Login
- Table of Contents
-
- 17-User Access and Authentication
- 01-HH3C-8021X-EXT2-MIB
- 02-HH3C-AAA-MIB
- 03-HH3C-DOMAIN-MIB
- 04-HH3C-LOCAL-AAA-SERVER-MIB
- 05-HH3C-PORT-SECURITY-MIB
- 06-HH3C-PORTAL-MIB
- 07-HH3C-RADIUS-MIB
- 08-HH3C-USER-MIB
- 09-IEEE8021-PAE-MIB
- 10-IEEE8021-SECY-MIB
- 11-IEEE8021X-PAE-MIB
- 12-RADIUS-ACC-CLIENT-MIB
- 13-RADIUS-AUTH-CLIENT-MIB
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-HH3C-PORT-SECURITY-MIB | 147.19 KB |
Contents
hh3cSecurePortSecurityControl (1.3.6.1.4.1.25506.2.26.1.1.1)
hh3cSecurePortVlanMembershipList (1.3.6.1.4.1.25506.2.26.1.1.2)
hh3cSecureRalmDefaultSessionTime (1.3.6.1.4.1.25506.2.26.1.1.4.1)
hh3cSecureRalmHoldoffTime (1.3.6.1.4.1.25506.2.26.1.1.4.2)
hh3cSecureRalmReauthenticate (1.3.6.1.4.1.25506.2.26.1.1.4.3)
hh3cSecureRalmAuthMode (1.3.6.1.4.1.25506.2.26.1.1.4.4)
hh3cSecureRalmAuthUsername (1.3.6.1.4.1.25506.2.26.1.1.4.5)
hh3cSecureRalmAuthPassword (1.3.6.1.4.1.25506.2.26.1.1.4.6)
hh3cSecureRalmAuthDomain (1.3.6.1.4.1.25506.2.26.1.1.4.7)
hh3cSecureRalmAuthOfflineTime (1.3.6.1.4.1.25506.2.26.1.1.4.8)
hh3cSecureRalmAuthServerTimeoutTime (1.3.6.1.4.1.25506.2.26.1.1.4.9)
hh3cSecureMacControl (1.3.6.1.4.1.25506.2.26.1.1.4.10)
HH3C-PORT-SECURITY-MIB
About this MIB
Use this MIB to configure port security feature settings, obtain user information, and report trap notifications.
MIB file name
hh3c-port-security.mib
Root object
iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).hh3c(25506).hh3cCommon(2).hh3cPortSecurity(26).hh3cPortSecurityMIB(1)
Scalar objects
hh3cSecurePortSecurityControl (1.3.6.1.4.1.25506.2.26.1.1.1)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecurePortSecurityControl (1.3.6.1.4.1.25506.2.26.1.1.1) |
read-write |
INTEGER |
enabled(1), disabled(2) |
Enabling status of port security. |
As per the MIB. |
hh3cSecurePortVlanMembershipList (1.3.6.1.4.1.25506.2.26.1.1.2)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecurePortVlanMembershipList (1.3.6.1.4.1.25506.2.26.1.1.2) |
accessible-for-notify |
DisplayString |
OCTET STRING (0..255) |
VLANs assigned to each port. |
As per the MIB. |
hh3cSecureRalmDefaultSessionTime (1.3.6.1.4.1.25506.2.26.1.1.4.1)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecureRalmDefaultSessionTime (1.3.6.1.4.1.25506.2.26.1.1.4.1) |
read-write |
INTEGER |
INTEGER (1..1000000) |
Periodic MAC reauthentication interval. |
Not supported. |
hh3cSecureRalmHoldoffTime (1.3.6.1.4.1.25506.2.26.1.1.4.2)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecureRalmHoldoffTime (1.3.6.1.4.1.25506.2.26.1.1.4.2) |
read-write |
INTEGER |
INTEGER (1..1000000) |
Quiet timer before a blocked (denied) MAC address can be reauthenticated. |
Value range: 1 to 3600. |
hh3cSecureRalmReauthenticate (1.3.6.1.4.1.25506.2.26.1.1.4.3)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecureRalmReauthenticate (1.3.6.1.4.1.25506.2.26.1.1.4.3) |
read-write |
MacAddress |
OCTET STRING (6) |
An immediate reauthentication is performed on the MAC authentication users. |
Not supported. |
hh3cSecureRalmAuthMode (1.3.6.1.4.1.25506.2.26.1.1.4.4)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecureRalmAuthMode (1.3.6.1.4.1.25506.2.26.1.1.4.4) |
read-write |
INTEGER |
papUsernameAsMacAddress(1), papUsernameFixed(2) |
MAC authentication user account format. |
If the value is set to papUsernameAsMacAddress(1), the MAC address of each user is used as both the username and password. If the value is set to papUsernameFixed(2), the username and password are from the h3cSecureRalmAuthUsername and h3cSecureRalmAuthPassword objects. In this mode, the MAC address of each user can be carried in the Calling-Station-Id attribute of RADIUS packets. |
hh3cSecureRalmAuthUsername (1.3.6.1.4.1.25506.2.26.1.1.4.5)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecureRalmAuthUsername (1.3.6.1.4.1.25506.2.26.1.1.4.5) |
read-write |
DisplayString |
OCTET STRING (1..80) |
Username. |
Length: 1 to 55 characters. The username cannot contain an at sign (@). |
hh3cSecureRalmAuthPassword (1.3.6.1.4.1.25506.2.26.1.1.4.6)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecureRalmAuthPassword (1.3.6.1.4.1.25506.2.26.1.1.4.6) |
read-write |
DisplayString |
OCTET STRING (1..63) |
Password. |
Supports only the plaintext form. |
hh3cSecureRalmAuthDomain (1.3.6.1.4.1.25506.2.26.1.1.4.7)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecureRalmAuthDomain (1.3.6.1.4.1.25506.2.26.1.1.4.7) |
read-write |
DisplayString |
OCTET STRING (1..255) |
Domain used for MAC authentication. |
As per the MIB. |
hh3cSecureRalmAuthOfflineTime (1.3.6.1.4.1.25506.2.26.1.1.4.8)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecureRalmAuthOfflineTime (1.3.6.1.4.1.25506.2.26.1.1.4.8) |
read-write |
Integer32 |
Integer32 (60..2147483647) |
Authentication offline detection timer. |
As per the MIB. |
hh3cSecureRalmAuthServerTimeoutTime (1.3.6.1.4.1.25506.2.26.1.1.4.9)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecureRalmAuthServerTimeoutTime (1.3.6.1.4.1.25506.2.26.1.1.4.9) |
read-write |
INTEGER |
INTEGER (1..65535) |
Timeout timer for the device to wait for a response from the server. |
Value range: 100 to 300 seconds. |
hh3cSecureMacControl (1.3.6.1.4.1.25506.2.26.1.1.4.10)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecureMacControl (1.3.6.1.4.1.25506.2.26.1.1.4.10) |
read-write |
TruthValue |
enabled(1), disabled(2) |
Enabling status of MAC authentication globally. |
As per the MIB. |
Tabular objects
hh3cSecurePortTable
About this table
Use this table to configure or obtain security attributes on ports.
Support for operations
Create:Not supported
Edit/Modify:Supported
Delete:Not supported
Read:Supported
Columns
The table index is hh3cDomainName.
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecurePortMode (1.3.6.1.4.1.25506.2.26.1.2.1.1.1) |
read-write |
INTEGER |
noRestrictions(1), continuousLearning(2), autoLearn(3), secure(4), userLogin(5), userLoginSecure(6), userLoginWithOUI(7), macAddressWithRadius(8), macAddressOrUserLoginSecure(9), macAddressElseUserLoginSecure(10), userLoginSecureExt(11), macAddressOrUserLoginSecureExt(12), macAddressElseUserLoginSecureExt(13), macAddressAndUserLoginSecure(14), macAddressAndUserLoginSecureExt(15) |
Port security mode. |
The continuousLearning mode is not supported. |
|
hh3cSecureNeedToKnowMode (1.3.6.1.4.1.25506.2.26.1.2.1.1.2) |
read-write |
INTEGER |
notAvailable(1), disabled(2), needToKnowOnly(3), needToKnowWithBroadcastsAllowed(4), needToKnowWithMulticastsAllowed(5), permanentNeedToKnowOnly(6), permanentNeedToKnowWithBroadcastsAllowed(7), permanentNeedToKnowWithMulticastsAllowed(8) |
This object specifies the NTK mode for checking outbound frames of a port. |
As per the MIB. |
|
hh3cSecureIntrusionAction (1.3.6.1.4.1.25506.2.26.1.2.1.1.3) |
read-write |
INTEGER |
notAvailable(1), noAction(2), disablePort(3), disablePortTemporarily(4), allowDefaultAccess(5), blockMacAddress(6) |
Intrusion protection action to take when intrusion protection detects illegal frames. |
The allowDefaultAccess ation is not supported. |
|
hh3cSecureNumberAddresses (1.3.6.1.4.1.25506.2.26.1.2.1.1.4) |
read-write |
Integer32 |
Standard MIB values. |
Maximum number of secure MAC addresses that the port can learn. |
As per the MIB. |
|
hh3cSecureNumberAddressesStored (1.3.6.1.4.1.25506.2.26.1.2.1.1.5) |
read-only |
INTEGER |
Standard MIB values. |
Number of MAC addresses that the port has learned. |
As per the MIB. |
|
hh3cSecureMaximumAddresses (1.3.6.1.4.1.25506.2.26.1.2.1.1.6) |
read-only |
INTEGER |
Standard MIB values. |
Maximum value you can specify as the number of secure MAC addresses. |
As per the MIB. |
hh3cSecureAddressTable
About this table
Use this table to configure or obtain information about secure MAC addresses.
Support for operations
Create:Not supported
Edit/Modify:Supported
Delete:Not supported
Read:Supported
Columns
The table indexes are ifIndex, hh3cSecureAddrMAC, and hh3cSecureAddrVlanID.
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecureAddrMAC (1.3.6.1.4.1.25506.2.26.1.2.2.1.1) |
accessible-for-notify |
MacAddress |
Standard MIB values. |
MAC address on a port. |
Not supported. |
|
hh3cSecureAddrVlanID (1.3.6.1.4.1.25506.2.26.1.2.2.1.2) |
read-create |
Integer32 |
Standard MIB values. |
Authorization VLAN. |
Not supported. |
|
hh3cSecureAddrMACStatus (1.3.6.1.4.1.25506.2.26.1.2.2.1.3) |
read-create |
INTEGER |
addressBlackhole(1), addressUserConfig(2), addressDot1xAuth(3), addressRALM(4) |
MAC address attribute. |
Not supported. |
|
hh3cSecureAddrRowStatus (1.3.6.1.4.1.25506.2.26.1.2.2.1.4) |
read-create |
RowStatus |
active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6) |
Row status. |
As per the MIB. |
hh3cSecureOUITable
About this table
Use this table to configure or obtain Organizationally Unique Identifier (OUI) information.
Support for operations
Create:Supported
Edit/Modify:Supported
Delete:Supported
Read:Supported
Columns
The table index is hh3cSecureOUIIndex.
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecureOUIIndex (1.3.6.1.4.1.25506.2.26.1.2.3.1.1) |
not-accessible |
INTEGER |
INTEGER (1..1024) |
OUI index |
1..16 |
|
hh3cSecureOUI (1.3.6.1.4.1.25506.2.26.1.2.3.1.2) |
read-create |
OCTET STRING |
OCTET STRING (3) |
OUI value. |
As per the MIB. |
|
hh3cSecureOUIRowStatus (1.3.6.1.4.1.25506.2.26.1.2.3.1.3) |
read-create |
RowStatus |
active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6) |
OUI row status. |
As per the MIB. |
hh3cSecureBindingTable
About this table
Use this table to configure or obtain information about port, IP address, and MAC address binding entries.
Support for operations
Create:Supported
Edit/Modify:Supported
Delete:Supported
Read:Supported
Columns
The table index is hh3cSecureBindingIndex.
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecureBindingIndex (1.3.6.1.4.1.25506.2.26.1.2.4.1.1) |
not-accessible |
Integer32 |
Standard MIB values. |
Index of a binding entry. |
Not supported. |
|
hh3cSecureBindingPort (1.3.6.1.4.1.25506.2.26.1.2.4.1.2) |
read-create |
Integer32 |
Standard MIB values. |
Port index in the binding entry. |
Not supported. |
|
hh3cSecureBindingAddrMAC (1.3.6.1.4.1.25506.2.26.1.2.4.1.3) |
read-create |
MacAddress |
Standard MIB values. |
MAC address in the binding entry. |
Not supported. |
|
hh3cSecureBindingAddrIp (1.3.6.1.4.1.25506.2.26.1.2.4.1.4) |
read-create |
IpAddress |
Standard MIB values. |
IP address in the binding entry. |
Not supported. |
|
hh3cSecureBindingRowStatus (1.3.6.1.4.1.25506.2.26.1.2.4.1.5) |
read-create |
RowStatus |
active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6) |
Row status. |
Not supported. |
hh3cSecureAssignTable
About this table
Use this table to apply or obtain authorization information assigned by the server.
Support for operations
Create:Not supported
Edit/Modify:Supported
Delete:Not supported
Read:Supported
Columns
The table index is ifIndex.
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cSecureAssignEnable (1.3.6.1.4.1.25506.2.26.1.2.5.1.1) |
read-write |
TruthValue |
true(1), false(2) |
Whether to apply the authorization attributes received from the server to a port. |
As per the MIB. |
|
hh3cSecureVlanAssignment (1.3.6.1.4.1.25506.2.26.1.2.5.1.2) |
read-only |
OCTET STRING |
OCTET STRING (0..255) |
Authorization VLANs and tag information assigned by the server to the port. |
As per the MIB. |
Notifications
hh3cSecureAddressLearned
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506. 2.26.1.3.1 |
A new secure MAC address was learned. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when a new secure MAC address is learned.
System impact
No negative impact on the system.
Status control
ON
CLI: Use the snmp-agent trap enable port-security address-learned command.
OFF
CLI: Use the undo snmp-agent trap enable port-security address-learned command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
ifIndex |
INTEGER |
INTEGER (1.. 2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
Learned MAC address on a port. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
Recommended action
No action is required.
hh3cSecureViolation
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506. 2.26.1.3.2 |
Intrusion protection event occurred. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when a port receives illegal frames whose source MAC address has not been learned by the port or that fail to pass authentication after you enable intrusion protection.
System impact
The system might be attacked by illegal frames if too many intrusion protection events occur.
Status control
ON
CLI: Use the snmp-agent trap enable port-security intrusion command.
OFF
CLI: Use the undo snmp-agent trap enable port-security intrusion command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
ifIndex |
Integer32 |
Integer32 (1.. 2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
|
1.3.6.1.2.1.2.2.1.7 (ifAdminStatus) |
Link layer status. |
ifIndex |
INTEGER |
up(1) , down(2) , testing(3) |
Recommended action
To resolve this issue:
1.Verify that 802.1X authentication, MAC authentication, and secure MAC addresses are configured correctly.
2.Execute the display dot1x, display mac-authentication, and display port-security mac-address security commands in any view to identify whether the number of online users or secure MAC addresses on the port has reached the upper limit.
- If the number of online users or learned secure MAC addresses on the port has reached the upper limit and the upper limit is too small, change the upper limit.
- If the numbers of online users and learned secure MAC addresses on the port hasn't reached the upper limit and intrusion protections events occur only occasionally, no action is required.
3.If many intrusion protection events occur, the system might be attacked. In this case, contact Technical Support.
hh3cSecureLoginFailure
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506. 2.26.1.3.3 |
An 802.1X user failed authentication. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an 802.1X user fails authentication.
System impact
The system might be attacked by many authentication packets if too many notifications are generated.
Status control
ON
CLI: Use the snmp-agent trap enable port-security dot1x-failure command.
OFF
CLI: Use the undo snmp-agent trap enable port-security dot1x-failure command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
ifIndex |
InterfaceIndex |
Integer32 (1..2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
|
1.0.8802.1.1.1.1.2.4.1.9 (dot1xAuthSessionUserName) |
Username of an 802.1X authentication user. |
dot1xAuthSessionUserName |
SnmpAdminString |
OCTET STRING (SIZE (0..255)) |
Recommended action
To resolve this issue:
1.Verify that 802.1X authentication settings are correct.
2.Execute the dot1x access-user log enable failed-login command to enable logging 802.1X user login failures to identify authentication failure cause. Edit the device or server configuration as needed if an authentication failure is caused by device or server configuration errors, for example:
- The authentication methods configured for the device and the server are different.
- The username is not added to the server.
- The username or password is incorrect.
3.If the system repeatedly generates this notification and the authentication failure log shows that one or multiple 802.1X users continuously failed to pass authentication, the system might be attacked by authentication packets. In this case, contact Technical Support.
hh3cSecureLogon
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506. 2.26.1.3.4 |
An 802.1X user logged on. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an 802.1X user logs on.
System impact
No negative impact on the system.
Status control
ON
CLI: Use the snmp-agent trap enable port-security dot1x-logon command.
OFF
CLI: Use the undo snmp-agent trap enable port-security dot1x-logon command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
ifIndex |
Integer32 |
Integer32 (1..2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
|
1.0.8802.1.1.1.1.2.4.1.9 (dot1xAuthSessionUserName) |
Username of an 802.1X authentication user. |
dot1xAuthSessionUserName |
SnmpAdminString |
OCTET STRING(SIZE (0..255)) |
|
1.0.8802.1.1.1.1.2.4.1.6 (dot1xAuthSessionAuthenticMethod) |
Authentication method. |
dot1xAuthSessionUserName |
INTEGER |
remoteAuthServer(1) , localAuthServer(2) |
|
1.3.6.1.4.1.25506.2.26.1.1.2 (hh3cSecurePortVlanMembershipList) |
VLAN membership assigned to the port on session activation. |
N/A |
DisplayString |
OCTET STRING (0..255) |
Recommended action
No action is required.
hh3cSecureLogoff
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.26.1.3.5 |
An 802.1X user logged off. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an 802.1X user logs off.
System impact
No negative impact on the system.
Status control
ON
CLI: Use the snmp-agent trap enable port-security dot1x-logoff command.
OFF
CLI: Use the undo snmp-agent trap enable port-security dot1x-logoff command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index |
ifIndex |
Integer32 |
Integer32 (1..2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
|
1.0.8802.1.1.1.1.2.4.1.9 (dot1xAuthSessionUserName) |
Username of an 802.1X authentication user. |
dot1xAuthSessionUserName |
SnmpAdminString |
OCTET STRING(SIZE (0.. 255)) |
|
1.0.8802.1.1.1.1.2.4.1.8 (dot1xAuthSessionTerminateCause) |
802.1X session termination cause. |
dot1xAuthSessionUserName |
INTEGER |
supplicantLogoff(1) , portFailure(2) , supplicantRestart(3) , reauthFailed(4) , authControlForceUnauth(5) portReInit(6) , portAdminDisabled(7) , notTerminatedYet(999) |
|
1.3.6.1.4.1.25506.2.26.1.1.2 (hh3cSecurePortVlanMembershipList) |
VLAN membership assigned to the port on session termination. |
N/A |
DisplayString |
OCTET STRING (0..255) |
Recommended action
No action is required.
hh3cSecureRalmLoginFailure
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.26.1.3.6 |
A MAC authentication user failed authentication. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when a MAC authentication user fails authentication.
System impact
The system might be attacked by many authentication packets if too many notifications are generated.
Status control
ON
CLI: Use the snmp-agent trap enable port-security mac-auth-failure command.
OFF
CLI: Use the undo snmp-agent trap enable port-security mac-auth-failure command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
ifIndex |
Integer32 |
Integer32 (1.. 2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.26.1.1.4.4 (hh3cSecureRalmAuthMode) |
MAC authentication user account format. |
N/A |
INTEGER |
papUsernameAsMacAddress(1) , papUsernameFixed(2) |
|
1.3.6.1.4.1.25506.2.26.1.1.4.5 (hh3cSecureRalmAuthUsername) |
Username of a MAC authentication user. |
N/A |
DisplayString |
OCTET STRING (1..80) |
Recommended action
To resolve this issue:
1.Verify that MAC authentication settings are correct.
2.Execute the mac-authentication access-user log enable failed-login command to enable logging MAC authentication user login failures to identify authentication failure cause. Edit the device or server configuration as needed if an authentication failure is caused by device or server configuration errors, for example:
- The authentication methods configured for the device and the server are different.
- The username is not added to the server.
- The username or password is incorrect.
3.If the system repeatedly generates this notification and the authentication failure log shows that users from different MAC addresses continuously failed to pass authentication, the system might be attacked by authentication packets. In this case, contact Technical Support.
hh3cSecureRalmLogon
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506. 2.26.1.3.7 |
A MAC authentication user logged on. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when a MAC authentication user logs on.
System impact
No negative impact on the system.
Status control
ON
CLI: Use the snmp-agent trap enable port-security mac-auth-logon command.
OFF
CLI: Use the undo snmp-agent trap enable port-security mac-auth-logon command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
ifIndex |
Integer32 |
Integer32 (1.. 2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.26.1.1.4.4 (hh3cSecureRalmAuthMode) |
MAC authentication user account format. |
N/A |
INTEGER |
papUsernameAsMacAddress(1) papUsernameFixed(2) |
|
1.3.6.1.4.1.25506.2.26.1.1.4.5 (hh3cSecureRalmAuthUsername) |
Username of a MAC authentication user. |
N/A |
DisplayString |
OCTET STRING (1..80) |
|
1.3.6.1.4.1.25506.2.26.1.1.2 (hh3cSecurePortVlanMembershipList) |
VLAN membership assigned to the port on session activation. |
N/A |
DisplayString |
OCTET STRING (0..255) |
Recommended action
No action is required.
hh3cSecureRalmLogoff
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506. 2.26.1.3.8 |
A MAC authentication user logged off. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when a MAC authentication user logs off.
System impact
No negative impact on the system.
Status control
ON
CLI: Use the snmp-agent trap enable port-security mac-auth-logoff command.
OFF
CLI: Use the undo snmp-agent trap enable port-security mac-auth-logoff command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
ifIndex |
Integer32 |
Integer32 (0..2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.26.1.1.4.4 (hh3cSecureRalmAuthMode) |
MAC authentication user account format. |
N/A |
INTEGER |
papUsernameAsMacAddress(1) , papUsernameFixed(2) |
|
1.3.6.1.4.1.25506.2.26.1.1.4.5 (hh3cSecureRalmAuthUsername) |
Username of an MAC authentication user. |
N/A |
DisplayString |
OCTET STRING (1..80) |
|
1.3.6.1.4.1.25506.2.26.1.1.2 (hh3cSecurePortVlanMembershipList) |
VLAN membership assigned to the port on session termination. |
N/A |
DisplayString |
OCTET STRING (0..255) |
Recommended action
No action is required.
