fields |
N/A |
Severity level |
6 |
Example |
PKTCPT/6/PKTCPT_UNKNOWN_ERROR: Failed to start or continue the packet capture. Reason: Unknown error. |
Explanation |
Packet capture failed to start or packet capture stopped because of an unknown error. |
Recommended action |
N/A |
PKTCPT_UPLOAD_ERROR
Message text |
Packet capture aborted. Reason: Failed to upload captured frames. |
Variable fields |
N/A |
Severity level |
6 |
Example |
PKTCPT/6/PKTCPT_UPLOAD_ERROR: Packet capture aborted. Reason: Failed to upload captured frames. |
Explanation |
Packet capture stopped because the capture failed to upload the captured frames. |
Recommended action |
1. Verify that the FTP working directory is not changed. 2. Verify that the user has the write permission to the file on the FTP server. 3. Verify that the FTP server is online. 4. Verify that the FTP server is reachable. 5. Verify that the FTP server has enough memory space. 6. Verify that the packet capture is not stopped during the upload of captured frames. 7. If the problem persists, contact H3C Support. |
PKTCPT_WRITE_FAIL
Message text |
Packet capture aborted. Reason: Not enough space to store captured frames. |
Variable fields |
N/A |
Severity level |
6 |
Example |
PKTCPT/6/PKTCPT_WRITE_FAIL: Packet capture aborted. Reason: Not enough space to store captured frames. |
Explanation |
Packet capture stopped because the memory space is not enough for storing captured frames. |
Recommended action |
1. Delete unnecessary files to release the space. 2. If the problem persists, contact H3C Support. |
Portal messages
This section contains portal messages.
PORTAL_LIMIT_GLOBAL
Message text |
User failed to come online. Reason=BAS global access limit already reached. |
Variable fields |
None. |
Severity level |
6 |
Example |
PORTAL/6/PORTAL_LIMIT_GLOBAL: -MDC=1; User failed to come online. Reason=BAS global access limit already reached. |
Explanation |
The maximum number of online portal users on the device was reached. |
Recommended action |
No action is required. |
PORTAL_LIMIT_IF
Message text |
User failed to come online through interface [STRING]. Reason=BAS access limit of the interface already reached. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
PORTAL/6/PORTAL_LIMIT_IF: -MDC=1-Slot=4; User failed to come online through interface GigabitEthernet4/2/20. Reason=BAS access limit of the interface already reached. |
Explanation |
The maximum number of online portal users on an interface was reached. |
Recommended action |
No action is required. |
PORTAL_USER_LOGON_SUCCESS
Message text |
-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]: User came online successfully. |
Variable fields |
$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. |
Severity level |
6 |
Example |
PORTAL/6/PORTAL_USER_LOGON_SUCCESS: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000- OuterVLAN=100-InnerVLAN=4000-MACAddr=0230-0103-5601; User came online successfully. |
Explanation |
A portal user came online successfully. |
Recommended action |
No action is required. |
PORTAL_USER_LOGON_FAIL
Message text |
-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; User failed to come online. |
Variable fields |
$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Login failure reason, see Table 1. |
Severity level |
6 |
Example |
PORTAL/6/PORTAL_USER_LOGON_FAIL: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000- OuterVLAN=100-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason=Authentication failure; User failed to come online. |
Explanation |
A portal user failed to come online. |
Recommended action |
Choose the recommended action according to the reason, see Table 1. |
Table 1 Reasons that a user fails to come online and recommended action
Reason |
Recommended action |
Authentication failure. |
· Verify that the device can correctly communicate with the authentication server. · Verify that the shared key is the same on the device and the authentication server. · Verify that the username is legal. · Verify that the password for the username is correct. · Verify that the authentication domain on the device is correct. |
Authorization failure. |
· Verify that the device can correctly communicate with the authorization server. · Verify that the authorization user attributes exist on the device and are correctly configured. · Verify that the device supports the authorization user attributes. |
Authentication ACK message was not received from the RADIUS server. |
Verify that the route to the RADIUS server is reachable. |
The device failed to send the authentication request to the RADIUS server. |
· Verify that the device can correctly communicate with the RADIUS server. · Verify that the RADIUS server is active. To display the server status, use the display radius scheme command. |
The RADIUS server rejected the authentication request. |
Verify that the username and password of the user is correct. |
Failed to add authorization information for the user. |
Verify that the authorized user attributes exist on the device and are correctly configured. |
Local authentication request was rejected. |
Verify that the username and password for the local user are correct. |
No authentication response was received from the authentication server. |
· Verify that the device can correctly communicate with the RADIUS server. · Verify that the RADIUS server is active. To display the server status, use the display radius scheme command. |
Maximum number of concurrent logins for the account already reached. |
· Examine the maximum number of concurrent logins using a username. · Modify the maximum number of concurrent logins using a username by using the access-limit command if necessary. |
Local user doesn't exist on the device. |
Verify that the local user configuration on the device is correct. |
Failed to assign a user rule. |
Release memory. |
Failed to obtain physical information. |
No action is required. |
Authorization ACL doesn't exist. |
Verify that the authorization ACL exists on the device. |
PORTAL_USER_LOGOFF
Message text |
-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]-Input Octets=[UINT32]-Output Octets=[UINT32]-Input Gigawords=[UINT32]-Output Gigawords=[UINT32]; User went offline. |
Variable fields |
$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Reason for user offline. This field always displays User request, which indicates the user requests to go offline. $8: Number of input octets. $9: Number of output octets. $10: Number of input gigawords. $11: Number of output gigawords |
Severity level |
6 |
Example |
PORTAL/6/PORTAL_USER_LOGOFF: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000- OuterVLAN=N/A-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason=User request-Input Octets=100-Output Octets=200-Input Gigawords=100-Output Gigawords=200; User went offline. |
Explanation |
A portal user went offline successfully. |
Recommended action |
No action is required. |
PORTAL_USER_LOGOFF_ABNORMAL
Message text |
-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]-Input Octets=[UINT32]-Output Octets=[UINT32]-Input Gigawords=[UINT32]-Output Gigawords=[UINT32]; User went offline abnormally. |
Variable fields |
$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Reason for user offline, see Table 2 $8: Number of input octets. $9: Number of output octets. $10: Number of input gigawords. $11: Number of output gigawords |
Severity level |
6 |
Example |
PORTAL/6/PORTAL_USER_LOGOFF_ABNORMAL: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000- OuterVLAN=100-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason=Port down-Input Octets=100-Output Octets=200-Input Gigawords=100-Output Gigawords=200; User went offline abnormally. |
Explanation |
A portal user went offline abnormally. |
Recommended action |
Choose the recommended action according to the reason (see Table 2). |
Table 2 Reasons that a user goes offline abnormally and recommended action
Reason |
Recommended action |
DHCP lease timeout. |
No action is required |
DHCP user request. |
No action is required. |
DHCP configuration changed. |
Verify that the DHCP server configuration is correct. |
Idle timeout. |
No action is required. |
Session timeout. |
No action is required. |
User detection failure |
No action is required. |
The RADIUS server forcibly logged out the user. |
No action is required. |
Interface down. |
· Verify that a cable is correctly inserted to the user access interface. · Verify that the user access interface is not shut down by using the shutdown command. |
Interface inactive. |
· Verify that a cable is correctly inserted to the user access interface. · Verify that the card or subcard where the user resides is correctly installed on the device. |
Port was removed from VLAN. |
Verify that portal roaming is enabled. |
Authorization ACL for the online user was deleted. |
No action is required. |
The device forcibly logged out the user. |
Make sure portal authentication is not disabled on the user access interface. |
Failed to synchronize user information with the server. |
· Make sure the user heartbeat interval configured on the portal authentication server is not greater than the user synchronization detection timeout configured on the access device. · Verify that the server is reachable. |
User recovery failure |
· Verify that the user access interface is up. · Verify that portal authentication is enabled on the user access interface. · Verify that the session timeout timer for the user does not expire. |
Authorization ACL for the online user changed. |
· Verify that the authorization ACL for the user is correctly assigned. · Verify that strict checking on authorized ACLs is disabled. |
Authorization user profile for the online user changed. |
· Verify that the authorization user profile for the user is correctly assigned by using the display user profile command. · Verify that strict checking on authorized user profiles is disabled. |
The RADIUS server doesn't reply to the accounting request. |
· Verify that the device can correctly communicate with the accounting server. · Verify that the status of the accounting server is active. |
Accounting update failure. |
· Verify that the device can correctly communicate with the accounting server. · Verify that the status of the accounting server is active. |
No AAA response for the accounting start packet was received. |
· Verify that the device can correctly communicate with the accounting server. · Verify that the status of the accounting server is active. |
Failed to send the accounting request for the user. |
· Verify that the device can correctly communicate with the accounting server. · Verify that the status of the accounting server is active. |
Traffic threshold for the user was reached. |
No action is required. |
PORTSEC messages
This section contains port security messages.
PORTSEC_ACL_FAILURE
Message text |
-IfName=[STRING]-MACAddr=[STRING]; ACL authorization failed because [STRING]. |
Variable fields |
$1: Interface type and number. $2: MAC address. $3: Cause of failure: · the specified ACL didn't exist. · this type of ACL is not supported. · hardware resources were insufficient. · the specified ACL conflicted with other ACLs applied to the interface. · the specified ACL didn't contain any rules. |
Severity level |
5 |
Example |
PORTSEC/5/PORTSEC_ACL_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; ACL authorization failed because the specified ACL didn't exist. |
Explanation |
ACL authorization failed for a specific reason. |
Recommended action |
To resolve the problem: 1. Handle the problem according to the failure cause. 2. If the problem persists, contact H3C Support. |
PORTSEC_LEARNED_MACADDR
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]; A new MAC address was learned. |
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. |
Severity level |
6 |
Example |
PORTSEC/6/PORTSEC_LEARNED_MACADDR:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444; A new MAC address was learned. |
Explanation |
A new secure MAC address was learned on the interface. |
Recommended action |
No action is required. |
PORTSEC_NTK_NOT_EFFECTIVE
Message text |
The NeedToKnow feature is configured but is not effective on interface [STRING]. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
PORTSEC/3/PORTSEC_NTK_NOT_EFFECTIVE: The NeedToKnow feature is configured but is not effective on interface Ethernet3/1/2. |
Explanation |
The NeedToKnow mode does not take effect on an interface, because the interface does not support the NeedToKnow mode. |
Recommended action |
1. Remove the problem depending on the network requirements: ¡ If the NeedToKnow feature is not required, disable the NeedToKnow feature on the interface. ¡ If the NeedToKnow feature is required, reconnect the connected devices to another interface that supports the NeedToKnow mode. Then, configure the NeedToKnow mode on the new interface. 2. If the problem persists, contact H3C Support. |
PORTSEC_PORTMODE_NOT_EFFECTIVE
Message text |
The port security mode is configured but is not effective on interface [STRING]. |
Variable fields |
$1: Interface type and number. |
Severity level |
3 |
Example |
PORTSEC/3/PORTSEC_PORTMODE_NOT_EFFECTIVE: The port security mode is configured but is not effective on interface Ethernet3/1/2. |
Explanation |
The port security mode does not take effect on an interface, because the interface does not support this mode. |
Recommended action |
1. Remove the problem by using one of the following methods: ¡ Change the port security mode to another mode that is supported by the interface. ¡ Reconnect the connected devices to another interface that supports this port security mode, and configure the port security mode on the new interface. 2. If the problem persists, contact H3C Support. |
PORTSEC_PROFILE_FAILURE
Message text |
-IfName=[STRING]-MACAddr=[STRING]; Failed to assign a user profile to driver. |
Variable fields |
$1: Interface type and number. $2: MAC address. |
Severity level |
5 |
Example |
PORTSEC/5/PORTSEC_PROFILE_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; Failed to assign a user profile to driver. |
Explanation |
The device failed to assign a user profile to the driver. |
Recommended action |
No action is required. |
PORTSEC_VIOLATION
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-IfStatus=[STRING]; Intrusion protection was triggered. |
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Interface status. |
Severity level |
5 |
Example |
PORTSEC/5/PORTSEC_VIOLATION:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-IfStatus=Up; Intrusion protection was triggered. |
Explanation |
Intrusion protection was triggered. |
Recommended action |
To resolve the problem: 1. Perform either of the following tasks: ¡ Check the port security configuration. ¡ Change the port security mode to another mode. 2. If the problem persists, contact H3C Support. |
PS messages
This section contains protection switching messages.
PS_SWITCH_WTOP
Message text |
Tunnel-bundle[STRING]: Switched from working tunnel [STRING] to protection tunnel [STRING]. |
Variable fields |
$1: Tunnel bundle interface information. $2: Working tunnel information. $3: Protection tunnel information. |
Severity level |
4 |
Example |
|
Explanation |
Traffic is switched to the protection tunnel because the working tunnel has failed. |
Recommended action |
No action is required. |
PS_SWITCH_PTOW
Message text |
Tunnel-bundle[STRING]: Switched from protection tunnel [STRING] to working tunnel [STRING]. |
Variable fields |
$1: Tunnel bundle interface information. $2: Protection tunnel information. $3: Working tunnel information. |
Severity level |
4 |
Example |
PS/4/PS_SWITCH_PTOW: Tunnel-bundle1: Switched from protection tunnel tunnel1 to working tunnel tunnel2. |
Explanation |
Traffic is switched to the working tunnel because the working tunnel has recovered. |
Recommended action |
No action is required. |
PTP messages
This section contains PTP messages.
PTP_SRC_CLASS_BELOW_THRESHOLD
Message text |
The clock source class fell below the threshold. |
Variable fields |
N/A |
Severity level |
4 |
Example |
PTP/4/PTP_SRC_CLASS_BELOW_THRESHOLD: The clock source class fell below the threshold. |
Explanation |
The class of the clock source fell below the threshold. Possible reasons include: · The device synchronizes its time to a clock source through its PTP input interface. The class of the clock source fell below the threshold and the number of removed steps from the GM to the clock source was 0. · The device directly obtains time from a ToD clock. The class of the ToD clock fell below the threshold. |
Recommended action |
Execute the display ptp clock or display ptp parent command to identify whether the class of the clock source is below the threshold. · If the class is below the threshold, raise the clock source class or change to another clock source with a higher class. Then identify whether a PTP_SRC_CLASS_RECOVER log has been output. ¡ If a PTP_CLOCK_SRC_RECOVER log has been output, the issue is resolved. ¡ If no PTP_CLOCK_SRC_RECOVER log is output, collect log and configuration information and contact the support. · If the class is higher than the threshold, collect log and configuration information and contact the support. |
PTP_CLOCK_SRC_RECOVER
Message text |
The clock source class crossed the threshold. |
Variable fields |
N/A |
Severity level |
4 |
Example |
PTP/4/PTP_SRC_CLASS_RECOVER: The clock source class crossed the threshold. |
Explanation |
The class of the clock source crossed the threshold. |
Recommended action |
No action is required. |
PTP_EXT_TIME_PORT_DISCONNECT
Message text |
The external time port became disconnect. (ExtTimePortType=[STRING]) |
Variable fields |
$1: ToD interface type: ¡ ToD0 ¡ ToD1 |
Severity level |
4 |
Example |
PTP/4/PTP_EXT_TIME_PORT_DISCONNECT: The external time port became disconnect. (ExtTimePortType=ToD0) |
Explanation |
The device failed to receive clock signals from the external clock source, or the external clock source terminated the connection to the device. |
Recommended action |
Identify whether the PTP interface connected to the external clock source is up. · If the PTP interface is up, collect log and configuration information and contact the support. · If the PTP interface is down, the link or the interface is down. Resolve the issue and recover the link. |
PTP_EXT_TIME_PORT_RECOVER
Message text |
The external time port status resumed. (ExtTimePortType=[STRING]) |
Variable fields |
$1: External clock type: ¡ ToD0 ¡ ToD1 |
Severity level |
4 |
Example |
PTP/4/PTP_EXT_TIME_PORT_RECOVER: The external time port status resumed. (ExtTimePortType=ToD0) |
Explanation |
· The device resumed signal receiving from the external clock source. · The physical link between the device and the external clock source recovered. |
Recommended action |
No action is required. |
PTP_FREQUENCY_LOCK
Message text |
Clock frequency resumed to locked state. |
Variable fields |
N/A |
Severity level |
3 |
Example |
PTP/3/PTP_FREQUENCY_LOCK: Clock frequency resumed to locked state. |
Explanation |
The clock frequency resumed from not locked state. |
Recommended action |
No action is required. |
PTP_FREQUENCY_NOT_LOCK
Message text |
Clock frequency not in locked state. |
Variable fields |
N/A |
Severity level |
3 |
Example |
PTP/3/PTP_FREQUENCY_NOT_LOCK: Clock frequency not in locked state. |
Explanation |
The clock frequency is in unlocked state. Possible reasons include: · In SyncE frequency synchronization mode, the frequency offset of the reference source is large. · In 1588v2 frequency synchronization mode, the timestamps are abnormal. · The output frequency offset of the system clock exceeds +/-10 ppm. |
Recommended action |
Identify whether a PTP_FREQUENCY_LOCK log will be output after this log. · If a PTP_FREQUENCY_LOCK log is output, the device has just started up or frequency flapping has occurred. · If no PTP_FREQUENCY_LOCK log is output, identify whether the PTP settings have changed. ¡ If the PTP settings have changed, restore the settings. ¡ If the PTP settings have not changed, collect log and configuration information and contact the support. |
PTP_MASTER_CLOCK_CHANGE
Message text |
PTP master clock property changed. (OldMasterClockId=[STRING], CurrentMasterClockId=[STRING], NewSourceIfIndex=[UINT16], OldSourcePortNum=[UINT16], CurrentSourcePortNum=[UINT16], OldSourcePortName=[STRING], CurrentSourcePortName=[STRING]) |
Variable fields |
$1: ID of the original master clock. $2: ID of the current master clock. $3: Index of the new clock source. $4: Number of the interface through which the old clock source distributed its time to the device. $5: Number of the interface through which the new clock source distributes its time to the device. $6: Name of the interface through which the old clock source distributed its time to the device. $7: Name of the interface through which the new clock source distributes its time to the device. |
Severity level |
4 |
Example |
PTP/4/PTP_MASTER_CLOCK_CHANGE: PTP master clock property changed. (OldMasterClockId=000FE2-FFFE-FF0000, CurrentMasterClockId=000FE2-FFFE-FF0000, NewSourceIfIndex=1, OldSourcePortNum=2, CurrentSourcePortNum=1, OldSourcePortName=G1/0/2, CurrentSourcePortName=G1/0/1) |
Explanation |
The attributes of the master clock changed. Possible reasons include: · The attributes of the clock nodes in the PTP domain had changed. As a result, a clock source with higher priority appeared or the path to the clock source changed. · The device had connected to a clock source with higher priority. · The PTP interface that received clock source signals is down or its link is down. |
Recommended action |
Execute the display ptp interface brief command to check for PTP interfaces in Disabled state. · If a PTP interface is in Disabled state, the interface does not handle PTP messages. Collect log and configuration information and contact the support. · If no PTP interface is in Disabled state, identify whether PTP settings have changed. ¡ If PTP settings have changed, restore the settings. ¡ If PTP settings have not changed, collect log and configuration information and contact the support. |
PTP_PKT_ABNORMAL
Message text |
Received an abnormal PTP packet. |
Variable fields |
N/A |
Severity level |
6 |
Example |
PTP/6/PTP_PKT_ABNORMAL: Received an abnormal PTP packet. |
Explanation |
The device received a defective PTP packet. The TimeSource, TimeTraceable, or FreqencyTraceable field of the packet might be incorrect. |
Recommended action |
To resolve the issue: 1. Determine whether the peer device has been configured with a special PTP technical standard. ¡ If the peer device has been configured with a special PTP technical standard, go to 3. ¡ If the peer device has not been configured with a special PTP technical standard, go to 2. ¡ If a PTP_PKT_ABNORMALCOUNT log has been output, go to 4. ¡ If no PTP_PKT_ABNORMALCOUNT log has been output, the issue is resolved. 3. Wait 20 minutes. Then identify whether a PTP_PKT_ABNORMALCOUNT log has been output. ¡ If a PTP_PKT_ABNORMALCOUNT log has been output, go to 4. ¡ If no PTP_PKT_ABNORMALCOUNT log has been output, the issue is resolved. 4. Collect alarm, log, and configuration information and contact the support. |
PTP_PKT_ABNORMALCOUNT
Message text |
Received [ULONG] abnormal PTP packets in the last 10 minutes. |
Variable fields |
$1: Number of abnormal PTP packets received in the last 10 minutes. |
Severity level |
6 |
Example |
PTP/6/PTP_PKT_ABNORMALCOUNT: Received 300 abnormal PTP packets in the last 10 minutes. |
Explanation |
The device has received abnormal PTP packets in the last 10 minutes. |
Recommended action |
To resolve the issue: 1. Determine whether the peer device has been configured with a special PTP technical standard. ¡ If the peer device has been configured with a special PTP technical standard, go to 3. ¡ If the peer device has not been configured with a special PTP technical standard, go to 2. ¡ If a PTP_PKT_ABNORMALCOUNT log has been output, go to 4. ¡ If no PTP_PKT_ABNORMALCOUNT log has been output, the issue is resolved. 3. Wait 20 minutes. Then identify whether a PTP_PKT_ABNORMALCOUNT log has been output. ¡ If a PTP_PKT_ABNORMALCOUNT log has been output, go to 4. ¡ If no PTP_PKT_ABNORMALCOUNT log has been output, the issue is resolved. 4. Collect alarm, log, and configuration information and contact the support. |
PTP_PKTLOST_RECOVER
Message text |
PTP packets lost were recovered. (PktType=[STRING]) |
Variable fields |
$1: PTP message type: ¡ Delay_Resp ¡ Announce ¡ Sync ¡ Pdelay_Resp |
Severity level |
4 |
Example |
PTP/4/PTP_PKTLOST_RECOVER: PTP packets lost were recovered. (PktType =Announce) |
Explanation |
· The subordinate port resumed receiving of Announce, Delay_Resp, and Sync messages. A timeout had occurred before. · The device role changed from member clock to master clock. A PTP message receiving timeout had occurred before. |
Recommended action |
No action is required. |
PTP_PKTLOST
Message text |
PTP packets were lost. (PktType=[STRING]) |
Variable fields |
$1: PTP message type: ¡ Delay_Resp ¡ Announce ¡ Sync ¡ Pdelay_Resp |
Severity level |
4 |
Example |
PTP/4/PTP_PKTLOST: PTP packets were lost. (PktType=Announce) |
Explanation |
The subordinate port failed to receive Announce, Delay_Resp, and Sync messages within the timeout period. |
Recommended action |
Execute the display ptp statistics command to identify whether the counts of the received PTP messages are increasing. · If the counts are increasing, the timeout was caused by link delay. No action is required. · If the counts are not increasing, execute the display ptp statistics command to identify whether the counts of transmitted messages are increasing. ¡ If the counts are increasing, a link failure caused the timeout. Resolve the issue and recover the link. ¡ If the counts are not increasing, collect log and configuration information and contact the support. |
PTP_PORT_BMCINFO_CHANGE
Message text |
The BMC info for port [UINT16] changed. (PortName=[STRING], PortSourceId=[STRING], PortSourcePortNum=[UINT16], PortSourceStepsRemoved=[UINT16], CurrentMasterClockId=[STRING]) |
Variable fields |
$1: PTP interface index. $2: PTP interface name. $3: Clock source ID that the PTP interface receives. $4: Clock source port number that the PTP interface receives. $5: Number of removed steps that the PTP interface receives. $6: Master clock ID. |
Severity level |
5 |
Example |
PTP/5/PTP_PORT_BMCINFO_CHANGE: The BMC info for port 1 changed. (PortName=G1/0/1, PortSourceId=000FE2-FFFE-FF0001, PortSourcePortNum=1, PortSourceStepsRemoved=5, CurrentMasterClockId=000FE2-FFFE-FF0000) |
Explanation |
Clock source information received by the PTP interface changed, including the clock source ID, port number, and number of removed steps. |
Recommended action |
No action is required. |
PTP_PORT_STATE_CHANGE
Message text |
PTP port state changed. (IfIndex=[UINT16], PortName=[STRING], PortState=[STRING], OldPortState=[STRING]) |
Variable fields |
$1: PTP interface index. $2: PTP interface name. $3: PTP interface state. ¡ Master—Sends synchronization messages. ¡ Slave—Receives synchronization messages. ¡ Passive—Neither receives nor sends synchronization messages. A PTP interface is in passive state after it receives an announce message. ¡ Listening—Neither receives nor sends synchronization messages. A PTP interface is in listening state after being initialized. ¡ Faulty—PTP is running incorrectly. A PTP interface in faulty state does not process PTP messages. ¡ Initializing—The interface is initializing. A PTP interface in initializing state does not process PTP messages. ¡ Premaster—Temporary state before the interface enters Master state. ¡ Disabled—PTP is not running on the interface. The interface does not process PTP messages. ¡ Uncalibrated—Temporary state before the interface enters Slave state. $4: Previous state of the PTP interface. |
Severity level |
5 |
Example |
PTP/5/PTP_PORT_STATE_CHANGE: PTP port state changed. (IfIndex=1, PortName=G1/0/1, PortState=Slave, OldPortState=Master) |
Explanation |
PTP interface state changed. Possible reasons include: · The attributes of the clock nodes in the PTP domain had changed, including the priority, time class, time accuracy, and NotSlave feature. · The device had connected to another clock source with higher priority. · The PTP interface or its link had gone down. |
Recommended action |
Execute the display ptp interface brief command to identify whether a PTP interface is in Fault state. · If there is a PTP interface in Fault state, the PTP interface or its link was down. Resolve the issue and recover the link. · If no PTP interface is in Fault state, identify whether PTP settings have changed. ¡ If PTP settings have changed, restore the settings. ¡ If PTP settings have not changed, collect log and configuration information and contact the support. |
PTP_SRC_CHANGE
Message text |
Clock source property changed. (SourceName=[STRING], Priority1=[UCHAR], Priority2=[UCHAR], ClockClass=[UINT16], ClockAccuracy=[UINT16]], ClockSourceType=[STRING]) |
Variable fields |
$1: Clock source: ¡ Local ¡ ToD1 ¡ ToD2 $2: Priority 1 $3: Priority 2 $4: Class of the clock source $5: Accuracy of the clock source $6: GM type: ¡ Atomic clock. ¡ Global Positioning System (GPS). ¡ Handset. ¡ Internal oscillator. ¡ NTP. ¡ Other. ¡ PTP. ¡ Terrestrial radio. ¡ Unknown. |
Severity level |
5 |
Example |
PTP/5/PTP_SRC_CHANGE: Clock source property changed. (SourceName=Tod1, Priority1=1, Priority2=2, ClockClass=6, ClockAccuracy=20, ClockSourceType=Atomic clock) |
Explanation |
The attributes of the clock source changed. Possible reasons include: · Command lines had been executed to change the clock source attributes. · The device had connected to another clock source with a higher accuracy. |
Recommended action |
No action is required. |
PTP_SRC_SWITCH
Message text |
Clock source switched. (LastClockID=[STRING], CurrentClockID=[STRING]) |
Variable fields |
$1: ID of the original clock source $2: ID of the current clock source. |
Severity level |
4 |
Example |
PTP/4/PTP_SRC_SWITCH: Clock source switched.(LastSource=000FE2-FFFE-FF0000, CurrentSource=000FE2-FFFE-FF0001) |
Explanation |
A clock source with higher accuracy and priority had been added to the PTP domain. The device had selected another clock source. |
Recommended action |
No action is required. |
PTP_TIME_LOCK
Message text |
Time resumed to locked state. |
Variable fields |
N/A |
Severity level |
3 |
Example |
PTP/3/PTP_TIME_LOCK: Time resumed to locked state. |
Explanation |
The device time resumed from not locked state. |
Recommended action |
No action is required. |
PTP_TIME_NOT_LOCK
Message text |
Time not in locked state. |
Variable fields |
N/A |
Severity level |
3 |
Example |
PTP/3/PTP_TIME_NOT_LOCK: Time not in locked state. |
Explanation |
The device time is not in locked state. Possible reasons include: · The frequency is not in locked state. · A fault has occurred on the subcard logic or the clock daughter card. · The timestamps received by the DSP remain unchanged or are incorrect. |
Recommended action |
Identify whether the PTP subordinate port or its link is down. · If the PTP subordinate port or its link is down, resolve the issue and recover the link. · If the PTP subordinate port is operating correctly, identify whether PTP settings have changed. ¡ If PTP settings have changed, restore the settings. ¡ If PTP settings have not changed, collect log and configuration information and contact the support. |
PTP_TIME_OFFSE_EXCEED_THRESHOLD
Message text |
The PTP time offset exceeded the threshold. (TimeOffset=[UINT16], AlarmThresholdTimeOffset=[UINT16]) |
Variable fields |
$1: Offset between the PTP time and the external reference time. $2: Offset threshold between the PTP time and the external reference time. |
Severity level |
4 |
Example |
PTP/4/PTP_TIME_OFFSET_EXCEED_THRESHOLD: The PTP time offset exceeded the threshold. (TimeOffset=500, AlarmThresholdTimeOffset=400) |
Explanation |
The offset between the PTP time and the external reference time exceeded the threshold. |
Recommended action |
Execute the ptp asymmetry-correction command to set the asymmetric delay correction time so that the PTP time is consistent with the external reference time. Then identify whether a PTP_TIME_OFFSET_RECOVER log has been output. · If a PTP_TIME_OFFSET_RECOVER log has been output, the issue is resolved. · If no PTP_TIME_OFFSET_RECOVER log is output, collect log and configuration information and contact the support. |
PTP_TIME_OFFSET_RECOVER
Message text |
The PTP standard time offset resumed. (TimeOffset=[UINT16], AlarmThresholdTimeOffset=[UINT16]) |
Variable fields |
$1: Offset between the PTP time and the external reference time. $2: Offset threshold between the PTP time and the external reference time. |
Severity level |
4 |
Example |
PTP/4/PTP_STANDARD_TIME_OFFSET_RECOVER: The PTP standard time offset resumed. (TimeOffset=300, AlarmThresholdTimeOffset=400) |
Explanation |
The PTP time resumed from large offset with the external reference time. |
Recommended action |
No action is required. |
PTP_TIME_SYNC
Message text |
Time resumed to synchronized state. |
Variable fields |
N/A |
Severity level |
4 |
Example |
PTP/4/PTP_TIME_SYNC: Time resumed to synchronized state. |
Explanation |
The device time has been synchronized. |
Recommended action |
No action is required. |
PTP_TIME_UNSYNC
Message text |
Time changed to unsynchronized state. |
Variable fields |
N/A |
Severity level |
4 |
Example |
PTP/4/PTP_TIME_UNSYNC: Time changed to unsynchronized state. |
Explanation |
The device time is not synchronized. Possible reasons include: · The device failed to trace a clock source because of link or interface failure. · The clock source of the device has a priority so high that the device cannot synchronize time to another device. |
Recommended action |
1. Execute the display ptp interface brief command to identify whether a PTP subordinate port is available ¡ If a PTP subordinate port is available, contact the support. ¡ If no PTP subordinate port is available, go to step 2. 2. Execute the display ptp clock command to identify whether the clock type is ToD. ¡ If the clock type is ToD, go to step 3. ¡ If the clock type is not ToD, no clock source is available for the device. 3. Identify whether the ptp { tod0 | tod1 } input command has been executed to enable the device to receive signals from a ToD clock. ¡ If this configuration exists, contact the support. ¡ If no such configuration exists, go to step 4. 4. Execute the ptp { tod0 | tod1 } input command to specify the input direction for the device to receive ToD clock signals. Then identify whether a PTP_TIME_SYNC log has been output. ¡ If a PTP_TIME_SYNC log has been output, the issue is resolved. ¡ If no PTP_TIME_SYNC log is output, collect log and configuration information and contact the support. |
PTP_TIMESTAMP_CHANGE
Message text |
The timestamp state turned to normal. |
Variable fields |
N/A |
Severity level |
3 |
Example |
PTP/3/PTP_TIMESTAMP_CHANGE: The timestamp state turned to normal. |
Explanation |
The timestamp state resumed from remaining unchanged. |
Recommended action |
No action is required. |
PTP_TIMESTAMP_UNCHANGE
Message text |
The timestamp state turned to abnormal. |
Variable fields |
N/A |
Severity level |
3 |
Example |
PTP/3/PTP_TIMESTAMP_UNCHANGE: The timestamp state turned to abnormal. |
Explanation |
The timestamps in the PTP messages received by the device remained unchanged. |
Recommended action |
Execute the display ptp statistics command to identify whether the count of Sync messages is increasing. · If the count is increasing, collect log and configuration information and contact the support. · If the count is not increasing, check the link for errors. Fix the error if any and identify whether a PTP_TIMESTAMP_CHANGED log has been output. ¡ If a PTP_TIMESTAMP_CHANGED log has been output, the timestamp state has resumed. ¡ If no PTP_TIMESTAMP_CHANGED log is output, collect log and configuration information and contact the support. |
PTP_TIMOFFSUM_PK-PK_ALARM
Message text |
The PTP time offset sum exceeded the threshold. (TimeOffsetSum=[UINT16], TimeOffsetSumAlarmThreshold=[UINT16]) |
Variable fields |
$1: PTP time-offset-sum peak-to-peak value. $2: PTP time-offset-sum peak-to-peak threshold. |
Severity level |
4 |
Example |
PTP/4/PTP_TIMOFFSUM_PK-PK_ALARM: The PTP time offset sum exceeded the threshold. (TimeOffsetSum=500, TimeOffsetSumAlarmThreshold=400) |
Explanation |
The PTP time-offset-sum peak-to-peak value exceeded the threshold. |
Recommended action |
To resolve the issue: 1. Determine whether the PTP time is in locked state. ¡ If the PTP time is in locked state, go to 3. ¡ If the PTP time is in unlocked state, go to 2. 2. Wait 15 minutes. Then determine whether the PTP time is in locked state. ¡ If the PTP time is in locked state, go to 3. ¡ If the PTP time is in unlocked state, go to 4. 3. Wait 15 minutes. Then identify whether a PTP_TIMOFFSUM_RECOVER log has been output. ¡ If a PTP_TIMOFFSUM_RECOVER log has been output, the issue is resolved. ¡ If no PTP_TIMOFFSUM_RECOVER log has been output, go to 4. 4. Collect alarm, log, and configuration information and contact the support. |
PTP_TIMOFFSUM_PK-PK_RECOVER
Message text |
The PTP time offset sum resumed. (TimeOffsetSum=[UINT16], TimeOffsetSumAlarmThreshold=[UINT16]) |
Variable fields |
$1: PTP time-offset-sum peak-to-peak value. $2: PTP time-offset-sum peak-to-peak threshold. |
Severity level |
4 |
Example |
PTP/4/PTP_TIMOFFSUM_PK-PK_RECOVER: The PTP time offset sum resumed. (TimeOffsetSum=300, TimeOffsetSumAlarmThreshold=400) |
Explanation |
The PTP time-offset-sum peak-to-peak value dropped below the threshold. |
Recommended action |
No action is required. |
PWDCTL messages
This section contains password control messages.
PWDCTL_ADD_BLACKLIST
Message text |
[STRING] was added to the blacklist for failed login attempts. |
Variable fields |
$1: Username. |
Severity level |
6 |
Example |
PWDCTL/6/PWDCTRL_ADD_BLACKLIST: hhh was added to the blacklist for failed login attempts. |
Explanation |
The user entered an incorrect password. It failed to log in to the device and was added to the password control blacklist. |
Recommended action |
No action is required. |
PWDCTL_CHANGE_PASSWORD
Message text |
[STRING] changed the password because [STRING]. |
Variable fields |
$1: Username. $2: The reasons for changing password. · it was the first login of the account. · the password had expired. · the password was too short. · the password was not complex enough. · the password was default password. |
Severity level |
6 |
Example |
PWDCTL/6/PWDCTL_CHANGE_PASSWORD: hhh changed the password because It was the first login of the account. |
Explanation |
The user changed the password for some reason. For example, the user changed the password because it is the first login of the user's account. |
Recommended action |
No action is required. |
PWDCTL_FAILED_TO_OPENFILE
Message text |
Failed to create or open the password file. |
Variable fields |
N/A |
Severity level |
3 |
Example |
PWDCTL/3/PWDCTL_FAILED_TO_OPENFILE: Failed to create or open the password file. |
Explanation |
The device failed to create or open a .dat file because of file system exception. |
Recommended action |
Check the file system of the device for memory space insufficiency. |
PWDCTL_FAILED_TO_WRITEPWD
Message text |
Failed to write the password records to file. |
Variable fields |
N/A |
Severity level |
3 |
Example |
PWDCTL/3/PWDCTL_FAILED_TO_WRITEPWD: Failed to write the password records to file. |
Explanation |
The device failed to write a password to a file. |
Recommended action |
Check the file system of the device for memory space insufficiency. |
PWDCTL_NOENOUGHSPACE
Message text |
Not enough free space on the storage media where the file is located. |
Variable fields |
N/A |
Severity level |
3 |
Example |
PWDCTL/3/PWDCTL_NOENOUGHSPACE: Not enough free space on the storage media where the file is located. |
Explanation |
Operation failed because not enough memory space is available on the storage media (such as the flash or CF card) where the .dat file is located. |
Recommended action |
Check the file system of the device for memory space insufficiency. |
PWDCTL_NOTFOUNDUSER
Message text |
Can't find the username in the file. |
Variable fields |
N/A |
Severity level |
3 |
Example |
PWDCTL/3/PWDCTL_NOTFOUNDUSER: Can't find the username in the file. |
Explanation |
The local user fails to set the password because the user information is not in the .dat file. |
Recommended action |
Create another local user, or disable the password control feature and then enable the feature. |
PWDCTL_UPDATETIME
Message text |
Last login time updated after clock update. |
Variable fields |
N/A |
Severity level |
6 |
Example |
PWDCTL/6/PWDCTL_UPDATETIME: Last login time updated after clock update. |
Explanation |
The most recent login time has been updated. |
Recommended action |
No action is required. |
QOS messages
This section contains QoS messages.
EDSG_CONFIG_CONFLICT
Message text |
Failed to activate EDSG service policy [UINT32] on user [UINT32]. The EDSG service policy conflicts with existing configurations in the [STRING] direction. |
Variable fields |
$1: EDSG service policy ID. $2: User ID. $3: Direction. |
Severity level |
3 |
Example |
QOS/3/EDSG_ CONFIG_CONFLICT: Failed to activate EDSG service policy 1 on user 0x30000072. The EDSG service policy conflicts with existing configurations in the outbound direction. |
Explanation |
The system failed to activate an EDSG service policy on a user, because the EDSG service policy conflicts with the following configurations: · Queue scheduling profile, GTS, or the queue specified for session packets in user profile view. · HQoS configuration in interface view. |
Recommended action |
Modify the configuration that conflicts with the EDSG service policy. |
EDSG_EXCEED_LIMIT
Message text |
Failed to activate EDSG service policy [UINT32] on user [UINT32]. The EDSG service policy ID is out of range. |
Variable fields |
$1: EDSG service policy ID. $2: User ID. |
Severity level |
3 |
Example |
QOS/3/EDSG_ EXCEED_LIMIT: Failed to activate EDSG service policy 1 on user 0x30000072. The EDSG service policy ID is out of range. |
Explanation |
The system failed to activate an EDSG service policy on a user, because the EDSG service policy ID is out of range. |
Recommended action |
1. Check whether multiple EDSG service policies can be activated on one user. ¡ If only one EDSG service policy can be activated on one user, the EDSG service policy ID must be 1. ¡ If multiple (for example, N) EDSG service policies can be activated on one user, the value range for the policy ID is 1 to N. 2. Modify the EDSG service policy ID to an ID supported by the device. |
EDSG_LRMODE_CONFLICT
Message text |
Failed to activate EDSG service policy [UINT32] on user [UINT32]. The rate limit mode for the EDSG service policy is different from the rate limit mode for an existing EDSG service policy. |
Variable fields |
$1: EDSG service policy ID. $2: User ID. |
Severity level |
3 |
Example |
QOS/3/EDSG_LRMODE_CONFLICT: Failed to activate EDSG service policy 1 on user 0x30000072. The rate limit mode for the EDSG service policy is different from the rate limit mode for an existing EDSG service policy. |
Explanation |
The system failed to activate an EDSG service policy on a user, because the rate limit mode for the EDSG service policy is different from the rate limit mode for an existing EDSG service policy. |
Recommended action |
Modify the rate limit mode for the EDSG service policy. |
EDSG_MODE_CONFLICT
Message text |
Failed to activate EDSG service policy [UINT32] on user [UINT32]. The status of the separate rate limiting function for the EDSG service policy is different from the status of this function for an existing EDSG service policy. |
Variable fields |
$1: EDSG service policy ID. $2: User ID. |
Severity level |
3 |
Example |
QOS/3/EDSG_ EXCEED_LIMIT: Failed to activate EDSG service policy 1 on user 0x30000072. The status of the separate rate limiting function for the EDSG service policy is different from the status of this function for an existing EDSG service policy. |
Explanation |
The system failed to activate an EDSG service policy on a user, because the status of the separate rate limiting function for the EDSG service policy is different from the status of this function for an existing EDSG service policy. |
Recommended action |
No action is required. |
EDSG_NOT_SUPPORT
Message text |
Failed to activate EDSG service policy [UINT32] on user [UINT32]. The EDSG service policy is not supported. |
Variable fields |
$1: EDSG service policy ID. $2: User ID. |
Severity level |
3 |
Example |
QOS/3/EDSG_NOT_SUPPORT: Failed to activate EDSG service policy 1 on user 0x30000072. The EDSG service policy is not supported. |
Explanation |
The system failed to activate an EDSG service policy on a user, because the EDSG service policy is not supported. |
Recommended action |
Modify the configuration to enable the user to come online from an interface that supports the EDSG service policy. |
QOS_CAR_APPLYIF_FAIL
Message text |
[STRING]; Failed to apply the [STRING] CAR in [STRING] profile [STRING] to interface [STRING]. Reason: [STRING]. |
Variable fields |
$1: Interface information. $2: Application direction: inbound or outbound. $3: Profile type, which is user. $4: Profile name. $5: Interface name. $6: Failure cause: · The CAR is not supported. · The resources are insufficient. |
Severity level |
4 |
Example |
QOS/4/QOS_CAR_APPLYIF_FAIL: Port=GigabitEthernet1/0/1; Failed to apply the inbound CAR in user profile a to interface GigabitEthernet1/0/1. Reason: The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions: · Apply the CAR settings when applying a user profile to an interface. · Add or modify CAR settings in a user profile already applied to an interface. |
Recommended action |
Delete or modify the CAR settings in the user profile. |
QOS_CAR_APPLYUSER_FAIL
Message text |
[STRING]; Failed to apply the [STRING] CAR in [STRING] profile [STRING] to the user. Reason: [STRING]. |
Variable fields |
$1: User identity. $2: Application direction. $3: Profile type. $4: Profile name. $5: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_CAR_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to apply the inbound CAR in user profile a to the user. Reason: The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions: · Apply a CAR policy when a user came online. · Modify a configured CAR policy or configure a new CAR policy when a user is online. |
Recommended action |
Delete the CAR policy from the profile or modify the parameters of the CAR policy. |
QOS_CBWFQ_REMOVED
Message text |
CBWFQ is removed from [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
3 |
Example |
QOS/3/QOS_CBWFQ_REMOVED: CBWFQ is removed from GigabitEthernet4/0/1. |
Explanation |
CBWFQ was removed from an interface because the maximum bandwidth or speed configured on the interface was below the bandwidth or speed required for CBWFQ. |
Recommended action |
Increase the bandwidth or speed and apply the removed CBWFQ again. |
QOS_GTS_APPLYIF_FAIL
Message text |
[STRING]; Failed to apply the [STRING] GTS in [STRING] profile [STRING] to interface [STRING]. Reason: [STRING]. |
Variable fields |
$1: User identity. $2: Application direction. $3: Profile type, which is user. $4: Profile name. $5: Interface name. $6: Failure cause: · The resources are insufficient. · The configuration in the user profile to be applied conflicts with the existing configuration on the interface. |
Severity level |
4 |
Example |
QOS/4/QOS_GTS_APPLYIF_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply the inbound GTS in user profile u1 to interface GigabitEthernet5/1/5. Reason: The resources are insufficient. |
Explanation |
The system failed to perform one of the following actions: · Apply the GTS settings when applying a user profile to an interface. · Add or modify GTS settings in a user profile already applied to an interface. |
Recommended action |
Delete or modify the GTS settings in the user profile. |
QOS_GTS_APPLYINT_FAIL
Message text |
Failed to apply the gts configuration to the interface [STRING]. [STRING] |
Variable fields |
$1: Interface name. $2: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_GTS_APPLYINT_FAIL; Failed to apply the gts configuration to the interface Route-Aggregation1. The operation is not supported. |
Explanation |
The interface does not support GTS configuration. |
Recommended action |
None. |
QOS_DIFFSERV_CFG_FAIL
Message text |
Failed to configure the MPLS Diffserv mode in VPN instance [STRING]. Reason: [STRING]. |
Variable fields |
$1: VPN instance name. $2: Failure cause: ¡ The card does not support MPLS Diffserv mode. |
Severity level |
4 |
Example |
QOS/4/QOS_DIFFSERV_CFG_FAIL: -MDC=1-Chassis=1-Slot=5; Failed to configure the MPLS Diffserv mode in VPN instance vpn1. Reason: The card does not support MPLS Diffserv mode. |
Explanation |
The system failed to configure the MPLS Diffserv mode in a VPN instance. |
Recommended action |
No action is required. |
QOS_GTS_APPLYUSER_FAIL
Message text |
[STRING]; Failed to apply the [STRING] GTS to the traffic of user profile a in [STRING] in [STRING] profile [STRING] to the user. Reason: [STRING]. |
Variable fields |
$1: User identity. $2: Application direction. $3: Application scope. $4: Profile type. $5: User profile name. $6: Failure cause: ¡ The resources are insufficient. ¡ The GTS configuration conflicts with the CAR configuration in an EDSG service policy. |
Severity level |
4 |
Example |
QOS/4/QOS_GTS_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply the inbound GTS to the traffic of session group profile a in queue 0. Reason: The GTS configuration conflicts with the CAR configuration in an EDSG service policy. |
Explanation |
The system failed to apply a GTS action to a user profile due to insufficient resources, or failed to apply a GTS action to a session group profile because the GTS configuration conflicts with the CAR configuration in an EDSG service policy. |
Recommended action |
Delete the GTS configuration from the user profile or session group profile or modify the parameters of the GTS configuration. |
QOS_ITACAR_APPLYUSER_FAIL
Message text |
[STRING]; Failed to apply the ITA CAR at level [STRING] to the user. Reason: [STRING]. |
Variable fields |
$1: User identity. $2: ITA CAR level. $3: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_ITACAR_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-SVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply the ITA CAR at level 7 to the user. Reason: The ITA CAR is not supported. |
Explanation |
The system failed to apply or modify traffic policing parameters in the ITA CAR policy at level 7. |
Recommended action |
Cancel the ITA CAR policy or modify the traffic policing parameters. |
QOS_LR_APPLYIF_CONFIGFAIL
Message text |
Failed to apply the rate limiting configuration to the [STRING] direction of the interface [STRING]. [STRING]. |
Variable fields |
$1: Traffic direction. $2: Interface name. $3: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_LR_APPLYIF_CONFIGFAIL: Failed to apply the rate limiting configuration to the outbound direction of the interface Bridge-Aggregation 1. The operation is not supported. |
Explanation |
The system failed to apply the rate limiting configuration on a card. |
Recommended action |
Modify the rate limiting configuration according to the failure cause. |
QOS_LR_APPLYUSER_FAIL
Message text |
STRING]; Failed to apply the [STRING] rate limit to the traffic of user profile [STRING] in all queues. Reason: [STRING] |
Variable fields |
$1: User identity. $2: Application direction. $3: Profile name. $4: Failure cause: ¡ The resources are insufficient. ¡ The rate limit is not supported. ¡ The rate limit configuration conflicts with the CAR configuration in a EDSG service policy. |
Severity level |
4 |
Example |
QOS/4/QOS_LR_APPLYUSER_FAIL: -MDC=1-Slot=3; -MAC=0010-9400-1f38-VPN=N/A-SVLAN=4008-CVLAN=992-Port=Route-Aggregation1024.4093; Failed to apply the outbound rate limit to the traffic of user profile u1 in all queues. Reason: The resources are insufficient. |
Explanation |
The system failed to apply the qos user-queue command configuration to a user profile, because the configuration is not supported. Or The system failed to apply a queue scheduling profile to a session group profile, because the qos user-queue command conflicts with the CAR configuration in an EDSG service policy. |
Recommended action |
Remove the qos user-queue command configuration from the user profile or modify the qos user-queue command configuration. |
QOS_MEMORY_WARNING
Message text |
The system does not have enough memory. |
Variable fields |
None. |
Severity level |
4 |
Example |
QOS/4/QOS_MEMORY_WARNING: The system does not have enough memory. |
Explanation |
This message is generated when a system memory threshold alarm is generated. |
Recommended action |
Wait the system to release memory resources. |
QOS_NOT_ENOUGH_BANDWIDTH
Message text |
Policy [STRING] requested bandwidth [UINT32](kbps). Only [UINT32](kbps) is available on [STRING]. |
Variable fields |
$1: Policy name. $2: Required bandwidth for CBWFQ. $3: Available bandwidth on an interface. $4: Interface name. |
Severity level |
3 |
Example |
QOS/3/QOS_NOT_ENOUGH_BANDWIDTH: Policy d requested bandwidth 10000(kbps). Only 80(kbps) is available on GigabitEthernet4/0/1. |
Explanation |
Configuring CBWFQ on an interface failed because the maximum bandwidth on the interface was less than the bandwidth required for CBWFQ. |
Recommended action |
Increase the maximum bandwidth configured for the interface or set lower bandwidth required for CBWFQ. |
QOS_POLICY_APPLYCOPP_CBFAIL
Message text |
Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING]. |
Variable fields |
$1: Name of a classifier-behavior association. $2: Policy name. $3: Application direction. $4: Slot number. $5: Failure cause: ¡ The behavior is empty. ¡ Only one rate-limiting action is supported in one behavior to be applied to the control plane. |
Severity level |
4 |
Example |
QOS/4/QOS_POLICY_APPLYCOPP_CBFAIL: Failed to apply classifier-behavior d in policy b to the inbound direction of control plane slot 3. The behavior is empty. |
Explanation |
The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of a control plane. · Update a classifier-behavior association applied to a specific direction of a control plane. |
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_POLICY_APPLYCOPP_FAIL
Message text |
Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING]. |
Variable fields |
$1: Policy name. $2: Traffic direction. $3: Slot number. $4: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_POLICY_APPLYCOPP_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of control plane slot 3. The operation is not supported. |
Explanation |
The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of a control plane. · Update a QoS policy applied to a specific direction of a control plane. |
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_POLICY_APPLYGLOBAL_CBFAIL
Message text |
Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction globally. [STRING]. |
Variable fields |
$1: Name of a classifier-behavior association. $2: Policy name. $3: Traffic direction. $4: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_POLICY_APPLYGLOBAL_CBFAIL: Failed to apply classifier-behavior a in policy b to the outbound direction globally. The behavior is empty. |
Explanation |
The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction globally. · Update a classifier-behavior association applied to a specific direction globally. |
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_POLICY_APPLYGLOBAL_FAIL
Message text |
Failed to apply or refresh QoS policy [STRING] to the [STRING] direction globally. [STRING]. |
Variable fields |
$1: Policy name. $2: Traffic direction. $3: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_POLICY_APPLYGLOBAL_FAIL: Failed to apply or refresh QoS policy b to the inbound direction globally. The operation is not supported. |
Explanation |
The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction globally. · Update a QoS policy applied to a specific direction globally. |
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_POLICY_APPLYIF_CBFAIL
Message text |
Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of interface [STRING]. [STRING]. |
Variable fields |
$1: Name of a classifier-behavior association. $2: Policy name. $3: Traffic direction. $4: Interface name. $5: Failure cause: · The behavior is empty. · Only one service class marking action is supported for the same EXP value on the same interface and the service class value can't be modified except that the old value has been deleted. |
Severity level |
4 |
Example |
QOS/4/QOS_POLICY_APPLYIF_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of interface Ethernet3/1/2. The behavior is empty. |
Explanation |
The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of an interface. · Update a classifier-behavior association applied to a specific direction of an interface. |
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_POLICY_APPLYIF_FAIL
Message text |
Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of interface [STRING]. [STRING]. |
Variable fields |
$1: Policy name. $2: Traffic direction. $3: Interface name. $4: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_POLICY_APPLYIF_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of interface Ethernet3/1/2. The operation is not supported. |
Explanation |
The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of an interface. · Update a QoS policy applied to a specific direction of an interface. |
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_POLICY_APPLYUSER_FAIL
Message text |
[STRING]; Failed to apply the [STRING] QoS policy [STRING] in user profile [STRING] to the user.Reason: [STRING]. |
Variable fields |
$1: User identity. $2: Application direction. $3: QoS policy name. $4: User profile name. $5: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_POLICY_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply the inbound QoS policy p in user profile a to the user.Reason: The QoS policy is not supported. |
Explanation |
The system failed to perform one of the following actions: · Issue the settings of a QoS policy when a user came online. · Modify an applied QoS policy or apply a new QoS policy when a user is online. |
Recommended action |
Remove the QoS policy from the user profile or modify the parameters of the QoS policy. |
QOS_POLICY_APPLYVLAN_CBFAIL
Message text |
Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING]. |
Variable fields |
$1: Name of a classifier-behavior association. $2: Policy name. $3: Application direction. $4: VLAN ID. $5: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_POLICY_APPLYVLAN_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of VLAN 2. The behavior is empty. |
Explanation |
The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of a VLAN. · Update a classifier-behavior association applied to a specific direction of a VLAN. |
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_POLICY_APPLYVLAN_FAIL
Message text |
Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING]. |
Variable fields |
$1: Policy name. $2: Application direction. $3: VLAN ID. $4: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_POLICY_APPLYVLAN_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of VLAN 2. The operation is not supported. |
Explanation |
The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of a VLAN. · Update a QoS policy applied to a specific direction of a VLAN. |
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_PRIORITY_APPLYUSER_FAIL
Message text |
Failed to identify the [STRING] priority of the user. Reason: [STRING]. |
Variable fields |
$1: Traffic direction. $2: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_PRIORITY_APPLYUSER_FAIL: Failed to identify the inbound priority of the user. Reason: The priority type is not supported. |
Explanation |
The system failed to modify the priority of incoming packets or enqueue packets according to the RADIUS-assigned user priority. |
Recommended action |
On the RADIUS server, disable the RADIUS server from assigning the user priority or modify the user priority to be assigned by the RADIUS server. |
QOS_PROFILE_AUTHOR_FAIL
Message text |
[STRING]; Failed to authorize the QoS configuration to the user. Reason: [STRING] |
Variable fields |
$1: User identity. $2: Failure cause: ¡ The session group profile conflicts with the user profile configured with user queue settings. |
Severity level |
4 |
Example |
QOS/4/QOS_PROFILE_AUTH_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to authorize the QoS configuration to the user. Reason: The session group profile conflicts with the user profile configured with user queue settings. |
Explanation |
The system failed to authorize the user profile or session group profile to online users because the session group profile conflicts with the user profile configured with user queue settings. |
Recommended action |
1. Use the display access-user command to determine the inactive profile. 2. Modify the user profile or session group profile settings to prevent authorize both the user profile and session group profile to online users. |
QOS_QMPROFILE_APPLYIF_FAIL
Message text |
[STRING]; Failed to apply the [STRING] queue scheduling profile [STRING] in [STRING] profile [STRING] to the interface [STRING]. Reason: [STRING]. |
Variable fields |
$1: User identity. $2: Application direction: inbound or outbound. $3: Queue scheduling profile name. $3: Profile type, which is user. $4: Profile name. $5: Interface name. $6: Failure cause: · The resources are insufficient. · The configuration in the user profile to be applied conflicts with the existing configuration on the interface. |
Severity level |
4 |
Example |
QOS/4/QOS_QMPROFILE_APPLYIF_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-SVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply the inbound queue scheduling profile b in user profile a to interface GigabitEthernet5/1/5. Reason: The queue scheduling profile is not supported. QOS/4/QOS_QMPROFILE_APPLYIF_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply the inbound queue scheduling profile b in user profile a to interface GigabitEthernet5/1/5. Reason: The configuration in the user profile to be applied conflicts with the existing configuration on the interface. |
Explanation |
The system failed to perform one of the following actions: · Apply the queue scheduling profile settings when applying a user profile to an interface. · Add or modify queue scheduling profile settings in a user profile already applied to an interface. |
Recommended action |
Delete or modify the queue scheduling profile settings in the user profile. |
QOS_QMPROFILE_APPLYINT_FAIL
Message text |
Failed to apply the queue management profile to the [STRING] direction of interface [STRING]. [STRING] |
Variable fields |
$1: Traffic direction: inbound or outbound. $2: Interface name. $3: Failure cause: · The operation is not supported. · Resources are insufficient. |
Severity level |
4 |
Example |
QOS/4/QOS_QMPROFILE_APPLYINT_FAIL: Failed to apply the queue management profile to the outbound direction of interface Route-Aggregation1. The operation is not supported. |
Explanation |
The interface does not support queue scheduling profiles. |
Recommended action |
Delete some ACLs to release resources if resources are insufficient. |
QOS_QMPROFILE_APPLYUSER_FAIL
Message text |
[STRING]; Failed to apply queue management profile [STRING] in profile [STRING] to the user. Reason: [STRING]. |
Variable fields |
$1: User identity. $2: Queue scheduling profile name. $3: User profile type. $4: User profile name. $5: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_QMPROFILE_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-SVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply queue scheduling profile b in session group profile a to the user. Reason: The queue scheduling profile is not supported. QOS/4/QOS_QMPROFILE_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply queue scheduling profile b in session group profile a to the user. Reason: The queue scheduling profile configuration conflicts with the CAR configuration in an EDSG service policy. |
Explanation |
The system failed to apply a queue scheduling profile to a user profile, because the queue scheduling profile is not supported. Or The system failed to apply a queue scheduling profile to a session group profile, because the queue scheduling profile configuration conflicts with the CAR configuration in an EDSG service policy. |
Recommended action |
Remove the queue scheduling profile from the session group profile or modify the parameters of the queue scheduling profile. |
QOS_QMPROFILE_MODIFYQUEUE_FAIL
Message text |
Failed to configure queue [UINT32] in queue management profile [STRING]. [STRING]. |
Variable fields |
$1: Queue ID. $2: Profile name. $3: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_QMPROFILE_MODIFYQUEUE_FAIL: Failed to configure queue 1 in queue management profile myqueue. The value is out of range. |
Explanation |
The system failed to modify a queue in a queue scheduling profile successfully applied to an interface because the new parameter was beyond port capabilities. |
Recommended action |
Remove the queue scheduling profile from the interface, and then modify the parameters for the queue. |
QOS_QMPROFILE_RESTORE_FAIL
Message text |
Failed to restore the configuration of queue scheduling profile [STRING] on interface [STRING], because [STRING]. |
Variable fields |
$1: Queue scheduling profile name. $2: Interface name. $3: Failure cause: ¡ The minimum guaranteed bandwidth exceeds the interface bandwidth. ¡ The queue-based GTS configuration conflicts with the maximum bandwidth setting in the queue scheduling profile. |
Severity level |
4 |
Example |
QOS/4/QOS_QMPROFILE_RESTORE_FAIL: -MDC=1; Failed to restore the configuration of queue scheduling profile abc on interface GigabitEthernet3/0/3, because the minimum guaranteed bandwidth exceeds the interface bandwidth. |
Explanation |
The message is generated when a card is inserted after the queue-based GTS and queue scheduling profile settings are configured. |
Recommended action |
Modify or delete improper settings. |
QOS_WEIGHT _APPLYUSER_FAIL
Message text |
[STRING]; Failed to apply the [STRING] weight in [STRING] profile [STRING] to the user. Reason: [STRING]. |
Variable fields |
$1: User identity. $2: Direction. $3: User profile type. $4: User profile name. $5: Failure cause. |
Severity level |
4 |
Example |
QOS/4/QOS_WEIGHT_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to apply the outbound weight in user profile a to the user. Reason: The resources are insufficient. QOS/4/QOS_WEIGHT_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to apply the outbound weight in user profile a to the user. Reason: The weight configuration conflicts with the CAR configuration in an EDSG service policy. |
Explanation |
The system failed to apply or dynamically modify the weight value due to insufficient resources. Or The system failed to dynamically modify the weight value, because the weight configuration conflicts with the CAR configuration in an EDSG service policy. |
Recommended action |
Delete or modify the weight value. |
RADIUS messages
This section contains RADIUS messages.
RADIUS_AUTH_FAILURE
Message text |
User [STRING] from [STRING] failed authentication. |
Variable fields |
$1: Username. $2: IP address. |
Severity level |
5 |
Example |
RADIUS/5/RADIUS_AUTH_FAILURE: User abc@system from 192.168.0.22 failed authentication. |
Explanation |
An authentication request was rejected by the RADIUS server. |
Recommended action |
No action is required. |
RADIUS_AUTH_SUCCESS
Message text |
User [STRING] from [STRING] was authenticated successfully. |
Variable fields |
$1: Username. $2: IP address. |
Severity level |
6 |
Example |
RADIUS/6/RADIUS_AUTH_SUCCESS: User abc@system from 192.168.0.22 was authenticated successfully. |
Explanation |
An authentication request was accepted by the RADIUS server. |
Recommended action |
No action is required. |
RADIUS_DELETE_HOST_FAIL
Message text |
Failed to delete servers in scheme [STRING]. |
Variable fields |
$1: Scheme name. |
Severity level |
4 |
Example |
RADIUS/4/RADIUS_DELETE_HOST_FAIL: Failed to delete servers in scheme abc. |
Explanation |
Failed to delete servers from a RADIUS scheme. |
Recommended action |
No action is required. |
RDDC messages
This section contains RDDC messages.
RDDC_ACTIVENODE_CHANGE
Message text |
Redundancy group [STRING] active node changed to [STRING], because of [STRING]. |
Variable fields |
$1: Redundancy group name. $2: Active node information. $3: Status change reason: ¡ manual switchover ¡ group's configuration changed ¡ node's weight changed |
Severity level |
5 |
Example |
RDDC/5/RDDC_ACTIVENODE_CHANGE: Redundancy group 1 active node changed to node 1 (chassis 1), because of manual switchover. |
Explanation |
The active node in the redundancy group changed because of manual switchover, configuration change of the group, or weight change of the node. |
Recommended action |
No action is required. |
RedisDBM messages
This section contains RedisDBM messages.
REDISDBM_NOTIFY_STATE_SUCCEEDED
Message text |
RedisDBM notified module [STRING] of its [STRING] state for action [STRING]. |
Variable fields |
$1: Module name: ¡ UCM. ¡ L2TP. ¡ DHCP. ¡ NAT. ¡ DHCPv6. $2: State of the connection that RedisDBM establishes for the module with the Redis database server: ¡ ready—Established. ¡ unready—Not established. $3: Action that RedisDBM requests the module to take: ¡ NONE—The module can process its services without waiting for RedisDBM to send a notification, and it does not need to smooth service data to RedisDBM. ¡ SMOOTH—The module needs to smooth service data to RedisDBM. ¡ WAIT—The module is required to wait for RedisDBM's notification before it can process its services and smooth service data to RedisDBM. ¡ NOTWAIT—The module can process its services immediately. |
Severity level |
6 |
Example |
REDISDBM/6/REDISDBM_NOTIFY_STATE_SUCCEEDED: RedisDBM notified module UCM of its ready state for action NONE. |
Explanation |
RedisDBM sent a status notification to a module successfully. |
Recommended action |
No action is required. |
REDISDBM_NOTIFY_STATE_FAILED
Message text |
RedisDBM failed to notify module [STRING] of its [STRING] state for action [STRING]. |
Variable fields |
$1: Module name: ¡ UCM. ¡ L2TP. ¡ DHCP. ¡ NAT. ¡ DHCPv6. $2: State of the connection that RedisDBM establishes for the module with the Redis database server: ¡ ready—Established. ¡ unready—Not established. $3: Action that RedisDBM requests the module to take: ¡ NONE—The module can process its services without waiting for RedisDBM to send a notification, and it does not need to smooth service data to RedisDBM. ¡ SMOOTH—The module needs to smooth service data to RedisDBM. ¡ WAIT—The module is required to wait for RedisDBM's notification before it can process its services and smooth service data to RedisDBM. ¡ NOTWAIT—The module can process its services immediately. |
Severity level |
4 |
Example |
REDISDBM/4/REDISDBM_NOTIFY_STATE_FAILED: RedisDBM failed to notify module UCM of its ready state for action NONE. |
Explanation |
RedisDBM failed to send a status notification to a module. |
Recommended action |
1. Verify that RedisDBM has Layer 3 connectivity to each module. 2. Verify that all modules are correctly configured. |
RIP messages
This section contains RIP messages.
RIP_MEM_ALERT
Message text |
RIP Process received system memory alert [STRING] event. |
Variable fields |
$1: Type of the memory alarm. |
Severity level |
5 |
Example |
RIP/5/RIP_MEM_ALERT: RIP Process received system memory alert start event. |
Explanation |
RIP received a memory alarm. |
Recommended action |
Check the system memory and release memory for the modules that occupy too many memory resources. |
RIPNG messages
This section contains RIPng messages.
RIPNG_MEM_ALERT
Message text |
RIPng Process received system memory alert [STRING] event. |
Variable fields |
$1: Type of the memory alarm. |
Severity level |
5 |
Example |
RIPNG/5/RIPNG_MEM_ALERT: RIPNG Process received system memory alert start event. |
Explanation |
RIPng received a memory alarm. |
Recommended action |
Check the system memory and release memory for the modules that occupy too many memory resources. |
RM messages
This section contains RM messages.
RM_ACRT_REACH_LIMIT
Message text |
Max active [STRING] routes [UINT32] reached in URT of [STRING] |
Variable fields |
$1: IPv4 or IPv6. $2: Maximum number of active routes. $3: VPN instance name. |
Severity level |
4 |
Example |
RM/4/RM_ACRT_REACH_LIMIT: Max active IPv4 routes 100000 reached in URT of VPN1 |
Explanation |
The number of active routes reached the upper limit in the unicast routing table of a VPN instance. |
Recommended action |
Remove unused active routes. |
RM_ACRT_REACH_THRESVALUE
Message text |
Threshold value [UINT32] of max active [STRING] routes reached in URT of [STRING] |
Variable fields |
$1: Threshold of the maximum number of active routes in percentage. $2: IPv4 or IPv6. $3: VPN instance name. |
Severity level |
4 |
Example |
RM/4/RM_ACRT_REACH_THRESVALUE: Threshold value 50% of max active IPv4 routes reached in URT of vpn1 |
Explanation |
The percentage of the maximum number of active routes was reached in the unicast routing table of a VPN instance. |
Recommended action |
Modify the threshold value or the route limit configuration. |
RM_THRESHLD_VALUE_REACH
Message text |
Threshold value [UINT32] of active [STRING] routes reached in URT of [STRING] |
Variable fields |
$1: Maximum number of active routes. $2: IPv4 or IPv6. $3: VPN instance name. |
Severity level |
4 |
Example |
RM/4/RM_THRESHLD_VALUE_REACH: Threshold value 10000 of active IPv4 routes reached in URT of vpn1 |
Explanation |
The number of active routes reached the threshold in the unicast routing table of a VPN instance. |
Recommended action |
Modify the route limit configuration. |
RM_TOTAL_THRESHLD_VALUE_REACH
Message text |
Threshold value [UINT32] reached for active [STRING] routes in all URTs. |
Variable fields |
$1: Maximum number of active routes. $2: IPv4 or IPv6. |
Severity level |
4 |
Example |
RM/4/ RM_TOTAL_THRESHLD_VALUE_REACH: Threshold value 1000 reached for active IPv4 routes in all URTs. |
Explanation |
The total number of active routes in the public network and all VPN instances reached the alarm threshold. |
Recommended action |
Check the routing table and take relevant actions, for example, configure a routing policy to reduce the number of route entries. |
RPR messages
This section contains RPR messages.
RPR_EXCEED_MAX_SEC_MAC
Message text |
A maximum number of secondary MAC addresses exceeded defect is present on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
RPR/4/RPR_EXCEED_MAX_SEC_MAC: A maximum number of secondary MAC addresses exceeded defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The number of RPR secondary MAC addresses on the ring has reached the upper limit. |
Recommended action |
Disable VRRP on RPR stations. |
RPR_EXCEED_MAX_SEC_MAC_OVER
Message text |
A maximum number of secondary MAC addresses exceeded defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
RPR/5/RPR_EXCEED_MAX_SEC_MAC_OVER: A maximum number of secondary MAC addresses exceeded defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The number of secondary MAC addresses on the ring has dropped below the upper limit. |
Recommended action |
No action is required. |
RPR_EXCEED_MAX_STATION
Message text |
A maximum number of stations exceeded defect is present on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
RPR/4/RPR_EXCEED_MAX_STATION: A maximum number of stations exceeded defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The number of RPR stations on the ring has reached the upper limit. |
Recommended action |
Remove some RPR stations. |
RPR_EXCEED_MAX_STATION_OVER
Message text |
A maximum number of stations exceeded defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
RPR/5/RPR_EXCEED_MAX_STATION_OVER: A maximum number of stations exceeded defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The number of RPR stations on the ring has dropped below the upper limit. |
Recommended action |
No action is required. |
RPR_EXCEED_RESERVED_RATE
Message text |
An excess reserved rate defect is present on ringlet0/ringlet1 corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
3 |
Example |
RPR/3/RPR_EXCEED_RESERVED_RATE: An excess reserved rate defect is present on ringlet0 corresponding to RPR logical interface RPR-Router1. |
Explanation |
The reserved bandwidth for the RPR station was greater than the total bandwidth of the RPR ring. |
Recommended action |
Reduce the reserved bandwidth. |
RPR_EXCEED_RESERVED_RATE_OVER
Message text |
An excess reserved rate defect is cleared on ringlet0/ringlet1 corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
RPR/5/RPR_EXCEED_RESERVED_RATE_OVER: An excess reserved rate defect is cleared on ringlet0 corresponding to RPR logical interface RPR-Router1. |
Explanation |
The reserved bandwidth for the RPR station was smaller than the total bandwidth of the RPR ring. |
Recommended action |
No action is required. |
RPR_IP_DUPLICATE
Message text |
A duplicate IP address defect is present on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
3 |
Example |
RPR/3/RPR_IP_DUPLICATE: A duplicate IP address defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
Another RPR station used the same IP address. |
Recommended action |
Locate the RPR station, and change its IP address. |
RPR_IP_DUPLICATE_OVER
Message text |
A duplicate IP address defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
RPR/5/RPR_IP_DUPLICATE_OVER: A duplicate IP address defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The duplicate IP address defect was cleared. |
Recommended action |
No action is required. |
RPR_JUMBO_INCONSISTENT
Message text |
A jumbo configuration defect is present on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
RPR/6/RPR_JUMBO_INCONSISTENT: A jumbo configuration defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
An RPR station used different Jumbo frame configuration. |
Recommended action |
Locate the RPR station and change its Jumbo frame configuration. |
RPR_JUMBO_INCONSISTENT_OVER
Message text |
A jumbo configuration defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
6 |
Example |
RPR/6/RPR_JUMBO_INCONSISTENT_OVER: A jumbo configuration defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The Jumbo frame configuration inconsistency defect was cleared. |
Recommended action |
No action is required. |
RPR_LAGGCONFIG_INCONSISTENT
Message text |
An inconsistent LAGG configuration is present on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
RPR/4/RPR_LAGGCONFIG_INCONSISTENT: An inconsistent LAGG configuration is present on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The RPR station and its neighbor stations used different aggregation configuration. |
Recommended action |
Use the display link-aggregation verbose command to display the aggregation configuration of the RPR stations. Clear the aggregation configuration inconsistency. |
RPR_LAGGCONFIG_INCONSISTENT_OVER
Message text |
An inconsistent LAGG configuration is cleared on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
RPR/5/RPR_LAGGCONFIG_INCONSISTENT: An inconsistent LAGG configuration is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The aggregation configuration inconsistency defect was cleared. |
Recommended action |
No action is required. |
RPR_MISCABLING
Message text |
A miscabling defect is present on ringlet0/ringlet1 corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
3 |
Example |
RPR/3/RPR_MISCABLING: A miscabling defect is present on ringlet0 corresponding to RPR logical interface RPR-Router1. |
Explanation |
The west port of an RPR station was not connected to the east port of anther RPR station. |
Recommended action |
Examine the physical port connection of the two RPR stations. |
RPR_MISCABLING_OVER
Message text |
A miscabling defect is cleared on ringlet0/ringlet1 corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
RPR/5/RPR_MISCABLING_OVER: A miscabling defect is cleared on ringlet0 corresponding to RPR logical interface RPR-Router1. |
Explanation |
The RPR physical port connection defect was cleared. |
Recommended action |
No action is required. |
RPR_PROTECTION_INCONSISTENT
Message text |
A protection configuration defect is present on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
3 |
Example |
RPR/3/RPR_PROTECTION_INCONSISTENT: A protection configuration defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
An RPR station used different protection mode. |
Recommended action |
Locate the RPR station and change its protection mode. |
RPR_PROTECTION_INCONSISTENT_OVER
Message text |
A protection configuration defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
RPR/5/RPR_PROTECTION_INCONSISTENT_OVER: A protection configuration defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The protection mode inconsistency defect was cleared. |
Recommended action |
No action is required. |
RPR_SEC_MAC_DUPLICATE
Message text |
A duplicate secondary MAC addresses defect is present on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
3 |
Example |
RPR/3/RPR_SEC_MAC_DUPLICATE: A duplicate secondary MAC addresses defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
Another RPR station used the same secondary MAC address. |
Recommended action |
Locate the RPR station, and change its secondary MAC address. |
RPR_SEC_MAC_DUPLICATE_OVER
Message text |
A duplicate secondary MAC addresses defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
RPR/5/RPR_SEC_MAC_DUPLICATE_OVER: A duplicate secondary MAC addresses defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The duplicate secondary MAC address defect was cleared. |
Recommended action |
No action is required. |
RPR_TOPOLOGY_INCONSISTENT
Message text |
An inconsistent topology defect is present on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
3 |
Example |
RPR/3/RPR_TOPOLOGY_INCONSISTENT: An inconsistent topology defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The topology information collected by the ports on the PRP stations was different. |
Recommended action |
Execute the shutdown command and then the undo shutdown command on the ports to collect topology information again. |
RPR_TOPOLOGY_INCONSISTENT_OVER
Message text |
An inconsistent topology defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
RPR/5/RPR_TOPOLOGY_INCONSISTENT_OVER: An inconsistent topology defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The topology information inconsistency defect was cleared. |
Recommended action |
No action is required. |
RPR_TOPOLOGY_INSTABILITY
Message text |
A topology instability defect is present on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
RPR/4/RPR_TOPOLOGY_INSTABILITY: A topology instability defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The RPR ring topology was unstable. |
Recommended action |
No action is required. |
RPR_TOPOLOGY_INSTABILITY_OVER
Message text |
A topology instability defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
RPR/5/RPR_TOPOLOGY_INSTABILITY_OVER: A topology instability defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The RPR ring topology was stable. |
Recommended action |
No action is required. |
RPR_TOPOLOGY_INVALID
Message text |
A topology invalid defect is present on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
RPR/4/RPR_TOPOLOGY_INVALID: A topology invalid defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The topology information collected by the RPR stations was invalid. |
Recommended action |
Execute the shutdown command and then the undo shutdown command on the RPR stations to collect topology information again. |
RPR_TOPOLOGY_INVALID_OVER
Message text |
A topology invalid defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
5 |
Example |
RPR/5/RPR_TOPOLOGY_INVALID_OVER: A topology invalid defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
Explanation |
The topology information collected by the RPR stations was valid. |
Recommended action |
No action is required. |
RRPP messages
This section contains RRPP messages.
RRPP_RING_FAIL
Message text |
Ring [UINT32] in Domain [UINT32] failed. |
Variable fields |
$1: Ring ID. $2: Domain ID. |
Severity level |
4 |
Example |
RRPP/4/RRPP_RING_FAIL: Ring 1 in Domain 1 failed. |
Explanation |
A ring failure occurred in the RRPP domain. |
Recommended action |
Check each RRPP node to clear the network fault. |
RRPP_RING_RESTORE
Message text |
Ring [UINT32] in Domain [UINT32] recovered. |
Variable fields |
$1: Ring ID. $2: Domain ID. |
Severity level |
4 |
Example |
RRPP/4/RRPP_RING_RESTORE: Ring 1 in Domain 1 recovered. |
Explanation |
The ring in the RRPP domain was recovered. |
Recommended action |
No action is required. |
RSVP messages
This section contains RSVP messages.
RSVP_FRR_SWITCH
Message text |
Session ([STRING]): FRR is [STRING]. |
Variable fields |
$1: Information about the protected tunnel. $2: Session status. This field also displays the FRR bypass tunnel information if an FRR bypass tunnel exists. · ready—Bound to an FRR bypass tunnel. No FRR has occurred. · used—Bound to an FRR bypass tunnel. An FRR has occurred. · disabled—Unbound from the FRR bypass tunnel. |
Severity level |
5 |
Example |
RSVP/5/RSVP_FRR_SWITCH: Session (DIP 2.2.2.2, SIP 1.1.1.1, TID 3, LSPID 5): FRR is ready. Bypass tunnel is Tunnel5. |
Explanation |
This log is generated when FRR protection is enabled or disabled, or an FRR has occurred. |
Recommended action |
No action is required. |
RSVP_P2MP_FRR_SWITCH
Message text |
Session ([STRING]): FRR is [STRING]. |
Variable fields |
$1: Information about the protected tunnel. $2: Session status. This field also displays the FRR bypass tunnel information if an FRR bypass tunnel exists. · ready—Bound to an FRR bypass tunnel. No FRR has occurred. · used—Bound to an FRR bypass tunnel. an FRR has occurred. · disabled—Unbound from the FRR bypass tunnel. |
Severity level |
5 |
Example |
RSVP/5/RSVP_P2MP_FRR_SWITCH: P2MP session (DIP 2.2.2.2, SIP 1.1.1.1, P2MPID 0x1010101, TID 3, LSPID 5): FRR is ready. Bypass tunnel is Tunnel5. |
Explanation |
This log is generated when FRR protection is enabled or disabled, or an FRR has occurred. |
Recommended action |
No action is required. |
RTM messages
This section contains RTM messages.
RTM_ENVIRONMENT
Message text |
Can't find environment variable [STRING]. |
Variable fields |
$1: Name of an environment variable. |
Severity level |
4 |
Example |
RTM/4/RTM_ENVIRONMENT: Can't find environment variable TestEnv. |
Explanation |
The system failed to execute a CLI-defined policy because it did not find an environment variable to be replaced. |
Recommended action |
Define the environment variable before using it. |
RTM_TCL_NOT_EXIST
Message text |
Failed to execute Tcl-defined policy [STRING] because the policy's Tcl script file was not found. |
Variable fields |
$1: Name of a Tcl-defined policy. |
Severity level |
4 |
Example |
RTM/4/RTM_TCL_NOT_EXIST: Failed to execute Tcl-defined policy aaa because the policy's Tcl script file was not found. |
Explanation |
The system did not find the Tcl script file for the policy while executing the policy. |
Recommended action |
1. Check that the Tcl script file exists. 2. Reconfigure the policy. |
RTM_TCL_MODIFY
Message text |
Failed to execute Tcl-defined policy [STRING] because the policy's Tcl script file had been modified. |
Variable fields |
$1: Name of a Tcl-defined policy. |
Severity level |
4 |
Example |
RTM/4/RTM_TCL_MODIFY: Failed to execute Tcl-defined policy aaa because the policy's Tcl script file had been modified. |
Explanation |
The Tcl script file for the policy was modified. |
Recommended action |
Reconfigure the policy, or modify the Tcl script to be the same as it was when it was bound with the policy. |
RTM_TCL_LOAD_FAILED
Message text |
Failed to load the Tcl script file of policy [STRING]. |
Variable fields |
$1: Name of a Tcl-defined policy. |
Severity level |
4 |
Example |
RTM/4/RTM_TCL_LOAD_FAILED: Failed to load the Tcl script file of policy [STRING]. |
Explanation |
The system failed to load the Tcl script file for the policy to memory. |
Recommended action |
No action is required. |
SCMD messages
This section contains SCMD messages.
PROCESS_ABNORMAL
Message text |
The process [STRING] exited abnormally. ServiceName=[STRING], ExitCode=[STRING], KillSignal=[STRING], StartTime=[STRING], StopTime=[STRING]. |
Variable fields |
$1: Process name. $2: Service name defined in the script. $3: Process exit code. If the process was closed by a signal, this field displays NA. $4: Signal that closed the process. If the process was not closed by a signal, this field displays NA. $5: Time when the process was created. $6: Time when the process was closed. |
Severity level |
4 |
SCMD/4/PROCESS_ABNORMAL: The process diagd exited abnormally. ServiceName=DIAG, ExitCode=1, KillSignal=NA, StartTime=2019-03-06 14:18:06, StopTime=2019-03-06 14:35:25. |
|
Explanation |
A service exited abnormally. You can use the process parameters for troubleshooting. |
Recommended action |
1. Use the display process command to identify whether the process exists. If the process exists, the process is recovered. 2. If the process is not recovered, collect the following information: a. Execute the view /var/log/trace.log > trace.log command in probe view, and upload the trace.log file saved in the storage media of the device to a PC through FTP or TFTP (in binary mode). b. Contact H3C Support. Do not reboot the device so H3C Support can help you locate the problem. 3. If the process has been recovered, but reasons need to be located, go to step 2. |
PROCESS_ACTIVEFAILED
Message text |
The standby process [STRING] failed to switch to the active process due to uncompleted synchronization, and was restarted. |
Variable fields |
$1: Process name. |
Severity level |
4 |
Example |
SCMD/4/PROCESS_ACTIVEFAILED: The standby process diagd failed to switch to the active process due to uncompleted synchronization, and was restarted. |
Explanation |
The standby process failed to switch to the active process because the active process exited abnormally when the standby process has not completed synchronization. The standby process was restarted. |
Recommended action |
No action is required. |
PROCESS_CORERECORD
Message text |
Exceptions occurred with process [STRING]. A core dump file was generated. |
Variable fields |
$1: Process name. |
Severity level |
4 |
Example |
SCMD/4/PROCESS_CORERECORD: Exceptions occurred with process diagd. A core dump file was generated. |
Explanation |
Exceptions occurred with the process and a core dump file was generated. The core dump file contains information relevant to the process exceptions. You can use the file for troubleshooting. |
Recommended action |
1. Execute the display exception context command to collect process exception information, and save the information to a file. 2. Execute the display exception filepath command to display the core file. 3. Upload the core file and the file that stores the process exception information to a PC through FTP or TFTP (in binary mode). 4. Contact H3C Support. Do not reboot the device so H3C Support can help you locate the problem. |
SCM_ABNORMAL_REBOOT
Message text |
Pattern 1: The process [STRING] can't be restored. Reboot now. Pattern 2: The process [STRING] can't be restored. Reboot [STRING] now. |
Variable fields |
Pattern 1: $1: Process name. Pattern 1: $1: Process name. $2: Chassis number and slot number or slot number. |
Severity level |
3 |
Example |
SCMD/3/SCM_ABNORMAL_REBOOT: The process ipbased can't be restored. Reboot slot 2 now. |
Explanation |
Pattern 1: The process exited abnormally during the device startup. If the process cannot recover after multiple automatic restart attempts, the device will restart automatically. Pattern 2: The process exited abnormally during the startup of a specified slot. If the process cannot recover after multiple automatic restart attempts, the specified slot will restart automatically. |
Recommended action |
1. Use the display process command to verify that the process has restored after the card restarts. 2. If the problem persists, contact H3C Support. |
SCM_ABNORMAL_REBOOTMDC
Message text |
The process [STRING] in [STRING] [UINT16] can't be restored. Reboot [STRING] [UINT16] now. |
Variable fields |
$1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Object type, MDC or context. $5: ID of the MDC or context. |
Severity level |
3 |
Example |
SCMD/3/SCM_ABNORMAL_REBOOTMDC: The process ipbased in MDC 2 can't be restored. Reboot MDC 2 now. |
Explanation |
The process exited abnormally during the startup of the MDC on the active MPU or the context on the main security engine in the security engine group. If the process cannot restore after multiple automatic restart attempts, the MDC or context will restart automatically. This message will be output in MDC 1 or Context 1. |
Recommended action |
1. Use the display process command to verify that the process has restored after the card restarts. 2. If the problem persists, contact H3C Support. |
SCM_ABORT_RESTORE
Message text |
|
Variable fields |
$1: Process name. |
Severity level |
3 |
Example |
SCMD/3/SCM_ABORT_RESTORE: The process ipbased can't be restored, abort it. |
Explanation |
The process exited abnormally during the system operation. If the process cannot restore after multiple automatic restart attempts, the device will not restore the process. |
Recommended action |
1. Use the display process log command in any view to display the details about process exit. 2. Restart the card or the MDC where the process is located. 3. Provide the output from the display process log command to H3C Support. |
SCM_INSMOD_ADDON_TOOLONG
Message text |
Failed to finish loading [STRING] in [UINT32] minutes. |
Variable fields |
$1: Kernel file name. $2: File loading duration. |
Severity level |
4 |
Example |
SCMD/4/SCM_INSMOD_ADDON_TOOLONG: Failed to finish loading addon.ko in 30 minutes. |
Explanation |
Kernel file loading timed out during device startup. |
Recommended action |
1. Restart the card. 2. Contact H3C Support. |
SCM_KERNEL_INIT_TOOLONG
Message text |
Kernel init in sequence [STRING] function [STRING] failed to finish in [UINT32] minutes. |
Variable fields |
$1: Kernel event phase. $2: Address of the function corresponding to the kernel event. $3: Time duration. |
Severity level |
4 |
Example |
SCMD/4/SCM_KERNEL_INIT_TOOLONG: Kernel init in sequence 0x25e7 function 0x6645ffe2 failed to finish in 15 minutes. |
Explanation |
A function at a phase during kernel initialization ran too long. |
Recommended action |
1. Restart the card. 2. Contact H3C Support. |
SCM_PROCESS_STARTING_TOOLONG
Message text |
The process [STRING] on [STRING] [UINT16] has not finished starting in [UINT32] hours. |
Variable fields |
$1: Process name. $2: Object type, MDC or context. This field is not displayed if the device does not support MDC or context. $3: ID of the MDC or context. This field is not displayed if the device does not support MDC or context. $4: Time duration. |
Severity level |
4 |
Example |
SCMD/4/ SCM_PROCESS_STARTING_TOOLONG: The process ipbased on MDC 2 has not finished starting in 1 hours. |
Explanation |
The process initialization takes a long time and has not been finished. Too many processes have been configured or the process is abnormal. |
Recommended action |
1. Wait 6 hours and then verify that the process has been started. 2. Restart the card/MDC/context, and then use the display process command to verify that the process has restored. 3. Contact H3C Support. |
SCM_PROCESS_STILL_STARTING
Message text |
The process [STRING] on [STRING] [UINT16] is still starting for [UINT32] minutes. |
Variable fields |
$1: Process name. $2: Object type, MDC or context. This field is not displayed if the device does not support MDC or context. $3: ID of the MDC or context. This field is not displayed if the device does not support MDC or context. $4: Time duration. |
Severity level |
6 |
Example |
SCMD/6/SCM_PROCESS_STILL_STARTING: The process ipbased on MDC 2 is still starting for 20 minutes. |
Explanation |
A process is always in startup state. |
Recommended action |
No action is required. |
SCM_SKIP_PROCESS
Message text |
The process [STRING] was skipped because it failed to start within 6 hours. |
Variable fields |
$1: Process name. |
Severity level |
4 |
Example |
SCMD/4/SCM_SKIP_PROCESS: The process ipbased was skipped because it failed to start within 6 hours. |
Explanation |
A process has not completed its startup within six hours during the card/MDC/context startup, skip this process and go on with the startup. |
Recommended action |
1. Restart the card/MDC/context. 2. Use the display process command to verify that the process has restored. 3. Provide the output from the display process log command to H3C Support. |
SCM_SKIP_PROCESS
Message text |
The process [STRING] on [STRING] [UINT16] was skipped because it failed to start within 6 hours. |
Variable fields |
$1: Process name. $2: Object type, MDC or context. This field is not displayed if the device does not support MDC or context. $3: ID of the MDC or context. This field is not displayed if the device does not support MDC or context. |
Severity level |
3 |
Example |
SCMD/3/SCM_SKIP_PROCESS: The process ipbased on MDC 2 was skipped because it failed to start within 6 hours. |
Explanation |
A process failed to start within 6 hours. The device will skip this process and continue to start. |
Recommended action |
1. Restart the card/MDC/context, and then use the display process command to verify that the process has restored. 2. Contact H3C Support. |
SCRLSP messages
This section contains static CRLSP messages.
SCRLSP_LABEL_DUPLICATE
Message text |
Incoming label [INT32] for static CRLSP [STRING] is duplicate. |
Variable fields |
$1: Incoming label value. $2: Static CRLSP name. |
Severity level |
4 |
Example |
SCRLSP/4/SCRLSP_LABEL_DUPLICATE: Incoming label 1024 for static CRLSP aaa is duplicate. |
Explanation |
The incoming label of a static CRLSP was occupied by another configuration, for example, by a static PW or by a static LSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static CRLSP with an incoming label which is occupied by another configuration. · Enable MPLS when a static CRLSP whose incoming label is occupied by another configuration already exists. |
Recommended action |
Remove this static CRLSP, and reconfigure it with another incoming label. |
SESSION messages
This section contains session messages.
SESSION_DRV_EXCEED
Message text |
The number of session entries ([UINT32]) supported by hardware already reached. |
Variable fields |
$1: The maximum number of session entries supported by hardware. |
Severity level |
2 |
Example |
SESSION/2/SESSION_DRV_EXCEED: The number of session entries (65535) supported by hardware already reached. |
Explanation |
This message is sent when the maximum number of session entries supported by hardware is reached. |
Recommended action |
No action is required. |
SESSION_DRV_RECOVERY
Message text |
Session resources supported by hardware had been released. |
Variable fields |
None. |
Severity level |
2 |
Example |
SESSION/2/SESSION_DRV_RECOVERY: Session resources supported by hardware had been released. |
Explanation |
This message is sent when the device recovers from the session entry exhaustion condition. |
Recommended action |
No action is required. |
SESSION_IPV4_FLOW
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING]; |
Variable fields |
$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation.. $6: Destination IP address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Total number of inbound packets. $11: Total number of inbound bytes. $12: Total number of outbound packets. $13: Total number of outbound bytes. $14: Source VPN instance name. $15: Destination VPN instance name. $16: Source DS-Lite tunnel. $17: Destination DS-Lite tunnel. $18: Time when the session is created. $19: Time when the session is removed. $20: Event type. $20: Event description: ¡ Session created. ¡ Active flow threshold. ¡ Normal over. ¡ Aged for timeout. ¡ Aged for reset or config-change. ¡ Other. |
Severity level |
6 |
Example |
SESSION/6/SESSION_IPV4_FLOW: Protocol(1001)=UDP;SrcIPAddr(1003)=10.10.10.1;SrcPort(1004)=1024;NATSrcIPAddr(1005)=10.10.10.1;NATSrcPort(1006)=1024;DstIPAddr(1007)=20.20.20.1;DstPort(1008)=21;NATDstIPAddr(1009)=20.20.20.1;NATDstPort(1010)=21;InitPktCount(1044)=1;InitByteCount(1046)=50;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=03182024082546;EndTime_e(1014)=;Event(1048)=(8)Session created; |
Explanation |
This message is sent in one of the following conditions: · An IPv4 session is created or removed. · Periodically during an IPv4 session. · The traffic-based or time-based threshold of an IPv4 session is reached. |
Recommended action |
No action is required. |
SESSION_IPV6_FLOW
Message text |
Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING]; |
Variable fields |
$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IP address. $5: Destination port number. $6: Total number of inbound packets. $7: Total number of inbound bytes. $8: Total number of outbound packets. $9: Total number of outbound bytes. $10: Source VPN instance name. $11: Destination VPN instance name. $12: Time when the session is created. $13: Time when the session is removed. $14: Event type. $15: Event description: ¡ Session created. ¡ Active flow threshold. ¡ Normal over. ¡ Aged for timeout. ¡ Aged for reset or config-change. ¡ Other. |
Severity level |
6 |
Example |
SESSION/6/SESSION_IPV6_FLOW: Protocol(1001)=UDP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=1024;DstIPv6Addr(1037)=3001::2;DstPort(1008)=53;InitPktCount(1044)=1;InitByteCount(1046)=110;RplyPktCount(1047)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;BeginTime_e(1013)=03182024082901;EndTime_e(1014)=;Event(1048)=(8)Session created; |
Explanation |
This message is sent in one of the following conditions: · An IPv6 session is created or removed. · Periodically during an IPv6 session. · The traffic-based or time-based threshold of an IPv6 session is reached. |
Recommended action |
No action is required. |
SFLOW messages
This section contains sFlow messages.
SFLOW_HARDWARE_ERROR
Message text |
|
Variable fields |
$1: Configuration item: update sampling mode $2: Interface name. $3: Failure reason: not supported operation |
Severity level |
4 |
Example |
|
Explanation |
The configuration failed because the device does not support the fixed flow sampling mode. |
Recommended action |
Specify the random flow sampling mode. |
SHELL messages
This section contains shell messages.
SHELL_CMD
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command is [STRING] |
Variable fields |
$1: User line type and number. If there is not user line information, this field displays **. $2: IP address. If there is not IP address information, this field displays **. $3: Username. If there is not username information, this field displays **. $4: Command string. |
Severity level |
6 |
Example |
SHELL/6/SHELL_CMD: -Line=aux0-IPAddr=**-User=**; Command is quit |
Explanation |
A command was executed. |
Recommended action |
No action is required. |
SHELL_CMD_CONFIRM
Message text |
Confirm option of command [STRING] is [STRING]. |
Variable fields |
$1: Command string. $2: Confirm option. |
Severity level |
6 |
Example |
SHELL/6/SHELL_CMD_CONFIRM: Confirm option of command save is no. |
Explanation |
A user selected a confirmation option for a command. |
Recommended action |
No action is required. |
SHELL_CMD_EXECUTEFAIL
Message text |
-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be executed. |
Variable fields |
$1: Username. $2: IP address. $3: Command string. $4: Command view. |
Severity level |
4 |
Example |
SHELL/4/SHELL_CMD_EXECUTEFAIL: -User=**-IPAddr=192.168.62.138; Command save in view system failed to be executed. |
Explanation |
A command deployed by a background program failed to be executed. |
Recommended action |
No action is required. |
SHELL_CMD_INPUT
Message text |
|
Variable fields |
$1: Command string. $2: String entered by the user. |
Severity level |
6 |
Example |
SHELL/6/SHELL_CMD_INPUT: Input string for the save command is startup.cfg. SHELL/6/SHELL_CMD_INPUT: Input string for the save command is CTRL_C. SHELL/6/SHELL_CMD_INPUT: Input string for the save command is the Enter key. |
Explanation |
A user responded to the input requirement of a command. |
Recommended action |
No action is required. |
SHELL_CMD_INPUT_TIMEOUT
Message text |
Operation timed out: Getting input for the [STRING] command. |
Variable fields |
$1: Command string. |
Severity level |
6 |
Example |
SHELL/6/SHELL_CMD_INPUT_TIMEOUT: Operation timed out: Getting input for the fdisk command. |
Explanation |
The user did not respond to the input requirement of a command before the timeout timer expired. |
Recommended action |
No action is required. |
SHELL_CMD_LOCKEDBYOTHER
Message text |
SHELL/6/SHELL_CMD_LOCKEDBYOTHER: The system has been locked by [STRING]. |
Variable fields |
$1: Session type. |
Severity level |
6 |
Example |
SHELL/6/SHELL_CMD_LOCKEDBYOTHER: The system has been locked by NETCONF. |
Explanation |
Another user locked the configuration. You cannot configure the device. |
Recommended action |
Wait for the user to unlock the configuration. |
SHELL_CMD_MATCHFAIL
Message text |
-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be matched. |
Variable fields |
$1: Username. $2: IP address. $3: Command string. $4: Command view. |
Severity level |
4 |
Example |
SHELL/4/SHELL_CMD_MATCHFAIL: -User=**-IPAddr=192.168.62.138; Command description 10 in view system failed to be matched. |
Explanation |
The command string has errors, or the view does not support the command. |
Recommended action |
Enter the correct command string. Make sure the command is supported in the view. |
SHELL_CMDDENY
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command=[STRING] is denied. |
Variable fields |
$1: User line type and number. If there is not user line information, this field displays **. $2: IP address. If there is not IP address information, this field displays **. $3: Username. If there is not username information, this field displays **. $4: Command string. |
Severity level |
5 |
Example |
SHELL/5/SHELL_CMDDENY: -Line=vty0-IPAddr=192.168.62.138-User=**; Command vlan 10 is permission denied. |
Explanation |
The user did not have the right to execute the command. |
Recommended action |
No action is required. |
SHELL_CMDFAIL
Message text |
The [STRING] command failed to restore the configuration. |
Variable fields |
$1: Command string. |
Severity level |
6 |
Example |
SHELL/6/SHELL_CMDFAIL: The “vlan 1024” command failed to restore the configuration. |
Explanation |
A command was not restored during a configuration rollback from a .cfg file. |
Recommended action |
No action is required. |
SHELL_COMMIT_FAIL
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Failed to commit the target configuration. |
Variable fields |
$1: User line type and number. If there is not user line information, this field displays **. $2: IP address. If there is not IP address information, this field displays **. $3: Username. If there is not username information, this field displays **. |
Severity level |
4 |
Example |
SHELL/4/SHELL_COMMIT_FAIL: -Line=aux0-IPAddr=**-User=**; Failed to commit the target configuration. |
Explanation |
A target configuration commit operation failed in private or exclusive mode. |
Recommended action |
No action is required. |
SHELL_COMMIT_ROLLBACK
Message text |
The configuration commit delay is overtime, a configuration rollback will be performed. |
Variable fields |
N/A |
Severity level |
5 |
Example |
SHELL/5/SHELL_COMMIT_ROLLBACK: The configuration commit delay is overtime, a configuration rollback will be performed. |
Explanation |
The configuration commit delay timer expired. A configuration rollback will occur. |
Recommended action |
Stop configuring the device and wait for the rollback to finish. |
SHELL_COMMIT_ROLLBACKDONE
Message text |
The configuration rollback has been performed. |
Variable fields |
N/A |
Severity level |
5 |
Example |
SHELL/5/SHELL_COMMIT_ROLLBACKDONE: The configuration rollback has been performed. |
Explanation |
The configuration rollback was finished. |
Recommended action |
No action is required. |
SHELL_COMMIT_ROLLBACKFAIL
Message text |
Failed to roll back the configuration from the uncommitted changes. |
Variable fields |
N/A |
Severity level |
5 |
Example |
SHELL/5/ SHELL_COMMIT_ROLLBACKFAIL: Failed to roll back the configuration from the uncommitted changes. |
Explanation |
A configuration rollback occurred after the configuration commit delay timer expired but the rollback failed. |
Recommended action |
Roll back the configuration as required. |
SHELL_COMMIT_SUCCESS
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Target configuration successfully committed. |
Variable fields |
$1: User line type and number. If there is not user line information, this field displays **. $2: IP address. If there is not IP address information, this field displays **. $3: Username. If there is not username information, this field displays **. |
Severity level |
5 |
Example |
SHELL/5/SHELL_COMMIT_SUCCESS: -Line=aux0-IPAddr=**-User=**; Target configuration successfully committed. |
Explanation |
A target configuration commit operation succeeded in private or exclusive mode. |
Recommended action |
No action is required. |
SHELL_CRITICAL_CMDFAIL
Message text |
-User=[STRING]-IPAddr=[STRING]; Command=[STRING] . |
Variable fields |
$1: Username. $2: IP address. $3: Command string. |
Severity level |
6 |
Example |
SHELL/6/SHELL_CRITICAL_CMDFAIL: -User=admin-IPAddr=169.254.0.7; Command is save. |
Explanation |
A command failed to be executed. |
Recommended action |
No action is required. |
SHELL_LOGIN
Message text |
[STRING] logged in from [STRING]. |
Variable fields |
$1: Username. $2: User line type and number. |
Severity level |
5 |
Example |
SHELL/5/SHELL_LOGIN: Console logged in from console0. |
Explanation |
A user logged in. If the user logged in to the standby MPU, the user line type and number field displays local. |
Recommended action |
No action is required. |
SHELL_LOGOUT
Message text |
[STRING] logged out from [STRING]. |
Variable fields |
$1: Username. $2: User line type and number. |
Severity level |
5 |
Example |
SHELL/5/SHELL_LOGOUT: Console logged out from console0. |
Explanation |
A user logged out. If the user logged out from the standby MPU, the user line type and number field displays local. |
Recommended action |
No action is required. |
SHELL_SAVE_FAILED
Message text |
Failed to save running configuration to configuration file for configuration rollback. |
Variable fields |
N/A |
Severity level |
5 |
Example |
SHELL/5/SHELL_SAVE_FAILED: Failed to save running configuration to configuration file for configuration rollback. |
Explanation |
The system failed to save the running configuration to the configuration file and does not support a rollback. The system saves the running configuration to the configuration file in the following situations: · The commit command is executed. · The commit command is not executed before the timer set by using the commit confirmed command expires. |
Recommended action |
If necessary, roll back the configuration manually. |
SHELL_SAVE_SUCCESS
Message text |
Saved running configuration to configuration file for configuration rollback. |
Variable fields |
N/A |
Severity level |
5 |
Example |
SHELL/5/SHELL_SAVE_SUCCESS: Saved running configuration to configuration file for configuration rollback. |
Explanation |
The system saved the running configuration to the configuration file successfully and is ready for a rollback. The system saves the running configuration to the configuration file in the following situations: · The commit command is executed. · The commit command is not executed before the timer set by using the commit confirmed command expires. |
Recommended action |
No action is required. |
SHELL_SAVEPOINT_EXIST
Message text |
The running configuration at this rollback point is the same as the configuration at the previous rollback point. |
Variable fields |
N/A |
Severity level |
5 |
Example |
SHELL/5/SHELL_SAVEPOINT_EXIST: The running configuration at this rollback point is the same as the configuration at the previous rollback point. |
Explanation |
The specified two rollback points have the same configuration. |
Recommended action |
No action is required. |
SHELL_SAVEPOINT_FAILED
Message text |
Failed to create a new rollback point. |
Variable fields |
N/A |
Severity level |
5 |
Example |
SHELL/5/SHELL_SAVEPOINT_FAILED: Failed to create a new rollback point. |
Explanation |
An attempt to create a new rollback point failed. |
Recommended action |
To save the rollback point, manually roll back to the rollback point, verify that the file system has sufficient space, and execute the commit command again. |
SHELL_SAVEPOINT_FAILED
Message text |
Created a new rollback point. |
Variable fields |
N/A |
Severity level |
5 |
Example |
SHELL/5/SHELL_SAVEPOINT_SUCCESS: Created a new rollback point. |
Explanation |
An attempt to create a new rollback point succeeded. |
Recommended action |
No action is required. |
SLSP messages
This section contains static LSP messages.
SLSP_LABEL_DUPLICATE
Message text |
Incoming label [INT32] for static LSP [STRING] is duplicate. |
Variable fields |
$1: Incoming label value. $2: Static LSP name. |
Severity level |
4 |
Example |
SLSP/4/SLSP_LABEL_DUPLICATE: Incoming label 1024 for static LSP aaa is duplicate. |
Explanation |
The incoming label of a static LSP was occupied by another configuration, for example, by a static PW or by a static CRLSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static LSP with an incoming label which is occupied by another configuration. · Enable MPLS when a static LSP whose incoming label is occupied by another configuration already exists. |
Recommended action |
Remove this static LSP, and reconfigure it with another incoming label. |
SMLK messages
This section contains Smart Link messages.
SMLK_LINK_SWITCH
Message text |
Status of port [STRING] in smart link group [UINT16] changes to active. |
Variable fields |
$1: Port name. $2: Smart link group ID. |
Severity level |
4 |
Example |
SMLK/4/SMLK_LINK_SWITCH: Status of port GigabitEthernet0/1/4 in smart link group 1 changes to active. |
Explanation |
The port takes over to forward traffic after the original active port fails. |
Recommended action |
Remove the network faults. |
SNMP messages
This section contains SNMP messages.
SNMP_ACL_RESTRICTION
Message text |
SNMP [STRING] from [STRING] is rejected due to ACL restriction. |
Variable fields |
$1: SNMP community/usm-user/group. $2: IP address of the NMS. |
Severity level |
3 |
Example |
SNMP/3/SNMP_ACL_RESTRICTION: SNMP community public from 192.168.1.100 is rejected due to ACL restrictions. |
Explanation |
SNMP packets are denied because of ACL restrictions. |
Recommended action |
Check the ACL configuration on the SNMP agent, and check if the agent was attacked. |
SNMP_AUTHENTICATION_FAILURE
Message text |
|
Variable fields |
N/A |
Severity level |
4 |
Example |
SNMP/4/SNMP_AUTHENTICATION_FAILURE: Failed to authenticate SNMP message. |
Explanation |
An NMS failed to be authenticated by the agent. |
Recommended action |
No action is required. |
SNMP_GET
Message text |
-seqNO=[UINT32]-srcIP=[STRING]-op=GET-node=[STRING]-value=[STRING]; The agent received a message. |
Variable fields |
$1: Sequence number of an SNMP operation log. $2: IP address of the NMS. $3: MIB object name and OID. $4: Value field of the request packet. |
Severity level |
6 |
Example |
SNMP/6/SNMP_GET: -seqNO=1-srcIP=192.168.28.28-op=GET-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=; The agent received a message. |
Explanation |
SNMP received a Get request from an NMS. The system logs SNMP operations only when SNMP logging is enabled. |
Recommended action |
No action is required. |
SNMP_INFORM_LOST
Message text |
Inform failed to reach NMS through [STRING]: Inform [STRING][STRING]. |
Variable fields |
$1: NMS IP address and UDP port number. $2: Inform name and OID $3: Variable bindings of the inform. ¡ If no MIB object exists, only inform name and OID are displayed. ¡ If MIB objects are included, " with " are displayed before the MIB object and OID. MIB objects are separated by semicolons (;). |
Severity level |
3 |
Example |
SNMP/3/SNMP_INFORM_LOST: Inform failed to reach NMS through 192.168.111.222(163): Inform coldStart(1.3.6.1.6.3.1.1.5.1). |
Explanation |
The NMS is not reachable, or the device sent an inform to the NMS but did not receive a response from the NMS. If the inform carries multiple variable bindings and is too long, the system automatically fragments the inform and adds "-PART=xx" before each fragment to indicate the sequence number of the fragment. |
Recommended action |
Verify that the NMS is reachable to the device. |
SNMP_NOTIFY
Message text |
Notification [STRING][STRING]. |
Variable fields |
$1: Notification name and OID. $2: Variable bindings of the notification. ¡ If no MIB object exists, only notification name and OID are displayed. ¡ If MIB objects are included, " with " are displayed before the MIB object and OID. MIB objects are separated by semicolons (;). |
Severity level |
6 |
Example |
Notification not fragmented: SNMP/6/SNMP_NOTIFY: Notification hh3cLogIn(1.3.6.1.4.1.25506.2.2.1.1.3.0.1) with hh3cTerminalUserName(1.3.6.1.4.1.25506.2.2.1.1.2.1.0)=;hh3cTerminalSource(1.3.6.1.4.1.25506.2.2.1.1.2.2.0)=Console. Notification fragmented: SNMP/6/SNMP_NOTIFY: -MDC=1; -PART=1; Notification syslogMsgNotification(1.3.6.1.2.1.192.0.1) with syslogMsgFacility(1.3.6.1.2.1.192.1.2.1.2.1)=23;syslogMsgSeverity(1.3.6.1.2.1.192.1.2.1.3.1)=6;syslogMsgVersion(1.3.6.1.2.1.192.1.2.1.4.1)=1;syslogMsgTimeStamp(1.3.6.1.2.1.192.1.2.1.5.1)=07-e2-04-12-12-26-35-00-00-00-2d-00-00[hex];syslogMsgHostName(1.3.6.1.2.1.192.1.2.1.6.1)=H3C;syslogMsgAppName(1.3.6.1.2.1.192.1.2.1.7.1)=SHELL;syslogMsgProcID(1.3.6.1.2.1.192.1.2.1.8.1)=-;syslogMsgMsgID(1.3.6.1.2.1.192.1.2.1.9.1)=SHELL_CMD;syslogMsgSDParams(1.3.6.1.2.1.192.1.2.1.10.1)=4;syslogMsgMsg(1.3.6.1.2.1.192.1.2.1.11.1)= Command is snmp-agent trap enable syslog;syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.1.12.83.121.115.76.111.99.64.50.53.53.48.54.3.77.68.67)=1;syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.2.12.65.112.112.76.111.99.64.50.53.53.48.54.4.76.105.110.101)=con0. SNMP/6/SNMP_NOTIFY: -MDC=1; -PART=2; Notification syslogMsgNotification(1.3.6.1.2.1.192.0.1) with syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.3.12.65.112.112.76.111.99.64.50.53.53.48.54.6.73.80.65.100.100.114)=**;syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.4.12.65.112.112.76.111.99.64.50.53.53.48.54.4.85.115.101.114)=**. |
Explanation |
The SNMP agent sent a notification. This message displays the notification content. If the notification carries multiple variable bindings and is too long, the system automatically fragments the notification and adds "-PART=xx" before each fragment to indicate the sequence number of the fragment. |
Recommended action |
No action is required. |
SNMP_SET
Message text |
-seqNO=[UINT32]-srcIP=[STRING]-op=SET-errorIndex=[UINT32]-errorStatus=[STRING]-node=[STRING]-value=[STRING]; The agent received a message. |
Variable fields |
$1: Sequence number of an SNMP operation log. $2: IP address of the NMS. $3: Error index of the Set operation. $4: Error status of the Set operation. $5: MIB object name and OID. $6: Value of the MIB object changed by the Set operation. |
Severity level |
6 |
Example |
SNMP/6/SNMP_SET: -seqNO=3-srcIP=192.168.28.28-op=SET-errorIndex=0-errorStatus=noError-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=Hangzhou China; The agent received a message. |
Explanation |
SNMP received a Set request from an NMS. The system logs SNMP operations only when SNMP logging is enabled. |
Recommended action |
No action is required. |
SNMP_USM_NOTINTIMEWINDOW
Message text |
-User=[STRING]-IPAddr=[STRING]; SNMPv3 message is not in the time window. |
Variable fields |
$1: Username. $2: IP address of the NMS. |
Severity level |
4 |
Example |
SNMP/4/SNMP_USM_NOTINTIMEWINDOW: -User=admin-IPAddr=169.254.0.7; SNMPv3 message is not in the time window. |
Explanation |
The SNMPv3 message is not in the time window. |
Recommended action |
No action is required. |
SSHC messages
This section contains SSH client messages.
SSHC_ALGORITHM_MISMATCH
Message text |
Failed to log in to SSH server [STRING] because of [STRING] algorithm mismatch. |
Variable fields |
$1: IP address of the SSH server. $2: Type of the algorithm, including encryption, key exchange, message authentication code (MAC), and public key. |
Severity level |
6 |
Example |
SSHC/6/SSHC_ALGORITHM_MISMATCH: Failed to log in to SSH server 192.168.30.11 because of encryption algorithm mismatch. |
Explanation |
The SSH client failed to log in to the SSH server because they used different algorithms. |
Recommended action |
Make sure the SSH client and the SSH server use the same algorithm. |
SSHS messages
This section contains SSH server messages.
SSHS_ACL_DENY
Message text |
The SSH Connection [IPADDR]([STRING]) request was denied according to ACL rules. |
Variable fields |
$1: IP address of the SSH client. $2: VPN instance to which the IP address of the SSH client belongs. |
Severity level |
5 |
Example |
SSHS/5/SSH_ACL_DENY: The SSH Connection 1.2.3.4(vpn1) request was denied according to ACL rules. |
Explanation |
The SSH server detected a login attempt from the invalid SSH client and denied the connection request of the client based on the SSH login control ACL. |
Recommended action |
No action is required. |
SSHS_ALGORITHM_MISMATCH
Message text |
SSH client [STRING] failed to log in because of [STRING] algorithm mismatch. |
Variable fields |
$1: IP address of the SSH client. $2: Type of the algorithm, including encryption, key exchange, message authentication code (MAC), and public key. |
Severity level |
6 |
Example |
SSHS/6/SSHS_ALGORITHM_MISMATCH: SSH client 192.168.30.117 failed to log in because of encryption algorithm mismatch. |
Explanation |
The SSH client failed to log in to the SSH server because they used different algorithms. |
Recommended action |
Make sure the SSH client and the SSH server use the same algorithm. |
SSHS_AUTH_EXCEED_RETRY_TIMES
Message text |
SSH user [STRING] (IP: [STRING]) failed to log in, because the number of authentication attempts exceeded the upper limit. |
Variable fields |
$1: User name. $2: IP address of the SSH client. |
Severity level |
6 |
Example |
SSHS/6/SSHS_AUTH_EXCEED_RETRY_TIMES: SSH user David (IP: 192.168.30.117) failed to log in, because the number of authentication attempts exceeded the upper limit. |
Explanation |
The number of authentication attempts by an SSH user reached the upper limit. |
Recommended action |
Prompt the SSH user to use the correct login data to try again. |
SSHS_AUTH_FAIL
Message text |
SSH user [STRING] (IP: [STRING]) didn't pass public key authentication for [STRING]. |
Variable fields |
$1: Username. $2: IP address of the SSH client. $3: Failure reasons: · Wrong public key algorithm. · Wrong public key. · Wrong digital signature. |
Severity level |
5 |
Example |
SSHS/5/SSHS_AUTH_FAIL: SSH user David (IP: 192.168.30.117) didn't pass public key authentication for wrong public key algorithm. |
Explanation |
An SSH user failed the publickey authentication. |
Recommended action |
Tell the SSH user to try to log in again. |
SSHS_AUTH_TIMEOUT
Message text |
Authentication timed out for [IPADDR]. |
Variable fields |
$1: IP address of the SSH client. |
Severity level |
6 |
Example |
SSHS/6/SSHS_AUTH_TIMEOUT: Authentication timed out for 1.1.1.1. |
Explanation |
The authentication timeout timer expired, and the SSH user failed the authentication. |
Recommended action |
Make sure the SSH user enters correct authentication information before the authentication timeout timer expires. |
SSHS_CONNECT
Message text |
SSH user [STRING] (IP: [STRING]) connected to the server successfully. |
Variable fields |
$1: Username. $2: IP address of the SSH client. |
Severity level |
6 |
Example |
SSHS/6/SSHS_CONNECT: SSH user David (IP: 192.168.30.117) connected to the server successfully. |
Explanation |
An SSH user logged in to the server successfully. |
Recommended action |
No action is required. |
SSHS_DECRYPT_FAIL
Message text |
The packet from [STRING] failed to be decrypted with [STRING]. |
Variable fields |
$1: IP address of the SSH client. $2: Encryption algorithm, such as AES256-CBC. |
Severity level |
5 |
Example |
SSHS/5/SSHS_DECRYPT_FAIL: The packet from 192.168.30.117 failed to be decrypted with aes256-cbc. |
Explanation |
A packet from an SSH client failed to be decrypted. |
Recommended action |
No action is required. |
SSHS_DISCONNECT
Message text |
SSH user [STRING] (IP: [STRING]) disconnected from the server. |
Variable fields |
$1: Username. $2: IP address of the SSH client. |
Severity level |
6 |
Example |
SSHS/6/SSHS_DISCONNECT: SSH user David (IP: 192.168.30.117) disconnected from the server. |
Explanation |
An SSH user logged out. |
Recommended action |
No action is required. |
SSHS_ENCRYPT_FAIL
Message text |
The packet to [STRING] failed to be encrypted with [STRING]. |
Variable fields |
$1: IP address of the SSH client. $2: Encryption algorithm, such as aes256-cbc. |
Severity level |
5 |
Example |
SSHS/5/SSHS_ENCRYPT_FAIL: The packet to 192.168.30.117 failed to be encrypted with aes256-cbc. |
Explanation |
A packet to an SSH client failed to be encrypted. |
Recommended action |
No action is required. |
SSHS_LOG
Message text |
Authentication failed for [STRING] from [STRING] port [INT32] because of invalid username or wrong password. |
Variable fields |
$1: IP address of the SSH client. $2: Username. $3: Port number. |
Severity level |
6 |
Example |
SSHS/6/SSHS_LOG: Authentication failed for David from 140.1.1.46 port 16266 because of invalid username or wrong password. |
Explanation |
An SSH user failed password authentication because the username or password was wrong. |
Recommended action |
No action is required. |
SSHS_MAC_ERROR
Message text |
SSH server received a packet with wrong message authentication code (MAC) from [STRING]. |
Variable fields |
$1: IP address of the SSH client. |
Severity level |
6 |
Example |
SSHS/6/SSHS_MAC_ERROR: SSH server received a packet with wrong message authentication code (MAC) from 192.168.30.117. |
Explanation |
The SSH server received a packet with a wrong MAC from a client. |
Recommended action |
No action is required. |
SSHS_REACH_SESSION_LIMIT
Message text |
SSH client [STRING] failed to log in. The current number of SSH sessions is [NUMBER]. The maximum number allowed is [NUMBER]. |
Variable fields |
$1: IP address of the SSH client. $2: Current number of SSH sessions. $3: Maximum number of SSH sessions allowed on the device. |
Severity level |
6 |
Example |
SSHS/6/SSHS_REACH_SESSION_LIMIT: SSH client 192.168.30.117 failed to log in. The current number of SSH sessions is 10. The maximum number allowed is 10. |
Explanation |
The number of SSH sessions reached the upper limit. |
Recommended action |
No action is required. |
SSHS_REACH_USER_LIMIT
Message text |
SSH client [STRING] failed to log in, because the number of users reached the upper limit. |
Variable fields |
$1: IP address of the SSH client. |
Severity level |
6 |
Example |
SSHS/6/SSHS_REACH_USER_LIMIT: SSH client 192.168.30.117 failed to log in, because the number of users reached the upper limit. |
Explanation |
The number of SSH users reached the upper limit. |
Recommended action |
No action is required. |
SSHS_SCP_OPER
Message text |
User [STRING] at [IPADDR] requested operation: [STRING]. |
Variable fields |
$1: Username. $2: IP address of the SCP client. $3: Requested file operations: · get file "name"—Downloads file name from the SCP server. · put file "name"—Uploads file name to the SCP server. |
Severity level |
6 |
Example |
SSHS/6/SSHS_SCP_OPER: -MDC=1; User user1 at 1.1.1.1 requested operation: put file "aa". |
Explanation |
The SCP sever received an operation request from an SCP client. |
Recommended action |
No action is required. |
SSHS_SFTP_OPER
Message text |
User [STRING] at [IPADDR] requested operation: [STRING]. |
Variable fields |
$1: Username. $2: IP address of the SFTP client. $3: Requested operations on a file or directory: · open dir "path"—Opens directory path. · open "file" (attribute code code) in MODE mode—Opens file file with attribute code code in MODE mode. · remove file "path"—Deletes file path. · mkdir "path" (attribute code code)—Creates a new directory path with attribute code code. · rmdir "path"—Deletes directory path. · rename old "old-name" to new "new-name"—Changes the name of a file or folder from old-name to new-name. |
Severity level |
6 |
Example |
SSHS/6/SSHS_SFTP_OPER: User user1 at 1.1.1.1 requested operation: open dir "flash:/". |
Explanation |
The SFTP sever received an operation request from an SFTP client. |
Recommended action |
No action is required. |
SSHS_SRV_UNAVAILABLE
Message text |
The [STRING] server is disabled or the [STRING] service type is not supported. |
Variable fields |
$1: Service type: Stelnet, SCP, SFTP, or NETCONF. |
Severity level |
6 |
Example |
SSHS/6/SSHS_SRV_UNAVAILABLE: The SCP server is disabled or the SCP service type is not supported. |
Explanation |
The server was disconnecting the connection because the Stelnet, SCP, SFTP, or NETCONF service is not available. |
Recommended action |
Verify that the Stelnet, SCP, SFTP, or NETCONF service is available and the user configuration is correct. |
SSHS_VERSION_MISMATCH
Message text |
SSH client [STRING] failed to log in because of version mismatch. |
Variable fields |
$1: IP address of the SSH client. |
Severity level |
6 |
Example |
SSHS/6/SSHS_VERSION_MISMATCH: SSH client 192.168.30.117 failed to log in because of version mismatch. |
Explanation |
The SSH client failed to log in to the SSH server because they used different SSH versions. |
Recommended action |
Make sure the SSH client and the SSH server use the same SSH version. |
STAMGR messages
This section contains station management messages.
STAMGR_ADD_FAILVLAN
Message text |
-SSID=[STRING]-UserMAC=[STRING]; Added a user to the Fail VLAN [STRING]. |
Variable fields |
$1: SSID. $2: MAC address of the client. $3: ID of the Fail VLAN. |
Severity level |
5 |
Example |
|
Explanation |
The client failed to pass the authentication and was assigned to the Auth-Fail VLAN. |
Recommended action |
No action is required. |
STAMGR_ADDBAC_INFO
Message text |
Add BAS AC [STRING]. |
Variable fields |
$1: MAC address of the BAS AC. |
Severity level |
6 |
Example |
STAMGR/6/STAMGR_ADDBAC_INFO: Add BAS AC 3ce5-a616-28cd. |
Explanation |
The BAS AC was connected to the master AC. |
Recommended action |
No action is required. |
STAMGR_ADDSTA_INFO
Message text |
Add client [STRING]. |
Variable fields |
$1: MAC address of the client. |
Severity level |
6 |
Example |
STAMGR/6/STAMGR_ADDSTA_INFO: Add client 3ce5-a616-28cd. |
Explanation |
The client was connected to the BAS AC. |
Recommended action |
No action is required. |
STAMGR_AUTHORACL_FAILURE
Message text |
-SSID=[STRING]-UserMAC=[STRING]; Failed to assign an ACL. Reason: [STRING]. |
Variable fields |
$1: SSID. $2: MAC address of the client. $3: Reason: · Not enough hardware resources. · The ACL conflicts with other ACLs. · The ACL doesn't contain any rules. · Unknown error. |
Severity level |
5 |
Example |
|
Explanation |
The authentication server failed to assign an ACL to the client. |
Recommended action |
No action is required. |
STAMGR_AUTHORUSERPROFILE_FAILURE
Message text |
-SSID=[STRING]-UserMAC=[STRING]; Failed to assign a user profile. |
Variable fields |
$1: SSID. $2: MAC address of the client. |
Severity level |
5 |
Example |
|
Explanation |
The authentication server failed to assign a user profile to the client. |
Recommended action |
No action is required. |
STAMGR_CLIENT_OFFLINE
Message text |
Client [STRING] went offline from BSS [STRING] with [STRING]. State changed to Unauth. |
Variable fields |
$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template. |
Severity level |
6 |
Example |
STAMGR/6/STAMGR_CLIENT_OFFLINE: Client 0023-8933-2147 went offline from BSS 0023-12ef-78dc with SSID abc. State changed to Unauth. |
Explanation |
The client went offline from the BSS. The state of the client changed to Unauth. |
Recommended action |
To resolve the problem: 1. Examine whether the AP and its radios operate correctly if the client went offline abnormally. 2. If they do not operate correctly, check the debugging information to locate the problem and resolve it. 3. If the problem persists, contact H3C Support. |
STAMGR_CLIENT_ONLINE
Message text |
Client [STRING] went online from BSS [STRING] with SSID [STRING]. State changed to Run. |
Variable fields |
$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template. |
Severity level |
6 |
Example |
STAMGR/6/STAMGR_CLIENT_ONLINE: Client 0023-8933-2147 went online from BSS 0023-12ef-78dc with SSID abc. State changed to Run. |
Explanation |
The client came online from the BSS. The state of the client changed to Run. |
Recommended action |
No action is required. |
STAMGR_DELBAC_INFO
Message text |
Delete BAS AC [STRING]. |
Variable fields |
$1: MAC address of the BAS AC. |
Severity level |
6 |
Example |
STAMGR/6/STAMGR_DELBAC_INFO: Delete BAS AC 3ce5-a616-28cd. |
Explanation |
The BAS AC was disconnected from the master AC. |
Recommended action |
No action is required. |
STAMGR_DELSTA_INFO
Message text |
Delete client [STRING]. |
Variable fields |
$1: MAC address of the client. |
Severity level |
6 |
Example |
STAMGR/6/STAMGR_DELSTA_INFO: Delete client 3ce5-a616-28cd. |
Explanation |
The client was disconnected from the BAS AC. |
Recommended action |
No action is required. |
STAMGR_DOT1X_LOGIN_FAILURE
Message text |
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. |
Severity level |
5 |
Example |
|
Explanation |
The client failed to pass 802.1X authentication. The failure can be caused by one of the following reasons: · Unavailable AAA server. · Incorrect username or password. |
Recommended action |
To resolve the problem: 1. Examine the network connection between the device and the AAA server. 2. Verify that the AAA server works correctly. 3. Verify that the AAA server is configured with the correct username and password. 4. If the problem persists, contact H3C Support. |
STAMGR_DOT1X_LOGIN_SUCC
Message text |
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. |
Severity level |
6 |
Example |
|
Explanation |
The client came online after passing 802.1X authentication. |
Recommended action |
No action is required. |
STAMGR_DOT1X_LOGOFF
Message text |
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. |
Severity level |
6 |
Example |
|
Explanation |
The 802.1X authenticated client was logged off. |
Recommended action |
No action is required. |
STAMGR_MACA_LOGIN_FAILURE
Message text |
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. $5: Username format: · fixed. · MAC address. |
Severity level |
5 |
Example |
|
Explanation |
The client failed to pass MAC authentication. The failure can be caused by one of the following reasons: · Unavailable AAA server. · Incorrect username or password. |
Recommended action |
To resolve the problem: 1. Examine the network connection between the device and the AAA server. 2. Verify that the AAA server works correctly. 3. Verify that the AAA server is configured with the correct username and password. 4. If the problem persists, contact H3C Support. |
STAMGR_MACA_LOGIN_SUCC
Message text |
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. $5: Username format: · fixed. · MAC address. |
Severity level |
6 |
Example |
|
Explanation |
The client came online after passing MAC authentication. |
Recommended action |
No action is required. |
STAMGR_MACA_LOGOFF
Message text |
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. $5: Username format: · fixed. · MAC address. |
Severity level |
6 |
Example |
|
Explanation |
The MAC authenticated client was logged off. |
Recommended action |
No action is required. |
STAMGR_STAIPCHANGE_INFO
Message text |
IP address of client [STRING] changed to [STRING]. |
Variable fields |
$1: MAC address of the client. $1: New IP address of the client. |
Severity level |
6 |
Example |
STAMGR/6/STAMGR_STAIPCHANGE_INFO: IP address of client 3ce5-a616-28cd changed to 4.4.4.4. |
Explanation |
The IP address of the client was updated. |
Recommended action |
No action is required. |
STAMGR_TRIGGER_IP
Message text |
-SSID=[STRING]-UserMAC=[STRING]-VLANID=[STRING]; Intrusion protection triggered. Action: [STRING]. |
Variable fields |
$1: SSID. $2: MAC address of the client. $4: VLAN ID. $5: Action: Added the user to the blocked MAC address list. Closed the user's BSS temporarily. · Closed the user's BSS permanently. |
Severity level |
5 |
Example |
|
Explanation |
Intrusion protection was triggered and the action was displayed. |
Recommended action |
No action is required. |
STP messages
This section contains STP messages.
STP_BPDU_PROTECTION
Message text |
BPDU-Protection port [STRING] received BPDUs. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
STP/4/STP_BPDU_PROTECTION: BPDU-Protection port GigabitEthernet1/0/1 received BPDUs. |
Explanation |
A BPDU-guard-enabled port received BPDUs. |
Recommended action |
Check whether the downstream device is a terminal and check for possible attacks from the downstream device or other devices. |
STP_BPDU_RECEIVE_EXPIRY
Message text |
Instance [UINT32]'s port [STRING] received no BPDU within the rcvdInfoWhile interval. Information of the port aged out. |
Variable fields |
$1: Instance ID. $2: Interface name. |
Severity level |
5 |
Example |
STP/5/STP_BPDU_RECEIVE_EXPIRY: Instance 0's port GigabitEthernet1/0/1 received no BPDU within the rcvdInfoWhile interval. Information of the port aged out. |
Explanation |
The state of a non-designated port changed because the port did not receive a BPDU within the max age. |
Recommended action |
Check the STP status of the upstream device and possible attacks from other devices. |
STP_CONSISTENCY_RESTORATION
Message text |
|
Variable fields |
$1: VLAN ID. $2: Interface name. |
Severity level |
6 |
Example |
STP/6/STP_CONSISTENCY_RESTORATION: Consistency restored on VLAN 10's port GigabitEthernet1/0/1. |
Explanation |
Port link type or PVID inconsistency was removed on a port. |
Recommended action |
No action is required. |
STP_DETECTED_TC
Message text |
[STRING] [UINT32]'s port [STRING] detected a topology change. |
Variable fields |
$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name. |
Severity level |
6 |
Example |
STP/6/STP_DETECTED_TC: Instance 0's port GigabitEthernet1/0/1 detected a topology change. |
Explanation |
The MSTP instance or VLAN to which a port belongs had a topology change, and the local end detected the change. |
Recommended action |
Identify the topology change cause and handle the issue. For example, if the change is caused by a link down event, recover the link. |
STP_DISABLE
Message text |
STP is now disabled on the device. |
Variable fields |
N/A |
Severity level |
6 |
Example |
STP/6/STP_DISABLE: STP is now disabled on the device. |
Explanation |
STP was globally disabled on the device. |
Recommended action |
No action is required. |
STP_DISCARDING
Message text |
Instance [UINT32]'s port [STRING] has been set to discarding state. |
Variable fields |
$1: Instance ID. $2: Interface name. |
Severity level |
6 |
Example |
STP/6/STP_DISCARDING: Instance 0's port GigabitEthernet1/0/1 has been set to discarding state. |
Explanation |
MSTP calculated the state of ports within an instance, and a port was set to the discarding state. |
Recommended action |
No action is required. |
STP_ENABLE
Message text |
STP is now enabled on the device. |
Variable fields |
N/A |
Severity level |
6 |
Example |
STP/6/STP_ENABLE: STP is now enabled on the device. |
Explanation |
STP was globally enabled on the device. |
Recommended action |
No action is required. |
STP_FORWARDING
Message text |
Instance [UINT32]'s port [STRING] has been set to forwarding state. |
Variable fields |
$1: Instance ID. $2: Interface name. |
Severity level |
6 |
Example |
STP/6/STP_FORWARDING: Instance 0's port GigabitEthernet1/0/1 has been set to forwarding state. |
Explanation |
MSTP calculated the state of ports within an instance, and a port was set to the forwarding state. |
Recommended action |
No action is required. |
STP_LOOP_PROTECTION
Message text |
Instance [UINT32]'s LOOP-Protection port [STRING] failed to receive configuration BPDUs. |
Variable fields |
$1: Instance ID. $2: Interface name. |
Severity level |
4 |
Example |
STP/4/STP_LOOP_PROTECTION: Instance 0's LOOP-Protection port GigabitEthernet1/0/1 failed to receive configuration BPDUs. |
Explanation |
A loop-guard-enabled port failed to receive configuration BPDUs. |
Recommended action |
Check the STP status of the upstream device and possible attacks from other devices. |
STP_NOT_ROOT
Message text |
The current switch is no longer the root of instance [UINT32]. |
Variable fields |
$1: Instance ID. |
Severity level |
5 |
Example |
STP/5/STP_NOT_ROOT: The current switch is no longer the root of instance 0. |
Explanation |
The current switch is no longer the root bridge of an instance. It received a superior BPDU after it was configured as the root bridge. |
Recommended action |
Check the bridge priority configuration and possible attacks from other devices. |
STP_NOTIFIED_TC
Message text |
[STRING] [UINT32]'s port [STRING] was notified of a topology change. |
Variable fields |
$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name. |
Severity level |
6 |
Example |
STP/6/STP_NOTIFIED_TC: Instance 0's port GigabitEthernet1/0/1 was notified of a topology change. |
Explanation |
The neighboring device on a port notified the current device that a topology change occurred in the instance or VLAN to which the port belongs. |
Recommended action |
Identify the topology change cause and handle the issue. For example, if the change is caused by a link down event, recover the link. |
STP_PORT_TYPE_INCONSISTENCY
Message text |
Access port [STRING] in VLAN [UINT32] received PVST BPDUs from a trunk or hybrid port. |
Variable fields |
$1: Interface name. $2: VLAN ID. |
Severity level |
4 |
Example |
|
Explanation |
An access port received PVST BPDUs from a trunk or hybrid port. |
Recommended action |
Check the port link type setting on the ports. |
STP_PVID_INCONSISTENCY
Message text |
Port [STRING] with PVID [UINT32] received PVST BPDUs from a port with PVID [UINT32]. |
Variable fields |
$1: Interface name. $2: VLAN ID. $3: VLAN ID. |
Severity level |
4 |
Example |
|
Explanation |
A port received PVST BPDUs from a remote port with a different PVID. |
Recommended action |
Verify that the PVID is consistent on both ports. |
STP_PVST_BPDU_PROTECTION
Message text |
PVST BPDUs were received on port [STRING], which is enabled with PVST BPDU protection. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
|
Explanation |
In MSTP mode, a port enabled with PVST BPDU guard received PVST BPDUs. |
Recommended action |
Identify the device that sends the PVST BPDUs. |
STP_ROOT_PROTECTION
Message text |
Instance [UINT32]'s ROOT-Protection port [STRING] received superior BPDUs. |
Variable fields |
$1: Instance ID. $2: Interface name. |
Severity level |
4 |
Example |
STP/4/STP_ROOT_PROTECTION: Instance 0's ROOT-Protection port GigabitEthernet1/0/1 received superior BPDUs. |
Explanation |
A root-guard-enabled port received BPDUs that are superior to the BPDUs generated by itself. |
Recommended action |
Check the bridge priority configuration and possible attacks from other devices. |
STRUNK
This section contains smart trunk messages.
STRUNK_DROPPACKET_INCONSISTENCY
Message text |
Smart trunk [UINT32] dropped the S-Trunk protocol packet because [STRING]. |
Variable fields |
$1: Smart trunk ID. $2: Reason for dropping packets: · the source and destination IP addresses or VPN instance of S-Trunk protocol packets are not configured on the local device. · the packet's source or destination IP address does not match the local configuration. · the VPN instance of S-Trunk protocol packets is different from the local VPN instance. · the sequence number check failed. · key verification failed. |
Severity level |
4 |
Example |
STRUNK/4/STRUNK_DROPPACKET_INCONSISTENCY: Smart trunk 10 dropped the S-Trunk protocol packet because key verification failed. |
Explanation |
The configurations on the local and the peer devices are inconsistent. |
Recommended action |
1. Verify that the configurations are consistent on the local and the peer devices in the smart trunk. 2. If the configurations in the smart trunk are consistent, verify that the illegitimate packets are present. |
STRUNK_MEMBER_ROLE_CHANGE
Message text |
Smart trunk member role changed: Interface type=[STRING], interface number=[UINT32], previous role (trigger)=[STRING] ([STRING]), new role (trigger)=[STRING] ([STRING]) |
Variable fields |
$1: Member interface type in the smart trunk, including BAGG and RAGG. $2: Member interface number. $3: Previous role of the interface: · Primary. · Secondary. $4: Reason for previous role of the interface: · MANUAL_SECONDARY—The member interface is assigned the secondary role in the smart trunk. · MANUAL_PRIMARY—The member interface is assigned the primary role in the smart trunk. · STRUNK_INIT—The smart trunk is initializing. · AUTO_SECONDARY—The local device in the smart trunk is secondary. · AUTO_PRIMARY—The local device in the smart trunk is primary. · PEER_MEMBER_DOWN—The peer member interface is down. · PEER_MEMBER_UP—The peer member interface is up. $5: Current role of the interface: · Primary. · Secondary. $6: Reason for current role of the interface: · MANUAL_SECONDARY—The member interface is assigned the secondary role in the smart trunk. · MANUAL_PRIMARY—The member interface is assigned the primary role in the smart trunk. · STRUNK_INIT—The smart trunk is initializing. · AUTO_SECONDARY—The local device in the smart trunk is secondary. · AUTO_PRIMARY—The local device in the smart trunk is primary. · PEER_MEMBER_DOWN—The peer member interface is down. · PEER_MEMBER_UP—The peer member interface is up. |
Severity level |
5 |
Example |
STRUNK/5/STRUNK_MEMBER_ROLE_CHANGE: Smart trunk member role changed: Interface type=BAGG, interface number=1, previous role (trigger)=Secondary (STRUNK_INIT), new role (trigger)=Primary (MANUAL_PRIMARY). |
Explanation |
Smart trunk member interface role changed. |
Recommended action |
· Verify that the local or peer member device is operating correctly. · Verify that the local or peer member interface is down. |
STRUNK_PDUINTERVAL_MISMATCH
Message text |
Smart trunk [UINT32] has a packet transmission interval different than the peer device. |
Variable fields |
$1: Smart trunk ID. |
Severity level |
5 |
Example |
STRUNK/5/STRUNK_PDUINTERVAL_MISMATCH: Smart trunk 1 has a packet transmission interval different than the peer device. |
Explanation |
The interval on the local device for sending S-Trunk protocol packets is different from the peer in the smart trunk. One of the devices times out incorrectly. |
Recommended action |
Set the same interval for sending S-Trunk protocol packets in the smart trunk. |
STRUNK_RECEIVE_TIMEOUT
Message text |
Hello timeout timer expired on smart trunk [UINT32]. |
Variable fields |
$1: Smart trunk ID. |
Severity level |
4 |
Example |
STRUNK/4/STRUNK_RECEIVE_TIMEOUT: Hello timeout timer expired on smart trunk 1. |
Explanation |
The local device does not receive S-Trunk protocol packets from the peer before the timeout timer expires. |
Recommended action |
· Verify that the S-Trunk link is up. · Verify that the CPU is occupying too much resource. |
STRUNK_ROLE_CHANGE
Message text |
The role of the device changed in a smart trunk: Smart trunk ID=[UINT32], previous role (trigger)=[STRING] ([STRING]), new role (trigger)=[STRING] ([STRING]) |
Variable fields |
$1: Smart trunk ID. $2: Previous role in the smart trunk: · Init—Initialized. · Primary. · Secondary. $4: Reason for previous role in the smart trunk: · INIT—The smart trunk is initializing. · PRIORITY—The role in the smart trunk depends on the priority. · TIMEOUT—The local device becomes primary for not receiving S-Trunk protocol packets from the peer before the timeout timer expires. · PEER_TIMEOUT—The peer device becomes primary for not receiving S-Trunk protocol packets from the local before the timeout timer expires. · BFD_DOWN—The local device detects that the link is down between the local and the peer through BFD. · PEER_BFD_DOWN—The peer device detects that the link is down between the local and the peer through BFD. $5: Current role in the smart trunk: · Init—Initialized. · Primary. · Secondary. $6: Reason for current role in the smart trunk: · INIT—The smart trunk is initializing. · PRIORITY—The role of the smart trunk depends on the priority. · TIMEOUT—The local device becomes primary for not receiving S-Trunk protocol packets from the peer before the timeout timer expires. · PEER_TIMEOUT—The peer device becomes primary for not receiving S-Trunk protocol packets from the local before the timeout timer expires. · BFD_DOWN—The local device detects that the link is down between the local and the peer through BFD. · PEER_BFD_DOWN—The peer device detects that the link is down between the local and the peer through BFD. |
Severity level |
5 |
Example |
STRUNK/5/STRUNK_ROLE_CHANGE: The role of the device changed in a smart trunk: Smart trunk ID=1, previous role (trigger)=Init (INIT), new role (trigger)=Secondary (PRIORITY) |
Explanation |
The smart trunk role changed. |
Recommended action |
Verify that the link between the devices in the smart trunk is Layer 3 reachable. |
SYSLOG messages
This section contains syslog messages.
SYSLOG_FILE_DECOMPRESS_ERROR
Message text |
Failed to decompress [STRING]. |
Variable fields |
$1: Name and path of the file to be decompressed. |
Severity level |
4 |
Example |
SYSLOG/4/SYSLOG_FILE_DECOMPRESS_ERROR: Failed to decompress flash:/logfile/logfile1.log.gz. |
Explanation |
Failed to decompress a file. |
Recommended action |
1. In user view, execute the dir command to check the storage usage of the storage device. If not enough storage space is available, use the delete /unreserved command to delete unnecessary files. 2. If the problem persists, contact H3C Support. |
SYSLOG_LOGFILE_FULL
Message text |
Log file space is full. |
Variable fields |
N/A |
Severity level |
4 |
Example |
SYSLOG/4/SYSLOG_LOGFILE_FULL: Log file space is full. |
Explanation |
The log file is full. |
Recommended action |
Back up the log file, remove the original file, and then bring up interfaces as needed. |
SYSLOG_RESTART
Message text |
System restarted -- [STRING] [STRING] Software. |
Variable fields |
$1: Company name. $2: Software name. |
Severity level |
6 |
Example |
SYSLOG/6/SYSLOG_RESTART: System restarted -- H3C Comware Software |
Explanation |
A system restart log was generated. |
Recommended action |
No action is required. |
SYSLOG_RTM_EVENT_BUFFER_FULL
Message text |
In the last minute, [String] syslog logs were not monitored because the buffer was full. |
Variable fields |
$1: Number of system logs that were not sent to the EAA module in the last minute. |
Severity level |
5 |
Example |
SYSLOG/5/SYSLOG_RTM_EVENT_BUFFER_FULL: In the last minute, 100 syslog logs were not monitored because the buffer was full. |
Explanation |
This message records the number of system logs that are not processed by EAA because the log buffer monitored by EAA is full. The log buffer can be filled up if the device generates large numbers of system logs in a short period of time. |
Recommended action |
· Identify log sources and take actions to reduce system logs. · Use the rtm event syslog buffer-size command to increase the log buffer size. |
TACACS messages
This section contains TACACS messages.
TACACS_AUTH_FAILURE
Message text |
User [STRING] from [STRING] failed authentication. |
Variable fields |
$1: Username. $2: IP address. |
Severity level |
5 |
Example |
TACACS/5/TACACS_AUTH_FAILURE: User cwf@system from 192.168.0.22 failed authentication. |
Explanation |
An authentication request was rejected by the TACACS server. |
Recommended action |
No action is required. |
TACACS_AUTH_SUCCESS
Message text |
User [STRING] from [STRING] was authenticated successfully. |
Variable fields |
$1: Username. $2: IP address. |
Severity level |
6 |
Example |
TACACS/6/TACACS_AUTH_SUCCESS: User cwf@system from 192.168.0.22 was authenticated successfully. |
Explanation |
An authentication request was accepted by the TACACS server. |
Recommended action |
No action is required. |
TACACS_DELETE_HOST_FAIL
Message text |
Failed to delete servers in scheme [STRING]. |
Variable fields |
$1: Scheme name. |
Severity level |
4 |
Example |
TACACS/4/TACACS_DELETE_HOST_FAIL: Failed to delete servers in scheme abc. |
Explanation |
Failed to delete servers from a TACACS scheme. |
Recommended action |
No action is required. |
TBDL messages
This section contains TBDL messages.
TBDL_SWICH_P
Message text |
Tunnel-bundle[STRING]: Switched from working tunnel [STRING] to protection tunnel [STRING]. |
Variable fields |
$1: Tunnel bundle interface information. $2: Working tunnel information. $3: Protection tunnel information. |
Severity level |
5 |
Example |
TBDL/5/TBDL_SWITCH_P: Tunnel-bundle1: Switched from working tunnel tunnel1 to protection tunnel tunnel2. |
Explanation |
Traffic is switched to the protection tunnel because the working tunnel has failed. |
Recommended action |
No action is required. |
TBDL_SWICH_W
Message text |
Tunnel-bundle[STRING]: Switched from protection tunnel [STRING] to working tunnel [STRING]. |
Variable fields |
$1: Tunnel bundle interface information. $2: Protection tunnel information. $3: Working tunnel information. |
Severity level |
5 |
Example |
TBDL/5/TBDL_SWITCH_W: Tunnel-bundle1: Switched from protection tunnel tunnel1 to working tunnel tunnel2. |
Explanation |
Traffic is switched to the working tunnel because the working tunnel has recovered. |
Recommended action |
No action is required. |
TE messages
This section contains TE messages.
TE_BACKUP_SWITCH
Message text |
Tunnel [UNIT] ( [STRING] ): [STRING]. [STRING] |
Variable fields |
$1: Primary tunnel information. $2: LSP information. $3: Session status: · Backup tunnel ready—Hot standby is enabled. No primary/backup tunnel switchover is triggered. · Backup tunnel used—Hot standby is enabled. Traffic is switched from the primary tunnel to the backup tunnel. · Backup tunnel disabled—Hot standby is disabled. · Main tunnel recovered—The primary tunnel has recovered. The traffic is switched back to the primary tunnel. $4: LSP path information, including IP addresses of the LSR interfaces, and LSR IDs or flag values of the LSRs that the LSP path traverses. This field is displayed only when the session status is Backup tunnel used or Main tunnel recovered. |
Severity level |
5 |
Example |
TE/5/TE_BACKUP_SWITCH: Tunnel 5 ( IngressLsrID=1.1.1.8 EgressLsrID=2.2.2.8 LSPID=100 Bandwidth=1000kbps ): Backup tunnel used. Current LSP path is 10.1.1.1/32(flag=0x00) - 10.1.1.2/32(flag=0x00) - 1151(flag=0x01) - 2.2.2.8/32(flag=0x20). |
Explanation |
This log is generated when a hot standby or segment routing tunnel is established or removed, or a primary/backup tunnel switchover is triggered. |
Recommended action |
No action is required. |
TE_MBB_SWITCH
Message text |
Tunnel [STRING] ( [STRING] ): Make before break triggered by [STRING]. [STRING] |
Variable fields |
$1: Primary tunnel information. $2: LSP information. $3: Events that have triggered make-before-break: · configuration change. · FRR used. · reoptimize timer expiration. · automatic bandwidth adjustment. · stateful PCE updated. $4: LSP path information, including IP addresses of the LSR interfaces, and LSR IDs or flag values of the LSRs that the LSP path traverses. |
Severity level |
5 |
Example |
TE/5/TE_MBB_SWITCH: Tunnel 5: Make before break triggered by configuration change. |
Explanation |
TE/5/TE_MBB_SWITCH: Tunnel 5 ( IngressLsrID=1.1.1.8 EgressLsrID=2.2.2.8 LSPID=100 Bandwidth=1000kbps ): Make-before-break triggered by configuration change. Current LSP path is 10.1.1.1/32(flag=0x00) - 10.1.1.2/32(flag=0x00) - 1151(flag=0x01) - 2.2.2.8/32(flag=0x20). |
Recommended action |
No action is required. |
TE_TUNNEL_NESTING
Message text |
Tunnel[STRING] had the nesting issue. |
Variable fields |
$1: Tunnel ID. |
Severity level |
4 |
Example |
TE/4/TE_TUNNEL_NESTING: -MDC=1; Tunnel1002 had the nesting issue. |
Explanation |
The explicit path used by the tunnel contains a SID node that identifies a tunnel (which was configured by using the nextsid [ index index-number ] label label-value type binding-sid command). However, the tunnel nesting was wrong, causing packet forwarding failure. |
Recommended action |
· Delete the configuration set by the nextsid [ index index-number ] label label-value type binding-sid command for the tunnel. · Check the nextsid configuration for the tunnel to eliminate the following errors: ¡ Self-nesting. The tunnel specified by the binding SID is the current tunnel itself. ¡ Multi-level nesting. The device supports only one-level of tunnel nesting. ¡ Looped nesting. For example, the tunnel (tunnel A) nested another tunnel (tunnel B), and tunnel B nested tunnel A. |
TE_LABEL_DUPLICATE
Message text |
Binding SID label [STRING] for tunnel [STRING] is duplicate. |
Variable fields |
$1: Value of the BSID label for the tunnel. $2: Tunnel ID. |
Severity level |
4 |
Example |
TE/4/TE_LABEL_DUPLICATE: -MDC=1; Binding SID label 1200 for tunnel 1 is duplicate. |
Explanation |
The BSID label assigned to the MPLS TE tunnel has already been occupied. |
Recommended action |
· Keep using the specified BSID label: a. Execute the display mpls label command to view the protocol that is using the label, and then release the label. b. Delete the BSID configuration of the tunnel, and then respecify the BSID for the tunnel. · Use another label as the BSID of the tunnel: delete the current BSID configuration of the tunnel, and then respecify an unused label as the BSID for the tunnel. |
TELNETD messages
This section contains Telnet daemon messages.
TELNETD_ACL_DENY
Message text |
The Telnet Connection [IPADDR]([STRING]) request was denied according to ACL rules. |
Variable fields |
$1: IP address of the Telnet client. $2: VPN instance to which the Telnet client belongs. |
Severity level |
5 |
Example |
TELNETD/5/TELNETD_ACL_DENY: The Telnet Connection 1.2.3.4(vpn1) request was denied according to ACL rules. |
Explanation |
The Telnet server denied a connection request based on the access control ACL. |
Recommended action |
N/A |
TELNETD_REACH_SESSION_LIMIT
Message text |
Telnet client [STRING] failed to log in. The current number of Telnet sessions is [NUMBER]. The maximum number allowed is ([NUMBER]). |
Variable fields |
$1: IP address of the Telnet client. $2: Current number of Telnet sessions. $3: Maximum number of Telnet sessions allowed by the device. |
Severity level |
|
Example |
|
Explanation |
The number of Telnet connections reached the limit. |
Recommended action |
1. Use the display current-configuration | include session-limit command to view the current limit for Telnet connections. If the command does not display the limit, the device is using the default setting. 2. If you want to set a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required. |
TRILL messages
This section contains TRILL messages.
TRILL_DUP_SYSTEMID
Message text |
Duplicate system ID [STRING] in [STRING] PDU sourced from RBridge 0x[HEX]. |
Variable fields |
$1: System ID. $2: PDU type. $3: Source RBridge's nickname. |
Severity level |
5 |
Example |
TRILL/5/TRILL_DUP_SYSTEMID: Duplicate system ID 0011.2200.1501 in LSP PDU sourced from RBridge 0xc758. |
Explanation |
The local RBridge received an LSP or IIH PDU that has the same system ID as the local RBridge. The possible reasons include: · The same system ID is assigned to the local RBridge and the remote RBridge. · The local RBridge received a self-generated LSP PDU with an old nickname. |
Recommended action |
Please check the RBridge system IDs on the campus network. |
TRILL_INTF_CAPABILITY
Message text |
The interface [STRING] does not support TRILL. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
TRILL/4/TRILL_INTF_CAPABILITY: The interface GigabitEthernet0/1/3 does not support TRILL. |
Explanation |
An interface that does not support TRILL is assigned to a link aggregation group. |
Recommended action |
Remove the interface that does not support TRILL from the link aggregation group. |
TRILL_LICENSE_EXPIRED
Message text |
The TRILL feature is being disabled, because its license has expired. |
Variable fields |
N/A |
Severity level |
5 |
Example |
TRILL/5/TRILL_LICENSE_EXPIRED: The TRILL feature is being disabled, because its license has expired. |
Explanation |
The TRILL license has expired. |
Recommended action |
Check the TRILL license. |
TRILL_MEM_ALERT
Message text |
TRILL process receive system memory alert [STRING] event. |
Variable fields |
$1: Type of the memory alert event. |
Severity level |
5 |
Example |
TRILL/5/TRILL_MEM_ALERT: TRILL process receive system memory alert start event. |
Explanation |
TRILL receives a memory alert event from the system. |
Recommended action |
Check the system memory. |
TRILL_NBR_CHG
Message text |
TRILL [UINT32], [STRING] adjacency [STRING] ([STRING]), state changed to [STRING]. |
Variable fields |
$1: TRILL process ID. $2: Neighbor level. $3: Neighbor system ID. $4: Interface name. $5: Current neighbor state: · up—The neighbor has been established, and can operate correctly. · initializing—The neighbor is being initialized. · down—The neighbor is down. |
Severity level |
5 |
Example |
TRILL/5/TRILL_NBR_CHG: TRILL 1, Level-1 adjacency 0011.2200.1501 (GigabitEthernet0/1/3), state changed to down. |
Explanation |
The state of a TRILL neighbor changed. |
Recommended action |
When the neighbor state changed to down or initializing, please check the TRILL configuration and network status according to the reason for the neighbor state change. |
TRILL_NO_LICENSE
Message text |
The TRILL feature has no license. |
Variable fields |
N/A |
Severity level |
5 |
Example |
TRILL/5/TRILL_NO_LICENSE: The TRILL feature has no license. |
Explanation |
The TRILL feature has no license. |
Recommended action |
Install a valid license for TRILL. |
UCM
This section contains UCM messages.
UCM_SESSIONS_LOWER_THRESHOLD
Message text |
The access user session number is below the lower warning threshold (LowerThreshold=[INT32]). |
Variable fields |
$1: Lower online access user session count alarm threshold. |
Severity level |
4 |
Example |
UCM/4/UCM_SESSIONS_LOWER_THRESHOLD: The access user session number is below the lower warning threshold (LowerThreshold=20). |
Explanation |
The online access user session count is below the lower threshold. |
Recommended action |
1. Execute the display access-user command to display total number of access users. 2. Identify whether a large number of access users go offline abnormally. |
UCM_SESSIONS_RECOVER_NORMAL
Message text |
The access user session number has recovered to normal state. |
Variable fields |
N/A |
Severity level |
5 |
Example |
UCM/5/UCM_SESSIONS_RECOVER_NORMAL: The access user session number has recovered to normal state. |
Explanation |
The online access user session count has recovered to the normal state. |
Recommended action |
No action is required. |
UCM_SESSIONS_UPPER_THRESHOLD
Message text |
The access user session number is above the upper warning threshold (UpperThreshold=[INT32]). |
Variable fields |
$1: Upper online access user session count alarm threshold. |
Severity level |
4 |
Example |
UCM/4/ UCM_SESSIONS_UPPER_THRESHOLD: The access user session number is above the upper warning threshold (UpperThreshold=20). |
Explanation |
The online access user session count is above the upper threshold. |
Recommended action |
1. Execute the display access-user command to display total number of access users. 2. Identify whether a large number of illegal access users come online. |
USER_LOGON_SUCCESS
Message text |
-UserName=[STRING]-IPv4Addr=[IPADDR]-IPv6Addr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-RemoteTunnelIPAddr=[STRING]-RemoteTunnelName=[STRING]; The user came online successfully. |
Variable fields |
$1: Username. $2: User IPv4 address. $3: User IPv6 address. $4: Interface name. $5: Outer VLAN ID. $6: Inner VLAN ID. $7: MAC address. $8: Remote tunnel address. $9: Remote tunnel name. |
Severity level |
6 |
Example |
UCM/6/USER_LOGON_SUCCESS: -UserName=user1-IPv4Addr=1.1.0.1-IPv6Addr=N/A-IfName=Bas-interface0-OuterVLAN=N/A-InnerVLAN=N/A-MACAddr=FFFF-FFFF-FFFF-RemoteTunnelIPAddr=123.1.1.2-RemoteTunnelName=LAC; The user came online successfully. |
Explanation |
The user came online successfully |
Recommended action |
No action is required. |
USER_TRACEINFO
Message text |
[objectID=[UINT16]][slotID=[UINT16]][STRING][user info: [STRING] ][trace info:[STRING]] |
Variable fields |
$1: Service tracing object ID. $2: Slot number of the access user. $3: Service tracing phase. Possible values include PPPoE, L2TP, PPP, IPoE, UCM, and AAA. $4: User information. For more information about user information, see Table 3. $5: Detailed service tracing information. For detailed service tracing information in each service tracing phase, see the following information: ¡ For detailed information in PPPoE phases, see Table 4. ¡ For detailed information in L2TP phases, see Table 5. ¡ For detailed information in PPP phases, see Table 6. ¡ For detailed information in IPoE phases, see Table 7. ¡ For detailed information in portal phases, see Table 8. ¡ For detailed information in UCM phases, see Table 9. ¡ For detailed information in AAA phases, see Table 10. ¡ For detailed information in DHCP phases, see Table 11. ¡ For detailed information in ARP phases, see Table 12. ¡ For detailed information in ND phases, see Table 13. ¡ For detailed information in IGMP phases, see Table 14. ¡ For detailed information in MLD phases, see Table 15. |
Severity level |
7 |
Example |
USER/7/USER_TRACEINFO:[objectID=1][slotID=0][UCM][user info: MAC address: 0000-0000-0020 IP address: 2.2.2.8 Access interface: GigabitEthernet1/0/1 User name: 2.2.2.8 Access mode: IPoE ] [trace info:[Adapt State]UserID:4, ConnectID:0, Receive MODIFY event, current state is ADDED] |
Explanation |
The service tracing object with ID 1 in the UCM phase received a MODIFY event message from GigabitEthernet 1/0/1 in slot 1. |
Recommended action |
No action is required. |
Traced user information description table
Table 3 Traced user information description table
Field |
Description |
MAC address |
MAC address of the access user. |
Access interface |
Access interface of the access user. |
Service VLAN |
Outer VLAN ID of the access user. |
Customer VLAN |
Inner VLAN ID of the access user. |
Tunnel ID |
L2TP tunnel ID of the access user. |
Username |
Username of the access user. |
IP address |
IP address of the access user. |
Access mode |
Access mode of the service tracing object. |
Detailed information of traced objects
1. PPPoE
Table 4 Detailed information of traced objects (PPPoE)
Field |
Description |
Received a PADI packet |
The PPPoE sever received a PADI packet from the PPPoE client. |
Sent a PADO packet |
The PPPoE sever sent a PADO packet to the PPPoE client. |
Received a PADR packet |
The PPPoE sever received a PADR packet from the PPPoE client. |
Established a PPPoE session successfully. Notified PPP to create session (session ID=sessionid) |
A PPPoE session was successfully established. UCM notified PPP to create the session with the specified session ID. |
Sent a PADS packet |
The PPPoE sever sent a PADS packet to the PPPoE client. |
Established a PPPoE session successfully. Notified PPP to start session negotiation (session ID=sessionid) |
A PPPoE session was successfully established. UCM notified PPP to start session negotiation with the specified session ID. |
Received a PADT packet |
The PPPoE sever received a PADT packet from the PPPoE client. |
Deleted the PPPoE session successfully. |
The PPPoE session was successfully deleted. |
Sent a PADT packet |
The PPPoE sever sent a PADT packet to the PPPoE client. |
2. L2TP
Table 5 Detailed information of traced objects (L2TP)
Field |
Description |
PPP notified LAC up and L2TP started a tunnel establishment process |
PPP notified the LAC up event, and the LAC started L2TP tunnel negotiation. |
PPP notified LAC up and L2TP started establishing a session within a middle state L2TP tunnel |
PPP notified the LAC up event, and the LAC started L2TP session negotiation in an L2TP tunnel in a middle state. |
PPP notified LAC up and L2TP started establishing a session within an L2TP tunnel |
PPP notified the LAC up event, and the LAC started L2TP session negotiation in an established L2TP tunnel. |
Sent an ICRQ packet to LNS, TunnelID=tunnelid, SessionID=sessionid |
The LAC sent an ICRQ to the LNS. The parameters are as follows: · TunnelID—L2TP tunnel ID. · SessionID—L2TP session ID. |
Received an ICRP packet, TunnelID=tunnelid, SessionID=sessionid |
The LAC received an ICRP packet. The parameters are as follows: · TunnelID—L2TP tunnel ID. · SessionID—L2TP session ID. |
Sent an ICCN packet to LNS, TunnelID=tunnelid, SessionID=sessionid |
The LAC sent an ICCN packet to the LNS. The parameters are as follows: · TunnelID—L2TP tunnel ID. · SessionID—L2TP session ID. |
Received an ICCN packet and processed successfully, TunnelID=tunnelid, SessionID=sessionid |
The LNS received an ICCN packet and successfully processed the packet. The parameters are as follows: · TunnelID—L2TP tunnel ID. · SessionID—L2TP session ID. |
Received an invalid ICCN packet and failed to process it, TunnelID=tunnelid, SessionID=sessionid |
The LNS received an ICCN packet and failed to process the packet. The parameters are as follows: · TunnelID—L2TP tunnel ID. · SessionID—L2TP session ID. |
Received an ICCN packet but failed to allocate resources, TunnelID=tunnelid, SessionID=sessionid |
The LNS received an ICCN packet, and failed to process the packet due to insufficient resources. The parameters are as follows: · TunnelID—L2TP tunnel ID. · SessionID—L2TP session ID. |
Received an ICCN packet but failed to process it, TunnelID=tunnelid, SessionID=sessionid |
The LNS received an ICCN packet but failed to process the packet. The parameters are as follows: · TunnelID—L2TP tunnel ID. · SessionID—L2TP session ID. |
An L2TP session on LAC was going offline, TunnelID=tunnelid, SessionID=sessionid |
An L2TP session on the LAC was going offline. The parameters are as follows: · TunnelID—L2TP tunnel ID. · SessionID—L2TP session ID. |
An L2TP session on LNS was going offline, TunnelID=tunnelid, SessionID=sessionid |
An L2TP session on the LNS was going offline. The parameters are as follows: · TunnelID—L2TP tunnel ID. · SessionID—L2TP session ID. |
Sent a CDN packet to the peer, TunnelID=tunnelid, SessionID=sessionid |
The local end sent a CDN packet to the peer. The parameters are as follows: · TunnelID—L2TP tunnel ID. · SessionID—L2TP session ID. |
Received a CDN packet, TunnelID=tunnelid, SessionID=sessionid |
The local end received a CDN packet to the peer. |
Deleted an L2TP session, TunnelID=tunnelid, SessionID=sessionid |
A local L2TP session was deleted. The parameters are as follows: · TunnelID—L2TP tunnel ID. · SessionID—L2TP session ID. |
3. PPP
Table 6 Detailed information of traced objects (PPP)
Field |
Description |
Received interface up event |
PPP received interface up event. |
LCP FSM open event |
The PPP LCP state machine was opened. |
Determined negotiation parameters during LCP initialization |
PPP determined negotiation parameters during LCP initialization. |
LCP FSM up event |
The PPP LCP state machine came up. |
Sent an LCP Configuration Request packet |
PPP sent an LCP Configure-Request packet. |
Received an LCP negotiation packet or Echo keepalive packet |
PPP received an LCP negotiation packet or Echo keepalive packet. |
Received an LCP Configuration Request packet |
PPP received an LCP Configure-Request packet. |
Sent an LCP Configuration Ack packet |
PPP sent an LCP Configure-Ack packet. |
Received an LCP Configuration Ack packet |
PPP received an LCP Configure-Ack packet. |
LCP up event |
PPP LCP negotiation succeeded. |
LCP FSM down event |
The PPP LCP state machine went down. |
LCP down event |
PPP received an LCP down event. |
LCP FSM close event |
The PPP LCP state machine was closed. |
Started authentication after LCP negotiation succeeded |
PPP LCP negotiation succeeded and entered the authentication phase. |
Sent a CHAP Challenge packet |
PPP sent a Challenge packet in the PPP CHAP authentication phase. |
Received a CHAP authentication packet in authentication phase |
PPP received a CHAP authentication packet in the authentication phase. |
Received a CHAP Request packet |
PPP received a CHAP request packet. |
Sent an authentication request to UCM |
PPP sent an authentication request to UCM for authentication. |
Received a CHAP authentication success message from AAA |
PPP received a CHAP authentication success message from AAA. |
Sent a CHAP Ack packet |
PPP sent a CHAP ACK packet to the client. |
CHAP authentication succeeded |
PPP CHAP authentication succeeded. |
Received a CHAP authentication failure message from AAA |
PPP received a CHAP authentication failure message from AAA. |
Sent a CHAP Nak packet |
PPP sent a CHAP NAK packet to the client. |
Received a PAP authentication packet in authentication phase |
PPP received a PAP authentication packet in the authentication phase. |
Received a PAP Request packet |
PPP received a PAP request packet. |
Received a PAP authentication success message from AAA |
PPP received a PAP authentication success message from AAA. |
Sent a PAP Ack packet |
PPP sent a PAP ACK packet to the client. |
PAP authentication succeeded |
PPP PAP authentication succeeded |
PAP authentication failed |
PPP PAP authentication failed |
Received a PAP authentication failure message from AAA |
PPP received a PAP authentication failure message from AAA. |
Sent a PAP Nak packet |
PPP sent a PAP NAK packet to the client. |
Received an LCP Termination Request packet |
PPP received an LCP termination request packet. |
Sent an LCP Termination Ack packet |
PPP sent an LCP termination ACK packet. |
Started NCP negotiation |
PPP entered the NCP negotiation phase. |
IPCP FSM open event |
The PPP IPCP state machine is opened. |
Determined negotiation parameters during IPCP initialization |
The IPCP negotiation parameters are initialized. |
IPCP FSM up event |
The PPP IPCP state machine is up. |
Sent an IPCP Configuration Request packet |
PPP sent an IPCP configuration request packet. |
Received an IPCP negotiation packet in IPCP negotiation phase |
PPP received an IPCP negotiation packet in IPCP negotiation phase. |
Received an IPCP Configuration Request packet |
PPP received an IPCP configuration request packet. |
Received an IPCP Configuration Ack packet |
PPP received an IPCP configuration ACK packet. |
Sent an IPCP Configuration Nak packet |
PPP sent an IPCP configuration NAK packet. |
Sent an IPCP Configuration Ack packet |
PPP sent an IPCP configuration ACK packet. |
IPCP negotiation succeeded |
PPP IPCP negotiation succeeded. |
Sent an LCP Echo Request packet |
PPP sent an LCP echo request packet. |
Received an LCP Echo Reply packet |
PPP received an LCP echo reply packet. |
Received interface down event |
PPP received interface down event. |
IPCP FSM down event |
The PPP IPCP state machine went down. |
IPCP down event |
PPP received an IPCP down event. |
IPCP FSM close event |
The PPP IPCP state machine was closed. |
Notify NCP down |
LCP notified the upper layer protocol of the NCP down event. |
PPP L2TP prenego started |
PPP L2TP prenegotiation started. |
PPP L2TP prenego finished |
PPP L2TP prenegotiation ended. |
Mandatory-lcp, LCP renego started |
LCP renegotiation was mandatory, and LCP renegotiation started. |
Mandatory-chap, CHAP renego started |
CHAP authentication was mandatory, and CHAP authentication started. |
L2TP mandatory-chap needed the authentication mode of CHAP on VT |
Mandatory CHAP authentication was configured, but CHAP authentication was not configured on the VT interface. |
LCP prenego for L2TP failed |
LCP prenegotiation failed. |
PPP L2TP prenego CHAP started |
CHAP authentication prenegotiation started. |
PPP L2TP prenego CHAP finished |
CHAP authentication prenegotiation ended. |
PPP L2TP prenego PAP started |
PAP authentication prenegotiation started. |
PPP L2TP prenego PAP finished |
PAP authentication prenegotiation ended. |
PPP L2TP prenego MSCHAP started |
MSCHAP authentication prenegotiation started. |
PPP L2TP prenego MSCHAP finished |
MSCHAP authentication prenegotiation ended. |
PPP L2TP prenego authentication failed |
PPP L2TP authentication prenegotiation failed. |
Received an LCP Configuration Nak packet |
PPP received an LCP configuration NAK packet. |
Sent an LCP Configuration Nak packet |
PPP sent an LCP configuration NAK packet. |
Received an LCP Configuration Reject packet |
PPP received an LCP configuration reject packet. |
Sent an LCP Configuration Reject packet |
PPP sent an LCP configuration reject packet. |
Received an LCP Termination Ack packet |
PPP received an LCP termination ACK packet. |
Sent an LCP Termination Request packet |
PPP sent an LCP termination request packet. |
Received an LCP Code Reject packet |
PPP received an LCP code reject packet. |
Sent an LCP Code Reject packet |
PPP sent an LCP code reject packet. |
Received an LCP Protocol Reject packet |
PPP received an LCP protocol reject packet. |
Sent an LCP Protocol Reject packet |
PPP sent an LCP protocol reject packet. |
Received an LCP Echo Request packet |
PPP received an LCP echo request packet. |
Sent an LCP Echo Reply packet |
PPP sent an LCP echo reply packet. |
Received an LCP Identification packet |
PPP received an LCP identification packet. |
Sent an LCP Identific packet |
PPP sent an LCP identification packet. |
Received an IPCP Configuration Nak packet |
PPP received an IPCP configuration NAK packet. |
Sent an IPCP Configuration Reject packet |
PPP sent a IPCP configuration reject packet. |
Received an IPCP Configuration Reject packet |
PPP received a IPCP configuration reject packet. |
Sent an IPCP Termination Request packet |
PPP sent a IPCP termination request packet. |
Received an IPCP Termination Request packet |
PPP received a IPCP termination request packet. |
Sent an IPCP Termination Ack packet |
PPP sent a IPCP termination ACK packet. |
Received an IPCP Termination Ack packet |
PPP received a IPCP termination ACK packet. |
Sent an IPCP Code Reject packet |
PPP sent a IPCP code reject packet. |
Received an IPCP Code Reject packet |
PPP received a IPCP code reject packet. |
Sent a CHAP Request packet |
PPP sent a CHAP request packet. |
Received a CHAP Challenge packet |
PPP received a CHAP challenge packet. |
Received a CHAP Ack packet |
PPP received a CHAP ACK packet. |
Received a CHAP Nak packet |
PPP received a CHAP NAK packet. |
Sent a MS-CHAP-V2 CHGPWD packet |
PPP sent an MS-CHAP-V2 change password packet. |
Received a PAP Ack packet |
PPP received a PAP ACK packet. |
Received a PAP Nak packet |
PPP received a PAP NAK packet. |
Sent a PAP Request packet |
PPP sent a PAP request packet. |
Authentication failed |
Authentication failed. |
Authentication succeeded |
Authentication succeeded. |
CHAP authentication failed |
CHAP authentication failed. |
Received an authentication failure message from UCM |
PPP received an authentication failure message from UCM. |
Received an authentication success message from UCM |
Received an authentication success message from UCM. |
Sent a conn request to UCM |
PPP sent a connection request to UCM. |
Sent a conn-down request to UCM |
PPP sent a connection-down request to UCM. |
Sent a conn-up request to UCM |
PPP sent a connection-up request to UCM. |
Sent an MP bundle request to UCM |
PPP sent an MP bundle request to UCM. |
Sent an offline request to UCM |
PPP sent an offline request to UCM. |
4. IPoE
Table 7 Detailed information of traced objects (IPoE)
Field |
Description |
Received an IP packet, VPN=vpn |
IPoE received a n user IP packet. The VPN indicates the VPN instance to which the user belongs. If the user is in a public network, the VPN field is not displayed. |
Sent a packet to UCM for authentication, VPN=vpn |
IPoE sent a packet to UCM for authentication. The VPN indicates the VPN instance to which the user belongs. If the user is in a public network, the VPN field is not displayed. |
Received a Reject message from UCM, VPN=vpn |
IPoE received a reject message from UCM. The VPN indicates the VPN instance to which the user belongs. If the user is in a public network, the VPN field is not displayed. |
5. Portal
Table 8 Detailed information of traced objects (Portal)
Field |
Description |
Received packet from portal server newpt |
UCM received a packet from the portal server newpt. |
Sent packet to portal server newpt |
UCM sent a packet to the portal server newpt. |
Ver |
Portal protocol packet version number: · 1.0. · 2.0. · 3.0. |
Type |
Portal protocol packet type: · REQ_CHALLENGE · ACK_CHALLENGE · REQ_AUTH · ACK_AUTH · REQ_LOGOUT · ACK_LOGOUT · AFF_ACK_AUTH · NTF_LOGOUT · REQ_INFO · ACK_INFO · NTF_USER_DISCOVER · NTF_USER_IP_CHANGE · AFF_NTF_USER_IP_CHANGE · ACK_NTF_LOGOUT · NTF_HEART · NTF_USER_HEART · ACK_NTF_USER_HEART · NTF_CHALLENGE · NTF_USER_NOTIFY · AFF_NTF_USER_NOTIFY · REQ_MACBIND_INFO · ACK_MACBIND_INFO · NTF_USER_LOGON · NTF_USER_LOGOUT · REQ_USER_OFFLINE · UNKNOWN |
Method |
Portal authentication method: · EAP. · CHAP. · PAP. |
SerialNo |
Portal packet sequence number. |
ReqID |
Portal packet request ID. |
UserIP |
Portal user IP address. |
ErrCode |
Error code. |
AttrNum |
Number of attributes carried in the portal packet. |
6. UCM
Table 9 Detailed information of traced objects (UCM)
Field |
Description |
Failed to send msgtype. |
UCM failed to send message of the msgtype type to PAM. Possible msgtype values include: · UCM_UIA_PAM_MSG_COA—Change of Authorization (COA) messages, which are used to change the user's authorization information. · UCM_UIA_PAM_MSG_DM—Disconnect messages (DM), which are used to log out users. |
UserID: userid, VASID: vasid, Received AAA reply (MsgType: msgtype) |
UCM received a reply from AAA. The parameters are as follows: · UserID—User ID. · VASID—Value-added service ID (ITA service accounting level or EDSG service ID) · MsgType—Message type. Possible values include: ¡ AUTH_REQ_ACK. ¡ AUTH_REQ_REJ. ¡ AUTH_REQ_CONTINUE. ¡ AUTHOR_REQ_ACK. ¡ AUTHOR_REQ_REJ. ¡ ACCT_START_ACK. ¡ ACCT_START_REJ. ¡ ACCT_START_BROADCAST_ACK. ¡ ACCT_UPDATE_ACK. ¡ ACCT_UPDATE_REJ. ¡ ACCT_UPDATE_BROADCAST_ACK. ¡ ACCT_STOP_ACK. ¡ ACCT_STOP_REJ. ¡ ACCT_STOP_BROADCAST_ACK. ¡ DM_REQ. ¡ COA_REQ. ¡ DOMAIN_CUT. ¡ GET_DATA. |
UserID: userid, Sent account start request to AAA |
UCM sent an accounting start request to AAA. |
UserID: userid, Sent account update request to AAA |
UCM sent an accounting update request to AAA. |
UserID: userid, ConnectID: connectid, Received msgname from accessname. |
UCM received a message named msgname from access method accessname. The parameters are as follows: · UserID—User ID. · ConnectID—UCM connection type ID. Possible values include: ¡ 0—Auto-dialed L2TP connection on a LAC or L2TP connection on an LNS. ¡ 1—DHCP, IPoE, or ARP connection. ¡ 2—DHCPv6, IPoEv6, or ND connection. ¡ 3—PPP, IP6CP, or ND connection. · accessname—Access method name. Possible values include: ¡ PPP—PPP access. ¡ IPOE4—IPv4 IPoE access. ¡ DHCP4—DHCPv4 access. ¡ IPOE6—IPv6 IPoE access. ¡ DHCP6—DHCPv6 access. ¡ ARP—ARP access. ¡ NDRS—NDRS access. ¡ NDNS—NDNS access. ¡ IPOEWEB—IPoE Web access. ¡ L2IFLEASE—Layer 2 IPoE interface-leased access. ¡ L3IFLEASE—Layer 3 IPoE interface-leased access. ¡ L3SUBLEASE—Layer 3 IPoE subnet-leased access. ¡ L2VPNLEASE—IPoE L2VPN-leased access. ¡ PAM—PAM access. · msgname—Message name. Possible values include: ¡ UCM_UIA_PPP_MSG_AUTH_REQ—PPP authentication request. ¡ UCM_UIA_PPP_MSG_CONN_REQ—PPP connection request. ¡ UCM_UIA_PPP_MSG_CONN-UP_REQ—PPP connection-up request. ¡ UCM_UIA_PPP_MSG_CONN-DOWN_REQ—PPP connection-down request. ¡ UCM_UIA_PPP_MSG_OFFLINE_REQ—PPP offline request. ¡ UCM_UIA_PPP_MSG_OFFLINE_INF—PPP offline information. ¡ UCM_UIA_IPOEIP4_MSG_CONN_REQ—IPv4 IPoE connection request. ¡ UCM_UIA_IPOEIP6_MSG_CONN_REQ—IPv6 IPoE connection request. ¡ UCM_UIA_IPOEIP6_MGG_CONN_MODIFYUSR_NTF—IPv6 IPoE username modification notification. ¡ UCM_UIA_DHCP_MSG_CONN_REQ—DHCPv4 connection request. ¡ UCM_UIA_DHCP_MSG_CONN-UP_REQ—DHCPv4 connection-up request. ¡ UCM_UIA_DHCP_MSG_RENEW_REQ—DHCPv4 renewal request. ¡ UCM_UIA_DHCP_MSG_CONN-DOWN_REQ—DHCPv4 connection-down request. ¡ UCM_UIA_DHCP_MSG_DISCONN_INF—DHCPv4 disconnection information ¡ UCM_UIA_DHCP6_MSG_CONN_REQ—DHCPv6 connection request ¡ UCM_UIA_DHCP6_MSG_CONN-UP_REQ—DHCPv6 connection-up request ¡ UCM_UIA_DHCP6_MSG_RENEW_REQ—DHCPv6 connection renewal request. ¡ UCM_UIA_DHCP6_MSG_CONN-DOWN_REQ—DHCPv6 connection-down request. ¡ UCM_UIA_DHCP6_MSG_DISCONN_INF—DHCPv6 disconnection information ¡ UCM_UIA_ARP_MSG_CONN_REQ—ARP connection request ¡ UCM_UIA_ARP_MSG_CONN-UP_REQ—ARP connection-up request ¡ UCM_UIA_ARP_MSG_DTC_TIMEOUT—ARP detection timeout. ¡ UCM_UIA_NDRS_MSG_CONN_REQ—NDRS connection request ¡ UCM_UIA_NDRS_MSG_CONN-UP_REQ—NDRS connection-up request ¡ UCM_UIA_NDRS_MSG_MODIFYUSRIP_REQ—NDRS user IP modification request. ¡ UCM_UIA_NDNSNA_MSG_CONN_REQ—NDNS connection request ¡ UCM_UIA_NDNSNA_MSG_CONN-UP_REQ—NDNS connection-up request ¡ UCM_UIA_ND_MSG_DTC_TIMEOUT—NDNS detection timeout ¡ UCM_UIA_PORTAL_MSG_AUTH_REQ—IPoE Web authentication request. ¡ UCM_UIA_PORTAL_MSG_AUTH_REQ_CONTINUE—IPoE Web continuous authentication request ¡ UCM_UIA_PORTAL_MSG_DISCONN_REQ—IPoE Web authentication disconnection request ¡ UCM_UIA_PORTAL_MSG_DISCONN_INF—IPoE Web authentication disconnection information ¡ UCM_UIA_PORTAL_MSG_SERVERINFO—IPoE Web authentication server information. ¡ UCM_UIA_PORTAL_MSG_ROAM—IPoE Web user roaming. ¡ UCM_UIA_PORTAL_MSG_MT_ONLINE—IPoE Web user online information. ¡ UCM_UIA_PORTAL_MSG_MT_OFFLINE—IPoE Web user offline information. ¡ UCM_UIA_LEASE_MSG_CONN_REQ—IPoE leased connection request ¡ UCM_UIA_LEASE_MSG_CONN-UP_REQ—IPoE leased connection-up request ¡ UCM_UIA_LEASE_MSG_CONDOWN_REQ—IPoE leased connection-down request ¡ UCM_UIA_PAM_MSG_AUTH_REQ—PAM authentication request ¡ UCM_UIA_PAM_MSG_ACCT_START_REQ—PAM accounting start request. ¡ UCM_UIA_PAM_MSG_ACCT_UPDATE_REQ—PAM accounting update request. ¡ UCM_UIA_PAM_MSG_ACCT_STOP_REQ—PAM accounting stop request. ¡ UCM_UIA_PAM_MSG_USER_DELETE—PAM user deletion. ¡ UCM_UIA_PAM_MSG_USER_RECOVER—PAM user recovery. ¡ UCM_UIA_PAM_MSG_GETDATA_ACK—PAM data getting ACK. ¡ UCM_UIA_PAM_MSG_SMOOTH_USERDELETE—PAM user detection sync. |
[Adapt State]UserID: userid, ConnectID: connectid, Received event event, current state is state. |
Adapter state machine received an event of the even type, and the current state is state. The parameters are as follows: · UserID—User ID. · ConnectID—UCM connection type ID. Possible values include: ¡ 0—Auto-dialed L2TP connection on a LAC or L2TP connection on an LNS. ¡ 1—DHCP, IPoE, or ARP connection. ¡ 2—DHCPv6, IPoEv6, or ND connection. ¡ 3—PPP, IP6CP, or ND connection. · event—Adapter state machine event. Possible values include: ¡ ADD—Add. ¡ MODIFY—Modify information. ¡ DEL—Delete. ¡ TRAFFIC_DELCOMPLETE—Traffic deletion completed. ¡ PROXY_DELCOMPLETE—Issuing to the interface module for deletion completed. ¡ FWD-DELCOMPLETE—Issuing to the kernel for deletion completed. ¡ FWD-SUCC—Successfully issued to the kernel. ¡ FWD-FAIL—Failed to be issued to the kernel. ¡ PROXY-SUCC—Successfully issued to the interface module. ¡ PROXY-FAIL—Failed to be issued to the interface module. · state—Current state. Possible values include: ¡ INIT—Initial. ¡ FWD—Issued to the kernel. ¡ FWD-MODIFY—Issued to the kernel for modifying information. ¡ PROXY—Issued to the interface module and backup MPU. ¡ PROXY-MODIFY—Issued to the interface module for modifying information. ¡ ADDED—Successfully added. ¡ DELETING—Deleting. |
[Adapt State]UserID: userid, ConnectID: connectid, Received event event, State changed from oldstate to newstate |
Adapter state machine received an event of the event type, and the state changed from oldstate to newstate. The parameters are as follows: · UserID—User ID. · ConnectID—UCM connection type ID. For values, see the ConnectionID in the preceding message. · event—Adapter state machine event. For values, see the event field in the preceding message. · oldstate—State before the switching. For values, see the state field in the preceding message. · newstate—State after the switching. For values, see the state field in the preceding message. |
[Conn state]UserID: userid, ConnectID: connectid, Received event event, Current state is state. |
The connection state machine received an event of the event type, and the current state is state. The parameters are as follows: · UserID—User ID. · ConnectID—UCM connection type ID. Possible values include: ¡ 0—Auto-dialed L2TP connection on a LAC or L2TP connection on an LNS. ¡ 1—DHCP, IPoE, or ARP connection. ¡ 2—DHCPv6, IPoEv6, or ND connection. ¡ 3—PPP, IP6CP, or ND connection. · event—Connection state machine event. Possible values include: ¡ USER-AUTH-PASSED—The user passed authentication. ¡ CONNREQ-PASSED—The connection request passed. ¡ ADDR-REQ-ACK—The address request passed. ¡ CONN-UP-WITH-NAT—Connection-up with the NAT event. ¡ CONN-UP-WITHOUT-NAT—Connection-up without the NAT event. ¡ NAT-REQ-ACK—The NAT request passed. ¡ USER-ADD-ACK—The user adding request passed. ¡ USER-DEL-ACK—The user deletion request passed. ¡ CLOSE—The connection is closed. ¡ DOWN —The connection is down. ¡ EXTRA-CONNREQ—Extra connection request ¡ EXTRA-CONN-UP—Extra connection-up request ¡ RENEW—Connection renewal information (for example, leases). · state—Current state. Possible values include: ¡ INIT—Initialization. ¡ ADDR-REQ-SENT—Address request sent. ¡ AUTHED—Authenticated. ¡ NAT-REQ-SENT—NAT request sent. ¡ USER-ADDING—Adding users. ¡ OPEN—Connection established. ¡ DELETING—Deleting. ¡ DELETED—Deleted. |
[Conn State]UserID: userid, Received event event, State changed from oldstate to newstate. |
Connection state machine received an event of the event type, and the state changed from oldstate to newstate. The parameters are as follows: · UserID—User ID. · event—Connection state machine event. For values, see the event field in the preceding message. · oldstate—State before the switching. For values, see the state field in the preceding message. · newstate—State after the switching. For values, see the state field in the preceding message. |
[LOGOUT State]UserID: userid, Received event event, Current state is state. |
Logout state machine received an event of the event type, and the current state is state. The parameters are as follows: · UserID—User ID. · event—Logout state machine event. Possible values include: ¡ AUTHREQ—Authentication requested. ¡ AUTHSUCC—Authentication succeeded. ¡ USER_MODIFYACK—User modification succeeded. · state—Current state. Possible values include: ¡ INIT—Initialization. ¡ AUTHING—Authenticating. ¡ USER_UPDATE—User updated. |
[LOGOUT State]UserID: userid, Received event event, State changed from oldstate to newstate. |
Logout state machine received an event of the event type, and the state changed from oldstate to newstate. The parameters are as follows: · UserID—User ID. · event—Logout state machine event. For values, see the event field in the preceding message. · oldstate—State before the switching. For values, see the state field in the preceding message. · newstate—State after the switching. For values, see the state field in the preceding message. |
[Reauth State]UserID: userid, Received event event, Current state is state. |
Reauthentication state machine received an event of the event type, and the current state is state. The parameters are as follows: · UserID—User ID. · event—Reauthentication state machine event. Possible values include: ¡ AUTHREQ—Authentication requested. ¡ AUTHSUCC—Authentication succeeded. ¡ AUTHCONTINUE—The user authentication continues. ¡ AUTH-FAIL—Authentication failed. ¡ USER_MODIFYACK—User service parameters modified. ¡ USER_MODIFYREJ—User service parameter modification rejected. ¡ WEB_AUTHACK_RESP—Web authentication ACK replied. ¡ MACAUTH_ACK—MAC authentication succeeded. ¡ DOWN—UCM received a disconnection request. · state—Current state. Possible values include: ¡ INIT—Initialization. ¡ AUTHING—Authenticating. ¡ USER_UPDATE—User data updated. ¡ WAIT_WEBRESP_ACK—Waiting for ACK from Web ¡ WAIT_MACAUTH_ACK—Waiting for ACK from MAC authentication |
[Reauth State]UserID: userid, Received event event, State changed from oldstate to newstate. |
Reauthentication state machine received an event of the event type, and the state changed from oldstate to newstate. The parameters are as follows: · UserID—User ID. · event—Reauthentication state machine event. For values, see the event field in the preceding message. · oldstate—State before the switching. For values, see the state field in the preceding message. · newstate—State after the switching. For values, see the state field in the preceding message. |
[Shell Phase]UserID: userid, ConnectID: connectid, Received event event, Current phase is phase. |
Shell state machine received an event of the event type, and the current state is phase. The parameters are as follows: · UserID—User ID. · ConnectID—UCM connection type ID. Possible values include: ¡ 0—Auto-dialed L2TP connection on a LAC or L2TP connection on an LNS. ¡ 1—DHCP, IPoE, or ARP connection. ¡ 2—DHCPv6, IPoEv6, or ND connection. ¡ 3—PPP, IP6CP, or ND connection. · event—Shell state machine event. Possible values include: ¡ AUTH-REQ—Authentication request. ¡ CONN-REQ—UCM received a connection request. ¡ CONN-UP—Connection-up request. ¡ CONN-DOWN—Connection-down request. ¡ RENEW-REQ—Connection renewal request (for example, lease) ¡ MODIFY-USERIP—User IP modification. ¡ DISCONN-REQ—Disconnection request. ¡ MPBIND-REQ—MP bundling request. ¡ ACCT-START-REQ—Accounting start request. ¡ ACCT-UPDATE-REQ—Accounting update request. ¡ ACCT-STOP-REQ—Accounting stop request. ¡ RECOVER-REQ—Recovery request. ¡ GETDATA-ACK—Processing GetData ACK. ¡ WEB-AUTHREQ—Web authentication request ¡ WEB-AUTHACK-RESPONSE—Web authentication ACK response. ¡ DOWN-REQ—Down request. ¡ STOP-MT—Stop MAC transparent authentication. ¡ MAC-AUTH—MAC authentication. ¡ TERMINATE—User termination. ¡ GROUPID-CHG—Group ID change. ¡ AUTH-SUCC—Authentication success. ¡ AUTH-FAIL—Authentication failure. ¡ AUTH-CONTINUE—User authentication continued. ¡ ACC-START-SUCC—Accounting start succeeded. ¡ ACC-START-FAIL—Accounting start failed. ¡ ACC-UPDATE-SUCC—Accounting update succeeded. ¡ ACC-STOP-FAIL—Accounting stop failed. ¡ ACCESS-MSG-PASS—Access message passed. ¡ MPBIND-SUCCESS—MP bundling succeeded. ¡ MPBIND-FAILURE—MP binding failed. ¡ PAM-AUTH-SUCC—PAM authentication succeeded. ¡ PAM-AUTH-FAIL—PAM authentication failed. ¡ PAM-AUTH-CONTINUE—PAM authentication continued. ¡ PAM-ACCT-START-SUCC—PAM accounting start succeeded. ¡ PAM-ACCT-START-FAIL—PAM accounting start failed. ¡ PAM-ACCT-UPDATE-SUCC—PAM accounting update succeeded. ¡ PAM-ACCT-UPDATE-FAIL—PAM accounting update failed. ¡ PAM-ACCT-STOP-SUCC—PAM accounting stop succeeded. ¡ PAM-ACCT-STOP-FAIL—PAM accounting stop failed. ¡ COA—Authentication information changed. ¡ MODIFY-ACK—Modification succeeded. ¡ NEGSLOTCHG—User negotiation slot changed. ¡ TERMINATE—User termination. ¡ ADDRREQ-ACK—Address request succeeded. ¡ ADDRREQ-REJ—Address request failed. ¡ NATREQ-ACK—NAT event request succeeded. ¡ NATREQ-REJ—NAT event request failed. ¡ FWD-SYNC-SUCC—Forwarding entry adding succeeded. ¡ FWD-SYNC-FAIL—Forwarding entry adding failed. ¡ PROXY-SYNC-SUCC—Notifying the interface module to add forwarding entries succeeded. ¡ PROXY-SYNC-FAIL—Notifying the interface module to add forwarding entries failed. ¡ FWD-SYNC-DELCOMPLETE—Deleting users in the kernel completed. ¡ PROXY-SYNC-DELCOMPLETE—Deleting users on the interface module completed. ¡ AUTH-PASS—Authentication passed. ¡ ADAPT-ADD-ACK—Adding users succeeded. ¡ ADAPT-ADD-REJ—Adding users rejected. ¡ ADAPT-MODIFY-ACK—User modification succeeded. ¡ ADAPT-MODIFY-REJ—User modification rejected. ¡ UP—A user came online. ¡ ADAPT-DEL-ACK—A user was successfully deleted. ¡ DEL-COMPLETE—Deletion completed. ¡ REAUTH-AUTH-PASS—Reauthentication passed. ¡ REAUTH-AUTH-CONTINUE—Reauthentication continued. ¡ REAUTH-AUTH-FAIL—Reauthentication failed. ¡ REAUTH-MACAUTH-SUCC—Reauthentication succeeded. ¡ REAUTH-COMPLETE—Reauthentication completed. ¡ REAUTH-DOWN—Reauthentication stopped. ¡ WEB-CLOSE—Web disconnection request. ¡ LOGOUT-AUTH-PASS—An IPoE Web user returned to the preauthentication phase from the Web authentication phase, and the authentication succeeded. ¡ LOGOUT-COMPLETE—An IPoE Web user successfully came online in the Web authentication phase. ¡ USER-MODIFY-ACK—User modification succeeded. ¡ OPEN—Connection completed. · phase—Current phase. Possible values include: ¡ INITIAL—Initialization phase. ¡ AUTHENTICATION—Authentication phase. AAA sent an authentication request but received no reply. ¡ AUTHED—Authenticated phase. An authentication success reply was received from AAA. ¡ NETWORK—Network negotiation phase. An IP address has been requested and starts to be issued to the kernel, interface module, and backup MPU. ¡ ONLINE—The user successfully came online. ¡ TERMINATE—The user went offline. ¡ REAUTH—Reauthentication phase. An IPoE web user performed authentication in the Web authentication phase. ¡ LOGOUT—Logout phase. An (IPoE web user returned back to the preauthentication phase from the web authentication phase. |
[Shell Phase]UserID: userid, ConnectID: connectid, Received event event, Phase changed from oldphase to newphase. |
The shell state machine received an event of the event type, and the state changed from oldphase to newphase. The parameters are as follows: · UserID—User ID. · ConnectID—UCM connection type ID. For values, see the ConnectionID in the preceding message. · event—Shell state machine event. For values, see the event field in the preceding message. · oldphase—State before the switching. For values, see the state field in the preceding message. · newphase—State after the switching. For values, see the state field in the preceding message. |
[User State]UserID: userid, Received event event, Current state is state. |
The user state machine received an event of the event type and the current state is state. The parameters are as follows: · UserID—User ID. · event—User state machine event. Possible values include: ¡ AUTHREQ—UCM received an access authentication request ¡ AUTHSUCC—UCM received a AAA authentication success event. ¡ AUTHSUCC-ADMIN—Management user authentication succeeded. ¡ AUTH-FAIL—UCM received an AAA authentication failure event. ¡ AUTH-CONTINUE—UCM received an AAA user authentication continual event. ¡ CONNREQ—UCM received an access connection request ¡ CONN-UP—UCM received a connection-up event. ¡ USERADD-ACK—User adding succeeded. ¡ USERDEL-ACK—User adding succeeded. ¡ CLOSE—Internal errors of UCM caused user to go offline. ¡ DOWN—Connection-down event initiated by access. ¡ MPBINDREQ—MP bundling request. ¡ MPBINDSUCCESS—MP bundling succeeded. ¡ MPBINDFAILURE—MP bundling failed. ¡ PAM_AUTHREQ—PAM authentication request ¡ PAM_ACCTSTARTREQ—PAM accounting start request. ¡ PAM_ACCTUPDATEREQ—PAM accounting update request. ¡ PAM_ACCTSTOPREQ—PAM accounting stop request. ¡ PAM_AUTHSUCCESS—PAM authentication succeeded. ¡ PAM_AUTHFAILURE—PAM authentication failed. ¡ PAM_AUTHCONTINUE—PAM user authentication failed. ¡ PAM_USERDELETE—PAM user deleted. ¡ REAUTH—IPoE Web preauthentication reauthenticated. ¡ REAUTH_SUCC—Reauthentication succeeded. ¡ REAUTH_FAIL—Reauthentication failed. ¡ LOGOUT—An IPoE Web user exited the postauthentication domain. ¡ LOGOUT_SUCC—An IPoE Web user successfully exited the postauthentication domain. ¡ MODIFY—User modified. ¡ MODIFY-ACK—User modified successfully. · state—Current state. Possible values include: ¡ INIT—Initialization. ¡ AUTHING—Authenticating. ¡ ALLOC—Intermediate state between authentication failure and user logout. Only PPP has this state. ¡ AUTHED—Authenticated. ¡ USER-ADDING—Intermediate state between issuing to the kernel and notifying the backup interface module. ¡ UP—Coming online successfully. ¡ DELETING—Deleting. ¡ DELETED—Deleted. ¡ BINDING—Binding phase (supported only by PPP MP) ¡ REAUTH—Reauthentication phase. An IPoE Web user performed authentication in the Web authentication phase. ¡ LOGOUT—An IPoE Web user returned to the preauthentication phase from the Web authentication phase. ¡ MODIFY—User authentication modification (COA). |
[User State]UserID: userid, Received event event, State changed from oldstate to newstate |
The user state machine received an event of the event type, and the state changed from oldstate to newstate. The parameters are as follows: · UserID—User ID. · event—User state machine event. For values, see the event field in the preceding message. · oldphase—State before the switching. For values, see the state field in the preceding message. · newphase—State after the switching. For values, see the state field in the preceding message. |
UserID userid group ID changed. |
The user group ID of the user changed. |
UserID: userid, Received assigned IP address ipaddr from AM. |
The user received an assigned IP address ipaddr from AM. |
UserID userid will be terminated, the cause is cause. |
The user connection will be terminated for the cause cause. |
UserID: userid, Sent authentication request to AAA, the access user type is type. |
UCM sent an authentication request to AAA. The parameters are as follows: · UserID—User ID. · type—User access type. Possible values include: ¡ PPPoE—PPP over Ethernet user. ¡ PPPoA—PPP over ATM user. ¡ PPPoFR—PPP over FR user. ¡ PPPoPhy—PPP user directly carried over a physical link. ¡ VPPP—L2TP user auto-dialed on a LAC. ¡ LNS—L2TP user on an LNS. ¡ MAC auth—MAC authentication user. ¡ Dot1x—802.1X user. ¡ Web auth—Web authentication user. ¡ Telnet—Telnet user. ¡ FTP—FTP user. ¡ Terminal—User logging in through the Console port, AUX port, or Asyn port. ¡ SSH—SSH user. ¡ Portal—Portal user. ¡ PAD—PAD user. ¡ Command—Command authorization and accounting user. ¡ Super—User that can switch the user role. ¡ IPoE L2VPN leased—IPoE L2VPN-leased user. ¡ NETCONF SOAP HTTP—HTTP web user. ¡ NETCONF RESTful HTTP—NETCONF over SOAP over HTTP user. ¡ HTTP Web—HTTP web user. ¡ NETCONF SOAP HTTPS—NETCONF over SOAP over HTTPS user. ¡ NETCONF RESTful HTTPS—NETCONF over RESTful over HTTPS user. ¡ HTTPS Web—HTTPS web user. ¡ L2 IPoE dynamic—Layer 2 IPoE dynamic user. ¡ L2 IPoE static—Layer 2 IPoE static user. ¡ L2 IPoE interface leased—Layer 2 IPoE interface-leased user. ¡ L2 IPoE leased subuser—Layer 2 leased subuser. ¡ L3 IPoE dynamic—Layer 3 IPoE dynamic user. ¡ L3 IPoE static—Layer 3 IPoE static user. ¡ L3 IPoE interface leased—Layer 3 IPoE interface-leased user. ¡ L3 IPoE subnet leased—Layer 3 subnet-leased user. ¡ IKE—IKE user. ¡ SSLVPN—SSL VPN user. ¡ DVPN—DVPN user. |
UserID: userid, session key: key, New SocketPAM (usertype) user is created. |
A socket PAM user was created. The parameters are as follows: · UserID—User ID. · session key—PAM access user index. · usertype—User type. Possible values include: ¡ Telnet—Telnet user. ¡ FTP—FTP user. ¡ Terminal—User logging in through the Console port, AUX port, or Asyn port. ¡ SSH—SSH user. ¡ PAD—PAD user. ¡ Command—Command authorizing and accounting user. ¡ Super—User that can switch the user role. |
UserID: userid, session key: key, New SessionPAM (usertype) user is created. |
A session PAM user was created. The parameters are as follows: · UserID—User ID. · session key—PAM access user index. · usertype—User type. Possible values include: ¡ NETCONF SOAP HTTPS—NETCONF over SOAP over HTTPS user. ¡ NETCONF RESTful HTTP—NETCONF over SOAP over HTTP user. ¡ HTTP Web—HTTP web user. ¡ NETCONF SOAP HTTPS—NETCONF over SOAP over HTTPS user. ¡ NETCONF RESTful HTTPS—NETCONF over RESTful over HTTPS user. ¡ HTTPS Web—HTTPS web user. ¡ IKE—IKE user. ¡ SSLVPN—SSL VPN user. ¡ DVPN—DVPN user. |
UserID: userid, session Key: key, New Portal user is created |
A portal user was created. The parameters are as follows: · UserID—User ID. · session key—PAM access user index. |
UserID: userid, ConnectID: connectid, New PPP user is created |
A PPP user was created. The parameters are as follows: · UserID—User ID. · ConnectID—UCM connection type ID. Possible values include: ¡ 0—Auto-dialed L2TP connection on a LAC or L2TP connection on an LNS. ¡ 1—DHCP, IPoE, or ARP connection. ¡ 2—DHCPv6, IPoEv6, or ND connection. ¡ 3—PPP, IP6CP, or ND connection. |
UserID: userid, ConnectID: connectid, New IPoE4 user is created |
An IPv4 IPoE user was created. The parameters are as follows: · UserID—User ID. · ConnectID—UCM connection type ID. Possible values include: ¡ 0—Auto-dialed L2TP connection on a LAC or L2TP connection on an LNS. ¡ 1—DHCP, IPoE, or ARP connection. ¡ 2—DHCPv6, IPoEv6, or ND connection. ¡ 3—PPP, IP6CP, or ND connection. |
UserID: userid, ConnectID: connectid, New IPoE6 user is created. |
An IPv6 IPoE user was created. The parameters are as follows: · UserID—User ID. · ConnectID—UCM connection type ID. Possible values include: ¡ 0—Auto-dialed L2TP connection on a LAC or L2TP connection on an LNS. ¡ 1—DHCP, IPoE, or ARP connection. ¡ 2—DHCPv6, IPoEv6, or ND connection. ¡ 3—PPP, IP6CP, or ND connection. |
UserID: userid, ConnectID: connectid, New leased user is created. |
An IPoE leased user was created. The parameters are as follows: · UserID—User ID. · ConnectID—UCM connection type ID. Possible values include: ¡ 0—Auto-dialed L2TP connection on a LAC or L2TP connection on an LNS. ¡ 1—DHCP, IPoE, or ARP connection. ¡ 2—DHCPv6, IPoEv6, or ND connection. ¡ 3—PPP, IP6CP, or ND connection. |
7. AAA
Table 10 Detailed information of traced objects (AAA)
Field |
Description |
Domain domain-name rejected the user. |
The domain name domain-name rejected the user. |
Domain domain-name is in blocked state. |
The domain named domain-name is in blocked state. |
The user failed to access domain domain-name because the maximum number of users already reached. |
The user failed to access the domain named domain-name because the maximum number of users was already reached. |
Received an authentication request. |
AAA received an authentication request from a UCM user. |
Received an accounting-start request. |
AAA received an accounting-start request from an UCM user. |
Received an accounting-update request. |
AAA received an accounting-update request from a UCM user. |
Received an accounting-stop request. |
AAA received an accounting-stop request from a UCM user. |
Received a get-data reply. |
AAA received a get-data reply from UCM. |
Received an LDAP authentication response. |
AAA received a LDAP authentication response packet. |
Received an LDAP authorization response. |
AAA received a LDAP authorization response packet. |
RADIUS authentication: Request initiated. |
RADIUS authentication: Request packet was initiated. |
RADIUS accounting start: Request initiated. |
RADIUS accounting start: Request packet was initiated. |
RADIUS accounting update: Request initiated. |
RADIUS accounting update: Request packet was initiated. |
RADIUS accounting stop: Request initiated. |
RADIUS accounting stop: Request packet was initiated. |
RADIUS accounting start: Failed. Reason: reason. |
RADIUS accounting start failed for the reason reason. |
RADIUS accounting update: Failed. Reason: reason. |
RADIUS accounting update failed for the reason reason. |
RADIUS accounting stop: Failed. Reason: reason. |
RADIUS accounting stop failed for the reason reason. |
RADIUS authentication: Succeeded. |
RADIUS authentication succeeded. |
RADIUS accounting start: Succeeded. |
RADIUS accounting start succeeded. |
RADIUS accounting update: Succeeded. |
RADIUS accounting update succeeded. |
RADIUS accounting stop: Succeeded. |
RADIUS accounting stop succeeded. |
RADIUS authentication: Failed. Reason: reason. |
RADIUS authentication failed for a reason. Possible reasons include: · Server rejected. |
RADIUS authorization: Failed. Reason: reason. |
RADIUS authorization failed for a reason. Possible reasons are: · Data error. |
TACACS authentication: Request initiated. |
TACACS authentication: Request packet was initiated. |
TACACS continue authentication: Request initiated. |
TACACS continue authentication: Request packet was initiated. |
TACACS accounting start: Request initiated. |
TACACS accounting start: Request packet was initiated. |
TACACS accounting update: Request initiated. |
TACACS accounting update: Request packet was initiated. |
TACACS accounting stop: Request initiated. |
TACACS accounting stop: Request packet was initiated. |
TACACS authentication: Failed. Reason: reason. |
TACACS authentication failed for the reason reason. |
TACACS continue authentication: Failed. Reason: reason. |
TACACS continue authentication failed for the reason reason. |
TACACS authorization: Failed. Reason: reason. |
TACACS authorization failed for the reason reason. |
TACACS accounting start: Failed. Reason: reason. |
TACACS accounting start failed for the reason reason. |
TACACS accounting update: Failed. Reason: reason. |
TACACS accounting update failed for the reason reason. |
TACACS accounting stop: Failed. Reason: reason. |
TACACS accounting stop failed for the reason reason. |
TACACS authentication: Succeeded. |
TACACS authentication succeeded. |
TACACS continue authentication: Succeeded. |
TACACS continue authentication succeeded. |
TACACS accounting start: Succeeded. |
TACACS accounting start succeeded. |
TACACS accounting update: Succeeded. |
TACACS accounting update succeeded. |
TACACS accounting stop: Succeeded. |
TACACS accounting stop succeeded. |
8. DHCP
Table 11 Detailed information of traced objects (DHCP)
Field |
Description |
DHCPACC received a message type, DHCPACCIndex index, state state |
The DHCP access module received a DHCP client message of the type type from UCM. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of type include: · UCM_UIA_DHCP_MSG_CONN_REQ_ACK—A connection is successfully established. · UCM_UIA_DHCP_MSG_CONN_REQ_REJ—Connection establishment was rejected. · UCM_UIA_DHCP_MSG_CONNUP_REQ_ACK—The DHCP client successfully came online. · UCM_UIA_DHCP_MSG_CONNUP_REQ_REJ—The online request of the DHCP client was rejected. · UCM_UIA_DHCP_MSG_DISCONN_INF—The user successfully went offline. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—The DHCP access module is waiting for the reply to the connection request message from UCM. · DHCPACC_WAIT_UCM_UP_ACK—The DHCP access module is waiting for the reply to the online request from UCM. · DHCPACC_WAIT_UCM_DOWN_ACK—The DHCP access module is waiting for the replay to the offline request from UCM. |
DHCPACC sent a message type, DHCPACCIndex index, state state. |
The DHCP access module sent a DHCP client message of the type type to UCM. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of type include: · UCM_UIA_DHCP_MSG_CONNUP_REQ—The DHCP client comes online. · UCM_UIA_DHCP_MSG_CONNDOWN_REQ—The DHCP client went offline. Possible values of state include: · DHCPACC_WAIT_SERVER_ACK—Waiting for the DHCP-ACK packet from the DHCP server. · DHCPACC_WORKING—The DHCP client successfully comes online. |
DHCPACC would change to state after-state, DHCPACCIndex index, current state before-state. |
The state of the DHCP access module will switch to the after-state. The local index of the DHCP client is index, and the DHCP client is in the before-state state currently. Possible values of after-state and before-state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the DHCP-OFFER packet from the AM module. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCP client to send a DHCP-REQUEST packet. · DHCPACC_WAIT_AM_ACK—Waiting for the DHCP-ACK packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the DHCP client online request ACK message from UCM. · DHCPACC_WORKING—The DHCP client successfully comes online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the DHCP-RENEW packet from the AM module. |
DHCPACC sent a DHCP-DISCOVER packet to AM. Giaddr giaddr, Yiaddr yiaddr, DHCPACCIndex index, state state. |
The DHCP access module forwarded the DHCP-DISCOVER packet to the AM module. In the DHCP-DISCOVER packet, the Giaddr field is giaddr, and the Yiaddr field is yiaddr. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the DHCP-OFFER packet from the AM module. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCP client to send a DHCP-REQUEST packet. · DHCPACC_WAIT_AM_ACK—Waiting for the DHCP-ACK packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the DHCP client online request ACK message from UCM. · DHCPACC_WORKING—The DHCP client successfully comes online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the DHCP-RENEW packet from the AM module. |
DHCPACC received a DHCP-OFFER packet from AM. Giaddr giaddr, Yiaddr yiaddr, DHCPACCIndex index, state state. |
The DHCP access module received a DHCP-OFFER packet from the AM module. In the DHCP-OFFER packet, the Giaddr field is giaddr, and the Yiaddr field is yiaddr. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the DHCP-OFFER packet from the AM module. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCP client to send a DHCP-REQUEST packet. · DHCPACC_WAIT_AM_ACK—Waiting for the DHCP-ACK packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the DHCP client online request ACK message from UCM. · DHCPACC_WORKING—The DHCP client successfully comes online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the DHCP-RENEW packet from the AM module. |
DHCPACC received a DHCP-NAK packet from AM. Giaddr giaddr, Yiaddr yiaddr, DHCPACCIndex index, state state. |
The DHCP access module received a DHCP-NAK packet from the AM module. In the DHCP-NAK packet, the Giaddr field is giaddr, and the Yiaddr field is yiaddr. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the DHCP-OFFER packet from the AM module. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCP client to send a DHCP-REQUEST packet. · DHCPACC_WAIT_AM_ACK—Waiting for the DHCP-ACK packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the DHCP client online request ACK message from UCM. · DHCPACC_WORKING—The DHCP client successfully comes online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the DHCP-RENEW packet from the AM module. |
DHCPACC sent a DHCP-OFFER packet to client. Giaddr giaddr, Yiaddr yiaddr, DHCPACCIndex index, state state |
The DHCP access module forwarded the DHCP-OFFER packet to the DHCP client. In the DHCP-OFFER packet, the Giaddr field is giaddr, and the Yiaddr field is yiaddr. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the DHCP-OFFER packet from the AM module. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCP client to send a DHCP-REQUEST packet. · DHCPACC_WAIT_AM_ACK—Waiting for the DHCP-ACK packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the DHCP client online request ACK message from UCM. · DHCPACC_WORKING—The DHCP client successfully comes online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the DHCP-RENEW packet from the AM module. |
DHCPACC sent a DHCP-NAK packet to client. Giaddr giaddr, Yiaddr yiaddr, DHCPACCIndex index, state state |
The DHCP access module forwarded the DHCP-NAK packet to the DHCP client. In the DHCP-NAK packet, the Giaddr field is giaddr, and the Yiaddr field is yiaddr. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the DHCP-OFFER packet from the AM module. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCP client to send a DHCP-REQUEST packet. · DHCPACC_WAIT_AM_ACK—Waiting for the DHCP-ACK packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the DHCP client online request ACK message from UCM. · DHCPACC_WORKING—The DHCP client successfully comes online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the DHCP-RENEW packet from the AM module. |
DHCPACC received a DHCP-REQUEST packet from client. Giaddr giaddr, Yiaddr yiaddr, DHCPACCIndex index, state state |
The DHCP access module received a DHCP-REQUEST packet from the DHCP client. In the DHCP-REQUEST packet, the Giaddr field is giaddr, and the Yiaddr field is yiaddr. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the DHCP-OFFER packet from the AM module. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCP client to send a DHCP-REQUEST packet. · DHCPACC_WAIT_AM_ACK—Waiting for the DHCP-ACK packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the DHCP client online request ACK message from UCM. · DHCPACC_WORKING—The DHCP client successfully comes online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the DHCP-RENEW packet from the AM module. |
DHCPACC sent a DHCP-REQUEST packet to AM. Giaddr giaddr, Yiaddr yiaddr, DHCPACCIndex index, state state |
The DHCP access module forwarded the DHCP-REQUEST packet to the AM module. In the DHCP-REQUEST packet, the Giaddr field is giaddr, and the Yiaddr field is yiaddr. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the DHCP-OFFER packet from the AM module. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCP client to send a DHCP-REQUEST packet. · DHCPACC_WAIT_AM_ACK—Waiting for the DHCP-ACK packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the DHCP client online request ACK message from UCM. · DHCPACC_WORKING—The DHCP client successfully comes online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the DHCP-RENEW packet from the AM module. |
DHCPACC receive a DHCP-ACK packet from AM. Giaddr giaddr, Yiaddr yiaddr, DHCPACCIndex index, state state. |
The DHCP access module received a DHCP-ACK packet from the AM module. In the DHCP-ACK packet, the Giaddr field is giaddr, and the Yiaddr field is yiaddr. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the DHCP-OFFER packet from the AM module. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCP client to send a DHCP-REQUEST packet. · DHCPACC_WAIT_AM_ACK—Waiting for the DHCP-ACK packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the DHCP client online request ACK message from UCM. · DHCPACC_WORKING—The DHCP client successfully comes online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the DHCP-RENEW packet from the AM module. |
DHCPACC sent a DHCP-ACK packet to client. Giaddr giaddr, Yiaddr yiaddr, DHCPACCIndex index, state state |
The DHCP access module forwarded the DHCP-ACK packet to the AM module. In the DHCP-ACK packet, the Giaddr field is giaddr, and the Yiaddr field is yiaddr. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the DHCP-OFFER packet from the AM module. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCP client to send a DHCP-REQUEST packet. · DHCPACC_WAIT_AM_ACK—Waiting for the DHCP-ACK packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the DHCP client online request ACK message from UCM. · DHCPACC_WORKING—The DHCP client successfully comes online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the DHCP-RENEW packet from the AM module. |
DHCPACC received a DHCP-REQUEST packet from client. Giaddr giaddr, Yiaddr yiaddr, DHCPACCIndex index, state state. |
The DHCP access module received a DHCP-REQUEST packet from the DHCP client. In the DHCP-REQUEST packet, the Giaddr field is giaddr, and the Yiaddr field is yiaddr. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the DHCP-OFFER packet from the AM module. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCP client to send a DHCP-REQUEST packet. · DHCPACC_WAIT_AM_ACK—Waiting for the DHCP-ACK packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the DHCP client online request ACK message from UCM. · DHCPACC_WORKING—The DHCP client successfully comes online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the DHCP-RENEW packet from the AM module. |
DHCPACC sent a DHCP-REQUEST packet to AM. Giaddr giaddr, Yiaddr yiaddr, DHCPACCIndex index, state state. |
The DHCP access module forwarded the DHCP-REQUEST packet to the AM module. In the DHCP-REQUEST packet, the Giaddr field is giaddr, and the Yiaddr field is yiaddr. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the DHCP-OFFER packet from the AM module. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCP client to send a DHCP-REQUEST packet. · DHCPACC_WAIT_AM_ACK—Waiting for the DHCP-ACK packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the DHCP client online request ACK message from UCM. · DHCPACC_WORKING—The DHCP client successfully comes online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the DHCP-RENEW packet from the AM module. |
DHCPACC received a DHCP-ACK packet from AM. Giaddr giaddr, Yiaddr yiaddr, DHCPACCIndex index, state state. |
The DHCP access module received a DHCP-ACK packet from the AM module. In the DHCP-ACK packet, the Giaddr field is giaddr, and the Yiaddr field is yiaddr. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the DHCP-OFFER packet from the AM module. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCP client to send a DHCP-REQUEST packet. · DHCPACC_WAIT_AM_ACK—Waiting for the DHCP-ACK packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the DHCP client online request ACK message from UCM. · DHCPACC_WORKING—The DHCP client successfully comes online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the DHCP-RENEW packet from the AM module. |
DHCPACC sent a DHCP-ACK packet to CLIENT. Giaddr giaddr, Yiaddr yiaddr, DHCPACCIndex index, state state. |
The DHCP access module forwarded a DHCP-ACK packet to the DHCP client. In the DHCP-ACK packet, the Giaddr field is giaddr, and the Yiaddr field is yiaddr. The local index of the DHCP client is index, and the DHCP client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the DHCP-OFFER packet from the AM module. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCP client to send a DHCP-REQUEST packet. · DHCPACC_WAIT_AM_ACK—Waiting for the DHCP-ACK packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the DHCP client online request ACK message from UCM. · DHCPACC_WORKING—The DHCP client successfully comes online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the DHCP client offline request ACK message from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the DHCP-RENEW packet from the AM module. |
DHCPACC sent a solicit packet to AM. IAAddr IAAddr, DHCPACCIndex index, state state. |
The DHCPv6 access module forwarded the Solicit packet to the AM module. In the Solicit packet, the IAAddr field is IAAddr. The local index of the DHCPv6 client is index, and the DHCPv6 client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the AM module to reply to the Advertise packet. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCPv6 client to send a Request packet. · DHCPACC_WAIT_AM_ACK—Waiting for the Reply packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the reply to the DHCPv6 online packet from UCM. · DHCPACC_WORKING—The DHCPv6 client successfully came online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the reply to the DHCPv6 offline packet from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the reply to DHCPv6 client offline request from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the Renew packet from the AM module. |
DHCPACC received an advertise packet from AM. IAAddr IAAddr, DHCPACCIndex index, state state. |
The DHCPv6 access module received an Advertise packet from the AM module. In the Advertise packet, the IAAddr field is IAAddr. The local index of the DHCPv6 client is index, and the DHCPv6 client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the AM module to reply to the Advertise packet. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCPv6 client to send a Request packet. · DHCPACC_WAIT_AM_ACK—Waiting for the Reply packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the reply to the DHCPv6 online packet from UCM. · DHCPACC_WORKING—The DHCPv6 client successfully came online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the reply to the DHCPv6 offline packet from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the reply to DHCPv6 client offline request from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the Renew packet from the AM module. |
DHCPACC sent a advertise packet to client. IAAddr IAAddr, DHCPACCIndex index, state state. |
The DHCPv6 access module forwarded an Advertise packet to the DHCPv6 client. In the Advertise packet, the IAAddr field is IAAddr. The local index of the DHCPv6 client is index, and the DHCPv6 client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the AM module to reply to the Advertise packet. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCPv6 client to send a Request packet. · DHCPACC_WAIT_AM_ACK—Waiting for the Reply packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the reply to the DHCPv6 online packet from UCM. · DHCPACC_WORKING—The DHCPv6 client successfully came online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the reply to the DHCPv6 offline packet from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the reply to DHCPv6 client offline request from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the Renew packet from the AM module. |
DHCPACC received a reply packet from AM. IAAddr IAAddr, DHCPACCIndex index, state state. |
The DHCPv6 access module received a Reply packet from the AM module. In the Reply packet, the IAAddr field is IAAddr. The local index of the DHCPv6 client is index, and the DHCPv6 client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the AM module to reply to the Advertise packet. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCPv6 client to send a Request packet. · DHCPACC_WAIT_AM_ACK—Waiting for the Reply packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the reply to the DHCPv6 online packet from UCM. · DHCPACC_WORKING—The DHCPv6 client successfully came online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the reply to the DHCPv6 offline packet from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the reply to DHCPv6 client offline request from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the Renew packet from the AM module. |
DHCPACC sent a reply packet to client. IAAddr IAAddr, DHCPACCIndex index, state state. |
The DHCPv6 access module forwarded a Reply packet to the DHCPv6 client. In the Reply packet, the IAAddr field is IAAddr. The local index of the DHCPv6 client is index, and the DHCPv6 client is in the state state. Possible values of state include: · DHCPACC_WAIT_UCM_REQ_ACK—Waiting for the connection request ACK message from UCM. · DHCPACC_WAIT_AM_OFFER—Waiting for the AM module to reply to the Advertise packet. · DHCPACC_WAIT_CLIENT_REQ—Waiting for the DHCPv6 client to send a Request packet. · DHCPACC_WAIT_AM_ACK—Waiting for the Reply packet from the AM module. · DHCPACC_WAIT_UCM_UP_ACK—Waiting for the reply to the DHCPv6 online packet from UCM. · DHCPACC_WORKING—The DHCPv6 client successfully came online. · DHCPACC_WAIT_AM_DOWN_ACK—Waiting for the reply to the DHCPv6 offline packet from the AM module. · DHCPACC_WAIT_UCM_DOWN_ACK—Waiting for the reply to DHCPv6 client offline request from UCM. · DHCPACC_RENEW_WAIT_SERACK—Waiting for the reply to the Renew packet from the AM module. |
9. ARP
Table 12 Detailed information of traced objects (ARP)
Field |
Description |
Add user |
UCM notified ARP to add a user. |
Modify user by UID uid |
ARP modified the session parameters of the ARP user with UID uid. |
Modify user |
ARP modified the session parameters of ARP users. |
Delete user |
UCM notified ARP to delete a user. |
Receive a connection ACK message from UCM |
ARP received a connection ACK message from UCM. |
Receive a connection reject message from UCM |
ARP receive a connection reject message from UCM. |
Work slot has been changed to the local slot, start ARP user detection through |
The slot that initiated ARP user detection has been switched to the local slot, and the local slot started ARP user detection. |
Work slot has been changed to slot slot-number, stop ARP user detection |
The slot that initiated ARP user detection has been switched to the slot slot-number, and the local slot stopped ARP user detection. |
Receive an ARP type packet: DstIP: dst-ip, DstMAC: dst-mac, SrcIP: src-ip, SrcMAC: src-mac |
An ARP packet was received, with the packet type as type, destination IP address as dst-ip, destination MAC address as dst-mac, sender IP address as src-ip, and sender MAC address as src-mac. |
Send an ARP reply to user |
ARP sent an ARP reply to a user. |
[DetectTimer] Create ARP user detection timer |
ARP created the ARP user detection timer. |
[DetectTimer] ARP user detection timer timed out |
The ARP user detection timer timed out. |
[DetectTimer] ARP request successfully sent |
During the ARP user detection process, the ARP request was successfully sent. |
[DetectTimer] User detection attempts reached. Send cut message to UCM |
The maximum user detection attempts were reached. ARP sent a cut message to UCM. |
[DetectTimer] Set ARP user detection flag |
ARP set the ARP user detection flag. |
[DetectTimer] The detection configuration has been changed. Ifindex: ifindex, Retries: retries, Interval: interval |
The ARP user detection configuration has been changed. The interface initiating ARP user detection was changed to interface with index ifindex, the maximum user detection attempts were changed to retries, and the detection interval was changed to interval. |
10. ND
Table 13 Detailed information of traced objects (ND)
Field |
Description |
Add user with IPv6 prefix prefix |
UCM notified ND to add a user. UCM allocated IPv6 prefix prefix to the ND user. |
Modify user by UID uid |
ND modified the session parameters of the ARP user with UID uid. |
Modify user |
ND modified the session parameters of ND users. |
Delete user |
UCM notified ND to delete users. |
Receive a connection ACK message from UCM |
ND received a connection ACK message from UCM. |
Receive a connection reject message from UCM |
ND received a connection reject message from UCM. |
Forbid to renew link-local address |
ND forbade users from renewing link-local addresses. |
Work slot has been changed to the local slot, start ND user detection |
The slot that initiated ND user detection has been switched to the local slot, and the local slot started ND user detection. |
Work slot has been changed to slot slot-number, stop ND user detection |
The slot that initiated ND user detection has been switched to the slot slot-number, and the local slot stopped ND user detection. |
Send an RA message. User MAC: mac_address, IPv6 prefix: prefix |
ND sent an RA message with the user MAC as mac_address and IPv6 prefix as prefix. |
[DetectTimer] Create ND user detection timer |
ND created the ND user detection timer. |
[DetectTimer] ND user detection timer timed out |
The ND user detection timer timed out. |
[DetectTimer] NS message successfully sent |
During the ND user detection process, the NS message was successfully sent. |
[DetectTimer] User detection attempts reached. Send cut message to UCM |
The maximum user detection attempts were reached. ND sent a cut message to UCM. |
[DetectTimer] Set ND user detection flag |
ND set the ND user detection flag. |
[DetectTimer] The detection configuration has been changed. Ifindex: ifindex, Retries: retries, Interval: interval |
The ND user detection configuration has been changed. The interface initiating ND user detection was changed to interface with index ifindex, the maximum user detection attempts were changed to retries, and the detection interval was changed to interval. |
[DetectTimer] Invalid user IPv6 address. Detection failed |
The user IPv6 address was invalid. As a result, ND user detection failed. |
11. IGMP
Table 14 Detailed information of traced objects (IGMP)
Field |
Description |
Multicast user comes online. |
ICMP received multicast user coming online messages from UCM. |
Multicast user goes offline. |
ICMP received multicast user going offline messages from UCM. |
Multicast authentication information change. |
Multicast authentication information changed. |
12. MLD
Table 15 Detailed information of traced objects (MLD)
Field |
Description |
Multicast user comes online. |
MLD received multicast user coming online messages from UCM. |
Multicast user goes offline. |
MLD received multicast user going offline messages from UCM. |
Multicast authentication information change. |
Multicast authentication information changed. |
UPMGR messages
This section contains UP management messages.
UPMGR_CP_PROTOCOL_STATE_CHANGE
Message text |
Protocol tunnel state on UP [INT32] changed to [STRING]. |
Variable fields |
$1: UP ID. $2: Protocol channel state: ¡ Normal. ¡ Disconnected. |
Severity level |
5 |
Example |
UPMGR/5/CP_PROTOCOL_STATE_CHANGE: Protocol tunnel state on UP 1024 changed to Normal. |
Explanation |
The protocol channel state on the CP changed. |
Recommended action |
1. When the protocol channel state changed to Normal, no action is required. 2. When the protocol channel state changed to Disconnected, use the display up command to identify whether the control channel state is Normal. If the control channel state is not Normal, check the control channel-related configurations on the CP and UP to ensure that the control channel can be properly established. |
UPMGR_UP_PROTOCOL_STATE_CHANGE
Message text |
Protocol tunnel state on CP instance [STRING] changed to [STRING]. |
Variable fields |
$1: CP instance name. $2: Protocol channel state: ¡ Normal. ¡ Disconnected. |
Severity level |
5 |
Example |
UPMGR/5/UP_PROTOCOL_STATE_CHANGE: Protocol tunnel state on CP instance abc changed to Normal. |
Explanation |
The protocol channel state on the UP changed. |
Recommended action |
1. When the protocol channel state changed to Normal, no action is required. 2. When the protocol channel state changed to Disconnected, use the display cp-instance command to identify whether the control channel state is Normal. If the control channel state is not Normal, check the control channel-related configurations on the CP and UP to ensure that the control channel can be properly established. |
VLAN messages
This section contains VLAN messages.
VLAN_FAILED
Message text |
Failed to add interface [STRING] to the default VLAN. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
VLAN/4/VLAN_FAILED: Failed to add interface S-Channel4/2/0/19:100 to the default VLAN. |
Explanation |
An S-channel interface was created when hardware resources were insufficient. The S-channel interface failed to be assigned to the default VLAN. |
Recommended action |
No action is required. |
VLAN_VLANMAPPING_FAILED
Message text |
The configuration failed because of resource insufficiency or conflicts on [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
VLAN/4/VLAN_VLANMAPPING_FAILED: The configuration failed because of resource insufficiency or conflicts on Ethernet0/0. |
Explanation |
Part of or all VLAN mapping configurations on the interface were lost because of one of the following occurrences: · Hardware resources were insufficient for the interface. · The interface joined or left a Layer 2 aggregation group. |
Recommended action |
No action is required. |
VLAN_VLANTRANSPARENT_FAILED
Message text |
The configuration failed because of resource insufficiency or conflicts on [STRING]. |
Variable fields |
$1: Interface name. |
Severity level |
4 |
Example |
VLAN/4/VLAN_VLANTRANSPARENT_FAILED: The configuration failed because of resource insufficiency or conflicts on Ethernet0/0. |
Explanation |
Part of or all VLAN transparent transmission configurations on the interface were lost because of one of the following occurrences: · Hardware resources were insufficient for the interface. · The interface joined or left a Layer 2 aggregation group. |
Recommended action |
No action is required. |
VRRP messages
This section contains VRRP messages.
VRRP_STATUS_CHANGE
Message text |
The status of [STRING] virtual router [UINT32] (configured on [STRING]) changed from [STRING] to [STRING]: [STRING]. |
Variable fields |
$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Original status. $5: Current status. $6: Reason for status change: · Interface event received—An interface event was received. · IP address deleted—The virtual IP address has been deleted. · The status of the tracked object changed—The status of the associated track entry changed. · VRRP packet received—A VRRP advertisement was received. · Current device has changed to IP address owner—The current device has become the IP address owner. · Zero priority packet received—A VRRP packet containing priority 0 was received. · Preempt—Preemption occurred. · Master group drove—The state of the master group changed. |
Severity level |
6 |
Example |
VRRP/6/VRRP_STATUS_CHANGE: The status of IPv4 virtual router 10 (configured on Ethernet0/0) changed (from Backup to Master): Master-down-timer expired. |
Explanation |
The VRRP group status changed because of the following reasons: · An interface event was received. · The virtual IP address has been deleted. · The status of the associated track entry changed. · A VRRP advertisement was received. · The current device has become the IP address owner. · The master down timer (3 × VRRP advertisement interval + Skew_Time) expired. · A VRRP packet containing priority 0 was received. · Preemption occurred. · The state of the master group changed. |
Recommended action |
Check the VRRP group status to make sure it is operating correctly. |
VRRP_VF_STATUS_CHANGE
Message text |
The [STRING] virtual router [UINT32] (configured on [STRING]) virtual forwarder [UINT32] detected status change (from [STRING] to [STRING]): [STRING]. |
Variable fields |
$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: VF ID. $5: Original status of VF. $6: Current status of VF. $7: Reason for the status change. |
Severity level |
6 |
Example |
VRRP/6/VRRP_VF_STATUS_CHANGE: The IPv4 virtual router 10 (configured on GigabitEthernet5/1) virtual forwarder 2 detected status change (from Active to Initialize): Weight changed. |
Explanation |
The status of the virtual forwarder has changed because the weight changed, the timeout timer expired, or VRRP went down. |
Recommended action |
Check the status of the track entry. |
VRRP_VMAC_INEFFECTIVE
Message text |
The [STRING] virtual router [UINT32] (configured on [STRING]) failed to add virtual MAC: [STRING]. |
Variable fields |
$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Reason for the error. |
Severity level |
3 |
Example |
VRRP/3/VRRP_VMAC_INEFFECTIVE: The IPv4 virtual router 10 (configured on Ethernet0/0) failed to add virtual MAC: Insufficient hardware resources. |
Explanation |
The virtual router failed to add a virtual MAC address. |
Recommended action |
Find out the root cause for the operation failure and fix the problem. |
VSRP messages
This section contains VSRP messages.
VSRP_BIND_FAILED
Message text |
Failed to bind the IP addresses and the port on VSRP peer [STRING]. |
Variable fields |
$1: VSRP peer name. |
Severity level |
6 |
Example |
VSRP/6/VSRP_BIND_FAILED: Failed to bind the IP addresses and the port on VSRP peer aaa. |
Explanation |
Failed to bind the IP addresses and the port when creating a TCP connection to the VSRP peer because the TCP port is in use. |
Recommended action |
No action is required. |
VXLAN messages
This section contains VXLAN messages.
VXLAN_LICENSE_UNAVAILABLE
Message text |
The VXLAN feature is disabled, because no licenses are valid. |
Variable fields |
N/A |
Severity level |
3 |
Example |
VXLAN/3/VXLAN_LICENSE_UNAVAILABLE: The VXLAN feature is disabled, because no licenses are valid. |
Explanation |
VXLAN was disabled because no licenses were valid. |
Recommended action |
Install valid licenses for VXLAN. |
WEB messages
This section contains Web messages.
LOGIN
Message text |
[STRING] logged in from [STRING]. |
Variable fields |
$1: Username of the user. $2: IP address of the user. |
Severity level |
5 |
Example |
WEB/5/LOGIN: admin logged in from 127.0.0.1. |
Explanation |
A user logged in successfully. |
Recommended action |
No action is required. |
LOGIN_FAILED
Message text |
[STRING] failed to log in from [STRING]. |
Variable fields |
$1: Username of the user. $2: IP address of the user. |
Severity level |
5 |
Example |
WEB/5/LOGIN_FAILED: admin failed to log in from 127.0.0.1. |
Explanation |
A user failed to log in. |
Recommended action |
No action is required. |
LOGOUT
Message text |
[STRING] logged out from [STRING]. |
Variable fields |
$1: Username of the user. $2: IP address of the user. |
Severity level |
5 |
Example |
WEB/5/LOGOUT: admin logged out from 127.0.0.1. |
Explanation |
A user logged out successfully. |
Recommended action |
No action is required. |