Login
- Released At: 02-02-2024
- Page Views:
- Downloads:
- Related Documents
-
|
H3C Campus Fixed-Port Switches |
|
System Log Messages Reference - R6652Pxx |
|
|
|
|
This manual is applicable to the following switches and software versions:
S5560X-EI Switch Series (Release 6652P02 and later)
S6520X-HI Switch Series (Release 6652P02 and later)
S6520X-EI Switch Series (Release 6652P02 and later)
S6813 Switch Series (Release 6652P02 and later)
S6812 Switch Series (Release 6652P02 and later)
Document version: 6W100-20240124
Copyright © 2024 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Contents
Managing and obtaining system log messages
Obtaining log messages from the console terminal
Obtaining log messages from a monitor terminal
Obtaining log messages from the log buffer
Obtaining log messages from the log file
Obtaining log messages from a log host
ACL_ACCELERATE_NONCONTIGUOUSMASK
ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP
ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG
APMGR_CWC_IMG_DOWNLOAD_COMPLETE
APMGR_CWC_RUN_DOWNLOAD_COMPLETE
APMGR_CWS_IMG_DOWNLOAD_COMPLETE
APMGR_CWS_RUN_DOWNLOAD_COMPLETE
ARP_ACTIVE_ACK_NOREQUESTED_REPLY
ARP_HARDWARE_REFRESH_NORESOURCE
ARP_SENDER_MACIPCONFLICT_ALARM
ARP_SENDER_MACIPCONFLICT_RESUME
ARP_USER_DUPLICATE_IPADDR_DETECT
ATK_ICMPV6_DEST_UNREACH_RAW_SZ
ATK_ICMPV6_GROUPREDUCTION_RAW_SZ
ATK_ICMPV6_PACKETTOOBIG_RAW_SZ
ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ
ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ
ATK_IPOPT_LOOSESRCROUTE_RAW_SZ
ATK_IPOPT_STRICTSRCROUTE_RAW_SZ
BFD_HARDWARE_SWITCHTO_SOFTWARE
BGP_DYN_PEER_LIMIT_REACHED_CLEAR
DOT1X_CLEAR_MAX_USER_THRESHOLD
DOT1X_LOGIN_SUCC (in open mode)
DOT1X_LOGOFF_ABNORMAL (in open mode)
DOT1X_NOTENOUGH_EADFREEMSEG_RES
DOT1X_NOTENOUGH_EADFREERULE_RES
DOT1X_NOTENOUGH_EADMACREDIR_RES
DOT1X_NOTENOUGH_EADPORTREDIR_RES
DOT1X_NOTENOUGH_ENABLEDOT1X_RES
DRVPLAT_POE_AI_DISCONNET_DELAY
DRVPLAT_PORT_AUTONEGTION_DISABLE
DRVPLAT_PORT_MAXPOWER_FORCE_POWER_OFF
DRVPLAT_PSE_POWER_FORCE_POWER_ON
EDEV_FAILOVER_GROUP_STATE_CHANGE
EMDI_INDICATOR_OVER_THRES_RESUME
ETHOAM_CONNECTION_FAIL_TIMEOUT
ETHOAM_CONNECTION_FAIL_UNSATISF
ETHOAM_ENTER_LOOPBACK_CTRLLING
ETHOAM_LOCAL_ERROR_FRAME_PERIOD
ETHOAM_LOCAL_ERROR_FRAME_SECOND
ETHOAM_LOOPBACK_EXIT_ERROR_STATU
ETHOAM_REMOTE_ERROR_FRAME_PERIOD
ETHOAM_REMOTE_ERROR_FRAME_SECOND
FCLINK_FDISC_REJECT_NORESOURCE
FCLINK_FLOGI_REJECT_NORESOURCE
FCOE_INTERFACE_NOTSUPPORT_FCOE
IFMON_INPUT_JAM_DISCARD_RESUME
IFMON_OUTPUT_JAM_DISCARD_RESUME
IF_BUFFER_CONGESTION_OCCURRENCE
IF_CABLE_SNR_DETECT_NOTSUPPORT
IF_FLOW_CONTROL_DEADLOCK_RESUME
IF_PORT_SFP_NOSUPT_SINGLEFIBER
IF_PORT_SFP_WORK_ONLY_NON_NEGO
IPFW_ECMPTHRES_DRV_NOT_SUPPORT
IPFW_SETTING_FAILED_PACKETDROP
IPSGT_CRITICAL_MAPPINGS_MAXIMUM
INDICATOR_PREDICT_UPPERLIMIT_ALARM
INDICATOR_PREDICT_LOWERLIMIT_ALARM
INDICATOR_PREDICT_RECOVER_ALARM
L2PT_CREATE_TUNNELGROUP_FAILED
L2VPN_ARP_MOBILITY_SUPPRESS (public instance)
L2VPN_ARP_MOBILITY_SUPPRESS (VPN instance)
L2VPN_ARP_MOBILITY_UNSUPPRESS (public instance)
L2VPN_ARP_MOBILITY_UNSUPPRESS (VPN instance)
LAGG_INACTIVE_PARTNER_KEY_WRONG
LAGG_INACTIVE_PARTNER_MAC_WRONG
LAGG_INACTIVE_PARTNER_RDIRHANDLE
LAGG_INACTIVE_RESOURCE_INSUFICIE
LLDP_NEIGHBOR_PROTECTION_BLOCK
LLDP_NEIGHBOR_PROTECTION_UNBLOCK
MAC_VLAN_LEARNLIMIT_NORESOURCE
MAC_VLAN_LEARNLIMIT_NOTSUPPORT
MACA_LOGIN_SUCC (in open mode)
MACSEC_MKA_SESSION_ESTABLISHED
MACSEC_MKA_SESSION_UNESTABLISHED
MFIB_IPV6L3MULTICAST_SUCCEED_INT
MLAG_IFEVT_MLAGIF_PRIORITY_CHG
MLAG_KEEPALIVEINTERVAL_MISMATCH
MLAG_SYSEVENT_DEVICEROLE_CHANGE
NAT_SERVICE_CARD_RECOVER_FAILURE
ND_HARDWARE_REFRESH_NORESOURCE
ND_SET_VLAN_REDIRECT_NORESOURCE
ND_SNOOPING_LEARN_ALARM_RECOVER
NQA_TWAMP_LIGHT_PACKET_INVALID
OFP_FLOW_ADD_TABLE_MISS_FAILED
OFP_FLOW_DEL_TABLE_MISS_FAILED
OFP_FLOW_MOD_TABLE_MISS_FAILED
OFP_SMARTGROUP_NEW_BIND_FAILED
OSPFV3_IF_NETWORKTYPE_MISMATCH
PEX_AUTOCONFIG_BAGG_ASSIGNMEMBER
PEX_AUTOCONFIG_BAGG_NORESOURCE
PEX_AUTOCONFIG_BAGG_REMOVEMEMBER
PEX_AUTOCONFIG_CAPABILITY_ENABLE
PEX_AUTOCONFIG_CONNECTION_ERROR
PEX_AUTOCONFIG_DIFFGROUPNUMBER
PEX_AUTOCONFIG_DYNAMICBAGG_STP
PEX_AUTOCONFIG_NONUMBERRESOURCE
PEX_AUTOCONFIG_NOT_CASCADEPORT
PFILTER_VLAN_IPV4_DACT_UNK_ERR
PFILTER_VLAN_IPV6_DACT_UNK_ERR
PORTSEC_PORTMODE_NOT_EFFECTIVE
PTS_CREATE_SELFVERIFY_COUNTER_FAILED
PTS_CREATE_SELFVERIFY_TIMER_FAILED
QOS_QMPROFILE_MODIFYQUEUE_FAIL
QOS_WRED_TABLE_APPLYFABRIC_FAIL
RPR_LAGGCONFIG_INCONSISTENT_OVER
RPR_PROTECTION_INCONSISTENT_OVER
RPR_TOPOLOGY_INCONSISTENT_OVER
STAMGR_AUTHORUSERPROFILE_FAILURE
STM_LOGIC_PORT_LINK_ERR_RECOVER
Introduction
This document includes the following system messages:
· Messages specific to Release 6652P02 of the switch.
· Messages for the Comware 7 software platform version based on which Release 6652P02 and later was produced. Some platform system messages might not be available on the switch.
This document is intended only for managing Campus Fixed-Port switches. Do not use this document for any other device models.
This document assumes that the readers are familiar with data communications technologies and H3C networking products.
System log message format
By default, the system log messages use one of the following formats depending on the output destination:
· Log host:
<PRI>TIMESTAMP Sysname %%vendorMODULE/severity/MNEMONIC: location; CONTENT
· Destinations except for the log host:
Prefix TIMESTAMP Sysname MODULE/severity/MNEMONIC: CONTENT
|
|
NOTE: Log message examples in this document use the format for destinations except the log host. They do not contain elements available only for the log host, including the location element. |
Table 1 System log message elements
|
Element |
Description |
|
<PRI> |
Priority identifier. This element is contained only in messages sent to the log host. It is calculated by using the following formula: Priority identifier=facilityx8+severity Where: · Facility is specified by using the info-center loghost command. A log host uses this parameter to identify log sources and filter log messages. · Severity represents the importance of the message. For more information about severity levels, see Table 2. |
|
Prefix |
Message type identifier. This element is contained in the system log messages sent to non-log-host destinations. The element uses the following symbols to indicate message severity: · Percentage sign (%)—Informational and higher levels. · Asterisk (*)—Debug level. |
|
TIMESTAMP |
Date and time when the event occurred. The following are commands for configuring the timestamp format: · Log host—Use the info-center timestamp loghost command. · Non-log-host destinations—Use the info-center timestamp command. |
|
Sysname |
Name or IP address of the device that generated the message. |
|
%%vendor |
Manufacturer flag. This element is %%10 for H3C. This element is only available in messages sent to the log host. |
|
MODULE |
Name of the module that produced the message. |
|
severity |
Severity level of the message. (For more information about severity levels, see Table 2.) |
|
MNEMONIC |
Text string that uniquely identifies the system message. The maximum length is 32 characters. |
|
location |
Optional. This element identifies where the message occurred. This element is contained only in messages sent to the log host. This element presents location information for the message in the following format: -attribute1=x-attribute2=y…-attributeN=z The following are examples of location attributes: · -MDC=XX, which represents the MDC on which the message occurred. · -DevIp=XXX.XXX.XXX.XXX, which represents the source IP of the message. · -Slot=XX, which represents the slot on which the message occurred. · -Chassis=XX-Slot=XX, which represents the chassis and slot on which the message occurred. This element is separated from the message description by using a semicolon (;). |
|
CONTENT |
Text string that contains detailed information about the event or error. For variable fields in this element, this document uses the representations in Table 3. The CONTENT field in most log messages is represented by one or multiple sentences, for example, VTY logged in from 192.168.1.21. Certain log messages are used only to record parameter values. The CONTENT field for such messages is represented in the format of key info 1;key info 2,..key info n. The key information can be one of the following formats: · Keyword(keyword ID)=Value · Keyword(keyword ID)=(Text ID)Text description The IDs are factory default parameters that enable the log host software (for example, security management system) to parse keyword content: · The keyword ID represents the keyword before the ID. · The text ID represents the text description after the ID. For example, in the key information streamAlarmType(1032)=(42)Too fast speed of TCP session to destination IP, value 1032 represents keyword streamAlarmType, and value 42 represents text description Too fast speed of TCP session to destination IP. |
System log messages are classified into eight severity levels from 0 to 7. The lower the number, the higher the severity, as shown in Table 2.
Table 2 System log message severity levels
|
Level |
Severity |
Description |
|
0 |
Emergency |
The system is unusable. For example, the system authorization has expired. |
|
1 |
Alert |
Action must be taken immediately. For example, traffic on an interface exceeds the upper limit. |
|
2 |
Critical |
Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails. |
|
3 |
Error |
Error condition. For example, the link state changes or a storage card is unplugged. |
|
4 |
Warning |
Warning condition. For example, an interface is disconnected, or the memory resources are used up. |
|
5 |
Notification |
Normal but significant condition. For example, a terminal logs in to the device, or the device reboots. |
|
6 |
Informational |
Informational message. For example, a command or a ping operation is executed. |
|
7 |
Debug |
Debugging message. |
For variable fields in the message text, this document uses the representations in Table 3. The values are case insensitive, even though the representations are uppercase letters.
Table 3 Variable field representations
|
Representation |
Information type |
|
INT16 |
Signed 16-bit decimal number. |
|
UINT16 |
Unsigned 16-bit decimal number. |
|
INT32 |
Signed 32-bit decimal number. |
|
UINT32 |
Unsigned 32-bit decimal number. |
|
INT64 |
Signed 64-bit decimal number. |
|
UINT64 |
Unsigned 64-bit decimal number. |
|
DOUBLE |
Two dot-separated signed 32-bit decimal numbers. The format is [INTEGER].[INTEGER]. |
|
HEX |
Hexadecimal number. |
|
CHAR |
Single character. |
|
STRING |
Character string. |
|
IPADDR |
IP address. |
|
MAC |
MAC address. |
|
DATE |
Date. |
|
TIME |
Time. |
Managing and obtaining system log messages
You can manage system log messages by using the information center.
By default, the information center is enabled. Log messages can be output to the console, monitor terminal, log buffer, log host, and log file.
To filter log messages, use the info-center source command to specify log output rules. A log output rule specifies the source modules and the lowest severity level of log messages that can be output to a destination. A log message is output if its severity level is higher than or equal to the specified level. For example, if you specify a severity level of 6 (informational), log messages that have a severity level from 0 to 6 are output.
For more information about using the information center, see the network management and monitoring configuration guide for the product.
Obtaining log messages from the console terminal
Access the device through the console port. Real-time log messages are displayed on the console terminal.
Obtaining log messages from a monitor terminal
Monitor terminals refer to terminals that access the device through the AUX, VTY, or TTY lines (for example, Telnet). To obtain log messages from a monitor terminal, use the following guidelines:
· To display log messages on the monitor terminal, you must configure the terminal monitor command.
· For monitor terminals, the lowest level of log messages that can be displayed is determined by both the terminal logging level and info-center source commands.
|
|
NOTE: Settings for the terminal monitor and terminal logging level commands take effect only on the current login session. The default settings for the commands restore at a relogin. |
Obtaining log messages from the log buffer
Use the display logbuffer command to display history log messages in the log buffer.
Obtaining log messages from the log file
By default, the log file feature automatically saves logs from the log file buffer to the log file every 24 hours. You can use the info-center logfile frequency command to change the automatic saving internal.
To manually save logs to the log file, use the logfile save command. The log file buffer is cleared each time a save operation is performed.
By default, you can obtain the log file from the flash:/logfile path.
To view the contents of the log file on the device, use the more command.
Obtaining log messages from a log host
Use the info-center loghost command to specify the service port number and IP address of a log host. To specify multiple log hosts, repeat the command.
For a successful log message transmission, make sure the specified port number is the same as the port number used on the log host. The default service port number is 514.
Software module list
Table 4 lists all software modules that might produce system log messages. This document uses "OPENSRC" to represent all open source modules.
|
Module name representation |
Module name expansion |
|
AAA |
Authentication, Authorization and Accounting |
|
ACL |
Access Control List |
|
ANCP |
Access Node Control Protocol |
|
APMGR |
Access Point Management |
|
ARP |
Address Resolution Protocol |
|
ATK |
Attack Detection and Prevention |
|
ATM |
|
|
BFD |
Bidirectional Forwarding Detection |
|
BGP |
Border Gateway Protocol |
|
BLS |
Blacklist |
|
CFD |
Connectivity Fault Detection |
|
CFGMAN |
Configuration Management |
|
CONNLMT |
Connection Limit |
|
DEV |
Device Management |
|
DHCPR |
IPv4 DHCP Relay |
|
DHCPS |
DHCP Server |
|
DHCPS6 |
DHCPv6 Server |
|
DHCPSP4 |
DHCP Snooping |
|
DHCPSP6 |
DHCPv6 Snooping |
|
DIAG |
Diagnosis |
|
DLDP |
Device Link Detection Protocol |
|
DOT1X |
802.1X |
|
EDEV |
|
|
ERPS |
Ethernet Ring Protection Switching |
|
ETH |
Ethernet |
|
ETHMLAG |
Ethernet Multichassis link aggregation |
|
ETHOAM |
Ethernet Operation, Administration and Maintenance |
|
EVB |
Edge Virtual Bridging |
|
EVIISIS |
Ethernet Virtual Interconnect Intermediate System-to-Intermediate System |
|
FCOE |
Fibre Channel Over Ethernet |
|
FCLINK |
Fibre Channel Link |
|
FCZONE |
Fibre Channel Zone |
|
FIB |
Forwarding Information Base |
|
FILTER |
Filter |
|
FIPSNG |
FIP Snooping |
|
FS |
File System |
|
FTPC |
File Transfer Protocol Client |
|
gRPC |
Google Remote Procedure Call |
|
HA |
High Availability |
|
HQOS |
Hierarchical QoS |
|
HTTPD |
Hypertext Transfer Protocol Daemon |
|
HLTH |
Health |
|
IFNET |
Interface Net Management |
|
IKE |
Internet Key Exchange |
|
IPCC |
Intelligent Proactive Congestion Control |
|
IMA |
Integrity Measurements Architecture |
|
iNQA |
Intelligent Network Quality Analyzer |
|
iNOF |
Intelligent Lossless NVMe Over Fabric |
|
IP6ADDR |
IPv6 Addressing |
|
IP6FW |
IPv6 Forwarding |
|
IPADDR |
IP Addressing |
|
IPFW |
IP Forwarding |
|
IPSEC |
IP Security |
|
IRDP |
ICMP Router Discovery Protocol |
|
IRF |
Intelligent Resilient Framework |
|
ISIS |
Intermediate System-to-Intermediate System |
|
ISSU |
In-Service Software Upgrade |
|
L2PT |
Layer 2 Protocol Tunneling |
|
L2TPV2 |
Layer 2 Tunneling Protocol Version 2 |
|
L2VPN |
Layer 2 VPN |
|
LAGG |
Link Aggregation |
|
LDP |
Label Distribution Protocol |
|
LLDP |
Link Layer Discovery Protocol |
|
LIPC |
Leopard Inter-process Communication |
|
LOAD |
Load Management |
|
LOGIN |
Login |
|
LPDT |
Loopback Detection |
|
LS |
Local Server |
|
LSPV |
LSP Verification |
|
MAC |
Media Access Control |
|
MACA |
MAC Authentication |
|
MACSEC |
MAC Security |
|
MBFD |
MPLS BFD |
|
MBUF |
Memory buffer |
|
MDC |
Multitenant Device Context |
|
MFIB |
Multicast Forwarding Information Base |
|
MGROUP |
Mirroring group |
|
MLAG |
Multichassis link aggregation |
|
MPLS |
Multiprotocol Label Switching |
|
MTLK |
Monitor Link |
|
NAT |
Network Address Translation |
|
NA4 |
IPv4 NetAnalysis |
|
NETCONF |
Network Configuration Protocol |
|
ND |
Neighbor Discovery |
|
NQA |
Network Quality Analyzer |
|
NSS |
Session-based NetStream |
|
NTP |
Network Time Protocol |
|
OAP |
Open Application Platform |
|
OPENSRC (FreeRADIUS) |
Open Source |
|
OFP |
OpenFlow Protocol |
|
ONVIF |
Open Network Video Interface Forum |
|
OPTMOD |
Optical Module |
|
OSPF |
Open Shortest Path First |
|
OSPFV3 |
Open Shortest Path First Version 3 |
|
PFILTER |
Packet Filter |
|
PBB |
Provider Backbone Bridge |
|
PBR |
Policy-Based Routing |
|
PEX |
Port Extender |
|
PIM |
Protocol Independent Multicast |
|
PING |
Packet Internet Groper |
|
PKG |
Package |
|
PKI |
Public Key Infrastructure |
|
PKT2CPU |
Packet to CPU |
|
PKTCPT |
Packet Capture |
|
PoE |
Power over Ethernet |
|
PORTAL |
Portal |
|
PORTSEC |
Port Security |
|
PPP |
Point to Point Protocol |
|
PTP |
Precision Time Protocol |
|
PTS |
Platform Trust Services |
|
PWDCTL |
Password Control |
|
QOS |
Quality of Service |
|
RADIUS |
Remote Authentication Dial In User Service |
|
RESMON |
Resource Monitor |
|
RDDC |
Redundancy |
|
RIP |
Routing Information Protocol |
|
RIPNG |
Routing Information Protocol Next Generation |
|
RM |
Routing Management |
|
RPR |
Resilient Packet Ring |
|
RRPP |
Rapid Ring Protection Protocol |
|
RTM |
Real-Time Event Manager |
|
SCMD |
Service Control Manager Daemon |
|
SCRLSP |
Static CRLSP |
|
SESSION |
Session |
|
SHELL |
Shell |
|
SLSP |
Static LSP |
|
SMARTMC |
Smart Management Center |
|
SMLK |
Smart Link |
|
SNMP |
Simple Network Management Protocol |
|
SSHC |
Secure Shell Client |
|
SSHS |
Secure Shell Server |
|
STAMGR |
Station Management |
|
STM |
Stack Topology Management |
|
STP |
Spanning Tree Protocol |
|
SYSEVENT |
System Event |
|
SYSLOG |
System Log |
|
TACACS |
Terminal Access Controller Access Control System |
|
TCSM |
Trusted Computing Services Management |
|
TRILL |
Transparent Interconnect of Lots of Links |
|
TSTREAM |
Telemetry Stream |
|
VCF |
Vertical Converged Framework |
|
VLAN |
Virtual Local Area Network |
|
VRRP |
Virtual Router Redundancy Protocol |
|
VSRP |
Virtual Service Redundancy Protocol |
|
VXLAN |
Virtual eXtensible LAN |
|
WEB |
Web |
|
WEBAUTH |
Web Authentication |
|
WIPS |
Wireless Intrusion Prevention System |
Using this document
This document categorizes system log messages by software module. The modules are ordered alphabetically. Except for OPENSRC, the system log messages for each module are listed in alphabetic order of their mnemonic names. The OPENSRC messages are unordered because they use the same mnemonic name (SYSLOG). For each OPENSRC message, the section title uses a short description instead of the mnemonic name.
This document explains messages in tables. Table 5 describes information provided in these tables.
Table 5 Message explanation table contents
|
Item |
Content |
Example |
|
Message text |
Presents the message description. |
ACL [UINT32] [STRING] [UINT64] packet(s). |
|
Variable fields |
Briefly describes the variable fields in the order that they appear in the message text. The variable fields are numbered in the "$Number" form to help you identify their location in the message text. |
$1: ACL number. $2: ID and content of an ACL rule. $3: Number of packets that matched the rule. |
|
Severity level |
Provides the severity level of the message. |
6 |
|
Example |
Provides a real message example. The examples do not include the "<PRI>TIMESTAMP Sysname %%vendor" part or the "Prefix TIMESTAMP Sysname" part, because information in this part varies with system settings. |
ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s). |
|
Explanation |
Explains the message, including the event or error cause. |
Number of packets that matched an ACL rule. This message is sent when the packet counter changes. |
|
Recommended action |
Provides recommended actions. For informational messages, no action is required. |
No action is required. |
AAA messages
This section contains AAA messages.
AAA_FAILURE
|
Message text |
-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA failed. |
|
Variable fields |
$1: AAA type. $2: AAA scheme. $3: Service. $4: Username. |
|
Severity level |
5 (Notification) |
|
Example |
AAA/5/AAA_FAILURE: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA failed. |
|
Impact |
No impact on the system. |
|
Cause |
An AAA request was rejected. The following are the common reasons: · No response was received from the server. · The username or password was incorrect. · The service type that the user applied for was incorrect. |
|
Recommended action |
1. Verify that the device is correctly connected to the server. 2. Enter the correct username and password. 3. Verify that the server settings are the same as the settings on the device. 4. If the problem persists, collect the device configuration file, log information, and alarm information, and then contact H3C Support. |
AAA_LAUNCH
|
Message text |
-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA launched. |
|
Variable fields |
$1: AAA type. $2: AAA scheme. $3: Service. $4: Username. |
|
Severity level |
6 (Informational) |
|
Example |
AAA/6/AAA_LAUNCH: -AAAType=AUTHEN-AAADomain=domain1-Service=login-UserName=cwf@system; AAA launched. |
|
Impact |
No impact on the system. |
|
Cause |
A user passed AAA authentication. |
|
Recommended action |
No action is required. |
AAA_SUCCESS
|
Message text |
-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA succeeded. |
|
Variable fields |
$1: AAA type. $2: AAA scheme. $3: Service. $4: Username. |
|
Severity level |
6 (Informational) |
|
Example |
AAA/6/AAA_SUCCESS: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA succeeded. |
|
Impact |
No impact on the system. |
|
Cause |
The device accepted a user AAA request. |
|
Recommended action |
No action is required. |
ACL messages
This section contains ACL messages.
ACL_ACCELERATE_NO_RES
|
Message text |
Failed to accelerate [STRING] ACL [UINT32]. The resources are insufficient. |
|
Variable fields |
$1: ACL type. $2: ACL number. |
|
Severity level |
4 (Warning) |
|
Example |
ACL/4/ACL_ACCELERATE_NO_RES: Failed to accelerate IPv6 ACL 2001. The resources are insufficient. |
|
Impact |
If the ACL contains a large number of rules, the packet match speed will be affected, and the connection establishment time or packet forwarding efficiency will be affected. |
|
Cause |
Hardware resources were insufficient for accelerating an ACL. |
|
Recommended action |
Delete some rules or disable ACL acceleration for other ACLs to release hardware resources. |
ACL_ACCELERATE_NONCONTIGUOUSMASK
|
Message text |
Failed to accelerate ACL [UINT32]. ACL acceleration supports only contiguous wildcard masks. |
|
Variable fields |
$1: ACL number. |
|
Severity level |
4 (Warning) |
|
Example |
ACL/4/ACL_ACCELERATE_NONCONTIGUOUSMASK: Failed to accelerate ACL 2001. ACL acceleration supports only contiguous wildcard masks. |
|
Impact |
If the ACL contains a large number of rules, the packet match speed will be affected, and the connection establishment time or packet forwarding efficiency will be affected. |
|
Cause |
ACL acceleration failed because rules containing noncontiguous wildcard masks exist in the ACL. |
|
Recommended action |
Modify or delete the ACL rules containing noncontiguous wildcard masks. |
ACL_ACCELERATE_NOT_SUPPORT
|
Message text |
Failed to accelerate [STRING] ACL [UINT32]. The operation is not supported. |
|
Variable fields |
$1: ACL type. $2: ACL number. |
|
Severity level |
4 (Warning) |
|
Example |
ACL/4/ACL_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 ACL 2001. The operation is not supported. |
|
Impact |
If the ACL contains a large number of rules, the packet match speed will be affected, and the connection establishment time or packet forwarding efficiency will be affected. |
|
Cause |
ACL acceleration failed because the system does not support ACL acceleration. |
|
Recommended action |
No action is required. |
ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP
|
Message text |
Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support the rules that contain the hop-by-hop keywords. |
|
Variable fields |
$1: ACL number. |
|
Severity level |
4 (Warning) |
|
Example |
ACL/4/ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP: Failed to accelerate IPv6 ACL 3001. ACL acceleration does not support the rules that contain the hop-by-hop keywords. |
|
Impact |
If the ACL contains a large number of rules, the packet match speed will be affected, and the connection establishment time or packet forwarding efficiency will be affected. |
|
Cause |
ACL acceleration failed for the IPv6 ACL because rules containing the hop-by-hop keyword exist in the ACL. |
|
Recommended action |
Delete the ACL rules containing the hop-by-hop keyword. |
ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG
|
Message text |
Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support specifying multiple TCP flags in one rule. |
|
Variable fields |
$1: ACL number. |
|
Severity level |
4 (Warning) |
|
Example |
ACL/4/ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support specifying multiple TCP flags in one rule. |
|
Cause |
ACL acceleration failed for the IPv6 ACL because rules containing multiple TCP flags exist in the ACL. |
|
Impact |
If the ACL contains a large number of rules, the packet match speed will be affected, and the connection establishment time or packet forwarding efficiency will be affected. |
|
Recommended action |
Retain only one TCP flag in the IPv6 ACL rules or delete the IPv6 ACL rules. |
ACL_ACCELERATE_UNK_ERR
|
Message text |
Failed to accelerate [STRING] ACL [UINT32]. |
|
Variable fields |
$1: ACL type. $2: ACL number. |
|
Severity level |
4 (Warning) |
|
Example |
ACL/4/ACL_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 ACL 2001. |
|
Impact |
If the ACL contains a large number of rules, the packet match speed will be affected, and the connection establishment time or packet forwarding efficiency will be affected. |
|
Cause |
ACL acceleration failed because of an unknown error. |
|
Recommended action |
1. Execute the undo accelerate command and then execute the accelerate command. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
ACL_IPV6_STATIS_INFO
|
Message text |
IPv6 ACL [UINT32] [STRING] [UINT64] packet(s). |
|
Variable fields |
$1: ACL number. $2: ID and content of an IPv6 ACL rule. $3: Number of packets that matched the rule. |
|
Severity level |
6 (Informational) |
|
Example |
ACL/6/ACL_IPV6_STATIS_INFO: IPv6 ACL 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s). |
|
Impact |
None. |
|
Cause |
The number of packets matching the IPv6 ACL rule changed. |
|
Recommended action |
No action is required. |
ACL_NO_MEM
|
Message text |
Failed to configure [STRING] ACL [UINT32] due to lack of memory. |
|
Variable fields |
$1: ACL type. $2: ACL number. |
|
Severity level |
3 (Error) |
|
Example |
ACL/3/ACL_NO_MEM: Failed to configure IPv4 ACL 2001 due to lack of memory. |
|
Impact |
The ACL cannot take effect. |
|
Cause |
Configuring the ACL failed because memory is insufficient. |
|
Recommended action |
Use the display memory-threshold command to check the memory usage. · If the memory usage is too high, increase memory. · If the memory usage is abnormal, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
ACL_REFRESH_EMTEMPLATE_FAIL
|
Message text |
Failed to refresh an exact-match template [UINT]. Reason: [STRING] |
|
Variable fields |
$1: EM template ID. $2: Failure reason: · Not enough hardware resources to complete the operation. · The parameter is incorrect. · Can't modify the exact-match template. The exact-match template has been matched. |
|
Severity level |
3 (Error) |
|
Example |
ACL/3/ACL_REFRESH_EMTEMPLATE_FAIL: Failed to refresh an exact-match template 1. Reason: Not enough hardware resources to complete the operation. |
|
Impact |
None. |
|
Cause |
Failed to delete, create, or modify an EM template. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
ACL_STATIS_INFO
|
Message text |
ACL [UINT32] [STRING] [UINT64] packet(s). |
|
Variable fields |
$1: ACL number. $2: ID and content of an IPv4 ACL rule. $3: Number of packets that matched the rule. |
|
Severity level |
6 (Informational) |
|
Example |
ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s). |
|
Impact |
None. |
|
Cause |
The number of packets matching the IPv4 ACL rule changed. |
|
Recommended action |
No action is required. |
ANCP messages
This section contains ANCP messages.
ANCP_INVALID_PACKET
|
Message text |
-NeighborName=[STRING]-State=[STRING]-MessageType=[STRING]; The [STRING] value [STRING] is wrong, and the value [STRING] is expected. |
|
Variable fields |
$1: ANCP neighbor name. $2: Neighbor state. $4: Field. $5: Wrong value of the field. $6: Expected value of the field. |
|
Severity level |
6 (Informational) |
|
Example |
ANCP/6/ANCP_INVALID_PACKET: -NeighborName=Dslam-State=SYNSENT-MessageType=SYNACK; The Sender Instance value 0 is wrong, and the value 1 is expected. |
|
Impact |
The impact on the system depends on the actual situation. |
|
Cause |
The system received an adjacency message that had a field with a wrong value. |
|
Recommended action |
1. Verify that the ANCP configuration is correct. 2. If the issue persists, collect the following information, and then contact Technical Support. ¡ Results of each step. ¡ Configuration data, log messages, and alarm information. |
APMGR messages
This section contains access point management messages.
APMGR_AC_MEM_ALERT
|
Message text |
The memory utilization has reached the threshold. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
APMGR/4/APMGR_AC_MEM_ALERT: The memory utilization has reached the threshold. |
|
Impact |
The AP cannot come online. |
|
Cause |
The AP failed to come online because the memory utilization exceeded the limit. |
|
Recommended action |
Stop creating manual APs and prevent APs from coming online. |
APMGR_ADD_AP_FAIL
|
Message text |
AP [STRING] failed to come online using serial ID [STRING]: MAC address [STRING] is being used by AP [STRING]. |
|
Variable fields |
$1: AP name. $2: Serial ID. $3: MAC address. $4: AP name. |
|
Severity level |
4 (Warning) |
|
Example |
APMGR/4/ APMGR_ADD_AP_FAIL: AP ap1 failed to come online using serial ID 01247ef96: MAC address 0023-7961-5201 is being used by AP ap2. |
|
Impact |
The AP cannot come online. |
|
Cause |
The AP failed to come online because a manual AP that has the same MAC address already exists on the AC. |
|
Recommended action |
Delete either the manual AP that has the MAC address or the serial ID. |
APMGR_AP_OFFLINE
|
Message text |
AP [STRING] went offline. State changed to Idle. |
|
Variable fields |
$1: AP name. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_AP_OFFLINE: AP ap1 went offline. State changed to Idle. |
|
Impact |
None. |
|
Cause |
The AP went offline proactively or went offline due to an exception. |
|
Recommended action |
1. If the AP went offline proactively, no action is required. If the AP went offline unexpectedly, check the debugging information to locate the issue and resolve it. 2. If the issue persists, collect the alarm information, log information, and configuration information, and contact Technical Support. |
APMGR_AP_ONLINE
|
Message text |
AP [STRING] went online. State changed to Run. |
|
Variable fields |
$1: AP name. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_AP_ONLINE: AP ap1 went online. State changed to Run. |
|
Impact |
None. |
|
Cause |
The AP came online. The state of the AP changed to Run. |
|
Recommended action |
No action is required. |
APMGR_CWC_IMG_DOWNLOAD_COMPLETE
|
Message text |
System software image file [STRING] downloading through the CAPWAP tunnel to AC [STRING] completed. |
|
Variable fields |
$1: Image file name. $2: AC IP address. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWC_IMG_DOWNLOAD_COMPLETE: System software image file 5800.ipe downloading through the CAPWAP tunnel to AC 192.168.10.1 completed. |
|
Impact |
None. |
|
Cause |
The AP downloaded the image file from the AC successfully. |
|
Recommended action |
No action is required. |
APMGR_CWC_IMG_DOWNLOAD_START
|
Message text |
Started to download the system software image file [STRING] through the CAPWAP tunnel to AC [STRING]. |
|
Variable fields |
$1: Image file name. $2: AC IP address. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWC_IMG_DOWNLOAD_START: Started to download the system software image file 5800.ipe through the CAPWAP tunnel to AC 192.168.10.1. |
|
Impact |
None. |
|
Cause |
The AP downloaded the image file from the AC through the CAPWAP tunnel. |
|
Recommended action |
Make sure the AP is correctly connected to the AC. |
APMGR_CWC_IMG_NO_ENOUGH_SPACE
|
Message text |
Insufficient flash memory space for downloading system software image file [STRING]. |
|
Variable fields |
$1: Image file name. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWC_IMG_NO_ENOUGH_SPACE: Insufficient flash memory space for downloading system software image file 5800.ipe. |
|
Impact |
None. |
|
Cause |
The AP has insufficient flash memory. |
|
Recommended action |
Delete files not in use from the AP. |
APMGR_CWC_LOCAL_AC_DOWN
|
Message text |
CAPWAP tunnel to Central AC [STRING] went down. Reason: [STRING]. |
|
Variable fields |
$1: IP address of the central AC. $2: Reason: · Added local AC IP address. · Deleted local AC IP address. · Local AC interface used for CAPWAP tunnel went down. · Local AC config changed. · N/A |
|
Severity level |
4 (Warning) |
|
Example |
APMGR/4/APMGR_CWC_LOCAL_AC_DOWN: CAPWAP tunnel to Central AC 2.2.2.1 went down. Reason: Added local AC IP address. |
|
Impact |
None. |
|
Cause |
See the output for the tunnel disconnection reason. |
|
Recommended action |
1. Examine the network connection between the central AC and the local AC. 2. Verify that the central AC is correctly configured. 3. Verify that the local AC is correctly configured. 4. If the issue persists, collect the alarm information, log information, and configuration information, and contact Technical Support. |
APMGR_CWC_LOCAL_AC_UP
|
Message text |
CAPWAP tunnel to Central AC [STRING] went up. |
|
Variable fields |
$1: IP address of the central AC. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWC_LOCAL_AC_UP: CAPWAP tunnel to Central AC 2.2.2.1 went up. |
|
Impact |
None. |
|
Cause |
The central AC has established a CAPWAP tunnel with the local AC. |
|
Recommended action |
No action is required. |
APMGR_CWC_REBOOT
|
Message text |
AP in state [STRING] is rebooting. Reason: [STRING] |
|
Variable fields |
$1: AP state. $2: Reason: · AP was reset. · Image was downloaded successfully. · AP stayed in idle state for a long time. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWC_REBOOT: AP in State Run is rebooting. Reason: AP was reset. |
|
Impact |
None. |
|
Cause |
The AP rebooted for a specific reason. |
|
Recommended action |
No action is required. |
APMGR_CWC_RUN_DOWNLOAD_COMPLETE
|
Message text |
File [STRING] successfully downloaded through the CAPWAP tunnel to AC [STRING]. |
|
Variable fields |
$1: File name. $2: AC IP address. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWC_RUN_DOWNLOAD_COMPLETE: File ac.cfg successfully downloaded through the CAPWAP tunnel to AC 192.168.10.1. |
|
Impact |
None. |
|
Cause |
The AP downloaded the file from the AC successfully. |
|
Recommended action |
No action is required. |
APMGR_CWC_RUN_DOWNLOAD_START
|
Message text |
Started to download the file [STRING] through the CAPWAP tunnel to AC [STRING]. |
|
Variable fields |
$1: File name. $2: AC IP address. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWC_RUN_DOWNLOAD_START: Started to download the file ac.cfg through the CAPWAP tunnel to AC 192.168.10.1. |
|
Impact |
None. |
|
Cause |
The AP started to download the file from the AC. |
|
Recommended action |
Make sure the AP is correctly connected to the AC. |
APMGR_CWC_RUN_NO_ENOUGH_SPACE
|
Message text |
Insufficient flash memory space for downloading file [STRING]. |
|
Variable fields |
$1: File name. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWC_RUN_NO_ENOUGH_SPACE: Insufficient flash memory space for downloading file ac.cfg. |
|
Impact |
None. |
|
Cause |
The AP has insufficient flash memory. |
|
Recommended action |
Delete files not in use from the AP. |
APMGR_CWC_TUNNEL_DOWN
|
Message text |
CAPWAP tunnel to AC [STRING] went down. Reason: [STRING]. |
|
Variable fields |
$1: AC IP address. $2: Reason: · Added AP IP address. · Deleted AP IP address. · AP interface used for CAPWAP tunnel went down. · AP config changed. · AP was reset. · Number of echo retransmission attempts exceeded the limit. · Full retransmission queue. · Data channel timer expired. · Backup AC IP address changed. · Backup tunnel changed to master tunnel. · Failed to change backup tunnel to master tunnel. · Backup method changed. · N/A. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWC_TUNNEL_DOWN: CAPWAP tunnel to AC 192.168.10.1 went down. Reason: AP was reset. |
|
Impact |
None. |
|
Cause |
The CAPWAP tunnel between the AP and the AC was terminated for a specific reason. |
|
Recommended action |
1. Examine the network connection between the AP and the AC. 2. Verify that the AP is correctly configured. 3. Verify that the AC is correctly configured. 4. If the issue persists, collect the alarm information, log information, and configuration information, and contact Technical Support. |
APMGR_CWC_TUNNEL_UP
|
Message text |
[STRING] CAPWAP tunnel to AC [STRING] went up. |
|
Variable fields |
$1: Tunnel type: · Master. · Backup. $2: AC IP address. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWC_TUNNEL_UP: Master CAPWAP tunnel to AC 192.168.10.1 went up. |
|
Impact |
None. |
|
Cause |
The AP was connected to the AC successfully and entered Run state. |
|
Recommended action |
No action is required. |
APMGR_CWS_IMG_DOWNLOAD_COMPLETE
|
Message text |
System software image file [STRING] downloading through the CAPWAP tunnel for AP [STRING] completed. |
|
Variable fields |
$1: Image file name. $2: AP name. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_ CWS_IMG_DOWNLOAD_COMPLETE: System software image file 5800.ipe downloading through the CAPWAP tunnel for AP ap2 completed. |
|
Impact |
None. |
|
Cause |
The AP downloaded the image file from the AC successfully. |
|
Recommended action |
No action is required. |
APMGR_CWS_IMG_DOWNLOAD_START
|
Message text |
AP [STRING] started to download the system software image file [STRING]. |
|
Variable fields |
$1: AP name. $2: Image file name. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWS_IMG_DOWNLOAD_START: AP ap1 started to download the system software image file 5800.ipe. |
|
Impact |
None. |
|
Cause |
The AP downloaded the image file from the AC through the CAPWAP tunnel. |
|
Recommended action |
No action is required. |
APMGR_CWS_LOCAL_AC_DOWN
|
Message text |
CAPWAP tunnel to local AC [STRING] went down. Reason: [STRING]. |
|
Variable fields |
$1: IP address of the local AC. $2: Reason: · Neighbor dead timer expired. · Local AC was deleted. · Serial number changed. · Processed join request in Run state. · Failed to retransmit message. · N/A |
|
Severity level |
4 (Warning) |
|
Example |
APMGR/4/APMGR_CWS_LOCAL_AC_DOWN: CAPWAP tunnel to local AC 1.1.1.1 went down. Reason: Serial number changed. |
|
Impact |
None. |
|
Cause |
The CAPWAP tunnel between the central AC and the local AC was terminated for a specific reason. |
|
Recommended action |
1. Examine the network connection between the central AC and the local AC. 2. Verify that the central AC is correctly configured. 3. Verify that the local AC is correctly configured. 4. If the issue persists, collect the alarm information, log information, and configuration information, and contact Technical Support. |
APMGR_CWS_LOCAL_AC_UP
|
Message text |
CAPWAP tunnel to local AC [STRING] went up. |
|
Variable fields |
$1: IP address of the local AC. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWS_LOCAL_AC_UP: CAPWAP tunnel to local AC 1.1.1.1 went up. |
|
Impact |
None. |
|
Cause |
The central AC has established a CAPWAP tunnel with the local AC. |
|
Recommended action |
No action is required. |
APMGR_CWS_RUN_DOWNLOAD_COMPLETE
|
Message text |
File [STRING] successfully downloaded through the CAPWAP tunnel for AP [STRING]. |
|
Variable fields |
$1: File name. $2: AP name. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWS_RUN_DOWNLOAD_COMPLETE: File ac.cfg successfully downloaded through the CAPWAP tunnel for AP ap2. |
|
Impact |
None. |
|
Cause |
The AP downloaded the file from the AC successfully. |
|
Recommended action |
No action is required. |
APMGR_CWS_RUN_DOWNLOAD_START
|
Message text |
AP [STRING] started to download the file [STRING]. |
|
Variable fields |
$1: AP name. $2: File name. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWS_RUN_DOWNLOAD_START: AP ap1 started to download the file ac.cfg. |
|
Impact |
None. |
|
Cause |
The AP started to download the file. |
|
Recommended action |
No action is required. |
APMGR_CWS_TUNNEL_DOWN
|
Message text |
CAPWAP tunnel to AP [STRING] went down. Reason: [STRING]. |
|
Variable fields |
$1: AP name. $2: Reason: · Neighbor dead timer expired. · AP was reset. · AP was deleted. · Serial number changed. · Processed join request in Run state. · Failed to retransmit message. · Received WTP tunnel down event from AP. · Backup AC closed the backup tunnel. · Tunnel switched. · N/A. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWS_TUNNEL_DOWN: CAPWAP tunnel to AP ap1 went down. Reason: AP was reset. |
|
Impact |
The AP is unavailable. |
|
Cause |
The AP went offline for a specific reason. |
|
Recommended action |
1. Examine the network connection between the AP and the AC. 2. Verify that the AP is correctly configured. 3. Verify that the AC is correctly configured. 4. If the issue persists, collect the alarm information, log information, and configuration information, and contact Technical Support. |
APMGR_CWS_TUNNEL_UP
|
Message text |
[STRING] CAPWAP tunnel to AP [STRING] went up. |
|
Variable fields |
$1: Tunnel type: · Master. · Backup. $2: AP name. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_CWS_TUNNEL_UP: Backup CAPWAP tunnel to AP ap1 went up. |
|
Impact |
None. |
|
Cause |
The AP came online and entered Run state. |
|
Recommended action |
No action is required. |
APMGR_LOCAL_AC_OFFLINE
|
Message text |
Local AC [STRING] went offline. State changed to Idle. |
|
Variable fields |
$1: Name of the local AC. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_LOCAL_AC_OFFLINE: Local AC ac1 went offline. State changed to Idle. |
|
Impact |
The local AC is unavailable. |
|
Cause |
The local AC went offline proactively or went offline due to an exception. |
|
Recommended action |
1. If the local AC went offline proactively, no action is required. 2. If the local AC went offline abnormally, collect the device configuration file, log information and alarm information, and then contact Technical Support. |
APMGR_LOCAL_AC_ONLINE
|
Message text |
Local AC [STRING] went online. State changed to Run. |
|
Variable fields |
$1: Name of the local AC. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_LOCAL_AC_ONLINE: Local AC ac1 went online. State changed to Run. |
|
Impact |
None. |
|
Cause |
The local AC came online. The state of the local AC changed to Run. |
|
Recommended action |
No action is required. |
ARP messages
This section contains ARP messages.
ARP_ACTIVE_ACK_NO_REPLY
|
Message text |
No ARP reply from IP [STRING] was received on interface [STRING]. |
|
Variable fields |
$1: IP address. $2: Interface name. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_ACTIVE_ACK_NO_REPLY: No ARP reply from IP 192.168.10.1 was received on interface GigabitEthernet1/0/1. |
|
Explanation |
The ARP active acknowledgement feature did not receive an ARP reply after it sent an ARP request to the sender IP of an ARP message. This message indicates the risk of attacks. |
|
Recommended action |
1. Verify that the learned ARP entries on the device are consistent with the existing legal devices. When gateways and servers are on the network, check the ARP entries for these devices first. 2. If the ARP entries are correct and the attack continues, contact H3C Support. |
ARP_ACTIVE_ACK_NOREQUESTED_REPLY
|
Message text |
Interface [STRING] received from IP [STRING] an ARP reply that was not requested by the device. |
|
Variable fields |
$1: Interface name. $2: IP address. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_ACTIVE_ACK_NOREQUESTED_REPLY: Interface GigabitEthernet1/0/1 received from IP 192.168.10.1 an ARP reply that was not requested by the device. |
|
Explanation |
The ARP active acknowledgement feature received an unsolicited ARP reply from a sender IP. This message indicates the risk of attacks. |
|
Recommended action |
No action is required. The device discards the ARP reply automatically. |
ARP_BINDRULETOHW_FAILED
|
Message text |
Failed to download binding rule to hardware on the interface [STRING], SrcIP [IPADDR], SrcMAC [MAC], VLAN [UINT16], Gateway MAC [MAC]. |
|
Variable fields |
$1: Interface name. $2: Source IP address. $3: Source MAC address. $4: VLAN ID. $5: Gateway MAC address. |
|
Severity level |
5 |
|
Example |
ARP/5/ARP_BINDRULETOHW_FAILED: Failed to download binding rule to hardware on the interface GigabitEthernet1/0/1, SrcIP 1.1.1.132, SrcMAC 0015-E944-A947, VLAN 1, Gateway MAC 00A1-B812-1108. |
|
Explanation |
The system failed to set a binding rule to the hardware on an interface. The message is sent in any of the following situations: · The resources are not sufficient for the operation. · The memory is not sufficient for the operation. · A hardware error occurs. |
|
Recommended action |
To resolve this issue: 1. Execute the display qos-acl resource command to check if sufficient ACL resources are available for the operation. ¡ If yes, proceed to step 2. ¡ If no, delete unnecessary configuration to release ACL resources. If no configuration can be deleted, proceed to step 2. 2. Execute the display memory command to check if sufficient memory is available for the operation. ¡ If yes, proceed to step 3. ¡ If no, delete unnecessary configuration to release memory. If no configuration can be deleted, proceed to step 3. 3. Delete the configuration and perform the operation again. |
ARP_DETECTION_DROP_L2IF
|
Message text |
ARP attack detection dropped a packet because of [STRING]. (Interface [STRING]; Source IP [STRING]). |
|
Variable fields |
$1: Types of packets dropped by ARP Detection: ¡ sourceMacInvalidDrop: ARP packets with invalid source MAC addresses are dropped ¡ destMacInvalidDrop: ARP packets with invalid destination MAC addresses are dropped ¡ ipInvalidDrop: ARP packets with invalid source and destination IP addresses are dropped ¡ ipcimNobindingDrop: ARP packets that fail user legitimacy check are dropped. $2: Interface for ARP detection packet loss. $3: Source IP address for ARP detection packet loss. |
|
Severity level |
4 |
|
Example |
ARP/4/ARP_DETECTION_DROP_L2IF: -MDC=1-Slot=2; ARP attack detection dropped a packet because of InvalidIP. (Interface GigabitEthernet2/0/1; Source IP 224.0.0.0). |
|
Explanation |
Layer 2 interface detected an invalid ARP packet and dropped the invalid packets. |
|
Recommended action |
Check the source MAC address, destination MAC address, destination IP, or comply with user legitimacy check rules according to the reason for packet loss. |
ARP_DETECTION_DROP_VLAN
|
Message text |
ARP attack detection dropped a packet because of [STRING]. (Interface [STRING]; VLAN [STRING]; Source IP [STRING]). |
|
Variable fields |
$1: Types of packets dropped by ARP Detection: ¡ sourceMacInvalidDrop: ARP packets with invalid source MAC addresses are dropped ¡ destMacInvalidDrop: ARP packets with invalid destination MAC addresses are dropped ¡ ipInvalidDrop: ARP packets with invalid source and destination IP addresses are dropped ¡ ipcimNobindingDrop: ARP packets that fail user legitimacy check are dropped. $2: Interface for ARP detection packet loss. $3: VLAN ID for ARP detection packet loss. $4: Source IP address for ARP detection packet loss. |
|
Severity level |
4 |
|
Example |
ARP/4/ARP_DETECTION_DROP_VLAN: -MDC=1-Slot=2; ARP attack detection dropped a packet because of InvalidIP. (Interface GigabitEthernet2/0/1; VLAN 1; Source IP 224.0.0.0). |
|
Explanation |
VLAN interface detected an invalid ARP packet and dropped the invalid packets. |
|
Recommended action |
Check the source MAC address, destination MAC address, destination IP, or comply with user legitimacy check rules according to the reason for packet loss. |
ARP_DETECTION_DROP_VSI
|
Message text |
ARP attack detection dropped a packet because of [STRING]. (Interface [STRING]; Service-instance [STRING]; Source IP [STRING]). |
|
Variable fields |
$1: Types of packets dropped by ARP Detection: ¡ sourceMacInvalidDrop: ARP packets with invalid source MAC addresses are dropped ¡ destMacInvalidDrop: ARP packets with invalid destination MAC addresses are dropped ¡ ipInvalidDrop: ARP packets with invalid source and destination IP addresses are dropped ¡ ipcimNobindingDrop: ARP packets that fail user legitimacy check are dropped. $2: Interface for ARP detection packet loss. $3: Service ID for ARP detection packet loss. $4: Source IP address for ARP detection packet loss. |
|
Severity level |
4 |
|
Example |
ARP/4/ARP_DETECTION_DROP_VSI: -MDC=1-Slot=2; ARP attack detection dropped a packet because of InvalidIP. (Interface GigabitEthernet2/0/1; Service-instance 1; Source IP 224.0.0.0). |
|
Explanation |
VSI interface detected an invalid ARP packet and dropped the invalid packets. |
|
Recommended action |
Check the source MAC address, destination MAC address, destination IP, or comply with user legitimacy check rules according to the reason for packet loss. |
ARP_DETECTION_LOG
|
Message text |
Detected an ARP attack on interface [STRING]: IP [STRING], MAC [STRING], VLAN [STRING]. [UINT32] packet(s) dropped. |
|
Variable fields |
$1: Interface name. $2: IP address. $3: MAC address. $4: VLAN ID. $5: Number of dropped packets. |
|
Severity level |
5 |
|
Example |
ARP/5/ARP_INSPECTION: -MDC=1; Detected an ARP attack on interface GigabitEthernet1/0/1: IP 1.1.1.1, MAC 1-1-1, VLAN 100. 2 packet(s) dropped. |
|
Explanation |
An ARP attack was detected on an interface and attack packets were dropped. |
|
Recommended action |
Check the source of the ARP attack. |
ARP_DUPLICATE_IPADDR_DETECT
|
Message text |
Detected an IP address conflict. The device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] and the device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] were using the same IP address [IPADDR]. |
|
Variable fields |
$1: MAC address. $2: Interface name. (The interface can be a tunnel interface, Layer 3 interface, or Ethernet service instance.) $3: VSI name. $4: MAC address. $5: Interface name. (The interface can be a tunnel interface, Layer 3 interface, or Ethernet service instance.) $6: VSI name. $7: Conflicting IP address. |
|
Severity level |
4 |
|
Example |
ARP/4/ARP_DUPLICATE_IPADDR_DETECT: Detected an IP address conflict. The device with MAC address 00-00-01 connected to interface GigabitEthernet1/0/1 service-instance 1000 in VSI vpna and the device with MAC address 00-00-02 connected to interface tunnel 10 in VSI vpna were using the same IP address 192.168.1.1. |
|
Explanation |
This message is sent when an interface receives an ARP message in which the sender information conflicts with an existing ARP entry. The sender IP address is the same as the IP address in the entry, but the MAC addresses are different. |
|
Recommended action |
Change the IP address on either of the two devices. |
ARP_DYNAMIC
|
Message text |
The maximum number of dynamic ARP entries for the device reached. |
|
Variable fields |
N/A |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_DYNAMIC: The maximum number of dynamic ARP entries for the device reached. |
|
Explanation |
The maximum number of dynamic ARP entries for the device was reached. |
|
Recommended action |
No action is required. |
ARP_DYNAMIC_IF
|
Message text |
The maximum number of dynamic ARP entries for interface [STRING] reached. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_DYNAMIC_IF: The maximum number of dynamic ARP entries for interface GigabitEthernet1/0/1 reached. |
|
Explanation |
The maximum number of dynamic ARP entries for the specified interface was reached. |
|
Recommended action |
No action is required. |
ARP_DYNAMIC_SLOT
|
Message text |
Pattern 1: The maximum number of dynamic ARP entries for slot [INT32] reached. Pattern 2: The maximum number of dynamic ARP entries for chassis [INT32] slot [INT32] reached. |
|
Variable fields |
Pattern 1: $1: Slot number. Pattern 2: $1: Chassis number. $2: Slot number. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_DYNAMIC_SLOT: The maximum number of dynamic ARP entries for slot 2 reached. |
|
Explanation |
Pattern 1: The maximum number of dynamic ARP entries for the slot was reached. Pattern 2: The maximum number of dynamic ARP entries for the slot on the chassis was reached. |
|
Recommended action |
No action is required. |
ARP_ENTRY_CHECK_ALARM
|
Message text |
The incoming ARP packet attempted to modify an existing ARP entry. (Interface [STRING]; Source MAC [STRING]; Source IP [STRING]; VLAN [STRING]; Second VLAN [STRING]; PortIfName [STRING]). |
|
Variable fields |
$1: Interface where the ARP entry is updated to a static ARP entry.. $2: Source MAC address of the ARP entry after it is updated to a static ARP entry. $3: Source IP address of the ARP entry after it is updated to a static ARP entry. $4: Outer VLAN of the ARP entry after it is updated to a static ARP entry. $5: Inner VLAN of the ARP entry after it is updated to a static ARP entry. $6: The port associated with the ARP entry after it is updated to a static ARP entry. |
|
Severity level |
4 |
|
Example |
ARP/4/ARP_ENTRY_CHECK_ALARM: -MDC=1-Slot=2; The incoming ARP packet attempted to modify an existing ARP entry. (Interface GigabitEthernet2/0/2; Source MAC 0001-0001-0001; Source IP 3.3.3.4; VLAN 65535; Second VLAN 65535; PortIfName ). |
|
Explanation |
The device received an ARP packet attempting to modify an existing ARP entry. |
|
Recommended action |
Check the current ARP entry, and update the relevant configuration if the change was due to a valid user migration. |
ARP_ENTRY_CONFLICT
|
Message text |
The software entry for [STRING] on [STRING] and the hardware entry did not have the same [STRING]. |
|
Variable fields |
$1: IP address. $2: VPN instance name. If the ARP entry belongs to the public network, this field displays the public network. $3: Inconsistent items: ¡ MAC address. ¡ output interface. ¡ output port. ¡ outermost layer VLAN ID. ¡ second outermost layer VLAN ID. ¡ VSI index. ¡ link ID. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.1 on the VPN a and the hardware entry did not have the same MAC address, output port, VSI index, and link ID. ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.2 on the public network and the hardware entry did not have the same MAC address, output port, VSI index, and link ID. |
|
Explanation |
The software entry for the specified IP address is not the same as the hardware entry. For example, they do not have the same output interface. |
|
Recommended action |
No action is required. ARP automatically refreshes the hardware entries. |
ARP_ENTRY_ENOUGHRESOURCE
|
Message text |
Issued the software entry to the driver for IPv4 address [STRING] on VPN instance [STRING]. Issued the software entry to the driver for IPv4 address [STRING] on the public network. |
|
Variable fields |
$1: IPv4 address. $2: VPN instance name. If the ARP entry belongs to the public network, this field is not displayed. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_ENTRY_ENOUGHRESOURCE: Issued the software entry to the driver for IPv4 address 10.1.1.1 on VPN instance vpn_1. ARP/6/ARP_ENTRY_ENOUGHRESOURCE: Issued the software entry to the driver for IPv4 address 10.1.1.2 on the public network. |
|
Explanation |
After ARP entry consistency check is enabled by using the arp consistency-check enable command, a log is output when ARP successfully refreshes hardware entries according to software entries. |
|
Recommended action |
No action is required. |
ARP_ENTRY_IFTHRESHOLD_ALARM
|
Message text |
[STRING] has learned [UINT32] dynamic ARP entries, which is approaching the specified upper limit. |
|
Variable fields |
$1: Interface name. $2: Number of dynamic ARP entries on the interface. |
|
Severity level |
5 (Notification) |
|
Example |
ARP/5/ARP_ENTRY_IFTHRESHOLD_ALARM: VSI interface 1 has learned 64 dynamic ARP entries, which is approaching the specified upper limit. |
|
Impact |
If the number of dynamic ARP entries on the interface continues to increase, the interface might not learn new ARP entries because of insufficient resources, which causes service interruption. |
|
Cause |
This message is sent when the number of dynamic ARP entries learned by an interface exceeds the alarm threshold (80% of the dynamic ARP learning limit). |
|
Recommended action |
1. Execute the display arp command to view the dynamic ARP entries on the interface. 2. Based on the network planning and service deployment, identify whether the dynamic ARP entries are necessary. ¡ If the dynamic ARP entries are necessary, go to step 3. ¡ If the dynamic ARP entries are not necessary, execute the undo arp command to delete specified ARP entries. Make sure the operation does not affect services. 3. Execute the arp max-learning-num command to set a larger dynamic ARP learning limit for the interface. 4. If the issue persists, collect configuration files, log messages, and alarm information, and then contact Technical Support for help. |
ARP_ENTRY_IFTHRESHOLD_RESUME
|
Message text |
The number of dynamic ARP entries learned on [STRING] dropped to [UINT32], which is below the alarm-clear threshold. |
|
Variable fields |
$1: Interface name. $2: Number of dynamic ARP entries on the interface. |
|
Severity level |
5 (Notification) |
|
Example |
ARP/5/ARP_ENTRY_IFTHRESHOLD_RESUME: The number of dynamic ARP entries learned on VSI interface 1 dropped to 41, which is below the alarm-clear threshold. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is sent when the number of dynamic ARP entries learned by an interface drops below the alarm threshold (60% of the upper entry limit). |
|
Recommended action |
No action is required. |
ARP_ENTRY_INCONSISTENT
|
Message text |
Inconsistent software and hardware ARP entries for IPv4 address [STRING] on VPN instance [STRING]. Inconsistent parameters: [STRING]. Inconsistent software and hardware ARP entries for IPv4 address [STRING] on the public network. Inconsistent parameters: [STRING]. |
|
Variable fields |
$1: IPv4 address. $2: VPN instance name. If the ARP entry belongs to the public network, this field is not displayed. $3: Inconsistent items: ¡ MAC address. ¡ output interface. ¡ output port. ¡ outermost layer VLAN ID. ¡ second outermost layer VLAN ID. ¡ VSI index. ¡ link ID. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_ENTRY_INCONSISTENT: Inconsistent software and hardware ARP entries for IPv4 address 10.1.1.1 on VPN instance vpn_1. Inconsistent parameters: MAC address, output port, VSI index, and link ID. ARP/6/ARP_ENTRY_INCONSISTENT: Inconsistent software and hardware ARP entries for IPv4 address 10.1.1.2 on the public network. Inconsistent parameters: MAC address, output port, VSI index, and link ID. |
|
Explanation |
After ARP entry consistency check is enabled by using the arp consistency-check enable command, a log is output when the device detects an inconsistency between software and hardware entries (for example, inconsistent output interface). |
|
Recommended action |
No action is required. The ARP module automatically refreshes the hardware entries. |
ARP_ENTRY_NORESOURCE
|
Message text |
Not enough hardware resources to issue the software entry to the driver for IPv4 address [STRING] on VPN instance [STRING]. Not enough hardware resources to issue the software entry to the driver for IPv4 address [STRING] on the public network. |
|
Variable fields |
$1: IPv4 address. $2: VPN instance name. If the ARP entry belongs to the public network, this field is not displayed. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_ENTRY_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IPv4 address 10.1.1.1 on VPN instance vpn_1. ARP/6/ARP_ENTRY_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IPv4 address 10.1.1.2 on the public network. |
|
Explanation |
After ARP entry consistency check is enabled by using the arp consistency-check enable command, a log is output when the device does not have sufficient hardware resources to deploy software entries to the driver. |
|
Recommended action |
No action is required. The ARP module automatically refreshes the hardware entries. |
ARP_ENTRY_SLOTTHRESHOLD_ALARM
|
Message text |
Pattern 1: The number of dynamic ARP entries learned on slot [INT32] reached [UINT32], which is approaching the specified upper limit. Pattern 2: The number of dynamic ARP entries learned on chassis [INT32] slot [INT32] reached [UINT32] and is approaching the specified upper limit. |
|
Variable fields |
Pattern 1: $1: Slot number. $2: Number of dynamic ARP entries on the card. Pattern 2: $1: Chassis number. $2: Slot number. $3: Number of dynamic ARP entries on the card. |
|
Severity level |
5 (Notification) |
|
Example |
Pattern 1: ARP/5/ARP_ENTRY_SLOTTHRESHOLD_ALARM: The number of dynamic ARP entries learned on slot 2 reached 64, which is approaching the specified upper limit. Pattern 2: ARP/5/ARP_ENTRY_SLOTTHRESHOLD_ALARM: The number of dynamic ARP entries learned on chassis 1 slot 2 reached 64, which is approaching the specified upper limit. |
|
Impact |
If the number of ARP entries on the card continues to increase, the card might not learn new ARP entries because of insufficient resources, which causes service interruption. |
|
Explanation |
This message is sent when the number of dynamic ARP entries learned by a card exceeds the alarm threshold (80% of the dynamic ARP learning limit for a card). |
|
Recommended action |
1. Execute the display arp command to view dynamic ARP entries on the card. 2. Based on the network planning and service deployment, identify whether the dynamic ARP entries are necessary. ¡ If the dynamic ARP entries are necessary, go to step 3. ¡ If the dynamic ARP entries are not necessary, execute the undo arp command to delete specified ARP entries. Make sure the operation does not affect services. 3. Execute the arp max-learning-number command to set a larger dynamic ARP learning limit for the card. 4. If the issue persists, collect configuration files, log messages, and alarm information, and then contact Technical Support for help. |
ARP_ENTRY_IFTHRESHOLD_RESUME
|
Message text |
Pattern 1: The number of dynamic ARP entries learned on slot [INT32] dropped to [UINT32], which is below the alar-clear threshold. Pattern 2: The number of dynamic ARP entries learned on chassis [INT32] slot [INT32] dropped to [UINT32], which is below the alarm-clear threshold. |
|
Variable fields |
Pattern 1: $1: Slot number. $2: Number of dynamic ARP entries on the card. Pattern 2: $1: Chassis number. $2: Slot number. $3: Number of dynamic ARP entries on the card. |
|
Severity level |
5 (Notification) |
|
Example |
Pattern 1: ARP/5/ARP_ENTRY_SLOTTHRESHOLD_RESUME: The number of dynamic ARP entries learned on slot 2 dropped to 41, which is below the alarm-clear threshold. Pattern 2: ARP/5/ARP_ENTRY_SLOTTHRESHOLD_RESUME: The number of dynamic ARP entries learned on chassis 1 slot 2 dropped to 41, which is below the alarm-clear threshold. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is sent when the number of dynamic ARP entries learned by a card drops below the alarm threshold (60% of the dynamic ARP learning limit for a card). |
|
Recommended action |
No action is required. |
ARP_ENTRY_THRESHOLD_ALARM
|
Message text |
The number of ARP entries on the device reached [UINT32]. Please take action to prevent the ARP table from getting full. |
|
Variable fields |
$1: Number of ARP entries. |
|
Severity level |
5 (Notification) |
|
Example |
ARP/5/ARP_ENTRY_THRESHOLD_ALARM: The number of ARP entries on the device reached 64. Please take action to prevent the ARP table from getting full. |
|
Impact |
If the number of ARP entries continues to increase, the device might not learn new ARP entries because of insufficient resources, which causes service interruption. |
|
Explanation |
This message is sent when the number of ARP entries learned by the device exceeds the alarm threshold (80% of the upper entry limit). |
|
Recommended action |
1. Based on the network planning and service deployment, execute the undo arp command to delete specified ARP entries or execute the reset arp static command to clear all static ARP entries. Make sure the operation does not affect services. 2. Execute the arp max-learning-number command to set a larger dynamic ARP learning limit for the device. Execute the arp max-learning-num command to set larger dynamic ARP learning limits for interfaces. |
ARP_ENTRY_THRESHOLD_RESUME
|
Message text |
The number of ARP entries on the device dropped to [UINT32]. ARP table-get-full alarm cleared. |
|
Variable fields |
$1: Number of ARP entries. |
|
Severity level |
5 (Notification) |
|
Example |
ARP/5/ARP_ENTRY_THRESHOLD_RESUME: The number of ARP entries on the device dropped to 41. ARP table-get-full alarm cleared. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is sent when the number of ARP entries learned by the device drops below the alarm threshold (60% of the upper entry limit). |
|
Recommended action |
No action is required. |
ARP_EVENTQUE_ALERT
|
Message text |
The current size of the EVENT queue has reached [UINT32]. Please check the network environment. |
|
Variable fields |
$1: Size of the ARP EVENT queue. |
|
Severity level |
4 (Warning) |
|
Example |
ARP/4/ARP_EVENTQUE_ALERT: The current size of the EVENT queue has reached 4096. Please check the network environment. |
|
Impact |
The device drops ARP EVENT messages if the ARP EVENT queue is full. This might affect the service. |
|
Cause |
If the number of ARP EVENT messages in the ARP EVENT queue has exceeded 4096, the system generates a log message every 60 seconds. |
|
Recommended action |
1. Check the ARP packets received on interfaces for anomalies. If abnormal ARP packets are detected, capture ARP packets to check for ARP attacks and locate the source of attacks, if any. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
ARP_GATEWAY_CHECK_ALARM
|
Message text |
The ARP gateway protection feature intercepted an ARP attack packet on [STRING]. Sender IP=[STRING]. |
|
Variable fields |
$1: Interface that receives the ARP attack packet. $2: Sender IP address in the ARP attack packet. |
|
Severity level |
5 (Notification) |
|
Example |
ARP/5/ARP_GATEWAY_CHECK_ALARM: The ARP gateway protection feature intercepted an ARP attack packet on vlan-interface 1. Sender IP=192.168.1.10. |
|
Impact |
The network might have a device which forges the gateway. This affects service operation. |
|
Cause |
This message is sent when the device receives an ARP packet in which the sender IP address is the same as the gateway IP address. |
|
Recommended action |
1. Identify whether another device on the network has the same IP address as the gateway IP address based on the alarm notification. ¡ If the device that has the same IP address as the gateway IP address exists, change the IP address of the device. ¡ If no device has the same IP address as the gateway IP address, an attack might exist. As a best practice, identify the attack source by capturing packets. 2. If the issue persists, collect configuration files, log messages, and alarm information, and then contact Technical Support for help. |
ARP_GATEWAY_CHECK_RESUME
|
Message text |
The device has been safe from ARP gateway spoofing attacks for a period of time. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
ARP/5/ARP_GATEWAY_CHECK_RESUME: The device has been safe from ARP gateway spoofing attacks for a period of time. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when the device does not receive any ARP packet in which the sender IP address is the same as the gateway IP address within 3 minutes. |
|
Recommended action |
No action is required. |
ARP_HARDWARE_REFRESH_NORESOURCE
|
Message text |
Failed to refresh the host route in FIB according to the ARP entry because the device resources are insufficient. IP address=[STRING]; VPN instance name=[STRING]; VPN instance index=[UINT16]; Interface=[STRING]. |
|
Variable fields |
$1: IPv6 address in the ARP entry. $2: Name of the VPN instance in the ARP entry. If the log information belongs to the public network, this field displays Public. $3: Index of the VPN instance in the ARP entry. If the log information belongs to the public network, this field displays 0. $4: Name of the output interface in the ARP entry. |
|
Severity level |
4 |
|
Example |
ARP/4/ARP_HARDWARE_REFRESH_NORESOURCE: Failed to refresh the host route to in FIB according to the ARP entry because the device resources are insufficient. IP address=1.1.1.1; VPN instance name=vpn1; VPN instance index=1; Interface=GigabitEthernet1/0/1. |
|
Explanation |
After you enable error logging for ARP entry deployment to hardware by using the arp hardware log enable command, the host route in FIB failed to be refreshed because the device does not have sufficient hardware resources. |
|
Recommended action |
Check the device resource usage and resolve the issue of insufficient hardware resources. |
ARP_HARDWARE_SEND_NORESOURCE
|
Message text |
Failed to send the ARP entry to the driver because the device resources are insufficient. IP address=[STRING]; VPN instance name=[STRING]; VPN instance index=[UINT16]; Interface=[STRING]. |
|
Variable fields |
$1: IPv6 address in the ARP entry. $2: Name of the VPN instance in the ARP entry. If the log information belongs to the public network, this field displays Public. $3: Index of the VPN instance in the ARP entry. If the log information belongs to the public network, this field displays 0. $4: Name of the output interface in the ARP entry. |
|
Severity level |
4 |
|
Example |
ARP/4/ARP_HARDWARE_SEND_NORESOURCE: Failed to send the ARP entry to the driver because the device resources are insufficient. IP address=1.1.1.1; VPN instance name=vpn1; VPN instance index=1; Interface=GigabitEthernet1/0/1. |
|
Explanation |
After you enable error logging for ARP entry deployment to hardware by using the arp hardware log enable command, the device failed to deploy ARP entries to hardware because it does not have sufficient hardware resources. |
|
Recommended action |
Check the device resource usage and resolve the issue of insufficient hardware resources. |
ARP_HOST_IP_CONFLICT
|
Message text |
|
|
Variable fields |
$1: IP address. $2: Interface name. $3: Interface name. |
|
Severity level |
4 |
|
Example |
|
|
Explanation |
The sender IP address in a received ARP message conflicted with the IP address of a host connected to another interface. |
|
Recommended action |
Check whether the hosts that send the ARP messages are legitimate. Disconnect the illegal host from the network. |
ARP_HOST_MOVE_RESUME
|
Message text |
Endpoint with IP address [IPADDR] and MAC address [STRING]) has stayed on the current interface for a period of time after it moved from one interface to the current interface. Source of move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. Destination of move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. |
|
Variable fields |
$1: IP address of the user who changes the access port. $2: MAC address of the user who changes the access port. $3: Name of the interface before port migration. $4: Outer VLAN of the ARP packet before port migration. $5: Inner VLAN of the ARP packet before port migration. $6: Name of the interface after port migration. $7: Outer VLAN of the ARP packet after port migration. $8: Inner VLAN of the ARP packet after port migration. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_HOST_MOVE_RESUME: Endpoint with IP address 192.168.1.10 and MAC address 0010-2100-01e1 has stayed on the current interface for a period of time after it moved from one interface to the current interface. Source of move: interface GigabitEthernet1/0/1, SVLAN 100, CVLAN 10. Destination of move: interface GigabitEthernet1/0/2, SVLAN 100, CVLAN 10. |
|
Impact |
No negative impact on the system. |
|
Explanation |
This message is sent when the user does not change the access port again within 3 minutes. |
|
Recommended action |
No action is required. |
ARP_LIPCQUE_ALERT
|
Message text |
The number of ARP entries in the ARP_LIPC queue has reached [UINT32]. Please check the network environment. |
|
Variable fields |
$1: Number of ARP entries to be synchronized to other modules by the MPU in the queue. |
|
Severity level |
4 |
|
Example |
ARP/4/ARP_LIPCQUE_ALERT: -MDC=1; The number of ARP entries in the ARP_LIPC queue has reached 65. Please check the network environment. |
|
Explanation |
An alarm is generated when the number of ARP entries to be synchronized to other modules by the MPU in the queue reaches 50% or 80% of the queue capacity. The system outputs a log every 60 seconds and discards ARP entries when the queue capacity limit is reached. |
|
Recommended action |
Check if a loop exists or the system is attacked by an ARP attack. |
ARP_LOCALPROXY_ENABLE_FAILED
|
Message text |
Failed to enable local proxy ARP on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
ARP/4/ARP_LOCALPROXY_ENABLE_FAILED: -MDC=1-Slot=2; Failed to enable local proxy ARP on interface VSI-interface 1. |
|
Explanation |
This message is sent when the device fails to enable local proxy ARP on an interface in a slot. If the interface resides on the MPU, the slot number is 0. |
|
Recommended action |
1. Verify that the card supports local proxy ARP. 2. Verify that sufficient hardware resources are available. |
ARP_MAC_MISMATCH_ALARM
|
Message text |
IP address [STRING]: The MAC address [STRING] of the configured static ARP is inconsistent with the actual MAC address [STRING]. |
|
Variable fields |
$1: IP address in the static ARP entry. $2: MAC address in the static ARP entry. $3: Actual sender MAC address in the received ARP packet. |
|
Severity level |
4 (Warning) |
|
Example |
ARP/4/ARP_MAC_MISMATCH_ALARM: IP address 192.168.56.1: The MAC address 0001-0001-0001 of the configured static ARP is inconsistent with the actual MAC address 0a00-2700-000f. |
|
Impact |
The short static ARP entry cannot be resolved, which might affect service operation. |
|
Cause |
This message is sent when the MAC address in the static ARP entry is inconsistent with the corresponding user's actual MAC address after you execute the snmp-agent trap enable arp mac-mismatch command on the device. |
|
Recommended action |
1. Identify whether the sender MAC address in the received ARP packet is correct. ¡ If the MAC address is correct, edit the static ARP entry. ¡ If the MAC address is incorrect, the ARP packet is invalid and no action is required. 2. If the issue persists, collect configuration files, log messages, and alarm information, and then contact Technical Support for help. |
ARP_MAC_MISMATCH_CLEAR
|
Message text |
IP address [STRING]: The MAC address [STRING] of the configured static ARP is consistent with the actual MAC address. |
|
Variable fields |
$1: IP address in the static ARP entry. $2: MAC address in the static ARP entry. |
|
Severity level |
5 (Notification) |
|
Example |
ARP/5/ARP_MAC_MISMATCH_CLEAR: IP address 192.168.56.1: The MAC address 0a00-2700-000f of the configured static ARP is consistent with the actual MAC address. |
|
Impact |
The short static ARP entry is resolved and services operate correctly. |
|
Cause |
This message is sent when the MAC address in the static ARP entry becomes consistent with the MAC address in the received ARP packet. |
|
Recommended action |
No action is required. |
ARP_PACKET_SPEEDLIMIT_ALARM
|
Message text |
ARP or ARP miss packets were sent at [UINT] pps, which exceeded the alarm threshold. |
|
Variable fields |
$1: Packet sending rate. |
|
Severity level |
5 (Notification) |
|
Example |
ARP/5/ARP_PACKET_SPEEDLIMIT_ALARM: ARP or ARP miss packets were sent at 81 pps, which exceeded the alarm threshold. |
|
Impact |
Some normal ARP packets might be dropped, which causes traffic forwarding failure. |
|
Cause |
This message is sent when the sending rate of ARP packets or ARP Miss messages exceeds the alarm threshold (80% of the upper rate limit). |
|
Recommended action |
1. Capture packets to identify whether an ARP attack exists on the network and identify the attack source. 2. If the issue persists, collect configuration files, log messages, and alarm information, and then contact Technical Support for help. |
ARP_PACKET_SPEEDLIMIT_RESUME
|
Message text |
The rate of sending ARP or ARP miss packets dropped to [UINT] pps, which is below the alarm-clear threshold. |
|
Variable fields |
$1: Packet sending rate. |
|
Severity level |
5 (Notification) |
|
Example |
ARP/5/ARP_PACKET_SPEEDLIMIT_RESUME: The rate of sending ARP or ARP miss packets dropped to 50 pps, which is below the alarm-clear threshold. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is sent when the sending rate of ARP packets or ARP Miss messages drops below the alarm threshold (60% of the upper rate limit). |
|
Recommended action |
No action is required. |
ARP_PACKET_VALIDCHECK_ALARM
|
Message text |
Received an invalid ARP packet on [STRING]. Sender IP=[STRING]; Sender MAC=[STRING]; SVLAN=[STRING]; CVLAN=[STRING]. |
|
Variable fields |
$1: Name of the interface that receives the ARP packet. $2: Sender IP address in the ARP packet. $3: Sender MAC address in the ARP packet. $4: Outer VLAN IP of the ARP packet. $5: Inner VLAN IP of the ARP packet. |
|
Severity level |
4 (Warning) |
|
Example |
ARP/4/ARP_PACKET_VALIDCHECK_ALARM: Received an invalid ARP packet on vlan-interface 1. Sender IP=192.168.1.10; Sender MAC=0001-0001-0001; SVLAN=0; CVLAN=0. |
|
Impact |
An ARP attack might exist on the network, which affects device operation. |
|
Cause |
This message is sent when the device receives an invalid ARP packet because an ARP attack might exist on the network. |
|
Recommended action |
1. Identify whether an ARP attack exists on the network. ¡ If the corresponding alarm notification is generated continuously, identify the attack source by capturing packets. ¡ If the corresponding alarm notification is not generated continuously, no action is required. The ARP packet might be an error packet on the network. 2. If the issue persists, collect configuration files, log messages, and alarm information, and then contact Technical Support for help. |
ARP_PKTQUE_ALERT
|
Message text |
The current size of the ARP_PKT queue has reached [UINT32]. Please check the network environment. |
|
Variable fields |
$1: ARP packet queue size. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_PKTQUE_ALERT: The current size of ARP_PKT queue has reached 4096. Please check the network environment. |
|
Impact |
The device drops ARP packets when the ARP packet queue size exceeds the upper limit, which causes traffic forwarding failure. |
|
Cause |
The system outputs a log every 60 seconds when the ARP packet queue size exceeds 4096. |
|
Recommended action |
1. Identify whether the ARP packets received by the interface are normal. If an abnormal ARP packet is received, capture packets to identify whether an ARP attack exists and identify the attack source. 2. If the issue persists, collect configuration files, log messages, and alarm information, and then contact Technical Support for help. |
ARP_PKTQUE_RESUME
|
Message text |
The current size of the ARP_PKT queue has dropped to [UINT]. |
|
Variable fields |
$1: ARP packet queue size. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ ARP_PKTQUE_RESUME: The current size of the ARP_PKT queue has dropped to 3000. |
|
Impact |
No negative impact on the system. |
|
Explanation |
The system outputs a log when the ARP packet queue size drops below 3072. |
|
Recommended action |
No action is required. |
ARP_RATE_EXCEEDED
|
Message text |
The ARP packet rate ([UINT32] pps) exceeded the rate limit ([UINT32] pps) on interface [STRING] in the last [UINT32] seconds. |
|
Variable fields |
$1: ARP packet rate. $2: ARP limit rate. $3: Interface name. $4: Interval time. |
|
Severity level |
4 |
|
Example |
ARP/4/ARP_RATE_EXCEEDED: The ARP packet rate (100 pps) exceeded the rate limit (80 pps) on interface GigabitEthernet1/0/1 in the last 10 seconds. |
|
Explanation |
An interface received ARP messages at a higher rate than the rate limit. |
|
Recommended action |
Verify that the hosts at the sender IP addresses are legitimate. |
ARP_RATELIMIT_NOTSUPPORT
|
Message text |
Pattern 1: ARP packet rate limit is not support on slot [INT32]. Pattern 2: ARP packet rate limit is not support on chassis [INT32] slot [INT32]. |
|
Variable fields |
Pattern 1: $1: Slot number. Pattern 2: $1: Chassis number. $2: Slot number. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_RATELIMIT_NOTSUPPORT: ARP packet rate limit is not support on slot 2. |
|
Explanation |
Pattern 1: ARP packet rate limit is not supported on the slot. Pattern 2: ARP packet rate limit is not supported on the slot of the chassis was reached. |
|
Recommended action |
Verify that the host at the sender IP address is legitimate. |
ARP_SENDER_IP_INVALID
|
Message text |
Sender IP [STRING] was not on the same network as the receiving interface [STRING]. |
|
Variable fields |
$1: IP address. $2: Interface name. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_SENDER_IP_INVALID: Sender IP 192.168.10.2 was not on the same network as the receiving interface GigabitEthernet1/0/1. |
|
Explanation |
The sender IP of a received ARP message was not on the same network as the receiving interface. |
|
Recommended action |
Verify that the host at the sender IP address is legitimate. |
ARP_SENDER_IPCONFLICT_ALARM
|
Message text |
ARP packet arrived at [STRING] with a sender IP conflict. Conflict IP=[STRING]; Conflict MAC=[STRING]; SVLAN=[UINT32]; CVLAN=[UINT32]. |
|
Variable fields |
$1: Interface that receives the ARP packet. $2: Sender IP address in the ARP packet. $3: Sender MAC address in the ARP packet. $4: Outer VLAN of the ARP packet. $5: Inner VLAN of the ARP packet. |
|
Severity level |
4 (Warning) |
|
Example |
ARP/4/ARP_SENDER_IPCONFLICT_ALARM: ARP packet arrived at GigabitEthernet1/0/1 with a sender IP conflict. Conflict IP=192.168.56.2; Conflict MAC=0300-1602-00e0; SVLAN=0; CVLAN=0. |
|
Impact |
The gateway information of the user might be edited by the attacker, which causes an ARP attack. As a result, user services might be interrupted. |
|
Cause |
This message might be sent when the following events occur: · Another device on the network has the same IP address as that of the local device. · The network has an ARP attack that forges the sender IP address. |
|
Recommended action |
1. Identify whether another device on the network has the same IP address as that of the local device based on the alarm notification. ¡ If you can identify the device that has the same IP address, change the IP address of the device. ¡ If you cannot identify the device that has the same IP address, change the IP address of the corresponding interface. Make sure the operation does not affect services. 2. Identify whether an ARP packet attack exists on the network based on the alarm notification and identify the attack source by capturing packets. 3. If the issue persists, collect configuration files, log messages, and alarm information, and then contact Technical Support for help. |
ARP_SENDER_IPCONFLICT_RESUME
|
Message text |
Sender IP conflict removed from [STRING]. Conflict IP=[STRING]; Conflict MAC=[STRING]; SVLAN=[UINT32]; CVLAN=[UINT32]. |
|
Variable fields |
$1: Interface that receives the ARP packet. $2: Sender IP address in the ARP packet. $3: Sender MAC address in the ARP packet. $4: Outer VLAN of the ARP packet. $5: Inner VLAN of the ARP packet. |
|
Severity level |
5 (Notification) |
|
Example |
ARP/5/ARP_SNEDER_IPCONFLICT_RESUME: Sender IP conflict removed from vlan-interface 1. Conflict IP=192.168.56.100; Conflict MAC=0300-1602-00e1; SVLAN=0; CVLAN=0. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is sent when the interface does not receive any ARP packet in which the sender IP address is the same as the interface IP address within 3 minutes. |
|
Recommended action |
No action is required. |
ARP_SENDER_MAC_INVALID
|
Message text |
Sender MAC [STRING] was not identical to Ethernet source MAC [STRING] on interface [STRING]. |
|
Variable fields |
$1: MAC address. $2: MAC address. $3: Interface name. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_SENDER_MAC_INVALID: Sender MAC 0000-5E14-0E00 was not identical to Ethernet source MAC 0000-5C14-0E00 on interface GigabitEthernet1/0/1. |
|
Explanation |
An interface received an ARP message. The sender MAC address in the message body was not identical to the source MAC address in the Ethernet header. |
|
Recommended action |
Verify that the host at the sender MAC address is legitimate. |
ARP_SENDER_MACIPCONFLICT_ALARM
|
Message text |
ARP packet arrived at [STRING] with conflicting MAC and IP addresses. Conflict sender MAC=[STRING]; Conflict sender IP=[STRING]; Target MAC=[STRING]; Target IP=[STRING]; SVLAN=[UINT32]; CVLAN=[UINT32]; Input Physical Interface=[STRING]. |
|
Variable fields |
$1: Interface that receives the ARP packet. $2: Sender MAC address in the ARP packet. $3: Sender IP address in the ARP packet. $4: Target MAC address in the ARP packet. $5: Target IP address in the ARP packet. $6: Outer VLAN of the ARP packet. $7: Inner VLAN of the ARP packet. $8: Physical interface corresponding to the VLAN interface that receives the ARP packet. |
|
Severity level |
4 (Warning) |
|
Example |
ARP/4/ARP_SENDER_MACIPCONFLICT_ALARM: ARP packet arrived at vlan-interface 1 with conflicting MAC and IP addresses. Conflict sender MAC=0300-1602-00e0; Conflict sender IP=192.168.56.100; Target MAC=0300-1602-00e1; Target IP=192.168.56.2; SVLAN=0; CVLAN=0; Input Physical Interface=GigabitEthernet1/0/1. |
|
Impact |
The conflict might cause service interruption. |
|
Cause |
This message might be sent when the following events occur: · The network has an ARP attack. · The network has a loop. |
|
Recommended action |
1. Configure STP and identify whether the network has a loop. If the network does not have any loop, identify the packet source by capturing packets, and then edit the IP and MAC addresses of the device that sends the ARP packet. 2. If the issue persists, collect configuration files, log messages, and alarm information, and then contact Technical Support for help. |
ARP_SENDER_MACIPCONFLICT_RESUME
|
Message text |
Sender MAC and IP conflict removed from [STRING]. Conflict MAC=[STRING]; Conflict IP=[STRING]; Target MAC=[STRING]; Target IP=[STRING]; SVLAN=[UINT32]; CVLAN=[UINT32]; Input Physical Interface=[STRING]. |
|
Variable fields |
$1: Interface that receives the ARP packet. $2: Sender MAC address in the ARP packet. $3: Sender IP address in the ARP packet. $4: Target MAC address in the ARP packet. $5: Target IP address in the ARP packet. $6: Outer VLAN of the ARP packet. $7: Inner VLAN of the ARP packet. $8: Physical interface corresponding to the VLAN interface that receives the ARP packet. |
|
Severity level |
5 (Notification) |
|
Example |
ARP/5/ARP_SNEDER_MACIPCONFLICT_RESUME: Sender MAC and IP conflict removed from vlan-interface 1. Conflict MAC=0300-1602-00e0; Conflict IP=192.168.56.100; Target MAC=0300-1602-00e1; Target IP=192.168.56.2; SVLAN=0; CVLAN=0; Input Physical Interface=GigabitEthernet1/0/1. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is sent when the interface does not receive any ARP packet in which the sender IP and MAC addresses are the same as the interface IP and MAC addresses within 3 minutes. |
|
Recommended action |
No action is required. |
ARP_SENDER_SMACCONFLICT
|
Message text |
Packet was discarded because its sender MAC address was the MAC address of the receiving interface. Interface: [STRING], sender IP: [STRING], target IP: [STRING]. |
|
Variable fields |
$1: Interface name. $2: Sender IP address. $3: Target IP address. |
|
Severity level |
6 |
|
Example |
ARP/6/ ARP_SENDER_SMACCONFLICT: Packet discarded for the sender MAC address is the same as the receiving interface. Interface: GigabitEthernet1/0/1 sender IP: 1.1.2.2 target IP: 1.1.2.1, |
|
Explanation |
The sender MAC address of a received ARP packet conflicts with the MAC address of the device. |
|
Recommended action |
No action is required. |
ARP_SENDER_SMACCONFLICT_VSI
|
Message text |
Packet was discarded because its sender MAC address was the MAC address of the receiving interface. Interface: [STRING], sender IP: [STRING], target IP: [STRING],VSI index: [UINT32], link ID: [UINT32]. |
|
Variable fields |
$1: Interface name. $2: Sender IP address. $3: Target IP address. $4: VSI index. $5: Link ID. |
|
Severity level |
6 |
|
Example |
ARP/6/ ARP_SENDER_SMACCONFLICT_VSI: Packet discarded for the sender MAC address is the same as the receiving interface. Interface: VSI3 sender IP: 1.1.2.2 target IP: 1.1.2.1, VSI Index: 2, Link ID: 0 |
|
Explanation |
The sender MAC address of a received ARP packet conflicts with the MAC address of the device. The receiving interface is a VSI interface. |
|
Recommended action |
No action is required. |
ARP_SOURCE_SUPPRESSION
|
Message text |
The number of unresolvable IP packets received on interface [STRING] from IP address [STRING] exceeded the ARP source suppression threshold [UINT32]. |
|
Variable fields |
$1: Interface that received the unresolvable IP packets. $2: Source IP address of the unresolvable IP packets. $3: Threshold for ARP source suppression packets. |
|
Severity level |
4 |
|
Example |
ARP/4/ARP_SOURCE_SUPPRESSION: The number of unresolvable IP packets received on interface GE1/0/1 from IP address 10.1.1.20 exceeded the ARP source suppression threshold 10. |
|
Explanation |
After ARP source suppression is enabled, the number of unresolvable packets received from a specific IP address within 5 seconds exceeded the threshold. |
|
Recommended action |
· Identify the destination IP address of the unresolvable packets by debugging IP packets or ARP packets, and check if the destination IP address is valid so as to determine whether this event is caused by a network fault or attack. · Contact the technical support. |
ARP_SOURCE_IP
|
Message text |
An attack from IP [STRING] was detected on interface [STRING]. |
|
Variable fields |
$1: Sender IP address in the received ARP attack packets. $2: Name of the interface that received ARP attack packets with a fixed sender IP address. |
|
Severity level |
6 (Information) |
|
Example |
ARP/6/ARP_SOURCE_IP: An attack from IP 1.1.1.1 was detected on interface GE1/0/1. |
|
Impact |
The CPU might be busy processing ARP packets and be unable to process normal service traffic. |
|
Cause |
This message occurs if an interface receives more ARP packets with the same sender IP address than the threshold for a 5 seconds interval. |
|
Recommended action |
1. Execute the display arp source-ip command to view the ARP attack detection entry for the sender IP address. Identify whether the address is trusted, based on the network plan and service deployment. ¡ If the address is trusted, execute the arp source-ip exclude-ip command to exclude the address from ARP attack detection. ¡ If the address is not trusted, capture ARP packets to check for ARP attacks and locate the source of attacks, if any. 2. If the issue persists, collect log messages and configuration data, and then contact H3C Support for help. |
ARP_SRC_MAC_FOUND_ATTACK
|
Message text |
An attack from MAC [STRING] was detected on interface [STRING]. |
|
Variable fields |
$1: MAC address. $2: Interface name. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_SRC_MAC_FOUND_ATTACK: An attack from MAC 0000-5E14-0E00 was detected on interface GigabitEthernet1/0/1. |
|
Explanation |
The source MAC-based ARP attack detection feature received more ARP packets from the same MAC address within 5 seconds than the specified threshold. This message indicates the risk of attacks. |
|
Recommended action |
Verify that the host at the source MAC address is legitimate. |
ARP_SUP_ENABLE_FAILED
|
Message text |
Failed to enable ARP flood suppression on VSI [STRING]. |
|
Variable fields |
$1: VSI name. |
|
Severity level |
4 |
|
Example |
ARP/4/ARP_SUP_ENABLE_FAILED: -MDC=1; Failed to enable ARP flood suppression on VSI vpna. |
|
Explanation |
This message is sent when the system failed to enable ARP flood suppression for a VSI. The minimum interval between two log messages is 2 seconds. To make the system send the message successfully, wait for a minimum of 2 seconds before you enable ARP flood suppression for another VSI. |
|
Recommended action |
1. Verify that the device supports ARP flood suppression. 2. Verify that the hardware resources are sufficient. |
ARP_SUPPR_ALARM_CLEAR
|
Message text |
The number of ARP suppression entries dropped below the threshold. (Threshold=[ UINT32], Number of Suppression ARP entries=[UINT32]) |
|
Variable fields |
$1: Security threshold for ARP suppression entries. $2: Number of ARP suppression entries on the device. |
|
Severity level |
5 |
|
Example |
ARP/5/ARP_SUPPR_ALARM_CLEAR: The number of ARP suppression entries dropped below the threshold. Threshold=100; Number of Suppression ARP entries=59. |
|
Explanation |
The number of ARP suppression entries on the device dropped below the security threshold. The security threshold for ARP suppression entries is 60 percent of the customized ARP suppression entry specification for the product. |
|
Recommended action |
No action is required. |
ARP_SUPPR_THRESHOLD_EXCEED
|
Message text |
The number of ARP suppression entries exceeded the threshold. Threshold=[UINT32]; Number of ARP Suppression entries=[UINT32]. |
|
Variable fields |
$1: Alarm threshold for ARP suppression entries. $2: Number of ARP suppression entries on the device. |
|
Severity level |
4 |
|
Example |
ARP/4/ARP_SUPPR_THRESHOLD_EXCEED: The number of ARP suppression entries exceeded the threshold. Threshold=100; Number of ARP Suppression entries=81. |
|
Explanation |
The number of ARP suppression entries on the device exceeded the alarm threshold. The alarm threshold for ARP suppression entries is 80 percent of the customized ARP suppression entry specification for the product. |
|
Recommended action |
Delete the useless ARP suppression entries or raise the alarm threshold. |
ARP_TARGET_IP_INVALID
|
Message text |
Target IP [STRING] was not the IP of the receiving interface [STRING]. |
|
Variable fields |
$1: IP address. $2: Interface name. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_TARGET_IP_INVALID: Target IP 192.168.10.2 was not the IP of the receiving interface GigabitEthernet1/0/1. |
|
Explanation |
The target IP address of a received ARP message was not the IP address of the receiving interface. |
|
Recommended action |
Verify that the host at the sender IP address is legitimate. |
ARP_THRESHOLD_REACHED
|
Message text |
The alarm threshold for dynamic ARP entry learning was reached on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
ARP/4/ARP_THRESHOLD_REACHED: The alarm threshold for dynamic ARP entry learning was reached on interface GigabitEthernet1/0/1. |
|
Explanation |
This message is sent when the alarm threshold for dynamic ARP learning was reached on GigabitEthernet 1/0/1. |
|
Recommended action |
Verify that the number of learned dynamic ARP entries matches the actual number of devices in the network and no ARP attack sources exist in the network. |
ARP_USER_DUPLICATE_IPADDR_DETECT
|
Message text |
Detected a user IP address conflict. New user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) on interface [STRING] and old user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) on interface [STRING] were using the same IP address [IPADDR]. |
|
Variable fields |
$1: MAC address of a new user. $2: Outer VLAN to which the new user belongs. $3: Inner VLAN to which the new user belongs. $4: Name of the interface connecting to the new user. $5: MAC address of an old user. $6: Outer VLAN to which the old user belongs. $7: Inner VLAN to which the old user belongs. $8: Name of the interface connecting to the old user. $9: IP address. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_USER_DUPLICATE_IPADDR_DETECT: Detected a user IP address conflict. New user (MAC 0010-2100-01e1, SVLAN 100, CVLAN 10) on interface GigabitEthernet1/0/1 and old user (MAC 0120-1e00-0102, SVLAN 100, CVLAN 10) on interface GigabitEthernet1/0/1 were using the same IP address 192.168.1.1. |
|
Explanation |
ARP detected a user IP address conflict. The IP address of a new user is the same as the IP address of an old user. |
|
Recommended action |
Verify that all users have different IP addresses. |
ARP_USER_MOVE_DETECT
|
Message text |
Detected a user (IP address [IPADDR], MAC address [STRING]) moved to another interface. Before user move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. After user move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. |
|
Variable fields |
$1: IP address of the user. $2: MAC address of the user. $3: Interface name before the migration. $4: Outer VLAN to which the user belongs before the migration. $5: Inner VLAN to which the user belongs before the migration. $6: Interface name after the migration. $7: Outer VLAN to which the user belongs after the migration. $8: Inner VLAN to which the user belongs after the migration. |
|
Severity level |
6 |
|
Example |
ARP/6/ARP_USER_MOVE_DETECT: Detected a user (IP address 192.168.1.1, MAC address 0010-2100-01e1) moved to another interface. Before user move: interface GigabitEthernet1/0/1, SVLAN 100, CVLAN 10. After user move: interface GigabitEthernet1/0/2, SVLAN 100, CVLAN 10. |
|
Explanation |
ARP detected a user accesses the network through another port. |
|
Recommended action |
Use the display arp user-move record command to verify that the migration is legitimate. |
DUPIFIP
|
Message text |
Duplicate address [STRING] on interface [STRING], sourced from [STRING]. |
|
Variable fields |
$1: IP address. $2: Interface name. $3: MAC Address. |
|
Severity level |
6 |
|
Example |
ARP/6/DUPIFIP: Duplicate address 1.1.1.1 on interface GigabitEthernet1/0/1, sourced from 0015-E944-A947. |
|
Explanation |
ARP detected a duplicate address. The sender IP in the received ARP packet was being used by the receiving interface. |
|
Recommended action |
Modify the IP address configuration. |
DUPIP
|
Message text |
IP address [STRING] conflicted with global or imported IP address, sourced from [STRING]. |
|
Variable fields |
$1: IP address. $2: MAC Address. |
|
Severity level |
6 |
|
Example |
ARP/6/DUPIP: IP address 30.1.1.1 conflicted with global or imported IP address, sourced from 0000-0000-0001. |
|
Explanation |
The sender IP address of the received ARP packet conflicted with the global or imported IP address. |
|
Recommended action |
Modify the IP address configuration. |
DUPVRRPIP
|
Message text |
IP address [STRING] conflicted with VRRP virtual IP address on interface [STRING], sourced from [STRING]. |
|
Variable fields |
$1: IP address. $2: Interface name. $3: MAC address. |
|
Severity level |
6 |
|
Example |
ARP/6/DUPVRRPIP: IP address 1.1.1.1 conflicted with VRRP virtual IP address on interface GigabitEthernet1/0/1, sourced from 0015-E944-A947. |
|
Explanation |
The sender IP address of the received ARP packet conflicted with the VRRP virtual IP address. |
|
Recommended action |
Modify the IP address configuration. |
ATK messages
This section contains attack detection and prevention messages.
ATK_ICMP_ADDRMASK_REQ
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ADDRMASK_REQ: IcmpType(1058)=17; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP address mask request logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_ADDRMASK_REQ_RAW
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW: IcmpType(1058)=17; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP address mask request is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_ADDRMASK_REQ_RAW_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW_SZ: IcmpType(1058)=17; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP address mask request is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_ADDRMASK_REQ_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ADDRMASK_REQ_SZ: IcmpType(1058)=17; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP address mask request logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_ADDRMASK_RPL
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ADDRMASK_RPL: IcmpType(1058)=18; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP address mask reply logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_ADDRMASK_RPL_RAW
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW: IcmpType(1058)=18; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_ADDRMASK_RPL_RAW_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW_SZ: IcmpType(1058)=18; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_ADDRMASK_RPL_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ADDRMASK_RPL_SZ: IcmpType(1058)=18; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP address mask reply logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_ECHO_REQ
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ECHO_REQ: IcmpType(1058)=8; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP echo request logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_ECHO_REQ_RAW
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1004)=[UINT16]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Destination port number. $7: Name of the receiving VPN instance. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ECHO_REQ_RAW: IcmpType(1058)=8; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DstPort(1004)=22; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP echo request is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_ECHO_REQ_RAW_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1004)=[UINT16]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Destination port number. $7: Name of the receiving VPN instance. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ECHO_REQ_RAW_SZ: IcmpType(1058)=8; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DstPort(1004)=22; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP echo request is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_ECHO_REQ_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ECHO_REQ_SZ: IcmpType(1058)=8; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP echo request logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_ECHO_RPL
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ECHO_RPL: IcmpType(1058)=0; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP echo reply logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_ECHO_RPL_RAW
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ECHO_RPL_RAW: IcmpType(1058)=0; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP echo reply is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_ECHO_RPL_RAW_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ECHO_RPL_RAW_SZ: IcmpType(1058)=0; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP echo reply is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_ECHO_RPL_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_ECHO_RPL_SZ: IcmpType(1058)=0; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP echo reply logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_ICMP_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_ICMP_INFO_REQ
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_INFO_REQ: IcmpType(1058)=15; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP information request logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_INFO_REQ_RAW
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_INFO_REQ_RAW: IcmpType(1058)=15; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP information request is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_INFO_REQ_RAW_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_INFO_REQ_RAW_SZ: IcmpType(1058)=15; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP information request is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_INFO_REQ_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_INFO_REQ_SZ: IcmpType(1058)=15; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP information request logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_INFO_RPL
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_INFO_RPL: IcmpType(1058)=16; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP information reply logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_INFO_RPL_RAW
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_INFO_RPL_RAW: IcmpType(1058)=16; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP information reply is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_INFO_RPL_RAW_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_INFO_RPL_RAW_SZ: IcmpType(1058)=16; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP information reply is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_INFO_RPL_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_INFO_RPL_SZ: IcmpType(1058)=16; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP information reply logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_LARGE
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_LARGE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when large ICMP packet logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_LARGE_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_LARGE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMP packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_LARGE_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_LARGE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMP packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_LARGE_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_LARGE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when large ICMP packet logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_PARAPROBLEM
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_PARAPROBLEM: IcmpType(1058)=12; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP parameter problem logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_PARAPROBLEM_RAW
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_PARAPROBLEM_RAW: IcmpType(1058)=12; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_PARAPROBLEM_RAW_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_PARAPROBLEM_RAW_SZ: IcmpType(1058)=12; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_PARAPROBLEM_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_PARAPROBLEM_SZ: IcmpType(1058)=12; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP parameter problem logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_PINGOFDEATH
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_PINGOFDEATH: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0. |
|
Recommended action |
No action is required. |
ATK_ICMP_PINGOFDEATH_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_PINGOFDEATH_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_PINGOFDEATH_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_PINGOFDEATH_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_PINGOFDEATH_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_PINGOFDEATH_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0. |
|
Recommended action |
No action is required. |
ATK_ICMP_REDIRECT
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_REDIRECT: IcmpType(1058)=5; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP redirect logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_REDIRECT_RAW
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_REDIRECT_RAW: IcmpType(1058)=5; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_REDIRECT_RAW_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_REDIRECT_RAW_SZ: IcmpType(1058)=5; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_REDIRECT_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_REDIRECT_SZ: IcmpType(1058)=5; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP redirect logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_SMURF
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_SMURF: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides. |
|
Recommended action |
No action is required. |
ATK_ICMP_SMURF_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_SMURF_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides. If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time a request is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_SMURF_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_SMURF_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides. If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time a request is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_SMURF_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_SMURF_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides. |
|
Recommended action |
No action is required. |
ATK_ICMP_SOURCEQUENCH
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_SOURCEQUENCH: IcmpType(1058)=4; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP source quench logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_SOURCEQUENCH_RAW
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_SOURCEQUENCH_RAW: IcmpType(1058)=4; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP source quench packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP source quench packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_SOURCEQUENCH_RAW_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_SOURCEQUENCH_RAW_SZ: IcmpType(1058)=4; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP source quench packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP source quench packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_SOURCEQUENCH_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_SOURCEQUENCH_SZ: IcmpType(1058)=4; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP source quench logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_TIMEEXCEED
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TIMEEXCEED: IcmpType(1058)=11; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP time exceeded logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_TIMEEXCEED_RAW
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TIMEEXCEED_RAW: IcmpType(1058)=11; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_TIMEEXCEED_RAW_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TIMEEXCEED_RAW_SZ: IcmpType(1058)=11; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_TIMEEXCEED_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TIMEEXCEED_SZ: IcmpType(1058)=11; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP time exceeded logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_TRACEROUTE
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_TRACEROUTE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for ICMP time exceeded packets of code 0. |
|
Recommended action |
No action is required. |
ATK_ICMP_TRACEROUTE_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_TRACEROUTE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet of code 0 is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_TRACEROUTE_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_TRACEROUTE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet of code 0 is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_TRACEROUTE_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMP_TRACEROUTE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for ICMP time exceeded packets of code 0. |
|
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_REQ
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TSTAMP_REQ: IcmpType(1058)=13; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP timestamp logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_REQ_RAW
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TSTAMP_REQ_RAW: IcmpType(1058)=13; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP timestamp packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_REQ_RAW_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TSTAMP_REQ_RAW_SZ: IcmpType(1058)=13; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP timestamp packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_REQ_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TSTAMP_REQ_SZ: IcmpType(1058)=13; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP timestamp logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_RPL
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TSTAMP_RPL: IcmpType(1058)=14; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP timestamp reply logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_RPL_RAW
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TSTAMP_RPL_RAW: IcmpType(1058)=14; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP timestamp replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp reply is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_RPL_RAW_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TSTAMP_RPL_RAW_SZ: IcmpType(1058)=14; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP timestamp replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp reply is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_TSTAMP_RPL_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TSTAMP_RPL_SZ: IcmpType(1058)=14; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP timestamp reply logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_TYPE
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TYPE: IcmpType(1058)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for user-defined ICMP packets. |
|
Recommended action |
No action is required. |
ATK_ICMP_TYPE_RAW
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TYPE_RAW: IcmpType(1058)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for user-defined ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMP packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_TYPE_RAW_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TYPE_RAW_SZ: IcmpType(1058)=38; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for user-defined ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMP packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_TYPE_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_TYPE_SZ: IcmpType(1058)=38; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for user-defined ICMP packets. |
|
Recommended action |
No action is required. |
ATK_ICMP_UNREACHABLE
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_UNREACHABLE: IcmpType(1058)=3; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP destination unreachable logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMP_UNREACHABLE_RAW
|
Message text |
IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_UNREACHABLE_RAW: IcmpType(1058)=3; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP destination unreachable packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_UNREACHABLE_RAW_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_UNREACHABLE_RAW_SZ: IcmpType(1058)=3; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMP destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP destination unreachable packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMP_UNREACHABLE_SZ
|
Message text |
IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMP_UNREACHABLE_SZ: IcmpType(1058)=3; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMP destination unreachable logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_DEST_UNREACH
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_DEST_UNREACH: Icmpv6Type(1059)=133; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 destination unreachable logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_DEST_UNREACH_RAW
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_DEST_UNREACH_RAW: Icmpv6Type(1059)=133; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 destination unreachable packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_DEST_UNREACH_RAW_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_DEST_UNREACH_RAW_SZ: Icmpv6Type(1059)=133; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 destination unreachable packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_DEST_UNREACH_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_DEST_UNREACH_SZ: Icmpv6Type(1059)=133; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 destination unreachable logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_REQ
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_ECHO_REQ: Icmpv6Type(1059)=128; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 echo request logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_REQ_RAW
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_ECHO_REQ_RAW: Icmpv6Type(1059)=128; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo request is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_REQ_RAW_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_ECHO_REQ_RAW_SZ: Icmpv6Type(1059)=128; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo request is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_REQ_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_ECHO_REQ_SZ: Icmpv6Type(1059)=128; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 echo request logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_RPL
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_ECHO_RPL: Icmpv6Type(1059)=129; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 echo reply logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_RPL_RAW
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_ECHO_RPL_RAW: Icmpv6Type(1059)=129; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo reply is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_RPL_RAW_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_ECHO_RPL_RAW_SZ: Icmpv6Type(1059)=129; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo reply is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_ECHO_RPL_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_ECHO_RPL_SZ: Icmpv6Type(1059)=129; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 echo reply logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMPV6_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1007)=2002::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of ICMPv6 packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMPV6_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1007)=2002::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of ICMPv6 packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPQUERY
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_GROUPQUERY: Icmpv6Type(1059)=130; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 multicast listener query logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPQUERY_RAW
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_GROUPQUERY_RAW: Icmpv6Type(1059)=130; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 multicast listener queries of the same attributes, this message is sent only when the first query is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener query is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPQUERY_RAW_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_GROUPQUERY_RAW_SZ: Icmpv6Type(1059)=130; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 multicast listener queries of the same attributes, this message is sent only when the first query is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener query is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPQUERY_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_GROUPQUERY_SZ: Icmpv6Type(1059)=130; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 multicast listener query logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREDUCTION
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_GROUPREDUCTION: Icmpv6Type(1059)=132; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 multicast listener done logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREDUCTION_RAW
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_GROUPREDUCTION_RAW: Icmpv6Type(1059)=132; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 multicast listener done packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener done packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREDUCTION_RAW_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_GROUPREDUCTION_RAW_SZ: Icmpv6Type(1059)=132; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 multicast listener done packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener done packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREDUCTION_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_GROUPREDUCTION_SZ: Icmpv6Type(1059)=132; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 multicast listener done logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREPORT
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_GROUPREPORT: Icmpv6Type(1059)=131; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 multicast listener report logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREPORT_RAW
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_GROUPREPORT_RAW: Icmpv6Type(1059)=131; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 multicast listener reports of the same attributes, this message is sent only when the first report is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener report is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREPORT_RAW_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_GROUPREPORT_RAW_SZ: Icmpv6Type(1059)=131; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 multicast listener reports of the same attributes, this message is sent only when the first report is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener report is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_GROUPREPORT_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_GROUPREPORT_SZ: Icmpv6Type(1059)=131; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 multicast listener report logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_LARGE
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMPV6_LARGE: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when large ICMPv6 packet logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_LARGE_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMPV6_LARGE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for large ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMPv6 packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_LARGE_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMPV6_LARGE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for large ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMPv6 packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_LARGE_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMPV6_LARGE_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when large ICMPv6 packet logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_PACKETTOOBIG
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_PACKETTOOBIG: Icmpv6Type(1059)=136; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 packet too big logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_PACKETTOOBIG_RAW
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_PACKETTOOBIG_RAW: Icmpv6Type(1059)=136; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 packet too big packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 packet too big packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_PACKETTOOBIG_RAW_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_PACKETTOOBIG_RAW_SZ: Icmpv6Type(1059)=136; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 packet too big packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 packet too big packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_PACKETTOOBIG_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_PACKETTOOBIG_SZ: Icmpv6Type(1059)=136; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 packet too big logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_PARAPROBLEM
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_PARAPROBLEM: Icmpv6Type(1059)=135; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 parameter problem logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_PARAPROBLEM_RAW
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_PARAPROBLEM_RAW: Icmpv6Type(1059)=135; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 parameter problem packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_PARAPROBLEM_RAW_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_PARAPROBLEM_RAW_SZ: Icmpv6Type(1059)=135; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 parameter problem packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_PARAPROBLEM_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_PARAPROBLEM_SZ: Icmpv6Type(1059)=135; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 parameter problem logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_TIMEEXCEED
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_TIMEEXCEED: Icmpv6Type(1059)=134; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 time exceeded logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_TIMEEXCEED_RAW
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_TIMEEXCEED_RAW: Icmpv6Type(1059)=134; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_TIMEEXCEED_RAW_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_TIMEEXCEED_RAW_SZ: Icmpv6Type(1059)=134; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_TIMEEXCEED_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_TIMEEXCEED_SZ: Icmpv6Type(1059)=134; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when ICMPv6 time exceeded logs are aggregated. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_TRACEROUTE
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMPV6_TRACEROUTE: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for ICMPv6 time exceeded packets of code 0. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_TRACEROUTE_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMPV6_TRACEROUTE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet of code 0 is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_TRACEROUTE_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMPV6_TRACEROUTE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435. |
|
Explanation |
If log aggregation is enabled, for ICMPv6 time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet of code 0 is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_TRACEROUTE_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_ICMPV6_TRACEROUTE_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for ICMPv6 time exceeded packets of code 0. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_TYPE
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_TYPE: Icmpv6Type(1059)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for user-defined ICMPv6 packets. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_TYPE _RAW_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_TYPE_RAW_SZ: Icmpv6Type(1059)=38; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for user-defined ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMPv6 packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_TYPE_RAW
|
Message text |
Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_TYPE_RAW: Icmpv6Type(1059)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for user-defined ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMPv6 packet is received. |
|
Recommended action |
No action is required. |
ATK_ICMPV6_TYPE_SZ
|
Message text |
Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_ICMPV6_TYPE_SZ: Icmpv6Type(1059)=38; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for user-defined ICMPv6 packets. |
|
Recommended action |
No action is required. |
ATK_IP_OPTION
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IP_OPTION: IPOptValue(1057)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with a user-defined IP option. |
|
Recommended action |
No action is required. |
ATK_IP_OPTION_RAW
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IP_OPTION_RAW: IPOptValue(1057)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with a user-defined IP option and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with a user-defined IP option is received. |
|
Recommended action |
No action is required. |
ATK_IP_OPTION_RAW_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IP_OPTION_RAW_SZ: IPOptValue(1057)=38; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with a user-defined IP option and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with a user-defined IP option is received. |
|
Recommended action |
No action is required. |
ATK_IP_OPTION_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IP_OPTION_SZ: IPOptValue(1057)=38; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with a user-defined IP option. |
|
Recommended action |
No action is required. |
ATK_IP4_ACK_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_ACK_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 ACK packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_ACK_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_ACK_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 ACK packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_DIS_PORTSCAN
|
Message text |
RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; TcpFlag(1074)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Protocol name. $3: TCP packet type. (This field is available only for TCP packets.) $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_DIS_PORTSCAN: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=TCP; TcpFlag(1074)=[SYN]; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=vpn1; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009052955. |
|
Explanation |
This message is sent when an IPv4 distributed port scan attack is detected. |
|
Recommended action |
No action is required. |
ATK_IP4_DIS_PORTSCAN_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Protocol name. $3: Destination IP address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_DIS_PORTSCAN_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=vpn1; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009052955. |
|
Explanation |
This message is sent when an IPv4 distributed port scan attack is detected. |
|
Recommended action |
No action is required. |
ATK_IP4_DNS_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_DNS_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 DNS queries sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_DNS_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_DNS_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 DNS queries sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_FIN_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_FIN_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 FIN packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_FIN_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_FIN_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 FIN packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_FRAGMENT
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_FRAGMENT: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 packets with an offset smaller than 5 but bigger than 0. |
|
Recommended action |
No action is required. |
ATK_IP4_FRAGMENT_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_FRAGMENT_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
|
Explanation |
This message is for the IPv4 fragment attack. The attack uses IPv4 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_FRAGMENT_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_FRAGMENT_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
|
Explanation |
This message is for the IPv4 fragment attack. The attack uses IPv4 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_FRAGMENT_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_FRAGMENT_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 packets with an offset smaller than 5 but bigger than 0. |
|
Recommended action |
No action is required. |
ATK_IP4_HTTP_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_HTTP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 HTTP Get packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_HTTP_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_HTTP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 HTTP Get packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_IMPOSSIBLE
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_IMPOSSIBLE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 packets whose source IPv4 address is the same as the destination IPv4 address. |
|
Recommended action |
No action is required. |
ATK_IP4_IMPOSSIBLE_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_IMPOSSIBLE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
|
Explanation |
This message is for the IPv4 impossible packet attack. The attack uses IPv4 packets whose source IPv4 address is the same as the destination IPv4 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_IMPOSSIBLE_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_IMPOSSIBLE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
|
Explanation |
This message is for the IPv4 impossible packet attack. The attack uses IPv4 packets whose source IPv4 address is the same as the destination IPv4 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_IMPOSSIBLE_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_IMPOSSIBLE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 packets whose source IPv4 address is the same as the destination IPv4 address. |
|
Recommended action |
No action is required. |
ATK_IP4_IPSWEEP
|
Message text |
RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Protocol name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_IPSWEEP: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=TCP; SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009060657. |
|
Explanation |
This message is sent when an IPv4 sweep attack is detected. |
|
Recommended action |
No action is required. |
ATK_IP4_IPSWEEP_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Protocol name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_IPSWEEP_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009060657. |
|
Explanation |
This message is sent when an IPv4 sweep attack is detected. |
|
Recommended action |
No action is required. |
ATK_IP4_PORTSCAN
|
Message text |
RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; DstIPAddr(1007)=[IPADDR]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Protocol name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Name of the receiving VPN instance. $6: Destination IP address. $7: Actions against the attack. $8: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_PORTSCAN: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=TCP; SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; DstIPAddr(1007)=6.1.1.5; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009052955. |
|
Explanation |
This message is sent when an IPv4 port scan attack is detected. |
|
Recommended action |
No action is required. |
ATK_IP4_PORTSCAN_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; DstIPAddr(1007)=[IPADDR]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Protocol name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Name of the receiving VPN instance. $6: Destination IP address. $7: Actions against the attack. $8: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_PORTSCAN_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; DstIPAddr(1007)=6.1.1.5; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009052955. |
|
Explanation |
This message is sent when an IPv4 port scan attack is detected. |
|
Recommended action |
No action is required. |
ATK_IP4_RST_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_RST_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 RST packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_RST_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_RST_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 RST packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_SYN_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_SYN_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 SYN packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_SYN_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_SYN_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 SYN packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_SYNACK_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_SYNACK_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 SYN-ACK packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_SYNACK_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_SYNACK_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 SYN-ACK packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_ALLFLAGS
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_ALLFLAGS: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have all flags set. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_ALLFLAGS_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_ALLFLAGS_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_ALLFLAGS_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_ALLFLAGS_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_ALLFLAGS_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_ALLFLAGS_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have all flags set. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_FINONLY
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_FINONLY: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have only the FIN flag set. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_FINONLY_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_FINONLY_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_FINONLY_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_FINONLY_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_FINONLY_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_FINONLY_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have only the FIN flag set. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_INVALIDFLAGS
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_INVALIDFLAGS: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_INVALIDFLAGS_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_INVALIDFLAGS_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_INVALIDFLAGS_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_INVALIDFLAGS_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_LAND
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_LAND: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets whose source IP address is the same as the destination IP address. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_LAND_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_LAND_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for the IPv4 land attack. The attack uses IPv4 TCP packets whose source IP address is the same as the destination IP address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_LAND_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_LAND_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for the IPv4 land attack. The attack uses IPv4 TCP packets whose source IP address is the same as the destination IP address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_LAND_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_LAND_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets whose source IP address is the same as the destination IP address. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_NULLFLAG
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_NULLFLAG: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=4. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have no flag set. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_NULLFLAG_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_NULLFLAG_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_NULLFLAG_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_NULLFLAG_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_NULLFLAG_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_NULLFLAG_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=4. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have no flag set. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_SYNFIN
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_SYNFIN: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have SYN and FIN flags set. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_SYNFIN_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_SYNFIN_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_SYNFIN_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_SYNFIN_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_SYNFIN_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_SYNFIN_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets that have SYN and FIN flags set. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_WINNUKE
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_WINNUKE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=5. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_WINNUKE_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_WINNUKE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for the IPv4 WinNuke attack. The attack uses IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_WINNUKE_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_WINNUKE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for the IPv4 WinNuke attack. The attack uses IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TCP_WINNUKE_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TCP_WINNUKE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=5. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. |
|
Recommended action |
No action is required. |
ATK_IP4_TEARDROP
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TEARDROP: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 overlapping fragments. |
|
Recommended action |
No action is required. |
ATK_IP4_TEARDROP_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TEARDROP_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for IPv4 overlapping fragments of the same attributes, this message is sent only when the first overlapping fragment is received. If log aggregation is disabled, this message is sent every time an IPv4 overlapping fragment is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TEARDROP_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TEARDROP_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for IPv4 overlapping fragments of the same attributes, this message is sent only when the first overlapping fragment is received. If log aggregation is disabled, this message is sent every time an IPv4 overlapping fragment is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TEARDROP_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TEARDROP_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 overlapping fragments. |
|
Recommended action |
No action is required. |
ATK_IP4_TINY_FRAGMENT
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TINY_FRAGMENT: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=6. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 packets with a datagram smaller than 68 bytes and the MF flag set. |
|
Recommended action |
No action is required. |
ATK_IP4_TINY_FRAGMENT_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TINY_FRAGMENT_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
|
Explanation |
This message is for the IPv4 tiny fragment attack. The attack uses IPv4 packets with a datagram smaller than 68 bytes and the MF flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TINY_FRAGMENT_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TINY_FRAGMENT_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging. |
|
Explanation |
This message is for the IPv4 tiny fragment attack. The attack uses IPv4 packets with a datagram smaller than 68 bytes and the MF flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_TINY_FRAGMENT_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_TINY_FRAGMENT_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=6. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 packets with a datagram smaller than 68 bytes and the MF flag set. |
|
Recommended action |
No action is required. |
ATK_IP4_UDP_BOMB
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_UDP_BOMB: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header. |
|
Recommended action |
No action is required. |
ATK_IP4_UDP_BOMB_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_UDP_BOMB_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 UDP bomb attack. The attack uses IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_UDP_BOMB_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_UDP_BOMB_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 UDP bomb attack. The attack uses IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_UDP_BOMB_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_UDP_BOMB_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header. |
|
Recommended action |
No action is required. |
ATK_IP4_UDP_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_UDP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 UDP packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_UDP_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_UDP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351. |
|
Explanation |
This message is sent when the number of IPv4 UDP packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP4_UDP_FRAGGLE
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_UDP_FRAGGLE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=11. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 UDP packets with source port 7 and destination port 19. |
|
Recommended action |
No action is required. |
ATK_IP4_UDP_FRAGGLE_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_UDP_FRAGGLE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 UDP fraggle attack. The attack uses IPv4 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_UDP_FRAGGLE_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_UDP_FRAGGLE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 UDP fraggle attack. The attack uses IPv4 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_UDP_FRAGGLE_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_UDP_FRAGGLE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=11. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 UDP packets with source port 7 and destination port 19. |
|
Recommended action |
No action is required. |
ATK_IP4_UDP_SNORK
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_UDP_SNORK: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 UDP packets with source port 7, 19, or 135, and destination port 135. |
|
Recommended action |
No action is required. |
ATK_IP4_UDP_SNORK_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_UDP_SNORK_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 UDP snork attack. The attack uses IPv4 UDP packets with source port 7, 19, or 135, and destination port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_UDP_SNORK_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_UDP_SNORK_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv4 UDP snork attack. The attack uses IPv4 UDP packets with source port 7, 19, or 135, and destination port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP4_UDP_SNORK_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP4_UDP_SNORK_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv4 UDP packets with source port 7, 19, or 135, and destination port 135. |
|
Recommended action |
No action is required. |
ATK_IP6_ACK_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_ACK_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 ACK packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_ACK_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_ACK_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 ACK packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_DIS_PORTSCAN
|
Message text |
RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Protocol name. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_DIS_PORTSCAN: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=UDP; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009100928. |
|
Explanation |
This message is sent when an IPv6 distributed port scan attack is detected. |
|
Recommended action |
No action is required. |
ATK_IP6_DIS_PORTSCAN_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Protocol name. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_DIS_PORTSCAN_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009100928. |
|
Explanation |
This message is sent when an IPv6 distributed port scan attack is detected. |
|
Recommended action |
No action is required. |
ATK_IP6_DNS_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_DNS_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 DNS queries sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_DNS_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_DNS_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 DNS queries sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_FIN_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_FIN_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 FIN packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_FIN_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_FIN_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 FIN packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_FRAGMENT
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_FRAGMENT: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging; BeginTime_c(1011)=20131011103335; EndTime_c(1012)=20131011103835; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 packets with an offset smaller than 5 but bigger than 0. |
|
Recommended action |
No action is required. |
ATK_IP6_FRAGMENT_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_FRAGMENT_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging. |
|
Explanation |
This message is for the IPv6 fragment attack. The attack uses IPv6 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_FRAGMENT_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_FRAGMENT_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging. |
|
Explanation |
This message is for the IPv6 fragment attack. The attack uses IPv6 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_FRAGMENT_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_FRAGMENT_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging; BeginTime_c(1011)=20131011103335; EndTime_c(1012)=20131011103835; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 packets with an offset smaller than 5 but bigger than 0. |
|
Recommended action |
No action is required. |
ATK_IP6_HTTP_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_HTTP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 HTTP Get packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_HTTP_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_HTTP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 HTTP Get packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_IMPOSSIBLE
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_IMPOSSIBLE: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging; BeginTime_c(1011)=20131011103335; EndTime_c(1012)=20131011103835; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 packets whose source IPv6 address is the same as the destination IPv6 address. |
|
Recommended action |
No action is required. |
ATK_IP6_IMPOSSIBLE_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_IMPOSSIBLE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging. |
|
Explanation |
This message is for the IPv6 impossible packet attack. The attack uses IPv6 packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_IMPOSSIBLE_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_IMPOSSIBLE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging. |
|
Explanation |
This message is for the IPv6 impossible packet attack. The attack uses IPv6 packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_IMPOSSIBLE_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_IMPOSSIBLE_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging; BeginTime_c(1011)=20131011103335; EndTime_c(1012)=20131011103835; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 packets whose source IPv6 address is the same as the destination IPv6 address. |
|
Recommended action |
No action is required. |
ATK_IP6_IPSWEEP
|
Message text |
RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Protocol name. $3: Source IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_IPSWEEP: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=UDP; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009100639. |
|
Explanation |
This message is sent when an IPv6 sweep attack is detected. |
|
Recommended action |
No action is required. |
ATK_IP6_IPSWEEP_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Protocol name. $3: Source IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_IPSWEEP_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009100639. |
|
Explanation |
This message is sent when an IPv6 sweep attack is detected. |
|
Recommended action |
No action is required. |
ATK_IP6_PORTSCAN
|
Message text |
RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Protocol name. $3: Source IPv6 address. $4: Name of the receiving VPN instance. $5: Destination IPv6 address. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_PORTSCAN: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=UDP; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; DstIPv6Addr(1037)=2::2; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009100455. |
|
Explanation |
This message is sent when an IPv6 port scan attack is detected. |
|
Recommended action |
No action is required. |
ATK_IP6_PORTSCAN_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Protocol name. $3: Source IPv6 address. $4: Name of the receiving VPN instance. $5: Destination IPv6 address. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_PORTSCAN_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; DstIPv6Addr(1037)=2::2; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009100455. |
|
Explanation |
This message is sent when an IPv6 port scan attack is detected. |
|
Recommended action |
No action is required. |
ATK_IP6_RST_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_RST_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 RST packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_RST_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_RST_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 RST packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_SYN_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_SYN_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 SYN packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_SYN_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_SYN_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 SYN packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_SYNACK_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_SYNACK_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 SYN-ACK packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_SYNACK_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_SYNACK_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 SYN-ACK packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_ALLFLAGS
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_ALLFLAGS: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have all flags set. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_ALLFLAGS_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_ALLFLAGS_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv6 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_ALLFLAGS_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_ALLFLAGS_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv6 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_ALLFLAGS_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_ALLFLAGS_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have all flags set. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_FINONLY
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_FINONLY: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have only the FIN flag set. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_FINONLY_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_FINONLY_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv6 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_FINONLY_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_FINONLY_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv6 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_FINONLY_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_FINONLY_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have only the FIN flag set. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_INVALIDFLAGS
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_INVALIDFLAGS: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_INVALIDFLAGS_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_INVALIDFLAGS_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_INVALIDFLAGS_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_INVALIDFLAGS_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_LAND
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_LAND: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_LAND_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_LAND_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for the IPv6 land attack. The attack uses IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_LAND_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_LAND_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for the IPv6 land attack. The attack uses IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_LAND_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_LAND_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_NULLFLAG
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_NULLFLAG: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have no flag set. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_NULLFLAG_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_NULLFLAG_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv6 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_NULLFLAG_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_NULLFLAG_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv6 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_NULLFLAG_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_NULLFLAG_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have no flag set. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_SYNFIN
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_SYNFIN: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have SYN and FIN flags set. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_SYNFIN_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_SYNFIN_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv6 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_SYNFIN_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_SYNFIN_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv6 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_SYNFIN_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_SYNFIN_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets that have SYN and FIN flags set. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_WINNUKE
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_WINNUKE: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_WINNUKE_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_WINNUKE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for the IPv6 WinNuke attack. The attack uses IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_WINNUKE_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_WINNUKE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for the IPv6 WinNuke attack. The attack uses IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_TCP_WINNUKE_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_TCP_WINNUKE_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. |
|
Recommended action |
No action is required. |
ATK_IP6_UDP_FLOOD
|
Message text |
RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_UDP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 UDP packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_UDP_FLOOD_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_UDP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434. |
|
Explanation |
This message is sent when the number of IPv6 UDP packets sent to a destination per second exceeds the rate limit. |
|
Recommended action |
No action is required. |
ATK_IP6_UDP_FRAGGLE
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_UDP_FRAGGLE: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 UDP packets with source port 7 and destination port 19. |
|
Recommended action |
No action is required. |
ATK_IP6_UDP_FRAGGLE_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_UDP_FRAGGLE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv6 UDP fraggle attack. The attack uses IPv6 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_UDP_FRAGGLE_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_UDP_FRAGGLE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv6 UDP fraggle attack. The attack uses IPv6 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_UDP_FRAGGLE_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_UDP_FRAGGLE_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 UDP packets with source port 7 and destination port 19. |
|
Recommended action |
No action is required. |
ATK_IP6_UDP_SNORK
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_UDP_SNORK: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 UDP packets with source port 7, 19, or 135, and destination port 135. |
|
Recommended action |
No action is required. |
ATK_IP6_UDP_SNORK_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_UDP_SNORK_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv6 UDP snork attack. The attack uses IPv6 UDP packets with source port 7, 19, or 135, and port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_UDP_SNORK_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_UDP_SNORK_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
This message is for IPv6 UDP snork attack. The attack uses IPv6 UDP packets with source port 7, 19, or 135, and port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received. |
|
Recommended action |
No action is required. |
ATK_IP6_UDP_SNORK_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IP6_UDP_SNORK_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 UDP packets with source port 7, 19, or 135, and destination port 135. |
|
Recommended action |
No action is required. |
ATK_IPOPT_ABNORMAL
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IPOPT_ABNORMAL: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011072002; EndTime_c(1012)=20131011072502; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with more than two IP options. |
|
Recommended action |
No action is required. |
ATK_IPOPT_ABNORMAL_RAW
|
Message text |
RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IPOPT_ABNORMAL_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
This message is for packets that each has more than two IP options. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with more than two IP options is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_ABNORMAL_RAW_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IPOPT_ABNORMAL_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
This message is for packets that each has more than two IP options. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with more than two IP options is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_ABNORMAL_SZ
|
Message text |
SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times. |
|
Severity level |
3 |
|
Example |
ATK/3/ATK_IPOPT_ABNORMAL_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011072002; EndTime_c(1012)=20131011072502; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with more than two IP options. |
|
Recommended action |
No action is required. |
ATK_IPOPT_LOOSESRCROUTE
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)= [UINT32]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_LOOSESRCROUTE: IPOptValue(1057)=131; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with IP option 131. |
|
Recommended action |
No action is required. |
ATK_IPOPT_LOOSESRCROUTE_RAW
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_LOOSESRCROUTE_RAW: IPOptValue(1057)=131; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with IP option 131 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 131 is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_LOOSESRCROUTE_RAW_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_LOOSESRCROUTE_RAW_SZ: IPOptValue(1057)=131; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with IP option 131 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 131 is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_LOOSESRCROUTE_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)= [UINT32]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_LOOSESRCROUTE_SZ: IPOptValue(1057)=131; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with IP option 131. |
|
Recommended action |
No action is required. |
ATK_IPOPT_RECORDROUTE
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_RECORDROUTE: IPOptValue(1057)=7; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with IP option 7. |
|
Recommended action |
No action is required. |
ATK_IPOPT_RECORDROUTE_RAW
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_RECORDROUTE_RAW: IPOptValue(1057)=7; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with IP option 7 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 7 is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_RECORDROUTE_RAW_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_RECORDROUTE_RAW_SZ: IPOptValue(1057)=7; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with IP option 7 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 7 is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_RECORDROUTE_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_RECORDROUTE_SZ: IPOptValue(1057)=7; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with IP option 7. |
|
Recommended action |
No action is required. |
ATK_IPOPT_ROUTEALERT
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_ROUTEALERT: IPOptValue(1057)=148; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with IP option 148. |
|
Recommended action |
No action is required. |
ATK_IPOPT_ROUTEALERT_RAW
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_ROUTEALERT_RAW: IPOptValue(1057)=148; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with IP option 148 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 148 is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_ROUTEALERT_RAW_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_ROUTEALERT_RAW_SZ: IPOptValue(1057)=148; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with IP option 148 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 148 is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_ROUTEALERT_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_ROUTEALERT_SZ: IPOptValue(1057)=148; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with IP option 148. |
|
Recommended action |
No action is required. |
ATK_IPOPT_SECURITY
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_SECURITY: IPOptValue(1057)=130; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131009091022; EndTime_c(1012)=20131009091522; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for packets with IP option 130. |
|
Recommended action |
No action is required. |
ATK_IPOPT_SECURITY_RAW
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_SECURITY_RAW: IPOptValue(1057)=130; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with IP option 130 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 130 is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_SECURITY_RAW_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_SECURITY_RAW_SZ: IPOptValue(1057)=130; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with IP option 130 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 130 is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_SECURITY_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_SECURITY_SZ: IPOptValue(1057)=130; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131009091022; EndTime_c(1012)=20131009091522; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for packets with IP option 130. |
|
Recommended action |
No action is required. |
ATK_IPOPT_STREAMID
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_STREAMID: IPOptValue(1057)=136; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with IP option 136. |
|
Recommended action |
No action is required. |
ATK_IPOPT_STREAMID_RAW
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_STREAMID_RAW: IPOptValue(1057)=136; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with IP option 136 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 136 is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_STREAMID_RAW_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_STREAMID_RAW_SZ: IPOptValue(1057)=136; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with IP option 136 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 136 is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_STREAMID_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_STREAMID_SZ: IPOptValue(1057)=136; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with IP option 136. |
|
Recommended action |
No action is required. |
ATK_IPOPT_STRICTSRCROUTE
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_STRICTSRCROUTE: IPOptValue(1057)=137; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with IP option 137. |
|
Recommended action |
No action is required. |
ATK_IPOPT_STRICTSRCROUTE_RAW
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_STRICTSRCROUTE_RAW: IPOptValue(1057)=137; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with IP option 137 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 137 is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_STRICTSRCROUTE_RAW_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_STRICTSRCROUTE_RAW_SZ: IPOptValue(1057)=137; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with IP option 137 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 137 is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_STRICTSRCROUTE_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_STRICTSRCROUTE_SZ: IPOptValue(1057)=137; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with IP option 137. |
|
Recommended action |
No action is required. |
ATK_IPOPT_TIMESTAMP
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_TIMESTAMP: IPOptValue(1057)=68; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with IP option 68. |
|
Recommended action |
No action is required. |
ATK_IPOPT_TIMESTAMP_RAW
|
Message text |
IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_TIMESTAMP_RAW: IPOptValue(1057)=68; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with IP option 68 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 68 is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_TIMESTAMP_RAW_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_TIMESTAMP_RAW_SZ: IPOptValue(1057)=68; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for packets with IP option 68 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 68 is received. |
|
Recommended action |
No action is required. |
ATK_IPOPT_TIMESTAMP_SZ
|
Message text |
IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPOPT_TIMESTAMP_SZ: IPOptValue(1057)=68; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3. |
|
Explanation |
This message is sent when logs are aggregated for packets with IP option 68. |
|
Recommended action |
No action is required. |
ATK_IPV6_EXT_HEADER
|
Message text |
IPv6ExtHeader(1060)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IPv6 extension header value. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPV6_EXT_HEADER: IPv6ExtHeader(1060)=43; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 packets with a user-defined extension header. |
|
Recommended action |
No action is required. |
ATK_IPV6_EXT_HEADER_RAW
|
Message text |
IPv6ExtHeader(1060)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IPv6 extension header value. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPV6_EXT_HEADER_RAW: IPv6ExtHeader(1060)=43; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for IPv6 packets with a user-defined extension header and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an IPv6 packet with a user-defined extension header is received. |
|
Recommended action |
No action is required. |
ATK_IPV6_EXT_HEADER_RAW_SZ
|
Message text |
IPv6ExtHeader(1060)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]. |
|
Variable fields |
$1: IPv6 extension header value. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPV6_EXT_HEADER_RAW_SZ: IPv6ExtHeader(1060)=43; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging. |
|
Explanation |
If log aggregation is enabled, for IPv6 packets with a user-defined extension header and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an IPv6 packet with a user-defined extension header is received. |
|
Recommended action |
No action is required. |
ATK_IPV6_EXT_HEADER_SZ
|
Message text |
IPv6ExtHeader(1060)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32]. |
|
Variable fields |
$1: IPv6 extension header value. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times. |
|
Severity level |
5 |
|
Example |
ATK/5/ATK_IPV6_EXT_HEADER_SZ: IPv6ExtHeader(1060)=43; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2. |
|
Explanation |
This message is sent when logs are aggregated for IPv6 packets with a user-defined extension header. |
|
Recommended action |
No action is required. |
ATM
This section contains ATM messages.
ATM_PVCDOWN
|
Variable fields |
|
|
Severity level |
|
|
Example |
ATM/5/ATM_PVCDOWN: Interface ATM2/0/2 PVC 0/100 status is down. |
|
Explanation |
The PVC state became down. Possible reasons include the following: · The ATM interface to which the PVC belongs went down. · The OAM state of the PVC became down. · The PVC had been manually shut down. |
|
Recommended action |
Use the display atm pvc-info command to display detailed information about the PVC and take relevant actions: · If the interface state is down, take the following actions: ¡ Make sure both the local and remote ATM interfaces are up by using the display interface atm command. If the interfaces have been manually shut down, execute the undo shutdown command in interface view to bring them up. ¡ Make sure the two interfaces are correctly connected. · If the OAM state is down, take the following actions: ¡ Make sure the VPI/VCI value of the remote PVC is the same as the VPI/VCI value of the local PVC. ¡ Make sure the OAM configuration of the remote PVC is consistent with the OAM configuration of the local PVC. For example, if one end is configured as the OAM CC cell sink, the other end must be configured as the OAM CC cell source. ¡ Make sure the remote PVC is up. If the remote PVC has been manually shut down, execute the undo shutdown command in PVC view to bring it up. ¡ Make sure the two ends are correctly connected. ¡ If the two routers are connected through an ATM network, in addition to the previous check items, you must check the forwarding rule of the ATM network. If the ATM network cannot reach the PVC, the PVC cannot come up. · If the PVC state is down, check if the local PVC has been manually shut down. To bring up the PVC, execute the undo shutdown command in PVC view. |
ATM_PVCUP
|
Variable fields |
|
|
Severity level |
|
|
Example |
|
|
Explanation |
The PVC state became up. |
|
Recommended action |
No action is required. |
BFD messages
This section contains BFD messages.
BFD_CHANGE_FSM
|
Message text |
Sess[STRING], Ver.[UINT32], Sta: [STRING]->[STRING], Diag: [STRING] |
|
Variable fields |
$1: Source address, destination address, interface, and message type of the BFD session. $2: BFD version: 0 or 1. $3: Name of FSM before changing. $4: Name of FSM after changing. $5: Diagnostic information: · 0 (No Diagnostic)—The BFD session is in up state. · 1 (Control Detection Time Expired)—A control packet mode BFD session goes down, because local detection times out. · 2 (Echo Function Failed)—An echo packet mode BFD session goes down, because local detection times out or the source IP address of echo packets is deleted. · 3 (Neighbor Signaled Session Down)—The remote end notifies the local end of BFD session down. · 7 (Administratively Down)—The local system prevents a BFD session from being established. |
|
Severity level |
5 (Notification) |
|
Example |
BFD/5/BFD_CHANGE_FSM:Sess[20.0.4.2/20.0.4.1,LD/RD:533/532, Interface:Vlan204, SessType:Ctrl, LinkType:INET], Ver.1, Sta: INIT->UP, Diag: 0 (No Diagnostic). |
|
Impact |
· If the BFD session changes to Down from another state, the session is abnormal, and the upper-layer application will be affected. · If the BFD session changes to Up and from another state, the session recovers, and the upper-layer application will also recover. · The following state changes of the BFD session have no impact on services: ¡ Down from Init. ¡ AdminDown from Down, Init, or Up. |
|
Cause |
The BFD session changes from Up to another state for one of the following reasons: · The BFD session changes to Up from Down when it is established or recovers from failures. · The BFD session changes to Up from Init when it is established or recovers from failures. · The BFD session changes to Up from AdminDown when its configuration changes. The BFD session changes to Up from another state for one of the following reasons: · The path detected by BFD fails, and BFD packets cannot be correctly exchanged as a result. · The interface bound to the BFD session goes down. · Other BFD sessions bound to the session go down. · The BFD session on the remote end is shut down or deleted. The BFD session changes to AdminDown from another state when it is deleted. |
|
Recommended action |
1. If the BFD session does not change to Down state, no action is required. 2. If the session changes to Down state from another state, proceed to step 3. 3. Use the display interface interface-type interface-number command to identify whether the interface bound to the session is in Up state. ¡ If yes, proceed to step 4. ¡ If no, connect the physical link correctly and use the display bfd session command to view the session state. If the value for the State field is not Up, proceed to step 4. 4. Use the display bfd session command to identify whether the BFD sessions on the two ends are deleted. ¡ If yes, configure the session on the two ends correctly and use the display bfd session command to view the session state. If the value for the State field is not Up, proceed to step 5. ¡ If no, proceed to step 5. 5. Use the ping command to identify whether the forwarding path can forward packets correctly. ¡ If no, re-deploy the forwarding path and use the display bfd session command to view the session state. If the value for the State field is not Up, proceed to step 6. ¡ If yes, proceed to step 6. 6. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
BFD_HARDWARE_SWITCHTO_SOFTWARE
|
Message text |
Sess[STRING], after you switch the BFD mode from hardware to software, the interval between BFD packet sending and receiving is too small and BFD does not perform session negotiation. If BFD session negotiation is required, increase the interval between BFD packet sending and receiving on the local device. |
|
Variable fields |
$1: Source address, destination address, interface, message type, and MPLS FEC information of the BFD session. Destination IP address, mask, and next hop IP address of the LSP session. Peer IP and PW ID of the PW session. Source IP address, destination IP address, tunnel ID, and LSP ID of the TE tunnel session. |
|
Severity level |
5 (Notification) |
|
Example |
BFD/5/BFD_HARDWARE_SWITCHTO_SOFTWARE: Sess[20.0.4.2/20.0.4.1,LD/RD:533/532, Interface:Vlan204, SessType:Ctrl, LinkType:INET], after you switch the BFD mode from hardware to software, the interval between BFD packet sending and receiving is too small and BFD does not perform session negotiation. If BFD session negotiation is required, increase the interval between BFD packet sending and receiving on the local device. |
|
Impact |
BFD will not perform session negotiation, thus the session cannot come up. |
|
Cause |
Upon switchover from hardware BFD to software BFD, BFD does not perform session negotiation because the interval for sending or receiving BFD packets is too small on the local device. |
|
Recommended action |
1. Execute the display bfd session verbose command to view the Hardware mode field. ¡ If the value for the Hardware mode field is Disable, hardware BFD is disabled and the software is processing BFD packets. For single-hop BFD sessions, proceed to step 2 or step 3. For multihop BFD sessions, proceed to step 3 or step 4. ¡ If the value for the Hardware mode field is Enabled, the hardware is processing BFD packets. In this case, if this message is no longer generated, the issue is solved. If this message is still generated, proceed to step 6. 2. Execute the following commands to increase the interval for sending or receiving BFD packets on the local device. (Only supported by certain products) ¡ Use the bfd min-transmit-interval command to increase the minimum interval for transmitting single-hop BFD control packets on the local device. ¡ Use the bfd min-receive-interval command to increase the minimum interval for receiving single-hop BFD control packets on the local device. 3. Use the bfd min-control-interval command to increase the minimum interval for transmitting and receiving single-hop BFD control packets on the local device. (Only supported by certain products) 4. Execute the following commands to increase the interval for sending or receiving BFD packets on the local device. (Only supported by certain products) ¡ Use the bfd multi-hop min-transmit-interval command to increase the minimum interval for transmitting multihop BFD control packets on the local device. ¡ Use the bfd multi-hop min-transmit-interval command to increase the minimum interval for transmitting multihop BFD control packets on the local device. 5. Use the bfd multi-hop min-control-interval command to increase the minimum Multipath transmitting and receiving multihop BFD control packets on the local device. (Only supported by certain products) 6. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
BFD_RD_ADD_DRIVER_FAILED
|
Message text |
Failed to add the remote identifiers to the driver: [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: Remote discriminators failed to be processed, in the format of value1, value2 to value3, value4. A maximum of 10 value ranges can be displayed. $2: Reason why the device failed to add the remote discriminators to the driver: · Insufficient resources. · Unknown. |
|
Severity level |
5 (Notification) |
|
Example |
BFD/5/BFD_RD_ADD_FAILED: Failed to add the remote identifiers to the driver: 1, 2 to 10, 1000. Reason: Insufficient resources. |
|
Impact |
In an M-LAG network using static BFD sessions in echo packet mode, the BFD session state might be abnormal. |
|
Cause |
When you used the bfd forwarding match remote-discriminator command to add remote discriminators to a BFD session, the device failed to add the remote discriminators to the drive due to insufficient resources. |
|
Recommended action |
1. Execute the display system internal bfd capability command in probe view to view the value for the Forwarding match remote discriminator limit field, which indicates the maximum number of remote discriminators supported by the device. 2. Execute the display current-configuration command to identify whether the number of remote discriminators configured by the bfd forwarding match remote-discriminator command has reached the maximum number supported by the device. ¡ If the number of remote discriminators has reached the maximum number and new remote discriminators are required, remove unnecessary remote discriminators. ¡ If the number of remote discriminators has not reached the maximum number, proceed to step 3. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
BFD_RD_CHANGE_SUCCESS
|
Message text |
For the remote discriminators failed to be added to the driver due to insufficient resources, the device automatically added them again and the operation succeeded: [STRING] |
|
Variable fields |
$1: Remote discriminators that are successfully processed, in the format of value1, value2 to value3, value4. A maximum of 10 value ranges can be displayed. |
|
Severity level |
5 (Notification) |
|
Example |
BFD/5/BFD_RD_CHANGE_SUCCESS: For the remote discriminators failed to be added to the driver due to insufficient resources, the device automatically added them again and the operation succeeded: 1, 2 to 10, 1000. |
|
Impact |
No negative impact on the system. |
|
Cause |
After the device failed to add the remote discriminators to the drive due to insufficient resources, the device automatically added them to the drive again. When the device successfully added the remote discriminators to the drive, this message was output. |
|
Recommended action |
No actions are required. |
BFD_REACHED_UPPER_LIMIT
|
Message text |
The total number of BFD sessions [ULONG] reached the upper limit. Please avoid creating a new session. |
|
Variable fields |
$1: Total number of BFD sessions. |
|
Severity level |
5 (Notification) |
|
Example |
BFD/5/BFD_REACHED_UPPER_LIMIT: The total number of BFD session 100 reached the upper limit. Please avoid creating a new session. |
|
Impact |
· You cannot create new BFD sessions after the number of BFD sessions has reached the upper limit on the device. · As a best practice, do not perform the power cycling or reset operation for the device that generates the notification. The operation will result in resource reallocation that affects services. |
|
Cause |
· New BFD sessions were created after the number of BFD sessions reached the upper limit. · The number of dynamic BFD sessions has exceeded the upper limit. |
|
Recommended action |
1. Stop creating new BFD sessions. 2. Delete unnecessary BFD sessions. For example, use the undo ospf bfd enable command to delete unnecessary BFD sessions associated with OSPF. For the methods of deleting BFD sessions associated with other features, see the corresponding command references. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
BGP messages
This section contains BGP messages.
BGP_DYN_PEER_LIMIT_REACHED
|
Message text |
BGP.[STRING]: The number of dynamic peers has reached the upper limit [UINT32]. |
|
Variable fields |
$1: BGP instance name. $2: Maximum number of dynamic BGP peer sessions that BGP can establish. |
|
Severity level |
4 |
|
Example |
BGP/4/BGP_DYN_PEER_LIMIT_REACHED: BGP.default: The number of dynamic peers has reached the upper limit 5. |
|
Explanation |
The number of dynamic peers has reached the upper limit. |
|
Recommended action |
Identify whether this issue is caused by network attacks: · If yes, configure attack protection settings. · If not, determine whether to increase the maximum number of dynamic BGP peer sessions that BGP can establish. |
BGP_DYN_PEER_LIMIT_REACHED_CLEAR
|
Message text |
· Pattern 1: BGP.[STRING]: The number of dynamic peers has dropped below the upper limit. (upper limit [UINT32], current [UINT32]) · Pattern 2: BGP.[STRING]: The limit on the number of dynamic peers is canceled. |
|
Variable fields |
In pattern 1: $1: BGP instance name. $2: Maximum number of dynamic BGP peer sessions that BGP can establish. $3: Number of established dynamic BGP peer sessions. In pattern 2: $1: BGP instance name. |
|
Severity level |
6 |
|
Example |
· Pattern 1: BGP/6/BGP_DYN_PEER_LIMIT_REACHED_CLEAR: BGP.default: The number of dynamic peers has dropped below the upper limit.(upper limit 13, current 12) · Pattern 2: BGP/6/BGP_DYN_PEER_LIMIT_REACHED_CLEAR: BGP.default: The limit on the number of dynamic peers is canceled. |
|
Explanation |
Pattern 1 indicates that the number of established dynamic BGP peer sessions has dropped below the upper limit. Pattern 2 indicates that the number of dynamic peers is no longer limited. |
|
Recommended action |
No action is required. |
BGP_EXCEED_ROA_LIMIT
|
Message text |
BGP [STRING].[STRING]: The number of ROAs ([UINT32]) from server [STRING] exceeds the limit [UINT32]. |
|
Variable fields |
$1: BGP instance name. $2: VPN instance name. This field is blank for the public network. $3: Number of ROAs received from the RPKI server. $4: IP address of the RPKI server. $5: Maximum number of ROAs that can be received from the RPKI server. |
|
Severity level |
4 |
|
Example |
BGP/4/BGP_EXCEED_ROA_LIMIT: BGP default.vpn1: The number of ROAs (101) from server 192.168.56.10 exceeds the limit 100. |
|
Explanation |
The number of ROAs received from the RPKI server exceeded the limit. |
|
Recommended action |
Determine whether the received ROAs can satisfy the current service demands: · If yes, contact the RPKI server maintainer to cancel advertising unnecessary ROAs. · If not, increase the maximum number of ROAs that can be received from the RPKI server. |
BGP_EXCEED_ROA_LIMIT_CLEAR
|
Message text |
BGP [STRING].[STRING]: The number of ROAs ([UINT32]) from server [STRING] fell below the limit [UINT32]. |
|
Variable fields |
$1: BGP instance name. $2: VPN instance name. This field is blank for the public network. $3: Number of ROAs received from the RPKI server. $4: IP address of the RPKI server. $5: Maximum number of ROAs that can be received from the RPKI server. |
|
Severity level |
6 |
|
Example |
BGP/6/BGP_EXCEED_ROA_LIMIT_CLEAR: BGP default.vpn1: The number of ROAs (99) from server 192.168.56.10 fell below the limit 100. |
|
Explanation |
The number of ROAs received from the RPKI server dropped below the limit. |
|
Recommended action |
No action is required. |
BGP_EXCEED_ROUTE_LIMIT
|
Message text |
BGP.[STRING]: The number of routes from peer [STRING] ([STRING]) exceeds the limit [UINT32]. |
|
Variable fields |
$1: VPN instance name. This field is blank for the public network. $2: IP address of the BGP peer. $3: Address family of the BGP peer. $4: Maximum number of routes. |
|
Severity level |
4 |
|
Example |
BGP/4/BGP_EXCEED_ROUTE_LIMIT: BGP.vpn1: The number of routes from peer 1.1.1.1 (IPv4-UNC) exceeds the limit 100. |
|
Explanation |
The number of routes received from a peer exceeded the maximum number of routes that can be received from the peer. |
|
Recommended action |
Determine whether it is caused by attacks: · If yes, configure the device to defend against the attacks. · If not, increase the maximum number of routes. |
BGP_REACHED_THRESHOLD
|
Message text |
BGP.[STRING]: The ratio of the number of routes received from peer [STRING] ([STRING]) to the number of allowed routes [UINT32] has reached the threshold ([UINT32]%). |
|
Variable fields |
$1: VPN instance name. This field is blank for the public network. $2: IP address of the BGP peer. $3: Address family of the BGP peer. $4: Maximum number of routes can be received from the BGP peer. $5: Percentage of received routes to the maximum allowed routes. |
|
Severity level |
5 |
|
Example |
BGP/5/BGP_REACHED_THRESHOLD: BGP.vpn1: The ratio of the number of routes received from peer 1.1.1.1 (IPv4-UNC) to the number of allowed routes 100 has reached the threshold (60%). |
|
Explanation |
The percentage of received routes to the maximum allowed routes reached the threshold. |
|
Recommended action |
Determine whether it is caused by attacks: · If yes, configure the device to defend against the attacks. · If not, increase the threshold value or the maximum number of routes that can be received from the peer. |
BGP_LOG_ROUTE_FLAP
|
Message text |
BGP.[STRING]: The route [STRING] [STRING]/[UINT32] learned from peer [STRING] ([STRING]) flapped. |
|
Variable fields |
$1: VPN instance name. This field is blank for the public network. $2: RD of the BGP route. This field is blank for a route without an RD. $3: BGP route prefix. $4: Mask of the BGP route prefix. $5: IP address of the BGP peer. $6: Address family of the BGP peer. |
|
Severity level |
4 |
|
Example |
BGP/4/BGP_LOG_ROUTE_FLAP: BGP.vpn1: The route 15.1.1.1/24 learned from peer 1.1.1.1 (IPv4-UNC) flapped. |
|
Explanation |
The route learned from a BGP peer flapped. |
|
Recommended action |
If a large number of routes flap, determine the route flapping cause and develop a solution. |
BGP_MEM_ALERT
|
Message text |
BGP process received system memory alert [STRING] event. |
|
Variable fields |
$1: Type of the memory alarm, stop and start. |
|
Severity level |
5 |
|
Example |
BGP/5/BGP_MEM_ALERT: BGP process received system memory alert start event. |
|
Explanation |
BGP received a memory alarm. |
|
Recommended action |
If BGP received a system memory alert start event, check the system memory and try to free some memory by adjusting modules that occupied too much memory. |
BGP_PEER_LICENSE_REACHED
|
Message text |
Number of peers in Established state reached the license limit. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
BGP/5/BGP_PEER_LICENSE_REACHED: Number of peers in Established state reached the license limit. |
|
Explanation |
The number of peers in Established state reached the license limit. |
|
Recommended action |
Determine whether a new license is required. |
GP_REMOTE_RTID_CONFLICT
|
Message text |
The local router ID conflicts with the remote router ID. (Router ID = [STRING], instance = [STRING], VPN instance = [STRING], peer = [STRING]) |
|
Variable fields |
$1: Conflicting router ID. $2: BGP instance name. $3: VPN instance name. This field is blank for the public network. $4: IP address of the BGP peer. |
|
Severity level |
3 |
|
Example |
BGP/3/BGP_REMOTE_RTID_CONFLICT: The local router ID conflicts with the remote router ID. (Router ID = 2.2.2.2, instance = default, VPN instance = vpn1, peer = 192.168.1.1) |
|
Explanation |
BGP session establishment failed, because the local device and the peer use the same router ID. |
|
Recommended action |
Verify that the router ID of each device on the network is unique. |
BGP_ROUTE_LICENSE_REACHED
|
Message text |
Number of [STRING] routes reached the license limit. |
|
Variable fields |
$1: BGP address family: · IPv4-UNC public—IPv4 unicast routes for the public network. · IPv6-UNC public—IPv6 unicast routes for the public network. · IPv4 private—IPv4 unicast routes, VPNv4 routes, and nested VPN routes for the private network. · IPv6 private—IPv6 unicast routes and VPNv6 routes for the private network. |
|
Severity level |
5 |
|
Example |
BGP/5/BGP_ROUTE_LICENSE_REACHED: Number of IPv4-UNC public routes reached the license limit. |
|
Explanation |
The number of routes in the specified address family reached the license limit. |
|
Recommended action |
Determine whether a new license is required. After the number of routes in the specified family falls below the license limit or the license limit increases, you must manually restore the discarded routes. |
BGP_RTID_CONFLICT
|
Message text |
Local router ID conflicts with the originator ID carried by a route. (Router ID=[STRING], instance=[STRING], VPN instance=[STRING], Peer=[STRING]) |
|
Variable fields |
$1: Router ID. $2: BGP instance name. $3: VPN instance name. This field is blank for the public network. $4: IP address of the BGP peer. |
|
Severity level |
3 |
|
Example |
BGP/3/BGP_RTID_CONFLICT: Local router ID conflicts with the originator ID carried by a route. (Router ID=2.2.2.2, instance=default, VPN instance=vpn1,Peer=192.168.1.1) |
|
Explanation |
The ORIGINATOR_ID attribute value for the BGP route is the same as the local router ID and thus the local device cannot receive the route. |
|
Recommended action |
Verify that the router ID of each device on the network is unique. |
BGP_STATE_CHANGED
|
Message text |
· Pattern 1: BGP.[STRING]: [STRING] state has changed from [STRING] to [STRING]. · Pattern 2: BGP.[STRING]: [STRING] state has changed from [STRING] to [STRING] for [STRING]. |
|
Variable fields |
In pattern 1: $1: VPN instance name. This field is blank for the public network. $2: BGP peer information: · IP address of the BGP peer. · Link-local address of the BGP peer and the peer-facing interface. $3: Name of FSM before the state change. $4: Name of FSM after the state change. In pattern 2: $1: VPN instance name. This field is blank for the public network. $2: BGP peer information: · IP address of the BGP peer. · Link-local address of the BGP peer and the peer-facing interface. $3: Name of FSM before the state change. $4: Name of FSM after the state change. $5: Reason for the state change. |
|
Severity level |
5 |
|
Example |
BGP/5/BGP_STATE_CHANGED: BGP.vpn1:192.99.0.2 state has changed OPENCONFIRM to ESTABLISHED. |
|
Explanation |
The FSM of a BGP peer has changed. This informational message appears when a BGP peer comes up or goes down. |
|
Recommended action |
If a peer goes down unexpectedly, determine whether an error or packet loss occurs. |
BGP_STATE_CHANGED_REASON
|
Message text |
BGP.[STRING]: [STRING] state has changed from [STRING] to [STRING]. ([STRING]) |
|
Variable fields |
$1: VPN instance name. This field does not display anything for the public network. $2: IP address of the BGP peer. $3: Original BGP peer state. $4: New BGP peer state. $5: BGP peer down information: · Reason: Reason why the BGP peer goes down. · Error code: Error code or sub error code in the sent or received notification. This field does not display anything if the BGP peer goes down because of TCP connection failures. · Local interface: Physical interface used to connect to the BGP peer. This field is displayed only when a directly connected BGP peer goes down because of interface connectivity failures. |
|
Severity level |
5 |
|
Example |
BGP/5/BGP_STATE_CHANGED_REASON: BGP.vpn1: 192.99.0.2 state has changed from ESTABLISHED to IDLE. (Reason: Directly connected physical interface was down, Error code: Send Notificationcode 6/0, Local interface: GigabitEthernet1/0/1) |
|
Explanation |
The state of the BGP peer changed from Established to another state. |
|
Recommended action |
Determine whether network errors or packet loss occurs based on the displayed reason. |
BLS messages
This section contains blacklist messages.
BLS_ENTRY_ADD
|
Message text |
SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; TTL(1051)=[STRING]; Reason(1052)=[STRING]. |
|
Variable fields |
$1: Blacklisted IP address. $2: Peer address of the DS-Lite tunnel. $3: VPN instance name. $4: TTL of a blacklist entry. $5: Reason why the blacklist entry was added. |
|
Severity level |
5 (Notification) |
|
Example |
BLS/5/BLS_ENTRY_ADD: SrcIPAddr(1003)=1.1.1.6; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=; TTL(1051)=; Reason(1052)=Configuration. BLS/5/BLS_ENTRY_ADD: SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; TTL(1051)=10; Reason(1052)=Scan behavior detected. |
|
Impact |
No negative impact on the system. |
|
Cause |
The message is sent when a blacklist entry is manually configured or dynamically created. |
|
Recommended action |
No action is required. |
BLS_ENTRY_DEL
|
Message text |
SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; Reason(1052)=[STRING]. |
|
Variable fields |
$1: Blacklisted IP address. $2: Peer address of the DS-Lite tunnel. $3: VPN instance name. $4: Reason why the blacklist entry was deleted. |
|
Severity level |
5 (Notification) |
|
Example |
BLS/5/BLS_ENTRY_DEL: SrcIPAddr(1003)=1.1.1.3; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=; Reason(1052)=Configuration. BLS/5/BLS_ENTRY_DEL: SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; Reason(1052)=Aging. |
|
Impact |
No negative impact on the system. |
|
Cause |
The message is sent when a blacklist entry is manually deleted or dynamically deleted due to the aging. |
|
Recommended action |
No action is required. |
BLS_IPV6_ENTRY_ADD
|
Message text |
SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; TTL(1051)=[STRING]; Reason(1052)=[STRING]. |
|
Variable fields |
$1: Blacklisted IPv6 address. $2: VPN instance name. $3: TTL of a blacklist entry. $4: Reason why the blacklist entry was added. |
|
Severity level |
5 (Notification) |
|
Example |
BLS/5/BLS_IPV6_ENTRY_ADD: SrcIPv6Addr(1036)=2::2; RcvVPNInstance(1041)=; TTL(1051)=; Reason(1052)=Configuration. BLS/5/BLS_IPV6_ENTRY_ADD: SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; TTL(1051)=10; Reason(1052)=Scan behavior detected. |
|
Impact |
No negative impact on the system. |
|
Cause |
The message is sent when a blacklist entry is manually configured or dynamically created. |
|
Recommended action |
No action is required. |
BLS_IPV6_ENTRY_DEL
|
Message text |
SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Reason(1052)=[STRING]. |
|
Variable fields |
$1: Blacklisted IPv6 address. $2: VPN instance name. $3: Reason why the blacklist entry was deleted. |
|
Severity level |
5 (Notification) |
|
Example |
BLS/5/BLS_IPV6_ENTRY_DEL: SrcIPv6Addr(1036)=2::2; RcvVPNInstance(1041)=; Reason(1052)=Configuration. |
|
Impact |
No negative impact on the system. |
|
Cause |
The message is sent when a blacklist entry is manually deleted or dynamically deleted due to the aging. |
|
Recommended action |
No action is required. |
CFD messages
This section contains CFD messages.
CFD_CROSS_CCM
|
Message text |
MEP [UINT16] in SI [INT32] received a cross-connect CCM. It’s SrcMAC is [MAC], SeqNum is [INT32], RMEP is [UINT16], MD ID is [STRING], MA ID is [STRING]. |
|
Variable fields |
$1: Service instance ID. $2: Local MEP ID. $3: Source MAC address. $4: Sequence number. $5: Remote MEP ID. $6: MD ID. If no MD ID is available, "without ID" is displayed. $7: MA ID. |
|
Severity level |
6 (Informational) |
|
Example |
CFD/6/CFD_CROSS_CCM: MEP 13 in SI 10 received a cross-connect CCM. Its SrcMAC is 0011-2233-4401, SeqNum is 78, RMEP is 12, MD ID is without ID, MA ID is 0. |
|
Impact |
Continuity check cannot be performed. |
|
Cause |
Configurations, including MD, MA, level ,and direction, are inconsistent for MEPs on both ends. |
|
Recommended action |
Check the configurations of MEPs on both ends. Make sure the MEPs have consistent configurations, including MD, MA, level, and direction. |
CFD_ERROR_CCM
|
Message text |
MEP [UINT16] in SI [INT32] received an error CCM. It’s SrcMAC is [MAC], SeqNum is [INT32], RMEP is [UINT16], MD ID is [STRING], MA ID is [STRING]. |
|
Variable fields |
$1: Service instance ID. $2: Local MEP ID. $3: Source MAC address. $4: Sequence number. $5: Remote MEP ID. $6: MD ID. If no MD ID is available, "without ID" is displayed. $7: MA ID. |
|
Severity level |
6 (Informational) |
|
Example |
CFD/6/CFD_ERROR_CCM: MEP 2 in SI 7 received an error CCM. Its SrcMAC is 0011-2233-4401, SeqNum is 21, RMEP is 2, MD ID is 7, MA ID is 1. |
|
Impact |
Continuity check cannot be performed. |
|
Cause |
· CCM transmission intervals are inconsistent for MEPs on both ends. · The remote MEP ID is not included in the MEP list of the local MEP. |
|
Recommended action |
Check the CCM configuration. Make sure the CCM transmission intervals are consistent on both ends, and the remote MEP ID is included in the MEP list of the local MEP. |
CFD_LOST_CCM
|
Message text |
MEP [UINT16] in SI [INT32] failed to receive CCMs from RMEP [UINT16]. |
|
Variable fields |
$1: Local MEP ID. $2: Service instance ID. $3: Remote MEP ID. |
|
Severity level |
6 (Informational) |
|
Example |
CFD/6/CFD_LOST_CCM: MEP 1 in SI 7 failed to receive CCMs from RMEP 2. |
|
Impact |
Continuity check cannot be performed. |
|
Cause |
· The link failed. · CCM transmission intervals are inconsistent for MEPs on both ends. |
|
Recommended action |
Check the link status and the configuration of the remote MEP. If the link is down or faulty (becomes unidirectional, for example), restore the link. If the remote MEP is configured with the same service instance, make sure the CCM sending intervals are consistent on both ends. |
CFD_RECEIVE_CCM
|
Message text |
MEP [UINT16] in SI [INT32] received CCMs from RMEP [UINT16] |
|
Variable fields |
$1: Local MEP ID. $2: Service instance ID. $3: Remote MEP ID. |
|
Severity level |
6 (Informational) |
|
Example |
CFD/6/CFD_RECEIVE_CCM: MEP 1 in SI 7 received CCMs from RMEP 2. |
|
Impact |
No negative impact on the system. |
|
Cause |
A MEP received CCMs from a remote MEP. |
|
Recommended action |
No action is required. |
CFGMAN messages
This section contains configuration management messages.
CFGMAN_ARCHIVE_SCP_FAIL
|
Message text |
Archive configuration to SCP server failed: IP = [STRING], Directory = [STRING], Username = [STRING] |
|
Variable fields |
$1: IP address of the SCP server. $2: Directory that saves the configuration archives on the SCP server. $3: Username for logging in to the SCP server. |
|
Severity level |
5 |
|
Example |
CFGMAN/5/CFGMAN_ARCHIVE_SCP_FAIL: Archive configuration to SCP server failed: IP = 192.168.21.21, Directory = /test/, Username = admin |
|
Explanation |
The device failed to archive the running configuration to an SCP server. |
|
Recommended action |
No action is required. |
CFGMAN_CFGCHANGED
|
Message text |
-EventIndex=[INT32]-CommandSource=[INT32]-ConfigSource=[INT32]-ConfigDestination=[INT32]; Configuration changed. |
|
Variable fields |
$1: Event index in the range of 1 to 2147483647. $2: Configuration change source: ¡ cli—The configuration change came from the CLI. ¡ snmp—The configuration change came from SNMP or was a configuration database change detected by SNMP. ¡ other—The configuration change came from other sources. $3: Source configuration: ¡ erase—Deleting or renaming a configuration file. ¡ running—Saving the running configuration. ¡ commandSource—Copying a configuration file. ¡ startup—Saving the running configuration to the next-startup configuration file. ¡ local—Saving the running configuration to a local file. ¡ networkFtp—Using FTP to transfer and save a configuration file to the device as the running configuration or next-startup configuration file. ¡ hotPlugging—A card hot swapping caused the configuration to be deleted or become ineffective. $4: Destination configuration: ¡ erase—Deleting or renaming a configuration file. ¡ running—Saving the running configuration. ¡ commandSource—Copying a configuration file. ¡ startup—Saving the running configuration to the next-startup configuration file. ¡ local—Saving the running configuration to a local file. ¡ networkFtp—Using FTP to transfer and save a configuration file to the device as the running configuration or next-startup configuration file. ¡ hotPlugging—A card hot swapping caused the configuration to be deleted or become ineffective. |
|
Severity level |
5 |
|
Example |
CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=[6]-CommandSource=[snmp]-ConfigSource=[startup]-ConfigDestination=[running]; Configuration changed. |
|
Explanation |
The running configuration changed in the past 10 minutes. |
|
Recommended action |
No action is required. |
CFGMAN_EXIT_FROM_CONFIGURE
|
Message text |
Line=[STRING], IP address=[STRING], user=[STRING]; Exit from the system view or a feature view to the user view. |
|
Variable fields |
$1: User line name. If the system failed to obtain the user line name, this field displays two asterisks (**). $2: IP address of the user. If the system failed to obtain the IP address, this field displays two asterisks (**). $3: Username. If the system failed to obtain the username, this field displays two asterisks (**). |
|
Severity level |
5 |
|
Example |
CFGMAN/5/CFGMAN_EXIT_FROM_CONFIGURE: Line=con0, IP address=**, user=**; Exit from the system view or a feature view to the user view. |
|
Explanation |
The user exited from system view or a feature view to user view. |
|
Recommended action |
No action is required. |
CFGMAN_OPTCOMPLETION
|
Message text |
-OperateType=[INT32]-OperateTime=[INT32]-OperateState=[INT32]-OperateEndTime=[INT32]; Operation completed. |
|
Variable fields |
$1: Operation type: ¡ running2startup—Saves the running configuration to the next-startup configuration file. ¡ startup2running—Loads the configuration in the next-startup configuration file. ¡ running2net—Saves the running configuration to a host on the network. ¡ net2running—Transfers a configuration file from a host on the network and loads the configuration. ¡ net2startup—Transfers a configuration file from a host on the network and specifies the file as the next-startup configuration file. ¡ startup2net—Copies the next-startup configuration file to a host on the network. $2: Operation start time. $3: Operation status: ¡ InProcess—Operation is in progress. ¡ success—Operation succeeded. ¡ InvalidOperation—Invalid operation. ¡ InvalidProtocol—Invalid protocol. ¡ InvalidSource—Invalid source file name. ¡ InvalidDestination—Invalid destination file name. ¡ InvalidServer—Invalid server address. ¡ DeviceBusy—The device is busy. ¡ InvalidDevice—Invalid device address. ¡ DeviceError—An error occurred on the device. ¡ DeviceNotWritable—The storage medium on the device is write protected. ¡ DeviceFull—The device does not have enough free storage space for the file. ¡ FileOpenError—Failed to open the file. ¡ FileTransferError—Failed to transfer the file. ¡ ChecksumError—File checksum error. ¡ LowMemory—The memory space is not sufficient. ¡ AuthFailed—User authentication failed. ¡ TransferTimeout—Transfer timed out. ¡ UnknownError—An unknown error occurred. ¡ invalidConfig—Invalid configuration. $4: Operation end time. |
|
Severity level |
5 |
|
Example |
CFGMAN/5/CFGMAN_OPTCOMPLETION: -OperateType=[running2startup]-OperateTime=[248]-OperateState=[success]-OperateEndTime=[959983]; Operation completed. |
|
Explanation |
The device is performing or has completed an operation. |
|
Recommended action |
If the operation is not successful, locate and resolve the issue. |
CFG_SAVE_FAILED
|
Message text |
Pattern 1: Failed to save the current configuration. Pattern 2: Failed to save the current configuration on [STRING]. Pattern 3: Failed to save the current configuration. Reason: [STRING]. Pattern 4: Failed to save the current configuration for [STRING]. Pattern 5: Failed to save the current configuration on [STRING]. Reason: [STRING]. |
|
Variable fields |
Pattern 2: $1: Slot location if the slot has only one CPU or CPU location if the slot has multiple CPUs. Pattern 3: $1: Failure reason. The values include: ¡ No space available on the device. ¡ Failed to save the current configuration in binary format. ¡ The memory is insufficient. ¡ Failed to set the next-startup configuration on location—If the slot has only one CPU, the location is the location of the slot. If the slot has multiple CPUs, the location is the location of the CPU. ¡ The system is rebooting. ¡ Operation not supported. ¡ The memory on the memory file system is insufficient. Pattern 4: $1: MDC mdc-name or Context context-name. Pattern 5: $1: Slot location if the slot has only one CPU or CPU location if the slot has multiple CPUs. $2: Failure reason. The values for this pattern are the same as those for pattern 3. |
|
Severity level |
4 |
|
Example |
CFGMAN/4/CFG_SAVE_FAILED: Failed to save the current configuration. Reason: No space available on the device. |
|
Explanation |
This message was generated when the system failed to save the running configuration. · The message does not contain a failure reason if the failure reason is not among the above listed failure reasons. · The message is in pattern 2 if the system fails to back up the startup configuration file to the standby slot because of reasons such as slow disk read and write speed or disk damage. · The message does not contain slot information if the system fails to save the running configuration to all slots. · The message contains an MDC or context name if the system fails to save the running configuration on the MDC or context. For more information, log in to the MDC or context and then execute the display logbuffer command. |
|
Recommended action |
1. Execute the dir command to verify that the storage medium has sufficient space to save the running configuration. 2. Execute the copy command to verify that you can copy files to the storage medium. 3. Execute the display memory and display process memory commands to verify that the memory space is sufficient. 4. If the issue persists, contact H3C Support. |
CFG_SET_NEXTCFG_FAILED
|
Message text |
Failed to set [STRINT] as the [STRING] next-startup file on [STRING]. |
|
Variable fields |
$1: File name. $2: Main or backup attribute: ¡ main—Main next-startup configuration file. ¡ backup—Backup next-startup configuration file. $3: Slot location if the slot has only one CPU or CPU location if the slot has multiple CPUs. |
|
Severity level |
4 |
|
Example |
CFGMAN/4/CFG_SET_NEXTCFG_FAILED: Failed to set startup.cfg as the main next-startup file on slot 1. |
|
Explanation |
Failed to configure a file as a next-startup configuration file. |
|
Recommended action |
1. Verify that the file exists. 2. Verify that the file contents are valid. 3. Record the operations you have made and contact H3C Support. |
CGROUP messages
This section contains interface collaboration messages.
CGROUP_STATUS_CHANGE
|
Message text |
The status of collaboration group [UINT32] is [STRING]. |
|
Variable fields |
$1: Collaboration group ID. $2: Collaboration group state: down or up. |
|
Severity level |
6 (Informational) |
|
Example |
CGROUP/6/CGROUP_STATUS_CHANGE: The status of collaboration group 1 is up. |
|
Impact |
Determine the impact according to the actual situation. |
|
Cause |
The status of a member interface changed. |
|
Recommended action |
1. Use the display collaboration-group command to determine the member interface that went down. 2. Use the display interface command to determine the reason why the interface went down by examining the Cause field and take the corresponding action to bring up the interface. |
CONNLMT messages
This section contains connection limit messages.
CONNLMT_IPV4_OVERLOAD
|
Message text |
RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];UpperLimit(1049)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING]; |
|
Variable fields |
$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IP address. $4: Destination IP address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper threshold. $10: Rule ID. $11: Event message. |
|
Severity level |
6 |
|
Example |
CONNLMT/6/CONNLMT_IPV4_OVERLOAD: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=10.10.10.1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;UpperLimit(1049)=1000;LimitRuleNum(1051)=1;Event(1048)=Exceeds upper threshold; |
|
Explanation |
The number of concurrent connections exceeded the upper threshold. |
|
Recommended action |
No action is required. |
CONNLMT_IPV4_RECOVER
|
Message text |
RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];DropPktCount(1052)=[UINT32];LowerLimit(1050)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING]; |
|
Variable fields |
$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IP address. $4: Destination IP address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Number of dropped packets. $10: Lower threshold. $11: Rule ID. $12: Event message. |
|
Severity level |
6 |
|
Example |
CONNLMT/6/CONNLMT_IPV4_RECOVER: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=10.10.10.1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;DropPktCount(1052)=306004;LowerLimit(1050)=10;LimitRuleNum(1051)=1;Event(1048)=Reduces below lower threshold; |
|
Explanation |
The number of concurrent connections dropped to the lower threshold from the upper threshold. |
|
Recommended action |
No action is required. |
CONNLMT_IPV6_OVERLOAD
|
Message text |
RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];UpperLimit(1049)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING]; |
|
Variable fields |
$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper threshold. $10: Rule ID. $11: Event message. |
|
Severity level |
6 |
|
Example |
CONNLMT/6/CONNLMT_IPV6_OVERLOAD: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPv6Addr(1036)=2001::1;DstIPv6Addr(1037)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;UpperLimit(1049)=1000;LimitRuleNum(1051)=1;Event(1048)=Exceeds upper threshold; |
|
Explanation |
The number of concurrent connections exceeded the upper threshold. |
|
Recommended action |
No action is required. |
CONNLMT_IPV6_RECOVER
|
Message text |
RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];DropPktCount(1052)=[UINT32];LowerLimit(1050)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING]; |
|
Variable fields |
$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Number of dropped packets. $10: Lower threshold. $11: Rule ID. $12: Event message. |
|
Severity level |
6 |
|
Example |
CONNLMT/6/CONNLMT_IPV6_RECOVER: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=2001::1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;DropPktCount(1052)=306004;LowerLimit(1050)=10;LimitRuleNum(1051)=1;Event(1048)=Reduces below lower threshold; |
|
Explanation |
The number of concurrent connections dropped to the lower threshold from the upper threshold. |
|
Recommended action |
No action is required. |
DEV messages
This section contains device management messages.
AUTOSWITCH_FAULT
|
Message text |
[STRING] automatically switches between active and standby, and a fault occurs during the switching. |
|
Variable fields |
$1: Chassis number. |
|
Severity level |
1 |
|
Example |
DEV/1/AUTOSWITCH_FAULT: Chassis 1 automatically switches between active and standby, and a fault occurs during the switching, please contact technical support. |
|
Explanation |
An active/standby switchover was performed automatically on a device, and a fault occurred during the switchover process. |
|
Recommended action |
1. Execute the display diagnostic-information command to collect and save diagnostic information. 2. Reboot the device manually for clearing the fault. 3. Execute the display device command to display the device status. If the device status is not Normal, contact technical support. |
BOARD_REBOOT
|
Message text |
Board is rebooting on [STRING]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. |
|
Severity level |
5 |
|
Example |
DEV/5/BOARD_REBOOT: Board is rebooting on slot 1. |
|
Explanation |
A card was manually or automatically rebooted. |
|
Recommended action |
If an unexpected automatic reboot occurred, perform the following tasks: 1. Execute the display version command after the slot starts up. 2. Check the Last reboot reason field for the reboot reason. 3. If an exception caused the reboot, contact technical support. |
BOARD_REMOVED
|
Message text |
Board was removed from [STRING], type is [STRING]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Card type. |
|
Severity level |
3 |
|
Example |
DEV/3/BOARD_REMOVED: Board was removed from slot 1, type is LSQ1FV48SA. |
|
Explanation |
An LPU or a standby MPU was removed from a member device, causing the device to leave the IRF fabric. |
|
Recommended action |
If the LPU or MPU was not manually removed, perform the following tasks: 1. Verify that the card is securely seated. 2. Replace the card if the message persists. 3. Reboot the device to make it join the IRF fabric. 4. If the problem persists, contact technical support. |
BOARD_RUNNING_FAULT
|
Message text |
[STRING] is detected to be faulty. |
|
Variable fields |
$1: Chassis number and slot number or slot number. |
|
Severity level |
1 |
|
Example |
DEV/1/BOARD_RUNNING_FAULT: Chassis 1 slot 0 is detected to be faulty, please contact technical support. |
|
Explanation |
A card was detected faulty. |
|
Recommended action |
1. Execute the display diagnostic-information command to collect and save diagnostic information. 2. Reboot the card manually for clearing the fault. 3. Execute the display device command to display the card status. If the card status is not Normal, contact technical support. |
BOARD_RUNNING_FAULT_REBOOT
|
Message text |
[STRING] is detected to be faulty, the device will immediately restart [STRING] to recover from the fault. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Chassis number and slot number or slot number. |
|
Severity level |
1 |
|
Example |
DEV/1/ BOARD_RUNNING_FAULT_REBOOT: Chassis 1 slot 0 is detected to be faulty, the device will immediately restart chassis 1 slot 0 to recover from the fault. |
|
Explanation |
A card was detected faulty. The device will restart the card immediately to clear the fault. |
|
Recommended action |
Execute the display device command to display the card status after the card is rebooted. If the card status is not Normal, contact technical support. |
BOARD_STATE_FAULT
|
Message text |
Board state changed to Fault on [STRING], type is [STRING]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Card type. |
|
Severity level |
2 |
|
Example |
DEV/2/BOARD_STATE_FAULT: Board state changed to Fault on slot 1, type is LSQ1FV48SA. |
|
Explanation |
The card was starting up (initializing or loading software) or was not operating correctly. |
|
Recommended action |
· If the card was newly installed, wait for the card to start up. The required startup time varies by card model and software version and is typically less than 10 minutes. · If the card was not newly installed, contact technical support. |
BOARD_STATE_NORMAL
|
Message text |
Board state changed to Normal on [STRING], type is [STRING]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Card type. |
|
Severity level |
5 |
|
Example |
DEV/5/BOARD_STATE_NORMAL: Board state changed to Normal on slot 1, type is LSQ1FV48SA. |
|
Explanation |
A newly installed LPU or standby MPU completed initialization. This message does not indicate that configuration recovery is completed. You cannot perform a master/standby switchover. |
|
Recommended action |
No action is required. |
CFCARD_INSERTED
|
Message text |
CF card was inserted in [STRING] CF card slot [INT32]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. |
|
Severity level |
4 |
|
Example |
DEV/4/CFCARD_INSERTED: CF card was inserted in slot 1 CF card slot 1. |
|
Explanation |
A CF card was installed. |
|
Recommended action |
No action is required. |
CFCARD_REMOVED
|
Message text |
CF card was removed from [STRING] CF card slot [INT32]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: CF card slot number. |
|
Severity level |
3 |
|
Example |
DEV/3/CFCARD_REMOVED: CF card was removed from slot 1 CF card slot 1. |
|
Explanation |
A CF card was removed. |
|
Recommended action |
If the CF card was not manually removed, perform the following tasks: 1. Verify that the card is securely seated. 2. Replace the card if the message persists. 3. If the problem persists, contact technical support. |
CHASSIS_REBOOT
|
Message text |
Chassis [INT32] is rebooting now. |
|
Variable fields |
$1: Chassis number. |
|
Severity level |
5 |
|
Example |
DEV/5/CHASSIS_REBOOT: Chassis 1 is rebooting now. |
|
Explanation |
The chassis was manually or automatically rebooted. |
|
Recommended action |
If an unexpected automatic reboot occurs, perform the following tasks: 1. Execute the display version command after the chassis starts up. 2. Check the Last reboot reason field for the reboot reason. 3. If an exception caused the reboot, contact technical support. |
DEV_CLOCK_CHANGE
|
Message text |
-User=[STRING]-IPAddr=[IPADDR]; System clock changed from [STRING] to [STRING]. |
|
Variable fields |
$1: Username of the login user. $2: IP address of the login user. $3: Old time. $4: New time. |
|
Severity level |
5 |
|
Example |
DEV/5/DEV_CLOCK_CHANGE: -User=admin-IPAddr=192.168.1.2; System clock changed from 15:49:52 01/02/2013 to 15:50:00 01/02/2013. |
|
Explanation |
The system time changed. |
|
Recommended action |
No action is required. |
DEV_FAULT_TOOLONG
|
Message text |
Card in [STRING] is still in Fault state for [INT32] minutes. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Time duration during which the card stayed in Fault state. |
|
Severity level |
4 |
|
Example |
DEV/4/DEV_FAULT_TOOLONG: Card in slot 1 is still in Fault state for 60 minutes. |
|
Explanation |
A card stayed in Fault state for a long period of time. |
|
Recommended action |
1. Reboot the card. 2. If the problem persists, contact technical support. |
DEV_MNT_LogToIC
|
Message text |
The device does not support Power-to-Port Fan [UINT32]. |
|
Variable fields |
$1: Slot number of the fan. |
|
Severity level |
5 |
|
Example |
DEV/5/DEV_MNT_LogToIC: The device does not support Power-to-Port Fan 1. |
|
Impact |
Heat dissipation is affected on the device. |
|
Cause |
The fan is not compatible with the device. |
|
Recommended action |
· Identify whether the inhaling fan is used. · If yes, replace the inhaling fan with an exhausting fan. |
FAN_ABSENT
|
Message text |
Pattern 1: Fan [INT32] is absent. Pattern 2: Chassis [INT32] fan [INT32] is absent. |
|
Variable fields |
Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number. |
|
Severity level |
3 |
|
Example |
DEV/3/FAN_ABSENT: Fan 2 is absent. |
|
Explanation |
A fan tray was not in place. |
|
Recommended action |
1. Check the fan tray slot: ¡ If the fan tray slot is empty, the temperature might have increased and the system recommends that you install a fan tray. ¡ If a fan tray is present, verify that the fan tray is securely seated. 2. Replace the fan tray if the message persists. 3. If the problem persists, contact technical support. |
FAN_DIRECTION_NOT_PREFERRED
|
Message text |
Fan [INT32] airflow direction is not preferred on [STRING], please check it. |
|
Variable fields |
$1: Fan tray number. $2: Chassis number and slot number or slot number. |
|
Severity level |
1 |
|
Example |
DEV/1/FAN_DIRECTION_NOT_PREFERRED: Fan 1 airflow direction is not preferred on slot 1, please check it. |
|
Explanation |
The airflow direction of the fan tray is different from the airflow direction setting. |
|
Recommended action |
1. Verify that the airflow direction setting is correct. 2. Verify that the fan tray model provides the same airflow direction as the configured setting. 3. If the problem persists, contact technical support. |
FAN_FAILED
|
Message text |
Pattern 1: Fan [INT32] failed. Pattern 2: Chassis [INT32] fan [INT32] failed. |
|
Variable fields |
Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number. |
|
Severity level |
2 |
|
Example |
DEV/2/FAN_FAILED: Fan 2 failed. |
|
Explanation |
The fan tray stopped because of an exception. |
|
Recommended action |
Replace the fan tray. |
FAN_RECOVERED
|
Message text |
Pattern 1: Fan [INT32] recovered. Pattern 2: Chassis [INT32] fan [INT32] recovered. |
|
Variable fields |
Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number. |
|
Severity level |
5 |
|
Example |
DEV/5/FAN_RECOVERED: Fan 2 recovered. |
|
Explanation |
The fan tray started to operate correctly after it was installed. |
|
Recommended action |
No action is required. |
MAD_DETECT
|
Message text |
Multi-active devices detected, please fix it. |
|
Variable fields |
N/A |
|
Severity level |
1 |
|
Example |
DEV/1/MAD_DETECT: Multi-active devices detected, please fix it. |
|
Explanation |
Multiple member devices were found active. |
|
Recommended action |
1. Use the display irf command to view which member devices have left the original IRF fabric. 2. Use the display irf link command to locate the IRF link with problems. 3. Fix the IRF link in DOWN state. |
MAD_PROC
|
Message text |
[STRING] protocol detected MAD conflict: Local health value=[UINT32], Peer health value=[UINT32]. |
|
Variable fields |
$1: Protocol that detected the MAD conflict, ARP, ND, LACP, or BFD. $2: Current health value of the local IRF. $3: Current health value of the peer IRF. |
|
Severity level |
6 |
|
Example |
DEV/6/MAD_PROC: ARP protocol detected MAD conflict: Local health value=1, Peer health value=0. |
|
Explanation |
ARP, ND, LACP, or BFD detected a MAD conflict on the IRF fabric. A health value of 0 indicates that the IRF fabric is healthy. A greater health value indicates a worse health situation. |
|
Recommended action |
No action is required. |
POWER_ABSENT
|
Message text |
Pattern 1: Power [INT32] is absent. Pattern 2: Chassis [INT32] power [INT32] is absent. |
|
Variable fields |
Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number. |
|
Severity level |
3 |
|
Example |
DEV/3/POWER_ABSENT: Power 1 is absent. |
|
Explanation |
A power supply was removed. |
|
Recommended action |
1. Check the power supply slot. ¡ If the power supply slot is empty, install a power supply. ¡ If a power supply is present, verify that the power supply is securely seated. 2. If the problem persists, replace the power supply. 3. If the problem persists, contact technical support. |
POWER_FAILED
|
Message text |
Pattern 1: Power [INT32] failed. Pattern 2: Chassis [INT32] power [INT32] failed. |
|
Variable fields |
Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number. |
|
Severity level |
2 |
|
Example |
DEV/2/POWER_FAILED: Power 1 failed. |
|
Explanation |
A power supply failed. |
|
Recommended action |
Replace the power supply. |
POWER_MONITOR_ABSENT
|
Message text |
Pattern 1: Power monitor unit [INT32] is absent. Pattern 2: Chassis [INT32] power monitor unit [INT32] is absent. |
|
Variable fields |
Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number. |
|
Severity level |
3 |
|
Example |
DEV/3/POWER_MONITOR_ABSENT: Power monitor unit 1 is absent. |
|
Explanation |
A power monitoring module was removed. |
|
Recommended action |
1. Check the power monitoring module slot. ¡ If the power monitoring module slot is empty, install a power monitoring module. ¡ If a power monitoring module is present, verify that the power monitoring module is securely seated. 2. If the problem persists, replace the power monitoring module. 3. If the problem persists, contact technical support. |
POWER_MONITOR_FAILED
|
Message text |
Pattern 1: Power monitor unit [INT32] failed. Pattern 2: Chassis [INT32] power monitor unit [INT32] failed. |
|
Variable fields |
Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number. |
|
Severity level |
2 |
|
Example |
DEV/2/POWER_MONITOR_FAILED: Power monitor unit 1 failed. |
|
Explanation |
A power monitoring module failed. |
|
Recommended action |
Replace the power monitoring module. |
POWER_MONITOR_RECOVERED
|
Message text |
Pattern 1: Power monitor unit [INT32] recovered. Pattern 2: Chassis [INT32] power monitor unit [INT32] recovered. |
|
Variable fields |
Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number. |
|
Severity level |
5 |
|
Example |
DEV/5/POWER_MONITOR_RECOVERED: Power monitor unit 1 recovered. |
|
Explanation |
The power monitoring module started to operate correctly after it was installed. |
|
Recommended action |
No action is required. |
POWER_RECOVERED
|
Message text |
Pattern 1: Power [INT32] recovered. Pattern 2: Chassis [INT32] power [INT32] recovered. |
|
Variable fields |
Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number. |
|
Severity level |
5 |
|
Example |
DEV/5/POWER_RECOVERED: Power 1 recovered. |
|
Explanation |
The power supply started to operate correctly after it was installed. |
|
Recommended action |
No action is required. |
RPS_ABSENT
|
Message text |
Pattern 1: RPS [INT32] is absent. Pattern 2: Chassis [INT32] RPS [INT32] is absent. |
|
Variable fields |
Pattern 1: $1: RPS number. Pattern 2: $1: Chassis number. $2: RPS number. |
|
Severity level |
3 |
|
Example |
DEV/3/RPS_ABSENT: RPS 1 is absent. |
|
Explanation |
An RPS was removed. |
|
Recommended action |
1. Check the RPS slot. ¡ If the RPS slot is empty, install an RPS. ¡ If an RPS is present, verify that the RPS is securely seated. 2. If the problem persists, replace the RPS. 3. If the problem persists, contact technical support. |
RPS_FAILED
|
Message text |
Pattern 1: RPS [INT32] failed. Pattern 2: Chassis [INT32] RPS [INT32] failed. |
|
Variable fields |
Pattern 1: $1: RPS number. Pattern 2: $1: Chassis number. $2: RPS number. |
|
Severity level |
2 |
|
Example |
DEV/2/RPS_FAILED: RPS 2 failed. |
|
Explanation |
An RPS failed or is not providing power. |
|
Recommended action |
1. Verify that the power cable is firmly connected. 2. If the problem persists, remove the RPS and then install it again. 3. If the problem persists, replace the RPS. |
RPS_NORMAL
|
Message text |
Pattern 1: RPS [INT32] is normal. Pattern 2: Chassis [INT32] RPS [INT32] is normal. |
|
Variable fields |
Pattern 1: $1: RPS number. Pattern 2: $1: Chassis number. $2: RPS number. |
|
Severity level |
5 |
|
Example |
DEV/5/RPS_NORMAL: RPS 1 is normal. |
|
Explanation |
The RPS started to operate correctly after it was installed. |
|
Recommended action |
No action is required. |
SUBCARD_FAULT
|
Message text |
Subcard state changed to Fault on [STRING] subslot [INT32], type is [STRING]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type. |
|
Severity level |
2 |
|
Example |
DEV/2/SUBCARD_FAULT: Subcard state changed to Fault on slot 1 subslot 1, type is MIM-1ATM-OC3SML. |
|
Explanation |
The subcard failed, or its status changed to Fault after it was rebooted. |
|
Recommended action |
Track the status of the subcard. · If the status of the subcard changes to Normal later, no action is required. · If the status is always Fault, replace the subcard. |
SUBCARD_INSERTED
|
Message text |
Subcard was inserted in [STRING] subslot [INT32], type is [STRING]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type. |
|
Severity level |
4 |
|
Example |
DEV/4/SUBCARD_INSERTED: Subcard was inserted in slot 1 subslot 1, type is MIM-1ATM-OC3SML. |
|
Explanation |
A subcard was installed. |
|
Recommended action |
No action is required. |
|
Message text |
This firmware does not exist on Slot [UINT32] . Please download the firmware to nandflash first, then re-plug the SSAE-CS card. |
|
|
Variable fields |
$1: Slot number of the device. |
|
|
Severity level |
4 |
|
|
Example |
DEV/4/SUBCARD_INSERTED: This firmware does not exist on Slot 1. Please download the firmware to nandflash first, then re-plug the SSAE-CS card. |
|
|
Impact |
The related subcards cannot operate correctly. |
|
|
Cause |
A subcard can be compatible with the device only after the subcard is updated as required. |
|
|
Recommended action |
Download the firmware image file to nandflash, and re-insert the LSWM2FPGA NetStream or LSWM2FPGAB NetStream interface subcard. |
|
SUBCARD_REBOOT
|
Message text |
Subcard is rebooting on [STRING] subslot [INT32]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Subslot number. |
|
Severity level |
5 |
|
Example |
DEV/5/SUBCARD_REBOOT: Subcard is rebooting on slot 1 subslot 1. |
|
Explanation |
The subcard was manually or automatically rebooted. |
|
Recommended action |
· If the subcard operates correctly after it starts up, no action is required. · If you want to know the reboot reason or the subcard keeps rebooting, contact technical support. |
SUBCARD_REMOVED
|
Message text |
Subcard was removed from [STRING] subslot [INT32], type is [STRING]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type. |
|
Severity level |
3 |
|
Example |
DEV/3/SUBCARD_REMOVED: Subcard was removed from slot 1 subslot 1, type is MIM-1ATM-OC3SML. |
|
Explanation |
A subcard was removed. |
|
Recommended action |
If the subcard was not manually removed, perform the following tasks: 1. Verify that the subcard is securely seated. 2. Replace the subcard if the message persists. 3. If the problem persists, contact technical support. |
SYSTEM_REBOOT
|
Message text |
System is rebooting now. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
DEV/5/SYSTEM_REBOOT: System is rebooting now. |
|
Explanation |
The system was manually or automatically rebooted. |
|
Recommended action |
If an unexpected automatic reboot occurred, perform the following tasks: 1. Execute the display version command after the system starts up. 2. Check the Last reboot reason field for the reboot reason. 3. If an exception caused the reboot, contact technical support. |
TEMPERATURE_ALARM
|
Message text |
Pattern 1: Temperature is greater than the high-temperature alarming threshold on sensor [STRING] [USHOT]. Pattern 2: Temperature is greater than the high-temperature alarming threshold on [STRING] sensor [STRING] [USHOT]. Pattern 3: Temperature is greater than the high-temperature alarming threshold on [STRING] [STRING] sensor [STRING] [USHOT]. |
|
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. |
|
Severity level |
4 |
|
Example |
DEV/4/TEMPERATURE_ALARM: Temperature is greater than the high-temperature alarming threshold on slot 1 sensor inflow 1. |
|
Explanation |
A sensor's temperature exceeded the high-temperature alarming threshold. The ambient temperature was too high or the fan tray was not operating correctly. |
|
Recommended action |
1. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 2. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it. |
TEMPERATURE_LOW
|
Message text |
Pattern 1: Temperature is less than the low-temperature threshold on sensor [STRING] [INT32]. Pattern 2: Temperature is less than the low-temperature threshold on [STRING] sensor [STRING] [INT32]. Pattern 3: Temperature is less than the low-temperature threshold on [STRING] [STRING] sensor [STRING] [INT32]. |
|
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. |
|
Severity level |
4 |
|
Example |
DEV/4/TEMPERATURE_LOW: Temperature is less than the low-temperature threshold on slot 1 sensor inflow 1. |
|
Explanation |
A sensor's temperature fell below the low-temperature threshold. |
|
Recommended action |
Adjust the ambient temperature higher. |
TEMPERATURE_NORMAL
|
Message text |
Pattern 1: Temperature changed to normal on sensor [STRING] [INT32]. Pattern 2: Temperature changed to normal on [STRING] sensor [STRING] [INT32]. Pattern 3: Temperature changed to normal on [STRING] [STRING] sensor [STRING] [INT32]. |
|
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. |
|
Severity level |
5 |
|
Example |
DEV/5/TEMPERATURE_NORMAL: Temperature changed to normal on slot 1 sensor inflow 1. |
|
Explanation |
A sensor's temperature was normal (between the low-temperature threshold and the high-temperature warning threshold). |
|
Recommended action |
No action is required. |
TEMPERATURE_SHUTDOWN
|
Message text |
Pattern 1: Temperature is greater than the high-temperature shutdown threshold on sensor [STRING] [INT32]. The slot will be powered off automatically. Pattern 2: Temperature is greater than the high-temperature shutdown threshold on [STRING] sensor [STRING] [INT32]. The slot will be powered off automatically. Pattern 3: Temperature is greater than the high-temperature shutdown threshold on [STRING] [STRING] sensor [STRING] [INT32]. The slot will be powered off automatically. |
|
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. |
|
Severity level |
2 |
|
Example |
DEV/2/TEMPERATURE_SHUTDOWN: Temperature is greater than the high-temperature shutdown threshold on slot 1 sensor inflow 1. The slot will be powered off automatically. |
|
Explanation |
A sensor's temperature exceeded the high-temperature shutdown threshold. The ambient temperature was too high or the fan tray was not operating correctly. |
|
Recommended action |
1. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 2. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it. |
TEMPERATURE_WARNING
|
Message text |
Pattern 1: Temperature is greater than the high-temperature warning threshold on sensor [STRING] [INT32]. Pattern 2: Temperature is greater than the high-temperature warning threshold on [STRING] sensor [STRING] [INT32]. Pattern 3: Temperature is greater than the high-temperature warning threshold on [STRING] [STRING] sensor [STRING] [INT32]. |
|
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. |
|
Severity level |
4 |
|
Example |
DEV/4/TEMPERATURE_WARNING: Temperature is greater than the high-temperature warning threshold on slot 1 sensor inflow 1. |
|
Explanation |
A sensor's temperature exceeded the high-temperature warning threshold. The ambient temperature was too high or the fan tray was not operating correctly. |
|
Recommended action |
1. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 2. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it. |
TIMER_CREATE_FAILED_FIRST
|
Message text |
The process with PID [UINT] failed to create a timer. Reason: [STRING]. |
|
Variable fields |
$1: PID of the process. $2: Reason for the timer creation failure. The value is "Maximum number of timers already reached." |
|
Severity level |
4 |
|
Example |
DEV/4/TIMER_CREATE_FAILED_FIRST: The process with PID 70 failed to create a timer. Reason: Maximum number of timers already reached. |
|
Explanation |
The system outputs this message when a process fails to create a timer for the first time. The system uses the following mechanism to avoid frequent output of messages that report timer creation failures: · The system outputs a TIMER_CREATE_FAILED_FIRST message when a process fails to create a timer for the first time. · If a timer creation failure occurs again 15 minutes after the first failure, the system outputs a TIMER_CREATE_FAILED_MORE message. The TIMER_CREATE_FAILED_MORE message contains the time when the last timer creation failure message was generated, and the number of timer creation failures between the last and current messages that report timer creation failures. The system does not generate log messages about timer creation failures that occurred within the 15 minutes. |
|
Recommended action |
1. Restart the device to recover the service module corresponding to the process. 2. If the problem persists, contact technical support. |
TIMER_CREATE_FAILED_MORE
|
Message text |
The process with PID [UINT] failed to create a timer:[UINT] consecutive failures since [STRING]. Reason for the failure: [STRING].. |
|
Variable fields |
$1: PID of the process. $2: Number of timer creation failures between the last and current messages that report timer creation failures. $3: Last time when the creation failure log message was generated. $4: Reason for this timer creation failure. The value is "Maximum number of timers already reached." |
|
Severity level |
4 |
|
Example |
DEV/4/TIMER_CREATE_FAILED_MORE: The process with PID 70 failed to create a timer: 2 consecutive failures since 2019/11/21 16:00:00. Reason for this failure: Maximum number of timers already reached. |
|
Explanation |
The system outputs this message when a process fails to create a timer again 15 minutes after the first-time creation failure. The system uses the following mechanism to avoid frequent output of messages that report timer creation failures: · The system outputs a TIMER_CREATE_FAILED_FIRST message when a process fails to create a timer for the first time. · If a timer creation failure occurs again 15 minutes after the first failure, the system outputs a TIMER_CREATE_FAILED_MORE message. The TIMER_CREATE_FAILED_MORE message contains the time when the last timer creation failure message was generated, and the number of timer creation failures between the last and current messages that report timer creation failures. The system does not generate log messages about timer creation failures that occurred within the 15 minutes. |
|
Recommended action |
1. Restart the device to recover the service module corresponding to the process. 2. If the problem persists, contact technical support. |
VCHK_VERSION_INCOMPATIBLE
|
Message text |
Software version of [STRING] is incompatible with that of the MPU. |
|
Variable fields |
$1: Chassis number and slot number or slot number. |
|
Severity level |
1 |
|
Example |
DEV/1/ VCHK_VERSION_INCOMPATIBLE: Software version of slot 1 is incompatible with that of the MPU. |
|
Explanation |
A PEX that was starting up detected that its software version is incompatible with the parent device's software version. |
|
Recommended action |
Specify a set of startup software images for the PEX. Make sure the images are compatible with the parent device's software images. |
DHCP
This section contains DHCP messages.
DHCP_NOTSUPPORTED
|
Message text |
Failed to apply filtering rules for DHCP packets because some rules are not supported. |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
DHCP/3/DHCP_NOTSUPPORTED: Failed to apply filtering rules for DHCP packets because some rules are not supported. |
|
Explanation |
The system failed to apply filtering rules for DHCP packets because some rules are not supported on the device. |
|
Recommended action |
No action is required. |
DHCP_NORESOURCES
|
Message text |
Failed to apply filtering rules for DHCP packets because hardware resources are insufficient. |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
DHCP/3/DHCP_NORESOURCES: Failed to apply filtering rules for DHCP packets because hardware resources are insufficient. |
|
Explanation |
The system failed to apply filtering rules for DHCP packets because the hardware resources are insufficient. |
|
Recommended action |
Release hardware resources and then apply the rules again. |
DHCPR
This section contains DHCP relay agent messages.
DHCPR_SERVERCHANGE
|
Message text |
Switched to the server at [IPADDR] (VPN name: [STRING]) because the current server did not respond. Switched to the DHCP server at [IPADDR] (Public network) because the current DHCP server did not respond. |
|
Variable fields |
$1: IP address of the DHCP server. $2: VPN information of the DHCP server. $3: IP address of the DHCP server on the public network. |
|
Severity level |
3 |
|
Example |
DHCPR/3/DHCPR_SERVERCHANGE: -MDC=1; Switched to the server at 2.2.2.2 ( VPN name: 1 ) because the current server did not respond. |
|
Explanation |
The DHCP relay agent did not receive any responses from the current DHCP server and switched to another DHCP server in the specified VPN or on the public network for IP address acquisition. |
|
Recommended action |
No action is required. |
DHCPR_SWITCHMASTER
|
Message text |
Switched to the master DHCP server at [IPADDR]. |
|
Variable fields |
$1: IP address of the master DHCP server. |
|
Severity level |
3 |
|
Example |
DHCPR/3/DHCPR_SWITCHMASTER: -MDC=1; Switched to the master DHCP server at 2.2.2.2. |
|
Explanation |
After a switchback delay time, the DHCP relay agent switched from a backup DHCP server back to the master DHCP server for IP address acquisition. |
|
Recommended action |
No action is required. |
DHCPS messages
This section contains DHCP server messages.
DHCPS_ALLOCATE_IP
|
Message text |
DHCP server received a DHCP client's request packet on interface [STRING], and allocated an IP address [IPADDR](lease [UINT32] seconds) for the DHCP client(MAC [MAC]) from [STRING] pool. |
|
Variable fields |
$1: Name of the interface on which DHCP server is configured. $2: IPv4 address assigned to the DHCP client. $3: Lease duration of the assigned IPv4 address. $4: MAC address of the DHCP client. $5: Name of the address pool to which the assigned IPv4 address belongs. |
|
Severity level |
5 |
|
Example |
DHCPS/5/DHCPS_ALLOCATE_IP: DHCP server received a DHCP client’s request packet on interface Ethernet0/2, and allocated an IP address 1.0.0.91(lease 86400 seconds) for the DHCP client(MAC 0000-0000-905a) from p1 pool. |
|
Explanation |
The DHCP server assigned an IPv4 address with a lease to a DHCP client. |
|
Recommended action |
No action is required. |
DHCPS_CONFLICT_IP
|
Message text |
A conflict IP [IPADDR] from [STRING] pool was detected by DHCP server on interface [STRING]. |
|
Variable fields |
$1: IPv4 address that is in conflict. $2: Name of the address pool to which the conflicting IPv4 address belongs. $3: Name of the interface on which DHCP server is configured. |
|
Severity level |
5 |
|
Example |
DHCPS/5/DHCPS_CONFLICT_IP: A conflict IP 100.1.1.1 from p1 pool was detected by DHCP server on interface Ethernet0/2. |
|
Explanation |
The DHCP server deleted a conflicting IPv4 address from an address pool. |
|
Recommended action |
No action is required. |
DHCPS_EXTEND_IP
|
Message text |
DHCP server received a DHCP client's request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IP [IPADDR], MAC [MAC]). |
|
Variable fields |
$1: Name of the interface on which DHCP server is configured. $2: Name of the address pool to which the client's IPv4 address belongs. $3: IPv4 address of the DHCP client. $4: MAC address of the DHCP client. |
|
Severity level |
5 |
|
Example |
DHCPS/5/DHCPS_EXTEND_IP: DHCP server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IP 1.0.0.91, MAC 0000-0000-905a). |
|
Explanation |
The DHCP server extended the lease for a DHCP client. |
|
Recommended action |
No action is required. |
DHCPS_FILE
|
Message text |
Failed to save DHCP client information due to lack of storage resources. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
DHCPS/4/DHCPS_FILE: Failed to save DHCP client information due to lack of storage resources. |
|
Explanation |
The DHCP server failed to back up DHCP bindings to the backup file due to lack of storage resources. |
|
Recommended action |
Delete unnecessary files to release resources. |
DHCPS_RECLAIM_IP
|
Message text |
DHCP server reclaimed a [STRING] pool’s lease(IP [IPADDR], lease [UINT32] seconds), which is allocated for the DHCP client (MAC [MAC]). |
|
Variable fields |
$1: Name of the address pool to which the assigned IPv4 address belongs. $2: IPv4 address assigned to the DHCP client. $3: Lease duration of the assigned IPv4 address. $4: MAC address of the DHCP client. |
|
Severity level |
5 |
|
Example |
DHCPS/5/DHCPS_RECLAIM_IP: DHCP server reclaimed a p1 pool’s lease(IP 1.0.0.91, lease 86400 seconds), which is allocated for the DHCP client (MAC 0000-0000-905a). |
|
Explanation |
The DHCP server reclaimed the IPv4 address assigned to a DHCP client. |
|
Recommended action |
No action is required. |
DHCPS_VERIFY_CLASS
|
Message text |
Illegal DHCP client-PacketType=[STRING]-ClientAddress=[MAC]; |
|
Variable fields |
$1: Type of the packet. $2: Hardware address of the DHCP client. |
|
Severity level |
5 |
|
Example |
|
|
Explanation |
The DHCP server verified that the DHCP client was not on the user class whitelist. |
|
Recommended action |
Check the validity of the DHCP client. |
DHCPS6 messages
This section contains DHCPv6 server messages.
DHCPS6_ALLOCATE_ADDRESS
|
Message text |
DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 address [IPADDR] (lease [UINT32] seconds) for the DHCP client(DUID [HEX], IAID [HEX]) from [STRING] pool. |
|
Variable fields |
$1: Name of the interface on which DHCPv6 server is configured. $2: IPv6 address assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 address. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. $6: Name of the address pool to which the assigned IPv6 address belongs. |
|
Severity level |
5 |
|
Example |
DHCPS6/5/DHCPS6_ALLOCATE_ADDRESS: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and allocated an IPv6 address 2000::3(lease 60 seconds) for the DHCP client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool. |
|
Explanation |
The DHCPv6 server assigned an IPv6 address with a lease to a DHCPv6 client. |
|
Recommended action |
No action is required. |
DHCPS6_ALLOCATE_PREFIX
|
Message text |
DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 prefix [IPADDR] (lease [UINT32] seconds) for the DHCP client(DUID [HEX], IAID [HEX]) from [STRING] pool. |
|
Variable fields |
$1: Name of the interface on which DHCPv6 server is configured. $2: IPv6 prefix assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 prefix. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. $6: Name of the address pool to which the assigned IPv6 prefix belongs. |
|
Severity level |
5 |
|
Example |
DHCPS6/5/DHCPS6_ALLOCATE_PREFIX: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and allocated an IPv6 prefix 2000::(lease 60 seconds) for the DHCP client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool. |
|
Explanation |
The DHCPv6 server assigned an IPv6 prefix with a lease to a DHCPv6 client. |
|
Recommended action |
No action is required. |
DHCPS6_CONFLICT_ADDRESS
|
A conflict IPv6 address [IPADDR] from [STRING] pool was detected by DHCPv6 server on interface [STRING]. |
|
|
Variable fields |
$1: IPv6 address that is in conflict. $2: Name of the address pool to which the conflicting IPv6 address belongs. $3: Name of the interface on which DHCPv6 server is configured. |
|
Severity level |
5 |
|
Example |
DHCPS6/5/DHCPS6_CONFLICT_ADDRESS: A conflict IPv6 address 33::1 from p1 pool was detected by DHCPv6 server on interface Ethernet0/2. |
|
Explanation |
The DHCPv6 server deleted a conflicting IPv6 address from an address pool. |
|
Recommended action |
No action is required. |
DHCPS6_EXTEND_ADDRESS
|
Message text |
DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCPv6 client (IPv6 address [IPADDR], DUID [HEX], IAID [HEX]). |
|
Variable fields |
$1: Name of the interface on which DHCPv6 server is configured. $2: Name of the address pool to which the client's IPv6 address belongs. $3: IPv6 address of the DHCPv6 client. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. |
|
Severity level |
5 |
|
Example |
DHCPS6/5/DHCPS6_EXTEND_ADDRESS: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCPv6 client (IPv6 address 2000::3, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f). |
|
Explanation |
The DHCPv6 server extended the address lease for a DHCPv6 client. |
|
Recommended action |
No action is required. |
DHCPS6_EXTEND_PREFIX
|
Message text |
DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCPv6 client (IPv6 prefix [IPADDR], DUID [HEX], IAID [HEX]). |
|
Variable fields |
$1: Name of the interface on which DHCPv6 server is configured. $2: Name of the address pool to which the client's IPv6 prefix belongs. $3: IPv6 prefix of the DHCPv6 client. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. |
|
Severity level |
5 |
|
Example |
DHCPS6/5/DHCPS6_EXTEND_PREFIX: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCPv6 client (IPv6 prefix 2000::, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f). |
|
Explanation |
The DHCPv6 server extended the prefix lease for a DHCPv6 client. |
|
Recommended action |
No action is required. |
DHCPS6_FILE
|
Message text |
Failed to save DHCP client information due to lack of storage resources. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
DHCPS6/4/DHCPS6_FILE: Failed to save DHCP client information due to lack of storage resources. |
|
Explanation |
The DHCPv6 server failed to back up DHCPv6 bindings to the backup file due to lack of storage resources. |
|
Recommended action |
Delete unnecessary files to release resources. |
DHCPS6_RECLAIM_ADDRESS
|
Message text |
DHCPv6 server reclaimed a [STRING] pool's lease(IPv6 address [IPADDR], lease [UINT32] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]). |
|
Variable fields |
$1: Name of the address pool to which the assigned IPv6 address belongs. $2: IPv6 address assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 address. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. |
|
Severity level |
5 |
|
Example |
DHCPS6/5/DHCPS6_RECLAIM_ADDRESS: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 address 2000::3, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f). |
|
Explanation |
The DHCPv6 server reclaimed the IPv6 address assigned to a DHCPv6 client. |
|
Recommended action |
No action is required. |
DHCPS6_RECLAIM_PREFIX
|
Message text |
DHCPv6 server reclaimed a [STRING] pool’s lease(IPv6 prefix [IPADDR], lease [INTEGER] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]). |
|
Variable fields |
$1: Name of the address pool to which the assigned IPv6 prefix belongs. $2: IPv6 prefix assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 prefix. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. |
|
Severity level |
5 |
|
Example |
DHCPS6/5/DHCPS6_RECLAIM_PREFIX: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 prefix 2000::, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f). |
|
Explanation |
The DHCPv6 server reclaimed the IPv6 prefix assigned to a DHCPv6 client. |
|
Recommended action |
No action is required. |
DHCPSP4
This section contains DHCP snooping messages.
DHCPSP4_FILE
|
Message text |
Failed to save DHCP client information due to lack of storage resources. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
DHCPSP4/4/DHCPSP4_FILE: Failed to save DHCP client information due to lack of storage resources. |
|
Explanation |
The DHCP snooping device failed to back up DHCP snooping entries to the backup file due to lack of storage resources. |
|
Recommended action |
Delete unnecessary files to release resources. |
DHCPSP4_UNTRUSTED_SERVER
|
Message text |
Detected reply packet from untrusted server. Server info: IPaddress = [IPADDR], MACaddress = [MAC], Interface = [STRING]. |
|
Variable fields |
$1: IP address of the untrusted DHCP server. $2: MAC address of the untrusted DHCP server. $3: Name of the interface that connects to the untrusted DHCP server. |
|
Severity level |
4 |
|
Example |
DHCPSP4/4/DHCPSP4_UNTRUSTED_SERVER: Detected reply packet from untrusted server. Server Info: IPaddress = 192.168.1.1, MACaddress = 78a0-7aa4-0307, Interface = GigabitEthernet1/0/1. |
|
Explanation |
This message is sent when the DHCP snooping device detects and drops a DHCP reply from an untrsusted DHCP server. |
|
Recommended action |
Locate the untrusted DHCP server according to the IP address and MAC address information, and isolate the server if necessary. |
DHCPSP6
This section contains DHCPv6 snooping messages.
DHCPSP6_FILE
|
Message text |
Failed to save DHCP client information due to lack of storage resources. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
DHCPSP6/4/DHCPSP6_FILE: Failed to save DHCP client information due to lack of storage resources. |
|
Explanation |
The DHCPv6 snooping device failed to back up DHCPv6 snooping entries to the backup file due to lack of storage resources. |
|
Recommended action |
Delete unnecessary files to release resources. |
DIAG messages
This section contains diagnostic messages.
CPU_MINOR_RECOVERY
|
Message text |
CPU usage minor alarm removed. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
DIAG/5/CPU_MINOR_RECOVERY: CPU usage minor alarm removed. |
|
Impact |
No negative impact on the system. |
|
Cause |
The CPU usage decreased below the recovery threshold. The alarm was removed and the CPU usage status changed to recovered state. |
|
Recommended action |
No action is required. |
CPU_MINOR_THRESHOLD
|
Message text |
CPU usage is in minor alarm state. CPU usage: [UINT]% in last 1 minute. CPU usage thresholds: Minor: [UINT]% Severe: [UINT]% Recovery: [UINT]% Process info: JID PID PRI State FDs HH:MM:SS CPU Name [UINT] [UINT] [UINT] [CHAR] [UINT] [CHAR] [CHAR] [CHAR] Core states: ID Idle User Kernel Interrupt Busy CPU[UINT] [CHAR] [CHAR] [CHAR] [CHAR] [CHAR] |
|
Variable fields |
$1: CPU usage during the last minute. $2: Minor CPU usage alarm threshold. $3: Severe CPU usage alarm threshold. $4: CPU usage recovery threshold. $5: Job ID of the process. $6: PID of the process. $7: Priority of the process. $8: Status of the process. $9: Number of file handles. $10: Running time of the process. $11: CPU usage of the process. $12: Name of the process. $13: Core ID. $14: Idle time. $15: Time used by processes in the user space. $16: Time used by kernel threads. $17: Time used by interrupts. $18: Total time used. |
|
Severity level |
4 (Warning) |
|
Example |
DIAG/4/CPU_MINOR_THRESHOLD: CPU usage is in minor alarm state. CPU usage: 3% in last 1 minute. CPU usage thresholds: Minor: 1% Severe: 2% Recovery: 0% Process info: JID PID PRI State FDs HH:MM:SS CPU Name 108398 108398120 S 36 00:00:0 12.58% snmpd 52 52 102 S 0 00:01:2 2.58% [DRV_FWD] 371 371 120 S 95 00:18:5 0.17% pppd 90 90 120 R 18 00:12:0 0.34% diagd 109 109 119 S 41 00:11:1 0.00% vbrd Core states: ID Idle User Kernel Interrupt Busy CPU0 98.61% 0.24% 0.62% 0.53% 1.39% CPU1 99.88% 0.00% 0.03% 0.09% 0.12% |
|
Impact |
The device's operating speed will become slow, CPU processing capability will decline, and available CPU resources will become insufficient. |
|
Cause |
The CPU usage increased above the minor alarm threshold and entered minor alarm state. The device sends this message periodically until the CPU usage increases above the severe threshold or the minor alarm is removed. |
|
Recommended action |
1. Check the log information and identify the processes that have high CPU usage. 2. Close the processes that are not in use based on the analysis result. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
CPU_SEVERE_RECOVERY
|
Message text |
CPU usage severe alarm removed. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
DIAG/5/CPU_RECOVERY: CPU usage severe alarm removed. |
|
Impact |
No negative impact on the system. |
|
Cause |
The CPU usage decreased to or below the minor alarm threshold and the severe alarm was removed. |
|
Recommended action |
No action is required. |
CPU_SEVERE_THRESHOLD
|
Message text |
CPU usage is in severe alarm state. CPU usage: [UINT]% in last 1 minute. CPU usage thresholds: Minor: [UINT]% Severe: [UINT]% Recovery: [UINT]% Process info: JID PID PRI State FDs HH:MM:SS CPU Name [UINT] [UINT] [UINT] [CHAR] [UINT] [CHAR] [CHAR] [CHAR] Core states: ID Idle User Kernel Interrupt Busy CPU[UINT] [CHAR] [CHAR] [CHAR] [CHAR] [CHAR] |
|
Variable fields |
$1: CPU usage during the last minute. $2: Minor CPU usage alarm threshold. $3: Severe CPU usage alarm threshold. $4: CPU usage recovery threshold. $5: Job ID of the process. $6: PID of the process. $7: Priority of the process. $8: Status of the process. $9: Number of file handles. $10: Running time of the process. $11: CPU usage of the process. $12: Name of the process. $13: Core ID. $14: Idle time. $15: Time used by processes in the user space. $16: Time used by kernel threads. $17: Time used by interrupts. $18: Total time used. |
|
Severity level |
3 (Error) |
|
Example |
DIAG/3/CPU_THRESHOLD: CPU usage is in severe alarm state. CPU usage: 3% in last 1 minute. CPU usage thresholds: Minor: 1% Severe: 2% Recovery: 0% Process info: JID PID PRI State FDs HH:MM:SS CPU Name 108398 108398120 S 36 00:00:0 12.58% snmpd 52 52 102 S 0 00:01:2 2.58% [DRV_FWD] 371 371 120 S 95 00:18:5 0.17% pppd 90 90 120 R 18 00:12:0 0.34% diagd 109 109 119 S 41 00:11:1 0.00% vbrd Core states: ID Idle User Kernel Interrupt Busy CPU0 98.61% 0.24% 0.62% 0.53% 1.39% CPU1 99.88% 0.00% 0.03% 0.09% 0.12% |
|
Impact |
The device's operating speed will become slow, CPU processing capability will decline, and available CPU resources will become insufficient. |
|
Cause |
The CPU usage increased above the severe alarm threshold and entered severe alarm state. The device sends this message periodically until the severe alarm is removed. |
|
Recommended action |
1. Use the display current-configuration | include "monitor cpu-usage" command to view the alarm thresholds. Use the monitor cpu-usage command to adjust the alarm thresholds as required. 2. If the issue persists for more than 10 minutes, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
CPU_USAGE_LASTMINUTE
|
Message text |
CPU usage was [STRING] in last minute. |
|
Variable fields |
$1: CPU usage in percentage. |
|
Severity level |
5 (Notification) |
|
Example |
DIAG/5/CPU_USAGE_LASTMINUTE: CPU usage was 10% in last minute. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message indicates the average CPU usage in the last minute. |
|
Recommended action |
No action is required. |
DIAG_DEADLOOP_DETECT
|
Message text |
Deadloop detected on [STRING] cpu [INT] core [INT]. |
|
Variable fields |
$1: Chassis number + slot number or slot number $2: CPU number $3: CPU core number |
|
Severity level |
0 (Emergency) |
|
Example |
DIAG/0/DIAG_DEADLOOP_DETECT: Deadloop detected on slot 1 cpu 0 core 0. |
|
Impact |
The process cannot operate correctly and the corresponding services are affected. |
|
Cause |
A dead loop was detected on a kernel thread. |
|
Recommended action |
1. Use the display process command to view the processing running status. If the process is in R status for a long time, the process will be forcibly restarted after a period of time. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
DIAG_FD_UPLIMIT_REACHED
|
Message text |
FD number upper limit already reached: Process name=[STRING], PID=[INTEGER]. |
|
Variable fields |
$1: Name of a process. $2: ID of the process. |
|
Severity level |
4 (Warning) |
|
Example |
DIAG/4/DIAG_FD_UPLIMIT_REACHED: FD number upper limit already reached: Process name=snmpd, PID=244. |
|
Impact |
The process cannot open new files. |
|
Cause |
The maximum number of file descriptors that a process can use has been reached. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
DIAG_FD_UPLIMIT_TO_REACH
|
Message text |
Number of FDs is about to reach the upper limit: Process name=[STRING], PID=[INTEGER]. |
|
Variable fields |
$1: Name of a process. $2: ID of the process. |
|
Severity level |
4 (Warning) |
|
Example |
DIAG/4/DIAG_FD_UPLIMIT_TO_REACH: Number of FDs is about to reach the upper limit. Process name=snmpd, PID=244. |
|
Impact |
No negative impact on the system. Observe whether the number of file descriptors used by the process keeps rising. |
|
Cause |
The maximum number of file descriptors that a process can use was about to be reached. |
|
Recommended action |
No action is required. |
DIAG_STORAGE_BELOW_THRESHOLD
|
Message text |
The usage of [STRING] ([UINT32]%) was below or equal to the threshold of [UINT32]%. |
|
Variable fields |
$1: Name of the storage medium. $2: Disk usage of the storage medium. $3: Disk usage threshold for the storage medium. |
|
Severity level |
4 (Warning) |
|
Example |
DIAG/4/DIAG_STORAGE_BELOW_THRESHOLD: The usage of flash (90%) was below or equal to the threshold of 95%. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message indicates that the storage medium has sufficient space, because the disk usage is not higher than the threshold. |
|
Recommended action |
No action is required. |
DIAG_STORAGE_EXCEED_THRESHOLD
|
Message text |
The usage of [STRING] ([UINT32]%) exceeded the threshold of [UINT32]%. |
|
Variable fields |
$1: Name of the storage medium. $2: Disk usage of the storage medium. $3: Disk usage threshold for the storage medium. |
|
Severity level |
4 (Warning) |
|
Example |
DIAG/4/DIAG_STORAGE_EXCEED_THRESHOLD: The usage of flash (96%) exceeded the threshold of 95%. |
|
Impact |
Services that require disk writing will be affected, and the storage medium will not have sufficient space. |
|
Cause |
This message indicates that the storage medium does not have sufficient space, because the disk usage is higher than the threshold. |
|
Recommended action |
1. For files not in use, for example, log files and history software packages, execute the delete /unreserved command to delete the files or back up the files and then execute the delete /unreserved command to delete the files. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
MEM_ALERT
|
Message text |
system memory info: total used free shared buffers cached Mem: [ULONG] [ULONG] [ULONG] [ULONG] [ULONG] [ULONG] -/+ buffers/cache: [ULONG] [ULONG] Swap: [ULONG] [ULONG] [ULONG] Lowmem: [ULONG] [ULONG] [ULONG] |
|
Variable fields |
· Mem—Memory information of the whole system: ¡ $1: Total size of allocatable physical memory. The system physical memory contains allocatable physical memory and unallocatable physical memory. Unallocatable physical memory is mainly used for kernel code storage, kernel management, and running of basic functions. Allocatable physical memory is used for such tasks as running service modules and storing files. The size of unallocatable physical memory is automatically calculated based on the system operation requirements. The size of allocatable physical memory is the total physical memory size minus the unallocatable physical memory size. ¡ $2: Size of the physical memory used by the system. ¡ $3: Size of free physical memory of the system. ¡ $4: Total size of physical memory shared by processes. ¡ $5: Size of physical memory used for buffers. ¡ $6: Size of physical memory used for caches. · -/+ buffers/cache—Memory usage information of applications: ¡ $7: -/+ Buffers/Cache:used = Mem:Used – Mem:Buffers – Mem:Cached, which indicates the size of physical memory used by applications. ¡ $8: -/+ Buffers/Cache:free = Mem:Free + Mem:Buffers + Mem:Cached, which indicates the size of physical memory available for applications. · Swap—Swap memory usage information: ¡ $9: Total size of swap memory. ¡ $10: Size of used swap memory. ¡ $11: Size of free swap memory. · Lowmem—Low memory usage information: ¡ $12: Total size of low memory. ¡ $13: Size of used low memory. ¡ $14: Size of free low memory. |
|
Severity level |
4 (Warning) |
|
Example |
DIAG/4/MEM_ALERT: system memory info: total used free shared buffers cached Mem: 1784424 920896 863528 0 0 35400 -/+ buffers/cache: 885496 898928 Swap: 0 0 0 Lowmem: 735848 637896 97952 |
|
Impact |
No negative impact on the system. Observe whether the available memory keeps decreasing. |
|
Cause |
A memory alarm was generated, displaying memory usage information. The system generates this message when the used memory is greater than or equal to the minor, severe, or critical threshold of memory usage. |
|
Recommended action |
You can perform the following tasks to help remove the alarm: · Verify that appropriate alarm thresholds are set. To view the alarm thresholds, use the display memory-threshold command. Then you can use the memory-threshold command to modify the alarm thresholds if required. · Verify that the device is not under attack by checking the ARP table and routing table. · Examine and optimize the network, for example, reduce the number of routes, or replace the device with a higher-performance device. |
MEM_BELOW_THRESHOLD
|
Message text |
Memory usage has dropped below [STRING] threshold. |
|
Variable fields |
$1: Memory usage threshold name: minor, severe, or critical. |
|
Severity level |
1 (Alert) |
|
Example |
DIAG/1/MEM_BELOW_THRESHOLD: Memory usage has dropped below critical threshold. |
|
Impact |
No negative impact on the system. |
|
Cause |
A memory alarm was removed. The message is sent when the system free memory is greater than a memory alarm recovery threshold. |
|
Recommended action |
No action is required. |
MEM_EXCEED_THRESHOLD
|
Message text |
Memory [STRING] threshold has been exceeded. |
|
Variable fields |
$1: Memory usage threshold name: minor, severe, or critical. |
|
Severity level |
1 (Alert) |
|
Example |
DIAG/1/MEM_EXCEED_THRESHOLD: Memory minor threshold has been exceeded. |
|
Impact |
The running speed of the device will become low and the available memory resources will become insufficient. |
|
Cause |
A memory alarm was notified. When the used memory size is greater than or equal to the minor, severe, or critical threshold of memory usage, the system generates this message and notifies services modules to perform auto repair, such as releasing memory and stopping requesting memory. |
|
Recommended action |
You can perform the following tasks to help remove the alarm: · Verify that appropriate alarm thresholds are set. To view the alarm thresholds, use the display memory-threshold command. Then you can use the memory-threshold command to modify the alarm thresholds if required. · Verify that the device is not under attack by checking the ARP table and routing table. · Examine and optimize the network, for example, reduce the number of routes or replace the device with a higher-performance device. |
MEM_USAGE
|
Message text |
Current memory usage is [STRING]. |
|
Variable fields |
$1: Memory usage in percentage. |
|
Severity level |
5 (Notification) |
|
Example |
DIAG/5/MEM_USAGE: Current memory usage is 10%. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message indicates the current memory usage. |
|
Recommended action |
No action is required. |
DLDP messages
This section contains DLDP messages.
DLDP_AUTHENTICATION_FAILED
|
Message text |
The DLDP packet failed the authentication because of unmatched [STRING] field. |
|
Variable fields |
$1: Authentication field. · AUTHENTICATION PASSWORD—Authentication password mismatch. · AUTHENTICATION TYPE—Authentication type mismatch. · INTERVAL—Advertisement interval mismatch. |
|
Severity level |
5 (Notification) |
|
Example |
DLDP/5/DLDP_AUTHENTICATION_FAILED: The DLDP packet failed the authentication because of unmatched INTERVAL field. |
|
Impact |
|
|
Cause |
The DLDP authentication type, authentication password, or advertisement interval of the local end is inconsistent with the peer end. |
|
Recommended action |
Check the DLDP authentication type, authentication password, and advertisement interval are consistent with peer end. |
DLDP_LINK_BIDIRECTIONAL
|
Message text |
DLDP detected a bidirectional link on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 (Informational)6 |
|
Example |
DLDP/6/DLDP_LINK_BIDIRECTIONAL: DLDP detected a bidirectional link on interface Ethernet1/1. |
|
Impact |
No negative impact on the system. |
|
Cause |
Fibers are connected correctly. |
|
Recommended action |
No action is required. |
DLDP_LINK_SHUTMODECHG
|
Message text |
DLDP automatically [STRING] interface [STRING] because the port shutdown mode was changed [STRING]. |
|
Variable fields |
$1: Action according to the port shutdown mode: ¡ blocked. ¡ brought up. $2: Interface name. $3: Shutdown mode change: ¡ from manual to auto. ¡ from manual to hybrid. ¡ from hybrid to auto. ¡ from hybrid to manual. |
|
Severity level |
5 (Notification) |
|
Example |
DLDP/5/DLDP_LINK_SHUTMODECHG: DLDP automatically blocked interface Ethernet1/1 because the port shutdown mode was changed from manual to auto. |
|
Impact |
If the interface is shut down, it cannot forward traffic. |
|
Cause |
The interface was shut down or brought up because the shutdown mode changed. |
|
Recommended action |
· If the interface is shut down, check for incorrect cable connection, cable falloff, or other problems. · If the interface is brought up, no action is required. |
DLDP_LINK_UNIDIRECTIONAL
|
Message text |
DLDP detected a unidirectional link on interface [STRING]. [STRING]. |
|
Variable fields |
$1: Interface name. $2: Action according to the port shutdown mode: · DLDP automatically blocked the interface. · Please manually shut down the interface. · DLDP automatically shut down the interface. Please manually bring up the interface. |
|
Severity level |
3 (Error) |
|
Example |
DLDP/3/DLDP_LINK_UNIDIRECTIONAL: DLDP detected a unidirectional link on interface Ethernet1/1. DLDP automatically blocked the interface. |
|
Impact |
The interface cannot forward traffic correctly. |
|
Cause |
· A fiber is not connected at one end or one fiber of a fiber pair is broken. · Fibers are cross-connected. |
|
Recommended action |
Check for incorrect cable connection, cable falloff, or other problems. |
DLDP_NEIGHBOR_AGED
|
Message text |
A neighbor on interface [STRING] was deleted because the neighbor was aged. The neighbor's system MAC is [MAC], and the port index is [UINT16]. |
|
Variable fields |
$1: Interface name. $2: MAC address. $3: Port index. |
|
Severity level |
5 (Notification) |
|
Example |
DLDP/5/DLDP_NEIGHBOR_AGED: A neighbor on interface Ethernet1/1 was deleted because the neighbor was aged. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1. |
|
Impact |
DLDP neighbor relationship and detection link cannot be established. |
|
Cause |
The interface did not receive any advertisement packet before the entry timer expired. |
|
Recommended action |
No action is required. |
DLDP_NEIGHBOR_CONFIRMED
|
Message text |
A neighbor was confirmed on interface [STRING]. The neighbor's system MAC is [MAC], and the port index is [UINT16]. |
|
Variable fields |
$1: Interface name. $2: MAC address. $3: Port index. |
|
Severity level |
6 (Informational)6 |
|
Example |
DLDP/6/DLDP_NEIGHBOR_CONFIRMED: A neighbor was confirmed on interface Ethernet1/1. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The interface received advertisement packets before the entry timer expired. |
|
Recommended action |
No action is required. |
DLDP_NEIGHBOR_DELETED
|
Message text |
A neighbor on interface [STRING] was deleted because a [STRING] packet arrived. The neighbor's system MAC is [MAC], and the port index is [UINT16]. |
|
Variable fields |
$1: Interface name. $2: Packet type, DISABLE or LINKDOWN. $3: MAC address. $4: Port index. |
|
Severity level |
5 (Notification) |
|
Example |
DLDP/5/DLDP_NEIGHBOR_DELETED: A neighbor on interface Ethernet1/1 was deleted because a DISABLE packet arrived. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1. |
|
Impact |
DLDP neighbor relationship and detection link cannot be established. |
|
Cause |
The interface received a DISABLE or LINKDOWN packet. |
|
Recommended action |
No action is required. |
DOT1X messages
This section contains 802.1X messages.
DOT1X_CLEAR_MAX_USER_THRESHOLD
|
Message text |
The max-user alarm trigger condition cleared when the percentage of online 802.1X users reached or dropped below the max-user alarm clear threshold on interface [STRING]. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 |
|
Example |
DOT1X/5/DOT1X_CLEAR_MAX_USER_THRESHOLD: The max-user alarm trigger condition cleared when the percentage of online 802.1X users reached or dropped below the max-user alarm clear threshold on interface GigabitEthernet1/0/1. |
|
Explanation |
The percentage of current online 802.1X users to the maximum number of concurrent 802.1X users on the interface dropped to the alarm clear threshold from a value above or equal to the alarm threshold. |
|
Recommended action |
No action is required. |
DOT1X_CONFIG_NOTSUPPORT
|
Message text |
802.1X is not supported on interface [STRING]. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 |
|
Example |
DOT1X/3/DOT1X_CONFIG_NOTSUPPORT: 802.1X is not supported on interface GigabitEthernet1/0/1. |
|
Explanation |
The interface does not support 802.1X configuration. |
|
Recommended action |
No action is required. |
DOT1X_LOGIN_FAILURE
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-ErrCode=[STRING]; User failed 802.1X authentication. Reason: [STRING]. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: Error code. $6: Failure cause: · MAC address authorization failed. · VLAN authorization failed. · VSI authorization failed. · ACL authorization failed. · User profile authorization failed. · URL authorization failed. · Microsegment authorization failed. · VSI authorization failed because of insufficient resources. · ACL authorization failed because of insufficient resources. · MAC address authorization failed after a MAC move. · VLAN authorization failed because of failure in authorization VLAN selection. · VLAN authorization failed because a free VLAN was assigned as the authorization VLAN. · VLAN authorization failed because of failure in authorization VLAN creation. · Tagged VLAN authorization failed in port-based access control. · Untagged VLAN authorization failed in port-based access control. · Tagged VLAN authorization failed in MAC-based access control. · Untagged VLAN authorization failed in MAC-based access control. · VSI authorization failed because the user belongs to a free VLAN. · VSI authorization failed because the user's access interface does not permit the user VLAN. · VSI authorization failed because of failure in AC creation. · ACL authorization failed because the specified ACL does not exist. · ACL authorization failed because of unsupported ACL type. · ACL authorization failed because the specified ACL conflicts with other ACLs on the user's access interface. · ACL authorization failed because no rule was obtained for the specified ACL. · ACL authorization failed because of ACL parameter error. · User profile authorization failed because an invalid user profile was assigned to the user (the authorization-fail offline feature is enabled). · User profile authorization failed because of failure in issuing the specified user profile to driver. · URL authorization failed because of insufficient resources. · URL authorization failed because of invalid parameter in the specified URL. · URL authorization failed because the specified URL was not supported. · URL authorization failed because of deny rule issuing failure. · URL authorization failed because of failure in issuing the specified URL to driver. · URL authorization failed because no servers were reachable and the url-user-logoff parameter was specified. · URL authorization failed because the escape critical VSI feature of port security was configured. |
|
Severity level |
6 |
|
Example |
DOT1X/6/DOT1X_LOGIN_FAILURE: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0001-0020-VLANID=2-Username=aaa-ErrCode=5; User failed 802.1X authentication. Reason: ACL authorization failed. |
|
Explanation |
The user failed 802.1X authentication for a specific reason. |
|
Recommended action |
Locate the failure cause and handle the issue according to the failure cause. |
DOT1X_LOGIN_SUCC
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-AccessVLANID=[STRING]-AuthorizationVLANID=[STRING]-Username=[STRING]; User passed 802.1X authentication and came online. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: ID of the access VLAN. $4: ID of the authorization VLAN. $5: Username. |
|
Severity level |
6 |
|
Example |
DOT1X/6/DOT1X_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-AccessVLANID=444-AuthorizationVLANID=444-Username=aaa; User passed 802.1X authentication and came online. |
|
Explanation |
The user passed 802.1X authentication. |
|
Recommended action |
No action is required. |
DOT1X_LOGIN_SUCC (in open mode)
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; The user that failed 802.1X authentication passed open authentication and came online. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. |
|
Severity level |
6 |
|
Example |
DOT1X/6/DOT1X_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9; The user that failed 802.1X authentication passed open authentication and came online. |
|
Explanation |
A user failed 802.1X authentication but passed open authentication. |
|
Recommended action |
No action is required. |
DOT1X_LOGOFF
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; The 802.1X user was logged off because [STRING]. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: Logoff reason: · The user sent EAPOL-LogOff packets to go offline. · The user is an IP phone user and its PC interface lost connection. |
|
Severity level |
6 |
|
Example |
DOT1X/6/DOT1X_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa; The 802.1X user was logged off because the PC port connection was lost. |
|
Explanation |
The 802.1X user was logged off as requested. |
|
Recommended action |
No action is required. |
DOT1X_LOGOFF (in open mode)
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; The 802.1X open user was logged off because [STRING]. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: Logoff reason: · The user sent EAPOL-LogOff packets to go offline. · The user is an IP phone user and its PC interface lost connection. |
|
Severity level |
6 |
|
Example |
DOT1X/6/DOT1X_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa; The 802.1X open user was logged off because the PC port connection was lost. |
|
Explanation |
An 802.1X open user was logged off as requested. |
|
Recommended action |
No action is required. |
DOT1X_LOGOFF_ABNORMAL
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-ErrCode=[STRING]; 802.1X user was logged off abnormally. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: Error code: · 2—Port status error. Possible reasons: ¡ Authorization request or assignment failed. ¡ The port was down or deactivated while the system was synchronizing or restoring online user information after a process reboot or active/standby switchover. ¡ The authorization VLAN of the user is not in the permitted VLAN list of access port. ¡ 802.1X SmartOn kicked off users that have not passed authentication. · 3—This code is reserved for future use. · 4—Reauthentication failure. · 5—Deauthorization by the device. Possible reasons: ¡ Authorization processing failure. ¡ Number of online users has reached the upper limit. ¡ Open authentication was disabled globally and the open user went offline. ¡ 802.1X was disabled and the user went offline. ¡ MAC-based VLAN disabling event occurred. ¡ The reset dot1x access-user command was executed. · 6—Port went down and then came up again. This code is reserved for future use. · 7—One of the following operations were performed while the system was synchronizing or restoring user information: ¡ Disabled 802.1X. ¡ Executed the dot1x port-method command to change the port access control method. ¡ Executed the dot1x port-control command to change the port authorization state. · 8—Username or password error or lack of device information on the server. · 9—Online handshake failure (the device has not received any handshake packets from the user). · 10—The user was logged off by the idle cut feature. · 11—The session timeout timer expired. · 12—The server logged the user off. ¡ The server forcibly logged the user off. ¡ The server logged the user off through the session-control feature. · 13—Real-time accounting failure. · 14—Default error. Possible reasons: ¡ MAC address binding failure. ¡ The device failed to remove the user from an 802.1X guest VLAN, Auth-Fail VLAN, or critical VLAN after the user passed authentication. ¡ Accounting failure. ¡ The device failed to perform reauthorization for the user after processing an IPCIM event. · 15—The interface to which the user is attached went down. · 16—The PC port went down. |
|
Severity level |
6 |
|
Example |
DOT1X/6/DOT1X_LOGOFF_ABNORMAL:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa-ErrCode=11; 802.1X user was logged off abnormally. |
|
Explanation |
The 802.1X user was logged off abnormally. |
|
Recommended action |
Locate the logoff cause and remove the issue. |
DOT1X_LOGOFF_ABNORMAL (in open mode)
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-ErrCode=[STRING]; 802.1X open user was logged off abnormally. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: Error code. |
|
Severity level |
6 |
|
Example |
DOT1X/6/DOT1X_LOGOFF_ABNORMAL:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa-ErrCode=11; 802.1X open user was logged off abnormally. |
|
Explanation |
An 802.1X open user was logged off abnormally. |
|
Recommended action |
Locate the logoff cause and remove the issue. |
DOT1X_MACBINDING_EXIST
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; MAC address was already bound to interface [STRING]. |
|
Variable fields |
$1: Type and number of the access interface. $2: MAC address. $3: VLAN ID. $4: Username. $5: Type and number of the interface to which the MAC address was bound. |
|
Severity level |
6 |
|
Example |
DOT1X/6/DOT1X_MACBINDING_EXIST: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0001-0020-VLANID=2-Username=aaa; MAC address was already bound to interface GigabitEthernet1/0/3. |
|
Explanation |
The user failed to come online on an interface because its MAC address was already bound to another interface. |
|
Recommended action |
Delete the related 802.1X MAC address binding entry from the bound interface. |
DOT1X_MAX_USER_THRESHOLD
|
Message text |
The percentage of online 802.1X users reached or exceeded the max-user alarm trigger threshold on interface [STRING]. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
4 |
|
Example |
DOT1X/4/DOT1X_MAX_USER_THRESHOLD: The percentage of online 802.1X users reached or exceeded the max-user high alarm threshold on interface GigabitEthernet1/0/1. |
|
Explanation |
The percentage of current online 802.1X users to the maximum number of concurrent 802.1X users on the interface reached the specified alarm threshold for the first time, or increased to the alarm threshold from a value below or equal to the alarm clear threshold. |
|
Recommended action |
1. Use the display dot1x interface command to view the maximum number of concurrent 802.1X users on the interface. If the maximum number is too small, reconfigure by using the dot1x max-user command. 2. Use the display dot1x command to view the alarm threshold for online 802.1X users. If the alarm threshold is too low, reconfigure by using the dot1x max-user-alarm command. 3. Collect notification messages, log messages, and configuration information and contact Technical Support. |
DOT1X_NOTENOUGH_EADFREEIP_RES
|
Message text |
Failed to assign a rule for free IP [IPADDR] on interface [STRING] due to lack of ACL resources. |
|
Variable fields |
$1: Free IP. $2: Interface type and number. |
|
Severity level |
3 |
|
Example |
DOT1X/3/DOT1X_NOTENOUGH_EADFREEIP_RES: Failed to assign a rule for free IP 1.1.1.0 on interface Ethernet3/1/2 due to lack of ACL resources. |
|
Explanation |
The device failed to assign an ACL rule to permit a free IP on an interface because of ACL resource shortage. |
|
Recommended action |
Disable 802.1X on the interface, and then re-enable 802.1X. |
DOT1X_NOTENOUGH_EADFREEMSEG_RES
|
Message text |
Failed to assign a rule for free microsegment [microsegment-id] on interface [STRING] due to lack of ACL resources. |
|
Variable fields |
$1: Free microsegment ID. $2: Interface type and number. |
|
Severity level |
3 |
|
Example |
DOT1X/3/DOT1X_NOTENOUGH_EADFREEMSEG_RES: Failed to assign a rule for free microsegment 1 on interface Ethernet3/1/2 due to lack of ACL resources. |
|
Explanation |
The device failed to assign an ACL rule to permit a free microsegment on an interface because of ACL resource shortage. |
|
Recommended action |
Disable 802.1X on the interface, and then re-enable 802.1X. |
DOT1X_NOTENOUGH_EADFREERULE_RES
|
Message text |
Failed to assign a rule for permitting DHCP and DNS packets on interface [STRING] due to lack of ACL resources. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 |
|
Example |
DOT1X/3/DOT1X_NOTENOUGH_EADFREERULE_RES: Failed to assign a rule for permitting DHCP and DNS packets on interface Ethernet3/1/2 due to lack of ACL resources. |
|
Explanation |
The device failed to assign an ACL rule to permit DHCP and DNS packets on an interface because of ACL resource shortage. |
|
Recommended action |
Disable 802.1X on the interface, and then re-enable 802.1X. |
DOT1X_NOTENOUGH_EADMACREDIR_RES
|
Message text |
Failed to assign a rule for redirecting HTTP packets with source MAC address [MAC] on interface [STRING]. |
|
Variable fields |
$1: Source MAC address of HTTP packets. $2: Interface type and number. |
|
Severity level |
3 |
|
Example |
DOT1X/3/DOT1X_NOTENOUGH_EADMACREDIR_RES: Failed to assign a rule for redirecting HTTP packets with source MAC address 00e0-fc00-5915 on interface Ethernet3/1/2. |
|
Explanation |
The device failed to redirect HTTP packet with the designated source MAC on an interface because of ACL resource shortage. |
|
Recommended action |
Disable 802.1X on the interface, and then re-enable 802.1X. |
DOT1X_NOTENOUGH_EADPORTREDIR_RES
|
Message text |
Failed to assign a rule for redirecting HTTP packets on interface [STRING] due to lack of ACL resources. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 |
|
Example |
DOT1X/3/DOT1X_NOTENOUGH_EADPORTREDIR_RES: Failed to assign a rule for redirecting HTTP packets on interface Ethernet3/1/2 due to lack of ACL resources. |
|
Explanation |
The device failed to assign an ACL rule to redirect HTTP packets on an interface because of ACL resource shortage. |
|
Recommended action |
Disable 802.1X on the interface, and then re-enable 802.1X. |
DOT1X_NOTENOUGH_ENABLEDOT1X_RES
|
Message text |
Failed to enable 802.1X on interface [STRING] due to lack of ACL resources. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 |
|
Example |
DOT1X/3/DOT1X_NOTENOUGH_ENABLEDOT1X_RES: Failed to enable 802.1X on interface Ethernet3/1/2 due to lack of ACL resources. |
|
Explanation |
Failed to enable 802.1X on an interface because of ACL resource shortage. |
|
Recommended action |
Disable 802.1X on the interface, and then re-enable 802.1X. |
DOT1X_PEXAGG_NOMEMBER_RES
|
Message text |
Failed to enable 802.1X on interface [STRING] because the Layer 2 extended-link aggregate interface does not have member ports. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 |
|
Example |
DOT1X/3/DOT1X_PEXAGG_NOMEMBER_RES: Failed to enable 802.1X on interface Bridge-Aggregation100 because the Layer 2 extended-link aggregate interface does not have member ports. |
|
Explanation |
Failed to enable 802.1X on a Layer 2 extended-link aggregate interface because the interface does not have member ports. |
|
Recommended action |
Disable 802.1X on the interface, add a member port to the interface, and then re-enable 802.1X. |
DOT1X_SMARTON_FAILURE
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]; User failed SmartOn authentication because [STRING]. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: Cause of failure: · the password was wrong. · the switch ID was wrong. |
|
Severity level |
6 |
|
Example |
DOT1X/6/DOT1X_SMARTON_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; User failed SmartOn authentication because the password was wrong. |
|
Explanation |
SmartOn authentication failed for a specific reason. |
|
Recommended action |
Handle the issue according to the failure cause. |
DOT1X_UNICAST_NOT_EFFECTIVE
|
Message text |
The unicast trigger feature is enabled but is not effective on interface [STRING]. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 |
|
Example |
DOT1X/3/DOT1X_UNICAST_NOT_EFFECTIVE: The unicast trigger feature is enabled but is not effective on interface Ethernet3/1/2. |
|
Explanation |
The unicast trigger setting does not take effect on an interface, because the interface does not support unicast trigger. |
|
Recommended action |
1. Reconnect the 802.1X clients to another interface that supports the unicast trigger feature. 2. Enable the unicast trigger feature on the new interface. |
DRV
This section contains driver messages.
DRV_CLK
|
Message text |
Phase lock changed, current phase lock mode is [STRING]. |
|
Variable fields |
$1: PLL status. Options include: · Freerun · Holdover · Unknown · Locked · Pre-locked · Pre-locked2 · Lost Phase |
|
Severity level |
5 |
|
Example |
DRV/5/DRV_CLK: Phase lock changed, current phase lock mode is Freerun. |
|
Impact |
No negative impact. |
|
Cause |
The PLL state changes. |
|
Recommended action |
No action is required. |
|
Message text |
SSM out level changed, current SSM out level is [STRING]. |
|
Variable fields |
$1: SSM quality level. Options include: · Unknown: Unknown quality level. · PRC: G.811 primary reference clock. · SSUA: G.812 primary-level SSU. · SSUB: G.812 second-level SSU. · SEC: SDH equipment clock. · DNU: Do not use for synchronization. |
|
Severity level |
5 |
|
Example |
DRV/5/DRV_CLK: SSM out level changed, current SSM out level is Unknown. |
|
Impact |
No negative impact. |
|
Cause |
The SSM quality level changes. |
|
Recommended action |
No action is required. |
|
Message text |
Selected Source changed, current source is [STRING]. |
|
Variable fields |
$1: Clock source. Options include: · PTP: PTP clock source. · Port name: Interface clock. · N/A: Both PTP clock source and interface clock sources are not available. |
|
Severity level |
5 |
|
Example |
DRV/5/DRV_CLK: Selected Source changed, current source is PTP. |
|
Impact |
No negative impact. |
|
Cause |
The current clock source is displayed when the clock source changes. |
|
Recommended action |
No action is required. |
|
Message text |
Get PHY Status error! ifIndex = [UINT32] |
|
Variable fields |
$1: Clock source port index. |
|
Severity level |
3 |
|
Example |
DRV/3/DRV_CLK: Get PHY Status error! ifIndex = 1 |
|
Impact |
No negative impact. |
|
Cause |
When you configure the display strings based on the clock source, the system fails to obtain the physical link status. |
|
Recommended action |
No action is required. |
|
Message text |
p1 = [UINT32] |
|
Variable fields |
$1: Anomaly in the SSM quality level of the clock source. |
|
Severity level |
3 |
|
Example |
DRV/3/DRV_CLK: p1 = 10 |
|
Impact |
No negative impact. |
|
Cause |
The SSM quality level is abnormal. |
|
Recommended action |
No action is required. |
DRV_DEVM
|
Message text |
The Mac chip's temperature is more than [INT32], reboot now! |
|
Variable fields |
$1: Temperature at which the device MAC chip restarts. |
|
Severity level |
2 |
|
Example |
DRV/2/DRV_DEVM: The Mac chip's temperature is more than 105, reboot now! |
|
Impact |
The device restarts. |
|
Cause |
The MAC chip temperature exceeds the restart threshold. |
|
Recommended action |
No action is required. |
|
Message text |
The Lm75 chip's temperature is more than [UINT32], reboot now! |
|
Variable fields |
$1: High-temperature threshold |
|
Severity level |
2 |
|
Example |
DRVPDT/2/DRV_DEVM: The Lm75 chip's temperature is more than 90, reboot now! |
|
Impact |
The device restarts. |
|
Cause |
The device has detected that the internal temperature has exceeded the configured high-temperature threshold. |
|
Recommended action |
To prevent device damage, immediately check the ambient heat dissipation and the fan operation. |
DRV_PTP
|
Message text |
PTP TOD is biased. The bias is [UINT64] ns in PHY [UNIT32] |
|
Variable fields |
$1: Clock offset value. $2: PHY chip number |
|
Severity level |
5 |
|
Example |
DRV/5/DRV_PTP: PTP TOD is biased. The bias is 24 ns in PHY 2 |
|
Impact |
The out-of-sync clock units are corrected. |
|
Cause |
PTP synchronization issues occur between PHY chips, which result in inconsistency between downstream clocks. |
|
Recommended action |
No action is required. |
|
Message text |
Not SyncE Slave Port! |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
DRV/3/DRV_PTP: Not SyncE Slave Port! |
|
Impact |
The clock recovery feature is not operating properly. |
|
Cause |
The port is not the secondary SyncE clock port. |
|
Recommended action |
Set the port as the secondary SyncE clock port. |
|
Message text |
SyncE is not configured, Clock Recovery will work when SyncE is set! |
|
Variable fields |
N/A |
|
Severity level |
6 |
|
Example |
DRV/6/DRV_PTP: SyncE is not configured, Clock Recovery will work when SyncE is set! |
|
Impact |
The clock recovery feature is not operating properly. |
|
Cause |
SyncE configuration is not set. |
|
Recommended action |
Configure the SyncE feature. |
DRVPLAT
This section contains messages from the driver platform.
DRVPLAT_ACL_FAILD
|
Message text |
acl has not enough resourse. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
DRVPLAT/4/DRVPLAT_AC_BAND_FAIL: acl has not enough resourse. |
|
Impact |
The related features for using ACL resources cannot be added. |
|
Cause |
The ACL resources are exhausted. |
|
Recommended action |
Release ACL resources, and then proceed with the configuration. |
DRVPLAT_COPP_FAIL
|
Message text |
Due to hardware resource limitations, the protocol match criterion cannot take effect. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
DRVPLAT/4/DRVPLAT_AC_BAND_FAIL: Due to hardware resource limitations, the protocol match criterion cannot take effect. |
|
Impact |
Newly-enabled protocols cannot take effect. |
|
Cause |
The underlying resources are not sufficient. |
|
Recommended action |
Disable unnecessary protocols as needed. |
DRVPLAT_ECMP_NO_RESOURCE
|
Message text |
current ECMP count [UINT32], max ECMP count [UINT32] |
|
Variable fields |
$1: Number of the configured ECMP groups. $2: Maximum number of ECMP groups supported by hardware. |
|
Severity level |
4 |
|
Example |
DRVPLAT/4/DRVPLAT_ECMP_NO_RESOURCE: current ECMP count 20, max ECMP count 20 |
|
Impact |
A new ECMP group fails to be added. |
|
Cause |
The number of the ECMP groups has reached the upper limit. |
|
Recommended action |
Reduce the number of ECMP groups or adjust the maximum number of ECMP routes (a smaller value for the maximum ECMP routes supports a larger number of ECMP groups). |
DRVPLAT_IPMC_TTI_NO_RESOURCE
|
Message text |
interface [STRING] enable multicast failed! |
|
Variable fields |
$1: Port name. |
|
Severity level |
4 |
|
Example |
DRVPLAT/4/DRVPLAT_IPMC_TTI_NO_RESOURCE: interface Twenty-FiveGigE1/0/19 enable multicast failed! |
|
Impact |
The route interface cannot be enabled with the multicast feature. |
|
Cause |
The TTI resources are not sufficient. |
|
Recommended action |
1. Delete other unnecessary TTI resources, and then reconfigure the settings. 3. If the TTI resources cannot be deleted, this feature will become invalid. You can use a virtual VLAN interface instead. |
DRVPLAT_MAC_Conflict
|
Message text |
ERROR:The 40MSB OF INTFMAC SHOULD BE THE SAME WITH THE FIRST CONFIGURED MAC_ADDRESS! |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
DRVPLAT/4/DRVPLAT_MAC_Conflict: ERROR:The 40MSB OF INTFMAC SHOULD BE THE SAME WITH THE FIRST CONFIGURED MAC_ADDRESS! |
|
Impact |
The MAC address is configured incorrectly for the VLAN interface. |
|
Cause |
The MAC address configured for the current VLAN interface differs in the higher 40 bits from the first MAC address configured for the VLAN interface. |
|
Recommended action |
When you configure the non-first MAC address for the VLAN interface, make sure the higher 40 bits of this MAC address match that of the first MAC address configured for the VLAN interface. |
|
Message text |
ERROR: Invalid MAC address: This address must have the same higher 40 bits as the base MAC address! |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
DRVPLAT/4/DRVPLAT_MAC_Conflict: ERROR: Invalid MAC address: This address must have the same higher 40 bits as the base MAC address! |
|
Impact |
The MAC address fails to be configured. |
|
Cause |
The first 40 bits of the newly configured MAC address differ from those of the base MAC address. |
|
Recommended action |
Change the first 40 bits of the newly configured MAC address to match the first 40 bits of the base MAC address. |
DRVPLAT_NO_ENOUGH_RESOURCE
|
Message text |
WARNING: The resource of the evlanid is not enough !! uiL3PortPlatIndex = [UNIT] |
|
Variable fields |
$1: Port index number. |
|
Severity level |
4 |
|
Example |
DRVPLAT/4/DRVPLAT_NO_ENOUGH_RESOURCE: WARNING: The resource of the evlanid is not enough!! uiL3PortPlatIndex = 64 |
|
Impact |
The Ethernet interface cannot act as an uplink or downlink interface for multicast forwarding. |
|
Cause |
The device lacks sufficient hardware resources for VLAN ID expansion. |
|
Recommended action |
When hardware sources for VLAN ID expansion are insufficient, a Layer 2 Ethernet interface cannot act as an uplink or downlink interface for multicast forwarding. |
|
Message text |
WARNING: The resource of the evlanid is not enough !! [STRING] |
|
Variable fields |
$1: Port name. |
|
Severity level |
4 |
|
Example |
DRVPLAT/4/DRVPLAT_NO_ENOUGH_RESOURCE: WARNING: The resource of the evlanid is not enough!! GigabitEthernet1/0/1 |
|
Impact |
The Ethernet interface cannot act as an uplink or downlink interface for multicast forwarding. |
|
Cause |
The device lacks sufficient hardware resources for VLAN ID expansion. |
|
Recommended action |
When hardware sources for VLAN ID expansion are insufficient, a Layer 2 Ethernet interface cannot act as an uplink interface for multicast forwarding. |
DRVPLAT_Not_Enough_Resource
|
Message text |
ERROR: Not Enough Resource, The sava Configuration Under The [STRING] May Be Ineffective! |
|
Variable fields |
$1: Port name. |
|
Severity level |
4 |
|
Example |
DRVPLAT/4/DRVPLAT_Not_Enough_Resource: ERROR: Not Enough Resource, The sava Configuration Under The Route-Aggregation11 May Be Ineffective! |
|
Impact |
The SAVA feature is not operating properly. |
|
Cause |
The hardware ACL resources are insufficient. |
|
Recommended action |
Allocate ACL resources appropriately on the device. |
DRVPLAT_POE_AI_DISCONNET_AC
|
Message text |
POE,POE_AI_DISCONNET_AC, Changing from MPS detection to AC detection on PoE port [STRING]. Reason: The port has stopped power supply because of MPS current insufficiency. |
|
Variable fields |
$1: Port name. |
|
Severity level |
6 |
|
Example |
DRVPLAT/6/DRVPLAT_POE_AI_DISCONNET_AC: POE,POE_AI_DISCONNET_AC, Changing from MPS detection to AC detection on PoE port GigabitEthernet1/0/1. Reason: The port has stopped power supply because of MPS current insufficiency. |
|
Impact |
No negative impact. |
|
Cause |
A minor current interference causes power outage on the PoE port. |
|
Recommended action |
N/A |
|
Message text |
POE,POE_AI_DISCONNET_AC, The detection on PoE port [STRING] has already been AC, keeping the mode in effect. |
|
Variable fields |
$1: Port name. |
|
Severity level |
6 |
|
Example |
DRVPLAT/6/DRVPLAT_POE_AI_DISCONNET_AC: POE,POE_AI_DISCONNET_AC, The detection on PoE port GigabitEthernet1/0/1 has already been AC, keeping the mode in effect. |
|
Impact |
The switchover of the underlying configuration occurs. |
|
Cause |
A minor current interference causes power outage on the PoE port and triggers AI-PoE to switch port configuration. |
|
Recommended action |
No action is required. |
DRVPLAT_POE_AI_DISCONNET_DELAY
|
Message text |
POE,POE_AI_DISCONNET_DELAY, Delaying the MPS detection on PoE port [STRING]. Reason: The port has stopped power supply because of MPS current insufficiency. |
|
Variable fields |
$1: Port name. |
|
Severity level |
6 |
|
Example |
DRVPLAT/6/DRVPLAT_POE_AI_DISCONNET_DELAY: POE,POE_AI_DISCONNET_DELAY, Delaying the MPS detection on PoE port GigabitEthernet1/0/1. Reason: The port has stopped power supply because of MPS current insufficiency. |
|
Impact |
No negative impact. |
|
Cause |
The AI-PoE feature generates notifications for the cause of port power loss and requires changes to the underlying configuration. |
|
Recommended action |
No action is required. |
DRVPLAT_POE_AI_HIGH_INRUSH
|
Message text |
POE,POE_AI_HIGH_INRUSH, Increasing the inrush current threshold for PoE port [STRING]. Reason: The port has stopped power supply because of a high inrush current. |
|
Variable fields |
$1: Port name. |
|
Severity level |
6 |
|
Example |
DRVPLAT/6/DRVPLAT_POE_AI_HIGH_INRUSH: POE,POE_AI_HIGH_INRUSH, Increasing the inrush current threshold for PoE port GigabitEthernet1/0/1. Reason: The port has stopped power supply because of a high inrush current. |
|
Impact |
No negative impact. |
|
Cause |
The PoE port has detected a high surge in electricity. |
|
Recommended action |
Identify whether the power required by the load device connected to the port is outside the threshold range. |
|
Message text |
POE,POE_AI_HIGH_INRUSH, The inrush current threshold for PoE port [STRING] has already been HIGH_INRUSH, Keeping it that way. |
|
|
Variable fields |
$1: Port name. |
|
|
Severity level |
6 |
|
|
Example |
DRVPLAT/6/DRVPLAT_POE_AI_HIGH_INRUSH: POE,POE_AI_HIGH_INRUSH, The inrush current threshold for PoE port GigabitEthernet1/0/1 has already been HIGH_INRUSH, Keeping it that way. |
|
|
Impact |
The power supply mode of the port has been switched to allow for high surge electricity. |
|
|
Cause |
The AI-PoE feature is enabled to trigger automatic configuration of high inrush currents for the port. |
|
|
Recommended action |
Identify whether the port configuration and load device meet the power supply standards. |
|
DRVPLAT_POE_AI_PORT_MAXPOWER
|
Message text |
POE,POE_AI_PORT_MAXPOWER, IcutAlarming of PoE port [STRING]. Reason: An instant power surge has caused overload self-protection of the port. |
|
Variable fields |
$1: Port name. |
|
Severity level |
6 |
|
Example |
DRVPLAT/6/DRVPLAT_POE_AI_PORT_MAXPOWER: POE,POE_AI_PORT_MAXPOWER, IcutAlarming of PoE port GigabitEthernet1/0/1. Reason: An instant power surge has caused overload self-protection of the port. |
|
Impact |
No negative impact. |
|
Cause |
The device shuts down due to an instant power surge, triggering an overcurrent and overload alarm. |
|
Recommended action |
Adjust the maximum output power of the port to match the corresponding load device. |
|
Message text |
POE,POE_AI_PORT_MAXPOWER, Increasing the maximum power of PoE port [STRING] to [UINT]. Reason: An instant power surge has caused overload self-protection of the port. |
|
Variable fields |
$1: Port name. $2: Maximum power on the port. |
|
Severity level |
6 |
|
Example |
DRVPLAT/6/DRVPLAT_POE_AI_PORT_MAXPOWER: |
|
Impact |
No negative impact. |
|
Cause |
The power consumption required by the load is less than the max-power value set for the port. |
|
Recommended action |
Adjust the maximum output power of the port to match the corresponding load device. |
|
Message text |
POE,POE_AI_PORT_MAXPOWER, The maximum power of PoE port [STRING] has already been [UINT] |
|
Variable fields |
$1: Port name. $2: Maximum power on the port. |
|
Severity level |
6 |
|
Example |
DRVPLAT/6/DRVPLAT_POE_AI_PORT_MAXPOWER: POE,POE_AI_PORT_MAXPOWER, The maximum power of PoE port GigabitEthernet1/0/1 has already been 30000. |
|
Impact |
The max-power value of the port was modified. |
|
Cause |
The AI-PoE feature is enabled and the power consumption required by the load is less than the max-power value set for the port. |
|
Recommended action |
No action is required. |
DRVPLAT_POE_AI_PORT_RESTART
|
Message text |
POE,POE_AI_PORT_RESTART, Re-enabling PoE on port [STRING]. Reason: The power consumption of the port is 0. |
|
Variable fields |
$1: Port name. |
|
Severity level |
6 |
|
Example |
DRVPLAT/6/DRVPLAT_POE_AI_PORT_RESTART: POE,POE_AI_PORT_RESTART, Re-enabling PoE on port GigabitEthernet1/0/1. Reason: The power consumption of the port is 0. |
|
Impact |
No negative impact. |
|
Cause |
The port is not outputting power. Restore the port to the initial configuration for the next round of testing. |
|
Recommended action |
Check the connection between the port and the load hardware. |
DRVPLAT_PORT
This section contains messages supported exclusively by the S5130S-52S-HI-EDF Ethernet hub.
|
Message text |
DRVMSG, PORT, Cannot operate trunk group because there are ports had already switched to trunk port. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
DRVPLAT/5/PORT: DRVMSG, PORT, Cannot operate trunk group because there are ports had already switched to trunk port. |
|
Impact |
You cannot directly delete the aggregation group. To delete an aggregation group, first remove the member ports from the aggregation group. |
|
Cause |
The aggregation group still contains member ports and cannot be deleted. |
|
Recommended action |
No action is required. |
|
Message text |
DRVMSG, PORT, Support only backup port. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
DRVPLAT/5/PORT: DRVMSG, PORT, Support only backup port. |
|
Impact |
No negative impact. |
|
Cause |
Interfaces other than the backup interface are added to the aggregation group. |
|
Recommended action |
No action is required. |
|
Message text |
DRVMSG, PORT, Front and back interfaces restored to normal. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
DRVPLAT/5/PORT: DRVMSG, PORT, Front and back interfaces restored to normal. |
|
Impact |
The device forwards traffic via the bypass front and bypass back interfaces, instead of the backup interface. |
|
Cause |
The bypass front interface switches to normal. |
|
Recommended action |
No action is required. |
|
Message text |
DRVMSG, PORT, Linkage down FAILED. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
DRVPLAT/5/PORT: DRVMSG, PORT, Linkage down FAILED. |
|
Impact |
The bypass front interface fails to switch from backup mode to normal mode. |
|
Cause |
The bypass front interface fails to change back to normal when the corresponding bypass back interface changes from down to up. |
|
Recommended action |
No action is required. |
|
Message text |
DRVMSG, PORT, This port cannot be operated. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
DRVPLAT/5/PORT: DRVMSG, PORT, This port cannot be operated. |
|
Impact |
No negative impact. |
|
Cause |
A non-bypass front interface is configured as a backup port. |
|
Recommended action |
No action is required. |
|
Message text |
DRVMSG, PORT, A new backup port cannot be set because an existing port has been switched to backup mode. |
||
|
Variable fields |
N/A |
||
|
Severity level |
5 |
||
|
Example |
DRVPLAT/5/PORT: DRVMSG, PORT, A new backup port cannot be set because an existing port has been switched to backup mode. |
||
|
Impact |
No negative impact. |
||
|
Cause |
A new backup port is configured after another port has been switched to backup mode. |
||
|
Recommended action |
No action is required. |
|
Message text |
DRVMSG, PORT, This interface is not supported. Support backup interface. |
||
|
Variable fields |
N/A |
||
|
Severity level |
5 |
||
|
Example |
DRVPLAT/5/PORT: DRVMSG, PORT, This interface is not supported. Support backup interface. |
||
|
Impact |
No negative impact. |
||
|
Cause |
Another interface other than the backup interface is configured as the backup interface for the bypass front interface. |
||
|
Recommended action |
No action is required. |
|
Message text |
DRVMSG, PORT, Backup port not initialized. Port status change to block. |
||
|
Variable fields |
N/A |
||
|
Severity level |
5 |
||
|
Example |
DRVPLAT/5/PORT: DRVMSG, PORT, Backup port not initialized. Port status change to block. |
||
|
Impact |
The bypass front interface cannot forward traffic. |
||
|
Cause |
When the backup interface is not fully initialized and is switched to be used for forwarding traffic, the system will set the uplink port to block mode. |
||
|
Recommended action |
No action is required. |
|
Message text |
DRVMSG, PORT, Not support this interface. Support 1/0/1 to 1/0/24. |
||
|
Variable fields |
N/A |
||
|
Severity level |
5 |
||
|
Example |
DRVPLAT/5/PORT: DRVMSG, PORT, Not support this interface. Support 1/0/1 to 1/0/24. |
||
|
Impact |
No negative impact. |
||
|
Cause |
An interface on the front panel other than interfaces 1 through 24 is switched to normal node. |
||
|
Recommended action |
No action is required. |
|
Message text |
DRVMSG, PORT, Port status is down. Need up. |
||
|
Variable fields |
N/A |
||
|
Severity level |
5 |
||
|
Example |
DRVPLAT/5/PORT: DRVMSG, PORT, Port status is down. Need up. |
||
|
Impact |
No negative impact. |
||
|
Cause |
The bypass front interface that is physically down changes to normal mode. |
||
|
Recommended action |
No action is required. |
|
Message text |
DRVMSG, PORT, The port is not in backup mode. No need to set to normal. |
||
|
Variable fields |
N/A |
||
|
Severity level |
5 |
||
|
Example |
DRVPLAT/5/PORT: DRVMSG, PORT, The port is not in backup mode. No need to set to normal. |
||
|
Impact |
No negative impact. |
||
|
Cause |
The bypass front interface switches back to normal mode from a non-backup mode, such as from normal mode to normal mode. |
||
|
Recommended action |
No action is required. |
DRVPLAT_PORT_ATTACK_OCCUR
|
Message text |
Auto port-defend started.( SourceAttackInterface=[STRING], AttackProtocol=[STRING] ) |
||
|
Variable fields |
$1: Port that triggers attack defense. $2: Protocol type for attack defense. · IPV6_ND_PASS: Neighbor solicitation (NS), route solicitation (RS), or route advertisement (RA) packet. · IPV6_ND_DEST: NA or redirect packet. · ARP: ARP request packet. · ARP_REPLY: ARP reply packet. |
||
|
Severity level |
4 |
||
|
Example |
DRVPLAT/4/DRVPLAT_PORT_ATTACK_OCCUR: Auto port-defend started. (SourceAttackInterface=GigabitEthernet3/0/19, AttackProtocol= IPV6_ND_PASS ) |
||
|
Impact |
The ND or ARP message rate might be too high, posing a risk of impacting the CPU. |
||
|
Cause |
Attack defense is triggered by ND or ARP messages. |
||
|
Recommended action |
Reduce the rate at which ND or ARP messages are sent to eliminate attacks. |
|
Message text |
Auto port-defend stopped.(SourceAttackInterface=[STRING], AttackProtocol=[STRING]) |
||
|
Variable fields |
$1: Port on which attack defense is cleared. $2: Protocol type for which attack defense is cleared. · IPV6_ND_PASS: Neighbor solicitation (NS), route solicitation (RS), or route advertisement (RA) packet. · IPV6_ND_DEST: NA or redirect packet. · ARP: ARP request packet. · ARP_REPLY: ARP reply packet. |
||
|
Severity level |
4 |
||
|
Example |
DRVPLAT/4/DRVPLAT_PORT_ATTACK_OCCUR: Auto port-defend stopped.(SourceAttackInterface=GigabitEthernet3/0/19, AttackProtocol= IPV6_ND_PASS ) |
||
|
Impact |
No negative impact. |
||
|
Cause |
The port was previously under the impact of ARP or ND messages, which triggered attack defense. Now that the number of messages has decreased, attack defense is cleared. |
||
|
Recommended action |
No action is required. |
DRVPLAT_PORT_AUTONEGTION_DISABLE
|
Message text |
PORT,PORT_AUTONEGTION_DISABLE, [STRING] is physically down, and both its duplex mode and speed are negotiated. Please execute the speed 1000 and duplex full commands on the interface to disable autonegotiation. Then, the interface can come up. |
||
|
Variable fields |
$1: Port name. |
||
|
Severity level |
6 |
||
|
Example |
DRVPLAT/6/DRVPLAT_PORT_AUTONEGTION_DISABLE: |
||
|
Impact |
The port goes down. |
||
|
Cause |
After you set the optical interface to full-duplex auto-negotiation mode at mandatory rate, the link goes down. |
||
|
Recommended action |
Configure the port rate and full-duplex settings without using the auto-negotiation feature. |
DRVPLAT_PORT_MAXPOWER_FORCE_POWER_OFF
|
Message text |
POE, PORT_MAXPOWER_FORCE_POWER_OFF, Disabled forced PoE on port [string] automatically. Reason: The power consumed by [string] had exceeded the max allowed limit. |
|
Variable fields |
$1: Port name. $2: Port name. |
|
Severity level |
6 |
|
Example |
DRVPLAT/6/DRVPLAT_PORT_MAXPOWER_FORCE_POWER_OFF: POE, PORT_MAXPOWER_FORCE_POWER_OFF, Disabled forced PoE on port [string] automatically. Reason: The power consumed by [string] had exceeded the max allowed limit. |
|
Impact |
Port configuration differs from the underlying configuration. |
|
Cause |
The remaining power is insufficient. Forced PoE power supply might cause an overload risk to the power supply, so the forced PoE power supply feature on the port is disabled. |
|
Recommended action |
No action is required. |
DRVPLAT_PSE_POWER_FORCE_POWER_ON
|
Message text |
POE, PSE_POWER_FORCE_POWER_ON, Re-enabled forced PoE on port [string]. Reason: The allocable power on the PSE had become sufficient. |
|||
|
Variable fields |
$1: Port name. |
|||
|
Severity level |
6 |
|||
|
Example |
DRVPLAT/6/DRVPLAT_ PSE_POWER_FORCE_POWER_ON : POE, PSE_POWER_FORCE_POWER_ON, Re-enabled forced PoE on port GigabitEthernet1/0/1. Reason: The allocable power on the PSE had become sufficient. |
|||
|
Impact |
No negative impact. |
|||
|
Cause |
The system has detected that the remaining power is sufficient and has enabled forced PoE power supply feature on the port . |
|||
|
Recommended action |
No action is required. |
||||
DRVPLAT_SOFTCAR_DROP
|
Message text |
PktType=[STRING], SrcMAC=[STRING], Dropped from interface=[STRING] at Stage=[STRING], StageCnt=[STRING], TotalCnt=[STRING], MaxRateInterface=[STRING]. PktType=[STRING], SrcMAC=[STRING], Dropped at Stage=[UINT],StageCnt=[UINT], TotalCnt=[UINT]. |
|
Variable fields |
$1: Protocol type of the dropped packets. $2: Source MAC address of the dropped packets. $3: Interface from which packets are dropped. $4: Packet dropping stage with a value of 0 or non-zero. This field is available only when the statistics period is 10 minutes. ¡ 0: Indicates a statistics period of 10 minutes. ¡ Non-zero: Indicates a statistics period is of one hour. Every 10 minutes is set as a stage. When packets are dropped in multiple stages, this field displays the sum of these stages. $5: Stage count for dropped packets. $6: Total number of dropped packets. $7: Port with the maximum rate when packets are dropped. |
|
Severity level |
4 |
|
Example |
DRVPLAT/4/DRVPLAT_SOFTCAR_DROP: PktType=ARP, SrcMAC=0000-0000-0001, Dropped from interface=GigabitEthernet1/0/1 at Stage=0, StageCnt=1200, TotalCnt=1200, MaxRateInterface=GigabitEthernet1/0/1. |
|
Impact |
The rate of packets sent to the CPU is excessively high, which poses a risk of impacting the CPU. |
|
Cause |
Packet loss occurs because the rate of packets sent to the CPU exceeds the alarm threshold. |
|
Recommended action |
Check the port with the maximum rate on which packet loss occurs to identify the cause of the excessively high rate. |
DRVPLAT_VPN_Conflict
|
Message text |
ERROR: The vlanId =[INT32] binds VPN=[INT32], while the L3PortSubVlanIndex =[INT32] belong the Public Net,so they are conflicting and binding is Invalid!! |
|
Variable fields |
$1: VLAN ID. $2: VRF index. $3: Interface number of the routing subinterface. |
|
Severity level |
4 |
|
Example |
DRVPLAT/4/DRVPLAT_VPN_Conflict: ERROR: The vlanId =10 binds VPN=1, while the L3PortSubVlanIndex =639 belong the Public Net, so they are conflicting and binding is Invalid!! |
|
Impact |
The current VLAN interface failed to be bound to a VPN. |
|
Cause |
Binding a VLAN interface to a VPN fails when a routing subinterface with the same subinterface number as the VLAN interface and this routing subinterface belongs to the public network. |
|
Recommended action |
As a best practice, make sure the coding of a routing subinterface on the device is different from the VLAN interface coding. |
DRVPLAT_VPN_MAYBE_Conflict
|
Message text |
NOTICE: The vlanId =[INT32] binds VPN=[INT32], while the L3PortSubVlanIndex = [INT32] belong the Public Net,so they maybe conflicting and impact L3Packet Forwarding!! |
|
Variable fields |
$1: VLAN ID. $2: VRF index. $3: Interface number of the routing subinterface. |
|
Severity level |
4 |
|
Example |
DRVPLAT/4/DRVPLAT_VPN_MAYBE_Conflict: NOTICE: The vlanId =20 binds VPN=5, while the L3PortSubVlanIndex = 39 belong the Public Net, so they maybe conflicting and impact L3Packet Forwarding!! |
|
Impact |
An error might occur on Layer 3 traffic forwarding. |
|
Cause |
Creating a routing subinterface fails if a VLAN interface with the same subinterface number exists and this VLAN interface is already bound to a VPN. |
|
Recommended action |
As a best practice, make sure the ID of a routing subinterface on the device is different from that of the VLAN interface. |
EDEV messages
This section contains messages for extended-device management.
ALARM_IN_REMOVED
|
Message text |
Alarm removed on the alarm-in port [UNIT]. |
|
Variable fields |
$1: Number of the alarm input port. |
|
Severity level |
5 |
|
Example |
EDEV/5/ALARM_IN_REMOVED: Alarm removed on the alarm-in port 1. |
|
Explanation |
The external alarm received from the alarm input port was removed. |
|
Recommended action |
No action is required. |
ALARM_IN_REPORTED
|
Message text |
Alarm reported on the alarm-in port [UNIT]. |
|
Variable fields |
$1: Number of the alarm input port. |
|
Severity level |
5 |
|
Example |
EDEV/5/EDEV_ALARM_IN_REPORTED: Alarm reported on the alarm-in port 1. |
|
Explanation |
The alarm input port received an external alarm. |
|
Recommended action |
Verify that the device connected to the alarm input port is operating correctly. |
EDEV_BOOTROM_UPDATE_FAILED
|
Message text |
Failed to execute the bootrom update command. |
|
Variable fields |
None |
|
Severity level |
5 |
|
Example |
EDEV/5/EDEV_BOOTROM_UPDATE_FAILED: -IPAddr=192.168.79.1-User=**; Failed to execute the bootrom update command. |
|
Explanation |
A user executed the bootrom update command but the command failed. The BootWare image was not loaded from the file system to the Normal BootWare area. |
|
Recommended action |
Take actions as prompted. |
EDEV_BOOTROM_UPDATE_SUCCESS
|
Message text |
Executed the bootrom update command successfully. |
|
Variable fields |
None |
|
Severity level |
5 |
|
Example |
EDEV/5/EDEV_BOOTROM_UPDATE_SUCCESS: -IPAddr=192.168.79.1-User=**; Executed the bootrom update command successfully. |
|
Explanation |
A user executed the bootrom update command successfully. The BootWare image was loaded from the file system to the Normal BootWare area. |
|
Recommended action |
No action is required. |
EDEV_FAILOVER_GROUP_STATE_CHANGE
|
Message text |
Status of stateful failover group [STRING] with ID [UINT32] changed to [STRING]. |
|
Variable fields |
$1: Failover group name. $2: Failover group ID. $3: Failover group state. |
|
Severity level |
5 |
|
Example |
|
|
Explanation |
The status of a failover group changed. |
|
Recommended action |
No action is required. |
eMDI messages
This section contains eMDI messages.
EMDI_INDICATOR_OVER_THRES
|
Message text |
[STRING] alarm for instance [USHORT] was triggered: Value=[UINT32]/100000, Threshold=[UINT32]/100000, SuppressionTimes=[UCHAR]. |
|
Variable fields |
$1: Monitored item: ¡ RTP-LR—RTP packet loss rate. ¡ RTP-SER—RTP packet sequence error rate. ¡ DPLR—Downstream TCP packet loss rate. ¡ UPLR—Upstream TCP packet loss rate. $2: Instance ID. $3: Value of the monitored item. $4: Alarm threshold. $5: Number of consecutive alarms to be suppressed before logging the event. |
|
Severity level |
5 (Notification) |
|
Example |
EMDI/5/EMDI_INDICATOR_OVER_THRES: RTP-LR alarm for instance 100 was triggered: Value=150/100000, Threshold=100/100000, SuppressionTimes=3. |
|
Impact |
N/A |
|
Cause |
The value of the monitored item reached or exceeded the alarm threshold continuously and triggered the system to send an alarm log message. |
|
Recommended action |
1. Execute the display emdi statistics command to view monitored statistics for the eMDI instance on all relevant devices. 2. Analyze the statistics to locate the faults. |
EMDI_INDICATOR_OVER_THRES_RESUME
|
Message text |
[STRING] alarm for instance [USHORT] was removed: Value=[UINT32]/100000, Threshold=[UINT32]/100000, SuppressionTimes=[UCHAR]. |
|
Variable fields |
$1: eMDI monitored item: ¡ RTP-LR—RTP packet loss rate. ¡ RTP-SER—RTP packet sequence error rate. ¡ DPLR—Downstream TCP packet loss rate. ¡ UPLR—Upstream TCP packet loss rate. $2: Instance ID. $3: Value of the monitored item. $4: Alarm threshold. $5: Number of consecutive alarms to be suppressed before logging the event. |
|
Severity level |
5 (Notification) |
|
Example |
EMDI/5/EMDI_INDICATOR_OVER_THRES_RESUME: RTP-LR alarm for instance 100 was removed: Value=50/100000, Threshold=100/100000, SuppressionTimes=3. |
|
Impact |
N/A |
|
Cause |
The value of the monitored item was less than the alarm threshold continuously and triggered the system to send an alarm-removed log message. |
|
Recommended action |
No action is required. |
EMDI_INSTANCE_CONFLICT_FLOW
|
Message text |
The flow (SrcIP=[STRING], SrcPort=[USHORT], DstIP=[STRING], DstPort=[USHORT], Protocol=[STRING]) to be bound to a dynamic instance overlaps with the flow bound to instance [USHORT]. |
|
Variable fields |
$1: Source IP address. $2: Source port number. $3: Destination IP address. $4: Destination port number. $5: Flow type. Options include: ¡ tcp—TCP flow. ¡ udp—UDP flow. $6: ID of the eMDI instance that had an overlapping data flow. |
|
Severity level |
5 (Notification) |
|
Example |
EMDI/5/EMDI_INSTANCE_CONFLICT_FLOW: The flow (SrcIP=10.0.0.1, SrcPort=10, DstIP=20.0.0.1, DstPort=20, Protocol=tcp) to be bound to a dynamic instance overlaps with the flow bound to instance 1. |
|
Impact |
N/A |
|
Cause |
The data flow specified for a dynamic eMDI instance overlapped the data flow bound to an existing eMDI instance. |
|
Recommended action |
Delete the flow settings for the existing eMDI instance. |
EMDI_INSTANCE_EXCEED
|
Message text |
Maximum number of running instances on [STRING] already reached. |
|
Variable fields |
$1: Chassis number plus slot number, slot number, or device. |
|
Severity level |
5 (Notification) |
|
Example |
EMDI/5/EMDI_INSTANCE_EXCEED: Maximum number of running instances on slot 1 already reached. |
|
Impact |
New instances cannot be started. |
|
Cause |
The maximum number of running eMDI instances on the module was already reached. |
|
Recommended action |
To start new eMDI instances, first stop unnecessary eMDI instances on the module. |
EMDI_INSTANCE_SAME_FLOW
|
Message text |
The flow to be bound to a dynamic instance was already bound to instance [USHORT]: SrcIP=[STRING], SrcPort=[USHORT], DstIP=[STRING], DstPort=[USHORT], Protocol=[STRING]. |
|
Variable fields |
$1: ID of the eMDI instance that was already bound to the data flow. $2: Source IP address. $3: Source port number. $4: Destination IP address. $5: Destination port number. $6: Flow type. Options include: ¡ tcp—TCP flow. ¡ udp—UDP flow. |
|
Severity level |
5 (Notification) |
|
Example |
EMDI/5/EMDI_INSTANCE_SAME_FLOW: The flow to be bound to a dynamic instance was already bound to instance 1: SrcIP=10.0.0.1, SrcPort=10, DstIP=20.0.0.1, DstPort=20, Protocol= tcp. |
|
Impact |
N/A |
|
Cause |
The flow specified for a dynamic instance was the same as the flow bound to an existing eMDI instance. |
|
Recommended action |
Delete the flow settings for the existing eMDI instance. |
EPA messages
This section contains EPA messages.
EPA_ENDPOINT_ONLINE
|
Message text |
Detected the association of an endpoint (device ID [STRING], MAC address [STRING]) on interface [STRING] in VLAN [UINT16]. |
|
Variable fields |
$1: Bridge MAC address of the connected device. $2: MAC address of the endpoint. $3: Name of the interface from which the endpoint came online. $4: ID of the VLAN to which the endpoint belongs. |
|
Severity level |
6 (Informational) |
|
Example |
EPA/6/EPA_ENDPOINT_ONLINE: Detected the association of an endpoint (device ID a4c2-d4ad-0200, MAC address 12c2-d4ed-0200) on interface GigabitEthernet1/0/1 in VLAN 1. |
|
Impact |
No impact on the system. |
|
Cause |
The device detected that an endpoint came online. |
|
Recommended action |
No action is required. |
EPA_ENDPOINT_OFFLINE
|
Message text |
Detected the disassociation of an endpoint (device ID [STRING], MAC address [STRING]) on interface [STRING] in VLAN [UINT16]. |
|
Variable fields |
$1: Bridge MAC address of the connected device. $2: MAC address of the endpoint. $3: Name of the interface from which the endpoint came online. $4: ID of the VLAN to which the endpoint belongs. |
|
Severity level |
6 (Informational) |
|
Example |
EPA/6/EPA_ENDPOINT_OFFLINE: Detected the disassociation of an endpoint (device ID a4c2-d4ad-0200, MAC address 12c2-d4ed-0200) on interface GigabitEthernet1/0/1 in VLAN 1. |
|
Impact |
No impact on the system. |
|
Cause |
The device detected that an endpoint went offline. |
|
Recommended action |
No action is required. |
EPA_DEVICETYPE_CHANGE
|
Message text |
Cleared EPA monitor rule configurations. Reason: Device type changed from [STRING] to [STRING]. |
|
Variable fields |
$1: Device type before the change. Options include: · TM—Indicates the commander in a SmartMC network. · TC—Indicates a member in a SmartMC network. · Self-managed—Indicates a device in a non-SmartMC network. $2: Device type after the change. |
|
Severity level |
6 (Informational) |
|
Example |
EPA/6/EPA_DEVICETYPE_CHANGE: Cleared EPA monitor rule configurations. Reason: Device type changed from TC to Self-managed. |
|
Impact |
No impact on the system. |
|
Cause |
EPA monitor rules were deleted from the device because the device type changed. |
|
Recommended action |
To use rule-based filtering for EPA terminals, re-execute epa monitor-rule to configure static identification rules for EPA terminals, or execute epa auto-identify enable to enable automatic identification of EPA terminals. |
ERPS messages
This section contains ERPS messages.
ERPS_PEERLINK_CHECK
|
Message text |
An ERPS ring member port can't be configured as a peer-link interface. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
ERPS/6/ERPS_PEERLINK_CHECK: An ERPS ring member port can't be configured as a peer-link interface. |
|
Impact |
The ERPS ring cannot be established. |
|
Cause |
This message is generated when you configure an ERPS ring member port as a peer-link interface. |
|
Recommended action |
Configure the ERPS ring port as a non-peer-link interface. |
ERPS_STATE_CHANGED
|
Message text |
Ethernet ring [UINT16] instance [UINT16] changed state to [STRING] |
|
Variable fields |
$1: ERPS ring ID. $2: ERPS instance ID. $3: ERPS instance status: · Init—State for a non-interconnection node that has less than two ERPS ring member ports or for an interconnection node that does not have ERPS ring member ports. · Idle—Stable state when all non-RPL links are available. All nodes enter the idle state after the owner node enters the idle state. · Protection—State when a non-RPL link is faulty. All nodes enter the protection state after a node enters the protection state. · MS—State when traffic paths are manually switched. All nodes enter the MS state after a node is configured with the MS mode. · FS—State when traffic paths are forcibly switched. All nodes enter the FS state after a node is configured with the FS mode. · Pending—Transient state between the previous states. |
|
Severity level |
4 (Warning) |
|
Example |
ERPS/4/ERPS_STATE_CHANGED: Ethernet ring 1 instance 1 changed state to Idle. |
|
Impact |
The network topology has changed and service traffic might be lost. |
|
Cause |
The status of the ERPS instance changed. |
|
Recommended action |
1. Identify whether a new physical link is added to the ERPS network. ¡ If yes, identify whether the newly added physical link is necessary. If it is necessary, no action is required. If it is unnecessary, proceed to step 2. ¡ If no, identify whether the status of an ERPS-enabled port changed to Up or Down in the network. If yes, no action is required. If no, proceed to step 2. 2. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
ETH messages
This section contains ETH messages.
ETH_SET_MAC_FAILED
|
Message text |
Failed to set the MAC address [STRING] on [STRING]. |
|
Variable fields |
$1: MAC address. $2: Interface name. |
|
Severity level |
5 |
|
Example |
ETH/5/ETH_SET_MAC_FAILED: Failed to set the MAC address 0001-0001-0001 on GigabitEthernet1/0/1. |
|
Explanation |
Failed to set the MAC address for an interface because the highest 36 bits of the MAC address are inconsistent with the highest 36 bits of the device's bridge MAC address in the case of configuration recovery, IRF split, or new interface module plugging. |
|
Recommended action |
Configure a proper MAC address again for the interface. |
ETHMLAG
This section contains ETHMLAG messages.
ETHMLAG_MAC_INEFFECTIVE
|
Message text |
ETHMLAG failed to add the MAC address of [STRING]. Cause: [STRING]. |
|
Variable fields |
$1: Interface name. $2: Cause. |
|
Severity level |
3 |
|
Example |
ETHMLAG/3/ETHMLAG_MAC_INEFFECTIVE: ETHMLAG failed to add the MAC address of Vlan-interface20. Cause: Insufficient hardware resources. |
|
Explanation |
The ETHMLAG module failed to add the MAC address of a VLAN interface. |
|
Recommended action |
Contact the administrator to locate the cause and resolve the problem. |
ETHOAM messages
This section contains Ethernet OAM messages.
ETHOAM_CONNECTION_FAIL_DOWN
|
Message text |
The link is down on interface [string] because a remote failure occurred on peer interface. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
ETHOAM/5/ETHOAM_CONNECTION_FAIL_DOWN: The link is down on interface Ethernet1/0/1 because a remote failure occurred on peer interface. |
|
Explanation |
The link goes down because a remote failure occurred on the peer interface. |
|
Recommended action |
Check the link status or the OAM status on the peer. |
ETHOAM_CONNECTION_FAIL_TIMEOUT
|
Message text |
Interface [string] removed the OAM connection because it received no Information OAMPDU before the timer times out. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
ETHOAM/5/ETHOAM_CONNECTION_FAIL_TIMEOUT: Interface Ethernet1/0/1 removed the OAM connection because it received no Information OAMPDU before the timer times out. |
|
Explanation |
The interface removed the OAM connection because it had not received Information OAMPDUs before the timer timed out. |
|
Recommended action |
Check the link status or the OAM status on the peer. |
ETHOAM_CONNECTION_FAIL_UNSATISF
|
Message text |
Interface [string] failed to establish an OAM connection because the peer doesn’t match the capacity of the local interface. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
3 |
|
Example |
ETHOAM/3/ETHOAM_CONNECTION_FAIL_UNSATISF: Interface Ethernet1/0/1 failed to establish an OAM connection because the peer doesn’t match the capacity of the local interface. |
|
Explanation |
Failed to establish an OAM connection because the peer does not match the OAM protocol state of the local interface. |
|
Recommended action |
Check the State field of the OAMPDUs sent from both ends. |
ETHOAM_CONNECTION_SUCCEED
|
Message text |
An OAM connection is established on interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ETHOAM_CONNECTION_SUCCEED: An OAM connection is established on interface Ethernet1/0/1. |
|
Explanation |
An OAM connection is established. |
|
Recommended action |
No action is required. |
ETHOAM_DISABLE
|
Message text |
Ethernet OAM is now disabled on interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ETHOAM_DISABLE: Ethernet OAM is now disabled on interface Ethernet1/0/1. |
|
Explanation |
Ethernet OAM is disabled. |
|
Recommended action |
No action is required. |
ETHOAM_DISCOVERY_EXIT
|
Message text |
OAM interface [string] quit the OAM connection. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
ETHOAM/5/ ETHOAM_DISCOVERY_EXIT: OAM interface Ethernet1/0/1 quit the OAM connection. |
|
Explanation |
The local interface ended the OAM connection. |
|
Recommended action |
No action is required. |
ETHOAM_ENABLE
|
Message text |
Ethernet OAM is now enabled on interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ETHOAM_ENABLE: Ethernet OAM is now enabled on interface Ethernet1/0/1. |
|
Explanation |
Ethernet OAM is enabled. |
|
Recommended action |
No action is required. |
ETHOAM_ENTER_LOOPBACK_CTRLLED
|
Message text |
The local OAM entity enters remote loopback as controlled DTE on OAM interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ ETHOAM_ENTER_LOOPBACK_CTRLLED: The local OAM entity enters remote loopback as controlled DTE on OAM interface Ethernet1/0/1. |
|
Explanation |
The local OAM entity enters remote loopback as controlled DTE after you enable OAM loopback on the peer end. |
|
Recommended action |
No action is required. |
ETHOAM_ENTER_LOOPBACK_CTRLLING
|
Message text |
The local OAM entity enters remote loopback as controlling DTE on OAM interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ ETHOAM_ENTER_LOOPBACK_CTRLLING: The local OAM entity enters remote loopback as controlling DTE on OAM interface Ethernet1/0/1. |
|
Explanation |
The local OAM entity enters remote loopback as controlling DTE after you enable OAM loopback on the interface. |
|
Recommended action |
No action is required. |
ETHOAM_LOCAL_DYING_GASP
|
Message text |
A local Dying Gasp event has occurred on [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
ETHOAM/4/ETHOAM_LOCAL_DYING_GASP: A local Dying Gasp event occurred on interface Ethernet1/0/1. |
|
Explanation |
A local Dying Gasp event occurs when you reboot the local device or shut down the interface. |
|
Recommended action |
Do not use the link until it recovers. |
ETHOAM_LOCAL_ERROR_FRAME
|
Message text |
An errored frame event occurred on local interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME: An errored frame event occurred on local interface Ethernet1/0/1. |
|
Explanation |
An errored frame event occurred on the local interface. |
|
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_LOCAL_ERROR_FRAME_PERIOD
|
Message text |
An errored frame period event occurred on local interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME_PERIOD: An errored frame period event occurred on local interface Ethernet1/0/1. |
|
Explanation |
An errored frame period event occurred on the local interface. |
|
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_LOCAL_ERROR_FRAME_SECOND
|
Message text |
An errored frame seconds event occurred on local interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME_SECOND: An errored frame seconds event occurred on local interface Ethernet1/0/1. |
|
Explanation |
An errored frame seconds event occurred on the local interface. |
|
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_LOCAL_ERROR_SYMBOL
|
Message text |
An errored symbol event occurred on local interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
ETHOAM/4/ETHOAM_LOCAL_ERROR_SYMBOL: An errored symbol event occurred on local interface Ethernet1/0/1. |
|
Explanation |
An errored symbol event occurred on the local interface. |
|
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_LOCAL_LINK_FAULT
|
Message text |
A local Link Fault event occurred on interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
ETHOAM/4/ETHOAM_LOCAL_LINK_FAULT: A local Link Fault event occurred on interface Ethernet1/0/1. |
|
Explanation |
A local Link Fault event occurred when the local link goes down. |
|
Recommended action |
Re-connect the Rx end of the fiber on the local interface. |
ETHOAM_LOOPBACK_EXIT
|
Message text |
OAM interface [string] quit remote loopback. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
ETHOAM/4/ETHOAM_LOOPBACK_EXIT: OAM interface Ethernet1/0/1 quit remote loopback. |
|
Explanation |
The OAM interface ended remote loopback after one of the following events occurred: · Remote loopback was disabled on the interface before the OAM connection was established. · The established OAM connection was torn down. |
|
Recommended action |
No action is required. |
ETHOAM_LOOPBACK_EXIT_ERROR_STATU
|
Message text |
OAM interface [string] quit remote loopback due to incorrect multiplexer or parser status. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ETHOAM_LOOPBACK_EXIT_ERROR_STATU: OAM interface Ethernet1/0/1 quit remote loopback due to incorrect multiplexer or parser status. |
|
Explanation |
OAM interface Ethernet1/0/1 ended remote loopback due to incorrect multiplexer or parser status. |
|
Recommended action |
Disable and then re-enable Ethernet OAM on the OAM entity. |
ETHOAM_LOOPBACK_NO_RESOURCE
|
Message text |
OAM interface [string] can’t enter remote loopback due to insufficient resources. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
ETHOAM/4/ETHOAM_LOOPBACK_NO_RESOURCE: OAM interface Ethernet1/0/1 can’t enter remote loopback due to insufficient resources. |
|
Explanation |
The OAM interface cannot enter remote loopback due to insufficient resources when you execute the oam remote-loopback start command on the local or remote OAM entity. |
|
Recommended action |
To enable remote loopback on an interface, you must set the hardware forwarding resources on the interface. Enabling remote loopback on a large number of interfaces might cause insufficient resources. Disable remote loopback on other interfaces, and execute the oam remote-loopback start command on the interface again. |
ETHOAM_LOOPBACK_NOT_SUPPORT
|
Message text |
OAM interface [string] can’t enter remote loopback because the operation is not supported. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
ETHOAM/4/ETHOAM_LOOPBACK_NOT_SUPPORT: OAM interface Ethernet1/0/1 can't enter remote loopback because the operation is not supported. |
|
Explanation |
The OAM interface cannot enter remote loopback because the operation is not supported on the device. |
|
Recommended action |
No action is required. |
ETHOAM_QUIT_LOOPBACK_CTRLLED
|
Message text |
The local OAM entity quit remote loopback as controlled DTE on OAM interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ ETHOAM_QUIT_LOOPBACK_CTRLLED: The local OAM entity quit remote loopback as controlled DTE on OAM interface Ethernet1/0/1. |
|
Explanation |
As the Loopback Control OAMPDUs receiving end, the local end quit remote loopback after you disabled OAM loopback on the peer end. |
|
Recommended action |
No action is required. |
ETHOAM_QUIT_LOOPBACK_CTRLLING
|
Message text |
The local OAM entity quit remote loopback as controlling DTE on OAM interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ETHOAM_QUIT_LOOPBACK_CONTROLLING: The local OAM entity quit remote loopback as controlling DTE on OAM interface Ethernet1/0/1. |
|
Explanation |
The local end quit remote loopback after you disabled OAM loopback on the local interface. |
|
Recommended action |
No action is required. |
ETHOAM_REMOTE_CRITICAL
|
Message text |
A remote Critical event occurred on interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
ETHOAM/4/ETHOAM_REMOTE_CRITICAL: A remote Critical event occurred on interface Ethernet1/0/1. |
|
Explanation |
A remote critical event occurred. |
|
Recommended action |
Do not use the link until it recovers. |
ETHOAM_REMOTE_DYING_GASP
|
Message text |
A remote Dying Gasp event occurred on interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
ETHOAM/4/ETHOAM_REMOTE_DYING_GASP: A remote Dying Gasp event occurred on interface Ethernet1/0/1. |
|
Explanation |
A remote Dying Gasp event occurred when you reboot the remote device and shut down the interface. |
|
Recommended action |
Do not use this link until it recovers. |
ETHOAM_REMOTE_ERROR_FRAME
|
Message text |
An errored frame event occurred on the peer interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME: An errored frame event occurred on the peer interface Ethernet1/0/1. |
|
Explanation |
An errored frame event occurred on the peer. |
|
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_REMOTE_ERROR_FRAME_PERIOD
|
Message text |
An errored frame period event occurred on the peer interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME_PERIOD: An errored frame period event occurred on the peer interface Ethernet1/0/1. |
|
Explanation |
An errored frame period event occurred on the peer interface. |
|
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_REMOTE_ERROR_FRAME_SECOND
|
Message text |
An errored frame seconds event occurred on the peer interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME_SECOND: An errored frame seconds event occurred on the peer interface Ethernet1/0/1. |
|
Explanation |
An errored frame seconds event occurred on the peer. |
|
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_REMOTE_ERROR_SYMBOL
|
Message text |
An errored symbol event occurred on the peer interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
ETHOAM/6/ETHOAM_REMOTE_ERROR_SYMBOL: An errored symbol event occurred on the peer interface Ethernet1/0/1. |
|
Explanation |
An errored symbol event occurred on the peer. |
|
Recommended action |
Check the link between the local and peer ends. |
ETHOAM_REMOTE_EXIT
|
Message text |
OAM interface [string] quit OAM connection because Ethernet OAM is disabled on the peer interface. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
ETHOAM/5/ ETHOAM_REMOTE_EXIT: OAM interface Ethernet1/0/1 quit OAM connection because Ethernet OAM is disabled on the peer interface. |
|
Explanation |
The local interface ended the OAM connection because Ethernet OAM was disabled on the peer interface. |
|
Recommended action |
No action is required. |
ETHOAM_REMOTE_FAILURE_RECOVER
|
Message text |
Peer interface [string] recovered. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
ETHOAM/5/ ETHOAM_REMOTE_FAILURE_RECOVER: Peer interface Ethernet1/0/1 recovered. |
|
Explanation |
The Link fault was cleared from the peer interface and the OAM connection was restored. |
|
Recommended action |
No action is required. |
ETHOAM_REMOTE_LINK_FAULT
|
Message text |
A remote Link Fault event occurred on interface [string]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
ETHOAM/4/ETHOAM_REMOTE_LINK_FAULT: A remote Link Fault event occurred on interface Ethernet1/0/1. |
|
Explanation |
A remote Link Fault event occurred when the remote link went down. |
|
Recommended action |
Reconnect the Rx end of the fiber on the remote interface. |
ETHOAM_NO_ENOUGH_RESOURCE
|
Message text |
The configuration failed on OAM interface [string] because of insufficient resources. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
ETHOAM/4/ ETHOAM_NO_ENOUGH_RESOURCE: The configuration failed on OAM interface Ethernet1/0/1 because of insufficient resources. |
|
Explanation |
The configuration failed on the OAM interface because of insufficient system resources. |
|
Recommended action |
Remove useless configurations to release the resources, and execute the command again. |
ETHOAM_NOT_CONNECTION_TIMEOUT
|
Message text |
Interface [string] quit Ethernet OAM because it received no Information OAMPDU before the timer times out. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
ETHOAM/5/ ETHOAM_NOT_CONNECTION_TIMEOUT: Interface Ethernet1/0/1 quit Ethernet OAM because it received no Information OAMPDU before the timer times out. |
|
Explanation |
The local interface ended Ethernet OAM because it had not received Information OAMPDUs before the timer timed out. |
|
Recommended action |
Check the link status and the OAM status on the peer. |
EVB messages
This section contains EVB messages.
EVB_AGG_FAILED
|
Message text |
Remove port [STRING] from aggregation group [STRING]. Otherwise, the EVB feature does not take effect. |
|
Variable fields |
$1: Port name. $2: Aggregate interface name. |
|
Severity level |
6 (Informational) |
|
Example |
EVB/6/EVB_AGG_FAILED: Remove port GigabitEthernet1/0/1 from aggregation group Bridge-Aggregation5. Otherwise, the EVB feature does not take effect. |
|
Impact |
No negative impact on the system. |
|
Cause |
EVB bridge fails to process a port in an aggregation group. |
|
Recommended action |
Remove the port from the aggregation group. |
EVB_LICENSE_EXPIRE
|
Message text |
The EVB feature's license will expire in [UINT32] days. |
|
Variable fields |
$1: Number of days. |
|
Severity level |
6 (Informational) |
|
Example |
EVB/6/EVB_LICENSE_EXPIRE: The EVB feature's license will expire in 15 days. |
|
Impact |
EVB will become inaccessible after the license expires. |
|
Cause |
The license for EVB will expire in the specified number of days. |
|
Recommended action |
Install a new license for the EVB feature. |
EVB_VSI_OFFLINE
|
Message text |
VSI [STRING] went offline. |
|
Variable fields |
$1: VSI interface/VSI aggregate interface name. |
|
Severity level |
6 (Informational) |
|
Example |
EVB/6/EVB_VSI_OFFLINE: VSI Schannel-Aggregation1:2.0 went offline. |
|
Impact |
No negative impact on the system. |
|
Cause |
The VSI interface or VSI aggregate interface is deleted when either of the following events occurs: · The EVB bridge receives a VDP packet from the EVB station. · The EVB bridge has not received an acknowledgement after a VDP packet times out. |
|
Recommended action |
No action is required. |
EVB_VSI_ONLINE
|
Message text |
VSI [STRING] came online, status is [STRING]. |
|
Variable fields |
$1: VSI interface/VSI aggregate interface name. $2: VSI status. |
|
Severity level |
6 (Informational) |
|
Example |
EVB/6/EVB_VSI_ONLINE: VSI Schannel-Aggregation1:2.0 came online, status is association. |
|
Impact |
No negative impact on the system. |
|
Cause |
The EVB bridge receives a VDP packet and creates a VSI interface or VSI aggregate interface successfully. |
|
Recommended action |
No action is required. |
EVIISIS messages
This section contains EVI IS-IS messages.
EVIISIS_LICENSE_EXPIRED
|
Message text |
The EVIISIS feature is being disabled, because its license has expired. |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
EVIISIS/3/EVIISIS_LICENSE_EXPIRED: The EVIISIS feature is being disabled, because its license has expired. |
|
Explanation |
The EVI IS-IS license has expired. |
|
Recommended action |
Install a valid license for EVI IS-IS. |
EVIISIS_LICENSE_EXPIRED_TIME
|
Message text |
The EVIISIS feature will be disabled in [ULONG] days. |
|
Variable fields |
$1: Available period of the feature. |
|
Severity level |
5 |
|
Example |
EVIISIS/5/EVIISIS_LICENSE_EXPIRED_TIME: The EVIISIS feature will be disabled in 2 days. |
|
Explanation |
EVI IS-IS will be disabled because no EVI IS-IS license is available. After an active/standby MPU switchover or IRF master/subordinate switchover, you can use EVI IS-IS only for 30 days if the new active MPU or master does not have an EVI IS-IS license. |
|
Recommended action |
Install a valid license for EVI IS-IS. |
EVIISIS_LICENSE_UNAVAILABLE
|
Message text |
The EVIISIS feature has no available license. |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
EVIISIS/3/EVIISIS_LICENSE_UNAVAILABLE: The EVIISIS feature has no available license. |
|
Explanation |
No license was found for EVI IS-IS when the EVI IS-IS process started. |
|
Recommended action |
Install a valid license for EVI IS-IS. |
EVIISIS_NBR_CHG
|
Message text |
EVIISIS [UINT32], [STRING] adjacency [STRING] ([STRING]), state changed to: [STRING]. |
|
Variable fields |
$1: EVI IS-IS process ID. $2: EVI IS-IS neighbor level. $3: Neighbor system ID. $4: Interface name. $5: Adjacency state: ¡ up—Adjacency was set up. ¡ initializing—Neighbor state was initializing. ¡ down—Adjacency was lost. |
|
Severity level |
5 |
|
Example |
EVIISIS/5/EVIISIS_NBR_CHG: EVIISIS 1, Level-1 adjacency 0011.2200.1501 (Evi-Link0), state changed to: down. |
|
Explanation |
The EVI IS-IS adjacency state changed on an interface. |
|
Recommended action |
When the adjacency with a neighbor changes to down or initializing on an interface, check for EVI IS-IS configuration errors or loss of network connectivity. |
FCLINK messages
This section contains FC link messages.
FCLINK_FDISC_REJECT_NORESOURCE
|
Message text |
VSAN [UINT16], Interface [STRING]: An FDISC was rejected because the hardware resource is not enough. |
|
Variable fields |
$1: VSAN ID. $2: Interface name. |
|
Severity level |
4 |
|
Example |
FCLINK/4/FCLINK_FDISC_REJECT_NORESOURCE: VSAN 1, Interface FC2/0/1: An FDISC was rejected because the hardware resource is not enough. |
|
Explanation |
An FDISC is received when the hardware resources are insufficient. |
|
Recommended action |
Reduce the number of nodes. |
FCLINK_FLOGI_REJECT_NORESOURCE
|
Message text |
VSAN [UINT16], Interface [STRING]: An FLOGI was rejected because the hardware resource is not enough. |
|
Variable fields |
$1: VSAN ID. $2: Interface name. |
|
Severity level |
4 |
|
Example |
FCLINK/4/FCLINK_FLOGI_REJECT_NORESOURCE: VSAN 1, Interface FC2/0/1: An FLOGI was rejected because the hardware resource is not enough. |
|
Explanation |
An FLOGI is received when the hardware resources are insufficient. |
|
Recommended action |
Reduce the number of nodes. |
FCOE messages
This section contains FCoE messages.
FCOE_INTERFACE_NOTSUPPORT_FCOE
|
Message text |
Because the aggregate interface [STRING] has been bound to a VFC interface, assigning the interface [STRING] that does not support FCoE to the aggregate interface might cause incorrect processing. |
|
Variable fields |
$1: Aggregate interface name. $2: Ethernet interface name. |
|
Severity level |
4 |
|
Example |
FCOE/4/FCOE_INTERFACE_NOTSUPPORT_FCOE: Because the aggregate interface Bridge-Aggregation 1 has been bound to a VFC interface, assigning the interface Ten-GigabitEthernet 2/0/1 that does not support FCoE to the aggregate interface might cause incorrect processing. |
|
Explanation |
This message is generated when an interface that does not support FCoE is assigned to an aggregate interface that has been bound to a VFC interface. |
|
Recommended action |
Assign an interface that supports FCoE to the aggregate interface, or remove the binding from the VFC interface. |
FCOE_LAGG_BIND_ACTIVE
|
Message text |
The binding between aggregate interface [STRING] and the VFC interface takes effect because amember port is unbound from its bound VFC interface or removed from the aggregate interface. |
|
Variable fields |
$1: Aggregate interface name. |
|
Severity level |
4 |
|
Example |
FCOE/4/FCOE_LAGG_BIND_ACTIVE: The binding between aggregate interface Bridge-Aggregation1 and the VFC interface takes effect, because ta member port is unbound from its bound VFC interface or removed from the aggregate interface. |
|
Explanation |
This message is generated when a member port of an aggregate interface is unbound from its bound VFC interface or removed from the aggregate interface. |
|
Recommended action |
No action is required. |
FCOE_LAGG_BIND_DEACTIVE
|
Message text |
The binding between aggregate interface [STRING] and the VFC interface is no longer in effect, because a new member port has been bound to a VFC interface. |
|
Variable fields |
$1: Aggregate interface name. |
|
Severity level |
4 |
|
Example |
FCOE/4/FCOE_LAGG_BIND_DEACTIVE: The binding between aggregate interface Bridge-Aggregation1 and the VFC interface is no longer in effect, because a new member port has been bound to a VFC interface. |
|
Explanation |
This message is generated when a new member port of an aggregate interface has been bound to a VFC interface. |
|
Recommended action |
No action is required. |
FCZONE messages
This section contains FC zone messages.
FCZONE_DISTRIBUTE_FAILED
|
Message text |
-VSAN=[UINT16]; Zone distribution failed. The zoning configurations might consequently be inconsistent across the fabric. |
|
Variable fields |
$1: VSAN ID. |
|
Severity level |
4 |
|
Example |
FCZONE/4/FCZONE_DISTRIBUTE_FAILED: -VSAN=2; Zone distribution failed. The zoning configurations might consequently be inconsistent across the fabric. |
|
Explanation |
A distribution operation failed. Consequently, the zoning configurations might be inconsistent across the fabric. |
|
Recommended action |
To resolve the problem if the distribution operation is triggered by using the zoneset activate command: 1. Verify that the contents of the active zone set are consistent on all switches by using the display current-configuration command. 2. Reactivate the zone set and distribute it to the entire fabric by using the zoneset activate command. To resolve the problem if the distribution operation is triggered by using the zoneset distribute command: 3. Verify that the contents of the active zone set and zone database are consistent on all switches by using the display current-configuration command. 4. Trigger a new complete distribution by using the zoneset distribute command. To resolve the problem if the distribution operation is triggered by a zoning mode switchover: 5. Verify that the zoning mode is the same on all switches by using the display zone status command. 6. Trigger a new complete distribution by using the zoneset distribute command. |
FCZONE_HARDZONE_DISABLED
|
Message text |
-VSAN=[UINT16]: No enough hardware resource for zone rule, switched to soft zoning. |
|
Variable fields |
$1: VSAN ID. |
|
Severity level |
4 |
|
Example |
FCZONE/4/FCZONE_HARDZONE_DISABLED: -VSAN=2: No enough hardware resource for zone rule, switched to soft zoning. |
|
Explanation |
Insufficient hardware resources. |
|
Recommended action |
Activate a smaller zone set. |
FCZONE_HARDZONE_ENABLED
|
Message text |
-VSAN=[UINT16]: Hardware resource for zone rule is restored, switched to hard zoning. |
|
Variable fields |
$1: VSAN ID. |
|
Severity level |
6 |
|
Example |
FCZONE/6/FCZONE_HARDZONE_ENABLED: -VSAN=2: Hardware resource for zone rule is restored, switched to hard zoning. |
|
Explanation |
Hard zoning is enabled in a VSAN because the hardware resources are restored. |
|
Recommended action |
No action is required. |
FCZONE_ISOLATE_ALLNEIGHBOR
|
Message text |
|
|
Variable fields |
$1: VSAN ID. |
|
Severity level |
4 |
|
Example |
|
|
Explanation |
E_Ports connected to all neighbors were isolated because the length of the locally generated MR packet exceeded the limit. |
|
Recommended action |
To resolve the problem: 1. Use the display current-configuration command on the local switch to view the zoning configuration. 2. Delete unnecessary zoning configuration of the active zone set. 3. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation. Or 4. Activate a smaller zone set. 5. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation. |
FCZONE_ISOLATE_CLEAR_VSAN
|
Message text |
-Interface=[STRING]-VSAN=[UINT16]; Isolation status was cleared. |
|
Variable fields |
$1: Interface name. $2: VSAN ID. |
|
Severity level |
6 |
|
Example |
FCZONE/6/FCZONE_ISOLATE_CLEAR_VSAN: -Interface=Fc1/0/1-VSAN=2; Isolation status was cleared. |
|
Explanation |
The isolation status of an interface was cleared in a VSAN. |
|
Recommended action |
No action is required. |
FCZONE_ISOLATE_CLEAR_ALLVSAN
|
Message text |
-Interface=[STRING]; Isolation status was cleared in all supported VSANs. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
|
|
Explanation |
The isolation status of an interface was cleared in all supported VSANs. |
|
Recommended action |
No action is required. |
FCZONE_ISOLATE_NEIGHBOR
|
Message text |
-VSAN=[UINT16]; All the E ports connected to a neighbor were isolated because of merge failure, and the neighbor’s switch WWN is [STRING]. |
|
Variable fields |
$1: VSAN ID. $2: Neighbor's switch WWN. |
|
Severity level |
4 |
|
Example |
FCZONE/4/FCZONE_ISOLATE_NEIGHBOR: -VSAN=2; All the E ports connected to a neighbor were isolated because of merge failure, and the neighbor’s switch WWN is 10:00:00:11:22:00:0d:01. |
|
Explanation |
All E_Ports connected to a neighbor were isolated because a merge operation with the neighbor failed. |
|
Recommended action |
To resolve the problem: 1. Use the display current-configuration command on the local switch and the neighbor switch to view their zoning configurations. 2. Modify those noncompliant configurations on both switches to be compliant with merge rules. 3. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation. |
FGROUP messages
This section contains flow group messages.
FLOWGROUP_APPLY_FAIL
|
Message text |
Failed to apply flow group [STRING]. Reason: [STRING] |
|
Variable fields |
$1: Flow group ID. $2: Failure cause: ¡ The operation is not supported. ¡ Not enough resources to complete the operation. |
|
Severity level |
4 |
|
Example |
FGROUP/4/FLOWGROUP_APPLY_FAIL: Failed to apply flow group 1. Reason: The operation is not supported. |
|
Explanation |
This message was generated when a flow group fails to be applied. |
|
Recommended action |
Modify or delete the flow group. |
FLOWGROUP_MODIFY_FAIL
|
Message text |
Failed to modify flow group [STRING]. Reason: [STRING] |
|
Variable fields |
$1: Flow group ID. $2: Failure cause: ¡ The operation is not supported. ¡ Not enough resources to complete the operation. |
|
Severity level |
4 |
|
Example |
FGROUP/4/FLOWGROUP_MODIFY_FAIL: Failed to modify flow group 1. Reason: The operation is not supported. |
|
Explanation |
This message is generated when a flow group fails to be modified. |
|
Recommended action |
Delete unnecessary settings on the device if the failure is due to insufficient resources. |
FIB messages
This section contains FIB messages.
FIB_FILE
|
Message text |
Failed to save the IP forwarding table due to lack of storage resources. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
FIB/4/FIB_FILE: -MDC=1; Failed to save the IP forwarding table due to lack of storage resources. |
|
Explanation |
Failed to save the IP forwarding table due to lack of storage resources. |
|
Recommended action |
Delete unused files to release storage space. |
FIB_OVERLOAD_FORWARD
|
Message text |
The system is in the overload forwarding state because the FIB module is overloaded: FibOverloadModule=[STRING]. |
|
Variable fields |
$1: FIB entry type: · FIB4—The number of IPv4 FIB entries has reached 80% of the upper limit. · FIB6—The number of IPv6 FIB entries has reached 80% of the upper limit. |
|
Severity level |
4 (Warning) |
|
Example |
FIB/4/FIB_OVERLOAD_FORWARD: The system is in the overload forwarding state because the FIB module is overloaded: FibOverloadModule=FIB4. |
|
Explanation |
The number of FIB entries has reached 80% of the upper limit on the device. |
|
Recommended action |
Check for packet attacks. |
FIB_OVERLOAD_FORWARDRESUME
|
Message text |
|
|
Variable fields |
$1: FIB entry type: · FIB4—The number of IPv4 FIB entries has dropped to 50% of the upper limit. · FIB6—The number of IPv6 FIB entries has dropped to 50% of the upper limit. |
|
Severity level |
5 |
|
Example |
FIB/5/FIB_OVERLOAD_FORWARDRESUME: The system changes from the overload forwarding state to the normal state: FibOverloadModule=FIB4. |
|
Explanation |
The number of FIB entries has restored to normal on the device. |
|
Recommended action |
No action is required. |
FIB_PREFIX_ENOUGHRESOURCE
|
Message text |
Issued the software entry to the driver for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Issued the software entry to the driver for IP address [STRING] and mask length [UINT32] on the public network. |
|
Variable fields |
$1: IPv4 or IPv6 address. $2: Mask or prefix length. $3: VPN instance name. This field is not available for the public network. |
|
Severity level |
6 |
|
Example |
FIB/6/FIB_PREFIX_ENOUGHRESOURCE: Issued the software entry to the driver for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_PREFIX_ENOUGHRESOURCE: Issued the software entry to the driver for IP address 10::2 and mask length 128 on the public network. |
|
Explanation |
This message occurs when the system successfully updates the FIB entry in hardware with the FIB entry in software for an IP address for consistency. You can use the following commands to enable FIB entry consistency check and the generation of this log for IPv4 and IPv6: · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). |
|
Recommended action |
No action is required. |
FIB_PREFIX_INCONSISTENT
|
Message text |
Inconsistent software and hardware FIB entries for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Inconsistent parameters: [STRING]. Inconsistent software and hardware FIB entries for IP address [STRING] and mask length [UINT32] on the public network. Inconsistent parameters: [STRING]. |
|
Variable fields |
$1: IPv4 or IPv6 address. $2: Mask or prefix length. $3: VPN instance name. This field is not available for the public network. $4: Inconsistent parameters. Options: ¡ Next hop ¡ MPLS label ¡ Adjacent-table ¡ Micro-segment ID |
|
Severity level |
6 |
|
Example |
FIB/6/FIB_PREFIX_INCONSISTENT: Inconsistent software and hardware FIB entries for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. Inconsistent parameters: next hop, mpls label, adjacent-table and micro-segment ID. FIB/6/FIB_PREFIX_INCONSISTENT: Inconsistent software and hardware FIB entries for IP address 10::2 and mask length 128 on the public network. Inconsistent parameters: next hop, mpls label, adjacent-table and micro-segment ID. |
|
Explanation |
This message occurs when the system detects an inconsistency between the FIB entry in software and FIB entry in hardware for an IP address. You can use the following commands to enable FIB entry consistency check for IPv4 and IPv6. · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). Once the device detects an inconsistency, it will generate this type of log. |
|
Recommended action |
No action is required. The device will update the FIB entry in hardware with the FIB entry in software automatically. |
FIB_PREFIX_NORESOURCE
|
Message text |
Not enough hardware resources to issue the software entry to the driver for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Not enough hardware resources to issue the software entry to the driver for IP address [STRING] and mask length [UINT32] on the public network. |
|
Variable fields |
$1: IPv4 or IPv6 address. $2: Mask or prefix length. $3: VPN instance name. This field is not available for the public network. |
|
Severity level |
6 |
|
Example |
FIB/6/FIB_PREFIX_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_PREFIX_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IP address 10::2 and mask length 128 on the public network. |
|
Explanation |
This message occurs when the system fails to update the FIB entry in hardware with the FIB entry in software for an IP address for consistency. You can use the following commands to enable FIB entry consistency check and the generation of this log for IPv4 and IPv6: · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). |
|
Recommended action |
No action is required. The device will attempt to re-issue the FIB entry from software to hardware automatically. |
FIB_VN_ENOUGHRESOURCE
|
Message text |
Issued the following [UINT32] software FIB entries to the driver: Entry for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Issued the following [UINT32] software FIB entries to the driver: Entry for IP address [STRING] and mask length [UINT32] on the public network. |
|
Variable fields |
$1: Number of resynchronized FIB entries. $2: IPv4 or IPv6 address. $3: Mask or prefix length. $4: VPN instance name. This field is not available for the public network. |
|
Severity level |
6 |
|
Example |
FIB/6/FIB_VN_ENOUGHRESOURCE: Issued the following 1 software FIB entries to the driver: Entry for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_PREFIX_ENOUGHRESOURCE: Issued the following 1 software FIB entries to the driver: Entry for IP address 10::2 and mask length 128 on the public network. |
|
Explanation |
The device attempts to re-issue virtual next hop information to hardware if it has failed to issue this information during synchronization of some FIB entries from software to hardware for consistency. This message occurs after the system successfully re-issues virtual next hop information to hardware. You can use one of the following commands to enable FIB entry consistency check and the generation of this log for IPv4 and IPv6: · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). |
|
Recommended action |
No action is required. |
FIB_VN_INCONSISTENT
|
Message text |
Inconsistent software and hardware entries for the following [UINT32] FIB entries. Inconsistent parameters: [STRING]. Entry for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Inconsistent software and hardware entries for the following [UINT32] FIB entries. Inconsistent parameters: [STRING]. Entry for IP address [STRING] and mask length [UINT32] on the public network. |
|
Variable fields |
$1: Number of inconsistent FIB entries. $2: Inconsistent parameters. ¡ Next hop ¡ MPLS label ¡ Maximum number of ECMP routes ¡ Output tunnel interface $3: IPv4 or IPv6 address. $4: Mask or prefix length. $5: VPN instance name. If the FIB table runs on the public network, this field will not be displayed. |
|
Severity level |
6 |
|
Example |
FIB/6/FIB_VN_INCONSISTENT: Inconsistent software and hardware entries for the following 1 FIB entries. Inconsistent parameters: next hop and mpls label. Entry for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_VN_INCONSISTENT: Inconsistent software and hardware entries for the following 1 FIB entries. Inconsistent parameters: next hop and mpls label. Entry for IP address 10::2 and mask length 128 on the public network. |
|
Explanation |
You can use one of the following commands to enable FIB entry consistency check · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). Once the device detects an inconsistency between virtual nexthop entries in software and in hardware, it will generate this log to inform the user of the inconsistent FIB entries. |
|
Recommended action |
No action is required. The device will update the inconsistent virtual nexthop entries in hardware with the virtual nexthop entries in software automatically. |
FIB_VN_NORESOURCE
|
Message text |
Not enough hardware resources to issue the following [UINT32] software FIB entries to the driver: Entry for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Not enough hardware resources to issue the following [UINT32] software FIB entries to the driver: Entry for IP address [STRING] and mask length [UINT32] on the public network. |
|
Variable fields |
$1: Number of FIB entries that failed to be issued to the hardware. $2: IPv4 or IPv6 address. $3: Mask or prefix length. $4: VPN instance name. If the FIB table runs on the public network, this field will not be displayed. |
|
Severity level |
6 |
|
Example |
FIB/6/FIB_VN_NORESOURCE: Not enough hardware resources to issue the following 1 software FIB entries to the driver: Entry for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_VN_NORESOURCE: Not enough hardware resources to issue the following 1 software FIB entries to the driver: Entry for IP address 10::2 and mask length 128 on the public network. |
|
Explanation |
You can use one of the following commands to enable FIB entry consistency check and the generation of this log for IPv4 and IPv6: · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). With FIB entry consistency check enabled, the device will generate this type of log if it fails to issue some software virtual nexthop entries to the hardware due to insufficient hardware resources. This log informs the user of the invalid FIB entries. |
|
Recommended action |
No action is required. The device will re-issue the software virtual nexthop entries to the hardware automatically. |
FILTER messages
This section contains filter messages.
FILTER_EXECUTION_ICMP
|
Message text |
RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];IcmpType(1062)=[STRING]([UINT16]);IcmpCode(1063)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING]; |
|
Variable fields |
$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: Layer 4 protocol name. $6: Source IP address. $7: Destination IP address. $8: ICMP message type. $9: ICMP message code. $10: Match count. $11: Event information. |
|
Severity level |
6 |
|
Example |
FILTER/6/FILTER_EXECUTION_ICMP: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1067)=inbound;AclType(1064)=ACL;Acl(1065)=3000;Protocol(1001)=ICMP;SrcIPAddr(1003)=100.1.1.1;DstIPAddr(1007)=200.1.1.1;IcmpType(1059)=Echo(8);IcmpCode(1060)=0;MatchAclCount(1066)=1000;Event(1048)=Permit; |
|
Explanation |
|
|
Recommended action |
No action is required. |
FILTER_EXECUTION_ICMPV6
|
Message text |
RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];Icmpv6Type(1064)=[STRING]([UINT16]);Icmpv6Code(1065)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING]; |
|
Variable fields |
$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: Layer 4 protocol name. $6: Source IPv6 address. $7: Destination IPv6 address. $8: ICMPv6 message type. $9: ICMPv6 message code. $10: Match count. $11: Event information. |
|
Severity level |
6 |
|
Example |
FILTER/6/FILTER_EXECUTION_ICMPV6: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1067)=inbound;AclType(1064)=ACL;Acl(1065)=3000;Protocol(1001)=ICMPV6;SrcIPv6Addr(1036)=2001::1;DstIPv6Addr(1037)=3001::1;Icmpv6Type(1064)=Echo(128);Icmpv6Code(1065)=0;MatchAclCount(1066)=1000;Event(1048)=Permit; |
|
Explanation |
ICMPv6 packets matched the packet filter. This message is sent when the first ICMPv6 packet of a flow matches the packet filter, and it will be sent regularly for the flow. |
|
Recommended action |
No action is required. |
FILTER_IPV4_EXECUTION
|
Message text |
RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING]; |
|
Variable fields |
$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: Layer 4 protocol name. $6: Source IP address. $7: Source port. $8: Destination IP address. $9: Destination port number. $10: Match count. $11: Event information. |
|
Severity level |
6 |
|
Example |
FILTER/6/FILTER_IPV4_EXECUTION: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;AclType(1067)=ACL;Acl(1068)=3000;Protocol(1001)=TCP;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchAclCount(1069)=1000;Event(1048)=Permit; |
|
Explanation |
Packets other than ICMP packets matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and it will be sent regularly for the flow. |
|
Recommended action |
No action is required. |
FILTER_IPV6_EXECUTION
|
Message text |
RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING]; |
|
Variable fields |
$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: Layer 4 protocol name. $6: Source IPv6 address. $7: Source port number. $8: Destination IPv6 address. $9: Destination port number. $10: Match count. $11: Event information. |
|
Severity level |
6 |
|
Example |
FILTER/6/FILTER_IPV6_EXECUTION: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;AclType(1067)=ACL;Acl(1068)=3000;Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3001::1;DstPort(1008)=1026;MatchAclCount(1069)=1000;Event(1048)=Permit; |
|
Explanation |
Packets other than ICMPv6 packets matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and it will be sent regularly for the flow. |
|
Recommended action |
No action is required. |
FIPSNG messages
This section contains FIP snooping messages.
FIPSNG_HARD_RESOURCE_NOENOUGH
|
Message text |
No enough hardware resource for FIP snooping rule. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
FIPSNG/4/FIPSNG_HARD_RESOURCE_NOENOUGH: No enough hardware resource for FIP snooping rule. |
|
Explanation |
Hardware resources are insufficient. |
|
Recommended action |
No action is required. |
FIPSNG_HARD_RESOURCE_RESTORE
|
Message text |
Hardware resource for FIP snooping rule is restored. |
|
Variable fields |
N/A |
|
Severity level |
6 |
|
Example |
FIPSNG/6/FIPSNG_HARD_RESOURCE_RESTORE: Hardware resource for FIP snooping is restored. |
|
Explanation |
Hardware resources for FIP snooping rules are restored. |
|
Recommended action |
No action is required. |
FS messages
This section contains file system messages.
FS_UNFORMATTED_PARTITION
|
Message text |
Partition [STRING] is not formatted yet. Please format the partition first. |
|
Variable fields |
$1: Partition name. |
|
Severity level |
4 (Warning) |
|
Example |
FS/4/FS_UNFORMATED_PARTITION: Partition usba0: is not formatted yet. Please format the partition first. |
|
Impact |
This issue might lead to storage medium read and write failures. |
|
Cause |
The partition is not formatted. You must format a partition before you can perform other operations on the partition. |
|
Recommended action |
Format the specified partition. |
FTP messages
This section contains File Transfer Protocol messages.
FTP_ACL_DENY
|
Message text |
The FTP Connection [IPADDR]([STRING]) request was denied according to ACL rules. |
|
Variable fields |
$1: IP address of the FTP client. $2: VPN instance to which the IP address of the FTP client belongs. |
|
Severity level |
5 (Notification) |
|
Example |
FTP/5/FTP_ACL_DENY: The FTP Connection 1.2.3.4(vpn1) request was denied according to ACL rules. |
|
Impact |
The system might suffer an attack. |
|
Cause |
The ACL for controlling FTP access denied the access request of an FTP client. |
|
Recommended action |
Contact Technical Support to view ACL rules and ensure that the FTP connection complies with the access rules of the ACL. |
FTPD_AUTHOR_FAILED
|
Message text |
Authorization failed for user [STRING]@[STRING]. |
|
Variable fields |
$1: Username. $1: IP address of the FTP client. |
|
Severity level |
4 (Warning) |
|
Example |
FTP/4/FTPD_AUTHOR_FAILED: Authorization failed for user [email protected]. |
|
Impact |
The FTP login user cannot correctly access the system. |
|
Cause |
The FTP user cannot obtain authorization. |
|
Recommended action |
Check whether the user is assigned the FTP service. |
FTP_REACH_SESSION_LIMIT
|
Message text |
FTP client [STRING] failed to log in. The current number of FTP sessions is [NUMBER]. The maximum number allowed is ([NUMBER]). |
|
Variable fields |
$1: IP address of the FTP client. $2: Current number of FTP sessions. $3: Maximum number of FTP sessions allowed by the device. |
|
Severity level |
|
|
Example |
|
|
Impact |
The FTP login user cannot correctly access the system. |
|
Cause |
This message is generated when the FTP server detects that the number of FTP connections has reached the limit. |
|
Recommended action |
1. Use the display current-configuration | include session-limit command to view the current limit for FTP connections. If the command does not display the limit, the device is using the default setting. 2. If you want to set a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required. |
FTPC messages
This section contains File Transfer Protocol Client (FTPC) messages.
FTPC_DOWNLOAD
|
Message text |
FTP client downloaded [NUMBER] bytes of [STRING] (remotely named [STRING]) from [STRING]. |
|
Variable fields |
$1: Size of the file downloaded by the FTP client. $2: Name of the file downloaded to the local host. $3: Name of the file on the FTP server. $4: IP address of the FTP server. |
|
Severity level |
6 (Informational) |
|
Example |
FTPC/6/FTPC_DOWNLOAD: FTP client downloaded 125322 bytes of /mnt/slot0#flash:/test.txt (remotely named test.txt) from 192.168.169.1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The FTP client downloaded a file. |
|
Recommended action |
No action is required. |
FTPC_UPLOAD
|
Message text |
FTP client uploaded [NUMBER] bytes of [STRING](remotely named [STRING]) to [STRING]. |
|
Variable fields |
$1: Size of the file uploaded by the FTP client. $2: Name of the file in the local host. $3: Name of the file uploaded to the FTP server. $4: IP address of the FTP server. |
|
Severity level |
6 (Informational) |
|
Example |
FTPC/6/FTPC_DOWNLOAD: FTP client uploaded 125322 bytes of /mnt/slot0#flash:/test.txt (remotely named test.txt) to 192.168.169.1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The FTP client uploaded a file. |
|
Recommended action |
No action is required. |
gRPC messages
This section contains gRPC messages.
GRPC_LOGIN
|
Message text |
[STRING] logged in from [STRING], session id [INT32]. |
|
Variable fields |
$1: Username. $2: Client address, including IP version, IP address, and port number. $3: Session ID. |
|
Severity level |
6 (Informational) |
|
Example |
GRPC/6/GRPC_LOGIN: user logged in from ipv4:192.168.56.99:41996, session id 1. |
|
Impact |
N/A |
|
Cause |
A user logged in successfully. |
|
Recommended action |
No action is required. |
GRPC_LOGIN_FAILED
|
Message text |
[STRING] from [STRING] login failed. Or: [STRING] from [STRING] login failed. [STRING] |
|
Variable fields |
$1: Username. $2: Client address, including IP version, IP address, and port number. $3: Login failure reason. The value might be Number of the gRPC sessions reached the limit. |
|
Severity level |
6 (Informational) |
|
Example |
GRPC/6/GRPC_LOGIN_FAILED: admin1 from ipv4:192.168.70.10:53254 login failed. |
|
Cause |
If the number of gRPC sessions has reached the upper limit, a new user (gRPC client) cannot log in. |
|
Cause |
A user failed to log in. |
|
Recommended action |
1. If no failure reason is displayed, verify that the user is configured and the user entered the correct username and password. 2. If the maximum number of gRPC sessions was already reached, release gRPC sessions as required. |
GRPC_LOGOUT
|
Message text |
[STRING] logged out, Session id [INT32]. |
|
Variable fields |
$1: Username. $2: Session ID. |
|
Severity level |
6 (Informational) |
|
Example |
GRPC/6/GRPC_LOGOUT: user logged out, Session id 1. |
|
Impact |
N/A |
|
Cause |
A user logged out successfully. |
|
Recommended action |
No action is required. |
GRPC_SERVER_FAILED
|
Message text |
Failed to enable gRPC server. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
GRPC/4/GRPC_SERVER_FAILED: Failed to enable gRPC server. |
|
Impact |
The gRPC service is unavailable. |
|
Cause |
The default listening port for the gRPC service is 50051. If this port is already in use by another service, the gRPC service will fail to start. |
|
Recommended action |
1. Use the grpc port command to modify the port number of the gRPC service. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
GRPC_SERVICE_STOP
|
Message text |
gRPC service stopped. Reason: CPU usage threshold has been exceeded. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
GRPC/6/GRPC_SERVICE_STOP: gRPC service stopped. Reason: CPU usage threshold has been exceeded. |
|
Impact |
The gRPC service is stopped. |
|
Cause |
gRPC suspended sampling data because its CPU usage has exceeded the limit set by using the grpc cpu-usage max-percent command. |
|
Recommended action |
To decrease the CPU usage of gRPC during data sampling, reduce the number of sensor paths or increase the sampling interval. gRPC will continue to sample data after its CPU usage drops to below the limit. |
GRPC_SERVICE_RECOVER
|
Message text |
gRPC service recovered. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
GRPC/6/GRPC_SERVICE_RECOVER: gRPC service recovered. |
|
Impact |
N/A |
|
Cause |
gRPC resumed data sampling because its CPU usage has dropped to or below the limit set by using the grpc cpu-usage max-percent command. |
|
Recommended action |
No action is required. |
GRPC_SUBSCRIBE_EVENT_FAILED
|
Message text |
Failed to subscribe event [STRING]. |
|
Variable fields |
$ 1: Event name. |
|
Severity level |
4 (Warning) |
|
Example |
GRPC/4/GRPC_SUBSCRIBE_EVENT_FAILED: Failed to subscribe event syslog. |
|
Impact |
The system cannot normally push subscribed events. |
|
Cause |
Possible causes: The service process corresponding to the subscription information is not started. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
GRPC_RECEIVE_SUBSCRIPTION
|
Message text |
Received a subscription of module [STRING]. |
|
Variable fields |
$ 1: Module name. |
|
Severity level |
6 (Informational) |
|
Example |
GRPC/6/GRPC_RECEIVE_SUBSCRIPTION: Received a subscription of module syslog. |
|
Impact |
N/A |
|
Cause |
The device received a subscription request for a module. |
|
Recommended action |
No action is required. |
HA messages
This section contains HA messages.
HA_BATCHBACKUP_FINISHED
|
Message text |
Batch backup of standby board in [STRING] has finished. |
|
Variable fields |
$1: Chassis number and slot number or slot number. |
|
Severity level |
5 |
|
Example |
HA/5/HA_BATCHBACKUP_FINISHED: Batch backup of standby board in slot 1 has finished. |
|
Explanation |
Batch backup from the active MPU to the standby MPU has finished. |
|
Recommended action |
No action is required. |
HA_BATCHBACKUP_STARTED
|
Message text |
Batch backup of standby board in [STRING] started. |
|
Variable fields |
$1: Chassis number and slot number or slot number. |
|
Severity level |
5 |
|
Example |
HA/5/HA_BATCHBACKUP_STARTED: Batch backup of standby board in slot 1 started. |
|
Explanation |
Batch backup from the active MPU to the standby MPU has started. |
|
Recommended action |
No action is required. |
HA_STANDBY_NOT_READY
|
Message text |
Standby board in [STRING] is not ready, reboot ... |
|
Variable fields |
$1: Chassis number and slot number or slot number. |
|
Severity level |
4 |
|
Example |
HA/4/HA_STANDBY_NOT_READY: Standby board in slot 1 is not ready, reboot ... |
|
Explanation |
This message appears on the standby MPU. When batch backup is not complete on the standby MPU, performing active and standby MPU switchover results in restart of the active and standby MPUs. |
|
Recommended action |
Do not perform active and standby MPU switchover before batch backup is complete on the standby MPU. |
HA_STANDBY_TO_MASTER
|
Message text |
Standby board in [STRING] changed to the master. |
|
Variable fields |
$1: Chassis number and slot number or slot number. |
|
Severity level |
5 |
|
Example |
HA/5/HA_STANDBY_TO_MASTER: Standby board in slot 1 changed to the master. |
|
Explanation |
An active and standby MPU switchover occurs. The standby MPU changed to active. |
|
Recommended action |
No action is required. |
HLTH messages
This section contains health messages.
LIPC_COMM_FAULTY
|
Message text |
LIPC [STRING] between [STRING] and [STRING] might be faulty. |
|
Variable fields |
$1: LIPC communication type. Options include: ¡ unicast—Unicast communication. ¡ broadcast—Broadcast communication. ¡ topo—Topology communication. $2: Chassis number and slot number and CPU number, or slot number and CPU number. A CPU number is present only if the slot supports multiple CPUs. $3: Chassis number and slot number and CPU number, or slot number and CPU number. A CPU number is present only if the slot supports multiple CPUs. |
|
Severity level |
4 (Warning) |
|
Example |
HLTH/4/LIPC_COMM_FAULTY: LIPC unicast between slot 1 and slot 2 might be faulty. |
|
Impact |
Services between modules are affected. |
|
Cause |
The system detected a LIPC communication abnormality between two modules. |
|
Recommended action |
Execute the display system health command to identify system health status. If the issue persists after 30 minutes, collect the device configuration file, log information, and alarm information, and then contact Technical Support. |
LIPC_COMM_RECOVER
|
Message text |
LIPC [STRING] between [STRING] and [STRING] recovered. |
|
Variable fields |
$1: LIPC communication type. Options include: ¡ unicast—Unicast communication. ¡ broadcast—Broadcast communication. ¡ topo—Topology communication. $2: Chassis number and slot number and CPU number, or slot number and CPU number. A CPU number is present only if the slot supports multiple CPUs. $3: Chassis number and slot number and CPU number, or slot number and CPU number. A CPU number is present only if the slot supports multiple CPUs. |
|
Severity level |
6 (Informational) |
|
Example |
HLTH/6/LIPC_COMM_NORMAL: LIPC unicast between slot 1 and slot 2 recovered. |
|
Impact |
No impact on the system. |
|
Cause |
The LIPC communication recovered between two modules. |
|
Recommended action |
No action is required. |
HQOS messages
This section contains HQoS messages.
HQOS_DP_SET_FAIL
|
Message text |
Failed to set drop profile [STRING] globally. |
|
Variable fields |
$1: Drop profile name. |
|
Severity level |
4 |
|
Example |
HQOS/4/HQOS_DP_SET_FAIL: Failed to set drop profile b globally. |
|
Explanation |
The system failed to perform one of the following actions: · Apply a drop profile globally. · Modify a drop profile applied globally. |
|
Recommended action |
Check the drop profile settings. |
HQOS_FP_SET_FAIL
|
Message text |
Failed to set [STRING] in forwarding profile [STRING] globally. |
|
Variable fields |
$1: Policy type: · gts. · bandwidth. · queue. · drop profile. $2: Forwarding profile name. |
|
Severity level |
4 |
|
Example |
HQOS/4/HQOS_FP_SET_FAIL: Failed to set gts in forwarding profile b globally. |
|
Explanation |
The system failed to perform one of the following actions: · Apply a forwarding profile globally. · Modify a forwarding profile applied globally. |
|
Recommended action |
Examine the forwarding profile, and make sure it is supported and has no conflicted contents. |
HQOS_POLICY_APPLY_FAIL
|
Message text |
Failed to apply some forwarding classes or forwarding groups in scheduler policy [STRING] to the [STRING] direction of interface [STRING]. |
|
Variable fields |
$1: Scheduler policy name. $2: Policy direction: inbound or outbound. $3: Interface name. |
|
Severity level |
4 |
|
Example |
HQOS/4/HQOS_POLICY_APPLY_FAIL: Failed to apply some forwarding classes or forwarding groups in scheduler policy b to the inbound direction of interface Ethernet3/1/2. |
|
Explanation |
The system failed to perform one of the following actions: · Apply a scheduler policy to a specific direction of an interface. · Modify a scheduler policy applied to a specific direction of an interface. |
|
Recommended action |
Use the display qos scheduler-policy diagnosis interface command to identify the nodes that failed to be applied and the failure causes, and modify the running configuration. |
HQOS_POLICY_APPLY_FAIL
|
Message text |
Failed to recover scheduler policy [STRING] to the [STRING] direction of interface [STRING] due to [STRING]. |
|
Variable fields |
$1: Scheduler policy name. $2: Policy direction: inbound or outbound. $3: Interface name. $4: Cause. |
|
Severity level |
4 |
|
Example |
HQOS/4/HQOS_POLICY_RECOVER_FAIL: Failed to recover scheduler policy b to the outbound direction of interface Ethernet3/1/2 due to conflicting with QoS configuration. |
|
Explanation |
The system failed to recover an applied scheduler policy after the card or device rebooted, because the scheduler policy conflicted with the QoS configuration on the interface. |
|
Recommended action |
Check the scheduler policy configuration according to the failure cause. |
HTTPD messages
This section contains HTTP daemon messages.
HTTPD_CONNECT
|
Message text |
[STRING] client [STRING] connected to the server successfully. |
|
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
|
Severity level |
6 |
|
Example |
HTTPD/6/HTTPD_CONNECT: HTTP client 192.168.30.117 connected to the server successfully. |
|
Explanation |
The HTTP or HTTPS server accepted the request from a client. An HTTP or HTTPS connection was set up. |
|
Recommended action |
No action is required. |
HTTPD_CONNECT_TIMEOUT
|
Message text |
[STRING] client [STRING] connection idle timeout. |
|
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
|
Severity level |
6 |
|
Example |
HTTPD/6/HTTPD_CONNECT_TIMEOUT: HTTP client 192.168.30.117 connection to server idle timeout. |
|
Explanation |
An HTTP or HTTPS connection was disconnected because the idle timeout timer expires. |
|
Recommended action |
No action is required. |
HTTPD_DISCONNECT
|
Message text |
[STRING] client [STRING] disconnected from the server. |
|
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
|
Severity level |
6 |
|
Example |
HTTPD/6/HTTPD_DISCONNECT: HTTP client 192.168.30.117 disconnected from the server. |
|
Explanation |
An HTTP or HTTPS client was disconnected from the server. |
|
Recommended action |
No action is required. |
HTTPD_FAIL_FOR_ACL
|
Message text |
[STRING] client [STRING] failed the ACL check and could not connect to the server. |
|
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
|
Severity level |
6 |
|
Example |
HTTPD/6/HTTPD_FAIL_FOR_ACL: HTTP client 192.168.30.117 failed the ACL check and cannot connect to the server. |
|
Explanation |
An HTTP or HTTPS client was filtered by the ACL. |
|
Recommended action |
No action is required. |
HTTPD_FAIL_FOR_ACP
|
Message text |
[STRING] client [STRING] was denied by the certificate access control policy and could not connect to the server. |
|
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
|
Severity level |
6 |
|
Example |
HTTPD/6/HTTPD_FAIL_FOR_ACP: HTTP client 192.168.30.117 was denied by the certificate attribute access control policy and could not connect to the server. |
|
Explanation |
An HTTP or HTTPS client was denied by the certificate access control policy. |
|
Recommended action |
No action is required. |
HTTPD_REACH_CONNECT_LIMIT
|
Message text |
[STRING] client [STRING] failed to connect to the server, because the number of connections reached the upper limit. |
|
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
|
Severity level |
6 |
|
Example |
HTTPD/6/HTTPD_REACH_CONNECT_LIMIT: HTTP client 192.168.30.117 failed to connect to the server, because the number of connections reached the upper limit. |
|
Explanation |
The number of connections reached the limit. |
|
Recommended action |
1. Use the display current-configuration | include session-limit command to view the current limit for connections of the specified type. If the command does not display the limit, the device is using the default setting. 2. If you want to specify a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required. |
IFMON
This section contains interface alarm messages.
BGTRAFFIC_SEND_BEGIN
|
Message text |
Interface [STRING] began sending background traffic. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
IFMON/6/BGTRAFFIC_SEND_BEGIN: Interface GigabitEthernet1/0/1 began sending background traffic. |
|
Impact |
N/A |
|
Cause |
An interface began sending background traffic when the outgoing traffic of the interface did not reach 100 Mbps. |
|
Recommended action |
No action is required. |
BGTRAFFIC_SEND_END
|
Message text |
Interface [STRING] stopped sending background traffic. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
IFMON/6/BGTRAFFIC_SEND_END: Interface GigabitEthernet1/0/1 stopped sending background traffic. |
|
Impact |
N/A |
|
Cause |
An interface stopped sending background traffic when the outgoing traffic of the interface exceeded 300 Mbps. |
|
Recommended action |
No action is required. |
CRC_ERROR_RECOVERY
|
Message text |
The number of CRC error packets dropped below the lower threshold: Interface name=[STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/CRC_ERROR_RECOVERY: The number of CRC error packets dropped below the lower threshold: Interface name=GigabitEthernet1/0/1. |
|
Impact |
N/A |
|
Cause |
This message was generated when the number of CRC error packets within a statistics collection interval dropped below the lower threshold, and this alarm was cleared. |
|
Recommended action |
No action is required. |
CRC_ERROR_THRESHOLD
|
Message text |
The number of CRC error packets exceeded the upper threshold: Interface name=[STRING], upper threshold=[UINT32], number of CRC error packets=[UINT64], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold for alarms. $3: Number of CRC error packets within the latest statistics collection interval. $4: Statistics collection and comparison interval for CRC error packets in seconds. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/CRC_ERROR_THRESHOLD: The number of CRC error packets exceeded the upper threshold: Interface name=HundredGigE1/0/1, upper threshold=100, number of CRC error packets=200, interval=10s. |
|
Impact |
If the shutdown keyword is configured when you configure the CRC packet error rate on a physical interface, the system shuts down the interface when the number of received CRC error packets on the interface exceeds the upper threshold. Then, the interface stops forwarding all packets. To recover the interface, execute the undo shutdown command on the interface. If you do not specify this keyword, an upper threshold exceeding alarm is generated and the interface enters the alarm state when the number of received CRC error packets exceeds the upper threshold on the interface. |
|
Cause |
This message was generated when the number of CRC error packets within a statistics collection interval exceeded the upper threshold. Typically, the reason is that the upper threshold is set improperly or data is damaged during transmission and the number of error packets increases. |
|
Recommended action |
· Verify that the upper threshold is set properly. · Verify that the link environment quality is good. |
IFMON_BAD_BYTES_ERROR_RESUME
|
Message text |
The number of bad packet bytes on [STRING] drops below the lower threshold. Threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Threshold. $3: Statistics value. $4: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_BAD_BYTES_ERROR_RESUME: The number of bad packet bytes on GigabitEthernet1/0/1 drops below the lower threshold. Threshold=99, value=44, interval=10s. |
|
Impact |
N/A |
|
Cause |
The number of bytes in bad packets within the statistics polling interval dropped below the threshold. |
|
Recommended action |
No action is required. |
IFMON_BAD_BYTES_ERROR_RISING
|
Message text |
The number of bad packet bytes on [STRING] exceeds the upper threshold. Threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Threshold. $3: Statistics value. $4: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_BAD_BYTES_ERROR_RISING: The number of bad packet bytes on GigabitEthernet1/0/1 exceeds the upper threshold. Threshold=99, value=44, interval=10s. |
|
Impact |
Service switchover or interruption might occur. |
|
Cause |
The number of bytes in bad packets within the statistics polling interval exceeded the threshold. |
|
Recommended action |
1. When the attenuation of the line is too great, replace the optical fiber. Identify whether the log message is cleared. 2. View the Tx optical power of the remote end on NMS. If the Tx optical power is abnormal, replace the corresponding line card of the remote end. Identify whether the log message is cleared. 3. Replace the line card of the local end that reports the log message. Identify whether the log message is cleared. 4. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_CRC_ERROR_RESUME
|
Message text |
The number of CRC error packets on [STRING] drops below the lower threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. $5: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_CRC_ERROR_RESUME: The number of CRC error packets on GigabitEthernet1/0/1 drops below the lower threshold. Upper threshold=99, lower threshold=22, value=44, interval=10s. |
|
Impact |
N/A |
|
Cause |
The number of CRC error packets within the statistics polling interval dropped from above the upper threshold to below the lower threshold. |
|
Recommended action |
No action is required. |
IFMON_CRC_ERROR_RISING
|
Message text |
The number of CRC error packets on [STRING] exceeds the upper threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. $5: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_CRC_ERROR_RISING: The number of CRC error packets on GigabitEthernet1/0/1 exceeds the upper threshold. Upper threshold=99, lower threshold=22, value=44, interval=10s. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The number of CRC error packets within the statistics polling interval exceeded the upper threshold. Possible reasons are: · The transceiver module fails. · The optical fiber or link fails. |
|
Recommended action |
1. Identify whether the link (including optical fiber, transceiver module, transmission device, patch panel, and so on) fails. Replace the faulty components, and verify that the link is connected correctly. Identify whether the log message is cleared. 2. Identify whether the upper threshold set on the interface is too low. If the threshold is too low, execute the port ifmonitor crc-error command to modify the threshold. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_INPUT_BC_RAPID_CHANGE
|
Message text |
The incoming broadcast traffic of [STRING] suddenly exceeds the threshold. Threshold=[UINT64], current value=[UINT64]. |
|
Variable fields |
$1: Interface name. $2: Sudden change threshold. $3: Current sudden change value. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_INPUT_BC_RAPID_CHANGE: The incoming broadcast traffic of GigabitEthernet1/0/1 suddenly exceeds the threshold. Threshold=99, current value=44. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The sudden change of incoming broadcast traffic of an interface exceeded the threshold within the statistics polling interval. |
|
Recommended action |
1. When CurrentInputBroadcastRate ≥BaseInputBroadcastRate+InputBroadcastChangeThreshold, identify whether the broadcast traffic increases normally. If not, identify whether loops exist in the link. 2. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_INPUT_BC_RAPID_RECOVER
|
Message text |
The incoming broadcast traffic of [STRING] suddenly drops below the lower threshold. Threshold=[UINT32], current value=[UINT32]. |
|
Variable fields |
$1: Interface name. $2: Sudden change threshold. $3: Current sudden change value. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_INPUT_BC_RAPID_RECOVER: The incoming broadcast traffic of GigabitEthernet1/0/1 suddenly drops below the lower threshold. Threshold=99, current value=44. |
|
Impact |
N/A |
|
Cause |
The sudden change of incoming broadcast traffic on an interface dropped below the threshold. |
|
Recommended action |
No action is required. |
IFMON_INPUT_ERROR_RESUME
|
Message text |
The number of input error packets on [STRING] drops below the lower threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32]. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_INPUT_ERROR_RESUME: The number of input error packets on GigabitEthernet1/0/1 drops below the lower threshold. Upper threshold=99, lower threshold=22, value=44. |
|
Impact |
N/A |
|
Cause |
The number of input error packets within the statistics polling interval dropped from above the upper threshold to below the lower threshold. |
|
Recommended action |
No action is required. |
IFMON_INPUT_ERROR_RISING
|
Message text |
The number of input error packets on [STRING] exceeds the upper threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32]. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_INPUT_ERROR_RISING: The number of input error packets on GigabitEthernet1/0/1 exceeds the upper threshold. Upper threshold=99, lower threshold=22, value=44. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The number of input error packet within the statistics polling interval exceeded the upper threshold. Possible reasons are: · The transceiver module fails. · The optical fiber or link fails. |
|
Recommended action |
1. Replace the transceiver module. Identify whether the log message is cleared. 2. Replace the optical fiber or link. Identify whether the log message is cleared. 3. Identify whether the upper threshold set on the interface is too low. ¡ If the threshold is too low, execute the port ifmonitor input-error command to modify the threshold. ¡ If the threshold is set reasonably, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_INPUT_JAM_DISCARD
|
Message text |
The number of incoming packets lost due to network congestion on [STRING] exceeds the upper threshold. Threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Threshold. $3: Statistics value. $4: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_INPUT_JAM_DISCARD: The number of incoming packets lost due to network congestion on GigabitEthernet1/0/1 exceeds the upper threshold. Threshold=99, value=44, interval=10s. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The number of incoming packets dropped due to congestion within the statistics polling interval exceeded the threshold. |
|
Recommended action |
1. Execute the display this command to identify whether rate limiting is configured in the inbound direction of the interface. 2. Execute the qos lr inbound cir cir-value [ cbs cbs-value ] command in interface view to modify the rate limit values or execute the undo qos lr inbound command to delete rate limit configuration. Identify whether the log message is cleared. 3. According to the service conditions, execute the port ifmonitor input-usage high-threshold high-value command in interface view to modify the alarm threshold for the number of packets lost due to congestion on the interface. Identify whether the log message is cleared. 4. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_INPUT_JAM_DISCARD_RESUME
|
Message text |
The number of incoming packets lost due to network congestion on [STRING] drops below the lower threshold. Threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Threshold. $3: Statistics value. $4: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_INPUT_JAM_DISCARD_RESUME: The number of incoming packets lost due to network congestion on GigabitEthernet1/0/1 drops below the lower threshold. Threshold=99, value=44, interval=10s. |
|
Impact |
N/A |
|
Cause |
The number of incoming packets dropped due to congestion within the statistics polling interval dropped below the threshold. |
|
Recommended action |
No action is required. |
IFMON_INPUT_UFLOW_FALLING
|
Message text |
The number of incoming unknown unicast packets on [STRING] drops below threshold [UINT32]. Ratio=[UINT32]. |
|
Variable fields |
$1: Interface name. $2: Threshold. $3: Ratio of unknown unicast traffic to total traffic. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_INPUT_UFLOW_FALLING : The number of incoming unknown unicast packets on GigabitEthernet1/0/1 drops below threshold =44,Ratio=20%. |
|
Impact |
N/A |
|
Cause |
The incoming unknown unicast traffic on an interface dropped below the threshold. |
|
Recommended action |
No action is required. |
IFMON_INPUT_UFLOW_RISING
|
Message text |
The number of incoming unknown unicast packets on [STRING] exceeds threshold [UINT32]. Ratio=[UINT32]. |
|
Variable fields |
$1: Interface name. $2: Threshold. $3: Ratio of unknown unicast traffic to total traffic. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_INPUT_UFLOW_RISING: The number of incoming unknown unicast packets on GigabitEthernet1/0/1 exceeds threshold=50, Ratio=80%. |
|
Impact |
The sending bandwidth of normal protocol packets is preempted. As a result, the protocols are interrupted, and data is lost. |
|
Cause |
Traffic is abnormal on the device or the device is attacked. As a result, the unknown unicast traffic on the input interface exceeds the set threshold. |
|
Recommended action |
1. Execute the display this command in interface view to view the VLANs or VSIs configured on the interface. 2. In system view, enter the view of the corresponding VLAN or VSI. Execute the display this command to identify whether MAC address learning is enabled. ¡ If this feature is not enabled, go to step 3. ¡ If this feature is not enabled, go to step 4. 3. Execute the mac-address mac-learning enable command to enable MAC address learning. Identify whether the log message is cleared. 4. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_INPUT_USAGE_RESUME
|
Message text |
The input bandwidth usage on [STRING] drops below the lower threshold. Upper threshold=[UINT32], lower threshold=[UINT32], usage=[UINT32]. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_INPUT_USAGE_RESUME: The input bandwidth usage on GigabitEthernet1/0/1 drops below the lower threshold. Upper threshold=99, lower threshold=22, usage=44. |
|
Impact |
N/A |
|
Cause |
The input bandwidth usage dropped from above the upper threshold to below the lower threshold. |
|
Recommended action |
No action is required. |
IFMON_INPUT_USAGE_RISING
|
Message text |
The input bandwidth usage on [STRING] exceeds the upper threshold. Upper threshold=[UINT32], lower threshold=[UINT32], usage=[UINT32]. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_INPUT_USAGE_RISING: The input bandwidth usage on GigabitEthernet1/0/1 exceeds the upper threshold. Upper threshold=99, lower threshold=22, usage=44. |
|
Impact |
When the input bandwidth usage reaches about 100%, the service traffic might be delayed or dropped. |
|
Cause |
The input bandwidth usage exceeded the upper threshold. |
|
Recommended action |
Identify whether the upper threshold set on the interface is too low. · If the threshold is too lower, execute the port ifmonitor input-usage command to modify the threshold. · If the threshold is set reasonably, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_OUTPUT_ERROR_RESUME
|
Message text |
The number of output error packets on [STRING] drops below the lower threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32]. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_OUTPUT_ERROR_RESUME: The number of output error packets on GigabitEthernet1/0/1 drops below the lower threshold. Upper threshold=99, lower threshold=22, value=44. |
|
Impact |
N/A |
|
Cause |
The number of output error packets within the statistics polling interval dropped from above the upper threshold to below the lower threshold. |
|
Recommended action |
No action is required. |
IFMON_OUTPUT_ERROR_RISING
|
Message text |
The number of output error packets on [STRING] exceeds the upper threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32]. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_OUTPUT_ERROR_RISING: The number of output error packets on GigabitEthernet1/0/1 exceeds the upper threshold. Upper threshold=99, lower threshold=22, value=44. |
|
Impact |
Service traffic might be dropped |
|
Cause |
The number of input error packets within the statistics polling interval exceeded the upper threshold. Possible reasons are: · The transceiver module fails. · The optical fiber or link fails. |
|
Recommended action |
1. Verify that the optical fiber is firmly installed. Identify whether the log message is cleared. 2. Verify that the physical link is normal. 3. Execute the display interface command to identify whether the Tx power of the transceiver module of the interface that fails is within the normal range. Identify whether the negotiation mode, clock mode, and scrambling mode (link protocol, clock, and scramble) are the same on both ends. If they are different, modify the negotiation mode configuration on both ends to make them consistent. Identify whether the log message is cleared. 4. Identify whether the upper threshold set on the interface is too low. ¡ If the threshold is too low, execute the port ifmonitor output-error command to modify the threshold. ¡ If the threshold is set reasonably, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_OUTPUT_JAM_DISCARD
|
Message text |
The number of outgoing packets lost due to network congestion on [STRING] exceeds the upper threshold. Threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Threshold. $3: Statistics value. $4: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_OUTPUT_JAM_DISCARD: The number of outgoing packets lost due to network congestion on GigabitEthernet1/0/1 exceeds the upper threshold. Threshold=99, value=44, interval=10s. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The number of outgoing packets dropped due to congestion within the statistics polling interval exceeded the threshold. |
|
Recommended action |
1. Execute the display this command to identify whether rate limiting is configured in the outbound direction of the interface. 2. Execute the qos lr outbound cir cir-value [ cbs cbs-value ] command in interface view to modify the rate limit values or execute the undo qos lr outbound command to delete rate limit configuration. Identify whether the log message is cleared. 3. According to the service conditions, execute the port ifmonitor output-usage high-threshold high-value command in interface view to modify the alarm threshold for the number of packets lost due to congestion on the interface. Identify whether the log message is cleared. 4. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_OUTPUT_JAM_DISCARD_RESUME
|
Message text |
The number of outgoing packets lost due to network congestion on [STRING] drops below the lower threshold. Threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Threshold. $3: Statistics value. $4: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_OUTPUT_JAM_DISCARD_RESUME: The number of outgoing packets lost due to network congestion on GigabitEthernet1/0/1 drops below the lower threshold. Threshold=99, value=44, interval=10s. |
|
Impact |
N/A |
|
Cause |
The number of outgoing packets dropped due to congestion within the statistics polling interval dropped below the threshold. |
|
Recommended action |
No action is required. |
IFMON_OUTPUT_USAGE_RESUME
|
Message text |
The output bandwidth usage on [STRING] drops below the lower threshold. Upper threshold=[UINT32], lower threshold=[UINT32], usage=[UINT32]. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_OUTPUT_USAGE_RESUME: The output bandwidth usage on GigabitEthernet1/0/1 drops below the lower threshold. Upper threshold=99, lower threshold=22, usage=44. |
|
Impact |
N/A |
|
Cause |
The input bandwidth usage dropped from above the upper threshold to below the lower threshold. |
|
Recommended action |
No action is required. |
IFMON_OUTPUT_USAGE_RISING
|
Message text |
The output bandwidth usage on [STRING] exceeds the upper threshold. Upper threshold=[UINT32], lower threshold=[UINT32], usage=[UINT32]. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_OUTPUT_USAGE_RISING: The output bandwidth usage on GigabitEthernet1/0/1 exceeds the upper threshold. Upper threshold=99, lower threshold=22, usage=44. |
|
Impact |
When the output bandwidth usage reaches about 100%, the service traffic might be delayed or dropped. |
|
Cause |
The output bandwidth usage exceeded the upper threshold. |
|
Recommended action |
Identify whether the upper threshold set on the interface is too low. · If the threshold is too low, execute the port ifmonitor output-usage command to modify the threshold. · If the threshold is set reasonably, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_PKT_DROP_RATE_RECOVER
|
Message text |
The packet drop rate on chassis [UINT32] slot [UINT32] drops below the lower threshold. Threshold=[UINT32], value=[UINT32], interval=[UINT32]s, protocol=[UINT32]. |
|
Variable fields |
$1: Member device ID. $2: Slot number. $3: Threshold. $4: Statistics value. $5: Statistics polling interval. $6: Protocol. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_PKT_DROP_RATE_RECOVER: The packet drop rate on chassis 0 slot 0 drops below the lower threshold. Threshold=99, value=44, interval=10s, protocol=1. |
|
Impact |
N/A |
|
Cause |
The number of packets dropped on a card within the statistics polling interval dropped below the threshold. |
|
Recommended action |
No action is required. |
IFMON_PKT_DROP_RATE_RISING
|
Message text |
The packet drop rate on chassis [UINT32] slot [UINT32] exceeds the upper threshold. Threshold=[UINT32], value=[UINT32], interval=[UINT32]s, protocol=[UINT32]. |
|
Variable fields |
$1: Member device ID. $2: Slot number. $3: Threshold. $4: Statistics value. $5: Statistics polling interval. $6: Protocol. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_PKT_DROP_RATE_RISING: The packet drop rate on chassis 0 slot 0 exceeds the upper threshold. Threshold=99, value=44, interval=10s, protocol=1. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The number of packets dropped on a card within the statistics polling interval exceeded the threshold. |
|
Recommended action |
· If the shutdown keyword is specified when you configure the alarm for the number of packets lost on a card, the system shuts down all interfaces on the card when the number of lost packets on the card exceeds the upper threshold. Then, the card stops forwarding all packets. To recover the interfaces on the card, execute the undo shutdown command on the interfaces. · If the reboot keyword is specified when you configure the alarm for the number of packets lost on a card, the system reboots the card when the number of lost packets on the card exceeds the upper threshold. |
IFMON_PORT_CRC_RATE_EXCEED
|
Message text |
The CRC packet error rate on [STRING] exceeds the upper threshold. Threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Threshold. $3: Statistics value. $4: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_PORT_CRC_RATE_EXCEED: The CRC packet error rate on GigabitEthernet1/0/1 exceeds the upper threshold. Threshold=99, value=44, interval=10s. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The CRC packet error rate within the statistics polling interval is equal to or greater than 1000 pps. |
|
Recommended action |
1. Replace the transceiver module, and then execute the display interface command to identify whether the number of CRC error packets keeps increasing on the interface. 2. Replace the fiber, and then execute the display interface command to identify whether the number of CRC error packets keeps increasing on the interface. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_PORT_ERROR_RATE_EXCEED
|
Message text |
The number of error packets on [STRING] exceeds the upper threshold. Threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Threshold. $3: Statistics value. $4: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_PORT_ERROR_RATE_EXCEED: The number of error packets on GigabitEthernet1/0/1 exceeds the upper threshold. Threshold=99, value=44, interval=10s. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The average packet error rate of CRC error packets, giants, and runts within the statistics polling interval exceeded 1000 pps. |
|
Recommended action |
1. Replace the transceiver module, and then execute the display interface command to identify whether the number of error packets keeps increasing on the interface. 2. Replace the fiber, and then execute the display interface command to identify whether the number of error packets keeps increasing on the interface. 3. Execute the jumboframe enable command to modify the jumbo frame length limit or change the packet length. Then, execute the display interface command to identify whether the number of error packets keeps increasing. 4. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_RX_PAUSE_FRAME_RESUME
|
Message text |
The number of received pause frames on [STRING] drops below the lower threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. $5: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_RX_PAUSE_FRAME_RESUME: The number of received pause frames on GigabitEthernet1/0/1 drops below the lower threshold. Upper threshold=99, lower threshold=22, value=44, interval=10s. |
|
Impact |
N/A |
|
Cause |
The number of received pause frames within the statistics polling interval dropped from above the upper threshold to below the lower threshold. |
|
Recommended action |
No action is required. |
IFMON_RX_PAUSE_FRAME_RISING
|
Message text |
The number of received pause frames on [STRING] exceeds the upper threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. $5: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_RX_PAUSE_FRAME_RISING: The number of received pause frames on GigabitEthernet1/0/1 exceeds the upper threshold. Upper threshold=99, lower threshold=22, value=44, interval=10s. |
|
Impact |
Service traffic might be dropped |
|
Cause |
The number of received pause frame within the statistics polling interval exceeded the upper threshold. Possible reasons are: · The rate of received pause frames exceeds the upper threshold. · Pause frames are received continuously for a long period of time. |
|
Recommended action |
1. Decrease the service traffic received on the peer interface. 2. Identify whether the upper threshold set on the interface is too low. If the threshold is too low, execute the port ifmonitor rx-pause command to modify the threshold. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_SDH_B1_ERROR_RESUME
|
Message text |
The number of SDH-B1 error packets on [STRING] drops below the lower threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. $5: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_SDH_B1_ERROR_RESUME: The number of SDH-B1 error packets on GigabitEthernet1/0/1 drops below the lower threshold. Upper threshold=99, lower threshold=22, value=44, interval=10s. |
|
Impact |
N/A |
|
Cause |
The number of SDH-B1 error packets within the statistics polling interval dropped below the lower threshold. |
|
Recommended action |
No action is required. |
IFMON_SDH_B1_ERROR_RISING
|
Message text |
The number of SDH-B1 error packets on [STRING] exceeds the upper threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. $5: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_SDH_B1_ERROR_RISING: The number of SDH-B1 error packets on GigabitEthernet1/0/1 exceeds the upper threshold. Upper threshold=99, lower threshold=22, value=44, interval=10s. |
|
Impact |
Service traffic might be dropped |
|
Cause |
The number of SDH-B1 error packets within the statistics polling interval exceeded the upper threshold. |
|
Recommended action |
1. Identify whether the link (including optical fiber, transceiver module, transmission device, patch panel, and so on) fails. Replace the faulty components, and verify that the link is connected correctly. Identify whether the log message is cleared. 2. Identify whether the upper threshold set on the interface is too low. If the threshold is too low, execute the port ifmonitor sdh-b1-error command to modify the threshold. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_SDH_B2_ERROR_RESUME
|
Message text |
The number of SDH-B2 error packets on [STRING] drops below the lower threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. $5: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_SDH_B2_ERROR_RESUME: The number of SDH-B2 error packets on GigabitEthernet1/0/1 drops below the lower threshold. Upper threshold=99, lower threshold=22, value=44, interval=10s. |
|
Impact |
N/A |
|
Cause |
The number of SDH-B2 error packets within the statistics polling interval dropped below the lower threshold. |
|
Recommended action |
No action is required. |
IFMON_SDH_B2_ERROR_RISING
|
Message text |
The number of SDH-B2 error packets on [STRING] exceeds the upper threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. $5: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_SDH_B2_ERROR_RISING: The number of SDH-B2 error packets on GigabitEthernet1/0/1 exceeds the upper threshold. Upper threshold=99, lower threshold=22, value=44, interval=10s. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The number of SDH-B2 error packets within the statistics polling interval exceeded the upper threshold. |
|
Recommended action |
1. Identify whether the link (including optical fiber, transceiver module, transmission device, patch panel, and so on) fails. Replace the faulty components, and verify that the link is connected correctly. Identify whether the log message is cleared. 2. Identify whether the upper threshold set on the interface is too low. If the threshold is too low, execute the port ifmonitor sdh-b2-error command to modify the threshold. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_SDH_ERROR_RESUME
|
Message text |
The number of SDH error packets on [STRING] drops below the lower threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. $5: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_SDH_ERROR_RESUME: The number of SDH error packets on GigabitEthernet1/0/1 drops below the lower threshold. Upper threshold=99, lower threshold=22, value=44, interval=10s. |
|
Impact |
N/A |
|
Cause |
The number of SDH error packets within the statistics polling interval dropped from above the upper threshold to below the lower threshold. |
|
Recommended action |
No action is required. |
IFMON_SDH_ERROR_RISING
|
Message text |
The number of SDH error packets on [STRING] exceeds the upper threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. $5: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_SDH_ERROR_RISING: The number of SDH error packets on GigabitEthernet1/0/1 exceeds the upper threshold. Upper threshold=99, lower threshold=22, value=44, interval=10s. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The number of SDH error packets within the statistics polling interval exceeded the upper threshold. Possible reasons are: · The transceiver module fails. · The optical fiber or link fails. |
|
Recommended action |
1. Replace the transceiver module. 2. Replace the optical fiber. 3. Identify whether the upper threshold set on the interface is too low. If the threshold is too low, execute the port ifmonitor sdh-error command to modify the upper threshold. 4. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON_TX_PAUSE_FRAME_RESUME
|
Message text |
The number of sent pause frames on [STRING] drops below the lower threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. $5: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_TX_PAUSE_FRAME_RESUME: The number of sent pause frames on GigabitEthernet1/0/1 drops below the lower threshold. Upper threshold=99, lower threshold=22, value=44, interval=10s. |
|
Impact |
N/A |
|
Cause |
The number of sent pause frames within the statistics polling interval dropped from above the upper threshold to below the lower threshold. |
|
Recommended action |
No action is required. |
IFMON_TX_PAUSE_FRAME_RISING
|
Message text |
The number of sent pause frames on [STRING] exceeds the upper threshold. Upper threshold=[UINT32], lower threshold=[UINT32], value=[UINT32], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold. $3: Lower threshold. $4: Statistics value. $5: Statistics polling interval. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/IFMON_TX_PAUSE_FRAME_RISING: The number of sent pause frames on GigabitEthernet1/0/1 exceeds the upper threshold. Upper threshold=99, lower threshold=22, value=44, interval=10s. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The number of sent pause frame within the statistics polling interval exceeded the upper threshold. Possible reasons are: · The rate of sending pause frames exceeds the upper threshold. · Pause frames are sent continuously for a long period of time. |
|
Recommended action |
1. Decrease the service traffic received on the peer interface. 2. Identify whether the upper threshold set on the interface is too low. If the threshold is too low, execute the port ifmonitor tx-pause command to modify the threshold. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
INPUT_ERROR_RECOVERY
|
Message text |
The number of input error packets dropped below the lower threshold: Interface name=[STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/INPUT_ERROR_RECOVERY: The number of input error packets dropped below the lower threshold: Interface name=GigabitEthernet1/0/1. |
|
Impact |
N/A |
|
Cause |
This message was generated when the number of input error packets within a statistics collection interval dropped below the lower threshold, and this alarm was cleared. |
|
Recommended action |
No action is required. |
INPUT_ERROR_THRESHOLD
|
Message text |
The number of input error packets exceeded the upper threshold: Interface name=[STRING], upper threshold=[UINT32], number of input error packets=[UINT64], interval=[UINT32] s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold for alarms. $3: Number of input error packets within the latest statistics collection interval. $4: Statistics collection and comparison interval for input error packets in seconds. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/INPUT_ERROR_THRESHOLD: The number of input error packets exceeded the upper threshold: Interface name=HundredGigE1/0/1, upper threshold=100, number of input error packets=200, interval=10 s. |
|
Impact |
Service traffic might be dropped |
|
Cause |
This message was generated when the number of input error packets within a statistics collection interval exceeded the upper threshold. Typically, the reason is that the upper threshold is set improperly or data is damaged during transmission and the number of error packets increases. |
|
Recommended action |
· Verify that the upper threshold is set properly. · Verify that the link environment quality is good. |
OUTPUT_ERROR_RECOVERY
|
Message text |
The number of output error packets dropped below the lower threshold: Interface name=[STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/OUTPUT_ERROR_RECOVERY: The number of output error packets dropped below the lower threshold: Interface name=GigabitEthernet1/0/1. |
|
Impact |
N/A |
|
Cause |
This message was generated when the number of output error packets within a statistics collection interval dropped below the lower threshold, and this alarm was cleared. |
|
Recommended action |
No action is required. |
OUTPUT_ERROR_THRESHOLD
|
Message text |
The number of output error packets exceeded the upper threshold: Interface name=[STRING], upper threshold=[UINT32], number of output error packets=[UINT64], interval=[UINT32] s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold for alarms. $3: Number of output error packets within the latest statistics collection interval. $4: Statistics collection and comparison interval for output error packets in seconds. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/OUTPUT_ERROR_THRESHOLD: The number of output error packets exceeded the upper threshold: Interface name=HundredGigE1/0/1, upper threshold=100, number of output error packets=200, interval=10 s. |
|
Impact |
Service traffic might be dropped |
|
Cause |
This message was generated when the number of output error packets within a statistics collection interval exceeded the upper threshold. Typically, the reason is that the upper threshold is set improperly or data is damaged during transmission and the number of error packets increases. |
|
Recommended action |
· Identify whether the upper threshold set on the interface is too low. If the threshold is too low, execute the port ifmonitor output-error command to modify the threshold. · Identify whether the link environment quality is good. · Execute the display interface command to identify whether the Tx power of the transceiver module of the interface that fails is within the normal range. Identify whether the negotiation mode, clock mode, and scrambling mode (link protocol, clock, and scramble) are the same on both ends. If they are different, modify the negotiation mode configuration on both ends to make them consistent. |
IFNET messages
This section contains interface management messages.
IF_BOARD_EGRESS_DROP
|
Message text |
Packet loss occurs on chassis [UINT32] slot [UINT32]. |
|
Variable fields |
$1: Member device ID. $2: Slot number. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_BOARD_EGRESS_DROP: Packet loss occurs on chassis 0 slot 0. |
|
Impact |
The outgoing unicast traffic of a card was dropped. |
|
Cause |
The outgoing unicast traffic of a card was dropped. |
|
Recommended action |
Optimize the network, and adjust the traffic forwarding scheme. |
IF_BOARD_EGRESS_DROP_RECOVER
|
Message text |
Packet loss recovers on chassis [UINT32] slot [UINT32]. |
|
Variable fields |
$1: Member device ID. $2: Slot number. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/ IF_BOARD_EGRESS_DROP_RECOVER: Packet loss recovers on chassis 0 slot 0. |
|
Impact |
N/A |
|
Cause |
The loss of outgoing unicast traffic on a card recovered. |
|
Recommended action |
No action is required. |
IF_BUFFER_CONGESTION_CLEAR
|
Message text |
[STRING] congestion on queue [UINT32] of [STRING] is cleared. [UINT64] packets are discarded. |
|
Variable fields |
$1: Data buffer type: ingress (for receive data buffer) or egress (for transmit data buffer). $2: Queue ID in the range of 0 to 7. $3: Interface name. $4: Number of packets dropped. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/IF_BUFFER_CONGESTION_CLEAR: Ingress congestion on queue 1 of GigabitEthernet1/0/1 is cleared. 1000 packets are discarded. |
|
Impact |
N/A |
|
Cause |
On queue 1 of GigabitEthernet 1/0/1, congestion in the receive data buffer is removed. 1000 packets are dropped. |
|
Recommended action |
No action is required. |
IF_BUFFER_CONGESTION_OCCURRENCE
|
Message text |
[STRING] congestion occurs on queue [INTEGER] of [STRING]. |
|
Variable fields |
$1: Data buffer type: ingress (for receive data buffer) or egress (for transmit data buffer). $2: Queue ID in the range of 0 to 7. $3: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_BUFFER_CONGESTION_OCCURRENCE: Ingress congestion occurs on queue 1 of GigabitEthernet1/0/1. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
On queue 1 of GigabitEthernet 1/0/1, congestion occurs in the receive data buffer. |
|
Recommended action |
Examine the network status. |
IF_BUFFER_IN_DISCARD
|
Message text |
Packets are dropped in the ingress buffer on chassis [UINT32] slot [UINT32]. |
|
Variable fields |
$1: Member device ID. $2: Slot number. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_BUFFER_IN_DISCARD: Packets are dropped in the ingress buffer on chassis 0 slot 0. |
|
Impact |
Traffic in the ingress buffer of a card was dropped. |
|
Cause |
Inbound traffic of a card exceeded the link bandwidth of the switching fabric module. |
|
Recommended action |
Optimize the network, and adjust the traffic forwarding scheme. |
IF_BUFFER_IN_DISCARD_RESUME
|
Message text |
Packet drop in the ingress buffer recovers on chassis [UINT32] slot [UINT32]. |
|
Variable fields |
$1: Member device ID. $2: Slot number. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_BUFFER_IN_DISCARD_RESUME: Packet drop in the ingress buffer recovers on chassis 0 slot 0. |
|
Impact |
N/A |
|
Cause |
Network congestion is relieved within the specified time. |
|
Recommended action |
No action is required. |
IF_CABLE_SNR_ABNORMAL
|
Message text |
The cable SNR on [STRING] is abnormal. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_CABLE_SNR_ABNORMAL: The cable SNR on GigabitEthernet1/0/1 is abnormal. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The network cable quality is poor or signal interference occurs. |
|
Recommended action |
1. Replace the current cable with a higher-quality cable, for example, category 6A cable or shielded cable. 2. Execute the speed or auto speed command to set a lower speed for the multiGE interface. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IF_CABLE_SNR_DETECT_NOTSUPPORT
|
Message text |
The cable SNR on [STRING] cannot be detected. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_CABLE_SNR_DETECT_NOT_SUPPORT: The cable SNR on GigabitEthernet1/0/1 cannot be detected. |
|
Impact |
Service traffic based on of this interface might be dropped. |
|
Cause |
The network cable quality cannot be detected and a multiGE interface in up state goes down. |
|
Recommended action |
1. The network cable quality cannot be detected. Replace the network cable. 2. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IF_CABLE_SNR_NORMAL
|
Message text |
The cable SNR on [STRING] is normal. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_CABLE_SNR_NORMAL: The cable SNR on GigabitEthernet1/0/1 is normal. |
|
Impact |
Service traffic might be dropped |
|
Cause |
The network cable quality is poor or signal interference occurs. |
|
Recommended action |
1. Replace the current cable with a higher-quality cable, for example, category 6A cable or shielded cable. 2. Execute the speed { 100 | 1000 } or auto speed { 100 | 1000 } command to set a lower speed for the multiGE interface. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IF_COMBO_TYPE_CHANGE
|
Message text |
The combo type of [STRING] changes from [UINT32] to [UINT32]. |
|
Variable fields |
$1: Interface name. $2: Combo interface type, which can be copper or fiber. $3: Combo interface type, which can be copper or fiber. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_COMBO_TYPE_CHANGE: The combo type of GigabitEthernet1/0/1 changes from copper to fiber. |
|
Impact |
N/A |
|
Cause |
The combo enable { copper | fiber } command configuration changed. |
|
Recommended action |
No action is required. |
IF_DELETE
|
Message text |
[STRING] is deleted. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_DELETE: GigabitEthernet1/0/1 is deleted. |
|
Impact |
Services that depend on the interface might be impacted. |
|
Cause |
An interface was deleted. |
|
Recommended action |
No action is required. |
IF_EGRESS_DROP
|
Message text |
Packet loss occurs in queue [UINT32] of [STRING]. |
|
Variable fields |
$1: Interface name. $2: ID of the queue where packets were dropped. A queue ID is in the range of 0 to 7. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_EGRESS_DROP: Packet loss occurs in queue 0 of GigabitEthernet1/0/1. |
|
Impact |
Outgoing traffic of a port was dropped. |
|
Cause |
Packets were dropped on a port. |
|
Recommended action |
Optimize the network, and adjust the traffic forwarding scheme. |
IF_EGRESS_DROP_RECOVER
|
Message text |
Packet loss recovers in queue [UINT32] of [STRING]. |
|
Variable fields |
$1: Interface name. $2: ID of the queue where packets were dropped. A queue ID is in the range of 0 to 7. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_EGRESS_DROP_RECOVER: Packet loss recovers in queue 0 of GigabitEthernet1/0/1. |
|
Impact |
N/A |
|
Cause |
Packet drop on a port recovered. |
|
Recommended action |
No action is required. |
IF_ERROR_DOWN
|
Message text |
An error down alarm occurs on [STRING], because of [STRING]. |
|
Variable fields |
$1: Interface name. $2: Reason why the interface went down: · Administratively DOWN—The interface was manually shut down by the administrator. · Storm-Constrain DOWN—The interface went down because of network storms (such as broadcast storm and multicast storm). · PFC-deadlock DOWN—The interface went down because of PFC deadlock. · Link-Flap DOWN—The interface went down because of link flapping protection. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_ERROR_DOWN: An error down alarm occurs on GigabitEthernet1/0/1, because of port down. |
|
Impact |
The interface cannot forward the service traffic. |
|
Cause |
The interface went down. |
|
Recommended action |
Identify whether a physical link is present or whether the link fails. |
IF_ERROR_DOWN_RECOVER
|
Message text |
An error down alarm recovers on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/IF_ERROR_DOWN_RECOVER: An error down alarm recovers on GigabitEthernet1/0/1. |
|
Impact |
No impact on the system. |
|
Cause |
The alarm that an interface went down unexpectedly was cleared. |
|
Recommended action |
No action is required. |
IF_ETHERNET_RX_FLOW_FAILED
|
Message text |
The inbound traffic volume drops below the threshold on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_ETHERNET_RX_FLOW_FAILED: The inbound traffic volume drops below the threshold on GigabitEthernet1/0/1. |
|
Impact |
The traffic suddenly dropped. |
|
Cause |
When an Ethernet interface is up, the inbound traffic of the interface dropped. |
|
Recommended action |
No action is required. |
IF_FLOW_CONTROL_DEADLOCK
|
Message text |
Flow control deadlock occurs on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_FLOW_CONTROL_DEADLOCK: Flow control deadlock occurs on GigabitEthernet1/0/1. |
|
Impact |
An interface cannot forward packets. |
|
Cause |
Possible reasons are: · The port does not forward packets, but receives a large number of pause frames. · The port continuously sends a large number of pause frames, but does not receive packets. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IF_FLOW_CONTROL_DEADLOCK_RESUME
|
Message text |
Flow control deadlock recovers on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_FLOW_CONTROL_DEADLOCK_RESUME: Flow control deadlock recovers on GigabitEthernet1/0/1. |
|
Impact |
N/A |
|
Cause |
Possible reasons are: · A port sends pause frames and receives packets. · A port that does not forward packets also does not receive pause frames. |
|
Recommended action |
No action is required. |
IF_HALF_DUPLEX_CLEAR
|
Message text |
The negotiated half duplex mode on [STRING] is cleared. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_HALF_DUPLEX_CLEAR: The negotiated half duplex mode on GigabitEthernet1/0/1 is cleared. |
|
Impact |
N/A |
|
Cause |
An interface autonegotiated the full duplex mode. |
|
Recommended action |
No action is required. |
IF_HALF_DUPLEX_RISING
|
Message text |
The half duplex mode is negotiated on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_HALF_DUPLEX_RISING: The half duplex mode is negotiated on GigabitEthernet1/0/1. |
|
Impact |
Packets might be lost when an interface operates in half duplex mode |
|
Cause |
An interface operated in half duplex mode. |
|
Recommended action |
Use the duplex full command to configure the interface to operate in full duplex mode. |
IF_INGRESS_AGING_DROP
|
Message text |
Traffic in the ingress buffer of chassis [UINT32] slot [UINT32] is dropped for no schedule. |
|
Variable fields |
$1: Member device ID. $2: Slot number. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_INGRESS_AGING_DROP: Traffic in the ingress buffer of chassis 0 slot 0 is dropped for no schedule. |
|
Impact |
The service traffic of a card is lost. |
|
Cause |
The traffic of high-priority queues exceeded the port bandwidth and thus the packets in low-priority queues cannot be scheduled. |
|
Recommended action |
Optimize the network, and adjust the traffic forwarding scheme. |
IF_INGRESS_AGING_DROP_RESUME
|
Message text |
Traffic in the ingress buffer of chassis [UINT32] slot [UINT32] recovers from drop with no schedule. |
|
Variable fields |
$1: Member device ID. $2: Slot number. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_INGRESS_AGING_DROP_RESUME: Traffic in the ingress buffer of chassis 0 slot 0 recovers from drop with no schedule. |
|
Impact |
N/A |
|
Cause |
Traffic in the ingress buffer of a card restored to be scheduled. |
|
Recommended action |
No action is required. |
IF_JUMBOFRAME_WARN
|
Message text |
The specified size of jumbo frames on the aggregate interface [STRING] is not supported on the member port [STRING]. |
|
Variable fields |
$1: Aggregate interface name. $2: Member port name. |
|
Severity level |
3 (Error) |
|
Example |
IFNET/3/IF_JUMBOFRAME_WARN: -MDC=1-Slot=3; The specified size of jumbo frames on the aggregate interface Bridge-Aggregation1 is not supported on the member port GigabitEthernet1/0/1. |
|
Impact |
The impact on the system depends on the actual situation. |
|
Cause |
Some member ports do not support the jumbo frame size configured on the aggregate interface. |
|
Recommended action |
1. Identify the value ranges for the jumbo frame size supported on member ports. 2. Specify a jumbo frame size supported by member ports for the aggregate interface. |
IF_LINKFLAP_DETECTED
|
Message text |
Link flapping was detected on [STRING]. |
|
Variable fields |
$1: Interface name |
|
Severity level |
3 (Error) |
|
Example |
IFNET/3/IF_LINKFLAP_DETECTED: Link flapping was detected on GigabitEthernet1/0/1. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The number of detected flaps reached or exceeded the link flapping detection threshold during the link flapping detection interval. |
|
Recommended action |
1. Identify whether the cable is frequently plugged and unplugged for the local or peer interface. 2. Execute the port link-flap protect enable command to adjust the link flapping detection interval and the link flapping detection threshold. |
IF_LOCAL_FAULT
|
Message text |
A local fault alarm occurs on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_LOCAL_FAULT: A local fault alarm occurs on GigabitEthernet1/0/1. |
|
Impact |
Service switchover or interruption might occur. |
|
Cause |
The Rx link from the remote end to the local end failed, for example, the Rx fiber was disconnected transiently. |
|
Recommended action |
1. Identify whether the Rx fiber fails. 2. Identify whether the transceiver modules of the local end and remote end fail. 3. Identify whether the interface card of the local end fails. 4. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IF_LOCAL_FAULT_RESUME
|
Message text |
A local fault alarm recovers on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_LOCAL_FAULT_RESUME: A local fault alarm recovers on GigabitEthernet1/0/1. |
|
Impact |
N/A |
|
Cause |
The Rx link from the remote end to the local end recovered. |
|
Recommended action |
No action is required. |
IF_LOOPBACK
|
Message text |
Loopback configuration is issued on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_LOOPBACK: Loopback configuration is issued on GigabitEthernet1/0/1. |
|
Impact |
If a port or channel has services, the services will be interrupted. |
|
Cause |
Loopback configuration was issued on the device. |
|
Recommended action |
Execute the undo loopback command to disable loopback on an Ethernet interface. |
IF_LOOPBACK_RESUME
|
Message text |
Loopback configuration is removed on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_LOOPBACK_RESUME: Loopback configuration is removed on GigabitEthernet1/0/1. |
|
Impact |
N/A |
|
Cause |
Loopback configuration was removed from the device. |
|
Recommended action |
No action is required. |
IF_LOS
|
Message text |
A LOS alarm occurs on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_LOS: A LOS alarm occurs on GigabitEthernet1/0/1. |
|
Impact |
Service switchover or interruption might occur. |
|
Cause |
No optical signal was input for the transceiver module and the Rx signals were lost. Possible reasons are: · The attenuation of the Rx signals is high. · The Tx signals from the remote end do not have a frame structure. · The Rx direction of the local end fails. |
|
Recommended action |
1. If a fiber port fails: · Identify whether the fibers are connected incorrectly (for example, two ports at different speeds are connected), and correct the incorrect connections, if any. Identify whether the log message is cleared. · Identify whether the Rx optical power of the local end is normal on NMS. ¡ If the Rx optical power is too low, clean the optical fiber pigtail and the Rx optical interface on the line card of the local end, identify whether the flange and optical attenuator of the local end are connected correctly, and identify whether the attenuation value of the optical attenuator is too great. Connect the flange and optical attenuator correctly, and identify whether the log message is cleared. ¡ If the Rx optical power is too high, add an optical attenuator. Adjust the Rx optical power to the normal range. Identify whether the log message is cleared. · Identify whether the Tx optical power of the remote end is normal. If the Tx optical power is normal, perform an optical fiber loopback for the line card of the local end. If the alarm is cleared on the local end, it means that the Tx signals from the remote end do not have a frame structure. 2. If a copper port fails: · Identify whether the cable is connected incorrectly (for example, two ports at different speeds are connected), and correct the incorrect connections, if any. Identify whether the log message is cleared. · Verify that the frame format of the remote end is the same as that of the local end. Identify whether the log message is cleared. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IF_LOS_RESUME
|
Message text |
A LOS alarm recovers on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_LOS_RESUME: A LOS alarm recovers on GigabitEthernet1/0/1. |
|
Impact |
N/A |
|
Cause |
An optical signal was input for the transceiver module. |
|
Recommended action |
No action is required. |
IF_LRM_STATE_ABNORMAL
|
Message text |
[STRING] has an unsupported LRM transceiver module inserted. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_LRM_STATE_ABNORMAL: GigabitEthernet 1/0/1 has an unsupported LRM transceiver module inserted. |
|
Impact |
The transceiver module is not available, and the service of the interface is interrupted. |
|
Cause |
An interface has an unsupported LRM transceiver module installed. |
|
Recommended action |
1. Execute the display transceiver command to view the type of the transceiver module installed in the interface. 2. Replace the transceiver module with a non-LRM transceiver module. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IF_MULTI_CHASSIS
|
Message text |
A single-chassis device is changed to a multi-chassis device, and the interface information changes. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_MULTI_CHASSIS: A single-chassis device is changed to a multi-chassis device, and the interface information changes. |
|
Impact |
N/A |
|
Cause |
Interface information changes when a single-chassis device is expanded to a multi-chassis device |
|
Recommended action |
No action is required. |
IF_MULTI_CHASSIS_RESUME
|
Message text |
A multi-chassis device is rolled backed to a single-chassis device, and the interface information changes. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_MULTI_CHASSIS_RESUME: A multi-chassis device is rolled backed to a single-chassis device, and the interface information changes. |
|
Impact |
N/A |
|
Cause |
Interface information changes when a multi-chassis device is rolled back to a single-chassis device. |
|
Recommended action |
No action is required. |
IF_NEGO_FAILED
|
Message text |
Autonegotiation fails on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_NEGO_FAILED: Autonegotiation fails on GigabitEthernet1/0/1. |
|
Impact |
The interface cannot come up, and the link is disconnected. |
|
Cause |
Autonegotiation failed on an interface. |
|
Recommended action |
Identify whether the speed and duplex mode are consistent on both interfaces of a link. |
IF_NEGO_FAILED_RESUME
|
Message text |
Autonegotiation succeeds on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_NEGO_FAILED_RESUME: Autonegotiation succeeds on GigabitEthernet1/0/1. |
|
Impact |
N/A |
|
Cause |
Autonegotiation succeeded on an interface. |
|
Recommended action |
No action is required. |
IF_OUTPUT_ERROR
|
Message text |
The number of outbound error packets exceeds the upper threshold on [STRING] with slot [UINT32] subslot [UINT32]. |
|
Variable fields |
$1: Interface name. $2: Slot number of a card. $3: Slot number of a subcard. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_OUTPUT_ERROR: The number of outbound error packets exceeds the upper threshold on GigabitEthernet1/0/1 with slot 0 subslot 0. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The number of outbound error packets exceeded the upper threshold. |
|
Recommended action |
1. Verify that the optical fiber is firmly installed. Identify whether the log message is cleared. 2. Verify that the physical link is normal. 3. Execute the display interface command to identify whether the Tx power of the transceiver module of the interface that fails is within the normal range. Identify whether the negotiation mode, clock mode, and scrambling mode (link protocol, clock, and scramble) are the same on both ends. If they are different, modify the negotiation mode configuration on both ends to make them consistent. Identify whether the issue is resolved. 4. Identify whether the upper threshold set on the interface is too low. If the threshold is too low, execute the port ifmonitor output-error command to modify the threshold. 5. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IF_OUTPUT_ERROR_RESUME
|
Message text |
The number of outbound error packets drops below the upper threshold on [STRING] with slot [UINT32] subslot [UINT32]. |
|
Variable fields |
$1: Interface name. $2: Slot number of a card. $3: Slot number of a subcard. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_OUTPUT_ERROR_RESUME: The number of outbound error packets drops below the upper threshold on GigabitEthernet1/0/1 with slot 0 subslot 0. |
|
Impact |
N/A |
|
Cause |
The number of output error packets dropped from above the upper threshold to below the upper threshold. |
|
Recommended action |
No action is required. |
IF_PFC_DEADLOCK
|
Message text |
PFC deadlock occurs in queue [UINT32] on [STRING]. |
|
Variable fields |
$1: Message queue ID. $2: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_PFC_DEADLOCK: PFC deadlock occurs in queue 1 on GigabitEthernet1/0/1. |
|
Impact |
Traffic interruption might occur on the network. |
|
Cause |
PFC deadlock occurred. |
|
Recommended action |
1. Execute the display priority-flow-control command to identify the PFC deadlock reasons on the network and optimize the network. If this issue persists on the network, proceed with step 2. 2. Execute the priority-flow-control deadlock cos cos-value interval interval command to adjust the PFC deadlock detection interval to meet the actual network requirements. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IF_PFC_DEADLOCK_RESUME
|
Message text |
PFC deadlock recovers in queue [UINT32] on [STRING]. |
|
Variable fields |
$1: Message queue ID. $2: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_PFC_DEADLOCK_RESUME: PFC deadlock occurs in queue 1 on GigabitEthernet1/0/1. |
|
Impact |
N/A |
|
Cause |
PFC deadlock recovered. |
|
Recommended action |
No action is required. |
IF_PFC_TURN_OFF
|
Message text |
PFC deadlock causes traffic interruption in queue [UINT32] on [STRING]. |
|
Variable fields |
$1: Message queue ID. $2: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_PFC_TURN_OFF: PFC deadlock causes traffic interruption in queue 1 on GigabitEthernet1/0/1. |
|
Impact |
PFC was automatically disabled. |
|
Cause |
The number of PFC deadlock times within a detection period exceeded the threshold for automatically disabling PFC. |
|
Recommended action |
1. Execute the display priority-flow-control command to identify the PFC deadlock reasons on the network and optimize the network. If this issue persists on the network, proceed with step 2. 2. Execute the priority-flow-control deadlock cos cos-value interval interval command to adjust the PFC deadlock detection interval. Execute the priority-flow-control deadlock threshold cos cos-value period period count count command to adjust the number of PFC deadlock times for automatically disabling PFC to meet the actual network requirements. 3. If the PFC deadlock has been removed from the network, first execute the undo priority-flow-control enable command to disable PFC. Then, execute the priority-flow-control enable command to enable PFC on the interface, so that PFC is applied again. 4. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IF_PFC_TURN_OFF_RESUME
|
Message text |
Traffic interruption caused by traffic interruption recovers in queue [UINT32] on [STRING]. |
|
Variable fields |
$1: Message queue ID. $2: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_PFC_TURN_OFF_RESUME: Traffic interruption caused by traffic interruption recovers in queue 1 on GigabitEthernet1/0/1. |
|
Impact |
N/A |
|
Cause |
The number of PFC deadlock times within a detection period dropped below the threshold for automatically disabling PFC. |
|
Recommended action |
No action is required. |
IF_PORT_DOWN
|
Message text |
[STRING] is down. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_PORT_DOWN: GigabitEthernet1/0/1 is down. |
|
Impact |
The interface cannot forward the service traffic. |
|
Cause |
A physical interface went down. |
|
Recommended action |
· Execute the display this command in interface view to identify whether the interfaces on both end are shut down. If the interfaces are shut down, execute the undo shutdown command in interface view to bring them up. · Identify whether the physical connection is normal (for example, whether the network cables or transceiver modules are firmly connected). If the physical connection is abnormal, correctly connect the interfaces. |
IF_PORT_SFP_NOSUPT_SINGLEFIBER
|
Message text |
The transceiver module in [STRING] does not support single-mode fibers. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/ IF_PORT_SFP_NOSUPT_SINGLEFIBER: The transceiver module in GigabitEthernet1/0/1 does not support single-mode fibers. |
|
Impact |
The single-fiber communication function cannot be used on the interface because of the transceiver module inserted into the interface. |
|
Cause |
A transceiver module inserted into an interface does not support single-fiber communication. |
|
Recommended action |
Replace the transceiver module with a transceiver module that supports single-fiber communication. |
IF_PORT_SFP_WORK_ONLY_NON_NEGO
|
Message text |
[STRING] only works in non-negotiation mode. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_PORT_SFP_WORK_ONLY_NON_NEGO: GigabitEthernet1/0/1 only works in non-negotiation mode. |
|
Impact |
After an XGE interface has a GE transceiver module installed, the autonegotiation function of the interface is unavailable. |
|
Cause |
A GE transceiver module installed in an XGE interface can operate only at non-autonegotiated 1000 Mbps and the interconnect interface is manually configured to operate at 1000 Mbps. |
|
Recommended action |
Manually configure the interconnect interface to operate at 1000 Mbps, or replace the transceiver module. |
IF_PORT_UP
|
Message text |
[STRING] is up. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_PORT_UP: GigabitEthernet1/0/1 is up. |
|
Impact |
N/A |
|
Cause |
A physical interface came up on the physical layer. |
|
Recommended action |
No action is required. |
IF_PORTRATE_DEGRADE
|
Message text |
The negotiated port rate degrades on [STRING], rate=[UINT32]. |
|
Variable fields |
$1: Interface name. $2: Interface speed. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_PORTRATE_DEGRADE: The negotiated port rate degrades on GigabitEthernet1/0/1, rate=10. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The negotiated port rate degrades. |
|
Recommended action |
1. Identify whether the link fails. 2. Identify whether the copper port on the peer device fails. |
IF_PORTRATE_DEGRADE_RESUME
|
Message text |
The negotiated port rate recovers on [STRING], rate=[UINT32]. |
|
Variable fields |
$1: Interface name. $2: Interface speed. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/ IF_PORTRATE_DEGRADE_RESUME: The negotiated port rate recovers on GigabitEthernet1/0/1, rate=10. |
|
Impact |
N/A |
|
Cause |
The negotiated port rate recovered. |
|
Recommended action |
No action is required. |
IF_QUEUE
|
Message text |
The usage exceeds the threshold in queue [UINT32] on [STRING], threshold=[UINT32], current value=[UINT32]. |
|
Variable fields |
$1: Message queue ID. $2: Interface name. $3: Usage threshold. $4: Current usage. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_QUEUE: The usage exceeds the threshold in queue 1 on GigabitEthernet1/0/1, threshold=22, current value=10. |
|
Impact |
The impact on the system depends on the actual situation. |
|
Cause |
The usage of a queue on an interface exceeded the usage threshold on the interface. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IF_QUEUE_RESUME
|
Message text |
The usage drops below the threshold in queue [UINT32] on [STRING], threshold=[UINT32], current value=[UINT32]. |
|
Variable fields |
$1: Message queue ID. $2: Interface name. $3: Usage threshold. $4: Current usage. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_QUEUE_RESUME: The usage drops below the threshold in queue 1 on GigabitEthernet1/0/1, threshold=22, current value=10. |
|
Impact |
N/A |
|
Cause |
The usage of a queue on an interface dropped below the threshold. |
|
Recommended action |
No action is required. |
IF_QUEUE_STAT_DISCARD
|
Message text |
The number of dropped objects exceeds the threshold in queue [UINT32] on [STRING], discardType=[STRING], threshold=[UINT32]. |
|
Variable fields |
$1: Message queue ID. $2: Interface name. $3: Packet loss type, which can be the number of lost packets, number of lost bytes, or packet loss ratio. $4: Current threshold. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_STAT_DISCARD: The number of dropped objects exceeds the threshold in queue 1 on GigabitEthernet1/0/1, discardType=discardbyte, threshold=100. |
|
Impact |
Packet loss occurs, and services on the interface might be impacted. |
|
Cause |
The number of dropped packets, the number of dropped bytes, or the packet loss ratio of an interface queue exceeded the threshold. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IF_QUEUE_STAT_DISCARD_RESUME
|
Message text |
The number of dropped objects drops below the threshold in queue [UINT32] on [STRING], discardType=[STRING], threshold=[UINT32]. |
|
Variable fields |
$1: Message queue ID. $2: Interface name. $3: Packet loss type, which can be the number of lost packets, number of lost bytes, or packet loss ratio. $4: Current threshold. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_QUEUE_STAT_DISCARD_RESUME: The number of dropped objects drops below the threshold in queue 1 on GigabitEthernet1/0/1, discardType=discardbyte, threshold=100. |
|
Impact |
N/A |
|
Cause |
The number of dropped packets, the number of dropped bytes, or the packet loss ratio of a port queue dropped below the threshold. |
|
Recommended action |
No action is required. |
IF_RECOVER_OVER_SLOT
|
Message text |
The card in chassis [UINT32] slot [UINT32] starts. |
|
Variable fields |
$1: Member device ID. $2: Slot number. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_RECOVER_OVER_SLOT: The card in chassis 0 slot 0 starts. |
|
Impact |
A card can be used. |
|
Cause |
A card became usable. |
|
Recommended action |
No action is required. |
IF_RECOVER_OVER_SUBSLOT
|
Message text |
The subcard in chassis [UINT32] slot [UINT32] subslot [UINT32] starts. |
|
Variable fields |
$1: Member device ID. $2: Slot number. $2: Subslot number. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_RECOVER_OVER_SUBSLOT: The subcard in chassis 0 slot 0 subslot 0 starts. |
|
Impact |
An interface subcard can be used. |
|
Cause |
An interface subcard became usable. |
|
Recommended action |
No action is required. |
IF_REMOTE_FAULT
|
Message text |
A remote fault alarm occurs on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_REMOTE_FAULT: A remote fault alarm occurs on GigabitEthernet1/0/1. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The Tx link from the local end to the remote end failed. |
|
Recommended action |
1. Identify whether the Tx fiber fails. 2. Identify whether the transceiver modules of the local end and remote end fail. 3. Identify whether the interface card of the remote end fails. 4. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IF_REMOTE_FAULT_RESUME
|
Message text |
A remote fault alarm recovers on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_REMOTE_FAULT_RESUME: A remote fault alarm recovers on GigabitEthernet1/0/1. |
|
Impact |
N/A |
|
Cause |
The Tx link from the local end to the remote end recovered. |
|
Recommended action |
No action is required. |
IF_RX_FLOW_FAILED_RESUME
|
Message text |
The inbound traffic volume increases to the normal range on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_RX_FLOW_FAILED_RESUME: The inbound traffic volume increases to the normal range on GigabitEthernet1/0/1. |
|
Impact |
N/A |
|
Cause |
The inbound traffic of an Ethernet interface increased to the normal range. |
|
Recommended action |
No action is required. |
IF_TX_FLOW_FAILED
|
Message text |
The outbound traffic volume drops below the threshold on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_TX_FLOW_FAILED: The outbound traffic volume drops below the threshold on GigabitEthernet1/0/1. |
|
Impact |
The traffic suddenly dropped. |
|
Cause |
When an Ethernet interface was up, the outbound traffic of the interface dropped. |
|
Recommended action |
No action is required. |
IF_TX_FLOW_FAILED_RESUME
|
Message text |
The outbound traffic volume increases to the normal range on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_TX_FLOW_FAILED_RESUME: The outbound traffic volume increases to the normal range on GigabitEthernet1/0/1. |
|
Impact |
N/A |
|
Cause |
The outbound traffic of an Ethernet interface increased to the normal range. |
|
Recommended action |
No action is required. |
INTERFACE_NOTSUPPRESSED
|
Message text |
Interface [STRING] is not suppressed. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
IFNET/6/INTERFACE_NOTSUPPRESSED: Interface Ethernet0/0/0 is not suppressed. |
|
Impact |
N/A |
|
Cause |
The interface changed from suppressed state to unsuppressed state. When the interface is unsuppressed, the upper-layer services can detect the physical state changes of the interface. |
|
Recommended action |
No action is required. |
INTERFACE_SUPPRESSED
|
Message text |
Interface [STRING] was suppressed. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/INTERFACE_SUPPRESSED: Interface Ethernet0/0/0 was suppressed. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The interface was suppressed because its state frequently changed. When the interface is suppressed, the upper-layer services cannot detect the physical state changes of the interface. |
|
Recommended action |
1. Check whether the network cable of the interface or peer interface is frequently plugged and unplugged. 2. Configure physical state change suppression to adjust the suppression parameters. |
LINK_UPDOWN
|
Message text |
Line protocol state on the interface [STRING] changed to [STRING]. |
|
Variable fields |
$1: Interface name. $2: State of link layer protocol, which can be up or down. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/LINK_UPDOWN: Line protocol state on the interface Ethernet0/0 changed to down. |
|
Impact |
If the physical link status of the interface becomes down, it will be unable to forward the traffic. If the physical link status of the interface becomes up, there will be no impact on the system. |
|
Cause |
The link layer protocol state changed on an interface. |
|
Recommended action |
When the link layer protocol state of an interface is down, use the display interface command to display the link layer protocol state and locate the reason for which the link layer protocol state changed to down on the interface. |
PFC_WARNING
|
Message text |
On interface [STRING], the rate of [STRING] PFC packets of 802.1p priority [INTEGER] exceeded the PFC early-warning threshold [INTEGER] pps. The current rate is [INTEGER]. |
|
Variable fields |
$1: Interface name. $2: Alarm direction, which can be input or output. $3: 802.1p priority. $4: Rate threshold at which the interface receives or sends PFC frames, in pps. $5: Rate at which the interface receives or sends PFC frames, in pps. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/PFC_WARNING: On interface GigabitEthernet1/0/1, the rate of input PFC packets of 802.1p priority 1 exceeded the PFC early-warning threshold 50 pps. The current rate is 60. |
|
Impact |
PFC packets might be dropped. |
|
Cause |
The rate at which the interface receives or sends PFC frames reaches the early-warning threshold. |
|
Recommended action |
No action is required. |
PHY_UPDOWN
|
Message text |
Physical state on the interface [STRING] changed to [STRING]. |
|
Variable fields |
$1: Interface name. $2: Link state, which can be up or down. |
|
Severity level |
3 (Error) |
|
Example |
IFNET/3/PHY_UPDOWN: Physical state on the Ethernet0/0 changed to down. |
|
Impact |
If the physical status of the interface becomes down, it will be unable to forward the traffic. If the physical status of the interface becomes up, there will be no impact on the system. |
|
Cause |
The physical state changed on an interface. |
|
Recommended action |
When the interface is physically down, check whether a physical link is present or whether the link fails. |
PROTOCOL_UPDOWN
|
Message text |
Protocol [STRING] state on the interface [STRING] changed to [STRING]. |
|
Variable fields |
$1: Protocol name. $2: Interface name. $3: Protocol state, which can be up or down. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/PROTOCOL_UPDOWN: Protocol IPX state on the interface Ethernet6/4/1 changed to up. |
|
Impact |
If the protocol status of the interface becomes down, it will be unable to forward the traffic. If the protocol status of the interface becomes up, there will be no impact on the system. |
|
Cause |
The state of a protocol has been changed on an interface. |
|
Recommended action |
When the state of a network layer protocol is down, check the network layer protocol configuration. |
STORM_CONSTRAIN_BELOW
|
Message text |
[STRING] is in controlled status, [STRING] flux falls below its lower threshold [STRING]. |
|
Variable fields |
$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Lower suppression threshold: · lowerlimit% · lowerlimit pps · lowerlimit kbps |
|
Severity level |
1 (Alert) |
|
Example |
IFNET/1/STORM_CONSTRAIN_BELOW: GigabitEthernet1/0/1 is in controlled status, BC flux falls below its lower threshold 90%. |
|
Impact |
N/A |
|
Cause |
The port is in controlled state. Any type of traffic on the port drops below the lower threshold from above the upper threshold. |
|
Recommended action |
No action is required. |
STORM_CONSTRAIN_CONTROLLED
|
Message text |
[STRING] turned into controlled status, port status is controlled, packet type is [STRING], upper threshold is [STRING]. |
|
Variable fields |
$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Upper suppression threshold: · upperlimit% · upperlimit pps · upperlimit kbps |
|
Severity level |
1 (Alert) |
|
Example |
IFNET/1/STORM_CONSTRAIN_CONTROLLED: GigabitEthernet1/0/1 turned into controlled status, port status is controlled, packet type is BC, upper threshold is 90%. |
|
Impact |
Packets of the specified type might be lost, or the interface might be shut down. |
|
Cause |
The port is in controlled state. Any type of traffic on the port exceeds the upper threshold. |
|
Recommended action |
No action is required. |
STORM_CONSTRAIN_EXCEED
|
Message text |
[STRING] is in controlled status, [STRING] flux exceeds its upper threshold [STRING]. |
|
Variable fields |
$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Upper suppression threshold: · upperlimit% · upperlimit pps · upperlimit kbps |
|
Severity level |
1 (Alert) |
|
Example |
IFNET/1/STORM_CONSTRAIN_EXCEED: GigabitEthernet1/0/1 is in controlled status, BC flux exceeds its upper threshold 90%. |
|
Impact |
Packets of the specified type might be lost, or the interface might be shut down. |
|
Cause |
The port is in controlled state. Any type of traffic on the port drops below the lower threshold from above the upper threshold. |
|
Recommended action |
No action is required. |
STORM_CONSTRAIN_NORMAL
|
Message text |
[STRING] returned to normal status, port status is [STRING], packet type is [STRING], lower threshold is [STRING]. |
|
Variable fields |
$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Lower suppression threshold: · lowerlimit% · lowerlimit pps · lowerlimit kbps |
|
Severity level |
1 (Alert) |
|
Example |
IFNET/1/STORM_CONSTRAIN_NORMAL: GigabitEthernet1/0/1 returned to normal status, port status is normal, packet type is BC, lower threshold is 10%. |
|
Impact |
N/A |
|
Cause |
The port is in normal state. Any type of traffic on the port drops below the lower threshold from above the upper threshold. |
|
Recommended action |
No action is required. |
TUNNEL_LINK_UPDOWN
|
Message text |
Line protocol state on the interface [STRING] changed to [STRING]. |
|
Variable fields |
$1: Interface name. $2: Protocol state, which can be up or down. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/TUNNEL_LINK_UPDOWN: Line protocol state on the interface Tunnel1 changed to down. |
|
Impact |
The impact on the system depends on the actual situation. |
|
Cause |
The state of a link layer protocol has been changed on a tunnel interface. |
|
Recommended action |
When the link layer protocol state of a tunnel interface is down, use the display interface command to display the link layer protocol state and locate the reason for which the link layer protocol state changed to down on the tunnel interface. |
TUNNEL_PHY_UPDOWN
|
Message text |
Physical state on the interface [STRING] changed to [STRING]. |
|
Variable fields |
$1: Interface name. $2: Protocol state, which can be up or down. |
|
Severity level |
3 (Error) |
|
Example |
IFNET/3/TUNNEL_PHY_UPDOWN: Physical state on the Tunnel1 changed to down. |
|
Impact |
The impact on the system depends on the actual situation. |
|
Cause |
The state of a link layer protocol has been changed on a tunnel interface. |
|
Recommended action |
When the physical state of a link layer protocol is down, check whether a physical link is present or whether the link fails. |
VLAN_MODE_CHANGE
|
Message text |
Dynamic VLAN [INT32] has changed to a static VLAN. |
|
Variable fields |
$1: VLAN ID. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/VLAN_MODE_CHANGE: Dynamic VLAN 20 has changed to a static VLAN. |
|
Impact |
N/A |
|
Cause |
Creating a VLAN interface for a VLAN cause the dynamic VLAN to become a static VLAN. |
|
Recommended action |
No action is required. |
IKE messages
This section contains IKE messages.
IKE_P1_SA_ESTABLISH_FAIL
|
Message text |
Failed to establish phase 1 SA for the reason of [STRING]. The SA's source address is [STRING], and its destination address is [STRING]. |
|
Variable fields |
$1: Reason for the failure: ¡ No matching proposal. ¡ Invalid ID information. ¡ Unavailable certificate. ¡ Unsupported DOI. ¡ Unsupported situation. ¡ Invalid proposal syntax. ¡ Invalid SPI. ¡ Invalid protocol ID. ¡ Invalid certificate. ¡ Authentication failure. ¡ Invalid message header. ¡ Invalid transform ID. ¡ Malformed payload. ¡ Retransmission timeout. ¡ Incorrect configuration. $2: Source address. $3: Destination address. |
|
Severity level |
6 |
|
Example |
IKE/6/IKE_P1_SA_ESTABLISH_FAIL: Failed to establish phase 1 SA for the reason of no matching proposal. The SA’s source address is 1.1.1.1 and its destination address is 2.2.2.2. |
|
Explanation |
An IKE SA cannot be established in phase 1. The failure reason is displayed. |
|
Recommended action |
Check the IKE configuration on the local and remote devices. |
IKE_P2_SA_ESTABLISH_FAIL
|
Message text |
Failed to establish phase 2 SA for the reason of [STRING]. The SA's source address is [STRING], and its destination address is [STRING]. |
|
Variable fields |
$1: Reason for the failure: ¡ Invalid key information. ¡ Invalid ID information. ¡ Unavailable proposal. ¡ Unsupported DOI. ¡ Unsupported situation. ¡ Invalid proposal syntax. ¡ Invalid SPI. ¡ Invalid protocol ID. ¡ Invalid hash information. ¡ Invalid message header. ¡ Malformed payload. ¡ Retransmission timeout. ¡ Incorrect configuration. $2: Source address. $3: Destination address. |
|
Severity level |
6 |
|
Example |
IKE/6/IKE_P2_SA_ESTABLISH_FAIL: Failed to establish phase 2 SA for the reason of invalid key information. The SA’s source address is 1.1.1.1, and its destination address is 2.2.2.2. |
|
Explanation |
An IPsec SA cannot be established in phase 2. The failure reason is displayed. |
|
Recommended action |
Check the IKE and IPsec configurations on the local and remote devices. |
IKE_P2_SA_TERMINATE
|
Message text |
The IKE phase 2 SA was deleted for the reason of [STRING]. The SA's source address is [STRING], and its destination address is [STRING]. |
|
Variable fields |
$1: Reason that the SA is deleted, which is SA expiration. $2: Source address. $3: Destination address. |
|
Severity level |
6 |
|
Example |
IKE/6/IKE_P2_SA_TERMINATE: The IKE phase 2 SA was deleted for the reason of SA expiration. The SA’s source address is 1.1.1.1, and its destination address is 2.2.2.2. |
|
Explanation |
An IPsec SA is deleted in phase 2 because it expires. |
|
Recommended action |
No action is required. |
IKE_VERIFY_CERT_FAIL
|
Message text |
Failed to verify the peer certificate. Reason: [STRING]. |
|
Variable fields |
$1: Failure reason: ¡ Unable to get issuer certificate. ¡ Unable to get certificate CRL. ¡ Unable to decrypt CRL's signature. ¡ Unable to decode issuer public key. ¡ Certificate signature failure. ¡ CRL signature failure. ¡ Unable to decrypt certificate's signature. ¡ Certificate is not yet valid. ¡ Certificate has expired. ¡ CRL is not yet valid. ¡ CRL has expired. ¡ Format error in certificate's notBefore field. ¡ Format error in certificate's notAfter field. ¡ Format error in CRL's lastUpdate field. ¡ Format error in CRL's nextUpdate field. ¡ Out of memory. ¡ Self signed certificate. ¡ Self signed certificate in certificate chain. ¡ Unable to get local issuer certificate. ¡ Unable to verify the first certificate. ¡ Certificate chain too long. ¡ Certificate revoked. ¡ Invalid CA certificate. ¡ Invalid non-CA certificate (has CA markings). ¡ Path length constraint exceeded. ¡ Proxy path length constraint exceeded. ¡ Proxy certificates not allowed, please set the appropriate flag. ¡ Unsupported certificate purpose. ¡ Certificate not trusted. ¡ Certificate rejected. ¡ Application verification failure. ¡ Subject issuer mismatch. ¡ Authority and subject key identifier mismatch. ¡ Authority and issuer serial number mismatch. ¡ Key usage does not include certificate signing. ¡ Unable to get CRL issuer certificate. ¡ Unhandled critical extension. ¡ Key usage does not include CRL signing. ¡ Key usage does not include digital signature. ¡ Unhandled critical CRL extension. ¡ Invalid or inconsistent certificate extension. ¡ Invalid or inconsistent certificate policy extension. ¡ No explicit policy. ¡ Different CRL scope. ¡ Unsupported extension feature. ¡ RFC 3779 resource not subset of parent's resources. ¡ Permitted subtree violation. ¡ Excluded subtree violation. ¡ Name constraints minimum and maximum not supported. ¡ Unsupported name constraint type. ¡ CRL path validation error. ¡ Unsupported or invalid name syntax. ¡ Unsupported or invalid name constraint syntax. ¡ Suite B: certificate version invalid. ¡ Suite B: invalid public key algorithm. ¡ Suite B: invalid ECC curve. ¡ Suite B: invalid signature algorithm. ¡ Suite B: curve not allowed for this LOS. ¡ Suite B: cannot sign P-384 with P-256. ¡ Hostname mismatch. ¡ Email address mismatch. ¡ IP address mismatch. ¡ Invalid certificate verification context. ¡ Issuer certificate lookup error. ¡ Proxy subject name violation. ¡ Absence of basicConstraints extension. ¡ Failure to establish revocation status. |
|
Severity level |
6 |
|
Example |
IKE/6/IKE_VERIFY_CERT_FAIL: Failed to verify the peer certificate. Reason: invalid or inconsistent certificate extension. |
|
Explanation |
Failed to verify a peer certificate. The reason for the failure is displayed. |
|
Recommended action |
Troubleshoot the issue according to the failure reason. |
IMA
This section contains Integrity Measurements Architecture (IMA) messages.
IMA_ALLOCATE_FAILED
|
Message text |
Failed to allocate resource for file [STRING]. |
|
Variable fields |
$1: Name of the file of which you want to measure the integrity. |
|
Severity level |
4 (Warning) |
|
Example |
IMA/4/IMA_ALLOCATE_FAILED: Failed to allocate resource for file /sbin/tcsmd. |
|
Impact |
The trust status of the file became untrusted. |
|
Cause |
IMA failed to allocate resources to the specified file. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IMA_DATA_ERROR
|
Can't collect data of file [STRING]. |
|
|
Variable fields |
$1: Name of the file of which you want to measure the integrity. |
|
Severity level |
4 (Warning) |
|
Example |
IMA/4/IMA_DATA_ERROR: Can't collect data of file /sbin/tcsmd. |
|
Impact |
The trust status of the file became untrusted. |
|
Cause |
Possible causes include the following: · IMA failed to open the specified file or failed to read data from the file. · IMA failed to compute the hash value of the file. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IMA_FILE_HASH_FAILED
|
Message text |
Hash value of file [STRING] is not consistent with that in the RM file. |
|
Variable fields |
$1: Name of the file of which you want to measure the integrity. |
|
Severity level |
4 (Warning) |
|
Example |
IMA/4/IMA_FILE_HASH_FAILED: Hash value of file /sbin/tcsmd is not consistent with that in the RM file. |
|
Impact |
The trust status of the file became untrusted. |
|
Cause |
The computed hash value of the specified file is different from the hash value of the file stored in the RM file. The specified file is not trustworthy. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IMA_RM_FILE_MISS
|
Message text |
File [STRING] is missing in the RM file. |
|
Variable fields |
$1: Name of the file of which you want to measure the integrity. |
|
Severity level |
4 (Warning) |
|
Example |
IMA/4/IMA_RM_FILE_MISS: File /sbin/tcsmd is missing in the RM file. |
|
Impact |
The trust status of the file became untrusted. |
|
Cause |
IMA did not find information about the specified file in the RM file. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IMA_RM_HASH_MISS
|
Message text |
Hash value of file [STRING] is missing in the RM file. |
|
Variable fields |
$1: Name of the file of which you want to measure the integrity. |
|
Severity level |
4 (Warning) |
|
Example |
IMA/4/IMA_RM_HASH_MISS: Hash value of file /sbin/tcsmd is missing in the RM file. |
|
Impact |
The trust status of the file became untrusted. |
|
Cause |
IMA did not find the hash value of the specified file in the RM file. The hash algorithm used for integrity measurement of the specified file might not be supported in the RM. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IMA_TEMPLATE_ERROR
|
Message text |
Failed to extend template hash value of file [STRING] to the PCR. |
|
Variable fields |
$1: Name of the file of which you want to measure the integrity. |
|
Severity level |
4 (Warning) |
|
Example |
IMA/4/IMA_TEMPLATE_ERROR: Failed to extend template hash value of file /sbin/tcsmd to the PCR. |
|
Impact |
The trust status of the file became untrusted. |
|
Cause |
IMA failed to extend the template hash value of the specified file to the PCRs. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
iNOF
This section contains Intelligent Lossless NVMe Over Fabric (iNOF) messages.
INOF_ADD_HOST
|
Message text |
The iNOF host is created from the [STRING] device, host’s IP is [STRING], port name is [STRING]. |
|
Variable fields |
$1: Device type: · Local—The host is connected to the local device. · Remote—The host is connected to a remote device. $2: IP address of the host. $3: If the device type is local, this field displays the host-facing port on the local device. If the device type is remote, this field displays the reflector-facing port on the local device. |
|
Severity level |
5 |
|
Example |
INOF/5/INOF_ADD_HOST: The iNOF host is created from the local device, host’s IP is 1.1.1.1, port name is GE0/0/1. |
|
Explanation |
This message is generated when iNOF detects an iNOF host online event. |
|
Recommended action |
No action is required. |
INOF_DELETE_HOST
|
Message text |
The iNOF host is deleted from the [STRING] device, because of [STRING], host’s IP is [STRING], port name is [STRING]. |
|
Variable fields |
$1: Device type: · Local—The host is connected to the local device. · Remote—The host is connected to a remote device. $2: Reason for the host offline event: · link down · pfc deadlock · network malfunction · zone configuration changes · endpoint configuration changes · lldp aged out · unknown $3: IP address of the host. $4: If the device type is local, this field displays the host-facing port on the local device. If the device type is remote, this field displays the reflector-facing port on the local device. |
|
Severity level |
5 |
|
Example |
INOF/5/INOF_DELETE_HOST: The iNOF host is deleted from the local device, because of link down. host’s IP is 1.1.1.1, port name is GE0/0/1. |
|
Explanation |
This message is generated when iNOF detects an iNOF host offline event. |
|
Recommended action |
Perform a troubleshooting based on the reason for the host offline event as follows: · link down—Check the link between the host and the iNOF switch to which the host is connected. · pfc deadlock—Check the state of PFC. · network malfunction—Check the network condition. · zone configuration changes—Check the iNOF zone configuration. · endpoint configuration changes—Check the host configuration. · lldp aged out—Use the display lldp status command to check the LLDP state of the device. |
INOF_LICENSE_ACTIVE
|
Message text |
The license for the iNOF feature is activated and the iNOF service will run normally. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
INOF/5/INOF_LICENSE_ACTIVE: The license for the iNOF feature is activated and the iNOF service will run normally. |
|
Explanation |
The iNOF license has been activated and the iNOF service will run normally. |
|
Recommended action |
No action is required. |
INOF_LICENSE_EXPIRE
|
Message text |
The license for the iNOF feature will expire in [UINT32] days. |
|
Variable fields |
$1: Remaining lifetime of the iNOF license. The value range is 1 to 30 days. |
|
Severity level |
5 |
|
Example |
INOF/5/INOF_LICENSE_EXPIRE: The license for the iNOF feature will expire in 5 days. |
|
Explanation |
The iNOF license will expire in some days. |
|
Recommended action |
Install a new iNOF license before the current iNOF license expires. |
INOF_NO_LICENSE
|
Message text |
The iNOF feature is disabled, because its license has expired or has been uninstalled. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
INOF/4/INOF_NO_LICENSE: The iNOF feature is disabled, because its license has expired or has been uninstalled. |
|
Explanation |
The iNOF feature is disabled, because its license has expired or has been uninstalled. |
|
Recommended action |
Install an iNOF license as soon as possible. |
iNQA
This section contains Intelligent Network Quality Analyzer (iNQA) messages.
INQA_BWD_LOSS_EXCEED
|
Message text |
Packet loss rate of the backward flow in instance [UINT] exceeded the upper limit. |
|
Variable fields |
$1: Instance ID. |
|
Severity level |
5 |
|
Example |
INQA/5/INQA_BWD_LOSS_EXCEED: Packet loss rate of the backward flow in instance 1 exceeded the upper limit. |
|
Explanation |
The message is sent when the packet loss rate of the backward flow exceeds the upper limit. |
|
Recommended action |
Examine the network and verify the physical connections are correct. |
INQA_BWD_LOSS_RECOV
|
Message text |
Packet loss rate of the backward flow in instance [UINT] recovered. |
|
Variable fields |
$1: Instance ID. |
|
Severity level |
6 |
|
Example |
INQA/6/INQA_BWD_LOSS_RECOV: Packet loss rate of the backward flow in instance 1 recovered. |
|
Explanation |
The message is sent when the packet loss rate of the backward flow drops down below the upper limit. |
|
Recommended action |
N/A |
INQA_DEBUG_FAIL
|
Message text |
Setting debugging switch to drive failed. |
|
Severity level |
5 |
|
Example |
INQA/5/INQA_DEBUG_FAIL: Setting debugging switch to drive failed. |
|
Explanation |
This message is sent when the system fails to set iNQA debugging switch to drive. |
|
Recommended action |
Delete the iNQA debugging switch setting and reconfigure the debugging. |
INQA_FLAG_DIFF
|
Message text |
Flags of collectors bound with the analyzer instance [UINT] are inconsistent. |
|
Variable fields |
$1: ID of the analyzer instance. |
|
Severity level |
5 |
|
Example |
INQA/5/INQA_FLAG_DIFF: Flags of collectors bound with the analyzer instance 1 are inconsistent. |
|
Explanation |
This message is sent when iNQA detects that the flag bit settings on the collectors bound to analyzer instance 1 are inconsistent. |
|
Recommended action |
Verify that the same flag bit is set on all collectors that are bound to the analyzer instance. |
INQA_FLAG_FAIL
|
Message text |
Setting coloring bit to drive failed. |
|
Severity level |
5 |
|
Example |
INQA/5/INQA_FLAG_FAIL: Setting coloring bit to drive failed. |
|
Explanation |
This message is sent when the system fails to set the color bit setting to the drive. |
|
Recommended action |
1. Use the display qos-acl resource command to verify that the ACL resources are sufficient. 2. If the resources are not sufficient, delete unnecessary ACLs and reconfigure the instance. |
INQA_FLOW_DIFF
|
Message text |
Flows of collectors bound with the analyzer instance [UINT] are inconsistent. |
|
Variable fields |
$1: ID of the analyzer instance. |
|
Severity level |
5 |
|
Example |
INQA/5/INQA_FLOW_DIFF: Flows of collectors bound with the analyzer instance 1 are inconsistent. |
|
Explanation |
This message is sent when iNQA detects that the target flows in statistics packets reported by the collectors bound to analyzer instance 1 are inconsistent. |
|
Recommended action |
Verify that the same target flow is defined on all collectors that are bound to the analyzer instance. |
INQA_FWD_LOSS_EXCEED
|
Message text |
Packet loss rate of the forward flow in instance [UINT] exceeded the upper limit. |
|
Variable fields |
$1: Instance ID. |
|
Severity level |
5 |
|
Example |
INQA/5/INQA_FWD_LOSS_EXCEED: Packet loss rate of the forward flow in instance 1 exceeded the upper limit. |
|
Explanation |
The message is sent when the packet loss rate of the forward flow exceeds the upper limit. |
|
Recommended action |
Examine the network and verify the physical connections are correct. |
INQA_FWD_LOSS_RECOV
|
Message text |
Packet loss rate of the forward flow in instance [UINT] recovered. |
|
Variable fields |
$1: Instance ID. |
|
Severity level |
6 |
|
Example |
INQA/6/INQA_FWD_LOSS_RECOV: Packet loss rate of the forward flow in instance 1 recovered. |
|
Explanation |
The message is sent when the packet loss rate of the forward flow drops down below the upper limit. |
|
Recommended action |
N/A |
INQA_INIT_ERROR
|
Message text |
Failed to issue the configuration of instance [UINT] to drive because the MPs in the instance are mutually exclusive. |
|
Variable fields |
$1: Instance ID. |
|
Severity level |
5 |
|
Example |
INQA/5/INQA_INIT_ERROR: Failed to issue the configuration of instance 1 to drive because the MPs in the instance are mutually exclusive. |
|
Explanation |
The message is sent when the system fails to issue the instance configuration to drive because the MPs in the instance are mutually exclusive. |
|
Recommended action |
Check the instance configuration and delete the conflicted configuration. |
INQA_INST_FAIL
|
Message text |
Setting instance [UINT] information to drive failed. |
|
Variable fields |
$1: Instance ID. |
|
Severity level |
5 |
|
Example |
INQA/5/INQA_INST_FAIL: Setting instance 1 information to drive failed. |
|
Explanation |
This message is sent when the system fails to send the instance configuration to the drive. |
|
Recommended action |
1. Use the display qos-acl resource command to verify that the ACL resources are sufficient. 2. If the resources are not sufficient, delete unnecessary ACLs and reconfigure the instance. |
INQA_INTVL_DIFF
|
Message text |
Intervals of collectors bound with analyzer instance [UINT] are inconsistent. |
|
Variable fields |
$1: ID of the analyzer instance. |
|
Severity level |
5 |
|
Example |
INQA/5/INQA_INTVL_DIFF: Intervals of collectors bound with analyzer instance 1 are inconsistent. |
|
Explanation |
This message is sent when iNQA detects that the measurement intervals in statistics packets reported by the collectors bound to analyzer instance 1 are inconsistent. |
|
Recommended action |
Verify that the same measurement intervals are configured on all collectors that are bound to the analyzer instance. |
INQA_MP_NOIF
|
Message text |
No statistics on MP [UINT]. Reason: [TEXT]. |
|
Variable fields |
$1: MP ID. $2: Failure reason: · The MP does not bound to any interface. · The interface bound with the MP does not exist. |
|
Severity level |
5 |
|
Example |
INQA/5/INQA_MP_NOIF: No statistics on MP 1. Reason: The MP does not bound to any interface. |
|
Explanation |
No statistics on the MP because the MP does not bound to any interface. |
|
Recommended action |
Bind the MP to an interface and make sure the interface can transmit and receive packets normally. |
INQA_NO_RESOURCE
|
Message text |
Failed to configure instance [UINT] due to insufficient resources. |
|
Variable fields |
$1: ID of the instance. |
|
Severity level |
5 |
|
Example |
INQA/5/INQA_NO_RESOURCE: Failed to configure instance 1 due to insufficient resources. |
|
Explanation |
This message is sent when iNQA fails to configure an instance due to insufficient ACL resources. |
|
Recommended action |
Release ACL resources by deleting unused iNQA instances or unused ACL resources, and then configure the instance. |
INQA_NO_SUPPORT
|
Message text |
iNQA is not supported in this slot. |
|
Severity level |
5 |
|
Example |
INQA/5/INQA_NO_SUPPORT: iNQA is not supported in this slot. |
|
Explanation |
This message is sent when the specified slot does not support iNQA. |
|
Recommended action |
Install an iNQA-capable module in the slot or switch the traffic for iNQA measurement to another slot that supports iNQA. |
INQA_SMOOTH_BEGIN_FAIL
|
Message text |
Setting smoothing beginning to kernel failed. |
|
Severity level |
5 |
|
Example |
INQA/5/INQA_SMOOTH_BEGIN_FAIL: Setting smoothing beginning to the kernel failed. |
|
Explanation |
This message is sent when iNQA fails to notify the kernel of the start of the smooth. |
|
Recommended action |
Please contact H3C support. |
INQA_SMOOTH_END_FAIL
|
Message text |
Setting smoothing ending to kernel failed. |
|
Severity level |
5 |
|
Example |
INQA/5/INQA_SMOOTH_END_FAIL: Setting smoothing ending to kernel failed. |
|
Explanation |
This message is sent when iNQA fails to notify the kernel of the end of the smooth. |
|
Recommended action |
Please contact H3C support. |
IP6ADDR
This section contains IPv6 addressing messages.
IP6ADDR_CREATEADDRESS_ERROR
|
Message text |
Failed to create an address by the prefix. Reason: [STRING] on [STRING] and [STRING] on [STRING] overlap. |
|
Variable fields |
$1: IPv6 prefix $2: Interface name. $3: IPv6 prefix $4: Interface name. |
|
Severity level |
4 |
|
Example |
IP6ADDR/4/IP6ADDR_CREATEADDRESS_ERROR: Failed to create an address by the prefix. Reason: 2001::/ 64 on GigabitEthernet1/0/2 and 2001::/64 on GigabitEthernet1/0/1 overlap. |
|
Explanation |
The device failed to generate an IPv6 address for an interface by using the prefix because the prefixes overlapped on this interface and another interface. |
|
Recommended action |
Cancel the IPv6 address configuration on the conflicting interface and configure the interface to generate an IPv6 address by using a different prefix. |
IP6ADDR_CREATEADDRESS_INVALID
|
Message text |
Can't configure the unspecified address or loopback address on [STRING] by using a prefix with all zeros. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
IP6ADDR/4/IP6ADDR_CREATEADDRESS_INVALID: Can't configure the unspecified address or loopback address on GigabitEthernet1/0/1 by using a prefix with all zeros. |
|
Explanation |
This message is sent when you use the ipv6 prefix command to configure an all-zero IPv6 prefix and then specify this prefix in the ipv6 address prefix-number command to configure an unspecified or loopback IPv6 address for an interface. Interfaces do not support the unspecified or loopback IPv6 address. |
|
Recommended action |
Cancel the configuration and reconfigure an IPv6 address for the interface. |
IP6ADDR_FUNCTION_FAIL
|
Message text |
Failed to enable IPv6 on interface [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: Interface name. $2: Failure reasons: ¡ Insufficient resources. ¡ IPv6 is not supported. ¡ Unknown error. |
|
Severity level |
6 |
|
Example |
IP6ADDR/6/IP6ADDR_FUNCTION_FAIL: Failed to enable IPv6 on interface GigabitEthernet1/0/1. Reason: Insufficient resources. |
|
Explanation |
This message is sent when the device failed to enable IPv6 on an interface during the stateful or stateless IPv6 address autoconfiguration or manual IPv6 address assignment. |
|
Recommended action |
· If the failure is caused by insufficient resources, release memory and then execute the operation again. · If the failure is caused by an unknown error, please contact H3C Support. |
IP6FW
This section contains IPv6 forwarding messages.
IPv6_MTU_SET_DRV_NOT_SUPPORT
|
Message text |
The operation is not supported to set driver IPv6 interface MTU: interface is [STRING], MTU is [UINT32]. |
|
Variable fields |
$1: Interface name. $2: MTU value. |
|
Severity level |
5 |
|
Example |
IP6FW/5/IPv6_MTU_SET_DRV_NOT_SUPPORT: The operation is not supported to set driver IPv6 interface MTU: interface is GigabitEthernet1/0/1, MTU is 1400. |
|
Explanation |
The device does not support sending the interface MTU setting for IPv6 packets to the driver. |
|
Recommended action |
· If the device uses hardware for forwarding, no action is required. The device does not support setting the interface MTU for IPv6 packets. · If the device uses software for forwarding, please contact H3C Support. |
IPADDR messages
This section contains IP addressing messages.
IPADDR_HA_EVENT_ERROR
|
Message text |
A process failed HA upgrade because [STRING]. |
|
Variable fields |
$1: HA upgrade failure reason: · IPADDR failed the smooth upgrade. · IPADDR failed to reupgrade to the master process. · IPADDR stopped to restart the timer. · IPADDR failed to upgrade to the master process. · IPADDR failed to restart the upgrade. · IPADDR failed to add the unicast object to the master task epoll. · IPADDR failed to create an unicast object. · IPADDR role switchover failed when the standby process switched to the master process. · IPADDR switchover failed when the master process switched to the standby process. · IPADDR HA upgrade failed. · IPADDR failed to set the interface filtering criteria. · IPADDR failed to register interface events. · IPADDR failed to subscribe port events. · IPADDR failed to add a VPN port event to the master epoll. · IRDP failed to open DBM. · IRDP failed to initiate a connection to the device management module. · IRDP failed to add the master task epoll with the handle used to connect to the device management module. · IRDP failed to register device management events. · IRDP failed to subscribe port events. · IRDP failed to add the master task epoll with the handle used to subscribe port events. · IRDP failed to set the interface filtering criteria. · IRDP failed to register interface events. · IRDP failed to register network events. · IRDP failed to create the interface control block storage handle. · IRDP failed to create the timer. · IRDP failed to add the master task epoll with the handle used to create the timer. · IRDP failed to set the schedule time for the timer. · IRDP failed to set the timer to unblocked status. · IRDP failed to create a timer instance. |
|
Severity level |
4 |
|
Example |
IPADDR/4/IPADDR_HA_EVENT_ERROR: A process failed HA upgrade because IPADDR failed the smooth upgrade. |
|
Explanation |
A process failed HA upgrade and the message showed the failure reason. |
|
Recommended action |
Please contact H3C Support. |
IPADDR_HA_STOP_EVENT
|
Message text |
The device received an HA stop event. |
|
Variable fields |
None. |
|
Severity level |
4 |
|
Example |
IPADDR/4/IPADDR_HA_STOP_EVENT: The device received an HA stop event. |
|
Explanation |
This message is sent when the device receives an HA stop event. |
|
Recommended action |
Please contact H3C Support. |
IPCC
This section contains IPCC messages.
IPCC_LICENSE_ACTIVE
|
Message text |
The IPCC license has been activated and the IPCC feature is available. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
IPCC/5/IPCC_LICENSE_ACTIVE: The IPCC license has been activated and the IPCC feature is available. |
|
Explanation |
The license for the IPCC feature has been activated. The IPCC is going to take effect soon. |
|
Recommended action |
None. |
IPCC_LICENSE_EXPIRE
|
Message text |
The IPCC license will expire in [UINT32] days. |
|
Variable fields |
$1: Number of days, in the range of 1 to 30. |
|
Severity level |
5 |
|
Example |
IPCC/5/IPCC_LICENSE_EXPIRE: The IPCC license will expire in 5 days. |
|
Explanation |
The license of the IPCC feature will expire in the specified number of days. |
|
Recommended action |
Install a new license. |
IPCC_NO_LICENSE
|
Message text |
The IPCC feature is not available, because the IPCC license has expired or has been uninstalled. |
|
Variable fields |
N/A. |
|
Severity level |
4 |
|
Example |
IPCC/4/IPCC_NO_LICENSE: The IPCC feature is not available, because the IPCC license has expired or has been uninstalled. |
|
Explanation |
The IPCC feature becomes unavailable because the license for the IPCC feature has expired or has been installed. |
|
Recommended action |
Install a new license. |
IPFW
This section contains IP forwarding messages.
IPFW_ECMPTHRES_DRV_NOT_SUPPORT
|
Message text |
Setting ECMP FIR thresholds is not supported. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
IPFW/5/IPFW_ECMPTHRES_DRV_NOT_SUPPORT: Setting ECMP FIR thresholds is not supported. |
|
Explanation |
The device does not support configuring the bandwidth usage upper and lower thresholds for the main link in ECMP FIR mode. |
|
Recommended action |
Please contact H3C Support. |
IPFW_FAILURE
|
Message text |
The card doesn't support the split horizon forwarding configuration. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
IPFW/5/IPFW_FAILURE: -MDC=1; The card doesn't support the split horizon forwarding configuration. |
|
Explanation |
The card doesn't support the split horizon forwarding configuration. |
|
Recommended action |
1. Make sure the card on which you configure split horizon forwarding supports this feature. 2. Please contact H3C Support. |
|
Message text |
Failed to configure split horizon forwarding on the card. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
IPFW/5/IPFW_FAILURE: -MDC=1; Failed to configure split horizon forwarding on the card. |
|
Explanation |
Failed to configure split horizon forwarding on the card. |
|
Recommended action |
Please contact H3C Support. |
IPFW_SETTING_FAILED_PACKETDROP
|
Message text |
Failed to enable packet-drop statistics. Error code: [STRING]. |
|
Variable fields |
$1: Error code: ¡ 0x40010001—Incorrect issuing to the driver. ¡ 0x40010008—Not supported by the driver. ¡ 0x4001000b—Insufficient driver resources. ¡ 0x20010002—Incorrect driver parameters. |
|
Severity level |
6 |
|
Example |
IPFW/6/IPFW_SETTING_FAILED_PACKETDROP: Failed to enable packet-drop statistics. Error code: 0x40010001 |
|
Explanation |
Failed to enable packet-drop statistics collection. |
|
Recommended action |
Please contact H3C Support. |
IPv4_MTU_SET_DRV_NOT_SUPPORT
|
Message text |
The operation is not supported to set driver IPv4 interface MTU: interface is [STRING], MTU is [UINT32]. |
|
Variable fields |
$1: Interface name. $2: MTU value. |
|
Severity level |
5 |
|
Example |
IPFW/5/IPv4_MTU_SET_DRV_NOT_SUPPORT: The operation is not supported to set driver IPv4 interface MTU: interface is GigabitEthernet1/0/1, MTU is 1400. |
|
Explanation |
The device does not support sending the interface MTU setting for IPv4 packets to the driver. |
|
Recommended action |
· If the device uses hardware for forwarding, no action is required. The device does not support setting the interface MTU for IPv4 packets. · If the device uses software for forwarding, please contact H3C Support. |
IPSEC messages
This section contains IPsec messages.
IPSEC_FAILED_ADD_FLOW_TABLE
|
Message text |
Failed to add flow-table due to [STRING]. |
|
Variable fields |
$1: Reason for the failure. |
|
Severity level |
4 |
|
Example |
IPSEC/4/IPSEC_FAILED_ADD_FLOW_TABLE: Failed to add flow-table due to no enough resource. |
|
Explanation |
Failed to add the flow table. Possible reasons include not enough hardware resources. |
|
Recommended action |
If the failure is caused by not enough hardware resources, contact H3C Support. |
IPSEC_PACKET_DISCARDED
|
Message text |
IPsec packet discarded, Src IP:[STRING], Dst IP:[STRING], SPI:[UINT32], SN:[UINT32], Cause:[STRING]. |
|
Variable fields |
$1: Source IP address. $2: Destination IP address. $3: Security parameter index (SPI). $4: Sequence number of the packet. $5: Reason for dropping this packet: · Anti-replay checking failed. · AH authentication failed. · ESP authentication failed. · Invalid SA. · ESP decryption failed. · Source address of packet does not match the SA. · No ACL rule matched. |
|
Severity level |
6 |
|
Example |
IPSEC/6/IPSEC_PACKET_DISCARDED: IPsec packet discarded, Src IP:1.1.1.2, Dest IP:1.1.1.4, SPI:1002, SN:0, Cause:ah authentication failed |
|
Explanation |
An IPsec packet is dropped. Possible reasons include anti-replay checking failed, AH/ESP authentication failed, invalid SA, ESP decryption failed, source address of packet does not match the SA, and no ACL rule matched. |
|
Recommended action |
No action is required. |
IPSEC_SA_ESTABLISH
|
Message text |
Established IPsec SA. The SA's source address is [STRING], destination address is [STRING], protocol is [STRING], and SPI is [UINT32]. |
|
Variable fields |
$1: Source address. $2: Destination address. $3: Security protocol. $4: SPI. |
|
Severity level |
6 |
|
Example |
IPSEC/6/IPSEC_SA_ESTABLISH: Established IPsec SA. The SA's source address is 1.1.1.1, destination address is 2.2.2.2, protocol is AH, and SPI is 2435. |
|
Explanation |
An IPsec SA is established. |
|
Recommended action |
No action is required. |
IPSEC_SA_ESTABLISH_FAIL
|
Message text |
Failed to establish IPsec SA for the reason of [STRING]. The SA's source address is [STRING], and its destination address is [STRING]. |
|
Variable fields |
$1: Reason for the IPsec SA establishment failure: · Tunnel establishment failure. · Incomplete configuration. · Unavailable transform set. $2: Source address. $3: Destination address. |
|
Severity level |
6 |
|
Example |
IPSEC/6/IPSEC_SA_ESTABLISH_FAIL: Failed to establish IPsec SA for the reason of creating tunnel failure. The SA’s source address is 1.1.1.1, and its destination address is 2.2.2.2. |
|
Explanation |
Failed to establish the IPsec SA. Possible reasons include creating tunnel failure, incomplete configuration, and unavailable transform set. |
|
Recommended action |
Verify the IPsec configurations on the local and remote devices. |
IPSEC_SA_INITINATION
|
Message text |
Began to establish IPsec SA. The SA's source address is [STRING], and its destination address is [STRING]. |
|
Variable fields |
$1: Source address. $2: Destination address. |
|
Severity level |
6 |
|
Example |
IPSEC/6/IPSEC_SA_INITINATION: Began to establish IPsec SA. The SA's source address is 1.1.1.1, and its destination address is 2.2.2.2. |
|
Explanation |
An IPsec SA is to be established. |
|
Recommended action |
No action is required. |
IPSEC_SA_TERMINATE
|
Message text |
The IPsec SA was deleted for the reason of [STRING]. The SA's source address is [STRING], destination address is [STRING], protocol is [STRING], and SPI is [UINT32]. |
|
Variable fields |
$1: Reason for the IPsec SA removal: · SA idle timeout. · reset command executed. $2: Source address. $3: Destination address. $4: Security protocol. $5: SPI. |
|
Severity level |
6 |
|
Example |
IPSEC/6/IPSEC_SA_TERMINATE: The IPsec SA was deleted for the reason of SA idle timeout. The SA’s source address is 1.1.1.1, destination address is 2.2.2.2, protocol is ESP, and SPI is 34563. |
|
Explanation |
An IPsec SA is deleted. Possible reasons include SA idle timeout and using the reset command. |
|
Recommended action |
No action is required. |
IPSG messages
This section contains IPSG messages.
IPSG_ADDENTRY_ERROR
|
Message text |
Failed to add an IP source guard binding on interface [STRING]: IP=[STRING], MAC=[STRING], VLAN=[UINT16]. Reason: [STRING]. |
|
Variable fields |
$1: Interface name. If no interface is specified, this field displays N/A. $2: IPv4 address or IPv6 address. If no IP address is specified, this field displays N/A. $3: MAC address. If no MAC address is specified, this field displays N/A. $4: VLAN ID. If no VLAN ID is specified, this field displays 65535. $5: Failure reasons. Available options include: ¡ Feature not supported. ¡ Resources not sufficient. ¡ Maximum number of IPv4 binding entries already reached. ¡ Maximum number of IPv6 binding entries already reached. ¡ Unknown error. |
|
Severity level |
6 (Informational) |
|
Example |
IPSG/6/IPSG_ADDENTRY_ERROR: Failed to add an IP source guard binding on interface Vlan-interface1: IP=1.1.1.1, MAC=0001-0001-0001, VLAN=1. Reason: Resources not sufficient. |
|
Impact |
This issue will affect normal service running. |
|
Cause |
See the failure reason displayed in this message. |
|
Recommended action |
To resolve the issue: · Check whether the device supports the IPSG feature. If IPSG is not supported, output of this message is normal. No action is required. · Disable unnecessary services to release hardware resources when the failure is caused by insufficient hardware resources. · Delete unnecessary binding entries to release ACL resources for IPSG binding if the failure is caused by maximum IPv4 or IPv6 binding entries being reached. · If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG_ADDEXCLUDEDVLAN_ERROR
|
Message text |
Failed to add excluded VLANs (VLAN [UINT16] to VLAN [UINT16]). Reason: [STRING]. |
|
Variable fields |
$1: Start VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $2: End VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $3: Failure reasons. Available options include: · Feature not supported. · Resources not sufficient. · Unknown error. |
|
Severity level |
6 (Informational) |
|
Example |
IPSG/6/IPSG_ADDEXCLUDEDVLAN_ERROR: -MDC=1-Slot=4; Failed to add excluded VLANs (VLAN 1 to VLAN 5). Reason: Resources not sufficient. |
|
Impact |
The system will not permit the packets that match the VLANs excluded from IPSG filtering. |
|
Cause |
See the failure reason displayed in this message. |
|
Recommended action |
To resolve the issue: · Check whether the device supports the IPSG feature. If IPSG is not supported, output of this message is normal. No action is required. · Disable unnecessary services to release hardware resources when the failure is caused by insufficient hardware resources. · If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG_ARP_LOCALMAC_CONFLICT
|
Message text |
MAC conflict exists between an ARP entry and a local entry: IP=[STRING], VPN=[STRING], ARPMAC=[STRING], LocalMAC=[STRING]. |
|
Variable fields |
$1: IP address. $2: VPN instance name. $3: MAC address in the ARP entry. $4: MAC address in the local IPSG binding. |
|
Severity level |
5 (Notification) |
|
Example |
IPSG/5/IPSG_ARP_LOCALMAC_CONFLICT: MAC conflict exists between an ARP entry and a local entry: IP=1.1.1.1, VPN=1, ARPMAC=0008-0008-0008, LocalMAC=0008-0008-0009. |
|
Impact |
This issue will affect normal service running. |
|
Cause |
This message is sent when an ARP entry and a local IPSG binding have the same IP address but different MAC addresses. |
|
Recommended action |
To resolve the issue: · Identify the host for which the device learns the ARP entry according to the information displayed in this message, and then determine whether the host is an attacker. If yes, clear the attack. · If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG_ARP_REMOTEMAC_CONFLICT
|
Message text |
MAC conflict exists between an ARP entry and a remote entry: IP=[STRING], VPN=[STRING], ARPMAC=[STRING], RemoteMAC=[STRING]. |
|
Variable fields |
$1: IP address. $2: VPN instance name. $3: MAC address in the ARP entry. $4: MAC address in the remote IPSG binding. |
|
Severity level |
5 (Notification) |
|
Example |
IPSG/5/IPSG_ARP_REMOTEMAC_CONFLICT: MAC conflict exists between an ARP entry and a remote entry: IP=1.1.1.1, VPN=1, ARPMAC=0008-0008-0008, RemoteMAC=0008-0008-0009. |
|
Impact |
If caused by user roaming, this issue has no negative impact on services. If caused by an ARP attack, this issue will affect normal service running. |
|
Cause |
Such a MAC address conflict occurs under one of the following situations: · An ARP attacker exists in the network. The device has learned an ARP entry for an illegal user, which has the same IP address as a remote IPSG binding but a different MAC address from the binding. · A user uses the same IP address but a different MAC address when roaming from a remote device to the local device. |
|
Recommended action |
Verify the reason that such a MAC address conflict occurs. · If it is caused by user roaming, no action is required. · If it is caused by ARP attack, identify the host for which the device learns the ARP entry and clear the ARP attack. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG_DELENTRY_ERROR
|
Message text |
Failed to delete an IP source guard binding on interface [STRING]: IP=[STRING], MAC=[STRING], VLAN=[UINT16]. Reason: [STRING]. |
|
Variable fields |
$1: Interface name. If you do not specify an interface, this field displays N/A. $2: IP address. If you do not specify an IP address, this field displays N/A. $3: MAC address. If you do not specify a MAC address, this field displays N/A. $4: VLAN ID. If you do not specify a VLAN, this field displays 65535. $5: Failure reason. Available options include: · Feature not supported. · Unknown error. |
|
Severity level |
6 (Informational) |
|
Example |
IPSG/6/IPSG_DELENTRY_ERROR: Failed to delete an IP source guard binding on interface Vlan-interface1: IP=1.1.1.1, MAC=0001-0001-0001, VLAN=1. Reason: Unknown error. |
|
Impact |
The system can still use this binding to filter packets. |
|
Cause |
See the failure reason displayed in this message. |
|
Recommended action |
To resolve the issue: · Check whether the device supports the IPSG feature. If IPSG is not supported, output of this message is normal. No action is required. · If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG_DELEXCLUDEDVLAN_ERROR
|
Message text |
Failed to delete excluded VLANs (VLAN [UINT16] to VLAN [UINT16]). Reason: [STRING]. |
|
Variable fields |
$1: Start VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $2: End VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $3: Failure reasons. Available options include: · Feature not supported. · Resources not sufficient. · Unknown error. |
|
Severity level |
6 (Informational) |
|
Example |
IPSG/6/IPSG_DELEXCLUDEDVLAN_ERROR: -MDC=1-Slot=4; Failed to delete excluded VLANs (VLAN 1 to VLAN 5). Reason: Resources not sufficient. |
|
Impact |
The system will still permit the packets that match these VLANs. |
|
Cause |
See the failure reason displayed in this message. |
|
Recommended action |
To resolve the issue: · Check whether the device supports the IPSG feature. If IPSG is not supported, output of this message is normal. No action is required. · Disable unnecessary services to release hardware resources when the failure is caused by insufficient hardware resources. · If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG_IPV4_ALARMCLEAR
|
Message text |
The packet dropping rate on [STRING] dropped below [UINT32] pps. |
|
Variable fields |
$1: Interface name. $2: IPv4SG alarm threshold. |
|
Severity level |
4 (Warning) |
|
Example |
IPSG/4/IPSG_IPV4_ALARMCLEAR: The packet dropping rate on GigabitEthernet1/0/1 dropped below 100 pps. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is sent when IPv4SG alarming is enabled on an interface and the packet dropping rate on the interface drops below the IPv4SG alarm threshold. |
|
Recommended action |
No action is required. |
IPSG_IPV4_ALARMEMERGE
|
Message text |
The packet dropping rate on [STRING] reached or exceeded [UINT32] pps. |
|
Variable fields |
$1: Interface name. $2: IPv4SG alarm threshold. |
|
Severity level |
4 (Warning) |
|
Example |
IPSG/4/IPSG_IPV4_ALARMEMERGE: The packet dropping rate on GigabitEthernet1/0/1 reached or exceeded 100 pps. |
|
Impact |
This message indicates that the device might under attack. If the attack traffic is large, it will occupy too many system resources, causing service interruptions. |
|
Cause |
This message is sent when IPv4SG alarming is enabled on an interface and the packet dropping rate on the interface exceeds or reaches the IPv4SG alarm threshold. |
|
Recommended action |
To resolve the issue: 1. Use the display ip source binding command in any view to view IPv4SG bindings, and then use port mirroring to capture packets received on the interface. ¡ If the interface has received a large number of packets that do not match the IPv4SG bindings on the interface, it can be determined that the interface is under attack. Identify the attack source and clear the attack as needed. ¡ If the interface does not receive a large number of packets that do not match the IPv4SG bindings, the interface is not under attack. You can use the ip verify source alarm command to adjust the IPv4SG alarm threshold or configure static IPv4SG bindings to allow valid user packets to pass. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG_IPV4_VLAN_ALARMCLEAR
|
Message text |
The packet dropping rate in VLAN [UINT16] dropped below [UINT32] pps. |
|
Variable fields |
$1: VLAN ID. $2: IPv4SG alarm threshold. |
|
Severity level |
4 (Warning) |
|
Example |
IPSG/4/IPSG_IPV4_VLAN_ALARMCLEAR: The packet dropping rate in VLAN 10 dropped below 100 pps. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is sent when the packet dropping rate in a VLAN enabled with IPv4SG alarming drops below the IPv4SG alarm threshold. |
|
Recommended action |
No action is required. |
IPSG_IPV4_VLAN_ALARMEMERGE
|
Message text |
The packet dropping rate in VLAN [UINT16] reached or exceeded [UINT32] pps. |
|
Variable fields |
$1: VLAN ID. $2: IPv4SG alarm threshold. |
|
Severity level |
4 (Warning) |
|
Example |
IPSG/4/IPSG_IPV4_VLAN_ALARMEMERGE: The packet dropping rate in VLAN 10 reached or exceeded 100 pps. |
|
Impact |
This message indicates that the device might under attack. If the attack traffic is large, it will occupy too many system resources, causing service interruptions. |
|
Cause |
This message is sent when the packet dropping rate in a VLAN enabled with IPv4SG alarming exceeds or reaches the IPv4SG alarm threshold. |
|
Recommended action |
To resolve the issue: 1. Use the display ip source binding command in any view to view the IPv4SG bindings, and use port mirroring to capture packets received in the VLAN. ¡ If the VLAN receives a large number of packets that do not match the IPv4SG bindings, it can be determined that the VLAN is under attack. Identify the attack source and clear the attack as needed. ¡ If the VLAN does not receive a large number of mismatching packets, it can be determined that the VLAN is not under attack. Use the ip verify source alarm command to adjust the alarm threshold or configure static IPv4SG bindings to allow valid packets to pass. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG_IPV6_ALARMCLEAR
|
Message text |
The packet dropping rate on [STRING] dropped below [UINT32] pps. |
|
Variable fields |
$1: Interface name. $2: IPv6SG alarm threshold. |
|
Severity level |
4 (Warning) |
|
Example |
IPSG/4/IPSG_IPV6_ALARMCLEAR: The packet dropping rate on GigabitEthernet1/0/1 dropped below 100 pps. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is sent when IPv6SG alarming is enabled on an interface and the packet dropping rate on the interface drops below the IPv6SG alarm threshold. |
|
Recommended action |
No action is required. |
IPSG_IPV6_ALARMEMERGE
|
Message text |
The packet dropping rate on [STRING] reached or exceeded [UINT32] pps. |
|
Variable fields |
$1: Interface name. $2: IPv6SG alarm threshold. |
|
Severity level |
4 (Warning) |
|
Example |
IPSG/4/IPSG_IPV6_ALARMEMERGE: The packet dropping rate on GigabitEthernet1/0/1 reached or exceeded 100 pps. |
|
Impact |
This message indicates that the device might be under attack. If the attack traffic is large, it will occupy too many system resources, causing service interruptions. |
|
Cause |
This message is sent when IPv6SG alarming is enabled on an interface and the packet dropping rate on the interface exceeds or reaches the IPv6SG alarm threshold. |
|
Recommended action |
To resolve the issue: 1. Use the display ipv6 source binding command in any view to view IPv6SG bindings, and then use port mirroring to capture packets received on the interface. ¡ If the interface has received a large number of packets that do not match the IPv6SG bindings on the interface, it can be determined that the interface is under attack. Identify the attack source and clear the attack as needed. ¡ If the interface does not receive a large number of packets that do not match the IPv6SG bindings, the interface is not under attack. You can use the ipv6 verify source alarm command to adjust the IPv4SG alarm threshold or configure static IPv6SG bindings to allow valid user packets to pass. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG_IPV6_VLAN_ALARMCLEAR
|
Message text |
The packet dropping rate in VLAN [UINT16] dropped below [UINT32] pps. |
|
Variable fields |
$1: VLAN ID. $2: IPv6SG alarm threshold. |
|
Severity level |
4 (Warning) |
|
Example |
IPSG/4/IPSG_IPV6_VLAN_ALARMCLEAR: The packet dropping rate in VLAN 10 dropped below 100 pps. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is sent when the packet dropping rate in a VLAN enabled with IPv6SG alarming drops below the IPv6SG alarm threshold. |
|
Recommended action |
No action is required. |
IPSG_IPV6_VLAN_ALARMEMERGE
|
Message text |
The packet dropping rate in VLAN [UINT16] reached or exceeded [UINT32] pps. |
|
Variable fields |
$1: VLAN ID. $2: IPv6SG alarm threshold. |
|
Severity level |
4 (Warning) |
|
Example |
IPSG/4/IPSG_IPV6_VLAN_ALARMEMERGE: The packet dropping rate in VLAN 10 reached or exceeded 100 pps. |
|
Impact |
This message indicates that the device might be under attack. If the attack traffic is large, it will occupy too many system resources, causing service interruptions. |
|
Cause |
This message is sent when the packet dropping rate in a VLAN enabled with IPv6SG alarming exceeds or reaches the IPv6SG alarm threshold. |
|
Recommended action |
To resolve the issue: 1. Use the display ipv6 source binding command in any view to view the IPv6SG bindings, and use port mirroring to capture packets received in the VLAN. ¡ If the VLAN receives a large number of packets that do not match the IPv6SG bindings, it can be determined that the VLAN is under attack. Identify the attack source and clear the attack as needed. ¡ If the VLAN does not receive a large number of mismatching packets, it can be determined that the VLAN is not under attack. Use the ipv6 verify source alarm command to adjust the alarm threshold or configure static IPv6SG bindings to allow valid packets to pass 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG_MAC_CONFLICT
|
Message text |
MAC conflict exists between a local entry and a remote entry: IP=[STRING], VPN=[STRING], LocalMAC=[STRING], RemoteMAC=[STRING]. |
|
Variable fields |
$1: IP address. $2: VPN instance name. $3: MAC address in the local IPSG binding. $4: MAC address in the remote IPSG binding. |
|
Severity level |
5 (Notification) |
|
Example |
IPSG/5/IPSG_MAC_CONFLICT: MAC conflict exists between a local entry and a remote entry: IP=1.1.1.1, VPN=1, LocalMAC=0008-0008-0008, RemoteMAC=0008-0008-0009. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is sent when a local IPSG binding and a remote IPSG binding have the same IP address but different MAC addresses. |
|
Recommended action |
No action is required. |
IPSG_ND_LOCALMAC_CONFLICT
|
Message text |
MAC conflict exists between an ND entry and a local entry: IPv6=[STRING], VPN=[STRING], NDMAC=[STRING], LocalMAC=[STRING]. |
|
Variable fields |
$1: IP address. $2: VPN instance name. $3: MAC address in the ND entry. $4: MAC address in the local IPSG binding. |
|
Severity level |
5 (Notification) |
|
Example |
IPSG/5/IPSG_ND_LOCALMAC_CONFLICT: MAC conflict exists between an ND entry and a local entry: IPv6=1::1, VPN=1, NDMAC=0008-0008-0008, LocalMAC=0008-0008-0009. |
|
Impact |
This issue will affect normal service running. |
|
Cause |
This message is sent when an ND entry and a local IPSG binding have the same IP address but different MAC addresses. |
|
Recommended action |
To resolve the issue: · Identify the host for which the device learns the ND entry according to the information displayed in this message, and then determine whether the host is an attacker. If yes, clear the attack. · If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG_ND_REMOTEMAC_CONFLICT
|
Message text |
MAC conflict exists between an ND entry and a remote entry: IPv6=[STRING], VPN=[STRING], NDMAC=[STRING], RemoteMAC=[STRING]. |
|
Variable fields |
$1: IP address. $2: VPN instance name. $3: MAC address in the ND entry. $4: MAC address in the remote IPSG binding. |
|
Severity level |
5 (Notification) |
|
Example |
IPSG/5/IPSG_ND_REMOTEMAC_CONFLICT: MAC conflict exists between an ND entry and a remote entry: IPv6=1::1, VPN=1, NDMAC=0008-0008-0008, RemoteMAC=0008-0008-0009. |
|
Impact |
If caused by user roaming, this issue has no negative impact on services. If caused by an ARP attack, this issue will affect normal service running. |
|
Cause |
Such a MAC address conflict occurs under one of the following situations: · An ND attacker exists in the network. The device has learned an ND entry for an illegal user, which has the same IPv6 address as a remote IPv6SG binding but a different MAC address from the binding. · A user uses the same IPv6 address but a different MAC address when roaming from a remote device to the local device. |
|
Recommended action |
Verify the reason that such a MAC address conflict occurs. · If it is caused by user roaming, no action is required. · If it is caused by ND attack, identify the host for which the device learns the ND entry and clear the ND attack. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSGT messages
This section contains IPSGT messages.
IPSGT_CRITICAL_MAPPINGS_MAXIMUM
|
Message text |
The number of critical mappings reaches the upper limit. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
IPSGT/4/IPSGT_CRITICAL_MAPPINGS_MAXIMUM: The number of critical mappings reaches the upper limit. |
|
Explanation |
This message is generated when the number of stored fail-permit IP-SGT mapping entries reaches the upper limit. When the upper limit is reached, the device does not store any more new fail-permit IP-SGT mapping entries. In this case, the newly-generated fail-permit traffic is sent to CPU for software forwarding. Too much traffic might cause a high CPU usage. You can use the ipsgt max-critical-map command to change the upper limit. |
|
Recommended action |
Execute the display current-configuration | include max-critical-map command to view the maximum supported value for storing fail-permit IP-SGT mapping entries: · If the value is too small, re-configure the upper limit. · If the value is reasonable and a large number of fail-permit users are still coming online, the system might be under a packet attack. Collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
IRDP messages
This section contains IRDP messages.
IRDP_EXCEED_ADVADDR_LIMIT
|
Message text |
The number of advertisement addresses on interface [STRING] exceeded the limit 255. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
IRDP/6/IRDP_EXCEED_ADVADDR_LIMIT: The number of advertisement addresses on interface Ethernet1/1/0/2 exceeded the limit 255. |
|
Explanation |
The number of addresses to be advertised on an interface exceeds the upper limit. |
|
Recommended action |
Remove unused addresses on the interface. |
IRF
This section contains IRF messages.
IRF_LINK_BLOCK
|
Message text |
IRF port went blocked. |
|
Variable fields |
N/A |
|
Severity level |
2 (Critical) |
|
Example |
IRF/2/IRF_LINK_BLOCK: IRF port went blocked. |
|
Impact |
The device cannot form an IRF fabric with other devices. |
|
Cause |
This message is generated on a device when it attempts to join an IRF fabric, but its member ID conflicts with the member ID of an existing member device in the IRF fabric. A blocked IRF port cannot forward data packets, but it can send and receive IRF protocol packets. |
|
Recommended action |
To resolve the issue: 1. Log in to the device, and then execute the display irf command to obtain the member ID of the device. If the member ID of the device is the same as that of an existing member device, use the irf member renumber command to assign a unique member ID to the device, and then reboot the device. 2. If the issue persists, collect alarm information and configuration data, and then contact Technical Support for help. |
IRF_LINK_DOWN
|
Message text |
IRF port went down. |
|
Variable fields |
N/A |
|
Severity level |
3 (Error) |
|
Example |
IRF/3/IRF_LINK_DOWN: IRF port went down. |
|
Impact |
This issue causes the device to leave the IRF fabric. |
|
Cause |
All network interfaces bound to the IRF port went down. |
|
Recommended action |
Log in to the local device, and then execute the display irf link command to obtain the IRF network interfaces used on the device. Perform the following tasks based on the IRF network interfaces: 1. Execute the display device command on the remote member device to identify whether the remote member device is running correctly. If it is not running correctly, locate the cause and resolve the issue accordingly. 2. Execute the display irf link command on the remote member device to check the IRF port configuration for configuration errors. If configuration errors exist, modify IRF port bindings in IRF port view. 3. Verify that the IRF connections are correct. If the member devices are connected in daisy-chain topology, make sure the local control links are connected to the peer control links and the local data links are connected to the peer data links. If the member devices are connected in star topology, make sure the local control links have Layer 2 connectivity to the peer control links and the local data links have Layer 2 connectivity to the peer data links. After you ensure that the IRF connections are correct, execute the display irf link command again to verify that the IRF network interfaces are up. If the IRF network interfaces are not up, go to the next step. 4. Use other ports to replace the IRF network interfaces that are not up. For this purpose, execute the undo port group interface command in IRF port view to unbind the IRF network interfaces from the IRF port, and then execute the port group interface command in IRF port view to bind other ports to the IRF port. Connect the new IRF network interfaces to the IRF network interfaces on the remote member device. Then, execute the display irf link command again to verify that the new IRF network interfaces are up. If the IRF network interfaces are not up, go to the next step. 5. Change the cables or fibers, and then execute the display irf link command again to verify that the IRF network interfaces are up. If the IRF network interfaces are not up, go to the next step. 6. If the issue persists, collect alarm information and configuration data, and then contact Technical Support for help. |
IRF_LINK_UP
|
Message text |
IRF port came up. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
IRF/6/IRF_LINK_UP: IRF port came up. |
|
Impact |
This issue leads to IRF merge. |
|
Cause |
An IRF link recovered from failure. |
|
Recommended action |
No action is required. |
IRF_MEMBERID_CONFLICT
|
Message text |
IRF member ID conflict occurred. The ID [UINT32] has been used for another device with CPU-Mac: [STRING]. |
|
Variable fields |
$1: IRF member ID of the device. $2: CPU MAC address of the device. |
|
Severity level |
4 (Warning) |
|
Example |
IRF/4/IRF_MEMBERID_CONFLICT:-slot = 5; IRF member ID conflict occurred, The ID 5 has been used for another device with CPU-Mac: 000c-29d7-c1ae. |
|
Impact |
No negative impact on the system. |
|
Cause |
A member ID conflict was detected. Another device in the same broadcast domain has the same member ID as this device. |
|
Recommended action |
Remain the member ID of the device that has joined the IRF fabric unchanged. Log in to the other device and use the irf member renumber command to change the member ID of that device to a member ID not used in the IRF fabric. |
IRF_MERGE
|
Message text |
IRF merge occurred. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
IRF/4/IRF_MERGE: IRF merge occurred. |
|
Impact |
No negative impact on the system. |
|
Cause |
An IRF link came up. |
|
Recommended action |
No action is required. |
IRF_MERGE_NEED_REBOOT
|
Message text |
IRF merge occurred. This IRF system needs a reboot. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
IRF/4/IRF_MERGE_NEED_REBOOT: IRF merge occurred. This IRF system needs a reboot. |
|
Impact |
The local IRF system cannot provide services during reboot. |
|
Cause |
An IRF link came up, which led to IRF merge. In addition, the local IRF system failed in the master election. |
|
Recommended action |
Reboot the local IRF system. After it reboots, all its member devices join the IRF system that has won the master election as standby devices. |
IRF_MERGE_NOT_NEED_REBOOT
|
Message text |
IRF merge occurred. This IRF system does not need to reboot. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
IRF/5/IRF_MERGE_NOT_NEED_REBOOT: IRF merge occurred. This IRF system does not need to reboot. |
|
Impact |
No negative impact on the system. |
|
Cause |
An IRF link came up, which led to IRF merge. In addition, the local IRF system succeeded in the master election. |
|
Recommended action |
No action is required. |
ISIS messages
This section contains IS-IS messages.
ISIS_LSP_CONFLICT
|
Message text |
IS-IS [UINT16], [STRING] LSP, LSPID=[STRING], SeqNum=[HEX], system ID conflict might exist. |
|
Variable fields |
$1: IS-IS process ID. $2: IS type. The IS type can be Level-1 or Level-2. $3: LSP ID. $4: LSP sequence number. |
|
Severity level |
5 |
|
Example |
ISIS/5/ISIS_LSP_CONFLICT: -MDC=1; IS-IS 1, Level-1 LSP, LSPID=1111.1111.1111.00-00, SeqNum=0x000045bf, system ID conflict might exist. |
|
Explanation |
System ID conflict might exist. |
|
Recommended action |
Check whether the system ID of the device that generates the LSP conflicts with the system ID of another device. |
ISIS_MEM_ALERT
|
Message text |
ISIS Process received system memory alert [STRING] event. |
|
Variable fields |
$1: Type of the memory alarm. |
|
Severity level |
5 |
|
Example |
ISIS/5/ISIS_MEM_ALERT: ISIS Process received system memory alert start event. |
|
Explanation |
IS-IS received a memory alarm. |
|
Recommended action |
Check the system memory and release memory for the modules that occupy too many memory resources. |
ISIS_NBR_CHG
|
Message text |
IS-IS [UINT16], [STRING] adjacency [STRING] ([STRING]), state changed to [STRING], Reason: [STRING]. |
|
Variable fields |
$1: IS-IS process ID. $2: Neighbor level. $3: Neighbor ID. $4: Interface name. $5: Current neighbor state. This field might display DOWN, UP, or INIT. $6: Reason of neighbor state change. Possible reasons are as follows: · circuit data clean—The neighbor state changed to DOWN because routing information was cleared. · holdtime expired—The neighbor state changed to DOWN because no hello packets were received within the hold time. · BFD session down—The neighbor state changed to DOWN because BFD detected a link failure. · peer reset—The neighbor state changed to DOWN because the reset isis peer command was executed. · circuit ID conflicts—The neighbor state changed to DOWN because a hello packet with incorrect circuit ID was received from the neighbor. · P2P peer GR down—The neighbor state changed to DOWN because a P2P hello packet with no GR option was received during GR. · 2way-pass—The neighbor state changed to UP because the neighbor relationship was established. · 2way-fail—The neighbor state changed to INIT because a one-way hello packet was received from the neighbor. |
|
Severity level |
5 |
|
Example |
ISIS/5/ISIS_NBR_CHG: IS-IS 1, Level-1 adjacency 0000.0000.0001 (GigabitEthernet1/0/1), state changed to DOWN, Reason: circuit data clean. |
|
Explanation |
The IS-IS neighbor state changed. |
|
Recommended action |
When the neighbor state changes to DOWN or INIT, check the reason and take recommended actions. · circuit data clean—Check the interface state, IS-IS configuration, and network connectivity. · holdtime expired—Verify whether a hello packet has been received from the neighbor within the hold time. · BFD session down—Check the connectivity to the neighbor. · peer reset—Check whether the reset isis peer command has been executed. · circuit ID conflicts—Check whether the IS-IS interface settings have been edited multiples times on the neighbor. · P2P peer GR down—Check whether the neighbor supports GR. · 2way-fail—Check the following: ¡ Check whether the reset isis peer command has been executed. ¡ Verify whether a hello packet has been received from the neighbor within the hold time. ¡ Check whether the authentication settings are the same on the device and the neighbor. |
ISSU messages
This section contains ISSU messages.
ISSU_LOAD_FAILED
|
Message text |
Failed to execute the issu load command. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
ISSU/5/ISSU_LOAD_FAILED: -IPAddr=192.168.79.1-User=**; Failed to execute the issu load command. |
|
Explanation |
A user executed the issu load command, but the operation failed. |
|
Recommended action |
Take actions as prompted. |
ISSU_LOAD_SUCCESS
|
Message text |
Executed the issu load command successfully. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
ISSU/5/ISSU_LOAD_SUCCESS: -IPAddr=192.168.79.1-User=**; Executed the issu load command successfully. |
|
Explanation |
A user executed the issu load command successfully. |
|
Recommended action |
No action is required. |
ISSU_PROCESSWITCHOVER
|
Message text |
Switchover completed. The standby process became the active process. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
ISSU/5/ISSU_PROCESSWITCHOVER: Switchover completed. The standby process became the active process. |
|
Explanation |
A user executed the issu run switchover command. |
|
Recommended action |
No action is required. |
ISSU_ROLLBACKCHECKNORMAL
|
Message text |
The rollback might not be able to restore the previous version for [STRING] because the status is not normal. |
|
Variable fields |
$1: Chassis number and slot number or slot number. |
|
Severity level |
4 |
|
Example |
ISSU/4/ISSU_ROLLBACKCHECKNORMAL: The rollback might not be able to restore the previous version for chassis 1 slot 2 because the state is not normal. |
|
Explanation |
While an ISSU was in Switching state, a user executed the issu rollback command or the ISSU automatic-rollback timer expired. However, the status of the MPU was not Normal. |
|
Recommended action |
No action is required. |
KPI
This section contains KPI module messages.
INDICATOR_UPPERLIMIT_ALARM
|
Message text |
CHASSIS [[INT32]] SLOT [[INT32]] CPU [[INT32]] Module [[STRING]] Object [[STRING]] Indicator [[STRING]] Value [[STRING]] exceeded the upper limit of [STRING]. |
|
Variable fields |
$1: Chassis ID. $2: Slot ID. $3: CPU ID. $4: Module name. $5: Object name. $6: Indicator name. $7: Indicator value. $8: Upper limit value of the indicator. |
|
Severity Level |
5 |
|
Example |
KPI/5/INDICATOR_UPPERLIMIT_ALARM: CHASSIS [0] SLOT [2] CPU [0] Module [ifmgr] Object [GigabitEthernet2/0/1] Indicator [if actual speed] Value [950] exceeded the upper limit of 900. |
|
Explanation |
EAI monitoring is enabled. An indicator collected by the KPI module exceeds the upper limit value. |
|
Recommended action |
No action is required. |
INDICATOR_LOWERLIMIT_ALARM
|
Message text |
CHASSIS [[INT32]] SLOT [[INT32]] CPU [[INT32]] Module [[STRING]] Object [[STRING]] Indicator [[STRING]] Value [[STRING]] is below the lower limit of [STRING]. |
|
Variable fields |
$1: Chassis ID. $2: Slot ID. $3: CPU ID. $4: Module name. $5: Object name. $6: Indicator name. $7: Indicator value. $8: Lower limit value of the indicator. |
|
Severity Level |
5 |
|
Example |
KPI/5/INDICATOR_LOWERLIMIT_ALARM: CHASSIS [0] SLOT [2] CPU [0] Module [ifmgr] Object [GigabitEthernet2/0/1] Indicator [if actual speed] Value [50] is below the lower limit of 100. |
|
Explanation |
EAI monitoring is enabled. An indicator collected by the KPI module falls below the lower limit value. |
|
Recommended action |
No action is required. |
INDICATOR_RECOVER_ALARM
|
Message text |
CHASSIS [[INT32]] SLOT [[INT32]] CPU [[INT32]] Module [[STRING]] Object [[STRING]] Indicator [[STRING]] Value [[STRING]] returned to normal between [STRING] and [STRING]. |
|
Variable fields |
$1: Chassis ID. $2: Slot ID. $3: CPU ID. $4: Module name. $5: Object name. $6: Indicator name. $7: Indicator value. $8: Lower limit value of the indicator. $9: Upper limit value of the indicator. |
|
Severity Level |
5 |
|
Example |
KPI/5/INDICATOR_RECOVER_ALARM:CHASSIS [0] SLOT [2] CPU [0] Module [ifmgr] Object [GigabitEthernet2/0/1] Indicator [if actual speed] Value [500] returned to normal between 100 and 900. |
|
Explanation |
EAI monitoring is enabled. An indicator collected by the KPI module returns to the normal range between the upper and lower limit values. |
|
Recommended action |
No action is required. |
INDICATOR_PREDICT_UPPERLIMIT_ALARM
|
Message text |
CHASSIS [[INT32]] SLOT [[INT32]] CPU [[INT32]] Module [[STRING]] Object [[STRING]] Indicator [[STRING]] Predict Value [[STRING]] exceeded the upper limit of [STRING]. |
|
Variable fields |
$1: Chassis ID. $2: Slot ID. $3: CPU ID. $4: Module name. $5: Object name. $6: Indicator name. $7: Predicted value of the indicator. $8: Upper limit value of the indicator. |
|
Severity Level |
5 |
|
Example |
KPI/5/INDICATOR_PREDICT_UPPERLIMIT_ALARM: CHASSIS [0] SLOT [2] CPU [0] Module [ifmgr] Object [GigabitEthernet2/0/1] Indicator [if actual speed] Predict Value [950] exceeded the upper limit of 900. |
|
Explanation |
EAI prediction is enabled. The predicted value of an indicator exceeds the upper limit value of the indicator. |
|
Recommended action |
No action is required. |
INDICATOR_PREDICT_LOWERLIMIT_ALARM
|
Message text |
CHASSIS [[INT32]] SLOT [[INT32]] CPU [[INT32]] Module [[STRING]] Object [[STRING]] Indicator [[STRING]] Predict Value [[STRING]] is below the lower limit of [STRING]. |
|
Variable fields |
$1: Chassis ID. $2: Slot ID. $3: CPU ID. $4: Module name. $5: Object name. $6: Indicator name. $7: Predicted value of the indicator. $8: Lower limit value of the indicator. |
|
Severity Level |
5 |
|
Example |
KPI/5/INDICATOR_PREDICT_LOWERLIMIT_ALARM: CHASSIS [0] SLOT [2] CPU [0] Module [ifmgr] Object [GigabitEthernet2/0/1] Indicator [if actual speed] Predict Value [50] is below the lower limit of 100. |
|
Explanation |
EAI prediction is enabled. The predicted value of an indicator falls below the lower limit value of the indicator. |
|
Recommended action |
No action is required. |
INDICATOR_PREDICT_RECOVER_ALARM
|
Message text |
CHASSIS [[INT32]] SLOT [[INT32]] CPU [[INT32]] Module [[STRING]] Object [[STRING]] Indicator [[STRING]] Predict Value [[STRING]] returned to normal between [STRING] and [STRING]. |
|
Variable fields |
$1: Chassis ID. $2: Slot ID. $3: CPU ID. $4: Module name. $5: Object name. $6: Indicator name. $7: Predicted value of the indicator. $8: Lower limit value of the indicator. $9: Upper limit value of the indicator. |
|
Severity Level |
5 |
|
Example |
KPI/5/INDICATOR_PREDICT_RECOVER_ALARM: CHASSIS [0] SLOT [2] CPU [0] Module [ifmgr] Object [GigabitEthernet2/0/1] Indicator [if actual speed] Predict Value [500] returned to normal between 100 and 900. |
|
Explanation |
EAI prediction is enabled. The predicted value of an indicator returns to the normal range between the upper and lower limit values of the indicator. |
|
Recommended action |
No action is required. |
L2PT messages
This section contains L2PT messages.
L2PT_ADD_GROUPMEMBER_FAILED
|
Message text |
Failed to add [STRING] as a member to the VLAN tunnel group for [STRING]. |
|
Variable fields |
$1: Interface name. $2: Protocol name. |
|
Severity level |
4 (Warning) |
|
Example |
L2PT/4/L2PT_ADD_GROUPMEMBER_FAILED: Failed to add GigabitEthernet2/0/1 as a member to the VLAN tunnel group for STP. |
|
Impact |
The interface cannot transparently transmit packets of the specified protocol. |
|
Cause |
For L2PT to take effect, you must create a VLAN tunnel multicast group for the specified protocol and add the interface to the group. However, the device failed to issue L2TP-related configuration to the driver during this process. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
L2PT_CREATE_TUNNELGROUP_FAILED
|
Message text |
|
|
Variable fields |
$1: Protocol name. |
|
Severity level |
4 (Warning) |
|
Example |
L2PT/4/L2PT_CREATE_TUNNELGROUP_FAILED: Failed to create a VLAN tunnel group for STP. |
|
Impact |
The interface cannot transparently transmit packets of the specified protocol. |
|
Cause |
For L2PT to take effect, you must create a VLAN tunnel multicast group for the specified protocol and add the interface to the group. However, the device failed to issue L2TP-related configuration to the driver during this process. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
L2PT_ENABLE_DROP_FAILED
|
Message text |
|
|
Variable fields |
$1: Protocol name. $2: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
L2PT/4/L2PT_ENABLE_DROP_FAILED: Failed to enable STP packet drop on GigabitEthernet2/0/1. |
|
Impact |
The interface cannot perform L2TP drop for packets of the specified protocol. |
|
Cause |
The device failed to issue L2TP-related configuration to the driver. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
L2PT_SET_MULTIMAC_FAILED
|
Message text |
Failed to set a tunnel destination MAC address to [MAC]. |
|
Variable fields |
$1: MAC address. |
|
Severity level |
4 (Warning) |
|
Example |
L2PT/4/L2PT_SET_MULTIMAC_FAILED: Failed to set a tunnel destination MAC address to 010f-e200-0003. |
|
Impact |
L2PT cannot encapsulate Layer 2 protocol packets with the specified multicast MAC address and transmit them. |
|
Cause |
The device failed to issue L2TP-related configuration to the driver. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
L2TPv2 messages
This section contains L2TPv2 messages.
L2TPV2_SESSION_EXCEED_LIMIT
|
Message text |
Number of L2TP sessions exceeded the limit. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
L2TPV2/4/L2TPV2_SESSION_EXCEED_LIMIT: Number of L2TP sessions exceeded the limit. |
|
Impact |
New L2TP sessions cannot be created. As a result, new L2TP users cannot come online. |
|
Cause |
The number of established L2TP sessions has reached the limit. |
|
Recommended action |
For new L2TP users to come online, perform one of the following tasks: · Wait for the old L2TP users to go offline and release L2TP session resources. · Execute the reset ppp access-user command to forcibly log out some old L2TP users to release L2TP session resources. |
L2TPV2_TUNNEL_EXCEED_LIMIT
|
Message text |
|
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
L2TPV2/4/L2TPV2_TUNNEL_EXCEED_LIMIT: Number of L2TP tunnels exceeded the limit. |
|
Impact |
New L2TP tunnels cannot be established. |
|
Cause |
The number of established L2TP tunnels has reached the limit. |
|
Recommended action |
1. Perform one of the following tasks: ¡ Execute the reset l2tp tunnel command to disconnect an idle tunnel. ¡ Wait for the device to automatically disconnect an idle tunnel after the hello interval elapses. 2. If the problem persists, contact H3C Support. |
L2VPN messages
This section contains L2VPN messages.
L2VPN_ARP_MOBILITY_SUPPRESS (public instance)
|
Message text |
ARP (IP [STRING], MAC [STRING]) was suppressed in the public instance due to frequent ARP mobility events. |
|
Variable fields |
$1: IP address. $2: MAC address. |
|
Severity level |
4 (Warning) |
|
Example |
L2VPN/4/L2VPN_ARP_MOBILITY_SUPPRESS: ARP (IP 10.1.1.1, MAC 0001-0001-0001) was suppressed in the public instance due to frequent ARP mobility events. |
|
Impact |
The ARP entry cannot be moved. |
|
Cause |
The IP address in the public instance moved too frequently, so the distributed EVPN gateways suppressed the excess ARP mobility events. |
|
Recommended action |
Verify that IP addresses in the public instance do not conflict with one another. |
L2VPN_ARP_MOBILITY_SUPPRESS (VPN instance)
|
Message text |
ARP (IP [STRING], MAC [STRING]) was suppressed in VPN instance [STRING] due to frequent ARP mobility events. |
|
Variable fields |
$1: IP address. $2: MAC address. $3: VPN instance name. |
|
Severity level |
4 (Warning) |
|
Example |
L2VPN/4/L2VPN_ARP_MOBILITY_SUPPRESS: ARP (IP 10.1.1.1, MAC 0001-0001-0001) was suppressed in VPN instance vpna due to frequent ARP mobility events. |
|
Impact |
The ARP entry cannot be moved. |
|
Cause |
The IP address in the VPN instance moved too frequently, so the distributed EVPN gateways suppressed the excess ARP mobility events. |
|
Recommended action |
Verify that IP addresses in the VPN instance do not conflict with one another. |
L2VPN_ARP_MOBILITY_UNSUPPRESS (public instance)
|
Message text |
ARP (IP [STRING], MAC [STRING]) was unsuppressed in the public instance. |
|
Variable fields |
$1: IP address. $2: MAC address. $3: VPN instance name. |
|
Severity level |
4 (Warning) |
|
Example |
L2VPN/4/L2VPN_ARP_MOBILITY_UNSUPPRESS: ARP (IP 10.1.1.1, MAC 0001-0001-0001) was unsuppressed in the public instance. |
|
Impact |
No negative impact on the system. |
|
Cause |
ARP mobility event suppression was disabled by using the undo evpn route arp-mobility suppress command, and the device would advertise ARP information for the IP address in the public instance. |
|
Recommended action |
No action is required. |
L2VPN_ARP_MOBILITY_UNSUPPRESS (VPN instance)
|
Message text |
ARP (IP [STRING], MAC [STRING]) was unsuppressed in VPN instance [STRING]. |
|
Variable fields |
$1: IP address. $2: MAC address. $3: VPN instance name. |
|
Severity level |
4 (Warning) |
|
Example |
L2VPN/4/L2VPN_ARP_MOBILITY_UNSUPPRESS: ARP (IP 10.1.1.1, MAC 0001-0001-0001) was unsuppressed in VPN instance vpna. |
|
Impact |
No negative impact on the system. |
|
Cause |
The IP address in the VPN instance was unsuppressed by using the undo evpn route arp-mobility suppress command, and distributed EVPN gateways can advertise ARP information for the IP address. |
|
Recommended action |
No action is required. |
L2VPN_MAC_MOBILITY_SUPPRESS
|
Message text |
MAC address [STRING] was suppressed in VSI [STRING] due to frequent MAC mobility events. |
|
Variable fields |
$1: MAC address. $2: VSI name. |
|
Severity level |
4 (Warning) |
|
Example |
L2VPN/4/L2VPN_MAC_MOBILITY_SUPPRESS: MAC address 0001-0001-0001 was suppressed in VSI vpna due to frequent MAC mobility events. |
|
Impact |
The MAC address cannot be moved. |
|
Cause |
The MAC address moved too frequently, so the device suppressed the excess MAC mobility events. |
|
Recommended action |
Verify that MAC addresses in the network do not conflict with one another. |
L2VPN_MAC_MOBILITY_UNSUPPRESS
|
Message text |
MAC address [STRING] was unsuppressed in VSI [STRING]. |
|
Variable fields |
$1: MAC address. $2: VSI name. |
|
Severity level |
4 (Warning) |
|
Example |
L2VPN/4/L2VPN_MAC_MOBILITY_UNSUPPRESS: MAC address 0001-0001-0001 was unsuppressed in VSI vpna. |
|
Impact |
No negative impact on the system. |
|
Cause |
MAC mobility event suppression was disabled by using the undo evpn route mac-mobility suppress command, and the device would advertise the MAC address. |
|
Recommended action |
No action is required. |
L2VPN_BGPVC_CONFLICT_LOCAL
|
Message text |
Remote site ID [INT32] (From [STRING], route distinguisher [STRING]) conflicts with local site. |
|
Variable fields |
$1: ID of a remote site. $2: IP address of the remote site. $3: Route distinguisher of the remote site. |
|
Severity level |
5 (Notification) |
|
Example |
L2VPN/5/L2VPN_BGPVC_CONFLICT_LOCAL: Remote site ID 1 (From 1.1.1.1, route distinguisher 1:1) conflicts with local site. |
|
Impact |
The PW cannot be established. |
|
Cause |
A remote site ID conflicted with the local site ID. This message is generated when one of the following situations occurs: · The received remote site ID is the same as the local site ID. · The local site ID is configured the same as a received remote site ID. |
|
Recommended action |
Modify the site ID configuration on the local device or remote device. Or, configure the remote site ID in a different VPLS instance than the local site ID. |
L2VPN_BGPVC_CONFLICT_REMOTE
|
Message text |
Remote site ID [INT32] (From [STRING], route distinguisher [STRING]) conflicts with another remote site. |
|
Variable fields |
$1: ID of a remote site. $2: IP address of the remote site. $3: Route distinguisher of the remote site. |
|
Severity level |
5 (Notification) |
|
Example |
L2VPN/5/L2VPN_BGPVC_CONFLICT_REMOTE: Remote site ID 1 (From 1.1.1.1, route distinguisher 1:1) conflicts with another remote site. |
|
Impact |
The local device can establish a PW with only one of the two remote devices. |
|
Cause |
Two remote site IDs conflicted. This message is generated when the received remote site ID is the same as another received remote site ID. |
|
Recommended action |
Modify the site ID configuration on one remote device. Or, configure the two remote site IDs in different VPLS instances. |
L2VPN_HARD_RESOURCE_NOENOUGH
|
Message text |
No enough hardware resource for L2VPN. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
L2VPN/4/L2VPN_HARD_RESOURCE_NOENOUGH: No enough hardware resource for L2VPN. |
|
Impact |
No new VSI, PW, or AC can be created. |
|
Cause |
Hardware resources for L2VPN were insufficient. |
|
Recommended action |
Check whether unnecessary VSIs, PWs, or ACs had been generated. If yes, delete them. |
L2VPN_HARD_RESOURCE_RESTORE
|
Message text |
Hardware resources for L2VPN are restored. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
L2VPN/6/L2VPN_HARD_RESOURCE_RESTORE: Hardware resources for L2VPN are restored. |
|
Impact |
No negative impact on the system. |
|
Cause |
Hardware resources for L2VPN were restored. |
|
Recommended action |
No action is required. |
L2VPN_LABEL_DUPLICATE
|
Message text |
Incoming label [INT32] for a static PW in [STRING] [STRING] is duplicate. |
|
Variable fields |
$1: Incoming label value. $2: Type of L2VPN, Xconnect-group or VSI. $3: Name of the Xconnect-group or VSI. |
|
Severity level |
4 (Warning) |
|
Example |
L2VPN/4/L2VPN_LABEL_DUPLICATE: Incoming label 1024 for a static PW in Xconnect-group aaa is duplicate. |
|
Impact |
The current PW cannot be created. |
|
Cause |
The incoming label of a static PW in this Xconnect-group or VSI was occupied by another configuration, for example, by a static LSP or by a static CRLSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static PW with an incoming label which is occupied by another configuration. · Enable MPLS when a static PW whose incoming label is occupied by another configuration already exists. |
|
Recommended action |
Remove this static PW, and reconfigure it with another incoming label. |
L2VPN_MLAG_AC_CONFLICT
|
Message text |
The dynamic AC created for Ethernet service instance [INT32] on interface [STRING] causes a conflict. |
|
Variable fields |
$1: Ethernet service instance ID. $2: Interface on which the Ethernet service instance is created. |
|
Severity level |
4 (Warning) |
|
Example |
L2VPN/4/L2VPN_MLAG_AC_CONFLICT: The dynamic AC created for Ethernet service instance 10 on interface Bridge-Aggregation 5 causes a conflict. |
|
Impact |
Service traffic might be discarded. |
|
Cause |
On an EVPN M-LAG network, the dynamic ACs created for different static ACs conflict when the peer link is changed from a tunnel to a direct link. |
|
Recommended action |
Delete and then reconfigure the corresponding static ACs. Make sure the match criterion specified for different ACs do not overlap. |
PROCESS
|
Message text |
The EVPN global MAC address is a reserved MAC. |
|
Variable fields |
N/A |
|
Severity level |
7 (Debug) |
|
Example |
L2VPN/7/PROCESS: The EVPN global MAC address is a reserved MAC. |
|
Impact |
A reserved MAC address was occupied, reducing the number of available reserved MAC addresses. |
|
Cause |
The configured EVPN global MAC address is a reserved MAC address. |
|
Recommended action |
Change the EVPN global MAC address. |
LAGG messages
This section contains link aggregation messages.
LAGG_ACTIVE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the active state. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_ACTIVE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the active state. |
|
Explanation |
A member port in an aggregation group changed to the Selected state. |
|
Recommended action |
No action is required. |
LAGG_AUTO_AGGREGATION
|
Message text |
Failed to assign automatic assignment-enabled interface [STRING] to an aggregation group. Please check the configuration on the interface. |
|
Variable fields |
$1: Port name. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_AUTO_AGGREGATON: Failed to assign automatic assignment-enabled interface FGE1/0/1 to an aggregation group. Please check the configuration on the interface. |
|
Explanation |
A port failed to join an automatically created aggregation group for one of the following reasons: · The attribute configuration of the port is inconsistent with that of the aggregate interface. · Some settings on the port prevent it from joining the aggregation group. |
|
Recommended action |
To resolve this issue: · Modify the attribute configuration of the port to be consistent with the aggregate interface. · Remove the settings that affect automatic member port assignment from the port. |
LAGG_INACTIVE_AICFG
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the port and the aggregate interface had different attribute configurations. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_AICFG: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the port and the aggregate interface had different attribute configurations. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because the member port and the aggregate interface had different attribute configurations. |
|
Recommended action |
Modify the attribute configuration of the member port to be the same as the attribute configuration of the aggregate interface. |
LAGG_INACTIVE_BFD
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the BFD session state of the port was down. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_BFD: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the BFD session state of the port is down. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because the BFD session on the port went down. |
|
Recommended action |
To resolve this issue: · Check for a link failure. · Modify the port settings to make sure it has the same operational key and attribute configuration as the reference port. |
LAGG_INACTIVE_CONFIGURATION
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the link aggregation configuration of the port was incorrect. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_CONFIGURATION: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the link aggregation configuration of the port was incorrect. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because some configuration on the member port cannot be issued to the driver. |
|
Recommended action |
Check the port configuration for software and hardware incompatibilities or errors. |
LAGG_INACTIVE_DUPLEX
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the duplex mode of the port was different from that of the reference port. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_DUPLEX: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the duplex mode of the port was different from that of the reference port. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because the duplex mode was different between the member port and the reference port. |
|
Recommended action |
Change the duplex mode of the member port to be the same as the reference port. |
LAGG_INACTIVE_HARDWAREVALUE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because of the port's hardware restriction prevented it from being Selected. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_HARDWAREVALUE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because of the port's hardware restriction prevented it from being Selected. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because of the port's hardware restriction. |
|
Recommended action |
Remove the port from the aggregation group. |
LAGG_INACTIVE_IFCFG_DEFAULT
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because no LACPDU was received by the reference port. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_IFCFG_DEFAULT: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because no LACPDU was received by the reference port. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because the port had not received LACPDUs from its peer port. |
|
Recommended action |
Verify whether the peer end has sent LACPDUs. |
LAGG_INACTIVE_IFCFG_LOOPPORT
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the reference port received its own LACPDUs. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_IFCFG_LOOPPORT: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the reference port received its own LACPDUs. |
|
Explanation |
The reference port in an aggregation group changed to the Unselected state because it received the LACPDUs sent out of itself. |
|
Recommended action |
Check the device for a loop condition. |
LAGG_INACTIVE_IFCFG_NONAGG
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the link of the port was not aggregatable. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_IFCFG_NONAGG: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the link of the port was not aggregatable. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because its link was not aggregatable. |
|
Recommended action |
Reconfigure the port to be compliant with the aggregation requirements. |
LAGG_INACTIVE_KEY_INVALID
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the port's operational key was invalid. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_KEY_INVALID: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the port's operational key was invalid. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because its operational key was invalid. This message typically occurs when the operational key of the reference port is invalid. |
|
Recommended action |
Modify the settings for the parameters (for example, port speed and duplex settings) used to calculate the operational key on the reference port. Make sure the member port is reconfigured with the same settings for those parameters as the reference port. |
LAGG_INACTIVE_LACP_ISOLATE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the link-aggregation lacp isolate setting had been configured. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_LACP_ISOLATE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the link-aggregation lacp isolate setting had been configured. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because aggregate interfaces on the device were isolated. |
|
Recommended action |
Remove aggregate interface isolation. |
LAGG_INACTIVE_LOWER_LIMIT
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the number of Selected ports was below the lower limit. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_LOWER_LIMIT: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the number of Selected ports was below the lower limit. |
|
Explanation |
A member port in an aggregation group was placed in Unselected state because the required minimum number of Selected ports was not reached. |
|
Recommended action |
Make sure the minimum number of Selected ports is met. |
LAGG_INACTIVE_NODEREMOVE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the card that hosts the port was absent. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_NODEREMOVE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the card that hosts the port was absent. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state on removal of the card that contains the port. |
|
Recommended action |
To bring up the port, re-insert its card. |
LAGG_INACTIVE_OPERSTATE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the peer port did not have the Synchronization flag. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_OPERSTATE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the peer port did not have the Synchronization flag. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because the LACPDUs received from the peer port did not contain the Synchronization flag. |
|
Recommended action |
Examine the LACPDUs received from the peer port. |
LAGG_INACTIVE_PARTNER
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the link aggregation configuration of its peer port was incorrect. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_PARTNER: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the link aggregation configuration of its peer port was incorrect. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because the port's partner changed to the Unselected state. |
|
Recommended action |
No action is required. |
LAGG_INACTIVE_PARTNER_KEY_WRONG
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the operational key of the peer port was different from that of the reference port. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_PARTNER_KEY_WRONG: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the operational key of the peer port was different from that of the reference port. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because its peer port had a different operational key than the reference port. |
|
Recommended action |
Reconfigure the peer port to use the same settings as the reference port for the parameters used to calculate the operational key. These parameters include port speed and duplex settings. |
LAGG_INACTIVE_PARTNER_MAC_WRONG
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the system MAC address of the peer port was different from that of the peer port for the reference port. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_PARTNER_MAC_WRONG: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the system MAC address of the peer port was different from that of the peer port for the reference port. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because the system MAC address of its peer port was different from that of the reference port. |
|
Recommended action |
Make sure the peer aggregation systems use the same LACP system MAC address. |
LAGG_INACTIVE_PARTNER_NONAGG
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the link of the peer port was not aggregatable. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_PARTNER_NONAGG: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the link of the peer port was not aggregatable. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because the link of its peer port was not aggregatable. |
|
Recommended action |
Reconfigure the port to be compliant with the aggregation requirements. |
LAGG_INACTIVE_PARTNER_RDIRHANDLE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because link-aggregation traffic redirection was triggered on the peer port. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_PARTNER_RDIRHANDLE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because link-aggregation traffic redirection was triggered on the peer port. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because link-aggregation traffic redirection was triggered on its peer port. |
|
Recommended action |
Reconfigure the peer port of the aggregation member port. |
LAGG_INACTIVE_PHYSTATE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the physical or line protocol state of the port was down. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_PHYSTATE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the physical or line protocol state of the port was down. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because the port went down. |
|
Recommended action |
Check the member port for physical or link layer issues. |
LAGG_INACTIVE_PORT_DEFAULT
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the port had not received LACPDUs. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_PORT_DEFAULT: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the port had not received LACPDUs. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because it had not received LACPDUs. |
|
Recommended action |
Verify whether the peer port of the aggregation member port can correctly send LACPDUs. |
LAGG_INACTIVE_RDIRHANDLE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because link-aggregation traffic redirection was triggered on the local port. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_RDIRHANDLE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because link-aggregation traffic redirection was triggered on the local port. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because link-aggregation traffic redirection was triggered on it. |
|
Recommended action |
No action is required. |
LAGG_INACTIVE_REDUNDANCY
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the port was in secondary state in a redundancy group. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_ REDUNDANCY: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the port was in secondary state in a redundancy group. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because it was in secondary state in a redundancy group. |
|
Recommended action |
Check the upstream interface for a link failure. |
LAGG_INACTIVE_RESOURCE_INSUFICIE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because hardware resources were not enough. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_RESOURCE_INSUFICIE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because hardware resources were not enough. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because the aggregation resources were insufficient. |
|
Recommended action |
No action is required. |
LAGG_INACTIVE_SPEED
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the speed configuration of the port was different from that of the reference port. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_SPEED: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the speed configuration of the port was different from that of the reference port. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because the speed was different between the member port and the reference port. |
|
Recommended action |
Change the speed of the member port to be the same as the reference port. |
LAGG_INACTIVE_STANDBY
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the port was in Standby state. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_STANDBY: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the port was in Standby state. |
|
Explanation |
A member port in an aggregation group changed to the Unselected state because it was placed in Standby state. |
|
Recommended action |
Wait for a while, and then check the aggregation state of the aggregation member port. If it is still in Unselected state, execute the display link-aggregation troubleshooting command to identify the reason and obtain the recommended action. |
LAGG_INACTIVE_UPPER_LIMIT
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the number of Selected ports had reached the upper limit. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_INACTIVE_UPPER_LIMIT: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the number of Selected ports had reached the upper limit. |
|
Explanation |
The number of Selected ports reached the upper limit in a dynamic aggregation group. A member port in the aggregation group changed to the Unselected state because a more eligible port joined the aggregation group. |
|
Recommended action |
No action is required. |
LAGG_LACP_RECEIVE_TIMEOUT
|
Message text |
LACPDU reception timed out on member port [STRING] in aggregation group [STRING]. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_RECEIVE_TIMEOUT: LACPDU reception timed out on member port GE1/0/1 of aggregation group BAGG1. |
|
Explanation |
LACPDU reception timed out on the reference port in an aggregation group. |
|
Recommended action |
Verify that the member ports in the aggregation group are correctly connected. |
LAGG_PORT_DISCARDING_STATE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the discarding state. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_PORT_DISCARDING_STATE: Member port GE1/0/50 of aggregation group BAGG1 changed to the discarding state. |
|
Explanation |
A member port in the aggregation group changed to the discarding state and cannot forward service traffic. |
|
Recommended action |
No action is required. |
LAGG_PORT_FORWARDING_STATE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the forwarding state. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 |
|
Example |
LAGG/6/LAGG_PORT_FORWARDING_STATE: Member port GE1/0/50 of aggregation group BAGG1 changed to the forwarding state. |
|
Explanation |
A member port in the aggregation group changed to changed to the forwarding state and can forward service traffic. |
|
Recommended action |
No action is required. |
LAGG_SELECTPORT_INCONSISTENT
|
Message text |
The maximum number of Selected ports for [STRING] on PEXs is inconsistent with that on the parent fabric. Please reconfigure this setting. |
|
Variable fields |
$1: Link aggregation group type and ID. |
|
Severity level |
4 |
|
Example |
LAGG/4/LAGG_SELECTPORT_INCONSISTENT: The maximum number of Selected ports for Route-Aggregation1 on PEXs is inconsistent with that on the parent fabric. Please reconfigure this setting. |
|
Explanation |
The number of Selected ports in an aggregation group on PEXs exceeded the configured maximum number of Selected ports in the aggregation group on the parent fabric. This message is generated when ports join or leave an aggregation group. |
|
Recommended action |
To resolve this issue, use either of the following methods: · Increase the maximum number of Selected ports in the aggregation group on the parent fabric. · Remove some ports from the aggregation group. |
LDP messages
This section contains LDP messages.
LDP_ADJACENCY_DOWN
|
Message text |
ADJ ([STRING], [STRING], [STRING]) is down [STRING]. ([STRING]) |
|
Variable fields |
$1: LDP ID of the peer. Value 0.0.0.0:0 indicates that the peer LDP ID cannot be obtained. $2: Name of the VPN instance. Value public instance indicates that the session belongs to the public network. $3: Interface name. This field is not available for a targeted hello. $4: Reason for the down state of the adjacency. $: Information about the adjacency: · Type—Adjacency type. ¡ Link—Link Hello adjacency. ¡ Target—Targeted Hello adjacency. · SourceAddr—Source address of the adjacency. · DestinationAddr—Destination address of the adjacency. · TransportAddr—Transport address of the adjacency. · ADJUpTime—Duration of the adjacency in up state. The duration time is in DD:HH:MM format. · HelloHoldTime—Hello holding time, in seconds. · HelloSentCount—Number of Hello message sent locally. · HelloRcvdCount—Number of Hello message received locally. |
|
Severity level |
5 (Notification) |
|
Example |
LDP/5/LDP_ADJACENCY_DOWN: ADJ (10.200.0.60:0, public instance, GE2/0/1) is down (Hello timer expired). (Type=Link, SourceAddr=100.12.1.2, DestinationAddr=224.0.0.2, TransportAddr=22.2.2.2, ADJUpTime=0000:00:02, HelloHoldTime=15s, HelloSentCount=27, HelloRcvdCount=25) |
|
Impact |
The LDP session between the local device and the LDP adjacency might go down. |
|
Cause |
The state of the LDP adjacency changed to down. |
|
Recommended action |
When the LDP adjacency is down, check the interface state, link state, and other configurations depending on the reason displayed. Possible reasons and the recommended actions are as follows: · VPN instance changed on interface—The VPN instance to which the interface belongs was changed. Use the ip binding vpn-instance command in interface view to change the association between the interface and the VPN instance. · LDP disabled on interface—LDP was disabled on the interface. Use the mpls ldp enable command in interface view to enable LDP on the interface. · MPLS disabled on interface—MPLS was disabled on the interface. Use the mpls enable command in interface view to enable LDP on the interface. · interface not operational—The interface is unavailable. Verify that the interface state is normal and has correctly configured with an IPv4 or IPv6 address. · targeted peer deleted—The targeted peer was deleted manually. Use the target-peer command in LDP view to restore the remote session configuration. · L2VPN disabled targeted peer—L2VPN disabled the targeted peer. To resolve this issue: ¡ In an MPLS L2VPN network, enable MPLS and L2VPN, create a cross-connect, and then execute the peer command in cross-connect view to create a PW for the cross-connect. ¡ In a VPLS network, enable MPLS and L2VPN, create a VSI, and then execute the peer command in VSI view to create a PW for VPLS. · TE tunnel disabled targeted peer—A TE tunnel disabled the targeted peer. To resolve this issue: ¡ Execute the display interface tunnel command to check whether the TE tunnel interface is in up state. If not, verify that MPLS and MPLS TE are enabled on all the devices and interfaces that the MPLS TE tunnel traverses. If the MPLS TE tunnel is signaled by using RSVP, you must verify that RSVP is enabled, link bandwidth and affinity settings are correct, and RSVP verification configuration is correct on all the devices and interfaces that the MPLS TE tunnel traverses. If the MPLS TE tunnel is established statically, verify that the static CRLSP or SRLSP related settings are correct. ¡ Execute the display mpls ldp interface command to check whether the MPLS and LDP capabilities are correctly configured on the interface. If not, execute the mpls enable command and the mpls ldp enable command on the interface. · session protection disabled targeted peer—Execute the session protection command in LDP view to restore the session protection configuration. · OSPF Remote LFA disabled targeted peer—OSPF calculated that the PQ node address of the remote LFA was changed, so it disabled the targeted peer corresponding to the old PQ node address. This is normal when the network topology changes. No action is required. · IS-IS Remote LFA disabled targeted peer—IS-IS calculated that the PQ node address of the remote LFA was changed, so it disabled the targeted peer corresponding to the old PQ node address. This is normal when the network topology changes. No action is required. · process deactivated—The LDP process was downgraded. The LDP session will be restored automatically after the LDP process is upgraded. As a best practice, use the non-stop-routing command in LDP view to enable NSR to reduce the impact of process upgrade and downgrade. · LDP instance deleted—The LDP-VPN instance was deleted. Use the vpn-instance command in LDP view to enable the LDP capability for the specified VPN instance. · hello hold timer expired—The hello hold timer expired. Check whether the link is stable. If not, replace the link or clear the link faults to stabilize the link. · no IPv6 transport address—No IPv6 transport address was configured. Use the mpls ldp transport-address command in interface view or LDP peer view to configure an IPv6 transport address. |
LDP_MPLSLSRID_CHG
|
Message text |
Please reset LDP sessions if you want to make the new MPLS LSR ID take effect. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
LDP/5/LDP_MPLSLSRID_CHG: -MDC=1; Please reset LDP sessions if you want to make the new MPLS LSR ID take effect. |
|
Impact |
No negative impact on the system. |
|
Cause |
If you configure an LDP LSR ID by using the lsr-id command in LDP view or LDP-VPN instance view, LDP uses the LDP LSR ID. Otherwise, LDP uses the MPLS LSR ID configured by the mpls lsr-id command. This message is sent when the following situations occur: · No LDP LSR ID is configured by using the lsr-id command in LDP view or LDP-VPN instance view. · The MPLS LSR ID is modified. |
|
Recommended action |
1. Execute the display mpls ldp parameter command to display the LSR ID. 2. Verify that the LSR ID is the same as the configured MPLS LSR ID. If they are not the same, reset LDP sessions in the public network or VPN instance by executing the reset mpls ldp command to make the configured MPLS LSR ID take effect. |
LDP_SESSION_CHG
|
Message text |
Session ([STRING], [STRING]) is [STRING] ([STRING]). ([STRING]) |
|
Variable fields |
$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session, up or down. $4: Reason for the down state error. This field is displayed only when the state is down. $5: Session information. This field is displayed only when the state is down. The following information will be displayed: · LocalTransportAddr—Local transport address. · PeerTransportAddr—Peer transport address. · SessionRole—Role of the local LSR in the session, which can be Active or Passive. · SessionUpTime—Period of time (in DD:HH:MM format) during which the session was in Operational state. · KeepaliveTime—Negotiated keepalive time, in seconds. · KeepaliveSentCount—Number of keepalive messages sent locally. · KeepaliveRcvdCount—Number of keepalive messages received locally. · GracefulRestart—Indicates the LDP GR capability of the peer. ¡ On—LDP GR is enabled on the peer. ¡ Off—LDP GR is disabled on the peer. · SocketID—Socket ID of the session. · WaitSendMsgCount—Number of TCP messages to be sent. · CPUusage—The CPU usage rate when the session was down. · MemoryState—Memory usage threshold level when the session was down. ¡ Normal—Memory usage is normal. ¡ Minor—Memory usage has reached the level 1 threshold. ¡ Severe—Memory usage has reached the level 2 threshold. ¡ Critical—Memory usage has reached the level 3 threshold. |
|
Severity level |
4 (Warning) |
|
Example |
LDP/4/LDP_SESSION_CHG: Session (22.22.22.2:0, public instance) is up. LDP/4/LDP_SESSION_CHG: Session (22.22.22.2:0, VPN instance: vpn1) is down (hello hold timer expired). (LocalTransportAddr=11.1.1.1, PeerTransportAddr=22.2.2.2, SessionRole=Passive, SessionUpTime=0000:00:35, KeepaliveTime=45s, KeepaliveSentCount=143, KeepaliveRcvdCount=148, GracefulRestart=Off, SocketID=35, WaitSendMsgCount=0, CPUUsage=19%, MemoryState=Normal) |
|
Impact |
When the session state changes to up, there is no negative impact on the system. When the session state changes to down, all services based on this LDP session will be interrupted. |
|
Cause |
The session state changed. |
|
Recommended action |
When the session state changed to up, no action is required. When the session state changed to down, check the interface state, link state, and other configurations depending on the reason displayed. Possible reasons and the recommended actions are as follows: · interface not operational—The interface is unavailable. Verify that the interface state is normal and has correctly configured with an IPv4 or IPv6 address. · MPLS disabled on interface—MPLS was disabled on the interface. Use the mpls enable command in interface view to enable LDP on the interface. · LDP disabled on interface—LDP was disabled on the interface. Use the mpls ldp enable command in interface view to enable LDP on the interface. · VPN instance changed on interface—The VPN instance to which the interface belongs was changed. Use the ip binding vpn-instance command in interface view to change the association between the interface and the VPN instance. · LDP instance deleted—The LDP-VPN instance was deleted. Use the vpn-instance command in LDP view to enable the LDP capability for the specified VPN instance. · targeted peer deleted—The targeted peer was deleted manually. Use the target-peer command in LDP view to restore the remote session configuration. · L2VPN disabled targeted peer—L2VPN disabled the targeted peer. To resolve this issue: ¡ In an MPLS L2VPN network, enable MPLS and L2VPN, create a cross-connect, and then execute the peer command in cross-connect view to create a PW for the cross-connect. ¡ In a VPLS network, enable MPLS and L2VPN, create a VSI, and then execute the peer command in VSI view to create a PW for VPLS. · TE tunnel disabled targeted peer—A TE tunnel disabled the targeted peer. To resolve this issue: ¡ Execute the display interface tunnel command to check whether the TE tunnel interface is in up state. If not, verify that MPLS and MPLS TE are enabled on all the devices and interfaces that the MPLS TE tunnel traverses. If the MPLS TE tunnel is signaled by using RSVP, you must verify that RSVP is enabled, link bandwidth and affinity settings are correct, and RSVP verification configuration is correct on all the devices and interfaces that the MPLS TE tunnel traverses. If the MPLS TE tunnel is established statically, verify that the static CRLSP or SRLSP related settings are correct. ¡ Execute the display mpls ldp interface command to check whether the MPLS and LDP capabilities are correctly configured on the interface. If not, execute the mpls enable command and the mpls ldp enable command on the interface. · session protection disabled targeted peer—Execute the session protection command in LDP view to restore the session protection configuration. · OSPF Remote LFA disabled targeted peer—OSPF calculated that the PQ node address of the remote LFA was changed, so it disabled the targeted peer corresponding to the old PQ node address. This is normal when the network topology changes. No action is required. · IS-IS Remote LFA disabled targeted peer—IS-IS calculated that the PQ node address of the remote LFA was changed, so it disabled the targeted peer corresponding to the old PQ node address. This is normal when the network topology changes. No action is required. · process deactivated—The LDP process was downgraded. The LDP session will be restored automatically after the LDP process is upgraded. As a best practice, use the non-stop-routing command in LDP view to enable NSR to reduce the impact of process upgrade and downgrade. · failed to receive the initialization message—Check the link status by executing the ping -a local-address -c count dest-address command. The local and destination addresses are the local and destination device LSR IDs (which can be obtained by using the display mpls ldp parameter command), and the count is 100 or larger. If packet loss occurs on the link, collect alarm information and configuration data, and then contact Technical Support for help. · graceful restart reconnect timer expired—Check the link status by executing the ping -a local-address -c count dest-address command. The local and destination addresses are the local and destination device LSR IDs (which can be obtained by using the display mpls ldp parameter command), and the count is 100 or larger. If packet loss occurs on the link, collect alarm information and configuration data, and then contact Technical Support for help. · failed to recover adjacency by NSR—Execute the display ha service-group ldp command to view the value of the State field in the command output. The value Realtime Backup indicates the complete of data backup. You must wait the state value to become Realtime Backup, and then perform a primary/backup switchover. · failed to upgrade session by NSR—Execute the display ha service-group ldp command to view the value of the State field in the command output. The value Realtime Backup indicates the complete of data backup. You must wait the state value to become Realtime Backup, and then perform a primary/backup switchover. · closed the GR session—Check the link status by executing the ping -a local-address -c count dest-address command. The local and destination addresses are the local and destination device LSR IDs (which can be obtained by using the display mpls ldp parameter command), and the count is 100 or larger. If packet loss occurs on the link, collect alarm information and configuration data, and then contact Technical Support for help. · keepalive hold timer expired—Check the link status by executing the ping -a local-address -c count dest-address command. The local and destination addresses are the local and destination device LSR IDs (which can be obtained by using the display mpls ldp parameter command), and the count is 100 or larger. If packet loss occurs on the link, collect alarm information and configuration data, and then contact Technical Support for help. · hello hold timer expired—Check whether the link is stable. If not, replace the link or clear the link faults to stabilize the link. · session reset—The session was manually reset. The session can be reestablished automatically. No action is required. · TCP connection down—Check the link status by executing the ping -a local-address -c count dest-address command. The local and destination addresses are the local and destination device LSR IDs (which can be obtained by using the display mpls ldp parameter command), and the count is 100 or larger. If packet loss occurs on the link, collect alarm information and configuration data, and then contact Technical Support for help. · received a fatal notification message—View the failure reason carried in the notification message, and then process accordingly. · internal error—Collect alarm information and configuration data, and then contact Technical Support for help. · memory in critical state—The memory has entered level 3 alarm state. Collect alarm information and configuration data, and then contact Technical Support for help. · transport address changed on interface—Execute the mpls ldp transport-address command in interface view to restore the transport address on the interface. · MD5 password changed—Execute the display this command in LDP view to display the md5-authentication configuration. Make sure the MD5 passwords configured on both sides of the session are the same. · Auto targeted peer deleted—The automatically created remote session was deleted. Execute the display this command in LDP view to display the accept target-hello configuration: ¡ If no accept target-hello configuration exists, check whether the configuration has been mistakenly deleted. ¡ If the accept target-hello prefix-list prefix-list-name has been configured, execute the display ip prefix-list name prefix-list-name command to check whether the IP prefix list permits the remote device LSR ID. If not, modify the IP prefix list configuration. ¡ In other cases, collect alarm information and configuration data, and then contact Technical Support for help. · Modify LDP local LSR ID—The modification caused the session to be down. This is a normal event. You can wait the session to come up and no action is required. · LDP process stopped—Execute the display current-configuration configuration ldp command to check whether the LDP configuration exists. If the LDP configuration exists, it indicates that the LDP process was stopped abnormally and you need to collect alarm information and configuration data, and then contact Technical Support for help. If the LDP configuration does not exist, check whether the configuration was mistakenly deleted. The following information indicates that the LDP configuration exists: The following information indicates that the LDP configuration does not exist: |
LDP_SESSION_GR
|
Message text |
Session ([STRING], [STRING]): ([STRING]). |
|
Variable fields |
$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session graceful restart: · Start reconnection. · Reconnection failed. · Start recovery. · Recovery completed. |
|
Severity level |
5 (Notification) |
|
Example |
LDP/5/LDP_SESSION_GR: Session (22.22.22.2:0, VPN instance: vpn1): Start reconnection. |
|
Impact |
When the state of the session graceful restart is Reconnection failed, all services based on the LDP session are interrupted. Other states have no negative impact on the system. |
|
Cause |
When a GR-capable LDP session is down, the LDP GR started. This message is generated during the GR of the LDP session, indicating the current GR state. |
|
Recommended action |
Check for the reason of session graceful restart, which can be obtained from the LDP_SESSION_CHG message. When the graceful restart state Reconnection failed is displayed, check the interface state, link state, TCP connection state, and other related configurations according to the reason for the session graceful restart. For details, see the recommended action in "LDP_SESSION_CHG." No action is required for other graceful restart states. |
LDP_SESSION_SP
|
Message text |
Session ([STRING], [STRING]): ([STRING]). |
|
Variable fields |
$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session protection: · Hold up the session. · Session recovered successfully. · Session recovery failed. |
|
Severity level |
5 (Notification) |
|
Example |
LDP/5/LDP_SESSION_SP: Session (22.22.22.2:0, VPN instance: vpn1): Hold up the session. |
|
Impact |
When the state of the session protection is Session recovery failed, if the link hello adjacency cannot be established before the session hold timer expires, all services based on this LDP session will be interrupted. Other session protection states do not have negative impact on the system. |
|
Cause |
When the last link adjacency of the session was lost, session protection started. This message is generated during the session protection process, indicating the current session protection state. |
|
Recommended action |
When the state of the session protection is Session recovery failed, check the interface state, link state, and other related configurations according to the reason for the LDP session failure. For details, see the recommended action in "LDP_SESSION_CHG." No action is required for other session protection states. |
LIPC messages
This section contains Leopard inter-process communication (LIPC) messages.
LIPC_CHECKDOWN
|
Message text |
The quality of the link is poor. Owner=[STRING], VRF=[INTEGER], local address/port=[INTEGER]/[INTEGER], remote address/port=[INTEGER]/[INTEGER]. |
|
Variable fields |
$1: Name of the process that established the LIPC link. $2: Name of the VRF to which the LIPC link belongs. $3: LIP address of the local node. $4: Port number of the local node. $5: LIP address of the remote node. $6: Port number of the remote node. |
|
Severity level |
4 |
|
Example |
LIPC/4/LIPC_CHECKDOWN: The quality of the link is poor. Owner=1, VRF=0, local address/port=0/20415, remote address/port=8/10515. |
|
Explanation |
Processes will establish an LIPC link during internal communication. LIPC STCP automatically checks the link quality at intervals and outputs this log when the link quality is detected poor. |
|
Recommended action |
No action is required. The system will try to restore the LIPC link of poor quality automatically. If the restoration fails, the system will terminate the LIPC link automatically. |
LIPC_MTCP_CHECK
|
Message text |
Data stays in the receive buffer for an over long time. Owner=[STRING], VRF=[INTEGER], Group=[INTEGER], MID=[INTEGER]. |
|
Variable fields |
$1: Name of the process. $2: Name of the VRF to which the LIPC link belongs to. $3: Multicast group ID of the LIPC link. $4: Multicast group member ID of the LIPC link. |
|
Severity level |
4 |
|
Example |
LIPC/4/LIPC_MTCP_CHECK: Data stays in the receive buffer for an over long time. Owner=fsd, VRF=0, Group=134, MID=10001. |
|
Explanation |
Processes will establish an LIPC link during internal communication. LIPC MTCP assigns a receive buffer to the process and checks at intervals whether data in the buffer is retrieved by the process. If the process has not retrieved data from the receive buffer for a long time and a large amount of data accumulates in the buffer, the process might run abnormally. |
|
Recommended action |
No action is required. |
LIPC_STCP_CHECK
|
Message text |
Data stays in the receive buffer for an over long time. Owner=[STRING], VRF=[INTEGER], MDC=[INTEGER], local address/port=[INTEGER]/[INTEGER], remote address/port=[INTEGER]/[INTEGER]. |
|
Variable fields |
$1: Name of the process that established the LIPC link. $2: Name of the VRF to which the LIPC link belongs. $3: ID of the MDC to which the LIPC link belongs. (The message displays "MDC=1" for devices that do not support MDC.) $4: LIP address of the local node. $5: Port number of the local node. $6: LIP address of the remote node. $7: Port number of the remote node. |
|
Severity level |
4 |
|
Example |
LIPC/4/LIPC_STCP_CHECK: Data stays in the receive buffer for an over long time. Owner=fsd, VRF=0, MDC=1, local address/port=8/10515, remote address/port=0/20415. |
|
Explanation |
Processes will establish an LIPC link during internal communication. LIPC STCP assigns a receive buffer to the process and checks at intervals whether data in the buffer is retrieved by the process. If the process has not retrieved data from the receive buffer for a long time and a large amount of data accumulates in the buffer, the process might run abnormally. |
|
Recommended action |
No action is required. |
LIPC_SUDP_CHECK
|
Message text |
Data stays in the receive buffer for an over long time. Owner=[STRING], VRF=[INTEGER], local address/port=[INTEGER]/[INTEGER], remote address/port=[INTEGER]/[INTEGER]. |
|
Variable fields |
$1: Name of the process that established the LIPC link. $2: Name of the VRF to which the LIPC link belongs. $3: LIP address of the local node. $4: Port number of the local node. $5: LIP address of the remote node. $6: Port number of the remote node. |
|
Severity level |
4 |
|
Example |
LIPC/4/LIPC_SUDP_CHECK: Data stays in the receive buffer for an over long time. Owner=snmpd, VRF=0, local address/port=0/10525, remote address/port=32768/0. |
|
Explanation |
Processes will establish an LIPC link during internal communication. LIPC SUDP assigns a receive buffer to the process and checks at intervals whether data in the buffer is retrieved by the process. If the process has not retrieved data from the receive buffer for a long time and a large amount of data accumulates in the buffer, the process might run abnormally. |
|
Recommended action |
No action is required. |
PORT_CHANGE
|
Message text |
STCP: Node where the listening port number [INT] (MDC: [INT] VRF: [INT]) resides changed from LIP [INT] to LIP [INT]. |
|
Variable fields |
$1: LIPC global port number. $2: Name of the MDC where the LIPC global port resides. $3: Name of the VRF to which the LIPC global port belongs. $4: Name of the old LIPC node where the LIPC global port resides. $5: Name of the new LIPC node where the LIPC global port resides. |
|
Severity level |
5 |
|
Example |
LIPC/5/PORT_CHANGE: Node where the listening port number 620 (MDC: 1 VRF: 1) resides changed from LIP 1 to LIP 3. |
|
Explanation |
STCP assigns an LIPC global port number as a listening port number to each service module as requested. Typically, a service module listens to the port number only on the LIPC node where the port has been requested. This message is generated if the service module listens to the port number on a different LIPC node. STCP will move the port number from the old LIPC node to the new node. |
|
Recommended action |
No action is required. |
LLDP messages
This section contains LLDP messages.
LLDP_CREATE_NEIGHBOR
|
Message text |
[STRING] agent new neighbor created on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING]. |
|
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID. |
|
Severity level |
6 |
|
Example |
LLDP/6/LLDP_CREATE_NEIGHBOR: Nearest bridge agent new neighbor created on port Ten-GigabitEthernet10/0/15 (IfIndex 599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5. |
|
Explanation |
The port received an LLDP message from a new neighbor. |
|
Recommended action |
No action is required. |
LLDP_DELETE_NEIGHBOR
|
Message text |
[STRING] agent neighbor deleted on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING]. |
|
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID. |
|
Severity level |
6 |
|
Example |
LLDP/6/LLDP_DELETE_NEIGHBOR: Nearest bridge agent neighbor deleted on port Ten-GigabitEthernet10/0/15 (IfIndex 599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5. |
|
Explanation |
The port received a deletion message when a neighbor was deleted. |
|
Recommended action |
No action is required. |
LLDP_LESS_THAN_NEIGHBOR_LIMIT
|
Message text |
The number of [STRING] agent neighbors maintained by port [STRING] (IfIndex [UINT32]) is less than [UINT32], and new neighbors can be added. |
|
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Maximum number of neighbors a port can maintain. |
|
Severity level |
6 |
|
Example |
LLDP/6/LLDP_LESS_THAN_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by port Ten-GigabitEthernet10/0/15 (IfIndex 599) is less than 5, and new neighbors can be added. |
|
Explanation |
New neighbors can be added for the port because the limit has not been reached. |
|
Recommended action |
No action is required. |
LLDP_NEIGHBOR_AGE_OUT
|
Message text |
[STRING] agent neighbor aged out on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING]. |
|
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID. |
|
Severity level |
5 |
|
Example |
LLDP/5/LLDP_NEIGHBOR_AGE_OUT: Nearest bridge agent neighbor aged out on port Ten-GigabitEthernet10/0/15 (IfIndex599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5. |
|
Explanation |
This message is generated when the port failed to receive LLDPDUs from the neighbor within a certain period of time. |
|
Recommended action |
Verify the link status or the receive/transmit status of LLDP on the peer. |
LLDP_NEIGHBOR_PROTECTION_BLOCK
|
Message text |
The status of port [STRING] changed to blocked ([STRING]) for the [STRING] agent. |
|
Variable fields |
$1: Interface name. $2: Neighbor protection feature that caused the state change: aging or validation. $3: LLDP agent type. |
|
Severity level |
4 |
|
Example |
LLDP/4/LLDP_NEIGHBOR_PROTECTION_BLOCK: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to blocked (aging) for the nearest bridge agent. |
|
Explanation |
The port was blocked because of neighbor aging or neighbor validation failure. |
|
Recommended action |
· If the port is blocked because of neighbor aging, verify the link status or the receive/transmit status of LLDP on both ends. · If the port is blocked because of neighbor validation failure, verify that the following attribute values in the received LLDP packet match those configured on the port: ¡ Chassis ID subtype. ¡ Chassis ID. ¡ Port ID subtype. ¡ Port ID. |
LLDP_NEIGHBOR_PROTECTION_DOWN
|
Message text |
The status of port [STRING] changed to down (aging) for the [STRING] agent. |
|
Variable fields |
$1: Interface name. $2: LLDP agent type. |
|
Severity level |
4 |
|
Example |
LLDP/4/LLDP_NEIGHBOR_PROTECTION_DOWN: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to down (aging) for the nearest bridge agent. |
|
Explanation |
The port was shut down because of neighbor aging. |
|
Recommended action |
Verify the link status or the receive/transmit status of LLDP on both ends. |
LLDP_NEIGHBOR_PROTECTION_UNBLOCK
|
Message text |
The status of port [STRING] changed to unblocked for the [STRING] agent. |
|
Variable fields |
$1: Interface name. $2: LLDP agent type. |
|
Severity level |
4 |
|
Example |
LLDP/4/LLDP_NEIGHBOR_PROTECTION_UNBLOCK: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to unblocked for the nearest bridge agent. |
|
Explanation |
The port state changed from blocked to unblocked. |
|
Recommended action |
No action is required. |
LLDP_NEIGHBOR_PROTECTION_UP
|
Message text |
The status of port [STRING] changed to up for the [STRING] agent. |
|
Variable fields |
$1: Interface name. $2: LLDP agent type. |
|
Severity level |
4 |
|
Example |
LLDP/4/LLDP_NEIGHBOR_PROTECTION_UP: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to up for the nearest bridge agent. |
|
Explanation |
The port state changed from DOWN to UP. |
|
Recommended action |
No action is required. |
LLDP_PVID_INCONSISTENT
|
Message text |
PVID mismatch discovered on [STRING] (PVID [UINT32]), with [STRING] [STRING] (PVID [STRING]). |
|
Variable fields |
|
|
Severity level |
|
|
Example |
|
|
Explanation |
|
|
Recommended action |
LLDP_REACH_NEIGHBOR_LIMIT
|
Message text |
The number of [STRING] agent neighbors maintained by the port [STRING] (IfIndex [UINT32]) has reached [UINT32], and no more neighbors can be added. |
|
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Maximum number of neighbors a port can maintain. |
|
Severity level |
5 |
|
Example |
LLDP/5/LLDP_REACH_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by the port Ten-GigabitEthernet10/0/15 (IfIndex 599) has reached 5, and no more neighbors can be added. |
|
Explanation |
This message is generated when the port with its maximum number of neighbors reached received an LLDP packet. |
|
Recommended action |
No action is required. |
LOAD messages
This section contains load management messages.
BOARD_LOADING
|
Message text |
Board in chassis [INT32] slot [INT32] is loading software images. |
|
Variable fields |
$1: Chassis ID. $2: Slot ID. |
|
Severity level |
4 |
|
Example |
LOAD/4/BOARD_LOADING: Board in chassis 1 slot 5 is loading software images. |
|
Explanation |
The card is loading software images during the boot process. |
|
Recommended action |
No action is required. |
LOAD_FAILED
|
Message text |
Board in chassis [INT32] slot [INT32] failed to load software images. |
|
Variable fields |
$1: Chassis ID. $2: Slot ID. |
|
Severity level |
3 |
|
Example |
LOAD/3/LOAD_FAILED: Board in chassis 1 slot 5 failed to load software images. |
|
Explanation |
The card failed to load software images during the boot process. |
|
Recommended action |
1. Execute the display boot-loader command to identify the startup software images. 2. Execute the dir command to verify that the startup software images exist. If the startup software images do not exist or are damaged, re-upload the software images to the device or set another one as the startup software images. 3. If the problem persists, contract H3C/H3C Support. |
LOAD_FINISHED
|
Message text |
Board in chassis [INT32] slot [INT32] has finished loading software images. |
|
Variable fields |
$1: Chassis ID. $2: Slot ID. |
|
Severity level |
5 |
|
Example |
LOAD/5/LOAD_FINISHED: Board in chassis 1 slot 5 has finished loading software images. |
|
Explanation |
The card has finished loading software images. |
|
Recommended action |
No action is required. |
LOGIN messages
This section contains login messages.
LOGIN_FAILED
|
Message text |
[STRING] failed to login from [STRING]. |
|
Variable fields |
$1: Username. $2: Line name or IP address. |
|
Severity level |
5 |
|
Example |
LOGIN/5/LOGIN_FAILED: TTY failed to log in from console0. LOGIN/5/LOGIN_FAILED: usera failed to log in from 192.168.11.22. |
|
Explanation |
A login attempt failed. |
|
Recommended action |
No action is required. |
LOGIN_ INVALID_USERNAME_PWD
|
Message text |
Invalid username or password from [STRING]. |
|
Variable fields |
$1: User line name and user IP address. |
|
Severity level |
5 |
|
Example |
LOGIN/5/LOGIN_INVALID_USERNAME_PWD: Invalid username or password from console0. LOGIN/5/LOGIN_INVALID_USERNAME_PWD: Invalid username or password from 192.168.11.22. |
|
Explanation |
A user entered an invalid username or password. |
|
Recommended action |
No action is required. |
LPDT messages
This section contains loop detection messages.
LPDT_LOOPED
|
Message text |
A loop was detected on [STRING]. |
|
Variable fields |
$1: Port name. |
|
Severity level |
4 |
|
Example |
LPDT/4/LPDT_LOOPED: A loop was detected on GigabitEthernet1/0/1. |
|
Explanation |
The first intra-VLAN loop was detected on a port. |
|
Recommended action |
Check the links and configuration on the device for the loop, and remove the loop. |
LPDT_RECOVERED
|
Message text |
All loops were removed on [STRING]. |
|
Variable fields |
$1: Port name. |
|
Severity level |
5 |
|
Example |
LPDT/5/LPDT_RECOVERED: All loops were removed on GigabitEthernet1/0/1. |
|
Explanation |
All intra-VLAN loops on a port were removed. |
|
Recommended action |
No action is required. |
LPDT_VLAN_LOOPED
|
Message text |
A loop was detected on [STRING] in VLAN [UINT16]. |
|
Variable fields |
$1: Port name. $2: VLAN ID. |
|
Severity level |
4 |
|
Example |
LPDT/4/LPDT_VLAN_LOOPED: A loop was detected on GigabitEthernet1/0/1 in VLAN 1. |
|
Explanation |
A loop in a VLAN was detected on a port. |
|
Recommended action |
Check the links and configurations in the VLAN for the loop, and remove the loop. |
LPDT_VLAN_RECOVERED
|
Message text |
A loop was removed on [STRING] in VLAN [UINT16]. |
|
Variable fields |
$1: Port name. $2: VLAN ID. |
|
Severity level |
5 |
|
Example |
LPDT/5/LPDT_VLAN_RECOVERED: A loop was removed on GigabitEthernet1/0/1 in VLAN 1. |
|
Explanation |
A loop in a VLAN was removed on a port. |
|
Recommended action |
No action is required. |
LPDT_VSI_LOOPED
|
Message text |
A loop was detected on VSI [STRING]'s Ethernet service instance srv[UINT8] on [STRING]. |
|
Variable fields |
$1: VSI name. $2: Ethernet service instance number. $3: Port name. |
|
Severity level |
4 |
|
Example |
LPDT/4/LPDT_VSI_LOOPED: A loop was detected on VSI 1's Ethernet service instance srv1 on GigabitEthernet1/0/1. |
|
Explanation |
The device detected a loop on an Ethernet service instance of a VSI. |
|
Recommended action |
Remove the loop from the interface where the looped Ethernet service instance resides. |
LPDT_VSI_RECOVERED
|
Message text |
All loops were removed from VSI [STRING]'s Ethernet service instance srv[UINT8] on [STRING]. |
|
Variable fields |
$1: VSI name. $2: Ethernet service instance number. $3: Port name. |
|
Severity level |
5 |
|
Example |
LPDT/5/LPDT_VSI_RECOVERED: All loops were removed from VSI 1's Ethernet service instance srv1 on GigabitEthernet1/0/1. |
|
Explanation |
All loops were removed from an Ethernet service instance of a VSI. |
|
Recommended action |
No action is required. |
LPDT_VSI_BLOCKFAIL
|
Message text |
Failed to block [STRING] that hosts VSI [STRING]'s Ethernet service instance srv[UINT8] because of insufficient resources. |
|
Variable fields |
$1: Port name. $2: VSI name. $3: Ethernet service instance number. |
|
Severity level |
5 |
|
Example |
LPDT/5/LPDT_VSI_BLOCKFAIL: Failed to block GigabitEthernet1/0/1 that hosts VSI 1's Ethernet service instance srv1 because of insufficient resources. |
|
Explanation |
The device failed to block an interface where a looped Ethernet service instance resides. |
|
Recommended action |
Remove the loop from the interface. |
LS messages
This section contains Local Server messages.
LOCALSVR_PROMPTED_CHANGE_PWD
|
Message text |
Please change the password of [STRING] [STRING], because [STRING]. |
|
Variable fields |
$1: Password type: ¡ device management user. ¡ user line. ¡ user line class. $2: Username, user line name, or user line class name. $3: Reason for password change: ¡ the current password is a weak-password. ¡ the current password is the default password. ¡ it is the first login of the current user or the password had been reset. ¡ the password had expired. |
|
Severity level |
6 |
|
Example |
LOCALSVR/6/LOCALSVR_PROMPTED_CHANGE_PWD: Please change the password of device management user hhh, because the current password is a weak password. |
|
Explanation |
The device generated a log message to prompt a user to change the password of the user, user line, or user line class. The device will generate such a log message every 24 hours after the user logs in to the device if the password does not meet the password control requirements. |
|
Recommended action |
Change the user password as required: · If scheme authentication is used, change the local password of the user. · If password authentication is used, change the authentication password of the user line or user line class for the user. |
LS_ADD_USER_TO_GROUP
|
Message text |
Admin [STRING] added user [STRING] to group [STRING]. |
|
Variable fields |
$1: Admin name. $2: Username. $3: User group name. |
|
Severity level |
4 |
|
Example |
LS/4/LS_ADD_USER_TO_GROUP: Admin admin added user user1 to group group1. |
|
Explanation |
The administrator added a user into a user group. |
|
Recommended action |
No action is required. |
LS_AUTHEN_FAILURE
|
Message text |
User [STRING] from [STRING] failed authentication. [STRING] |
|
Variable fields |
$1: Username. $2: IP address. $3: Failure reason: ¡ "User not found." ¡ "Password verified failed." ¡ "User not active." ¡ "Access type mismatch." ¡ "Binding attribute is failed." ¡ "User in blacklist." |
|
Severity level |
5 |
|
Example |
LS/5/LS_AUTHEN_FAILURE: User cwf@system from 192.168.0.22 failed authentication. "User not found." |
|
Explanation |
The local server rejected a user's authentication request. |
|
Recommended action |
No action is required. |
LS_AUTHEN_SUCCESS
|
Message text |
User [STRING] from [STRING] was authenticated successfully. |
|
Variable fields |
$1: Username. $2: IP address. |
|
Severity level |
6 |
|
Example |
LS/6/LS_AUTHEN_SUCCESS: User cwf@system from 192.168.0.22 was authenticated successfully. |
|
Explanation |
The local server accepted a user's authentication request. |
|
Recommended action |
No action is required. |
LS_DEL_USER_FROM_GROUP
|
Message text |
Admin [STRING] delete user [STRING] from group [STRING]. |
|
Variable fields |
$1: Admin name. $2: Username. $3: User group name. |
|
Severity level |
4 |
|
Example |
LS/4/LS_DEL_USER_FROM_GROUP: Admin admin delete user user1 from group group1. |
|
Explanation |
The administrator deleted a user from a user group. |
|
Recommended action |
No action is required. |
LS_PWD_ADD_BLACKLIST
|
Message text |
User [STRING] at [STRING] was added to the blacklist due to multiple login failures, [STRING]. |
|
Variable fields |
$1: Username. $2: IP address. $3: Options include: ¡ but could make other attempts. ¡ and is permanently blocked. ¡ and was temporarily blocked for [UINT32] minutes. |
|
Severity level |
4 |
|
Example |
LS/4/LS_PWD_ADDBLACKLIST: User aaa at 192.168.0.22 was added to the blacklist due to multiple login failures, but could make other attempts. |
|
Explanation |
A user was added to the blacklist because of multiple login failures. |
|
Recommended action |
Check the user's password. |
LS_PWD_CHGPWD
|
Message text |
The password of local [STRING] user [STRING] was modified. |
|
Variable fields |
$1: User access type. ¡ network-access ¡ device-management $2: Username. |
|
Severity level |
5 |
|
Example |
LS/5/LS_PWD_CHGPWD: The password of local network-access user abc was modified. |
|
Explanation |
The password of a local user was modified. |
|
Recommended action |
Typically, no action is required when this log is generated. The device administrator can determine whether an abnormal password change occurred based on this log. |
LS_PWD_CHGPWD_FOR_AGEDOUT
|
Message text |
User [STRING] changed the password because it was expired. |
|
Variable fields |
$1: Username. |
|
Severity level |
4 |
|
Example |
LS/4/LS_PWD_CHGPWD_FOR_AGEDOUT: User aaa changed the password because it was expired. |
|
Explanation |
A user changed the password because the old password has expired. |
|
Recommended action |
No action is required. |
LS_PWD_CHGPWD_FOR_AGEOUT
|
Message text |
User [STRING] changed the password because it was about to expire. |
|
Variable fields |
$1: Username. |
|
Severity level |
4 |
|
Example |
LS/4/LS_PWD_CHGPWD_FOR_AGEOUT: User aaa changed the password because it was about to expire. |
|
Explanation |
A user changed the password because the old password was about to expire. |
|
Recommended action |
No action is required. |
LS_PWD_CHGPWD_FOR_COMPOSITION
|
Message text |
User [STRING] changed the password because it had an invalid composition. |
|
Variable fields |
$1: Username. |
|
Severity level |
4 |
|
Example |
LS/4/LS_PWD_CHGPWD_FOR_COMPOSITION: User aaa changed the password because it had an invalid composition. |
|
Explanation |
A user changed the password because it had an invalid composition. |
|
Recommended action |
No action is required. |
LS_PWD_CHGPWD_FOR_FIRSTLOGIN
|
Message text |
User [STRING] changed the password at the first login. |
|
Variable fields |
$1: Username. |
|
Severity level |
4 |
|
Example |
LS/4/LS_PWD_CHGPWD_FOR_FIRSTLOGIN: User aaa changed the password at the first login. |
|
Explanation |
A user changed the password at the first login. |
|
Recommended action |
No action is required. |
LS_PWD_CHGPWD_FOR_LENGTH
|
Message text |
User [STRING] changed the password because it was too short. |
|
Variable fields |
$1: Username. |
|
Severity level |
4 |
|
Example |
LS/4/LS_PWD_CHGPWD_FOR_LENGTH: User aaa changed the password because it was too short. |
|
Explanation |
A user changed the password because it was too short. |
|
Recommended action |
No action is required. |
LS_PWD_FAILED2WRITEPASS2FILE
|
Message text |
Failed to write the password records to file. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
LS/4/LS_PWD_FAILED2WRITEPASS2FILE: Failed to write the password records to file. |
|
Explanation |
Failed to write the password records to file. |
|
Recommended action |
No action is required. |
LS_PWD_MODIFY_FAIL
|
Message text |
Admin [STRING] from [STRING] could not modify the password for user [STRING], because [STRING]. |
|
Variable fields |
$1: Admin name. $2: IP address. $3: Username. $4: Failure reason: ¡ old password is incorrect. ¡ password is too short. ¡ password has not minimum different chars. ¡ invalid password composition. ¡ password has repeated chars. ¡ password contains username. ¡ password used already. ¡ password is in update-wait time. |
|
Severity level |
4 |
|
Example |
LS/4/LS_PWD_MODIFY_FAIL: Admin admin from 1.1.1.1 could not modify the password for user user1, because old password is incorrect. |
|
Explanation |
An administrator failed to modify a user's password. |
|
Recommended action |
No action is required. |
LS_PWD_MODIFY_SUCCESS
|
Message text |
Admin [STRING] from [STRING] modify the password for user [STRING] successfully. |
|
Variable fields |
$1: Admin name. $2: IP address. $3: Username. |
|
Severity level |
6 |
|
Example |
LS/6/LS_PWD_MODIFY_SUCCESS: Admin admin from 1.1.1.1 modify the password for user abc successfully. |
|
Explanation |
An administrator successfully modified a user's password. |
|
Recommended action |
No action is required. |
LS_REAUTHEN_FAILURE
|
Message text |
User [STRING] from [STRING] failed reauthentication. |
|
Variable fields |
$1: Username. $2: IP address. |
|
Severity level |
5 |
|
Example |
LS/5/LS_REAUTHEN_FAILURE: User abcd from 1.1.1.1 failed reauthentication. |
|
Explanation |
A user failed reauthentication. |
|
Recommended action |
Check the old password. |
LS_UPDATE_PASSWORD_FAIL
|
Message text |
Failed to update the password for user [STRING]. |
|
Variable fields |
$1: Username. |
|
Severity level |
4 |
|
Example |
LS/4/LS_UPDATE_PASSWORD_FAIL: Failed to update the password for user abc. |
|
Explanation |
Failed to update the password for a user. |
|
Recommended action |
Check the file system for errors. |
LS_USER_CANCEL
|
Message text |
User [STRING] from [STRING] cancelled inputting the password. |
|
Variable fields |
$1: Username. $2: IP address. |
|
Severity level |
5 |
|
Example |
LS/5/LS_USER_CANCEL: User 1 from 1.1.1.1 cancelled inputting the password. |
|
Explanation |
The user cancelled inputting the password or did not input the password in 90 seconds. |
|
Recommended action |
No action is required. |
LS_USER_PASSWORD_EXPIRE
|
Message text |
User [STRING]'s login idle timer timed out. |
|
Variable fields |
$1: Username. |
|
Severity level |
5 |
|
Example |
LS/5/LS_USER_PASSWORD_EXPIRE: User 1's login idle timer timed out. |
|
Explanation |
The login idle time for a user expired. |
|
Recommended action |
No action is required. |
LS_USER_ROLE_CHANGE
|
Message text |
Admin [STRING] [STRING] user role [STRING] for [STRING]. |
|
Variable fields |
$1: Admin name. $2: Added/Deleted. $3: User role. $4: Username. |
|
Severity level |
4 |
|
Example |
LS/4/LS_USER_ROLE_CHANGE: Admin admin added the user role network-admin for abcd. |
|
Explanation |
The administrator added a user role for a user. |
|
Recommended action |
No action is required. |
LSPV messages
This section contains LSP verification messages.
LSPV_PING_STATIS_INFO
|
Message text |
Ping statistics for [STRING]: [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packets loss, round-trip min/avg/max = [UINT32]/[UINT32]/[UINT32] ms. |
|
Variable fields |
$1: FEC. $2: Number of echo requests sent. $3: Number of echo replies received. $4: Percentage of the non-replied packets to the total requests. $5: Minimum round-trip delay. $6: Average round-trip delay. $7: Maximum round-trip delay. |
|
Severity level |
6 |
|
Example |
LSPV/6/LSPV_PING_STATIS_INFO: Ping statistics for FEC 192.168.1.1/32: 5 packets transmitted, 5 packets received, 0.0% packets loss, round-trip min/avg/max = 1/2/5 ms. |
|
Explanation |
Ping statistics for an LSP tunnel or a PW. This message is generated when the ping mpls command is executed. |
|
Recommended action |
If no reply is received, verify the connectivity of the LSP tunnel or the PW. |
MAC messages
This section contains MAC messages.
MAC_DRIVER_ADD_ENTRY
|
Message text |
Driver failed to add MAC address entry: MAC address=[STRING], VLAN=[UINT32], State=[UINT32], interface=[STRING]. |
|
Variable fields |
$1: MAC address. $2: VLAN ID. $3: Entry type number. $4: Interface type and interface number. |
|
Severity level |
4 |
|
Example |
MAC/4/MAC_DRIVER_ADD_ENTRY: Driver failed to add MAC address entry: MAC address=1-1-1, VLAN=1, State=2, interface=GigabitEthernet1/0/1. |
|
Explanation |
Failed to add a MAC address entry on an interface. |
|
Recommended action |
No action is required. |
MAC_NOTIFICATION
|
Message text |
Message format 1: MAC address [STRING] in VLAN [UNIT32] has moved from port [STRING] to port [STRING] for [UNIT32] times. Message format 2: MAC address [STRING] in VSI [STRING] has moved from [STRING] service-instance [UNIT32] to [STRING] service-instance [UNIT32] for [UNIT32] times. |
|
Variable fields |
Message format 1: $1: MAC address. $2: VLAN ID. $3: Interface name. $4: Interface name. $5: Number of MAC address moves. Message format 2: $1: MAC address. $2: VSI name. $3: Interface name. $4: Ethernet service instance ID. $5: Interface name. $6: Ethernet service instance ID. $7: Number of MAC address moves. |
|
Severity level |
4 |
|
Example |
Message format 1: MAC/4/MAC_NOTIFICATION: MAC address 0000-0012-0034 in VLAN 500 has moved from port GE1/0/1 to port GE1/0/2 for 1 times Message format 2: MAC/4/MAC_NOTIFICATION: MAC address 0010-9400-0002 in VSI vpna has moved from Twenty-FiveGigE1/0/1 service-instance 40 to Twenty-FiveGigE1/0/3 service-instance 30 for 152499 times. |
|
Explanation |
A MAC address moved between two interfaces or Ethernet service instances. |
|
Recommended action |
No action is required. |
MAC_PROTOCOLPKT_NORES_GLOBAL
|
Message text |
The card does not have enough hardware resources to send protocol packets destined for [STRING] to the CPU for [STRING], |
|
Variable fields |
$1: MAC address. $2: Protocol type. |
|
Severity level |
5 |
|
Example |
MAC/5/MAC_PROTOCOLPKT_NORES_GLOBAL: The card does not have enough hardware resources to send protocol packets destined for 0180-C200-000e to the CPU for LLDP. |
|
Explanation |
Protocol packets fail to be sent to the CPU because the hardware resources of the card are insufficient. |
|
Recommended action |
No action is required. |
MAC_PROTOCOLPKT_NORES_PORT
|
Message text |
The card does not have enough hardware resources to send protocol packets destined for [STRING] to the CPU for [STRING] on [STRING]. |
|
Variable fields |
$1: MAC address. $2: Protocol type. $3: Interface name. |
|
Severity level |
5 |
|
Example |
MAC/5/MAC_PROTOCOLPKT_NORES_PORT: The card does not have enough hardware resources to send protocol packets destined for 0180-C200-000e to the CPU for LLDP on GigabitEthernet2/0/32. |
|
Explanation |
Protocol packets on an interface fail to be sent to the CPU because the hardware resources of the card are insufficient. |
|
Recommended action |
No action is required. |
MAC_PROTOCOLPKT_NORES_VLAN
|
Message text |
The card does not have enough hardware resources to send protocol packets destined for [STRING] to the CPU for [STRING] in VLAN [UINT16]. |
|
Variable fields |
$1: MAC address. $2: Protocol type. $3: VLAN ID. |
|
Severity level |
5 |
|
Example |
MAC/5/MAC_PROTOCOLPKT_NORES_VLAN: The card does not have enough hardware resources to send protocol packets destined for 0180-C200-000e to the CPU for LLDP in VLAN 100. |
|
Explanation |
Protocol packets in a VLAN fail to be sent to the CPU because the hardware resources of the card are insufficient. |
|
Recommended action |
No action is required. |
MAC_TABLE_FULL_GLOBAL
|
Message text |
The number of MAC address entries reached the maximum number [UINT32]. |
|
Variable fields |
$1: Maximum number of MAC addresses. |
|
Severity level |
4 |
|
Example |
MAC/4/MAC_TABLE_FULL_GLOBAL: The number of MAC address entries reached the maximum number 1024. |
|
Explanation |
The number of entries in the global MAC address table reached the maximum number supported by the table. |
|
Recommended action |
No action is required. |
MAC_TABLE_FULL_PORT
|
Message text |
The number of MAC address entries reached the maximum number [UINT32] for interface [STRING]. |
|
Variable fields |
$1: Maximum number of MAC addresses. $2: Interface name. |
|
Severity level |
4 |
|
Example |
MAC/4/MAC_TABLE_FULL_PORT: The number of MAC address entries reached the maximum number 1024 for interface GigabitEthernet2/0/32. |
|
Explanation |
The number of entries in the MAC address table for an interface reached the maximum number supported by the table. |
|
Recommended action |
No action is required. |
MAC_TABLE_FULL_VLAN
|
Message text |
The number of MAC address entries reached the maximum number [UINT32] in VLAN [UINT32]. |
|
Variable fields |
$1: Maximum number of MAC addresses. $2: VLAN ID. |
|
Severity level |
4 |
|
Example |
MAC/4/MAC_TABLE_FULL_VLAN: The number of MAC address entries reached the maximum number 1024 in VLAN 2. |
|
Explanation |
The number of entries in the MAC address table for a VLAN reached the maximum number supported by the table. |
|
Recommended action |
No action is required. |
MAC_TABLE_FULL_VSI
|
Message text |
The number of MAC address entries reached the maximum number [UINT32] in VSI [UINT32]. |
|
Variable fields |
$1: Maximum number of MAC addresses. $2: VSI index. |
|
Severity level |
4 (Warning) |
|
Example |
MAC/4/MAC_TABLE_FULL_VSI: The number of MAC address entries reached the maximum number 1024 in VSI 2. |
|
Explanation |
The number of MAC address entries for a VSI reached the configured MAC learning limit. |
|
Recommended action |
1. Execute the display l2vpn mac-address command to view whether the learned MAC addresses are enough for forwarding. ¡ If yes, go to step 3. ¡ If yes, go to step 2. 2. Execute the mac-table limit command to increase the MAC learning limit for the VSI. 3. Collect the configuration file, logs, and alarm messages for the device, and then contact Technical Support. |
MAC_VLAN_LEARNLIMIT_NORESOURCE
|
Message text |
The card does not have enough hardware resources to set MAC learning limit for VLAN [UINT16]. |
|
Variable fields |
$1: VLAN ID. |
|
Severity level |
5 |
|
Example |
MAC/5/MAC_VLAN_LEARNLIMIT_NORESOURCE: The card does not have enough hardware resources to set MAC learning limit for VLAN 100. |
|
Explanation |
Failed to set the MAC learning limit for a VLAN because the card does not have enough hardware resources. |
|
Recommended action |
No action is required. |
MAC_VLAN_LEARNLIMIT_NOTSUPPORT
|
Message text |
The card does not support setting MAC learning limit for VLAN [UINT16]. |
|
Variable fields |
$1: VLAN ID. |
|
Severity level |
5 |
|
Example |
MAC/5/ MAC_VLAN_LEARNLIMIT_NOTSUPPORT: The card does not support setting MAC learning limit for VLAN 100. |
|
Explanation |
MAC learning limit setting for a VLAN is not supported on the card. |
|
Recommended action |
No action is required. |
MACA messages
This section contains MAC authentication messages.
MACA_ENABLE_NOT_EFFECTIVE
|
Message text |
MAC authentication is enabled but is not effective on interface [STRING]. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 |
|
Example |
MACA/3/MACA_ENABLE_NOT_EFFECTIVE: MAC authentication is enabled but is not effective on interface Ethernet3/1/2. |
|
Explanation |
MAC authentication configuration does not take effect on an interface, because the interface does not support MAC authentication. |
|
Recommended action |
1. Disable MAC authentication on the interface. 2. Reconnect the connected devices to another interface that supports MAC authentication. 3. Enable MAC authentication on the new interface. |
MACA_LOGIN_FAILURE
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; User failed MAC authentication. Reason: [STRING]. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. $6: Failure cause: · MAC address authorization failed. · VLAN authorization failed. · VSI authorization failed. · ACL authorization failed. · User profile authorization failed. · URL authorization failed. · Microsegment authorization failed. · Authentication process failed. · VSI authorization failed because of insufficient resources. · ACL authorization failed because of insufficient resources. · MAC address authorization failed after a MAC move. · VLAN authorization failed because of failure in authorization VLAN selection. · VLAN authorization failed because a free VLAN was assigned as the authorization VLAN. · VLAN authorization failed because of failure in authorization VLAN creation. · VSI authorization failed because the user belongs to a free VLAN. · VSI authorization failed because the user's access interface does not permit the user VLAN. · VSI authorization failed because of failure in AC creation. · ACL authorization failed because the specified ACL does not exist. · ACL authorization failed because of unsupported ACL type. · ACL authorization failed because the specified ACL conflicts with other ACLs on the user's access interface. · ACL authorization failed because no rule was obtained for the specified ACL. · ACL authorization failed because of ACL parameter error. · User profile authorization failed because an invalid user profile was assigned to the user (the authorization-fail offline feature is enabled). · User profile authorization failed because of failure in issuing the specified user profile to driver. · URL authorization failed because of insufficient resources. · URL authorization failed because of invalid parameter in the specified URL. · URL authorization failed because the specified URL was not supported. · URL authorization failed because of deny rule issuing failure. · URL authorization failed because of failure in issuing the specified URL to driver. · URL authorization failed because no servers were reachable and the url-user-logoff parameter was specified. · URL authorization failed because the escape critical VSI feature of port security was configured. |
|
Severity level |
6 |
|
Example |
MACA/6/MACA_LOGIN_FAILURE: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0000-0001-VLANID=1-Username=0000-0000-0001-UsernameFormat=MAC address; User failed MAC authentication. Reason: VLAN authorization failed. |
|
Explanation |
The user failed MAC authentication for a specific reason. |
|
Recommended action |
Locate the failure cause and handle the issue according to the failure cause. |
MACA_LOGIN_FAILURE (EAD)
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; User failed MAC authentication. Reason: [STRING]. Can't trigger MAC authentication for the user before the EAD user entry ages out. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. $6: Failure cause: · MAC address authorization failed. · VLAN authorization failed. · VSI authorization failed. · ACL authorization failed. · User profile authorization failed. · URL authorization failed. · Authentication process failed. |
|
Severity level |
6 |
|
Example |
MACA/6/MACA_LOGIN_FAILURE: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0000-0001-VLANID=1-Username=0000-0000-0001-UsernameFormat=MAC address; User failed MAC authentication. Reason: VLAN authorization failed. Can't trigger MAC authentication for the user before the EAD user entry ages out. |
|
Explanation |
The user failed MAC authentication. Packets from the user cannot trigger MAC authentication again before the user's EAD entry ages out. |
|
Recommended action |
· Locate the failure cause and resolve the issue. · Disable the EAD assistant feature or delete the 802.1X settings on the interface, if any. |
MACA_LOGIN_SUCC
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-AccessVLANID=[STRING]-AuthorizationVLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; User passed MAC authentication and came online. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: ID of the access VLAN. $4: ID of the authorization VLAN. $5: Username. $6: User account format. |
|
Severity level |
6 |
|
Example |
MACA/6/MACA_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-AccessVLANID=444-AuthorizationVLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; User passed MAC authentication and came online. |
|
Explanation |
The user passed MAC authentication. |
|
Recommended action |
No action is required. |
MACA_LOGIN_SUCC (in open mode)
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; The user that failed MAC authentication passed open authentication and came online. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. |
|
Severity level |
6 |
|
Example |
MACA/6/MACA_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; The user that failed MAC authentication passed open authentication and came online. |
|
Explanation |
A user failed MAC authentication but passed open authentication. |
|
Recommended action |
No action is required. |
MACA_LOGOFF
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; MAC authentication user was logged off. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. |
|
Severity level |
6 |
|
Example |
MACA/6/MACA_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; MAC authentication user was logged off. |
|
Explanation |
The MAC authentication user was logged off. |
|
Recommended action |
Locate the logoff cause and remove the issue. If the logoff was requested by the user, no action is required. |
MACA_LOGOFF (in open mode)
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; MAC authentication open user was logged off. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. |
|
Severity level |
6 |
|
Example |
MACA/6/MACA_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; MAC authentication open user was logged off. |
|
Explanation |
A MAC authentication open user was logged off. |
|
Recommended action |
Locate the logoff cause and remove the issue. If the logoff was requested by the user, no action is required. |
MACSEC messages
This section contains MACsec messages.
MACSEC_MKA_KEEPALIVE_TIMEOUT
|
Message text |
The live peer with SCI [STRING] and CKN [STRING] aged out on interface [STRING]. |
|
Variable fields |
$1: SCI. $2: CKN. $3: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
MACSEC/4/MACSEC_MKA_KEEPALIVE_TIMEOUT: The live peer with SCI 00E00100000A0006 and CKN 80A0EA0CB03D aged out on interface GigabitEthernet1/0/1. |
|
Impact |
The interface cannot forward packets because the local participant and its peer cannot establish MKA sessions. |
|
Cause |
A live peer aged out on an interface, because the local participant had not received any MKA packets from the peer before the keepalive timer expired. The local participant removed the peer information from the port. |
|
Recommended action |
1. Execute the display interface command in any view on both the participants to view the link status of the MACsec-configured interfaces: ¡ If the link status of an interface is abnormal, recover the link and then check whether the notification has been cleared. If the issue persists, go to step 2. ¡ If the link status of each interface is normal, go to step 2. 2. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
MACSEC_MKA_PRINCIPAL_ACTOR
|
Message text |
The actor with CKN [STRING] became principal actor on interface [STRING]. |
|
Variable fields |
$1: CKN. $2: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
MACSEC/6/MACSEC_MKA_PRINCIPAL_ACTOR: The actor with CKN 80A0EA0CB03D became principal actor on interface GigabitEthernet1/0/1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The actor with the highest key server priority became the principal actor. |
|
Recommended action |
No action is required. |
MACSEC_MKA_SAK_REFRESH
|
Message text |
The SAK has been refreshed on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
MACSEC/6/MACSEC_MKA_SAK_REFRESH: The SAK has been refreshed on interface GigabitEthernet1/0/1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The participant on the interface derived or received a new SAK. |
|
Recommended action |
No action is required. |
MACSEC_MKA_SESSION_ESTABLISHED
|
Message text |
The MKA session has been established on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
MACSEC/5/MACSEC_MKA_SESSION_ESTABLISHED: The MKA session has been established on interface GigabitEthernet1/0/1. |
|
Impact |
The two participants perform secure MACsec communication. |
|
Cause |
This message occurs when an MKA session is established on an interface after MACsec maintenance mode has been enabled on it. |
|
Recommended action |
No action is required. |
MACSEC_MKA_SESSION_REAUTH
|
Message text |
The MKA session with CKN [STRING] was re-authenticated on interface [STRING]. |
|
Variable fields |
$1: CKN. $2: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
MACSEC/6/MACSEC_MKA_SESSION_REAUTH: The MKA session with CKN 80A0EA0CB03D was re-authenticated on interface GigabitEthernet1/0/1. |
|
Impact |
During the 802.1X reauthentication, the MKA session is disconnected temporarily. After the reauthentication, the participants receive a new CAK, and use it to re-establish the MKA session. |
|
Cause |
The client performed 802.1X reauthentication. |
|
Recommended action |
No action is required. |
MACSEC_MKA_SESSION_SECURED
|
Message text |
The MKA session with CKN [STRING] was secured on interface [STRING]. |
|
Variable fields |
$1: CKN. $2: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
MACSEC/6/MACSEC_MKA_SESSION_SECURED: The MKA session with CKN 80A020EA0CB03D was secured on interface GigabitEthernet1/0/1. |
|
Impact |
No negative impact on the system. |
|
Cause |
Possible reasons include: · The MKA session state changes from unsecured to secured. · The local participant and the peer negotiate a new MKA session when the following conditions exist: ¡ Both the key server and the peer support MACsec. ¡ A minimum of one participant is enabled with the MACsec desire feature. |
|
Recommended action |
No action is required. |
MACSEC_MKA_SESSION_START
|
Message text |
The MKA session with CKN [STRING] started on interface [STRING]. |
|
Variable fields |
$1: CKN. $2: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
MACSEC/6/MACSEC_MKA_SESSION_START: The MKA session with CKN 80A020EA0CB03D started on interface GigabitEthernet1/0/1. |
|
Impact |
After successful MKA session negotiation, an MKA session is established, securing the communication between the two participants. |
|
Cause |
Possible reasons include: · New CAK is available after MKA is enabled. · The user re-establishes the MKA session. · The interface that failed MKA session negotiation receives an MKA packet. |
|
Recommended action |
No action is required. |
MACSEC_MKA_SESSION_STOP
|
Message text |
The MKA session with CKN [STRING] stopped on interface [STRING]. |
|
Variable fields |
$1: CKN. $2: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
MACSEC/5/MACSEC_MKA_SESSION_STOP: The MKA session with CKN 80A020EA0CB03D stopped on interface GigabitEthernet1/0/1. |
|
Impact |
The two participants no longer use the MKA session for secure communication. |
|
Cause |
Possible reasons include: · The user removes or re-establishes the MKA session on the interface. · The link associated to the session is down. |
|
Recommended action |
1. If you have not deleted the session, use the display mka session command to check whether the session exists: ¡ If the session has been re-established and exists, no action is required. ¡ If the session does not exist, go to step 2. 2. Execute the display interface command in any view on both the participants to view the link status of the MACsec-configured interfaces: ¡ If the link status of an interface is abnormal, recover the link and then check whether the notification has been cleared. If the issue persists, go to step 3. ¡ If the link status of each interface is normal, go to step 3. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
MACSEC_MKA_SESSION_UNESTABLISHED
|
Message text |
Interface [STRING] has not been blocked even though the MKA session has not been established. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
MACSEC/5/MACSEC_MKA_SESSION_UNESTABLISHED: Interface GigabitEthernet1/0/1 has not been blocked even though the MKA session has not been established. |
|
Impact |
The MKA session has not been established and the security of packet transmission is reduced. |
|
Cause |
This notification is output every 30 seconds when the MACsec maintenance mode is enabled and the interface is in unblocked state, but no MKA session has been established because of incorrect configuration on the peer. |
|
Recommended action |
1. Check whether the MACsec-related configuration on the peer is correct. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
MACSEC_MKA_SESSION_UNSECURED
|
Message text |
The MKA session with CKN [STRING] was not secured on interface [STRING]. |
|
Variable fields |
$1: CKN. $2: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
MACSEC/5/MACSEC_MKA_SESSION_UNSECURED: The MKA session with CKN 80A020EA0CB03D was not secured on interface GigabitEthernet1/0/1. |
|
Impact |
The security of the communication between the two participants is reduced. |
|
Cause |
Possible reasons include: · The MKA session state changes from secured to unsecured. · The local participant and the peer negotiate a new MKA session when the following conditions exist: ¡ The key server and the peer are not both MACsec capable. ¡ No participant is enabled with the MACsec desire feature. |
|
Recommended action |
To secure the MKA session, perform the following tasks: · Verify that both the key server and the peer support MACsec. · Verify that a minimum of one participant is enabled with the MACsec desire feature. |
MBFD messages
This section contains MPLS BFD messages.
MBFD_TRACEROUTE_FAILURE
|
Message text |
[STRING] is failed. ([STRING].) |
|
Variable fields |
$1: LSP information. · For an IPv4 LDP LSP, the value is LSP (LDP IPv4: ipv4-address/mask-length, nexthop: nexthop-address), where ipv4-address is the FEC destination IPv4 address prefix, mask-length is the mask length of the FEC destination IPv4 address prefix, and nexthop-address is the next hop address of the next hop. · For an MPLS TE tunnel, the value is TE tunnel (RSVP IPv4: tunnel-name), where tunnel-name is the name of the MPLS TE tunnel interface. $2: Reason for the LSP failure. Possible values include: · Malformed echo request received. · One or more of the TLVs was not understood. · Replying router has no mapping for the FEC. · Downstream Mapping Mismatch. · Upstream Interface Index Unknown. · Label switched but no MPLS forwarding. · Mapping for this FEC is not the given label. · No label entry. · Protocol not associated with interface. · Premature termination of ping due to label stack shrinking to a single label. |
|
Severity level |
5 (Notification) |
|
Example |
MBFD/5/MBFD_TRACEROUTE_FAILURE: LSP (LDP IPv4: 22.22.2.2/32, nexthop: 20.20.20.2) is failed. (Replying router has no mapping for the FEC.) MBFD/5/MBFD_TRACEROUTE_FAILURE: TE tunnel (RSVP IPv4: Tunnel1) is failed. (No label entry.) |
|
Impact |
When the failure reason is Malformed echo request received or One or more of the TLVs was not understood, it indicates an issue of the periodic tracert feature, which does not have negative impact on the system or services. When the failure reason is other values, traffic forwarded by this LSP or MPLS TE tunnel will be interrupted. |
|
Cause |
The periodic MPLS tracert feature encountered a problem or the detected LSP or MPLS TE tunnel failed. |
|
Recommended action |
When the failure reason is Malformed echo request received or One or more of the TLVs was not understood, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. When the failure reason is other values, verify that the tunnel related configuration and forwarding entries on the nodes that the LSP or MPLS TE tunnel traverses are correct. If the configuration and entries are correct but the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
MBUF messages
This section contains MBUF messages.
MBUF_DATA_BLOCK_CREATE_FAIL
|
Message text |
Failed to create an MBUF data block because of insufficient memory. Failure count: [UINT32]. |
|
Variable fields |
$1: Failure count. |
|
Severity level |
2 |
|
Example |
MBUF/2/MBUF_DATA_BLOCK_CREATE_FAIL: Failed to create an MBUF data block because of insufficient memory. Failure count: 128. |
|
Explanation |
The message is output when the system fails to create an MBUF data block 1 minute or more after the most recent creation failure. |
|
Recommended action |
1. Execute the display system internal kernel memory pool | include mbuf command in probe view to view the number of the allocated MBUF data blocks. 2. Execute the display memory command in system view to display the total size of the system memory. 3. Determine whether an excessive number of MBFU data blocks are allocated by comparing the size of the allocated MBUF data blocks with that of the system memory. ¡ If it is not an excessive number, use the memory management commands to check for the memory-intensive modules. ¡ If it is an excessive number, go to step 4. 4. Execute the display system internal mbuf socket statistics command in probe view to view the number of the MBUF data blocks buffered in the socket. Determine whether a process has too many MBUF data blocks buffered in the socket buffer. ¡ If it is too many, locate the reason why the MBUF data blocks cannot be released from the socket buffer. ¡ If it is not too many, use other means to locate the reasons for excessive allocation of MBUF data blocks. 5. If the problem persists, contact H3C Support. |
MDC messages
This section contains MDC messages.
MDC_CREATE
|
Message text |
MDC [UINT16] is created. |
|
Variable fields |
$1: MDC ID. |
|
Severity level |
5 (Notification) |
|
Example |
MDC/5/MDC_CREATE: MDC 2 is created. |
|
Impact |
No negative impact on the system. |
|
Cause |
An MDC was created successfully. |
|
Recommended action |
No action is required. |
MDC_CREATE_ERR
|
Message text |
Failed to create MDC [UINT16] for not enough resources. |
|
Variable fields |
$1: MDC ID. |
|
Severity level |
5 (Notification) |
|
Example |
MDC/5/MDC_CREATE_ERR: -Slot=1; Failed to create MDC 2 for not enough resources. |
|
Impact |
The MDC cannot run after an active/standby switchover. |
|
Cause |
The standby MPU did not have enough resources to create the MDC. At startup, the standby MPU obtains MDC configuration information from the active MPU. If the standby MPU does not have enough resources to create an MDC, it outputs this log message. |
|
Recommended action |
1. Use the display mdc resource command to display the CPU, memory, and disk space resources on the standby MPU. 2. Perform one of the following tasks: ¡ If the memory space is insufficient, increase the memory space. If the disk space is insufficient, delete unused files. ¡ Use the undo mdc command to delete the specified MDC. ¡ Replace the standby MPU with an MPU that has sufficient resources. |
MDC_DELETE
|
Message text |
MDC [UINT16] is deleted. |
|
Variable fields |
$1: MDC ID. |
|
Severity level |
5 (Notification) |
|
Example |
MDC/5/MDC_DELETE: MDC 2 is deleted. |
|
Impact |
No negative impact on the system. |
|
Cause |
An MDC was deleted successfully. |
|
Recommended action |
No action is required. |
MDC_KERNEL_EVENT_TOOLONG
|
Message text |
[STRING] [UINT16] kernel event in sequence [STRING] function [STRING] failed to finish within [UINT32] minutes. |
|
Variable fields |
$1: Object type, MDC or Context. $2: MDC ID or context ID. $3: Kernel event phase. $4: Address of the function corresponding to the kernel event. $5: Time duration. |
|
Severity level |
4 (Warning) |
|
Example |
MDC/4/MDC_KERNEL_EVENT_TOOLONG: -slot=1; MDC 2 kernel event in sequence 0x4fe5 function 0xff245e failed to finish within 15 minutes. |
|
Impact |
No negative impact on the system. |
|
Cause |
A kernel event on an MDC has not been processed for a long period of time. |
|
Recommended action |
1. Reboot the card in the specified slot. 2. If the issue persists, collect alarm information and configuration data, and then contact Technical Support for help. |
MDC_LICENSE_EXPIRE
|
Message text |
The MDC feature's license will expire in [UINT32] days. |
|
Variable fields |
$1: Number of days, in the range of 1 to 30. |
|
Severity level |
5 (Notification) |
|
Example |
MDC/5/MDC_LICENSE_EXPIRE: The MDC feature’s license will expire in 5 days. |
|
Impact |
No negative impact on the system. |
|
Cause |
The license for the MDC feature is about to expire. |
|
Recommended action |
Install a new license before license expiration. |
MDC_NO_FORMAL_LICENSE
|
Message text |
The feature MDC has no available formal license. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
MDC/5/MDC_NO_FORMAL_LICENSE: The feature MDC has no available formal license. |
|
Impact |
No negative impact on the system. |
|
Cause |
The standby MPU became the active MPU but it did not have a formal license. The MDC feature has a free trial period. To use the feature after the period elapses, you must install a license for the standby MPU. |
|
Recommended action |
Install a formal license for the MDC feature as soon as possible. |
MDC_NO_LICENSE_EXIT
|
Message text |
The MDC feature is being disabled, because it has no license. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
MDC/5/MDC_NO_LICENSE_EXIT: The MDC feature is being disabled, because it has no license. |
|
Impact |
The MDC feature becomes inaccessible. |
|
Cause |
The MDC feature was disabled because the license for the MDC feature expired or was uninstalled. |
|
Recommended action |
Install a formal license for the MDC feature as soon as possible. |
MDC_OFFLINE
|
Message text |
MDC [UINT16] is offline now. |
|
Variable fields |
$1: MDC ID. |
|
Severity level |
5 (Notification) |
|
Example |
MDC/5/MDC_OFFLINE: MDC 2 is offline now. |
|
Impact |
The MDC cannot provide services. |
|
Cause |
An MDC was administratively stopped by using the undo mdc start command. |
|
Recommended action |
No action is required. |
MDC_ONLINE
|
Message text |
MDC [UINT16] is online now. |
|
Variable fields |
$1: MDC ID. |
|
Severity level |
5 (Notification) |
|
Example |
MDC/5/MDC_ONLINE: MDC 2 is online now. |
|
Impact |
No negative impact on the system. |
|
Cause |
An MDC was administratively started by using the mdc start command. |
|
Recommended action |
No action is required. |
MDC_STATE_CHANGE
|
Message text |
Status of MDC [UINT16] changed to [STRING]. |
|
Variable fields |
$1: MDC ID. $2: MDC status: ¡ updating–The system is assigning interface cards to the MDC (executing the location command). ¡ stopping–The system is stopping the MDC (executing the undo mdc start command). ¡ inactive–The MDC is inactive. ¡ starting–The system is starting the MDC (executing the mdc start command). ¡ active–The MDC is operating correctly. |
|
Severity level |
5 (Notification) |
|
Example |
MDC/5/MDC_STATE_CHANGE: Status of MDC 2 changed to active. |
|
Impact |
No negative impact on the system. |
|
Cause |
The status of an MDC changed during its running. |
|
Recommended action |
If the MDC is in inactive state, use the mdc start command to start the MDC. In other state, no action is required. |
MFIB messages
This section contains MFIB messages.
MFIB_IPV6L3MULTICAST_FAIL
|
Message text |
Failed to enable IPv6 Layer 3 multicast for VPN instance [STRING] because of insufficient resources. Failed to enable IPv6 Layer 3 multicast for the public network because of insufficient resources. |
|
Variable fields |
$1: VPN instance name. |
|
Severity level |
5 |
|
Example |
MFIB/5/MFIB_IPV6L3MULTICAST_FAIL: Failed to enable IPv6 Layer 3 multicast for vpn-instance vpna because of insufficient resources. |
|
Explanation |
IPv6 Layer 3 multicast failed to be enabled for a VPN instance or the public network because of insufficient resources. |
|
Recommended action |
None. |
MFIB_IPV6L3MULTICAST_FAIL_INT
|
Message text |
Failed to enable IPv6 Layer 3 multicast for interface [STRING] because of insufficient resources. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
MFIB/5/MFIB_IPV6L3MULTICAST_FAIL_INT: Failed to enable IPv6 Layer 3 multicast for interface GigabitEthernet1/0/1 because of insufficient resources. |
|
Explanation |
IPv6 Layer 3 multicast failed to be enabled on an interface because of insufficient resources. |
|
Recommended action |
None. |
MFIB_IPV6L3MULTICAST_SUCCEED
|
Message text |
Enabled IPv6 Layer 3 multicast for VPN instance [STRING] successfully. Enabled IPv6 Layer 3 multicast for the public network successfully. |
|
Variable fields |
$1: VPN instance name. |
|
Severity level |
5 |
|
Example |
MFIB/5/MFIB_IPV6L3MULTICAST_SUCCEED: -MDC=1; Enabled IPv6 Layer 3 multicast for vpn-instance vpna successfully. |
|
Explanation |
After IPv6 Layer 3 multicast fails to be enabled, the system attempts to enable it at 10-seconds intervals. IPv6 Layer 3 multicast will be enabled successfully when resources are released. |
|
Recommended action |
None. |
MFIB_IPV6L3MULTICAST_SUCCEED_INT
|
Message text |
Enabled IPv6 Layer 3 multicast for interface [STRING] successfully. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
MFIB/5/MFIB_IPV6L3MULTICAST_SUCCEED_INT: -MDC=1; Enabled IPv6 Layer 3 multicast for interface GigabitEthernet1/0/1 successfully. |
|
Explanation |
After IPv6 Layer 3 multicast fails to be enabled on an interface, the system attempts to enable it at 10-seconds intervals. IPv6 Layer 3 multicast will be enabled on the interface successfully when resources are released. |
|
Recommended action |
None. |
MFIB_L3MULTICAST_FAIL
|
Message text |
Failed to enable Layer 3 multicast for VPN instance [STRING] because of insufficient resources. Failed to enable Layer 3 multicast for the public network because of insufficient resources. |
|
Variable fields |
$1: VPN instance name. |
|
Severity level |
5 |
|
Example |
MFIB/5/MFIB_L3MULTICAST_FAIL: Failed to enable Layer 3 multicast for VPN instance vpna because of insufficient resources. |
|
Explanation |
Layer 3 multicast failed to be enabled for a VPN instance or the public network because of insufficient resources. |
|
Recommended action |
None. |
MFIB_L3MULTICAST_FAIL_INT
|
Message text |
Failed to enable Layer 3 multicast for interface [STRING] because of insufficient resources. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
MFIB/5/MFIB_L3MULTICAST_FAIL_INT: Failed to enable Layer 3 multicast for interface GigabitEthernet1/0/1 because of insufficient resources. |
|
Explanation |
Layer 3 multicast failed to be enabled on an interface because of insufficient resources. |
|
Recommended action |
None. |
MFIB_L3MULTICAST_SUCCEED
|
Message text |
Enabled Layer 3 multicast for VPN instance [STRING] successfully. Enabled Layer 3 multicast for the public network successfully. |
|
Variable fields |
$1: VPN instance name. |
|
Severity level |
5 |
|
Example |
MFIB/5/MFIB_L3MULTICAST_SUCCEED: -MDC=1; Enabled Layer 3 multicast for VPN instance vpna successfully. |
|
Explanation |
After Layer 3 multicast fails to be enabled, the system attempts to enable it at 10-seconds intervals. Layer 3 multicast will be enabled successfully when resources are released. |
|
Recommended action |
None. |
MFIB_L3MULTICAST_SUCCEED_INT
|
Message text |
Enabled Layer 3 multicast for interface [STRING] successfully. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
MFIB/5/MFIB_L3MULTICAST_SUCCEED_INT: -MDC=1; Enabled Layer 3 multicast for interface GigabitEthernet1/0/1 successfully. |
|
Explanation |
After Layer 3 multicast fails to be enabled on an interface, the system attempts to enable it at 10-seconds intervals. Layer 3 multicast will be enabled on the interface successfully when resources are released. |
|
Recommended action |
None. |
MFIB_MEM_ALERT
|
Message text |
MFIB process received system memory alert [STRING] event. |
|
Variable fields |
$1: Type of the memory alert event. |
|
Severity level |
5 |
|
Example |
MFIB/5/MFIB_MEM_ALERT: MFIB process receive system memory alert start event. |
|
Explanation |
The MFIB module received a memory alert event from the system. |
|
Recommended action |
1. Check the system memory to make sure the memory usage does not exceed the thresholds. 2. Release memory from memory-intensive modules. |
MFIB_MTI_NO_ENOUGH_RESOURCE
|
Message text |
Failed to create [STRING] because of insufficient resources. |
|
Variable fields |
$1: Multicast tunnel name. |
|
Severity level |
5 |
|
Example |
MFIB/5/MFIB_MTI_NO_ENOUGH_RESOURCE: Failed to create MTunnel129 because of insufficient resources. |
|
Explanation |
The system failed to create a multicast tunnel because of insufficient multicast tunnel resources. |
|
Recommended action |
No action is required. |
MGROUP messages
This section contains mirroring group messages.
MGROUP_APPLY_SAMPLER_FAIL
|
Message text |
Failed to apply the sampler for mirroring group [UINT16], because the sampler resources are insufficient. |
|
Variable fields |
$1: Mirroring group ID. |
|
Severity level |
3 (Error) |
|
Example |
MGROUP/3/MGROUP_APPLY_SAMPLER_FAIL: Failed to apply the sampler for mirroring group 1, because the sampler resources are insufficient. |
|
Impact |
Mirrored packets cannot be sampled. |
|
Cause |
A sampler was not applied to the mirroring group because the sampler resources were insufficient. |
|
Recommended action |
1. Use the display mirroring-group all command to view all samplers referenced by mirroring groups on the device. If some samplers are not needed, you can delete them to release sampler resources. 2. If the issue persists, collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
MGROUP_RESTORE_CPUCFG_FAIL
|
Message text |
Failed to restore configuration for mirroring CPU of [STRING] in mirroring group [UINT16], because [STRING] |
|
Variable fields |
$1: Slot number. $2: Mirroring group ID. $3: Failure reason. |
|
Severity level |
3 (Error) |
|
Example |
MGROUP/3/MGROUP_RESTORE_CPUCFG_FAIL: Failed to restore configuration for mirroring CPU of chassis 1 slot 2 in mirroring group 1, because the type of the monitor port in the mirroring group is not supported. |
|
Impact |
Mirroring in source CPU mode cannot be used normally. |
|
Cause |
When the CPU of the card in the slot is the source CPU in the mirroring group, configuration changes after the card is removed. When the card is reinstalled into the slot, restoring the source CPU configuration might fail. |
|
Recommended action |
Check for the failure reason. · If the reason is that the system does not support the changed configuration, delete the unsupported configuration, and reconfigure the source CPU in the mirroring group. · If not, collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
MGROUP_RESTORE_GROUP_FAIL
|
Message text |
Failed to restore configuration for mirroring group [UINT16], because [STRING] |
|
Variable fields |
$1: Mirroring group ID. $2: Failure reason, which is monitor resources are insufficient. |
|
Severity level |
3 (Error) |
|
Example |
MGROUP/3/MGROUP_RESTORE_GROUP_FAIL: Failed to restore configuration for mirroring group 1, because monitor resources are insufficient. |
|
Impact |
The mirroring feature cannot be used normally. |
|
Cause |
Failed to restore the configuration of a mirroring group after device reboot because the monitor resources are insufficient. |
|
Recommended action |
1. Delete mirroring configurations to release monitor resources and then re-configure the mirroring group for which configuration restoration failed. After device reboot, flow mirroring configurations are restored before port mirroring configurations. The monitor resources are limited and restoration of port mirroring configurations might fail if the monitor resources are insufficient. 2. If the issue persists, collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
MGROUP_RESTORE_IFCFG_FAIL
|
Failed to restore configuration for interface [STRING] in mirroring group [UINT16], because [STRING] |
|
|
Variable fields |
$1: Interface name. $2: Mirroring group ID. $3: Failure reason. |
|
Severity level |
3 (Error) |
|
Example |
MGROUP/3/MGROUP_RESTORE_IFCFG_FAIL: Failed to restore configuration for interface Ethernet3/1/2 in mirroring group 1, because the type of the monitor port in the mirroring group is not supported. |
|
Impact |
Mirroring in source port mode cannot be used normally. |
|
Cause |
When the interface of the card in the slot is the monitor port in the mirroring group, configuration changes after the card is removed. When the card is reinstalled into the slot, restoring the monitor port configuration might fail. |
|
Recommended action |
Check for the failure reason. · If the reason is that the system does not support the changed configuration, delete the unsupported configuration, and reconfigure the source port in the mirroring group. · If not, collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
MGROUP_SYNC_CFG_FAIL
|
Message text |
Failed to restore configuration for mirroring group [UINT16] in [STRING], because [STRING] |
|
Variable fields |
$1: Mirroring group ID. $2: Slot number. $3: Failure reason. |
|
Severity level |
3 (Error) |
|
Example |
MGROUP/3/MGROUP_SYNC_CFG_FAIL: Failed to restore configuration for mirroring group 1 in chassis 1 slot 2, because monitor resources are insufficient. |
|
Impact |
The mirroring feature cannot be used normally. |
|
Cause |
When the complete mirroring group configuration was synchronized on the card in the slot, restoring configuration failed because resources on the card were insufficient. |
|
Recommended action |
1. Delete the mirroring group whose configuration failed to be restored. 2. If the issue persists, collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
MLAG
This section contains M-LAG messages.
MLAG_AUTORECOVERY_TIMEOUT
|
Message text |
The reload delay timer timed out. Please check configuration of the M-LAG system. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
MLAG/4/MLAG_AUTORECOVERY_TIMEOUT: The reload delay timer timed out. Please check configuration of the M-LAG system. |
|
Explanation |
The reload delay timer expired, and the M-LAG system had only one available member device or had two primary member devices. |
|
Recommended action |
· Verify that the unavailable member device is operating correctly. · Verify that the peer link and keepalive link are correctly configured and connected. · Increase the reload delay timer. |
MLAG_GLBCHECK_CONSISTENCY
|
Message text |
Finished global type [UINT16] configuration consistency check. No inconsistency exists. |
|
Variable fields |
$1: Configuration consistency check type. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_GLBCHECK_CONSISTENCY: Finished global type 1 configuration consistency check. No inconsistency exists. |
|
Explanation |
No inconsistency was detected in global type 1 or type 2 configuration. |
|
Recommended action |
No action is required. |
MLAG_GLBCHECK_INCONSISTENCY
|
Message text |
Detected global type [UINT16] configuration inconsistency. |
|
Variable fields |
$1: Configuration consistency check type. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_GLBCHECK_INCONSISTENCY: Detected global type 1 configuration inconsistency. |
|
Explanation |
Inconsistencies were detected in global type 1 or type 2 configuration. |
|
Recommended action |
If type 1 configuration inconsistencies exist, use the display m-lag consistency command to view the inconsistent settings and modify them on the M-LAG member devices. If type 2 configuration inconsistencies exist, modify the inconsistent settings on the M-LAG member devices. |
MLAG_IFCHECK_CONSISTENCY
|
Message text |
Finished M-LAG interface [STRING] type [UINT16] configuration consistency check. No inconsistency exists. |
|
Variable fields |
$1: Layer 2 aggregate interface name. $2: Configuration consistency check type. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFCHECK_CONSISTENCY: Finished M-LAG interface Bridge-Aggregation2 type 1 configuration consistency check. No inconsistency exists. |
|
Explanation |
No inconsistency was detected in type 1 or type 2 configuration of an M-LAG interface. |
|
Recommended action |
No action is required. |
MLAG_IFCHECK_INCONSISTENCY
|
Message text |
Detected type [UINT16] configuration inconsistency on interface [STRING]. |
|
Variable fields |
$1: Layer 2 aggregate interface name. $2: Configuration consistency check type. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFCHECK_INCONSISTENCY: Detected type 1 configuration inconsistency on interface Bridge-Aggregation2. |
|
Explanation |
Inconsistencies were detected in type 1 or type 2 configuration of an M-LAG interface. |
|
Recommended action |
If type 1 configuration inconsistencies exist, use the display m-lag consistency command to view the inconsistent settings and modify them on the M-LAG interfaces. If type 2 configuration inconsistencies exist, modify the inconsistent settings on the M-LAG interfaces. |
MLAG_IFEVT_MLAGIF_BIND
|
Message text |
Interface [STRING] was assigned to M-LAG group [UINT32]. |
|
Variable fields |
$1: Layer 2 aggregate interface name. $2: M-LAG group number. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_MLAGIF_BIND: Interface Bridge-Aggregation1 was assigned to M-LAG group 1. |
|
Explanation |
A Layer 2 aggregate interface was assigned to an M-LAG group. |
|
Recommended action |
No action is required. |
MLAG_IFEVT_MLAGIF_GLOBALDOWN
|
Message text |
The state of M-LAG group [UINT32] changed to down. |
|
Variable fields |
$1: M-LAG group number. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_MLAGIF_GLOBALDOWN: The state of M-LAG group 2 changed to down. |
|
Explanation |
An M-LAG group went down because all the member interfaces of its M-LAG interfaces became Unselected. |
|
Recommended action |
Verify that the device and the M-LAG peer use the same system priority and system MAC address, and different system numbers. |
MLAG_IFEVT_MLAGIF_GLOBALUP
|
Message text |
The state of M-LAG group [UINT32] changed to up. |
|
Variable fields |
$1: M-LAG group number. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_MLAGIF_GLOBALUP: The state of M-LAG group 2 changed to up. |
|
Explanation |
An M-LAG group came up because member interfaces of its M-LAG interfaces became Selected for the first time. |
|
Recommended action |
No action is required. |
MLAG_IFEVT_MLAGIF_MAC_CHG
|
Message text |
Local M-LAG interface [STRING]'s system MAC address changed to [STRING]. Please ensure that the configuration is consistent with that of the peer M-LAG interface. |
|
Variable fields |
$1: Layer 2 aggregate interface name. $2: System MAC address. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_MLAGIF_MAC_CHG: Local M-LAG interface Bridge-Aggregation1's system MAC address changed to 2-2-2. Please ensure that the configuration is consistent with that of the peer M-LAG interface. |
|
Explanation |
The system MAC address of a M-LAG interface was modified. |
|
Recommended action |
No action is required. |
MLAG_IFEVT_MLAGIF_NOSELECTED
|
Message text |
Local M-LAG interface [STRING] in M-LAG group [UINT32] does not have Selected member ports because [STRING]. |
|
Variable fields |
$1: Layer 2 aggregate interface name. $2: M-LAG group number. $3: Cause of the down state of the M-LAG interface: · the aggregate interface went down. Please check the aggregate link status. · no peer M-LAG interface was detected. Please check peer M-LAG interface configuration. · of configuration consistency check failure. Please check the type 1 configuration of the M-LAG member devices for inconsistencies. · it was removed from an M-LAG group. Please reconfigure the M-LAG interface settings as needed. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_MLAGIF_NOSELECTED: Local M-LAG interface Bridge-Aggregation1 in M-LAG group 2 does not have Selected member ports because no peer M-LAG interface was detected. Please check peer M-LAG interface configuration. |
|
Explanation |
The local M-LAG interface in an M-LAG group does not have member ports in Selected state. |
|
Recommended action |
Verify that the member ports of the M-LAG interface are correctly configured and connected. |
MLAG_IFEVT_MLAGIF_PEERBIND
|
Message text |
An aggregate interface on the peer M-LAG device was assigned to M-LAG group [UINT32]. |
|
Variable fields |
$1: M-LAG group number. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_MLAGIF_PEERBIND: An aggregate interface on the peer M-LAG device was assigned to M-LAG group 1. |
|
Explanation |
An aggregate interface on the peer M-LAG member device was assigned to an M-LAG group. |
|
Recommended action |
No action is required. |
MLAG_IFEVT_MLAGIF_PEERUNBIND
|
Message text |
An aggregate interface on the peer M-LAG device was removed from M-LAG group [UINT32]. |
|
Variable fields |
$1: M-LAG group number. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_MLAGIF_PEERUNBIND: An aggregate interface on the peer M-LAG device was removed from M-LAG group 1. |
|
Explanation |
An aggregate interface on the peer M-LAG member device was removed from an M-LAG group. |
|
Recommended action |
No action is required. |
MLAG_IFEVT_PEERIF_NOSELECTED
|
Message text |
Peer M-LAG interface in M-LAG group [UINT32] does not have Selected member ports. |
|
Variable fields |
$1: M-LAG group number. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_PEERIF_NOSELECTED: Peer M-LAG interface in M-LAG group 10 does not have Selected member ports. |
|
Explanation |
The peer M-LAG interface in an M-LAG group does not have member ports in Selected state. |
|
Recommended action |
Verify that the member ports of the M-LAG interface are correctly configured and connected. |
MLAG_IFEVT_PEERIF_SELECTED
|
Message text |
Peer M-LAG interface in M-LAG group [UINT32] has Selected member ports. |
|
Variable fields |
$1: M-LAG group number. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_PEERIF_SELECTED: Peer M-LAG interface in M-LAG group 10 has Selected member ports. |
|
Explanation |
The peer M-LAG interface in an M-LAG group has member ports in Selected state. |
|
Recommended action |
No action is required. |
MLAG_IFEVT_MLAGIF_PRIORITY_CHG
|
Message text |
M-LAG interface [STRING]'s system priority changed to [UINT16]. Please ensure that the configuration is consistent with that of the peer M-LAG interface. |
|
Variable fields |
$1: Layer 2 aggregate interface name. $2: New system priority. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVENT_PRIORITY_CHG: M-LAG interface Bridge-Aggregation1's system priority changed to 564. Please ensure that the configuration is consistent with that of the peer M-LAG interface. |
|
Explanation |
The system priority of an M-LAG interface was modified. |
|
Recommended action |
No action is required. |
MLAG_IFEVT_MLAGIF_SELECTED
|
Message text |
Local M-LAG interface [STRING] in M-LAG group [UINT32] has Selected member ports. |
|
Variable fields |
$1: Layer 2 aggregate interface name. $2: M-LAG group number. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_MLAGIF_SELECTED: Local M-LAG interface Bridge-Aggregation1 in M-LAG group 2 has Selected member ports. |
|
Explanation |
The local M-LAG interface has member ports in Selected state. |
|
Recommended action |
No action is required. |
MLAG_IFEVT_MLAGIF_UNBIND
|
Message text |
Interface [STRING] was removed from M-LAG group [UINT32]. |
|
Variable fields |
$1: Layer 2 aggregate interface name. $2: M-LAG group number. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_MLAGIF_UNBIND: Interface Bridge-Aggregation1 was removed from M-LAG group 1. |
|
Explanation |
A Layer 2 aggregate interface was removed from an M-LAG group. |
|
Recommended action |
No action is required. |
MLAG_IFEVT_PEERLINK_BIND
|
Message text |
Interface [STRING] was configured as peer-link interface [UINT16]. |
|
Variable fields |
$1: Layer 2 aggregate interface name. $2: Peer-link interface number. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_PEERLINK_BIND: Interface Bridge-Aggregation1 was configured as peer-link interface 1. |
|
Explanation |
A Layer 2 aggregate interface was configured as the peer-link interface. |
|
Recommended action |
No action is required. |
MLAG_IFEVT_PEERLINK_DOWN
|
Message text |
Peer-link interface [STRING] went down because [STRING]. |
|
Variable fields |
$1: Layer 2 aggregate interface name. $2: Cause of the down state of the peer-link interface: · the aggregate interface went down. Please check the aggregate link status. · the tunnel interface went down. Please check the tunnel link status. · no DRCPDUs were received. Please check the devices' DRCPDU transmission and reception status. · the peer failed to receive DRCPDUs. Please check the devices' DRCPDU transmission and reception status. · the peer-link role of the interface was removed. Please reconfigure an interface as the peer-link interface. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_PEERLINK_DOWN: Peer-link interface Bridge-Aggregation1 went down because the tunnel interface went down. Please check the tunnel link status. |
|
Explanation |
The peer-link interface went down. |
|
Recommended action |
· Verify that the device and the M-LAG peer use the same system priority and system MAC address, and different system numbers. · Verify that the device and the M-LAG peer have the same authentication key and M-LAG sequence number check status. · Verify that the Layer 2 aggregate interface that acts as the peer-link interface is working correctly. |
MLAG_IFEVT_PEERLINK_UNBIND
|
Message text |
Configuration for peer-link interface [UINT16] was removed from interface [STRING]. |
|
Variable fields |
$1: Peer-link interface number. $2: Layer 2 aggregate interface name. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_PEERLINK_UNBIND: Configuration for peer-link interface 1 was removed from interface Bridge-Aggregation1. |
|
Explanation |
The peer-link interface configuration was removed. |
|
Recommended action |
No action is required. |
MLAG_IFEVT_PEERLINK_UP
|
Message text |
Peer-link interface [STRING] came up. |
|
Variable fields |
$1: Layer 2 aggregate interface name. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_IFEVT_PEERLINK_UP: Peer-link interface Bridge-Aggregation1 came up. |
|
Explanation |
The peer-link interface came up because it could receive and send DRCPDUs. |
|
Recommended action |
No action is required. |
MLAG_PEERLINK_BLOCK
|
Message text |
The status of peer-link interface [STRING] changed to blocked. |
|
Variable fields |
$1: Layer 2 aggregate interface name. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_PEERLINK_BLOCK: The status of peer-link interface Bridge-Aggregation20 changed to blocked. |
|
Explanation |
The status of the peer-link interface changed to blocked because the device had been assigned a M-LAG role, and the peer-link interface went down. |
|
Recommended action |
· Verify that the peer link is correctly connected and the cable is working correctly. · Verify that the device and the M-LAG peer have correct M-LAG settings. |
MLAG_PEERLINK_UNBLOCK
|
Message text |
The status of peer-link interface [STRING] changed to unblocked. |
|
Variable fields |
$1: Layer 2 aggregate interface name. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_PEERLINK_UNBLOCK: The status of peer-link interface Bridge-Aggregation20 changed to unblocked. |
|
Explanation |
The status of the peer-link interface changed to unblocked because the device had been assigned an M-LAG role, and the peer-link interface came up. |
|
Recommended action |
No action is required. |
MLAG_KEEPALIVEINTERVAL_MISMATCH
|
Message text |
Keepalive interval on the local M-LAG device is different from that on the neighbor. |
|
Variable fields |
N/A |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_KEEPALIVEINTERVAL_MISMATCH: Keepalive interval on the local M-LAG device is different from that on the neighbor. |
|
Explanation |
The device and the M-LAG peer use different keepalive intervals. |
|
Recommended action |
Make sure the device and the M-LAG peer use the same keepalive interval. |
MLAG_KEEPALIVELINK_DOWN
|
Message text |
Keepalive link went down because [STRING]. |
|
Variable fields |
$1: Cause of the down state of the keepalive link and recommended remedy: · keepalive IP address was not configured. Please configure keepalive IP address. · the device failed to send keepalive packets. Please check Layer 3 reachability to the peer. · the local keepalive timeout timer expired. Please check the keepalive packet transmission and reception status at the two ends. · the peer keepalive timeout timer expired. Please check the keepalive packet transmission and reception status at the two ends. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_KEEPALIVELINK_DOWN: Keepalive link went down because the local keepalive timeout timer expired. Please check the keepalive packet transmission and reception status at the two ends. |
|
Explanation |
The keepalive link went down. |
|
Recommended action |
· Verify that the role of the device is correct. · Verify that the device and the M-LAG peer use consistent packet source and destination IP addresses for keepalive detection. · Verify Layer 3 connectivity for the keepalive link. |
MLAG_KEEPALIVELINK_UP
|
Message text |
Keepalive link came up. |
|
Variable fields |
N/A |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_KEEPALIVELINK_UP: Keepalive link came up. |
|
Explanation |
The keepalive link came up. |
|
Recommended action |
No action is required. |
MLAG_KEEPALIVEPACKETS_FAILED
|
Message text |
Failed to send keepalive packets to the CPU due to [STRING]. |
|
Variable fields |
$1: Cause of the failure to send keepalive packets to the CPU. The cause can only be insufficient device ACL resources. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_KEEPALIVEPACKETS_FAILED: Failed to send keepalive packets to the CPU due to insufficient device ACL resources. |
|
Explanation |
The device failed to send keepalive packets to the CPU because of insufficient device ACL resources. |
|
Recommended action |
Release ACL resources as needed and verify that the keepalive link is operating correctly. |
MLAG_DEVICE_MADDOWN
|
Message text |
[STRING] will change to the M-LAG MAD DOWN state because [STRING]. |
|
Variable fields |
$1: Interfaces to be placed in M-LAG MAD DOWN state: · All service interfaces not excluded from the M-LAG MAD DOWN action. · All service interfaces included in the M-LAG MAD DOWN action. · All new service interfaces not excluded from the M-LAG MAD DOWN. · All new service interfaces included in the M-LAG MAD DOWN action. $1: Cause of the M-LAG MAD DOWN state and recommended remedy: · The device is Initializing. Please set up the M-LAG system fisrt. · The peer link went down and the keepalive link remains up. Please check the peer link settings on both ends of the peer link. · The peer link came up. Please wait for the data restoration delay timer to expire. · The peer link and all M-LAG interfaces went down. Please first check the peer link settings on both ends of the peer link. |
|
Severity level |
4 |
|
Example |
MLAG/4/MLAG_DEVICE_MADDOWN: All service interfaces not excluded from the M-LAG MAD DOWN action will change to the M-LAG MAD DOWN state because the peer link went down and the keepalive link remains up. Please check the peer link settings on both ends of the peer link. |
|
Explanation |
Network interfaces on the device will be shut down by M-LAG MAD. |
|
Recommended action |
Verify that the peer link is correctly connected and the cable is working correctly. |
MLAG_DEVICE_MADRECOVERY
|
Message text |
All service interfaces on the device will be recovered from the M-LAG MAD DOWN state. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
MLAG/4/MLAG_DEVICE_MADRECOVERY: All service interfaces on the device will be recovered from the M-LAG MAD DOWN state. |
|
Explanation |
The device will restore the state of all service interfaces that have been placed in M-LAG MAD DOWN state. |
|
Recommended action |
No action is required. |
MLAG_SYSEVENT_DEVICEROLE_CHANGE
|
Message text |
Device role changed from [STRING] to [STRING] for [STRING]. |
|
Variable fields |
$1: Old device role, which can be primary, secondary, or none. $2: New device role, which can be primary, secondary, or none. $3: Reason for the role change: ¡ M-LAG system initialization—The M-LAG system initialized. ¡ peer link down and all M-LAG interfaces down—All M-LAG interfaces were shut down because the peer link failed. ¡ peer link and keepalive link down—Both the peer link and keepalive link failed. ¡ peer link calculation—The role was negotiated over the peer link. ¡ peer link down and role calculation based on keepalive link—The peer link failed and the local role was negotiated over the keepalive link. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_SYSEVENT_DEVICEROLE_CHANGE: Device role changed from Secondary to Primary for peer link calculation. |
|
Explanation |
The M-LAG role of the device changed. |
|
Recommended action |
Examine the reason for the change and take action to recover the peer link or keepalive link if it has failed. |
MLAG_SYSEVENT_MAC_CHANGE
|
Message text |
System MAC address changed from [STRING] to [STRING]. |
|
Variable fields |
$1: Old system MAC address. $2: New system MAC address. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_SYSEVENT_MAC_CHANGE: System MAC address changed from 1-1-1 to 2-2-2. |
|
Explanation |
The M-LAG system MAC address was modified. |
|
Recommended action |
No action is required. |
MLAG_SYSEVENT_MODE_CHANGE
|
Message text |
|
|
Variable fields |
$1: Working mode of the device: · M-LAG system—The device is operating as an M-LAG member device. · standalone—The device is operating as a standalone device. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_SYSEVENT_MODE_CHANGE: The device's working mode changed to standalone. |
|
Explanation |
The working mode of the device changed because the M-LAG system split or reunited. |
|
Recommended action |
No action is required. |
MLAG_SYSEVENT_NUMBER_CHANGE
|
Message text |
System number changed from [STRING] to [STRING]. |
|
Variable fields |
$1: Old system number. $2: New system number. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_SYSEVENT_NUMBER_CHANGE: System number changed from 1 to 2. |
|
Explanation |
The M-LAG system number was modified. |
|
Recommended action |
No action is required. |
MLAG_SYSEVENT_PRIORITY_CHANGE
|
Message text |
System priority changed from [UINT16] to [UINT16]. |
|
Variable fields |
$1: Old system priority. $2: New system priority. |
|
Severity level |
6 |
|
Example |
MLAG/6/MLAG_SYSEVENT_PRIORITY_CHANGE: System priority changed from 123 to 564. |
|
Explanation |
The M-LAG system priority was modified. |
|
Recommended action |
No action is required. |
MLAG_VMAC_INEFFECTIVE
|
Message text |
Failed to assign virtual MAC address [STRING] to interface [STRING]. Cause: [STRING]. |
|
Variable fields |
$1: Virtual MAC address. $2: Interface name. This field is available only for VLAN interfaces and loopback interfaces in the current software version. $3: Failure cause, which can only be insufficient hardware resources. |
|
Severity level |
3 |
|
Example |
MLAG/3/MLAG_VMAC_INEFFECTIVE: Failed to assign virtual MAC address 0001-0001-0001 to interface Vlan-interface10. Cause: Insufficient hardware resources. |
|
Explanation |
Failed to assign a virtual MAC address to an interface because of insufficient hardware resources. |
|
Recommended action |
No action is required. |
MOD messages
This section contains MOD messages.
MOD_ENABLE_FAIL
|
Message text |
Failed to enable MOD function. Reason: [STRING] |
|
Variable fields |
$1: Failure cause: ¡ The sampling function is not supported. ¡ The sampler has been used by another function. |
|
Severity level |
4 |
|
Example |
MOD/4/MOD_ENABLE_FAIL: Failed to enable MOD function. Reason: The sampling function is not supported. |
|
Explanation |
This message is generated when MOD fails to be enabled for a sampling-related reason. |
|
Recommended action |
Remove the sampler used by MOD. |
MOD_MODIFY_FAIL
|
Message text |
Failed to modify MOD parameters. Reason: [STRING] |
|
Variable fields |
$1: Failure cause: ¡ The sampling function is not supported. ¡ The sampler has been used by another function. |
|
Severity level |
4 |
|
Example |
MOD/4/MOD_MODIFY_FAIL: Failed to modify MOD parameters. Reason: The sampling function is not supported. |
|
Explanation |
This message is generated when MOD parameters fails to be modified for a sampling-related reason. |
|
Recommended action |
Remove the sampler used by MOD. |
MPLS messages
This section contains MPLS messages.
MPLS_HARD_RESOURCE_NOENOUGH
|
Message text |
No enough hardware resource for MPLS. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
MPLS/4/MPLS_HARD_RESOURCE_NOENOUGH: No enough hardware resource for MPLS. |
|
Impact |
New LSPs cannot be established. |
|
Cause |
Too many MPLS hardware resources were used, for example, by excessive number of LSPs. |
|
Recommended action |
Check whether unnecessary LSPs had been generated. If yes, configure or modify the LSP generation policy, label advertisement policy, and label acceptance policy to filter out unnecessary LSPs. |
MPLS_HARD_RESOURCE_RESTORE
|
Message text |
Hardware resources for MPLS are restored. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
MPLS/6/MPLS_HARD_RESOURCE_RESTORE: Hardware resources for MPLS are restored. |
|
Impact |
No negative impact on the system. |
|
Cause |
Hardware resources for MPLS changed from insufficient to sufficient. |
|
Recommended action |
No action is required. |
MRP messages
This section contains MRP messages.
IECMRP_INTER_ROLE_FAIL
|
Message text |
The device cannot operate as an MIM in interconnection domain [STRING]. |
|
Variable fields |
$1: Domain ID of the interconnection domain. |
|
Severity level |
3 (Error) |
|
Example |
IECMRP/3/IECMRP_INTER_ROLE_FAIL: The device cannot operate as an MIM in interconnection domain 3. |
|
Impact |
The device cannot operate as the MIM. |
|
Cause |
The specified interconnection port on a device does not support the Blocked state. The device cannot operate as the MIM in an interconnection domain. |
|
Recommended action |
Perform one of the following tasks based on the actual situation: · If only some ports on the device do not support the Blocked state, specify another port that supports the Blocked state on the device as the interconnection port. · If no port on the device supports the Blocked state, specify another device in the interconnection domain as the MIM and make sure the specified device has a port that supports the Blocked state. |
IECMRP_INTER_STATE_CHANGE
|
Message text |
The ring state for interconnection domain [STRING] has changed to [STRING]. |
|
Variable fields |
$1: Domain ID of the interconnection domain. $2: Ring state of the interconnection domain: · OPEN. · CLOSE. |
|
Severity level |
5 (Notification) |
|
Example |
IECMRP/5/IECMRP_INTER_STATE_CHANGE: The ring state for interconnection domain 3 has changed to OPEN. |
|
Impact |
No negative impact on the system. |
|
Cause |
A link failed or recovered in an interconnection domain. |
|
Recommended action |
No action is required. |
IECMRP_MRA_ROLE_CHANGE
|
Message text |
The role state for the MRA has changed from [STRING] to [STRING] in redundancy domain [STRING]. |
|
Variable fields |
$1: Role of the MRA before the change: · MRC. · MRM. $2: Role of the MRA after the change: · MRC. · MRM. $3: Domain ID of the redundancy domain. |
|
Severity level |
5 (Notification) |
|
Example |
IECMRP/5/IECMRP_MRA_ROLE_CHANGE: The role state for the MRA has changed from MRC to MRM in redundancy domain 3. |
|
Impact |
After an MRA is elected as the MRM in the redundancy domain, other MRAs will operate as MRCs. |
|
Cause |
After MRP was enabled, all MRAs performed an MRM election. |
|
Recommended action |
No action is required. |
IECMRP_MULTIPLE_MANAGERS
|
Message text |
The MRM detected another MRM (with MAC address [STRING]) in redundancy domain [STRING]. |
|
Variable fields |
$1: MAC address of the detected MRM. $2: Domain ID of the redundancy domain. |
|
Severity level |
3 (Error) |
|
Example |
IECMRP/3/IECMRP_MULTIPLE_MANAGERS: The MRM detected another MRM (with MAC address 0000-0012-0034) in redundancy domain 3. |
|
Impact |
MRP cannot operate correctly in the redundancy domain. |
|
Cause |
Multiple devices have been configured as MRMs in a redundancy domain. |
|
Recommended action |
Check the configuration on other devices in the same redundancy domain, and make sure only one device operates as the MRM. |
IECMRP_REDUNANCY_ROLE_FAIL
|
Message text |
The device cannot operate as an MRM in redundancy domain [STRING]. |
|
Variable fields |
$1: Domain ID of the redundancy domain. |
|
Severity level |
3 (Error) |
|
Example |
IECMRP/3/IECMRP_REDUNANCY_ROLE_FAIL: The device cannot operate as an MRM in redundancy domain 3. |
|
Impact |
The device cannot operate as the MRM. |
|
Cause |
The specified ring port on a device does not support the Blocked state. The device cannot operate as the MRM in a redundancy domain. |
|
Recommended action |
Perform one of the following tasks based on the actual situation: · If only some ports on the device do not support the Blocked state, specify another port that supports the Blocked state on the device as the ring port. · If no port on the device supports the Blocked state, specify another device in the redundancy domain as the MRM and make sure the specified device has a port that supports the Blocked state. |
IECMRP_REDUN_STATE_CHANGE
|
Message text |
The ring state for redundancy domain [STRING] has changed to [STRING]. |
|
Variable fields |
$1: Domain ID of the redundancy domain. $2: Ring state of the interconnection domain: · OPEN. · CLOSE. |
|
Severity level |
5 (Notification) |
|
Example |
IECMRP/5/IECMRP_REDUN_STATE_CHANGE: The ring state for redundancy domain 3 has changed to OPEN. |
|
Impact |
No negative impact on the system. |
|
Cause |
A link failed or recovered in a redundancy domain. |
|
Recommended action |
No action is required. |
MTLK messages
This section contains Monitor Link messages.
MTLK_UPLINK_STATUS_CHANGE
|
Message text |
The uplink of monitor link group [UINT32] is [STRING]. |
|
Variable fields |
$1: Monitor link group ID. $2: Monitor Link group status, up or down. |
|
Severity level |
6 |
|
Example |
MTLK/6/MTLK_UPLINK_STATUS_CHANGE: The uplink of monitor link group 1 is up. |
|
Explanation |
The uplink of a monitor link group went up or down. |
|
Recommended action |
Troubleshoot the uplink when it fails. |
MTP messages
This section contains MTP messages.
MTP_PING_INFO
|
Message text |
Ping information, (Base: [STRING]), (Result: [STRING]). |
|
Variable fields |
$1: Basic information about the ping operation, including time, destination IP address, VRF index, protocol module information (module name and instance name), and the number of sent ping packets. The instance name in the protocol module information can be empty. $2: Result of the ping operation, including the number of successfully sent ping packets and ping packet result information. The ping packet result information includes the ping packet length, sequence, and result. |
|
Severity level |
6 (Informational) |
|
Example |
MTP/6/MTP_PING_INFO: Ping information, (Base: Time = 09:39:18, Destination IP = 10.11.1.1, VrfIndex = 0, Protocol Module = BGP (default), Packet Number = 9), (Result: Success = 9, Length 100 ping 1 success, Length 100 ping 2 success, Length 100 ping 3 success, Length 1000 ping 4 success, Length 1000 ping 5 success, Length 1000 ping 6 success, Length 4000 ping 7 success, Length 4000 ping 8 success, Length 4000 ping 9 success). |
|
Impact |
No negative impact on the system. |
|
Cause |
With MTP enabled, the device automatically pinged a neighbor and recorded the ping result when the neighbor's hold timer expired. |
|
Recommended action |
To resolve the issue: · Troubleshoot the link according to the ping result information. · Execute the troubleshooting information display command for the routing protocol such as display protocol troubleshooting to view identify the neighbor disconnection reason. · Execute the display logbuffer command to view detailed MTP information. |
MTP_TRACERT_INFO
|
Message text |
Tracert information, (Base: [STRING]), (Result: [STRING]). |
|
Variable fields |
$1: Basic information about the tracert operation, including time, destination IP address, VRF index, maximum number of hops allowed for a probe packet, number of probe packets to send per hop, and protocol module information (module name and instance name). The instance name in the protocol module information can be empty. $2: Result of the tracert operation, including the IP address of each hop, number of the AS that each hop belongs to (optional), and the number of probe successes. If a hop does not respond, no result will be displayed for the hop. |
|
Severity level |
6 (Informational) |
|
Example |
MTP/6/MTP_TRACERT_INFO: Tracert information, (Base: Time = 10:39:18, Destination IP = 10.11.1.1, VrfIndex = 0, MaxHop = 30, Packet Number = 3, Protocol Module = BGP (default)), (Result: TTL 1 Response IP = 10.2.1.1 Success = 3, TTL 2 Response IP = 10.11.1.1 [ AS 100 ] Success = 3). |
|
Impact |
No negative impact on the system. |
|
Cause |
With MTP enabled, the device automatically traced the route to the neighbor and recorded the tracert result when the neighbor's hold timer expired. |
|
Recommended action |
To resolve the issue: · Troubleshoot the link according to the tracert result information. · Execute the troubleshooting information display command for the routing protocol such as display protocol troubleshooting to view identify the neighbor disconnection reason. · Execute the display logbuffer command to view detailed MTP information. |
NA4
This section contains IPv4 NetAnalysis messages.
NA4_CLEARINFO_DRV
|
Message text |
Failed to clear the RoCEv2 flow statistics. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
NA4/4/NA4_CLEARINFO_DRV: Failed to clear the RoCEv2 flow statistics. |
|
Impact |
The system cannot first clear the statistical information of historical RoCEv2 flows and then specifically collect RoCEv2 flow information for a certain period of time. |
|
Cause |
The device failed to issue clearing RoCEv2 traffic statistics to the driver. |
|
Recommended action |
1. Try again in a few minutes. 2. Collect the device configuration file, log information, and alarm information, and then contact Technical Support. |
NA4_GETINFO_DRV
|
Message text |
Failed to obtain the RoCEv2 flow statistics. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
NA4/4/NA4_GETINFO_DRV: Failed to obtain the RoCEv2 flow statistics. |
|
Impact |
The inability to obtain real-time statistical information for RoCEv2 flows affects the in-depth analysis of designated service flows. |
|
Cause |
The system failed to issue obtaining RoCEv2 traffic statistics to the driver. |
|
Recommended action |
1. Try again in a few minutes. 2. Collect the device configuration file, log information, and alarm information, and then contact Technical Support. |
NA4_STATISTIC_DRV
|
Message text |
The operation conflicts with some existing configurations. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
NA4/4/NA4_STATISTIC_DRV: The operation conflicts with some existing configurations. |
|
Impact |
The current configuration cannot be issued successfully. |
|
Cause |
The operation conflicts with existing configuration in the system. |
|
Recommended action |
Remove the configuration that caused this conflict. |
NAT messages
This section contains NAT messages.
NAT_ADDR_BIND_CONFLICT
|
Message text |
Failed to activate NAT configuration on interface [STRING], because global IP addresses already bound to another service card. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
NAT/4/NAT_ADDR_BIND_CONFLICT: Failed to activate NAT configuration on interface Ethernet0/0/2, because global IP addresses already bound to another service card. |
|
Explanation |
The NAT configuration did not take effect, because the global IP addresses that the interface references have been bound to another service card. |
|
Recommended action |
If multiple interfaces reference the same global IP addresses, you must specify the same service card to process NAT traffic passing through these interfaces. To resolve the problem: 1. Use the display nat all command to check the current configuration. 2. Remove the service card configuration on the interface. 3. Specify the same service card for interfaces referencing the same global IP addresses. |
NAT_FAILED_ADD_FLOW_RULE
|
Message text |
Failed to add flow-table due to: [STRING]. |
|
Variable fields |
$1: Reason for the failure. |
|
Severity level |
4 |
|
Example |
NAT/4/NAT_FAILED_ADD_FLOW_RULE: Failed to add flow-table due to: Not enough resources are available to complete the operation. |
|
Explanation |
The system failed to deploy flow entries. Possible reasons include insufficient hardware resources or memory. |
|
Recommended action |
Contact H3C Support. |
NAT_FAILED_ADD_FLOW_TABLE
|
Message text |
Failed to add flow-table due to [STRING]. |
|
Variable fields |
$1: Failure reason: · no enough resource. · The item already exists. |
|
Severity level |
4 |
|
Example |
NAT/4/NAT_FAILED_ADD_FLOW_TABLE: Failed to add flow-table due to no enough resource. |
|
Explanation |
The system failed to add a flow table due to insufficient hardware resources or NAT address overlapping. |
|
Recommended action |
If the failure is caused by insufficient hardware resources, contact H3C Support. If the failure is caused by address overlapping, reconfigure the NAT addresses. Make sure the NAT address ranges do not overlap. |
NAT_FLOW
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation. $6: Destination IP address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Total number of incoming packets. $11: Total number of incoming bytes. $12: Total number of outgoing packets. $13: Total number of outgoing bytes. $14: Source VPN instance name. $15: Destination VPN instance name. $16: Source DS-Lite tunnel. $17: Destination DS-Lite tunnel. $18: Time when the session is created. $19: Time when the session is removed. $20: Event type. Available values are 1, 2, 3, 6, 8, and 254. $21: Event description: ¡ Session created. The value for the event type field is 8. ¡ Active flow threshold. The value for the event type field is 6. ¡ Normal over. The value for the event type field is 1. ¡ Aged for timeout. The value for the event type field is 2. ¡ Aged for reset or config-change. The value for the event type field is 3. ¡ Other. The value for the event type field is 254. |
|
Severity level |
6 |
|
Example |
NAT/6/NAT_FLOW: Protocol(1001)=UDP;SrcIPAddr(1003)=10.10.10.1;SrcPort(1004)=1024;NATSrcIPAddr(1005)=20.20.20.20;NATSrcPort(1006)=1024;DstIPAddr(1007)=20.20.20.1;DstPort(1008)=21;NATDstIPAddr(1009)=20.20.20.1;NATDstPort(1010)=21;InitPktCount(1044)=1;InitByteCount(1046)=50;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=03182024082546;EndTime_e(1014)=;Event(1048)=(8)Session created; |
|
Explanation |
This message is sent in one of the following conditions: · A NAT session is created or removed. · Regularly during a NAT session. · The traffic threshold or aging time of a NAT session is reached. |
|
Recommended action |
No action is required. |
NAT_SERVER_INVALID
|
Message text |
The NAT server with Easy IP is invalid because its global settings conflict with that of another NAT server on this interface. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
NAT/4/NAT_SERVER_INVALID: The NAT server with Easy IP is invalid because its global settings conflict with that of another NAT server on this interface. |
|
Explanation |
The NAT Server with Easy IP did not take effect because its global settings conflict with that the global settings of another NAT Server on the same interface. |
|
Recommended action |
Modify the NAT Server configuration on the interface. The combination of protocol type, global IP addresses and global ports must be unique for each NAT Server on the same interface. |
NAT_SERVICE_CARD_RECOVER_FAILURE
|
Message text |
Pattern 1: Failed to recover the configuration of binding the service card on slot [UINT16] to interface [STRING], because [STRING]. Pattern 2: Failed to recover the configuration of binding the service card on chassis [UINT16] slot [UINT16] to interface [STRING], because [STRING]. |
|
Variable fields |
Pattern 1: $1: Slot number. $2: Interface name. $3: Reasons why restoring the binding between the service card and the interface fails. Pattern 2: $1: Chassis number. $2: Slot number. $3: Interface name. $4: Reasons why restoring the binding between the service card and the interface fails. |
|
Severity level |
4 |
|
Example |
NAT/4/NAT_SERVICE_CARD_RECOVER_FAILURE: Failed to recover the configuration of binding the service card on slot 3 to interface GigabitEthernet0/0/2, because NAT service is not supported on this service card. |
|
Explanation |
Restoring the binding between the service card and the interface failed. |
|
Recommended action |
· If the operation fails because the NAT addresses have already been bound to another service card: ¡ Use the display nat all command to check the current configuration. ¡ Specify the same service card for interfaces referencing the same NAT addresses. · Check the service card for hardware problems if the failure is caused by one of the following reasons: ¡ NAT service is not supported on this service card. ¡ The hardware resources are not enough. ¡ Unknown error. |
ND messages
This section contains ND messages.
ND_COMMONPROXY_ENABLE_FAILED
|
Message text |
Failed to enable common ND proxy on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
ND/4/ND_COMMONPROXY_ENABLE_FAILED: Failed to enable common ND proxy on interface Vlan-interface 1. |
|
Impact |
The issue might cause user service or traffic interruption. |
|
Cause |
This message might be generated when the following events occur: · Common ND proxy failed to be enabled on the interface. · Common ND proxy is enabled successfully on the interface of the MPU but fails to be enabled on the interface of a non-MPU card. This message is generated for the non-MPU card. |
|
Recommended action |
1. Identify whether the corresponding card supports common ND proxy. 2. Identify whether the device has sufficient hardware resources and delete unnecessary settings. 3. If the issue persists, collect configuration files, log messages, and alarm information, and then contact Technical Support for help. |
ND_CONFLICT
|
Message text |
[STRING] is inconsistent. |
|
Variable fields |
$1: Configuration type: ¡ M_FLAG. ¡ O_FLAG. ¡ CUR_HOP_LIMIT. ¡ REACHABLE TIME. ¡ NS INTERVAL. ¡ MTU. ¡ PREFIX VALID TIME. ¡ PREFIX PREFERRED TIME. |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_CONFLICT: PREFIX VALID TIME is inconsistent |
|
Impact |
The issue might cause user service or traffic interruption. |
|
Cause |
The configuration in the received router advertisement was not consistent with the configuration on the device. A message is sent if an inconsistency is detected. |
|
Recommended action |
Check the device configuration. Make sure the configuration on the device and the neighboring router is consistent. |
ND_DUPADDR
|
Message text |
Duplicate address: [STRING] on the interface [STRING]. |
|
Variable fields |
$1: IPv6 address that is to be assigned to the interface. $2: Name of the interface. |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_DUPADDR: Duplicate address: 33::8 on the interface Vlan-interface9. |
|
Impact |
No negative impact on the system. |
|
Cause |
The IPv6 address that was to be assigned to the interface is being used by another device. |
|
Recommended action |
Assign another IPv6 address to the interface based on the network plan and service deployment. |
ND_ENTRY_ENOUGHRESOURCE
|
Message text |
Issued the software entry to the driver for IPv6 address [STRING] on VPN instance [STRING]. Issued the software entry to the driver for IPv6 address [STRING] on the public network. |
|
Variable fields |
$1: IPv6 address. $2: VPN instance name. If the ND entry belongs to the public network, this field is not displayed. |
|
Severity level |
6 |
|
Example |
ND/6/ND_ENTRY_ENOUGHRESOURCE: Issued the software entry to the driver for IPv6 address 10::1 on VPN instance vpn_1. ND/6/ND_ENTRY_ENOUGHRESOURCE: Issued the software entry to the driver for IPv6 address 10::2 on the public network. |
|
Explanation |
After ND entry consistency check is enabled by using the ipv6 nd consistency-check enable command, a log is output when ND successfully refreshes hardware entries according to software entries. |
|
Recommended action |
No action is required. |
ND_ENTRY_INCONSISTENT
|
Message text |
Inconsistent software and hardware ND entries for IPv6 address [STRING] on VPN instance [STRING]. Inconsistent parameters: [STRING]. Inconsistent software and hardware ND entries for IPv6 address [STRING] on the public network. Inconsistent parameters: [STRING]. |
|
Variable fields |
$1: IPv6 address. $2: VPN instance name. If the ND entry belongs to the public network, this field is not displayed. $3: Inconsistent items: ¡ MAC address. ¡ output interface. ¡ output port. ¡ outermost layer VLAN ID. ¡ second outermost layer VLAN ID. ¡ VSI index. ¡ link ID. |
|
Severity level |
6 |
|
Example |
ND/6/ND_ENTRY_INCONSISTENT: Inconsistent software and hardware ND entries for IPv6 address 10::1 on VPN instance vpn_1. Inconsistent parameters: MAC address, output port, VSI index, and link ID. ND/6/ND_ENTRY_INCONSISTENT: Inconsistent software and hardware ND entries for IPv6 address 10::2 on the public network. Inconsistent parameters: MAC address, output port, VSI index, and link ID. |
|
Explanation |
After ND entry consistency check is enabled by using the ipv6 nd consistency-check enable command, a log is output when the device detects an inconsistency between software and hardware entries (for example, inconsistent output interface). |
|
Recommended action |
No action is required. The ND module automatically refreshes the hardware entries. |
ND_ENTRY_NORESOURCE
|
Message text |
Not enough hardware resources to issue the software entry to the driver for IPv6 address [STRING] on VPN instance [STRING]. Not enough hardware resources to issue the software entry to the driver for IPv6 address [STRING] on the public network. |
|
Variable fields |
$1: IPv6 address. $2: VPN instance name. If the ND entry belongs to the public network, this field is not displayed. |
|
Severity level |
6 |
|
Example |
ND/6/ND_ENTRY_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IPv6 address 10::1 on VPN instance vpn_1. ND/6/ND_ENTRY_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IPv6 address 10::2 on the public network. |
|
Explanation |
After ND entry consistency check is enabled by using the ipv6 nd consistency-check enable command, a log is output when the device does not have sufficient hardware resources to deploy software entries to the driver. |
|
Recommended action |
No action is required. The ND module automatically refreshes the hardware entries. |
ND_EVENTQUE_ALERT
|
Message text |
The current size of the EVENT queue has reached [UINT32]. Please check the network environment. |
|
Variable fields |
$1: Size of the ND EVENT queue. |
|
Severity level |
4 (Warning) |
|
Example |
ND/4/ND_EVENTQUE_ALERT: The current size of the EVENT queue has reached 4096. Please check the network environment. |
|
Impact |
The device drops ND EVENT messages if the ND EVENT queue is full. This might affect the service. |
|
Cause |
If the number of ND EVENT messages in the ND EVENT queue has exceeded 4096, the system generates a log message every 60 seconds. |
|
Recommended action |
1. Check the ND packets received on interfaces for anomalies. If abnormal ND packets are detected, capture ND packets to check for ND attacks and locate the source of attacks, if any. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
ND_HARDWARE_REFRESH_NORESOURCE
|
Message text |
Failed to refresh the host route in FIB according to the ND entry because the device resources are insufficient. IPv6 address=[STRING]; VPN instance name=[STRING]; VPN instance index=[UINT16]; Interface=[STRING]. |
|
Variable fields |
$1: IPv6 address in the ND entry. $2: Name of the VPN instance in the ND entry. If the log information belongs to the public network, this field displays Public. $3: Index of the VPN instance in the ND entry. If the log information belongs to the public network, this field displays 0. $4: Name of the output interface in the ND entry. |
|
Severity level |
4 |
|
Example |
ND/4/ND_HARDWARE_REFRESH_NORESOURCE: Failed to refresh the host route in FIB according to the ND entry because the device resources are insufficient. IPv6 address=1::1; VPN instance name=vpn1; VPN instance index=1; Interface=GigabitEthernet1/0/1. |
|
Explanation |
After you enable error logging for ND entry deployment to hardware by using the ipv6 nd hardware log enable command, the host route in FIB failed to be refreshed because the device does not have sufficient hardware resources. |
|
Recommended action |
Check the device resource usage and resolve the issue of insufficient hardware resources. |
ND_HARDWARE_SEND_NORESOURCE
|
Message text |
Failed to send the ND entry to the driver because the device resources are insufficient. IPv6 address=[STRING]; VPN instance name=[STRING]; VPN instance index=[UINT16]; Interface=[STRING]. |
|
Variable fields |
$1: IPv6 address in the ND entry. $2: Name of the VPN instance in the ND entry. If the log information belongs to the public network, this field displays Public. $3: Index of the VPN instance in the ND entry. If the log information belongs to the public network, this field displays 0. $4: Name of the output interface in the ND entry. |
|
Severity level |
4 |
|
Example |
ND/4/ND_HARDWARE_SEND_NORESOURCE: Failed to send the ND entry to the driver because the device resources are insufficient. IPv6 address=1::1; VPN instance name=vpn1; VPN instance index=1; Interface=GigabitEthernet1/0/1. |
|
Explanation |
After you enable error logging for ARP entry deployment to hardware by using the ipv6 nd hardware log enable command, the device failed to deploy ND entries to hardware because it does not have sufficient hardware resources. |
|
Recommended action |
Check the device resource usage and resolve the issue of insufficient hardware resources. |
ND_HOST_IP_CONFLICT
|
Message text |
The host [STRING] connected to interface [STRING] cannot communicate correctly, because it uses the same IPv6 address as the host connected to interface [STRING]. |
|
Variable fields |
$1: IPv6 global unicast address of the host. $2: Name of the interface. $3: Name of the interface. |
|
Severity level |
4 |
|
Example |
ND/4/ND_HOST_IP_CONFLICT: The host 2::2 connected to interface GigabitEthernet1/0/1 cannot communicate correctly, because it uses the same IPv6 address as the host connected to interface GigabitEthernet1/0/1. |
|
Explanation |
The IPv6 global unicast address of the host is being used by another host that connects to the same interface. |
|
Recommended action |
Disconnect the host and assign another IPv6 global unicast address to the host. |
ND_HOST_IPCONFLICT_ALARM
|
Message text |
An ND packet arrived with the sender IP conflicting with a local IP. Local IPv6 address=[STRING]; Local MAC=[STRING]; Local interface=[STRING]; Local SVLAN=[UINT32]; Local CVLAN=[UINT32]; Remote IPv6 address=[STRING]; Remote MAC=[STRING]; Remote SVLAN=[UINT32]; Remote CVLAN=[UINT32]. |
|
Variable fields |
$1: IPv6 address of the local device. $2: MAC address of the local device. $3: Name of the interface on the local device. $4: Outer VLAN ID of the interface on the local device. $5: Inner VLAN ID of the interface on the local device. $6: IPv6 address of the endpoint. $7: MAC address of the endpoint $8: Outer VLAN ID of the interface on the endpoint. $9: Inner VLAN ID of the interface on the endpoint. |
|
Severity level |
4 (Warning) |
|
Example |
ND/4/ND_HOST_IPCONFLICT_ALARM: An ND packet arrived with the sender IP conflicting with a local IP. Local IPv6 address=1::1; Local MAC=0001-0002-0003; Local Interface= vlan-interface 10; Local SVLAN=0; Local CVLAN=0; Remote IPv6 address=1::1; Remote MAC=0001-0002-0004; Remote SVLAN=1; Remote CVLAN=1. |
|
Impact |
The IPv6 address conflict between the endpoint and local device might cause user service or traffic interruption. |
|
Cause |
This message might be generated when the following events occur: · Another device on the network is configured with the same IPv6 address as that of the local device. · The network has an ND packet attack that forges the source IPv6 address. |
|
Recommended action |
1. Identify whether another device on the network is configured with the same IPv6 address as that of the local device based on the alarm. ¡ If you can identify the device configured with the same IPv6 address, change the IPv6 address of the device. ¡ If you cannot identify the device configured with the same IPv6 address, change the IPv6 address of the corresponding interface. Make sure the operation does not affect services. 2. Identify whether an ND packet attack exists on the network and identify the attack source based on the alarm. 3. If the issue persists, collect configuration files, log messages, and alarm information, and then contact Technical Support for help. |
ND_HOST_IPCONFLICT_RESUME
|
Message text |
No ND packets arrived with conflicting sender IP for a period of time. Local IPv6 address=[STRING]; Local MAC=[STRING]; Local interface=[STRING]; Local SVLAN=[UINT32]; Local CVLAN=[UINT32]; Remote IPv6 address=[STRING]; Remote MAC=[STRING]; Remote SVLAN=[UINT32]; Remote CVLAN=[UINT32]. |
|
Variable fields |
$1: IPv6 address of the local device. $2: MAC address of the local device. $3: Name of the interface on the local device. $4: Outer VLAN ID of the interface on the local device. $5: Inner VLAN ID of the interface on the local device. $6: IPv6 address of the endpoint. $7: MAC address of the endpoint $8: Outer VLAN ID of the interface on the endpoint. $9: Inner VLAN ID of the interface on the endpoint. |
|
Severity level |
5 (Notification) |
|
Example |
ND/5/ND_HOST_IPCONFLICT_RESUME: No ND packets arrived with conflicting sender IP for a period of time. Local IPv6 address=1::1; Local MAC=0001-0002-0003; Local interface= vlan-interface 10; Local SVLAN=0; Local CVLAN=0; Remote IPv6 address=1::1; Remote MAC=0001-0002-0004; Remote SVLAN=1; Remote CVLAN=1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The interface does not receive any ND packets in which the source IPv6 address is the same as its own IPv6 address within three minutes. |
|
Recommended action |
No action is required. |
ND_LIPCQUE_ALERT
|
Message text |
The number of ND entries in the ND_LIPC queue has reached [UINT32]. Please check the network environment. |
|
Variable fields |
$1: Number of ND entries to be synchronized to other modules by the MPU in the queue. |
|
Severity level |
4 |
|
Example |
ND/4/ND_LIPCQUE_ALERT: -MDC=1; The number of ND entries in the ND_LIPC queue has reached 65. Please check the network environment. |
|
Explanation |
An alarm is generated when the number of ND entries to be synchronized to other modules by the MPU in the queue reaches 50% or 80% of the queue capacity. The system outputs a log every 60 seconds and discards ND entries when the queue capacity limit is reached. |
|
Recommended action |
1. Configure the spanning tree feature and check for loops on the network. 2. Capture ND packets to check for attacks and locate the source of attacks, if any. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
ND_LOCALPROXY_ENABLE_FAILED
|
Message text |
Failed to enable local ND proxy on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
ND/4/ND_LOCALPROXY_ENABLE_FAILED: -MDC=1-Slot=2; Failed to enable local ND proxy on interface Vlan-interface 1. |
|
Explanation |
Failed to enable local ND proxy on an interface on the card. |
|
Recommended action |
1. Verify that the card supports local ND proxy. 2. Make sure the device has sufficient hardware resources. |
ND_PACKET_SPEEDLIMIT_ALARM
|
Message text |
ND or ND miss packets were sent at [UINT] pps, which exceeded the alarm threshold. |
|
Variable fields |
$1: Packet sending rate. |
|
Severity level |
5 (Notification) |
|
Example |
ND/5/ ND_PACKET_SPEEDLIMIT_ALARM: ND or ND miss packets were sent at 81 pps, which exceeded the alarm threshold. |
|
Impact |
The device might not send ND requests correctly, which affects ND learning. As a result, traffic cannot be forwarded. |
|
Cause |
This message is generated when the sending rate of ND packets triggered by services or ND Miss messages exceeds the alarm threshold (80% of the upper rate limit). |
|
Recommended action |
1. Capture packets to identify whether an ND attack exists on the network and identify the attack source. 2. If the issue persists, collect configuration files, log messages, and alarm information, and then contact Technical Support for help. |
ND_PACKET_SPEEDLIMIT_RESUME
|
Message text |
The rate of sending ND or ND miss packets dropped to [UINT], which is below the alarm-clear threshold. |
|
Variable fields |
$1: Packet sending rate. |
|
Severity level |
5 (Notification) |
|
Example |
ND/5/ ND_PACKET_SPEEDLIMIT_ALARM: ND or ND miss packets were sent at 81 pps, which exceeded the alarm threshold. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when the sending rate of ND packets triggered by services or ND Miss messages drops below 60% of the upper rate limit. The possible reasons are as follows: · The number of ND Miss messages reduces. · ND packets triggered by services reduce. |
|
Recommended action |
No action is required. |
ND_PKTQUE_ALERT
|
Message text |
The current size of the ND_PKT queue has reached [UINT32]. Please check the network environment. |
|
Variable fields |
$1: ND packet queue size. |
|
Severity level |
4 |
|
Example |
ND/4/ND_PKTQUE_ALERT: The current size of ND_PKT queue has reached 4096. Please check the network environment. |
|
Explanation |
The system outputs a log every 60 seconds when the size of ND packet queue exceeds 4096. |
|
Recommended action |
1. Check the ND packets received on interfaces for anomalies. If abnormal ND packets are detected, capture ND packets to check for ND attacks and locate the source of attacks, if any. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
ND_PKTQUE_RESUME
|
Message text |
The current size of the ND_PKT queue has dropped to [UINT32]. |
|
Variable fields |
$1: ND packet queue size. |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_PKTQUE_ALERT: The current size of the ND_PKT queue has dropped to 3000. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is output when the queue size of ARP packets sent to the CPU drops below the alarm threshold (3072). |
|
Recommended action |
No action is required. |
ND_MAC_CHECK
|
Message text |
Packet received on interface [STRING] was dropped because source MAC [STRING] was inconsistent with link-layer address [STRING]. |
|
Variable fields |
$1: Receiving interface of the ND packet. $2: Source MAC address in the Ethernet frame header of the ND packet. $3: Source link-layer address in the ND packet. |
|
Severity level |
6 |
|
Example |
ND/6/ND_MAC_CHECK: Packet received on interface Ethernet2/0/2 was dropped because source MAC 0002-0002-0001 was inconsistent with link-layer address 0002-0002-0002. |
|
Explanation |
The device dropped an ND packet because source MAC consistency check detected that the source MAC address and the source link-layer address in the packet are inconsistent. |
|
Recommended action |
Verify the validity of the ND packet originator. |
ND_NETWORKROUTE_DUPLICATE
|
Message text |
Prefix [STRING] of the IPv6 ND network route matches different ports: [STRING] and [STRING]. |
|
Variable fields |
$1: IPv6 address prefix. $2: Interface name. $3: Interface name. |
|
Severity level |
5 |
|
Example |
ND/5/ND_NETWORKROUTE_DUPLICATE: Prefix 120::/70 of the IPv6 ND network route matches different ports: GigabitEthernet1/0/1 and GigabitEthernet1/0/2. |
|
Explanation |
This message is sent when a network route is generated for different ND entries of neighbors in the same VLAN but connected to different Layer 2 ports. |
|
Recommended action |
Modify the network configuration. |
ND_RAGUARD_DROP
|
Message text |
Dropped RA messages with the source IPv6 address [STRING] on interface [STRING]. [STRING] messages dropped in total on the interface. |
|
Variable fields |
$1: IPv6 source IP address of the dropped RA messages. $2: Interface name on which the RA messages are dropped. $3: Total number of dropped RA messages on the interface. |
|
Severity level |
4 |
|
Example |
ND/4/ND_RAGUARD_DROP: Dropped RA messages with the source IPv6 address FE80::20 on interface GigabitEthernet1/0/1. 20 RA messages dropped in total on the interface. |
|
Explanation |
RA guard dropped RA messages and displayed the information when RA guard detected an attack. |
|
Recommended action |
Verify the validity of the RA message originator. |
ND_RATE_EXCEEDED
|
Message text |
The ND packet rate ([UINT32] pps) exceeded the rate limit ([UINT32] pps) on interface [STRING] in most recent [UINT32] seconds. |
|
Variable fields |
$1: ND packet rate. $2: ND limit rate. $3: Interface name. $4: Interval time. |
|
Severity level |
4 |
|
Example |
ND/4/ND_RATE_EXCEEDED: The ND packet rate (100 pps) exceeded the rate limit (80 pps) on interface GigabitEthernet1/0/1 in most recent 10 seconds. |
|
Explanation |
An interface received ND messages at a rate higher than the rate limit. |
|
Recommended action |
Verify that the hosts at the sender IP addresses are legitimate. |
ND_RATELIMIT_NOTSUPPORT
|
Message text |
Pattern 1: ND packet rate limit is not support on slot [INT32]. Pattern 2: ND packet rate limit is not support on chassis [INT32] slot [INT32]. |
|
Variable fields |
Pattern 1: $1: Slot number. Pattern 2: $1: Chassis number. $2: Slot number. |
|
Severity level |
6 |
|
Example |
ND/6/ND_RATELIMIT_NOTSUPPORT: ND packet rate limit is not support on slot 2. |
|
Explanation |
ND packet rate limit is not supported on the slot. |
|
Recommended action |
No action is required. |
ND_SET_PORT_TRUST_NORESOURCE
|
Message text |
Not enough resources to complete the operation. |
|
Variable fields |
N/A |
|
Severity level |
6 |
|
Example |
ND/6/ND_SET_PORT_TRUST_NORESOURCE: Not enough resources to complete the operation. |
|
Explanation |
Failed to execute the command because driver resources were not enough. |
|
Recommended action |
Release the driver resources and execute the command again. |
ND_SET_VLAN_REDIRECT_NORESOURCE
|
Message text |
Not enough resources to complete the operation. |
|
Variable fields |
N/A |
|
Severity level |
6 |
|
Example |
ND/6/ND_SET_VLAN_REDIRECT_NORESOURCE: Not enough resources to complete the operation. |
|
Explanation |
Failed to execute the command because driver resources were not enough. |
|
Recommended action |
Release the driver resources and execute the command again. |
ND_SNOOPING_LEARN_ALARM
|
Message text |
The total number of ND snooping entries learned in all VLANs reached or exceeded the alarm threshold. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
ND/4/ND_SNOOPING_LEARN_ALARM: -MDC=1; The total number of ND snooping entries learned in all VLANs reached or exceeded the alarm threshold. |
|
Impact |
|
|
Cause |
The total number of ND snooping entries learned in all VLANs reached or exceeded the alarm threshold. |
|
Recommended action |
Examine whether an ND attack exists. |
ND_SNOOPING_LEARN_ALARM_RECOVER
|
Message text |
The total number of ND snooping entries learned in all VLANs dropped below the alarm threshold. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
ND/4/ND_SNOOPING_LEARN_ALARM_RECOVER: -MDC=1; The total number of ND snooping entries learned in all VLANs dropped below the alarm threshold. |
|
Explanation |
The total number of ND snooping entries learned in all VLANs dropped below the alarm threshold. |
|
Recommended action |
No action is required. |
ND_SOURCE_IP
|
Message text |
An attack from IP [STRING] was detected on interface [STRING]. |
|
Variable fields |
$1: Sender IPv6 address in the received ND attack packets. $2: Name of the interface that received ND packets with a fixed sender IPv6 address. |
|
Severity level |
6 (Information) |
|
Example |
ND/6/ND_SOURCE_IP: An attack from IP 1001::1 was detected on interface GE1/0/1. |
|
Impact |
The CPU might be busy processing ND packets and be unable to process normal service traffic. |
|
Cause |
This message occurs if an interface receives more ND packets with the same sender IP address than the threshold for a 5 seconds interval. |
|
Recommended action |
1. Execute the display ipv6 nd source-ip command to view the ND attack detection entries for the sender IPv6 address. Identify whether the address is trusted, based on the network plan and service deployment. ¡ If the address is trusted, execute the ipv6 nd source-ip exclude-ip command to exclude the address from ND attack detection. ¡ If the address is not trusted, capture ND packets to check for ND attacks and locate the source of attacks, if any. 2. If the issue persists, collect log messages and configuration data, and then contact Technical Support for help. |
ND_SOURCE_MAC
|
Message text |
An attack from MAC [STRING] was detected on interface [STRING]. |
|
Variable fields |
$1: Sender MAC address in the received ND attack packets. $2: Name of the interface that received the ND attack packets with a fixed sender MAC address. |
|
Severity level |
6 (Information) |
|
Example |
ND/6/ND_SOURCE_MAC: An attack from MAC 0001-0001-0001 was detected on interface GE1/0/1. |
|
Impact |
The CPU might be busy processing ND packets and be unable to process normal service traffic. |
|
Cause |
This message occurs if an interface receives more ND packets with the same sender IP address than the threshold for a 5 seconds interval. |
|
Recommended action |
1. Execute the display ipv6 nd source-mac command to view the ND attack detection entry for the sender MAC address. Identify whether the address is trusted, based on the network plan and service deployment. ¡ If the address is trusted, execute the ipv6 nd source-mac exclude-mac command to configure the address as a protected MAC address for ND attack detection. ¡ If the address is not trusted, capture ND packets to check for ND attacks and locate the source of attacks, if any. 2. If the issue persists, collect log messages and configuration data, and then contact Technical Support for help. |
ND_SUPPR_ALARM_CLEAR
|
Message text |
The number of ND suppression entries dropped below the threshold. Threshold=[UINT32], Number of ND suppression entries=[UINT32]) |
|
Variable fields |
$1: Threshold for ND suppression entries. $2: Number of ND suppression entries. |
|
Severity level |
5 |
|
Example |
ND/5/ND_SUPPR_ALARM_CLEAR: The number of ND suppression entries dropped below the threshold. Threshold=100; Number of ND Suppression entries=59. |
|
Explanation |
The number of ND suppression entries on the device dropped below 60 percent of the threshold. |
|
Recommended action |
No action is required. |
ND_SUPPR_THRESHOLD_EXCEED
|
Message text |
The number of ND suppression entries exceeded the threshold. Threshold=[UINT32]; Number of ND suppression entries=[UINT32]. |
|
Variable fields |
$1: Threshold for ND suppression entries. $2: Number of ND suppression entries. |
|
Severity level |
4 |
|
Example |
ND/4/ND_SUPPR_THRESHOLD_EXCEED: The number of ND suppression entries exceeded the threshold. Threshold=100; Number of ND suppression entries=80. |
|
Explanation |
The number of ND suppression entries on the device exceeded 80 percent of the threshold. |
|
Recommended action |
Delete the useless ND suppression entries or raise the threshold. |
ND_USER_DUPLICATE_IPV6ADDR
|
Message text |
Detected a user IPv6 address conflict. New user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) on interface [STRING] and old user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) on interface [STRING] were using the same IPv6 address [IPV6ADDR]. |
|
Variable fields |
$1: MAC address of the new user. $2: SVLAN of the new user. $3: CVLAN of the new user. $4: Name of the interface connected to the new user. $5: MAC address of the old user. $6: SVLAN of the old user. $7: CVLAN of the old user. $8: Name of the interface connected to the old user. $9: IPv6 address of the user. |
|
Severity level |
6 |
|
Example |
ND/6/ND_USER_DUPLICATE_IPV6ADDR: Detected a user IPv6 address conflict. New user (MAC 0010-2100-01e1, SVLAN 100, CVLAN 10) on interface GigabitEthernet1/0/1 and old user (MAC 0120-1e00-0102, SVLAN 100, CVLAN 10) on interface GigabitEthernet1/0/1 were using the same IPv6 address 10::1. |
|
Explanation |
This message is sent when ND detects an IPv6 address conflict. |
|
Recommended action |
Examine IPv6 addresses of all endpoint users, locate the address conflict reason, and take actions to remove the conflict. |
ND_USER_MOVE
|
Message text |
Detected a user (IPv6 address [IPV6ADDR], MAC address [STRING]) moved to another interface. Before user move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. After user move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. |
|
Variable fields |
$1: IPv6 address of the user. $2: MAC address of the user. $3: Interface name before the migration. $4: Old SVLAN of the user. $5: Old CVLAN of the user. $6: Interface name after the migration. $7: New SVLAN of the user. $8: New CVLAN of the user. |
|
Severity level |
6 |
|
Example |
ND/6/ND_USER_MOVE: Detected a user (IPv6 address 10::1, MAC address 0010-2100-01e1) moved to another interface. Before user move: interface GigabitEthernet1/0/1, SVLAN 100, CVLAN 20. After user move: interface GigabitEthernet1/0/2, SVLAN 100, CVLAN 10. |
|
Explanation |
This message is sent when ND detects that a user accesses the network through another port. |
|
Recommended action |
Execute the display ipv6 nd user-move record command to verify that the migration is valid. |
ND_USER_OFFLINE
|
Message text |
Detected a user (IPv6 address [IPV6ADDR], MAC address [STRING]) was offline from interface [STRING]. |
|
Variable fields |
$1: IPv6 address of the offline user. $2: MAC address of the offline user. $3: Name of the interface connected to the offline user. |
|
Severity level |
6 |
|
Example |
ND/6/ND_USER_OFFLINE: Detected a user (IPv6 address 10::1, MAC address 0010-2100-01e1) was offline from interface GigabitEthernet1/0/1. |
|
Explanation |
This message is sent when ND detects a user offline event. |
|
Recommended action |
No action is required. |
ND_USER_ONLINE
|
Message text |
Detected a user (IPv6 address [IPV6ADDR], MAC address [STRING]) was online on interface [STRING]. |
|
Variable fields |
$1: IPv6 address of the online user. $2: MAC address of the online user. $3: Name of the interface connected to the online user. |
|
Severity level |
6 |
|
Example |
ND/6/ND_USER_ONLINE: Detected a user (IPv6 address 10::1, MAC address 0010-2100-01e1) was online on interface GigabitEthernet1/0/1. |
|
Explanation |
This message is sent when ND detects a user online event. |
|
Recommended action |
Verify the validity of the online user. |
NETCONF
This section contains NETCONF messages.
CLI
|
Message text |
User ([STRING], [STRING][STRING]) performed an CLI operation: [STRING] operation result=[STRING][STRING] |
|
Variable fields |
$1: Username or user line type. ¡ If scheme login authentication was performed for the user, this field displays the username. ¡ If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative number. ¡ For a Telnet or SSH user, this field displays the IP address of the user. ¡ For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as CON0. $3: ID of the NETCONF session. This field is not displayed for Web and RESTful sessions. $4: Message ID of the NETCONF request. This field is not displayed for Web and RESTful sessions. $5: Operation result, Succeeded or Failed. $6: Cause for an operation failure. This field is displayed only if the failure is caused by a known reason. |
|
Severity level |
6 (Informational) |
|
Example |
XMLSOAP/6/CLI: -MDC=1; User (test, 169.254.5.222, session ID=1) performed an CLI operation: message ID=101, operation result=Succeeded. |
|
Impact |
The impact is related to the command line contents in the CLI request. |
|
Cause |
A user performs a CLI operation. |
|
Recommended action |
No action is required. |
EDIT-CONFIG
|
Message text |
User ([STRING], [STRING], session ID [UINT]) performed an edit-config operation: message ID=[STRING], operation result=[STRING]. |
|
Variable fields |
$1: Username or user line type. · If scheme login authentication was performed for the user, this field displays the username. · If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address, or user line type and relative number. · For a Telnet or SSH user, this field displays the IP address of the user. · For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as CON0. $3: ID of the NETCONF session. This field is not displayed if the session does not have a session ID. $4: Message ID of the NETCONF request. This field is not displayed if the request does not have a message ID. $5: Operation result, Succeeded or Failed. |
|
Severity level |
6 (Informational) |
|
Example |
XMLSOAP/6/EDIT-CONFIG: User (test, 192.168.56.1, session ID 1) performed an edit-config operation: message ID=101, operation result=Succeeded. |
|
Impact |
The impact is related to the entry to be operated in the edit-config request. |
|
Cause |
A user executed the edit-config operation. |
|
Recommended action |
· No action is required if the operation succeeded. · If the operation failed, identify whether the edit-config operation conflicts with the current configuration of the device. Alternatively, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
|
Message text |
User ([STRING], [STRING][STRING])[STRING] operation=[STRING] [STRING] [STRING], result=[STRING]. No attributes. Or: User ([STRING], [STRING],[STRING]),[STRING] operation=[STRING] [STRING] [STRING], result=[STRING]. Attributes: [STRING]. |
|
Variable fields |
$1: Username or user line type. ¡ If scheme login authentication was performed for the user, this field displays the username. ¡ If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative number. ¡ For a Telnet or SSH user, this field displays the IP address of the user. ¡ For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as CON0. $3: ID of the NETCONF session. This field is not displayed if the session does not have a session ID. $4: Message ID of the NETCONF request. This field is not displayed if the request does not have a message ID. $5: Name of a NETCONF row operation. $6: Module name and table name. $7: Index information. If there are multiple indexes, this field uses a comma as the delimiter. This field is displayed only when there are indexes. $8: Operation result, Succeeded or Failed. $9: Attribute column information. This field is displayed only when the operation configures an attribute column. |
|
Severity level |
6 (Informational) |
|
Example |
XMLSOAP/6/EDIT-CONFIG: User (test, 192.168.100.20, session ID 1), message ID=1, operation=create Ifmgr/Interfaces (IfIndex="GigabitEthernet1/0/1"), result=Succeeded. Attributes: Description="This is Desc1", AdminDown=1, Speed=1. |
|
Impact |
The impact is related to the entry to be operated in the edit-config request. |
|
Cause |
The device outputs this log message for each row operation for an <action> or <edit-config> operation. |
|
Recommended action |
No action is required. |
EDIT_CONFIG_CLI
|
Message text |
User ([STRING], [STRING], session ID [UINT16]), message ID=[UINT16], row index=[UINT16], command=[STRING]. [STRING] |
|
Variable fields |
$1: Username or user line type. ¡ If scheme login authentication was performed for the user, this field displays the username. ¡ If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address, or user line type and relative number. ¡ For a Telnet or SSH user, this field displays the IP address of the user. ¡ For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as CON0. $3: ID of the NETCONF session. This field is not displayed if the session does not have a session ID. $4: Message ID of the NETCONF request. This field is not displayed if the request does not have a message ID. $5: Row index in the NETCONF request. $6: Commands for the operations in the NETCONF request. $7: Error message returned upon failed NETCONF row operations. The error message is Configuration failed. The device does not return this message if all operations in the request are executed successfully. |
|
Severity level |
6 (Informational) |
|
Example |
XMLSOAP/6/EDIT_CONFIG_CLI: User (test, 192.168.100.20, session ID 1), message ID=100, row index=1, command=port trunk pvid vlan 100. |
|
Impact |
N/A |
|
Cause |
If the XML-to-CLI feature for NETCONF logging is enabled, the device converts every <action> and <edit-config> operation from their XML forms to their CLI command forms and logs the CLI commands for the operations. This log also records the operation results. This log is available only for <action> and <edit-config> operations. |
|
Recommended action |
No action is required. |
NETCONF_CONFIG_LOG
|
Message text |
User ([STRING], [STRING], session ID [UINT16]) performed an edit-config operation: message ID=[STRING], operation=[STRING]. The operation results in the following configuration changes: [STRING] |
|
Variable fields |
$1: Username or user line type. ¡ If scheme login authentication was performed for the user, this field displays the username. ¡ If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative number. ¡ For a Telnet or SSH user, this field displays the IP address of the user. ¡ For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as CON0. $3: ID of the NETCONF session. $4: Message ID of the NETCONF request. $5: <edit-config> operation. Available values are merge, create, replace, remove, and delete. $6: Configuration changes caused by the operation. |
|
Severity level |
6 (Informational) |
|
Example |
XMLAGENT/6/NETCONF_CONFIG_LOG: -MDC=1; User (test, 192.168.100.20, session ID 1) performed an edit-config operation: message ID=6, operation=merge. The operation results in the following configuration changes: +# +interface Vlan-interface6 |
|
Impact |
N/A |
|
Cause |
The device outputs NETCONF-based configuration log messages after the NETCONF client notifies the device of the "urn:h3c:params:netconf:capability:h3c-netconf2cli-sysloglog:1.0" capability set and configure the device by performing the <edit-config> operation. |
|
Recommended action |
No action is required. |
NETCONF_MSG_DEL
|
Message text |
A NETCONF message was dropped. Reason: Packet size exceeded the upper limit. |
|
Variable fields |
N/A |
|
Severity level |
7 (Debug) |
|
Example |
NETCONF/7/NETCONF_MSG_DEL: A NETCONF message was dropped. Reason: Packet size exceeded the upper limit. |
|
Impact |
N/A |
|
Cause |
The system dropped a NETCONF request message that was received from a NETCONF over SSH client or at the XML view. The reason is that the message size exceeded the upper limit. |
|
Recommended action |
1. Reduce the size of the request message. For example, delete blank spaces, carriage returns, and tab characters. 2. Segment the request message and then re-encapsulate the segments before sending them to the device. As a best practice, collect alarm information, log messages, and configuration data, and contact Technical Support. |
THREAD
|
Message text |
Maximum number of NETCONF threads already reached. |
|
Variable fields |
N/A |
|
Severity level |
3 (Error) |
|
Example |
XMLCFG/3/THREAD: -MDC=1; Maximum number of NETCONF threads already reached. |
|
Impact |
New NETCONF over SSH sessions are not accepted. New NETCONF SOAP and RESTful requests are not accepted. The Web feature is unavailable. |
|
Cause |
The number of NETCONF threads already reached the upper limit. |
|
Recommended action |
Please try again later. |
NQA messages
This section contains NQA messages.
NQA_ENTRY_PROBE_RESULT
|
Message text |
Reaction entry [STRING] of NQA entry admin-name [STRING] operation-tag [STRING]: [STRING]. |
|
Variable fields |
$1: ID of the NQA reaction entry. $2: Admin name of the NQA entry. $3: Operation tag of the NQA entry. $4: Probe result. The value can be: ¡ Probe-pass—Succeeded. ¡ Probe-fail—Failed. |
|
Severity level |
6 (Informational) |
|
Example |
NQA/6/NQA_ENTRY_PROBE_RESULT: Reaction entry 1 of NQA entry admin-name 1 operation-tag 1: Probe-pass. |
|
Impact |
No negative impact on the system. |
|
Cause |
Possible reasons for probe failure include: · The threshold for the reaction entry is excessively small. · Network degradation. |
|
Recommended action |
1. Execute the display current-configuration | include probe-fail command to view the configuration of the reaction entry. Use the reaction checked-element probe-fail command to edit the threshold value for reaction entry based on maintenance experience and network expectation. 2. Log in to the NQA server. If the NQA server is operating incorrectly, repair or restart it. 3. Use the ping command on both the device and NQA server to view the packet loss and delay. If the packet loss and delay exceed the expected ranges, troubleshoot the issues. 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
NQA_LOG_UNREACHABLE
|
Message text |
Server [STRING] unreachable. |
|
Variable fields |
$1: IP address of the NQA server. |
|
Severity level |
6 (Informational) |
|
Example |
NQA/6/NQA_LOG_UNREACHABLE: Server 192.168.30.117 unreachable. |
|
Impact |
No negative impact on the system. |
|
Cause |
An unreachable NQA server was detected. |
|
Recommended action |
1. Identify whether the IP address of the NQA server is correct based on the IP address in the message. If it is configured incorrectly, execute the destination command in NQA operation view to reconfigure the IP address of the NQA server. 2. Execute the display ip routing-table command to identify whether the device has routes to the NQA server. If the device has no routes to the NQA server, execute the ip route-static command to configure a static route, or configure a dynamic routing protocol to generate a route. 3. Execute the display interface command to view the state of the outbound interface to the NQA server. If the interface is in down state, resolve the interface failure. 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
NQA_START_FAILURE
|
Message text |
NQA entry ([STRING]-[STRING]): [STRING] |
|
Variable fields |
$1: Admin name of the NQA operation. $2: Operation tag of the NQA operation. $3: Failure reason: ¡ Operation failed due to configuration conflicts. ¡ Operation failed because the driver was not ready to perform the operation. ¡ Operation not supported. ¡ Not enough resources to complete the operation. ¡ Operation failed due to an unknown error. |
|
Severity level |
6 (Informational) |
|
Example |
NQA/6/NQA_START_FAILURE: NQA entry 1-1: Operation failed due to configuration conflicts. |
|
Impact |
No negative impact on the system. |
|
Cause |
· The operation failed due to configuration conflicts. · The operation failed because the driver was not ready to perform the operation. · The operation is not supported by the driver. · The operation failed due to resource insufficiency. · The operation failed due to an unknown error. |
|
Recommended action |
· If the NQA operation failed due to configuration conflicts, execute the display this command in NQA operation view to view the configuration of the NQA operation. Configure the NQA operation according to the NQA configuration guide and restart the operation. · If the NQA operation failed for other reasons, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
NQA_TWAMP_LIGHT_PACKET_INVALID
|
Message text |
NQA TWAMP Light test session [UINT32] index [UINT32]: The number of packets captured for statistics collection is invalid. |
|
Variable fields |
$1: Test session ID. $2: Serial number of the statistics data. |
|
Severity level |
6 (Informational) |
|
Example |
NQA/6/NQA_TWAMP_LIGHT_PACKET_INVALID: NQA TWAMP Light test session 1 index 7: The number of packets captured for statistics collection is invalid. |
|
Impact |
No negative impact on the system. |
|
Cause |
The statistics collection interval for the TWAMP Light test was shorter than the packet sending interval. Results of the test will not be included in statistics. |
|
Recommended action |
1. Execute the stop command in TWAMP Light sender view to stop the test. 2. Execute the start command in TWAMP Light sender view to start the test, and make sure the following conditions are met: ¡ The packet monitoring time is greater than the statistics collection interval. ¡ The statistics collection interval is greater than the packet sending interval. |
NQA_TWAMP_LIGHT_REACTION
|
Message text |
NQA TWAMP Light test session [UINT32] reaction entry [UINT32]: Detected continual violation of the [STRING] [STRING] threshold for a threshold violation monitor time of [UINT32] ms. |
|
Variable fields |
$1: Test session ID. $2: Reaction entry ID. $3: Reaction entry type: ¡ Two-way delay. ¡ Two-way loss. ¡ Two-way jitter. $4: Threshold violation value: ¡ upper—Be equal to or greater than the upper threshold limit. ¡ lower—Be equal to or less than the lower threshold limit. $5: Statistics collection interval. |
|
Severity level |
6 (Informational) |
|
Example |
NQA/6/NQA_TWAMP_LIGHT_REACTION: NQA TWAMP Light test session 1 reaction entry 1: Detected continual violation of the two-way loss upper threshold for a threshold violation monitor time of 2000 ms. |
|
Impact |
No negative impact on the system. |
|
Cause |
In a TWAMP Light test, the device monitors the test result, and starts the monitoring time when either of the following conditions is met: · The monitoring result goes beyond the upper threshold limit. · The monitoring result drops below the lower threshold limit from a monitoring result higher than the lower limit. If either condition is always true during the monitoring time, a threshold violation occurs. |
|
Recommended action |
No action is required. |
NQA_TWAMP_LIGHT_START_FAILURE
|
Message text |
Text 1: NQA TWAMP Light test session [UINT32]: Failed to start the test session. Reason: Invalid configuration. Text 2: NQA TWAMP Light test session [UINT32]: Failed to start the test session. Reason: Not enough resources. |
|
Variable fields |
$1: Test session ID. |
|
Severity level |
6 (Informational) |
|
Example |
NQAS/6/NQA_TWAMP_LIGHT_START_FAILURE: NQA TWAMP Light test session 1: Failed to start the test session. Reason: Invalid configuration. |
|
Impact |
No negative impact on the system. |
|
Cause |
The TWAMP Light responder failed to start the test session for one of the following reasons: · Invalid configuration. · Not enough resources. |
|
Recommended action |
· If the failure reason is invalid configuration, certain parameters in the test-session command are required but not configured for the TWAMP Light responder. Re-configure the test-session command based on the current network environment. · If the failure reason is resource insufficiency, release memory resources. For example, execute the logfile save command to manually save the contents in the log buffer to the log file and thus release the memory resources occupied by the log buffer. · If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
NSS messages
This section contains session-based NetStream messages.
NSS_ENABLE_FAIL
|
Message text |
Failed to apply the command session-based netstream enable to the driver. Reason: [STRING]. |
|
Variable fields |
$1: Failure reason: ¡ The operation is not supported. ¡ The operation conflicts with existing configuration. |
|
Severity level |
4 |
|
Example |
NSS/4/NSS_ENABLE_FAIL: Failed to apply the command session-based netstream enable to the driver. Reason: The operation is not supported. |
|
Explanation |
This message is sent when the system fails to issue the command session-based netstream enable to the driver. |
|
Recommended action |
· Verify that the NetStream interface module is present on the device, and then issue the command again. · Verify that sFlow and NetStream are disabled on the device. |
NSS_SESSION_TIMEOUT_FAIL
|
Message text |
Failed to apply the command session-based netstream session-timeout to the driver. Reason: [STRING]. |
|
Variable fields |
$1: Failure reason: ¡ The operation is not supported. |
|
Severity level |
4 |
|
Example |
NSS/4/NSS_SESSION_TIMEOUT_FAIL: Failed to apply the command session-based netstream session-timeout to the driver. Reason: The operation is not supported. |
|
Explanation |
This message is sent when the system fails to issue the command session-based netstream session-timeout to the driver. |
|
Recommended action |
Verify that the NetStream interface module is present on the device, and then issue the command again. |
NTP messages
This section contains NTP messages.
NTP_CLOCK_CHANGE
|
Message text |
System clock changed from [STRING] to [STRING], the NTP server's IP address is [STRING]. |
|
Variable fields |
$1: Time before synchronization. $2: Time after synchronization. $3: IP address. |
|
Severity level |
5 |
|
Example |
NTP/5/NTP_CLOCK_CHANGE: System clock changed from 02:12:58 12/28/2012 to 02:29:12 12/28/2012, the NTP server's IP address is 192.168.30.116. |
|
Explanation |
The NTP client has synchronized its time to the NTP server. |
|
Recommended action |
No action is required. |
NTP_LEAP_CHANGE
|
Message text |
System Leap Indicator changed from [UINT32] to [UINT32] after clock update. |
|
Variable fields |
$1: Original Leap Indicator. $2: Current Leap Indicator. |
|
Severity level |
5 |
|
Example |
NTP/5/NTP_LEAP_CHANGE: System Leap Indicator changed from 00 to 01 after clock update. |
|
Explanation |
The system Leap Indicator changed. For example, the NTP status changed from unsynchronized to synchronized. NTP Leap Indicator is a two-bit code warning of an impending leap second to be inserted in the NTP timescale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rolloverinterval) in the day of insertion to be increased or decreased by one. |
|
Recommended action |
No action is required. |
NTP_SOURCE_CHANGE
|
Message text |
NTP server's IP address changed from [STRING] to [STRING]. |
|
Variable fields |
$1: IP address of the original time source. $2: IP address of the new time source. |
|
Severity level |
5 |
|
Example |
NTP/5/NTP_SOURCE_CHANGE: NTP server's IP address changed from 1.1.1.1 to 1.1.1.2. |
|
Explanation |
The system changed the time source. |
|
Recommended action |
No action is required. |
NTP_SOURCE_LOST
|
Message text |
Lost synchronization with NTP server with IP address [STRING]. |
|
Variable fields |
$1: IP address. |
|
Severity level |
5 |
|
Example |
NTP/5/NTP_SOURCE_LOST: Lost synchronization with NTP server with IP address 1.1.1.1. |
|
Explanation |
The clock source of the NTP association is in unsynchronized state or it is unreachable. |
|
Recommended action |
1. Verify the NTP server and network connection. 2. For NTP server failures: ¡ Use the ntp-service unicast-server command to specify a new NTP server. ¡ Use the ntp-service multicast-client command to configure the device to operate in NTP multicast client mode and receive NTP multicast packets from a new NTP server. 3. If the problem persists, contract H3C Support. |
NTP_STRATUM_CHANGE
|
Message text |
System stratum changed from [UINT32] to [UINT32] after clock update. |
|
Variable fields |
$1: Original stratum. $2: Current stratum. |
|
Severity level |
5 |
|
Example |
NTP/5/NTP_STRATUM_CHANGE: System stratum changed from 6 to 5 after clock update. |
|
Explanation |
System stratum has changed. |
|
Recommended action |
No action is required. |
OAP messages
This section contains OAP messages.
OAP_CLIENT_DEREG
|
Message text |
OAP client [UINT32] on interface [STRING] deregistered. |
|
Variable fields |
$1: Client ID. $2: Interface type and name. |
|
Severity level |
5 |
|
Example |
OAP/5/OAP_CLIENT_DEREG: OAP client 1 on interface GigabitEthernet1/0/24 deregistered. |
|
Explanation |
The OAP client on an interface deregistered. |
|
Recommended action |
Check the login information of the OAP client. |
OAP_CLIENT_TIMEOUT
|
Message text |
OAP client [UINT32] on interface [STRING] timed out. |
|
Variable fields |
$1: Client ID. $2: Interface type and name. |
|
Severity level |
4 |
|
Example |
OAP/4/OAP_CLIENT_TIMEOUT: OAP client 1 on interface GigabitEthernet1/0/24 timed out. |
|
Explanation |
The OAP client on an interface was timed out. |
|
Recommended action |
Verify that the link is up. |
OBJP messages
This section contains object policy messages.
OBJP_ACCELERATE_NO_RES
|
Message text |
Failed to accelerate [STRING] object-policy [STRING]. The resources are insufficient. |
|
Variable fields |
$1: Object policy version. $2: Object policy name. |
|
Severity level |
4 (Warning) |
|
Example |
OBJP/4/OBJP_ACCELERATE_NO_RES: Failed to accelerate IPv6 object-policy a. The resources are insufficient. |
|
Impact |
The newly added rule that failed to be accelerated does not take effect, but it does not affect the previously successfully accelerated rules. |
|
Cause |
Object policy acceleration failed because of insufficient hardware resources. |
|
Recommended action |
Delete unnecessary rules or disable acceleration for other object policies to release hardware resources. |
OBJP_ACCELERATE_NOT_SUPPORT
|
Message text |
Failed to accelerate [STRING] object-policy [STRING]. The operation is not supported. |
|
Variable fields |
$1: Object policy version. $2: Object policy name. |
|
Severity level |
4 (Warning) |
|
Example |
OBJP/4/OBJP_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 object-policy a. Object-policy acceleration is not supported. |
|
Impact |
Rules that failed to be accelerated match packets at a low speed, which affects the forwarding efficiency. |
|
Cause |
Object policy acceleration failed because the system did not support acceleration. |
|
Recommended action |
No action is required. |
OBJP_ACCELERATE_UNK_ERR
|
Message text |
Failed to accelerate [STRING] object-policy [STRING]. |
|
Variable fields |
$1: Object policy version. $2: Object policy name. |
|
Severity level |
4 (Warning) |
|
Example |
OBJP/4/OBJP_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 object-policy a. |
|
Impact |
The newly added rule that failed to be accelerated does not take effect, but it does not affect the previously successfully accelerated rules. |
|
Cause |
Object policy acceleration failed because of a system failure. |
|
Recommended action |
No action is required. |
OFP messages
This section contains OpenFlow messages.
OFP_ACTIVE
|
Message text |
Activate openflow instance [UINT16]. |
|
Variable fields |
$1: Instance ID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_ACTIVE: Activate openflow instance 1. |
|
Impact |
N/A |
|
Cause |
A command is received from comsh to activate an OpenFlow instance. |
|
Recommended action |
No action is required. |
OFP_ACTIVE_FAILED
|
Message text |
Failed to activate instance [UINT16]. |
|
Variable fields |
$1: Instance ID. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_ACTIVE_FAILED: Failed to activate instance 1. |
|
Impact |
The OpenFlow instance cannot be used. |
|
Cause |
An OpenFlow instance failed to be activated. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
OFP_CONNECT
|
Message text |
Openflow instance [UINT16], controller [CHAR] is connected. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_CONNECT: Openflow instance 1, controller 0 is connected. |
|
Impact |
N/A |
|
Cause |
An OpenFlow instance was connected to a controller. |
|
Recommended action |
No action is required. |
OFP_DISCONNECT
|
Message text |
Openflow instance [UINT16], controller [STRING] is disconnected. disconnected reason:[STRING]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Disconnection reason. Possible values are: ¡ Undo commands executed ¡ Echo timeout ¡ Hello failed ¡ Receiving Hello packet timed out ¡ Receiving message failed ¡ Epoll error ¡ VRF deleted ¡ VRF global port down ¡ Failed to recycle the buffer ¡ AP down |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_DISCONNECT: Openflow instance 1, controller 1 is disconnected. disconnected reason: Echo timeout. |
|
Impact |
N/A |
|
Cause |
An OpenFlow instance was disconnected from a controller. For the disconnection reason, see the reason field. |
|
Recommended action |
As a best practice, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
OFP_FAIL_OPEN
|
Message text |
Openflow instance [UINT16] is in fail [STRING] mode. |
|
Variable fields |
$1: Instance ID. $2: Connection interruption mode: secure or standalone. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_FAIL_OPEN: Openflow instance 1 is in fail secure mode. |
|
Impact |
N/A |
|
Cause |
An activated instance cannot connect to any controller or is disconnected from all controllers. |
|
Recommended action |
No action is required. |
OFP_FAIL_OPEN_FAILED
|
Message text |
OpenFlow instance [UINT16]: [STRING] fail-open mode configuration failed and the secure mode is restored. |
|
Variable fields |
$1: Instance ID. $2: Connection interruption mode: secure or standalone. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_FAIL_OPEN_FAILED: OpenFlow instance 1: standalone fail-open mode configuration failed and the secure mode is restored. |
|
Impact |
The connection interruption mode failed to be configured for an OpenFlow instance. |
|
Cause |
Failed to set the connection interruption mode for an OpenFlow instance by using the fail-open mode command, and the connection interruption mode restored to the default (secure). |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
OFP_FLOW_ADD
|
Message text |
Openflow instance [UINT16] controller [CHAR]: add flow entry [UINT32], xid 0x[HEX], cookie 0x[HEX], table id [CHAR]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: XID. $5: Cookie of the flow entry. $6: Table ID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_FLOW_ADD: Openflow instance 1 controller 0: add flow entry 1, xid 0x1, cookie 0x0, table id 0. |
|
Impact |
N/A |
|
Cause |
A flow entry is to be added to a flow table, according to a flow table modification message that has passed the packet check. |
|
Recommended action |
No action is required. |
OFP_FLOW_ADD_ARP_FAILED
|
Message text |
Failed to add OpenFlow ARP entry: IPAddr=[STRING], OutIfIndex=[UINT32], MACAddr=[STRING]. |
|
Variable fields |
$1: IP address in an OpenFlow ARP entry. $2: Index of the outgoing interface in the OpenFlow ARP entry. $3: MAC address in the OpenFlow ARP entry. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_FLOW_ADD_ARP_FAILED: Failed to add OpenFlow ARP entry: IPAddr=102.0.1.1, OutIfIndex=605, MACAddr=0002-0300-0002. |
|
Impact |
N/A |
|
Cause |
Failed to add an OpenFlow ARP entry. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
OFP_FLOW_ADD_BUSY
|
Message text |
The device is busy adding a large number of OpenFlow messages. Please do not reboot the active MPU. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_FLOW_ADD_BUSY: The device is busy adding a large number of OpenFlow messages. Please do not reboot the active MPU. |
|
Impact |
N/A |
|
Cause |
The device is busing adding a large number of OpenFlow flow messages. |
|
Recommended action |
As a best practice to prevent standby MPUs from rebooting twice, do not reboot the active MPU. |
OFP_FLOW_ADD_BUSY_RECOVER
|
Message text |
Finished adding a large number of OpenFlow messages. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_FLOW_ADD_BUSY_RECOVER: Finished adding a large number of OpenFlow messages. |
|
Impact |
N/A |
|
Cause |
The OpenFlow controller has finished adding a large number of OpenFlow flow messages to the device. The device is not busy any longer. |
|
Recommended action |
No action is required. |
OFP_FLOW_ADD_DUP
|
Message text |
|
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: XID. $5: Cookie. $6: Table ID. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
N/A |
|
Cause |
A duplicate flow entry was added. |
|
Recommended action |
No action is required. |
OFP_FLOW_ADD_FAILED
|
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to add flow entry [UINT32],table id [CHAR],because of insufficient resources. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: Table ID. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_FLOW_ADD_FAILED: Openflow instance 1 controller 0: failed to add flow entry 641,table id 0,because of insufficient resources. |
|
Impact |
The traffic forwarding function of the flow entry is unavailable. |
|
Cause |
A flow entry failed to be added because of insufficient resources. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
OFP_FLOW_ADD_FAILED
|
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to add flow entry [UINT32], table id [CHAR]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: Table ID. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_FLOW_ADD_FAILED: Openflow instance 1 controller 0: failed to add flow entry 1, table id 0. |
|
Impact |
The traffic forwarding function of the flow entry is unavailable. |
|
Cause |
Failed to add a flow entry. |
|
Recommended action |
No action is required. |
OFP_FLOW_ADD_ND_FAILED
|
Message text |
Failed to add OpenFlow ND entry: IPv6Addr=[STRING], OutIfIndex=[UINT32], MACAddr=[STRING]. |
|
Variable fields |
$1: IPv6 address in an OpenFlow ND entry. $2: Index of the outgoing interface in the OpenFlow ND entry. $3: MAC address in the OpenFlow ND entry. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_FLOW_ADD_ND_FAILED: Failed to add OpenFlow ND entry: IPv6Addr=1:1::1:1, OutIfIndex=5, MACAddr=1-1-1. |
|
Impact |
N/A |
|
Cause |
Failed to add an OpenFlow ND entry. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
OFP_FLOW_ADD_TABLE_MISS
|
Message text |
Openflow instance [UINT16] controller [CHAR]: add table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_FLOW_ADD_TABLE_MISS: Openflow instance 1 controller 0: add table miss flow entry, xid 0x1, cookie 0x0, table id 0. |
|
Impact |
N/A |
|
Cause |
A table-miss flow entry is to be added to a flow table, according to a flow table modification message that has passed the packet check. |
|
Recommended action |
No action is required. |
OFP_FLOW_ADD_TABLE_MISS_FAILED
|
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to add table miss flow entry, table id [CHAR]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Table ID. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_FLOW_ADD_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to add table miss flow entry, table id 0. |
|
Impact |
This table-miss flow entry is unavailable. |
|
Cause |
Failed to add a table-miss flow entry. |
|
Recommended action |
No action is required. |
OFP_FLOW_DEL
|
Message text |
Openflow instance [UINT16] controller [CHAR]: delete flow entry, xid 0x[HEX], cookie 0x[HEX], table id [STRING]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_FLOW_DEL: Openflow instance 1 controller 0: delete flow entry, xid 0x1, cookie 0x0, table id 0. |
|
Impact |
N/A |
|
Cause |
A list of flow entries are to be deleted, according to a flow table modification message that has passed the packet check. |
|
Recommended action |
No action is required. |
OFP_FLOW_DEL_L2VPN_DISABLE
|
Message text |
[UINT32] flow entries in table [UINT8] of instance [UINT16] were deleted because L2VPN was disabled. |
|
Variable fields |
$1: Total number of deleted flow entries. $2: Table ID. $3: Instance ID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_FLOW_DEL_L2VPN_DISABLE: 2 flow entries in table 1 of instance 1 were deleted because L2VPN was disabled. |
|
Impact |
N/A |
|
Cause |
Multiple OpenFlow flow entries were deleted because L2VPN was disabled. |
|
Recommended action |
No action is required. |
OFP_FLOW_DEL_TABLE_MISS
|
Message text |
Openflow instance [UINT16] controller [CHAR]: delete table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [STRING]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_FLOW_DEL_TABLE_MISS: Openflow instance 1 controller 0: delete table miss flow entry, xid 0x1, cookie 0x0, table id 0. |
|
Impact |
N/A |
|
Cause |
A list of table-misses flow entries are to be deleted, according to a flow table modification message that has passed the packet check. |
|
Recommended action |
No action is required. |
OFP_FLOW_DEL_TABLE_MISS_FAILED
|
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to delete table miss flow entry, table id [STRING]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Table ID. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_FLOW_DEL_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to delete table miss flow entry, table id 0. |
|
Impact |
The old table-miss flow entry still takes effect. |
|
Cause |
Failed to delete a table-miss flow entry. |
|
Recommended action |
No action is required. |
OFP_FLOW_DEL_VSIIF_DEL
|
Message text |
[UINT32] flow entries in table [UINT8] of instance [UINT16] were deleted because the Vsi-interface in VSI [STRING] was deleted. |
|
Explanation |
Flow entries were deleted because the Vsi-interface in a VSI was deleted. |
|
Variable fields |
$1: Total number of deleted flow entries. $2: Flow table ID. $3: Instance ID. $4: VSI name. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_FLOW_DEL_VSIIF_DEL: 5 flow entries in table 1 of instance 1 were deleted because the Vsi-interface in VSI VSI-OFP was deleted. |
|
Impact |
N/A |
|
Cause |
The VSI interface in a VSI was deleted. |
|
Recommended action |
No action is required. |
OFP_FLOW_DEL_VXLAN_DEL
|
Message text |
[UINT32] flow entries in table [UINT8] of instance [UINT16] were deleted because a tunnel (ifindex [UINT32]) in VXLAN [UINT32] was deleted. |
|
Variable fields |
$1: Total number of deleted flow entries. $2: Table ID. $3: Instance ID. $4: Index of a tunnel interface. $5: VXLAN ID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_FLOW_DEL_VXLAN_DEL: 2 flow entries in table 1 of instance 1 were deleted because a tunnel (ifindex 141) in VXLAN 1 was deleted. |
|
Impact |
N/A |
|
Cause |
A VXLAN tunnel was deleted. |
|
Recommended action |
No action is required. |
OFP_FLOW_MOD
|
Message text |
Openflow instance [UINT16] controller [CHAR]: modify flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_FLOW_MOD: Openflow instance 1 controller 0: modify flow entry, xid 0x1, cookie 0x0, table id 0. |
|
Impact |
N/A |
|
Cause |
A list of flow entries are to be modified, according to a flow table modification message that has passed the packet check. |
|
Recommended action |
No action is required. |
OFP_FLOW_MOD_FAILED
|
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to modify flow entry, table id [CHAR]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Table ID. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_FLOW_MOD_FAILED: Openflow instance 1 controller 0: failed to modify flow entry, table id 0. |
|
Impact |
The old flow entry still takes effect. |
|
Cause |
Failed to modify a flow entry. |
|
Recommended action |
The controller must retry to modify the flow entry. If the flow entry still cannot be modified, the controller will delete it. |
OFP_FLOW_MOD_TABLE_MISS
|
Message text |
Openflow instance [UINT16] controller [CHAR]: modify table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_FLOW_MOD_TABLE_MISS: Openflow instance 1 controller 0: modify table miss flow entry, xid 0x1, cookie 0x0, table id 0. |
|
Impact |
N/A |
|
Cause |
A list of flow entries are to be modified, according to a flow table modification message that has passed the packet check. |
|
Recommended action |
No action is required. |
OFP_FLOW_MOD_TABLE_MISS_FAILED
|
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to modify table miss flow entry, table id [CHAR]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Table ID. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_FLOW_MOD_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to modify table miss flow entry, table id 0. |
|
Impact |
The old table-miss flow entry still takes effect. |
|
Cause |
Failed to modify a table-miss flow entry. |
|
Recommended action |
The controller must retry to modify the table-miss flow entry. If the entry still cannot be modified, the controller will delete it. |
OFP_FLOW_RMV_GROUP
|
Message text |
The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted with a group_mod message. |
|
Variable fields |
$1: Rule ID. $2: Table ID. $3: Instance ID. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
N/A |
|
Cause |
A flow entry was deleted due to a group modification message. |
|
Recommended action |
No action is required. |
OFP_FLOW_RMV_HARDTIME
|
Message text |
|
|
Variable fields |
$1: Rule ID. $2: Table ID. $3: Instance ID. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
N/A |
|
Cause |
A flow entry was deleted because of a hard time expiration. |
|
Recommended action |
No action is required. |
OFP_FLOW_RMV_IDLETIME
|
Message text |
|
|
Variable fields |
$1: Rule ID. $2: Table ID. $3: Instance ID. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
N/A |
|
Cause |
A flow entry was deleted because of an idle time expiration. |
|
Recommended action |
No action is required. |
OFP_FLOW_RMV_METER
|
Message text |
The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted with a meter_mod message. |
|
Variable fields |
$1: Rule ID. $2: Table ID. $3: Instance ID. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
N/A |
|
Cause |
A flow entry was deleted due to a meter modification message. |
|
Recommended action |
No action is required. |
OFP_FLOW_UPDATE_FAILED
|
Message text |
OpenFlow instance [UINT16] table [CHAR]: failed to update or synchronize flow entry [UINT32]. |
|
Variable fields |
$1: Instance ID. $2: Table ID. $3: Flow entry ID. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_FLOW_UPDATE_FAILED: OpenFlow instance 1 table 0: failed to update or synchronize flow entry 10000. |
|
Impact |
The updated or synchronized flow entry is lost. |
|
Cause |
When an active/standby switchover occurred, the new active MPU failed to update flow entries. When a new interface card was installed on the device, the interface card failed to synchronize flow entries from the MPUs. When a master/subordinate switchover occurred in an IRF fabric, the new master device failed to update flow entries. When new member devices joined an IRF fabric, the new member devices failed to synchronize flow entries from the master device. |
|
Recommended action |
Delete the flow entries that fail to be deployed. |
OFP_GROUP_ADD
|
Message text |
Openflow instance [UINT16] controller [CHAR]: add group [STRING], xid 0x[HEX]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_GROUP_ADD: Openflow instance 1 controller 0: add group 1, xid 0x1. |
|
Impact |
N/A |
|
Cause |
A group entry is to be added to a group table, according to a group table modification message that has passed the packet check. |
|
Recommended action |
No action is required. |
OFP_GROUP_ADD_FAILED
|
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to add group [STRING]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Group ID. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_GROUP_ADD_FAILED: Openflow Instance 1 controller 0: failed to add group 1. |
|
Impact |
The traffic forwarding function of the group entry is unavailable. |
|
Cause |
Failed to add a group entry. |
|
Recommended action |
No action is required. |
OFP_GROUP_DEL
|
Message text |
Openflow instance [UINT16] controller [CHAR]: delete group [STRING], xid [HEX]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_GROUP_DEL: Openflow instance 1 controller 0: delete group 1, xid 0x1. |
|
Impact |
N/A |
|
Cause |
A group entry is to be deleted, according to a group table modification message that has passed the packet check. |
|
Recommended action |
No action is required. |
OFP_GROUP_MOD
|
Message text |
Openflow instance [UINT16] controller [CHAR]: modify group [STRING], xid 0x[HEX]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_GROUP_MOD: Openflow instance 1 controller 0: modify group 1, xid 0x1. |
|
Impact |
N/A |
|
Cause |
A group entry is to be modified, according to a group table modification message that has passed the packet check. |
|
Recommended action |
No action is required. |
OFP_GROUP_MOD_FAILED
|
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to modify group [STRING]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Group ID. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_GROUP_MOD_FAILED: Openflow instance 1 controller 0: failed to modify group 1. |
|
Impact |
The old group entry still takes effect. |
|
Cause |
Failed to modify a group entry. |
|
Recommended action |
The controller must retry to modify the group. If the group still cannot be modified, the controller will delete it. |
OFP_GROUP_REFRESH_FAILED
|
Message text |
Openflow instance [STRING]:Failed to refresh group [STRING]. |
|
Variable fields |
$1: Instance ID. $2: Group ID. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_GROUP_REFRESH_FAILED: Openflow instance 1:Failed to refresh group 1. |
|
Impact |
N/A |
|
Cause |
After the controller successfully deploys a group to the device, the interface information of some buckets in the group must be refreshed if interface cards are plugged or unplugged or interfaces are deleted or re-created on the device. However, the group fails to be refreshed because the hardware resources are insufficient or the device fails. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
OFP_GROUP_ROLLBACK_FAILED
|
Message text |
Openflow instance [STRING]:Failed to roll back group [STRING]. |
|
Variable fields |
$1: Instance ID. $2: Group ID. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_GROUP_ROLLBACK_FAILED: Openflow instance 1:Failed to roll back group 1. |
|
Impact |
N/A |
|
Cause |
When the controller fails to modify the group of the device, the device needs to roll the group back to the status before modification. However, rolling back the group fails because the hardware resources are insufficient or the device fails. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
OFP_METER_ADD
|
Message text |
Openflow instance [UINT16] controller [CHAR]: add meter [STRING], xid 0x[HEX]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_METER_ADD: Openflow instance 1 controller 0: add meter 1, xid 0x1. |
|
Impact |
N/A |
|
Cause |
A meter entry is to be added to a meter table. |
|
Recommended action |
No action is required. |
OFP_METER_ADD_FAILED
|
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to add meter [STRING]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Meter ID. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_METER_ADD_FAILED: Openflow Instance 1 controller 0: failed to add meter 1. |
|
Impact |
N/A |
|
Cause |
Failed to add a meter entry. |
|
Recommended action |
No action is required. |
OFP_METER_DEL
|
Message text |
Openflow instance [UINT16] controller [CHAR]: delete meter [STRING], xid 0x[HEX]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_METER_DEL: Openflow instance 1 controller 0: delete meter 1, xid 0x1. |
|
Impact |
N/A |
|
Cause |
A meter entry is to be deleted, according to a meter table modification message that has passed the packet check. |
|
Recommended action |
No action is required. |
OFP_METER_MOD
|
Message text |
Openflow instance [UINT16] controller [CHAR]: modify meter [STRING], xid 0x[HEX]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_METER_MOD: Openflow Instance 1 controller 0: modify meter 1, xid 0x1. |
|
Impact |
N/A |
|
Cause |
A meter entry is to be modified, according to a meter table modification message that has passed the packet check. |
|
Recommended action |
No action is required. |
OFP_METER_MOD_FAILED
|
Message text |
Openflow instance [UINT16] controller [CHAR]: failed to modify meter [STRING]. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: Meter ID. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_METER_MOD_FAILED: Openflow instance 1 controller 0: failed to modify meter 1. |
|
Impact |
The old meter entry still takes effect. |
|
Cause |
Failed to modify a meter entry. |
|
Recommended action |
The controller must retry to modify the meter entry. If the meter entry still cannot be modified, the controller will delete it. |
OFP_MISS_RMV_GROUP
|
Message text |
The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted with a group_mod message. |
|
Variable fields |
$1: Table ID. $2: Instance ID. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
N/A |
|
Cause |
The table-miss flow entry was deleted due to a group modification message. |
|
Recommended action |
No action is required. |
OFP_MISS_RMV_HARDTIME
|
Message text |
|
|
Variable fields |
$1: Table ID. $2: Instance ID. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
N/A |
|
Cause |
The table-miss flow entry was deleted because of a hard time expiration. |
|
Recommended action |
No action is required. |
OFP_MISS_RMV_IDLETIME
|
Message text |
|
|
Variable fields |
$1: Table ID. $2: Instance ID. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
N/A |
|
Cause |
The table-miss flow entry was deleted because of an idle time expiration. |
|
Recommended action |
No action is required. |
OFP_MISS_RMV_METER
|
Message text |
The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted with a meter_mod message. |
|
Variable fields |
$1: Table ID. $2: Instance ID. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
N/A |
|
Cause |
The table-miss flow entry was deleted due to a meter modification message. |
|
Recommended action |
No action is required. |
OFP_SMARTGROUP_BIND
|
Message text |
Bind target [UINT32] to program [UINT32] by flow ID map [UINT32]. |
|
Variable fields |
$1: Target ID. $2: Program ID. $3: Flow ID map value, in decimal notation. ¡ A flow ID map include one or more flow IDs. In the binary notation of the map value, bits from right to left represents flow IDs 0 through 31. For example, if the value of the flow ID map is 7, the corresponding binary value is 00000000 00000000 00000000 00000111, which indicates that the flow ID map includes flow IDs 0, 1, and 2. ¡ Flow ID map 0 indicates that the flow ID map includes all flow IDs. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_SMARTGROUP_BIND: Bind target 1 to program 2 by flow ID map 7. |
|
Impact |
N/A |
|
Cause |
The device received a message from the controller and was about to bind target group entries to program group entries. A target group entry can be bound only to one program group entry with the same flow ID. In the example, the device needs to perform the following binding operations: · Bind target group entry with target ID 1 and flow ID 0 to program group entry with program ID 2 and flow ID 0. · Bind target group entry with target ID 1 and flow ID 1 to program group entry with program ID 2 and flow ID 1. · Bind target group entry with target ID 1 and flow ID 2 to program group entry with program ID 2 and flow ID 2. |
|
Recommended action |
No action is required. |
OFP_SMARTGROUP_BIND_FAILED
|
Message text |
Failed to bind target [UINT32] to program [UINT32] by flow ID map [UINT32]. |
|
Variable fields |
$1: Target ID. $2: Program ID. $3: Flow ID map value, in decimal notation. ¡ A flow ID map include one or more flow IDs. In the binary notation of the map value, bits from right to left represents flow IDs 0 through 31. For example, if the value of the flow ID map is 7, the corresponding binary value is 00000000 00000000 00000000 00000111, which indicates that the flow ID map includes flow IDs 0, 1, and 2. ¡ Flow ID map 0 indicates that the flow ID map includes all flow IDs. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_SMARTGROUP_BIND_FAILED: Failed to bind target 1 to program 2 by flow ID map 7. |
|
Impact |
A program group entry failed to obtain the action bucket of the target group entry. |
|
Cause |
The device failed to bind target group entries to program group entries. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
OFP_SMARTGROUP_NEW_BIND
|
Message text |
Bind target [UINT32] to program [UINT32] by flow ID map [UINT32]. |
|
Variable fields |
$1: Target ID. $2: Program ID. $3: Flow ID map value, in decimal notation. ¡ A flow ID map include one or more flow IDs. In the binary notation of the map value, bits from right to left represents flow IDs 0 through 31. For example, if the value of the flow ID map is 7, the corresponding binary value is 00000000 00000000 00000000 00000111, which indicates that the flow ID map includes flow IDs 0, 1, and 2. ¡ Flow ID map 0 indicates that the flow ID map includes all flow IDs. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_SMARTGROUP_NEW_BIND: Bind target 1 to program 2 by flow ID map 7. |
|
Impact |
N/A |
|
Cause |
The device received a message from the controller and was about to bind target group entries to program group entries. In the example, the device needs to perform the following binding operations: · Bind target group entry with target ID 1 and flow ID 0 to program group entry with program ID 2 and flow ID 0. · Bind target group entry with target ID 1 and flow ID 1 to program group entry with program ID 2 and flow ID 1. · Bind target group entry with target ID 1 and flow ID 2 to program group entry with program ID 2 and flow ID 2. |
|
Recommended action |
No action is required. |
OFP_SMARTGROUP_NEW_BIND_FAILED
|
Message text |
Failed to bind target [UINT32] to program [UINT32] by flow ID map [UINT32]. |
|
Variable fields |
$1: Target ID. $2: Program ID. $3: Flow ID map value, in decimal notation. ¡ A flow ID map include one or more flow IDs. In the binary notation of the map value, bits from right to left represents flow IDs 0 through 31. For example, if the value of the flow ID map is 7, the corresponding binary value is 00000000 00000000 00000000 00000111, which indicates that the flow ID map includes flow IDs 0, 1, and 2. ¡ Flow ID map 0 indicates that the flow ID map includes all flow IDs. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_SMARTGROUP_NEW_BIND_FAILED: Failed to bind target 1 to program 2 by flow ID map 7. |
|
Impact |
A program group entry failed to obtain the action bucket of the target group entry. |
|
Cause |
The device failed to bind target group entries to program group entries. |
|
Recommended action |
Contact Technical Support. |
OFP_SMARTGROUP_REBIND
|
Message text |
Unbind target [UINT32] from program [UINT32] and bind target [UINT32] to program [UINT32] by flow ID map [UINT32]. |
|
Variable fields |
$1: Target ID. $2: Program ID. $3: Target ID. $4: Program ID. $5: Flow ID map value, in decimal notation. ¡ A flow ID map include one or more flow IDs. In the binary notation of the map value, bits from right to left represents flow IDs 0 through 31. For example, if the value of the flow ID map is 7, the corresponding binary value is 00000000 00000000 00000000 00000111, which indicates that the flow ID map includes flow IDs 0, 1, and 2. ¡ Flow ID map 0 indicates that the flow ID map includes all flow IDs. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_SMARTGROUP_REBIND: Unbind target 1 from program 1 and bind target 1 to program 2 by flow ID map 7. |
|
Impact |
The action bucket of the target group entry is moved to the new program group entry, enabling service flow switching. |
|
Cause |
The device received a message from the controller and was about to rebind target group entries to new program group entries. A target group entry can be bound only to the program group entry with the same flow ID. In the example, the device needs to perform the following binding operations: · First unbind target group entry with target ID 1 and flow ID 0 from program group entry with program ID 1 and flow ID 0. Then, bind the target group entry to program group entry with program ID 2 and flow ID 0. · First unbind target group entry with target ID 1 and flow ID 1 from program group entry with program ID 1 and flow ID 1. Then, bind the target group entry to program group entry with program ID 2 and flow ID 1. · First unbind target group entry with target ID 1 and flow ID 2 from program group entry with program ID 1 and flow ID 2. Then, bind the target group entry to program group entry with program ID 2 and flow ID 2. |
|
Recommended action |
No action is required. |
OFP_SMARTGROUP_REBIND_FAILED
|
Message text |
Failed to unbind target [UINT32] from program [UINT32] and bind target [UINT32] to program [UINT32] by flow ID map [UINT32]. |
|
Variable fields |
$1: Target ID. $2: Program ID. $3: Target ID. $4: Program ID. $5: Flow ID map value, in decimal notation. ¡ A flow ID map include one or more flow IDs. In the binary notation of the map value, bits from right to left represents flow IDs 0 through 31. For example, if the value of the flow ID map is 7, the corresponding binary value is 00000000 00000000 00000000 00000111, which indicates that the flow ID map includes flow IDs 0, 1, and 2. ¡ Flow ID map 0 indicates that the flow ID map includes all flow IDs. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_SMARTGROUP_REBIND_FAILED: Failed to unbind target 1 from program 1 and bind target 1 to program 2 by flow ID map 7. |
|
Impact |
Service flow switching might fail. |
|
Cause |
The device failed to rebind target group entries to program group entries. |
|
Recommended action |
Contact Technical Support. |
OFP_SMARTGROUP_UNBIND
|
Message text |
Unbind target [UINT32] from program [UINT32] by flow ID map [UINT32]. |
|
Variable fields |
$1: Target ID. $2: Program ID. $3: Flow ID map value, in decimal notation. ¡ A flow ID map include one or more flow IDs. In the binary notation of the map value, bits from right to left represents flow IDs 0 through 31. For example, if the value of the flow ID map is 7, the corresponding binary value is 00000000 00000000 00000000 00000111, which indicates that the flow ID map includes flow IDs 0, 1, and 2. ¡ Flow ID map 0 indicates that the flow ID map includes all flow IDs. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_SMARTGROUP_UNBIND: Unbind target 1 from program 2 by flow ID map 7. |
|
Impact |
Once the program group entry is unbound from the action bucket of the target group entry, forwarding actions will no longer be performed. |
|
Cause |
The device received a message from the controller and was about to unbind target group entries from program group entries. |
|
Recommended action |
No action is required. |
OFP_SMARTGROUP_UNBIND_FAILED
|
Message text |
Failed to unbind target [UINT32] from program [UINT32] by flow ID map [UINT32]. |
|
Variable fields |
$1: Target ID. $2: Program ID. $3: Flow ID map value, in decimal notation. ¡ A flow ID map include one or more flow IDs. In the binary notation of the map value, bits from right to left represents flow IDs 0 through 31. For example, if the value of the flow ID map is 7, the corresponding binary value is 00000000 00000000 00000000 00000111, which indicates that the flow ID map includes flow IDs 0, 1, and 2. ¡ Flow ID map 0 indicates that the flow ID map includes all flow IDs. |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_SMARTGROUP_UNBIND_FAILED: Failed to unbind target 1 from program 2 by flow ID map 7. |
|
Impact |
A program group entry still maintains the action bucket of the target group entry. |
|
Cause |
The device failed to unbind target group entries from program group entries. |
|
Recommended action |
Contact Technical Support. |
OFP_TTP_GROUP_DEL_DENY
|
Message text |
Openflow instance [STRING] controller [CHAR]: Failed to delete TTP group [STRING], XID [HEX]. Reason: The TTP group is used by another TTP group. |
|
Variable fields |
$1: Instance ID. $2: Controller ID. $3: TTP group entry ID. $4: XID (transaction ID). |
|
Severity level |
4 (Warning) |
|
Example |
OFP/4/OFP_TTP_GROUP_DEL_DENY: Openflow instance 1 controller 0: Failed to delete TTP group 1, XID 0x1. Reason: The TTP group is used by another TTP group. |
|
Impact |
Failed to delete a TTP group entry. |
|
Cause |
Failed to delete a TTP group entry because the group entry is being used by another group entry. |
|
Recommended action |
To delete the TTP group entry, first delete the TTP group entry that is using this entry. |
OFP_RADARDETECTION
|
Message text |
inIfIndex = [UINT32], packageId = [UINT16], innerTTL = [CHAR], outerTTL = [CHAR]. |
|
Variable fields |
$1: Index of the ingress port of the packet. $2: Packet identifier. $3: Time To Live value in the inner IP header of the packet. $4: Time To Live value in the outer IP header of the packet. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/OFP_RADARDETECTION: inIfIndex = 1, packageId = 1, innerTTL = 128, outerTTL = 128. |
|
Impact |
N/A |
|
Cause |
A packet used for radar detection or VM simulation was received. |
|
Recommended action |
No action is required. |
PORT_MOD
|
Message text |
Port modified. InstanceID =[UINT16], IfIndex =[UINT32], PortDown=[STRING], NoRecv=[STRING], NoFwd=[STRING], NoPktIn=[STRING], Speed=[STRING], Duplex=[STRING]. |
|
Variable fields |
$1: Instance ID. $2: Interface index. $3: Whether to set the status of the interface to down: · NoChange—Does not change the status of the interface. · True—Sets the status of the interface to down. · False—Sets the status of the interface to up. $4: Whether to disable the interface from receiving packets: · NoChange—Does not change the setting of the interface. · True—Disables the interface from receiving packets. · False—Enables the interface to receive packets. $5: Whether to disable the interface from forwarding packets: · NoChange—Does not change the setting of the interface. · True—Disables the interface from forwarding packets. · False—Enables the interface to forward packets. $6: Whether to disable the interface from sending packets to the controller: · NoChange—Does not change the setting of the interface. · True—Disables the interface from sending packets to the controller. · False—Enables the interface to send packets to the controller. $7: Sets the speed of the interface. An empty field means that the interface speed is not set. The field has the following possible values: · Auto—Enables the interface to negotiate a speed with its peer. · Error—Sets the interface speed to an unsupported value. · 10M—Sets the interface speed to 10 Mbps. · 100M—Sets the interface speed to 100 Mbps. · 1G—Sets the interface speed to 1 Gbps. · 10G—Sets the interface speed to 10 Gbps. $8: Sets the duplex mode of the interface. An empty filed means that the duplex mode of the interface is not set. The field has the following possible values: · Full—Configures the interface to operate in full duplex mode. · Half—Configures the interface to operate in half duplex mode. · Auto—Configures the interface to negotiate the duplex mode with the peer. · Error—Configures the interface to operate in an unsupported duplex mode. |
|
Severity level |
5 (Notification) |
|
Example |
OFP/5/PORT_MOD: Port modified. InstanceID =1, IfIndex =2, PortDown=True, NoRecv=NoChange, NoFwd=NoChange, NoPktIn=NoChange, Speed=, Duplex=. |
|
Impact |
N/A |
|
Cause |
The controller modified the settings of an interface in an OpenFlow instance. |
|
Recommended action |
No action is required. |
ONVIF messages
This section contains ONVIF (Open Network Video Interface Forum) messages.
ONVIF_ENDPOINT_CHANGE
|
Message text |
Detected the change of an endpoint: MAC address=[STRING], IP address=[STRING], VLAN=[UINT16], interface=[STRING]. |
|
Variable fields |
$1: Endpoint MAC address. $2: Endpoint IP address after the change. $3: VLAN to which the endpoint belongs after the change. $4: Interface through which the endpoint comes online after the change. |
|
Severity level |
6 (Informational) |
|
Example |
ONVIF/6/ONVIF_ENDPOINT_CHANGE: Detected the change of an endpoint: MAC address=12c2-d4ed-0200, IP address=192.168.254.24, VLAN=1, interface=GigabitEthernet1/0/1. |
|
Impact |
No impact on the system. |
|
Cause |
ONVIF detected that one or more of the following parameters has changed on an endpoint: · Endpoint IP address. · Endpoint VLAN. · Interface from which the endpoint comes online. |
|
Recommended action |
No action is required. |
ONVIF_ENDPOINT_OFFLINE
|
Message text |
Detected the disassociation of an endpoint: MAC address=[STRING], IP address=[STRING], VLAN=[UINT16], interface=[STRING]. |
|
Variable fields |
$1: Endpoint MAC address. $2: Endpoint IP address. $3: VLAN to which the endpoint belongs. $4: Interface through which the endpoint comes online. |
|
Severity level |
6 (Informational) |
|
Example |
ONVIF/6/ONVIF_ENDPOINT_OFFLINE: Detected the disassociation of an endpoint: MAC address=12c2-d4ed-0200, IP address=192.168.254.24, VLAN=1, interface=GigabitEthernet1/0/1. |
|
Impact |
No impact on the system. |
|
Cause |
ONVIF detected that the endpoint went offline. |
|
Recommended action |
· If the administrator disassociates the endpoint (by disconnecting the cable or restarting the endpoint), no action is required. · If the disassociation is caused by non-administrator-operation reason, perform the following tasks: a. Verify that the power supply is correct for the endpoint. b. Verify that the endpoint is in healthy state. c. Verify that the link between the endpoint and device is connected correctly. If fault exists, you can remove and connect the network cable, replace the network cable, or change the connection interface to resolve the issue. |
ONVIF_ENDPOINT_ONLINE
|
Message text |
Detected the association of an endpoint: MAC address=[STRING], IP address=[STRING], VLAN ID=[UINT16], interface=[STRING]. |
|
Variable fields |
$1: Endpoint MAC address. $2: Endpoint IP address. $3: VLAN to which the endpoint belongs. $4: Interface through which the endpoint comes online. |
|
Severity level |
6 (Informational) |
|
Example |
ONVIF/6/ONVIF_ENDPOINT_ONLINE: Detected the association of an endpoint: MAC address=b4a3-8267-bc03, IP address=192.168.254.24, VLAN ID=1, interface=GigabitEthernet1/0/1. |
|
Impact |
No impact on the system. |
|
Cause |
ONVIF detected that the endpoint came online. |
|
Recommended action |
No action is required. |
OPENSRC (FreeRADIUS) messages
This section contains FreeRADIUS system log messages.
HUP event
|
Message text |
[DATE] [TIME] radiusd[UINT32]: [STRING] |
|
Variable fields |
$1: Date in month abbreviation and day format. $2: Time in hh:mm:ss format. $3: FreeRADIUS process ID. $4: HUP event description, as listed in Table 6. |
|
Severity level |
6 |
|
Example |
OPENSRC/6/SYSLOG: Jan 1 01:14:04 radiusd[427]: Received HUP sign |
|
Explanation |
A HUP signal was received and the user configuration was reloaded for authentication, including the user name, password, authorization VLAN, authorization ACL, and user validity period. The HUP signal could be ignored if it arrived in less than 5 seconds since the last signal reception. |
|
Recommended action |
For the recommended action for each event, see Table 6. |
|
Explanation |
Recommended action |
|
|
Received HUP sign |
A HUP signal was received. |
No action is required. |
|
Module: Reloaded module "files" |
The module configuration file was reloaded. |
No action is required. |
|
HUP - Files loaded by a module have changed. |
A HUP signal was received and the configuration file was reloaded. |
No action is required. |
|
Ignoring HUP (less than 5s since last one) |
The HUP signal was ignored because it was less than 5 seconds since the last signal reception. |
To immediately activate the new user configuration, use the radius-server activate command. |
Process restart event
|
Message text |
[DATE] [TIME] radiusd[UINT32]: [STRING] |
|
Variable fields |
$1: Date in month abbreviation and day format. $2: Time in hh:mm:ss format. $3: FreeRADIUS process ID. $4: Process restart event description, as listed in Table 7. |
|
Severity level |
6 |
|
Example |
OPENSRC/6/SYSLOG: Jan 1 02:00:02 radiusd[427]: Signalled to terminate |
|
Explanation |
The current process was terminated and restarted. |
|
Recommended action |
No action is required. |
Table 7 Process restart events
|
Process restart event |
Explanation |
|
Signalled to terminate |
A process termination signal was received. |
|
Exiting normally |
The process was closed. |
|
Debugger not attached |
Debugging was disabled for the process. |
|
Loaded virtual server <default> |
The virtual server was loaded. |
|
Loaded virtual server inner-tunnel |
The inner tunnel of the virtual server was loaded. |
|
Loaded virtual server default |
The default configuration of the virtual server was loaded. |
|
Ready to process requests |
Ready to process authentication packets. |
Process start event
|
Message text |
[DATE] [TIME] radiusd[UINT32]: [STRING] |
|
Variable fields |
$1: Date in month abbreviation and day format. $2: Time in hh:mm:ss format. $3: FreeRADIUS process ID. $4: Process restart event description, as listed in Table 8. |
|
Severity level |
4 |
|
Example |
OPENSRC/4/SYSLOG: Jan 1 02:00:03 radiusd[460]: [//etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". |
|
Explanation |
The system loaded default filter options when the process started. |
|
Recommended action |
No action is required. |
|
Process start event |
Explanation |
|
11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". |
The default filter option FreeRADIUS-Response-Delay was checked in the specified file. |
|
11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". |
The default filter option FreeRADIUS-Response-Delay-USec was checked in the specified file. |
|
Ignoring "sql" (see raddb/mods-available/README.rst) |
SQL was ignored. |
|
Ignoring "ldap" (see raddb/mods-available/README.rst) |
LDAP was ignored. |
User authentication
|
Message text |
[DATE] [TIME] radiusd[UINT32]: ([UINT32]) [STRING]: [[STRING]] (from client [IPADDR] port [UINT32] cli [MAC]) |
|
Variable fields |
$1: Date in month abbreviation and day format. $2: Time in hh:mm:ss format. $3: FreeRADIUS process ID. $4: Log ID. $5: Authentication result. $6: User name. $7: RADIUS client IP address. $8: RADIUS client port number. $9: User's MAC address. |
|
Severity level |
5 |
|
Example |
OPENSRC/5/SYSLOG: Jan 1 02:06:15 radiusd[460]: (0) Login OK: [test] (from client 7.7.7.7 port 33591297 cli 00-00-00-00-00-02) |
|
Explanation |
User authentication succeeded. |
|
Recommended action |
For the recommended action for each authentication result, see Table 9. |
Table 9 Authentication results
|
Authentication result |
Explanation |
Recommended action |
|
Login OK |
Authentication succeeded or shared key mismatch occurred. |
· If user authentication succeeded, no action is required. · If user authentication failed, verify that the
RADIUS client and server use the same shared key. |
|
Login incorrect (pap: Cleartext password does not match "known good" password) |
Incorrect password for PAP authentication. |
Provide the correct user password. |
|
Login incorrect (chap: Password comparison failed: password is incorrect) |
Incorrect password for CHAP authentication. |
Provide the correct user password. |
|
Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject) |
User name mismatch occurred during PAP authentication, or the EAP authentication type was specified for an 802.1X user. |
· If the user is unauthorized and should be ignored, no action is required. · If the user is new and should be authenticated, create a local user account for it by using the local-user command. · If a configuration error has occurred, modify the authentication type. For example, check the authentication type of 802.1X users by using the display dot1x command, and then modify the authentication type by using the authentication-method command. |
|
Login incorrect (chap: &control:Cleartext-Password is required for authentication) |
User name mismatch occurred during CHAP authentication. |
· If the user is unauthorized and should be ignored, no action is required. · If the user is new and should be authenticated, create a local user account for it by using the local-user command. |
|
Invalid user (expiration: Account expired at 'Jan 1 2013 02:19:00 UTC') |
The user had expired. |
· To ignore the expired user, no action is required. · To extend the validity, modify the expiration period of the local user by using the validity-datetime command. |
|
Message text |
[DATE] [TIME] radiusd[UINT32]: ([UINT32]) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [[STRING]] (from client [IPADDR] port [UINT32]) |
|
Variable fields |
$1: Date in month abbreviation and day format. $2: Time in hh:mm:ss format. $3: FreeRADIUS process ID. $4: Log ID. $5: User name. $6: RADIUS client IP address. $7: RADIUS client port number. |
|
Severity level |
5 |
|
Example |
OPENSRC/5/SYSLOG: Jan 1 02:21:20 radiusd[460]: (16) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [ddd] (from client 7.7.7.7 port 0) |
|
Explanation |
Authentication requests of login users were not supported. |
|
Recommended action |
No action is required. |
|
Message text |
[DATE] [TIME] radiusd[UINT32]: Ignoring request to auth address * port 1812 bound to server default from unknown client [IPADDR] port [UINT32] proto udp |
|
Variable fields |
$1: Date in month abbreviation and day format. $2: Time in hh:mm:ss format. $3: FreeRADIUS process ID. $4: RADIUS client IP address. $5: RADIUS client port number. |
|
Severity level |
3 |
|
Example |
OPENSRC/3/SYSLOG: Jan 1 02:31:05 radiusd[548]: Ignoring request to auth address * port 1812 bound to server default from unknown client 7.7.7.7 port 11969 proto udp |
|
Explanation |
The authentication request was sent from an unknown client and was ignored. |
|
Recommended action |
· If the client cannot be trusted, no action is required. · If the client is new and safe, add the RADIUS client configuration by using the radius-server client command. |
OPTMOD messages
This section contains transceiver module messages.
BIAS_HIGH
|
Message text |
[STRING]: Bias current is high. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
2 |
|
Example |
OPTMOD/2/BIAS_HIGH: GigabitEthernet1/0/1: Bias current is high. |
|
Explanation |
The bias current of the transceiver module exceeded the high threshold. |
|
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the bias current of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high bias current alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
BIAS_LOW
|
Message text |
[STRING]: Bias current is low. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/BIAS_LOW: GigabitEthernet1/0/1: Bias current is low. |
|
Explanation |
The bias current of the transceiver module went below the low threshold. |
|
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the bias current of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low bias current alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
BIAS_NORMAL
|
Message text |
[STRING]: Bias current is normal. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/BIAS_NORMAL: GigabitEthernet1/0/1: Bias current is normal. |
|
Explanation |
The bias current of the transceiver module returned to the acceptable range. |
|
Recommended action |
No action is required. |
CFG_ERR
|
Message text |
[STRING]: Transceiver type and port configuration mismatched. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 |
|
Example |
OPTMOD/3/CFG_ERR: GigabitEthernet1/0/1: Transceiver type and port configuration mismatched. |
|
Explanation |
The transceiver module type does not match the port configurations. |
|
Recommended action |
Check for the transceiver module type and the current port configurations. If they mismatch, replace the transceiver module or update the port configurations. |
CHKSUM_ERR
|
Message text |
[STRING]: Transceiver information checksum error. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/CHKSUM_ERR: GigabitEthernet1/0/1: Transceiver information checksum error. |
|
Explanation |
Checksum verification on the register information on the transceiver module failed. |
|
Recommended action |
Replace the transceiver module, or contact H3C Support. |
IO_ERR
|
Message text |
[STRING]: The transceiver information I/O failed. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/IO_ERR: GigabitEthernet1/0/1: The transceiver information I/O failed. |
|
Explanation |
The device failed to access the register information of the transceiver module. |
|
Recommended action |
Execute the display transceiver diagnosis interface and display transceiver alarm interface commands. If both commands fail to be executed, the transceiver module is faulty. Replace the transceiver module. |
MOD_ALM_OFF
|
Message text |
[STRING]: [STRING] was removed. |
|
Variable fields |
$1: Interface type and number. $2: Fault type. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/MOD_ALM_OFF: GigabitEthernet1/0/1: Module_not_ready was removed. |
|
Explanation |
A fault was removed from the transceiver module. |
|
Recommended action |
No action is required. |
MOD_ALM_ON
|
Message text |
[STRING]: [STRING] was detected. |
|
Variable fields |
$1: Interface type and number. $2: Fault type. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/MOD_ALM_ON: GigabitEthernet1/0/1: Module_not_ready was detected. |
|
Explanation |
A fault was detected on the transceiver module. |
|
Recommended action |
1. Execute the display transceive alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module. |
MODULE_IN
|
Message text |
[STRING]: The transceiver is [STRING]. |
|
Variable fields |
$1: Interface type and number. $2: Type of the transceiver module. |
|
Severity level |
4 |
|
Example |
OPTMOD/4/MODULE_IN: GigabitEthernet1/0/1: The transceiver is 1000_BASE_T_AN_SFP. |
|
Explanation |
When a transceiver module is inserted, the OPTMOD module generates the message to display the transceiver module type. |
|
Recommended action |
No action is required. |
MODULE_OUT
|
Message text |
[STRING]: Transceiver absent. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
4 |
|
Example |
OPTMOD/4/MODULE_OUT: GigabitEthernet1/0/1: Transceiver absent. |
|
Explanation |
The transceiver module was removed. |
|
Recommended action |
No action is required. |
OPTMOD_COUNTERFEIT_MODULE
|
Message text |
The following transceiver you are using is suspected to be a counterfeit/pirated/unauthorized H3C transceiver, which might cause compatibility problems and expose your device to security threats. Please contact H3C for further detection and verification promptly. [STRING]: Transceiver type [STRING], SN [STRING]. |
|
Variable fields |
$1: Interface type and number. $2: Transceiver type. $3: Transceiver sequence number. |
|
Severity level |
3 |
|
Example |
OPTMOD/3/OPTMOD_COUNTERFEIT_MODULE: The following transceiver you are using is suspected to be a counterfeit/pirated/unauthorized H3C transceiver, which might cause compatibility problems and expose your device to security threats. Please contact H3C for further detection and verification promptly. GigabitEthernet1/0/1: Transceiver type 1000_BASE_SX_SFP, SN 2013AYU0711103. GigabitEthernet1/0/2: Transceiver type 1000_BASE_SX_SFP, SN 2013AYU0711103. |
|
Explanation |
This log is generated when a probably counterfeited H3C transceiver module is detected. For a counterfeit H3C transceiver module, you cannot obtain any data from the display transceiver diagnosis command. |
|
Recommended action |
Contact Technical Support. |
OPTMOD_MODULE_CHECK
|
Message text |
An H3C transceiver is detected. Please go to the website www.h3c.com to verify its authenticity. |
|
Variable fields |
N/A |
|
Severity level |
6 |
|
Example |
OPTMOD/6/OPTMOD_MODULE_CHECK: An H3C transceiver is detected. Please go to the website www.h3c.com to verify its authenticity. |
|
Explanation |
The log is generated when an H3C transceiver module is detected. It reminds the user to verify the authenticity of the transceiver module from the H3C website (www.h3c.com). |
|
Recommended action |
No action is required. |
PHONY_MODULE
|
Message text |
[STRING]: A non-H3C transceiver is detected. Please confirm the label of the transceiver. If there is an H3C Logo, it is suspected to be a counterfeit H3C transceiver. This transceiver is NOT sold by H3C. H3C therefore shall NOT guarantee the normal function of the device or assume the maintenance responsibility thereof! |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
4 |
|
Example |
OPTMOD/4/PHONY_MODULE: GigabitEthernet1/0/1: A non-H3C transceiver is detected. Please confirm the label of the transceiver. If there is an H3C Logo, it is suspected to be a counterfeit H3C transceiver. This transceiver is NOT sold by H3C. H3C therefore shall NOT guarantee the normal function of the device or assume the maintenance responsibility thereof! |
|
Explanation |
This log is generated when a non-H3C transceiver module is detected. |
|
Recommended action |
Purchase and use genuine H3C transceiver modules for the device. |
RX_ALM_OFF
|
Message text |
STRING]: [STRING] was removed. |
|
Variable fields |
$1: Interface type and number. $2: RX fault type. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/RX_ALM_OFF: GigabitEthernet1/0/1: RX_not_ready was removed. |
|
Explanation |
An RX fault was removed from the transceiver module. |
|
Recommended action |
No action is required. |
RX_ALM_ON
|
Message text |
[STRING]: [STRING] was detected. |
|
Variable fields |
$1: Interface type and number. $2: RX fault type. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/RX_ALM_ON: GigabitEthernet1/0/1: RX_not_ready was detected. |
|
Explanation |
An RX fault was detected on the transceiver module. |
|
Recommended action |
1. Execute the display transceiver alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module. |
RX_POW_HIGH
|
Message text |
[STRING]: RX power is high. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/RX_POW_HIGH: GigabitEthernet1/0/1: RX power is high. |
|
Explanation |
The RX power of the transceiver module exceeded the high threshold. |
|
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the RX power of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high RX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
RX_POW_LOW
|
Message text |
[STRING]: RX power is low. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/RX_POW_LOW: GigabitEthernet1/0/1: RX power is low. |
|
Explanation |
The RX power of the transceiver module went below the low threshold. |
|
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the RX power of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low RX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
RX_POW_NORMAL
|
Message text |
[STRING]: RX power is normal. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/RX_POW_NORMAL: GigabitEthernet1/0/1: RX power is normal. |
|
Explanation |
The RX power of the transceiver module returned to the acceptable range. |
|
Recommended action |
No action is required. |
TEMP_HIGH
|
Message text |
[STRING]: Temperature is high. |
|
Variable fields |
$1: Interface type and number |
|
Severity level |
5 |
|
Example |
OPTMOD/5/TEMP_HIGH: GigabitEthernet1/0/1: Temperature is high. |
|
Explanation |
The temperature of the transceiver module exceeded the high threshold. |
|
Recommended action |
1. Verify that the fan trays are operating correctly. ¡ If there are no fan trays, install fan trays. ¡ If the fan trays fail, replace the fan trays. 2. Verify that the ambient temperature is in the acceptable range. If it is out of the acceptable range, take measures to lower the temperature. 3. Replace the transceiver module. |
TEMP_LOW
|
Message text |
[STRING]: Temperature is low. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/TEMP_LOW: GigabitEthernet1/0/1: Temperature is low. |
|
Explanation |
The temperature of the transceiver module went below the low threshold. |
|
Recommended action |
1. Verify that the ambient temperature is in the acceptable range. If it is out of the acceptable range, take measures to raise the temperature. 2. Replace the transceiver module. |
TEMP_NORMAL
|
Message text |
[STRING]: Temperature is normal. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/TEMP_NORMAL: GigabitEthernet1/0/1: Temperature is normal. |
|
Explanation |
The temperature of the transceiver module returned to the acceptable range. |
|
Recommended action |
No action is required. |
TX_ALM_OFF
|
Message text |
[STRING]: [STRING] was removed. |
|
Variable fields |
$1: Interface type and number. $2: TX fault type. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/TX_ALM_OFF: GigabitEthernet1/0/1: TX_fault was removed. |
|
Explanation |
A TX fault was removed from the transceiver module. |
|
Recommended action |
No action is required. |
TX_ALM_ON
|
Message text |
[STRING]: [STRING] was detected. |
|
Variable fields |
$1: Interface type and number. $2: TX fault type. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/TX_ALM_ON: GigabitEthernet1/0/1: TX_fault was detected. |
|
Explanation |
A TX fault was detected on the transceiver module. |
|
Recommended action |
1. Execute the display transceiver alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module. |
TX_POW_HIGH
|
Message text |
[STRING]: TX power is high. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
2 |
|
Example |
OPTMOD/2/TX_POW_HIGH: GigabitEthernet1/0/1: TX power is high. |
|
Explanation |
The TX power of the transceiver module exceeded the high threshold. |
|
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the TX power of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high TX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
TX_POW_LOW
|
Message text |
[STRING]: TX power is low. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/TX_POW_LOW: GigabitEthernet1/0/1: TX power is low. |
|
Explanation |
The TX power of the transceiver module went below the low threshold. |
|
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the TX power of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low TX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
TX_POW_NORMAL
|
Message text |
[STRING]: TX power is normal. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/TX_POW_NORMAL: GigabitEthernet1/0/1: TX power is normal. |
|
Explanation |
The TX power of the transceiver module returned to the acceptable range. |
|
Recommended action |
No action is required. |
TYPE_ERR
|
Message text |
[STRING]: The transceiver type is not supported by port hardware. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 |
|
Example |
OPTMOD/3/TYPE_ERR: GigabitEthernet1/0/1: The transceiver type is not supported by port hardware. |
|
Explanation |
The transceiver module is not supported by the port. |
|
Recommended action |
Replace the transceiver module. |
VOLT_HIGH
|
Message text |
[STRING]: Voltage is high. |
|
Variable fields |
$1: Interface type and number |
|
Severity level |
5 |
|
Example |
OPTMOD/5/VOLT_HIGH: GigabitEthernet1/0/1: Voltage is high. |
|
Explanation |
The voltage of the transceiver module exceeded the high threshold. |
|
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the voltage of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high voltage alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
VOLT_LOW
|
Message text |
[STRING]: Voltage is low. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/VOLT_LOW: GigabitEthernet1/0/1: Voltage is low. |
|
Explanation |
The voltage of the transceiver module went below the low threshold. |
|
Recommended action |
1. Execute the display transceiver diagnosis interface command to verify that the voltage of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low voltage alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module. |
VOLT_NORMAL
|
Message text |
[STRING]: Voltage is normal. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 |
|
Example |
OPTMOD/5/VOLT_NORMAL: GigabitEthernet1/0/1: Voltage is normal. |
|
Explanation |
The voltage of the transceiver module returned to the acceptable range. |
|
Recommended action |
No action is required. |
OSPF messages
This section contains OSPF messages.
OSPF_DUP_RTRID_NBR
|
Message text |
OSPF [UINT16] Duplicate router ID [STRING] on interface [STRING], sourced from IP address [IPADDR]. |
|
Variable fields |
$1: OSPF process ID. $2: Router ID. $3: Interface name. $4: IP address. |
|
Severity level |
6 |
|
Example |
OSPF/6/OSPF_DUP_RTRID_NBR: OSPF 1 Duplicate router ID 11.11.11.11 on interface GigabitEthernet0/0/3, sourced from IP address 11.2.2.2. |
|
Explanation |
Two directly connected devices were configured with the same router ID. |
|
Recommended action |
Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect. |
OSPF_IF_NETWORKTYPE_MISMATCH
|
Message text |
OSPF [UINT16] Network type is inconsistent. Local interface: [STRING], neighbor address: [IPADDR]. |
|
Variable fields |
$1: OSPF process ID. $2: Interface name. $3: Neighbor IP address. |
|
Severity level |
6 |
|
Example |
OSPF/6/OSPF_IF_NETWORKTYPE_MISMATCH: OSPF 1 Network type is inconsistent. Local interface: GigabitEthernet0/0/1, neighbor address: 21.1.1.1. |
|
Explanation |
The network type of the local interface is different from that of the remote interface. |
|
Recommended action |
Check the network type of the OSPF interfaces and make sure the directly connected interfaces on the two devices have the same network type. For example, if the network type of the two interfaces is P2P and broadcast, respectively, the neighbor state can be Full, but OSPF cannot calculate routes. |
OSPF_IP_CONFLICT_INTRA
|
Message text |
OSPF [UINT16] Received newer self-originated network-LSAs. Possible conflict of IP address [IPADDR] in area [STRING] on interface [STRING]. |
|
Variable fields |
$1: OSPF process ID. $2: IP address. $3: OSPF area ID. $4: Interface name. |
|
Severity level |
6 |
|
Example |
OSPF/6/OSPF_IP_CONFLICT_INTRA: OSPF 1 Received newer self-originated network-LSAs. Possible conflict of IP address 11.1.1.1 in area 0.0.0.1 on interface GigabitEthernet0/0/3. |
|
Explanation |
The interfaces on two devices in the same OSPF area might have the same primary IP address. At least one of the devices is a DR. |
|
Recommended action |
Modify IP address configuration after you make sure no router ID conflict occurs in the same OSPF area. |
OSPF_LAST_NBR_DOWN
|
Message text |
OSPF [UINT32] Last neighbor down event: Router ID: [STRING] Local address: [STRING] Remote address: [STRING] Reason: [STRING] |
|
Variable fields |
$1: OSPF process ID. $2: Router ID. $3: Local IP address. $4: Neighbor IP address. $5: Reason. |
|
Severity level |
6 |
|
Example |
OSPF/6/OSPF_LAST_NBR_DOWN: OSPF 1 Last neighbor down event: Router ID: 2.2.2.2 Local address: 10.1.1.1 Remote address: 10.1.1.2 Reason: Dead Interval timer expired. |
|
Explanation |
The device records the OSPF neighbor down event caused by a specific reason. |
|
Recommended action |
· When a down event occurred because of configuration changes (for example, interface parameter changes), check for the configuration errors. · When a down event occurred because of dead interval expiration, check for the dead interval configuration error and loss of network connectivity. · When a down event occurred because of BFD session down, check for the BFD detection time configuration error and loss of network connectivity. · When a down event occurred because of interface status changes, check for loss of network connectivity. |
OSPF_MEM_ALERT
|
Message text |
OSPF Process received system memory alert [STRING] event. |
|
Variable fields |
$1: Type of the memory alarm. |
|
Severity level |
5 |
|
Example |
OSPF/5/OSPF_MEM_ALERT: OSPF Process received system memory alert start event. |
|
Explanation |
OSPF received a memory alarm. |
|
Recommended action |
Check the system memory and release memory for the modules that occupy too many memory resources. |
OSPF_NBR_CHG
|
Message text |
OSPF [UINT32] Neighbor [STRING] ([STRING]) changed from [STRING] to [STRING]. |
|
Variable fields |
$1: OSPF process ID. $2: Neighbor router ID. $3: Interface name. $4: Old adjacency state. $5: New adjacency state. |
|
Severity level |
5 |
|
Example |
OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 12.1.1.2(GigabitEthernet10/1) changed from FULL to DOWN. |
|
Explanation |
The OSPF adjacency state changed on an interface. |
|
Recommended action |
Check for OSPF configuration errors and loss of network connectivity. |
OSPF_NBR_CHG_REASON
|
Message text |
OSPF [UINT32] Area [STRING] Router [STRING]([STRING]) CPU usage: [STRING], VPN name: [STRING], IfMTU: [UINT32], Neighbor address: [STRING], NbrID [STRING] changed from [STRING] to [STRING] at [STRING]. Last 4 hello packets received at: [STRING] Last 4 hello packets sent at: [STRING] |
|
Variable fields |
$1: OSPF process ID. $2: Area ID. $3: Router ID. $4: Interface name. $5: CPU utilization. $6: VPN name. $7: Interface MTU. $8: Neighbor IP address. $9: Neighbor router ID. $10: Old neighbor state. $11: New neighbor state and the reason. $12: Neighbor state change time. $13: Time when the last four hello packets were received before neighbor state change. $14: Time when the last four hello packets were sent before neighbor state change. |
|
Severity level |
5 |
|
Example |
OSPF/5/OSPF_NBR_CHG_REASON: OSPF 1 Area 0.0.0.0 Router 2.2.2.2(GE1/0/1) CPU usage:3.80%, VPN name: a, IfMTU:1500, Neighbor address:10.1.1.2, NbrID:1.1.1.1 changed from Full to Down because OSPF interface parameters changed at 2019-04-01 15:20:57:034. Last 4 hello packets received at: 2019-04-01 15:19:46:225 2019-04-01 15:19:56:224 2019-04-01 15:20:06:225 2019-04-01 15:20:16:225 Last 4 hello packets sent at: 2019-04-01 15:20:22:033 2019-04-01 15:20:32:033 2019-04-01 15:20:42:032 2019-04-01 15:20:52:033 |
|
Explanation |
The OSPF neighbor state changed on an interface. |
|
Recommended action |
Check for OSPF configuration errors and loss of network connectivity. |
OSPF_RT_LMT
|
Message text |
OSPF [UINT32] route limit reached. |
|
Variable fields |
$1: OSPF process ID. |
|
Severity level |
4 |
|
Example |
OSPF/4/OSPF_RT_LMT: OSPF 1 route limit reached. |
|
Explanation |
The number of routes of an OSPF process reached the upper limit. |
|
Recommended action |
1. Check for network attacks. 2. Reduce the number of routes. |
OSPF_RTRID_CHG
|
Message text |
OSPF [UINT32] New router ID elected, please restart OSPF if you want to make the new router ID take effect. |
|
Variable fields |
$1: OSPF process ID. |
|
Severity level |
5 |
|
Example |
OSPF/5/OSPF_RTRID_CHG: OSPF 1 New router ID elected, please restart OSPF if you want to make the new router ID take effect. |
|
Explanation |
The OSPF router ID was changed because the user had changed the router ID or the interface IP address used as the router ID had changed. |
|
Recommended action |
Use the reset ospf process command to make the new router ID take effect. |
OSPF_RTRID_CONFLICT_INTER
|
Message text |
OSPF [UINT16] Received newer self-originated ase-LSAs. Possible conflict of router ID [STRING]. |
|
Variable fields |
$1: OSPF process ID. $2: Router ID. |
|
Severity level |
6 |
|
Example |
OSPF/6/OSPF_RTRID_CONFILICT_INTER: OSPF 1 Received newer self-originated ase-LSAs. Possible conflict of router ID 11.11.11.11. |
|
Explanation |
Two indirectly connected devices in the same OSPF area might have the same router ID. One of the devices is an ASBR. |
|
Recommended action |
Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect. |
OSPF_RTRID_CONFLICT_INTRA
|
Message text |
OSPF [UINT16] Received newer self-originated router-LSAs. Possible conflict of router ID [STRING] in area [STRING]. |
|
Variable fields |
$1: OSPF process ID. $2: Router ID. $3: OSPF area ID. |
|
Severity level |
6 |
|
Example |
OSPF/6/OSPF_RTRID_CONFLICT_INTRA: OSPF 1 Received newer self-originated router-LSAs. Possible conflict of router ID 11.11.11.11 in area 0.0.0.1. |
|
Explanation |
Two indirectly connected devices in the same OSPF area might have the same router ID. |
|
Recommended action |
Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect. |
OSPF_VLINKID_CHG
|
Message text |
OSPF [UINT32] Router ID changed, reconfigure Vlink on peer |
|
Variable fields |
$1: OSPF process ID. |
|
Severity level |
5 |
|
Example |
OSPF/5/OSPF_VLINKID_CHG:OSPF 1 Router ID changed, reconfigure Vlink on peer |
|
Explanation |
A new OSPF router ID takes effect. |
|
Recommended action |
Check and modify the virtual link configuration on the peer router to match the new router ID. |
OSPFV3 messages
This section contains OSPFv3 messages.
OSPFV3_DUP_RTRID_NBR
|
Message text |
OSPFv3 [UINT32] Interface [STRING] and neighbor [IPADDR] have the same router ID [STRING]. |
|
Variable fields |
$1: OSPFv3 process ID. $2: Interface name. $3: Neighbor IPv6 address. $4: Router ID. |
|
Severity level |
6 |
|
Example |
OSPFV3/6/OSPFV3_DUP_RTRID_NBR: OSPFv3 1 Interface GigabitEthernet0/0/3 and neighbor FE80::1 have the same router ID 1.1.1.1. |
|
Explanation |
The two directly connected devices have the same router ID. |
|
Recommended action |
Specify a new router ID for one device. |
OSPFV3_IF_NETWORKTYPE_MISMATCH
|
Message text |
OSPFv3 [UINT16] Network type is inconsistent. Local interface: [STRING], neighbor address: [IPV6ADDR]. |
|
Variable fields |
$1: OSPFv3 process ID. $2: Interface name. $3: Neighbor IPv6 address. |
|
Severity level |
6 |
|
Example |
OSPFV3/6/OSPFV3_IF_NETWORKTYPE_MISMATCH: OSPFv3 1 Network type is inconsistent. Local interface: GigabitEthernet0/0/1, neighbor address: FE80::4A21:D0FF:0102:0304. |
|
Explanation |
The network type of the local interface is different from that of the remote interface. |
|
Recommended action |
Check the network type of the OSPFv3 interfaces and make sure the directly connected interfaces on the two devices have the same network type. For example, if the network type of the two interfaces is P2P and broadcast, respectively, the neighbor state can be Full, but OSPF cannot calculate routes. |
OSPFV3_LAST_NBR_DOWN
|
Message text |
OSPFv3 [UINT32] Last neighbor down event: Router ID: [STRING] Local interface ID: [UINT32] Remote interface ID: [UINT32] Reason: [STRING]. |
|
Variable fields |
$1: OSPFv3 process ID. $2: Router ID. $3: Local interface ID. $4: Remote interface ID. $5: Reason. |
|
Severity level |
6 |
|
Example |
OSPFV3/6/OSPFV3_LAST_NBR_DOWN: OSPFv3 1 Last neighbor down event: Router ID: 2.2.2.2 Local interface ID: 1111 Remote interface ID: 2222 Reason: Dead Interval timer expired. |
|
Explanation |
The device records the OSPFv3 neighbor down event caused by a specific reason. |
|
Recommended action |
· When a down event occurred because of configuration changes (for example, interface parameter changes), check for the configuration errors. · When a down event occurred because of dead interval expiration, check for the dead interval configuration error and loss of network connectivity. · When a down event occurred because of BFD session down, check for the BFD detection time configuration error and loss of network connectivity. · When a down event occurred because of interface status changes, check for loss of network connectivity. |
OSPFV3_MEM_ALERT
|
Message text |
OSPFV3 Process received system memory alert [STRING] event. |
|
Variable fields |
$1: Type of the memory alarm. |
|
Severity level |
5 |
|
Example |
OSPFV3/5/OSPFV3_MEM_ALERT: OSPFV3 Process received system memory alert start event. |
|
Explanation |
OSPFv3 received a memory alarm. |
|
Recommended action |
Check the system memory and release memory for the modules that occupy too many memory resources. |
OSPFV3_NBR_CHG
|
Message text |
OSPFv3 [UINT32] Neighbor [STRING] ([STRING]) received [STRING] and its state from [STRING] to [STRING]. |
|
Variable fields |
$1: Process ID. $2: Neighbor router ID. $3: Interface name. $4: Neighbor event. $5: Old adjacency state. $6: New adjacency state. |
|
Severity level |
5 |
|
Example |
OSPFV3/5/OSPFV3_NBR_CHG: OSPFv3 1 Neighbor 2.2.2.2 (Vlan100) received 1-Way and its state from Full to Init. |
|
Explanation |
The OSPFv3 adjacency state changed on an interface. |
|
Recommended action |
When the adjacency with a neighbor changes from Full to another state on an interface, check for OSPFv3 configuration errors and loss of network connectivity. |
OSPFV3_RT_LMT
|
Message text |
OSPFv3 [UINT32] route limit reached. |
|
Variable fields |
$1: Process ID. |
|
Severity level |
5 |
|
Example |
OSPFV3/5/OSPFV3_RT_LMT:OSPFv3 1 route limit reached. |
|
Explanation |
The number of routes of an OSPFv3 process reached the upper limit. |
|
Recommended action |
1. Check for network attacks. 2. Reduce the number of routes. |
PBB messages
This section contains PBB messages.
PBB_JOINAGG_WARNING
|
Message text |
Because the aggregate interface [STRING] has been configured with PBB, assigning the interface [STRING] that does not support PBB to the aggregation group will cause incorrect processing. |
|
Variable fields |
$1: Aggregation group name. $2: Interface name. |
|
Severity level |
4 |
|
Example |
PBB/4/PBB_JOINAGG_WARNING: Because the aggregate interface Bridge-Aggregation1 has been configured with PBB, assigning the interface Ten-GigabitEthernet9/0/30 that does not support PBB to the aggregation group will cause incorrect processing. |
|
Explanation |
Assigning an interface that does not support PBB to an aggregation group that has been configured with PBB will cause incorrect processing. If an aggregate interface is a PBB uplink port, all its members should support PBB. |
|
Recommended action |
Remove the interface from the aggregation group. |
PBR messages
This section contains PBR messages.
PBR_HARDWARE_ERROR
|
Message text |
Failed to update policy [STRING] because of [STRING]. |
|
Variable fields |
$1: Policy name. $2: Hardware error reasons: · insufficient hardware resources. · unsupported operations. · insufficient hardware resources and unsupported operations. |
|
Severity level |
4 (Warning) |
|
Example |
PBR/4/PBR_HARDWARE_ERROR: Failed to update policy aaa because of insufficient hardware resources and not supported operations. |
|
Impact |
You cannot use the most recent PBR configuration to guide packet forwarding. |
|
Cause |
The device failed to update PBR configuration. |
|
Recommended action |
Modify the PBR policy configuration according to the failure reason: · If the hardware resources are not enough, check PBR configuration on the device, and delete unnecessary settings. · If the system does not support the operation, check for the if-match or apply clauses in the PBR configuration that are not supported by the device. · If the hardware resources are not enough and the system does not support the operation, check for unnecessary PBR settings and unsupported clauses in the PBR configuration on the device. |
PCE messages
This section contains PCE messages.
PCE_PCEP_SESSION_CHG
|
Message text |
Session ([STRING], [STRING]) is [STRING]. |
|
Variable fields |
$1: Peer address of the session. $2: VPN instance name. Value unknown indicates that the VPN instance cannot be obtained. $3: State of the session, up or down. When the state is down, this field also displays the reason for the down state error. Possible reasons include: · TCP connection down. · received a close message. · reception of a malformed PCEP message. · internal error. · memory in critical state. · dead timer expired. · process deactivated. · remote peer unavailable/untriggered. · reception of an unacceptable number of unrecognized PCEP messages. · reception of an unacceptable number of unknown requests/replies. · PCE address changed. · initialization failed. |
|
Severity level |
5 (Notification) |
|
Example |
PCE/5/PCE_PCEP_SESSION_CHG: Session (22.22.22.2, public instance) is up. PCE/5/PCE_PCEP_SESSION_CHG: Session (22.22.22.2, public instance) is down (dead timer expired). |
|
Impact |
The state of the LSP established based on the PCEP session might change, affecting service traffic forwarding. |
|
Cause |
The session state changed. |
|
Recommended action |
When the session state is up, no action is required. When the session state is down, verify the network and configuration according to the reason displayed. |
PEX messages (IRF 3)
This section contains IRF 3 PEX messages.
PEX_ASSOCIATEID_MISMATCHING
|
Message text |
The associated ID of PEX port [UNIT32] is [UNIT32] on the parent fabric, but the PEX connected to the port has obtained ID [UNIT32]. |
|
Variable fields |
$1: PEX port ID. $2: Virtual slot or chassis number configured on the parent fabric for a PEX. $3: Virtual slot or chassis number that the PEX has obtained. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_ASSOCIATEID_MISMATCHING: The associated ID of PEX port 1 is 100 on the parent fabric, but the PEX connected to the port has obtained ID 101. |
|
Impact |
This issue affects packet interaction between PEX and parent fabric. |
|
Cause |
The configured virtual slot or chassis number for a PEX is different from the virtual slot or chassis number that the PEX has obtained. |
|
Recommended action |
To resolve this issue: 1. Execute the display pex-port command to view PEX port information. 2. Check the network connection of the PEX. If the connection is incorrect, correct the connection. 3. If the connection cannot be changed, use the associate command to assign the correct virtual slot or chassis number to the PEX. |
PEX_CONFIG_ERROR
|
Message text |
PEX port [UINT32] discarded a REGISTER request received from [STRING] through interface [STRING]. Reason: The PEX was not assigned an ID, or the PEX was assigned an ID equal to or greater than the maximum value ([UINT32]). |
|
Variable fields |
$1: PEX port ID. $2: PEX model. $3: Name of a PEX physical interface. $4: Maximum virtual slot or chassis number for the PEX model. |
|
Severity level |
4 (Warning) |
|
Example |
PEX/4/PEX_CONFIG_ERROR: PEX port 1 discarded a REGISTER request received from PEX-S5120HI-S5500HI through interface Ten-GigabitEthernet10/0/31. Reason: The PEX was not assigned an ID, or the PEX was assigned an ID equal to or greater than the maximum value 130. |
|
Impact |
The PEX cannot join the IRF 3 system. |
|
Cause |
This message is generated in the following situations: · The PEX is not assigned a virtual slot or chassis number. · The PEX is assigned a virtual slot or chassis number that is greater than the maximum value allowed for the PEX model. |
|
Recommended action |
Use the associate command to assign a valid virtual slot or chassis number to the PEX. Make sure the number is within the value range for the PEX model. |
PEX_CONNECTION_ERROR
|
Message text |
PEX port [UINT32] discarded a REGISTER request received from [STRING] through interface [STRING]. Reason: Another PEX has been registered on the PEX port. |
|
Variable fields |
$1: PEX port ID. $2: PEX model. $3: Name of a PEX physical interface. |
|
Severity level |
4 (Warning) |
|
Example |
PEX/4/PEX_CONNECTION_ERROR: PEX port 1 discarded a REGISTER request received from PEX-S5120HI-S5500HI through interface Ten-GigabitEthernet10/0/31. Reason: Another PEX has been registered on the PEX port. |
|
Impact |
The PEX cannot join the IRF 3 system. |
|
Cause |
This message is generated if a PEX port is connected to multiple PEXs. |
|
Recommended action |
Reconnect PEXs to ensure sure that only one PEX is connected to the PEX port. |
PEX_FORBID_STACK
|
Message text |
Can't connect PEXs [UNIT32] and [UNIT32]: The PEX ports to which the PEXs belong are in different PEX port groups. |
|
Variable fields |
$1: Virtual slot or chassis number of a PEX. $2: Virtual slot or chassis number of a PEX. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_FORBID_STACK: Can't connect PEXs 100 and 102: The PEX ports to which the PEXs belong are in different PEX port groups. |
|
Impact |
The PEXs cannot join the IRF 3 system. |
|
Cause |
PEXs belonging to PEX ports of different PEX port groups were connected. |
|
Recommended action |
Check the network connection. Make sure PEXs belonging to PEX ports of different PEX port groups are not connected. |
PEX_LINK_BLOCK
|
Message text |
Status of [STRING] changed from [STRING] to blocked. |
|
Variable fields |
$1: Name of a PEX physical interface. $2: Data link status of the interface. |
|
Severity level |
4 (Warning) |
|
Example |
PEX/4/PEX_LINK_BLOCK: Status of Ten-GigabitEthernet2/0/1 changed from forwarding to blocked. |
|
Impact |
The PEX physical interface cannot forward data packets. |
|
Cause |
Data link of the PEX physical interface has changed to blocked. The blocked state is a transitional state between forwarding and down. In blocked state, a PEX physical interface can forward protocol packets, but it cannot forward data packets. This state change occurs in one of the following situations: · Incorrect physical connection: ¡ The PEX physical links on a PEX are connected to different PEX ports on the parent fabric. ¡ The PEX port on the parent fabric contains physical links to different PEXs. · The data link is forced to the blocked state. In the startup phase, a PEX blocks the link of a PEX physical interface if the interface is physically up, but it is not used for loading startup software. · The physical state of the interface is up, but the PEX connection between the PEX and the parent fabric has been disconnected. The PEX and the parent fabric cannot receive PEX heartbeat packets from each other. |
|
Recommended action |
If a down PEX link changes from blocked to up quickly, you do not need to take action. If the link stays in blocked state, check the PEX cabling to verify that: · The PEX's all PEX physical interfaces are connected to the physical interfaces assigned to the same PEX port on the parent fabric. · The PEX port contains only physical links to the same PEX. If a forwarding PEX link stays in blocked state when it is changing to the down state, verify that an IRF fabric split has occurred. When an IRF fabric split occurs, the system blocks a PEX link if it is connected to the Recovery-state IRF member device. |
PEX_LINK_DOWN
|
Message text |
Status of [STRING] changed from [STRING] to down. |
|
Variable fields |
$1: Name of a PEX physical interface. $2: Data link status of the interface. |
|
Severity level |
4 (Warning) |
|
Example |
PEX/4/PEX_LINK_DOWN: Status of Ten-GigabitEthernet2/0/1 changed from forwarding to down. |
|
Impact |
The PEX physical interface cannot forward packets. |
|
Cause |
Data link of the PEX physical interface has changed to the down state and cannot forward any packets. The following are common reasons for this state change: · Physical link fails. · The interface is shut down administratively. · The system reboots. |
|
Recommended action |
If the interface has been shut down administratively or in the down state because of a system reboot, use the undo shutdown command to bring up the interface as needed. If the interface is down because of a physical link failure, verify that the cable has been securely connected and is in good condition. |
PEX_LINK_FORWARD
|
Message text |
Status of [STRING] changed from [STRING] to forwarding. |
|
Variable fields |
$1: Name of a PEX physical interface. $2: Data link status of the interface. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_LINK_FORWARD: Status of Ten-GigabitEthernet2/0/1 changed from blocked to forwarding. |
|
Impact |
No negative impact on the system. |
|
Cause |
Data link of the PEX physical interface has changed to the forwarding state and can forward data packets. This link state change occurs when one of the following events occurs: · The link is detected again after it changes to the blocked state. · The PEX finishes loading startup software images from the parent fabric through the interface. |
|
Recommended action |
No action is required. |
PEX_REG_JOININ
|
Message text |
PEX ([STRING]) registered successfully on PEX port [UINT32]. |
|
Variable fields |
$1: Virtual slot or chassis number of a PEX. $2: PEX port ID. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_REG_JOININ: PEX (slot 101) registered successfully on PEX port 1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The PEX has been registered successfully. You can configure and manage the PEX attached to the PEX port on the parent fabric as if the PEX was an interface card. |
|
Recommended action |
No action is required. |
PEX_REG_LEAVE
|
Message text |
PEX ([STRING]) unregistered on PEX port [UINT32]. |
|
Variable fields |
$1: Virtual slot or chassis number of a PEX. $2: PEX port ID. |
|
Severity level |
4 (Warning) |
|
Example |
PEX/4/PEX_REG_LEAVE: PEX (slot 101) unregistered on PEX port 1. |
|
Impact |
The PEX no longer belongs to the IRF 3 system. It cannot forward packets for the IRF 3 system. |
|
Cause |
The PEX has been unregistered. You cannot operate the PEX from the parent fabric. A PEX unregister event occurs when one of the following events occurs: · The PEX reboots. · All physical interfaces in the PEX port are down. For example, all physical interfaces are shut down administratively, or all the physical links are disconnected. · The PEX fails to start up within 30 minutes. · Link detection fails on all physical interfaces in the PEX port. |
|
Recommended action |
If the event occurs because the PEX reboots or PEX physical interfaces are shut down administratively, use the undo shutdown command to bring up the interfaces as needed. To resolve the issue that occurs for any other reasons: · Use the display device command to verify that the virtual slot or chassis number of the PEX is present and the state is correct. · Use the display pex-port command to verify that the PEX physical interfaces are configured correctly and in a correct state. · Use the display interface command to verify that the physical state of the PEX physical interfaces is up. If the Current state field displays down, check the cabling for a physical link failure. |
PEX_REG_REQUEST
|
Message text |
Received a REGISTER request on PEX port [UINT32] from PEX ([STRING]). |
|
Variable fields |
$1: PEX port ID. $2: Virtual slot or chassis number of a PEX. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_REG_REQUEST: Received a REGISTER request on PEX port 1 from PEX (slot 101). |
|
Impact |
No negative impact on the system. |
|
Cause |
The PEX sent a registration request to the parent fabric. This event occurs when the PEX starts up after PEX configuration is completed and the PEX device is connected to the patent device correctly. The parent fabric will allow the PEX to load startup software images after it receives a REGISTER request. |
|
Recommended action |
No action is required. |
PEX_STACKCONNECTION_ERROR
|
Message text |
A device was connected to a PEX that already had two neighboring devices. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_STACKCONNECTION_ERROR: A device was connected to a PEX that already had two neighboring devices. |
|
Impact |
No negative impact on the system. |
|
Cause |
PEX port connection error was detected. A PEX was connected to two parent devices. |
|
Recommended action |
Execute the display pex-port topology command to view PEX topology information and correct any connection errors. Make sure each PEX is connected to only one parent device. |
PEX messages (IRF 3.1)
This section contains IRF 3.1 PEX messages.
PEX_AUTOCONFIG_BAGG_ASSIGNMEMBER
|
Message text |
[STRING] was assigned to [STRING]. |
|
Variable fields |
$1: Physical interface name. $2: Layer 2 aggregate interface name. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_AUTOCONFIG_BAGG_ASSIGNMEMBER: GigabitEthernet 1/2/0/1 was assigned to Bridge-Aggregation10. |
|
Impact |
No negative impact on the system. |
|
Cause |
The parent fabric automatically assigned the physical interface connecting to a PEX to the cascade port for PEX autoconfiguration. |
|
Recommended action |
No action is required. |
PEX_AUTOCONFIG_BAGG_CREATE
|
Message text |
[STRING] was created by the PEX auto-config feature. |
|
Variable fields |
$1: Layer 2 aggregate interface name. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_AUTOCONFIG_BAGG_CREATE: Bridge-Aggregation10 was created by the PEX auto-config feature. |
|
Impact |
No negative impact on the system. |
|
Cause |
The parent fabric automatically created a Layer 2 aggregate interface for PEX connection. |
|
Recommended action |
No action is required. |
PEX_AUTOCONFIG_BAGG_NORESOURCE
|
Message text |
Not enough resources to create a Layer 2 aggregate interface. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_AUTOCONFIG_BAGG_NORESOURCE: Not enough resources to create a Layer 2 aggregate interface. |
|
Impact |
No negative impact on the system. |
|
Cause |
PEX autoconfiguration failed because the parent fabric does not have enough resources to automatically create a Layer 2 aggregate interface for PEX connection. |
|
Recommended action |
Execute the display interface brief command to view existing aggregate interfaces on the device, and delete idle aggregate interfaces to release resources. |
PEX_AUTOCONFIG_BAGG_REMOVEMEMBER
|
Message text |
[STRING] was removed from [STRING]. |
|
Variable fields |
$1: Physical interface name. $2: Layer 2 aggregate interface name. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_AUTOCONFIG_BAGG_REMOVEMEMBER: GigabitEthernet 1/2/0/1 was removed from Bridge-Aggregation10. |
|
Impact |
No negative impact on the system. |
|
Cause |
The parent fabric automatically removed a physical interface from one cascade port to another cascade port for PEX autoconfiguration. Interface removal occurs if the physical interface that connects to a PEX is assigned to a cascade port different from the cascade port dedicated to the PEX. The parent fabric will automatically remove the physical interface to the cascade port dedicated to the PEX. |
|
Recommended action |
No action is required. |
PEX_AUTOCONFIG_CAPABILITY_ENABLE
|
Message text |
PEX connection capability was enabled on [STRING] and the interface was assigned to PEX group [UINT32]. |
|
Variable fields |
$1: Layer 2 aggregate interface name. $2: PEX group number. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_AUTOCONFIG_CAPABILITY_ENABLE: PEX connection capability was enabled on Bridge-Aggregation 10 and the interface was assigned to PEX group 1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The parent fabric automatically enabled PEX connection capability on the Layer 2 aggregate interface connecting to a PEX and assigned the interface to a PEX group. |
|
Recommended action |
No action is required. |
PEX_AUTOCONFIG_CASCADELIMIT
|
Message text |
Failed to assign cascade port [STRING] to PEX group [UINT32]. Reason: Maximum number of cascade ports already reached in the PEX group. |
|
Variable fields |
$1: Layer 2 aggregate interface name. $2: PEX group number. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_AUTOCONFIG_CASCADELIMIT: Failed to assign cascade port Bridge-Aggregation10 to PEX group1. Reason: Maximum number of cascade ports already reached in the PEX group. |
|
Impact |
No negative impact on the system. |
|
Cause |
PEX autoconfiguration failed because the number of cascade ports in the PEX group already reached the upper limit. No additional cascade ports can be assigned to the PEX group. |
|
Recommended action |
Execute the display pex interface brief command to display cascade ports, and then execute the undo pex-capability enable command in aggregate interface view to remove idle cascade ports from the PEX group to release resources. |
PEX_AUTOCONFIG_CONNECTION_ERROR
|
Message text |
A PEX connected to more than one upper-tier PEXs. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_AUTOCONFIG_CONNECTION_ERROR: A PEX connected to more than one upper-tier PEXs. |
|
Impact |
No negative impact on the system. |
|
Cause |
Autoconfiguration failed for a PEX because the PEX is connected to more than one upper-tier PEX. |
|
Recommended action |
Reconnect the PEX to ensure that the PEX has only one upper-tier PEX. |
PEX_AUTOCONFIG_DIFFGROUPNUMBER
|
Message text |
[STRING] failed to join in PEX group [UINT32]. Reason: Its upper-tier PEX was in PEX group [UINT32]. Please make sure they are in the same PEX group. |
|
Variable fields |
$1: Layer 2 aggregate interface name. $2: PEX group number. $3: PEX group number. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_AUTOCONFIG_DIFFGROUPNUMBER: Bridge-Aggregation10 failed to join in PEX group 1. Reason: Its upper-tier PEX was in PEX group 2. Please make sure they are in the same PEX group |
|
Impact |
No negative impact on the system. |
|
Cause |
Autoconfiguration failed for a lower-tier PEX because the cascade port that connects to the lower-tier PEX is assigned to a PEX group different than the upper-tier PEX. |
|
Recommended action |
Use the pex-capability enable command in aggregate interface view to change the PEX group of the aggregate interface to ensure that the lower-tier PEX is assigned to the same PEX group as its upper-tier PEX. |
PEX_AUTOCONFIG_DYNAMICBAGG_STP
|
Message text |
[STRING] was automatically set to dynamic aggregation mode and configured as an STP edge port. |
|
Variable fields |
$1: Layer 2 aggregate interface name. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_AUTOCONFIG_DYNAMICBAGG_STP: Bridge-Aggregation10 was automatically set to dynamic aggregation mode and configured as an STP edge port. |
|
Impact |
No negative impact on the system. |
|
Cause |
During PEX autoconfiguration, the parent fabric automatically set the cascade port of a PEX to operate in dynamic aggregation mode and act as an STP edge port. |
|
Recommended action |
No action is required. |
PEX_AUTOCONFIG_GROUP_CREATE
|
Message text |
PEX group [UINT32] was created. |
|
Variable fields |
$1: PEX group number. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_AUTOCONFIG_GROUP_CREATE: PEX group 1 was created. |
|
Impact |
No negative impact on the system. |
|
Cause |
The parent fabric automatically created a PEX group for PEX autoconfiguration. |
|
Recommended action |
No action is required. |
PEX_AUTOCONFIG_NONUMBERRESOURCE
|
Message text |
Pattern 1: No virtual slot numbers are available. Pattern 2: No virtual chassis numbers are available. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_AUTOCONFIG_NONUMBERRESOURCE: No virtual slot numbers are available. |
|
Impact |
No negative impact on the system. |
|
Cause |
PEX autoconfiguration failed because no virtual slot numbers or chassis numbers are available for PEX autoconfiguration. |
|
Recommended action |
Use one of the following methods to resolve the issue: · Use the undo interface command to delete idle cascade ports. · Use the undo pex associate command in cascade port view to remove the assignment of virtual slot or chassis numbers on idle cascade ports to release resources. |
PEX_AUTOCONFIG_NOT_CASCADEPORT
|
Message text |
[STRING] was already assigned to [STRING], which is an aggregate interface not enabled with PEX connection capability. Please remove [STRING] from [STRING] or use another physical interface to connect the PEX. |
|
Variable fields |
$1: Physical interface name. $2: Layer 2 aggregate interface name. $3: Physical interface name. $4: Layer 2 aggregate interface name. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_AUTOCONFIG_NOT_CASCADEPORT: GigabitEthernet 1/2/0/1 was already assigned to Bridge-Aggregation10, which is an aggregate interface not enabled with PEX connection capability. Please remove GigabitEthernet 1/2/0/1 from Bridge-Aggregation10 or use another physical interface to connect the PEX. |
|
Impact |
No negative impact on the system. |
|
Cause |
Autoconfiguration failed for a PEX because the physical interface connecting to the PEX was assigned to an aggregate interface not enabled with PEX connection capability. |
|
Recommended action |
Use one of the following methods to resolve the issue: · Use the undo port link-aggregation group command in physical interface view to remove the physical interface from the aggregate interface not enabled with PEX connection capability. · Use another physical interface as a cascade member port to connect the PEX. |
PEX_AUTOCONFIG_NUMBER_ASSIGN
|
Message text |
Pattern 1: Virtual slot number [UINT32] was assigned on [STRING]. Pattern 2: Virtual chassis number [UINT32] was assigned on [STRING]. |
|
Variable fields |
Pattern 1: $1: Virtual slot number. $2: Layer 2 aggregate interface name. Pattern 2: $1: Virtual chassis number. $2: Layer 2 aggregate interface name. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_AUTOCONFIG_NUMBER_ASSIGN: Virtual slot number 100 was assigned on Bridge-Aggregation 10. |
|
Impact |
No negative impact on the system. |
|
Cause |
The parent fabric automatically assigned a virtual slot or chassis number to a PEX on the cascade port for PEX autoconfiguration. |
|
Recommended action |
No action is required. |
PEX_LLDP_DISCOVER
|
Message text |
Discover peer device on interface [STRING]: MAC=[STRING], priority=[UINT32]. |
|
Variable fields |
$1: Interface name. $2: MAC address of the peer device. $3: Priority of the PEX upstream port. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_LLDP_DISCOVER: Discover peer device on interface Ten-GigabitEthernet1/0/1: MAC=20f4-9cb6-0100, priority=0. |
|
Impact |
No negative impact on the system. |
|
Cause |
The parent fabric or a PEX discovered a peer device through LLDP. |
|
Recommended action |
No action is required. |
PEX_MEMBERID_EXCEED
|
Message text |
To use the IRF fabric connected to interface [STRING] as a PEX, the IRF member ID must be in the range of 1 to 4. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
PEX/4/PEX_MEMBERID_EXCEED: To use the IRF fabric connected to interface Bridge-Aggregation1 as a PEX, the IRF member ID must be in the range of 1 to 4. |
|
Impact |
No negative impact on the system. |
|
Cause |
To use an IRF fabric as a PEX, the IRF member ID of each member device must be in the range of 1 to 4. |
|
Recommended action |
Log in to the PEX, and use the display irf command to obtain the member ID of each member device in the PEX fabric. If the member ID of any member device in the PEX fabric is not in the range of 1 to 4, perform the following tasks to resolve the issue: 1. Use the irf member renumber command to change the member ID of the member device to a value in the range of 1 to 4. 2. Use the reboot command to reboot the member device for the new member ID to take effect. 3. Use the display irf topology command to verify that the topology of the PEX fabric has become stable. Then, connect the PEX fabric to its upper-tier device for it to join the IRF 3.1 system. |
PEX_PECSP_OPEN_RCVD
|
Message text |
Received a CSP Open message on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_PECSP_OPEN_RCVD: Received a CSP Open message on interface Bridge-Aggregation1. |
|
Impact |
No negative impact on the system. |
|
Cause |
A cascade port on the parent fabric or an upstream port on a PEX received a PE CSP Open packet from the peer to request connection establishment. If each side can receive a response from the peer within 60 seconds after sending a PE CSP Open request, connection between them is established. |
|
Recommended action |
No action is required. |
PEX_PECSP_OPEN_SEND
|
Message text |
Sent a CSP Open message on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
PEX/5/PEX_PECSP_OPEN_SEND: Sent a CSP Open message on interface Bridge-Aggregation1. |
|
Impact |
No negative impact on the system. |
|
Cause |
A cascade port on the parent fabric or an upstream port on a PEX sent a PE CSP Open packet to request connection establishment. If each side can receive a response from the peer within 60 seconds after sending a PE CSP Open request, connection between them is established. |
|
Recommended action |
No action is required. |
PEX_PECSP_TIMEOUT
|
Message text |
PE CSP timed out on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
PEX/4/PEX_PECSP_TIMEOUT: PE CSP timed out on interface Bridge-Aggregation1. |
|
Impact |
No negative impact on the system. |
|
Cause |
A cascade port on the parent fabric and an upstream port on a PEX have exchanged PE CSP Open packets to request the establishment of a connection between them. Each side has not received any response from the peer within 60 seconds after sending a PE CSP Open request. The Open request timed out. As a result, the PEX and the parent fabric failed to establish a connection. |
|
Recommended action |
On the parent fabric, execute the display pex interface command to view the name and status of each cascade port. If any cascade port is in DOWN state, troubleshoot the aggregate interface down issue. |
PFILTER messages
This section contains packet filter messages.
PFILTER_GLB_IPV4_DACT_NO_RES
|
Message text |
Failed to apply or refresh the IPv4 default action to the [STRING] direction globally. The resources are insufficient. |
|
Variable fields |
$1: Traffic direction. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_GLB_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction globally. The resources are insufficient. |
|
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction globally. · Updating the IPv4 default action applied to a specific direction globally. |
|
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_GLB_IPV4_DACT_UNK_ERR
|
Message text |
Failed to apply or refresh the IPv4 default action to the [STRING] direction globally. |
|
Variable fields |
$1: Traffic direction. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_GLB_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction globally. |
|
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the IPv4 default action to a specific direction globally. · Updating the IPv4 default action applied to a specific direction globally. |
|
Recommended action |
No action is required. |
PFILTER_GLB_IPV6_DACT_NO_RES
|
Message text |
Failed to apply or refresh the IPv6 default action to the [STRING] direction globally. The resources are insufficient. |
|
Variable fields |
$1: Traffic direction. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_GLB_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction globally. The resources are insufficient. |
|
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction globally. · Updating the IPv6 default action applied to a specific direction globally. |
|
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_GLB_IPV6_DACT_UNK_ERR
|
Message text |
Failed to apply or refresh the IPv6 default action to the [STRING] direction globally. |
|
Variable fields |
$1: Traffic direction. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_GLB_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction globally. |
|
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction globally. · Updating the IPv6 default action applied to a specific direction globally. |
|
Recommended action |
No action is required. |
PFILTER_GLB_MAC_DACT_NO_RES
|
Message text |
Failed to apply or refresh the MAC default action to the [STRING] direction globally. The resources are insufficient. |
|
Variable fields |
$1: Traffic direction. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_GLB_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction globally. The resources are insufficient. |
|
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction globally. · Updating the MAC default action applied to a specific direction globally. |
|
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_GLB_MAC_DACT_UNK_ERR
|
Message text |
Failed to apply or refresh the MAC default action to the [STRING] direction globally. |
|
Variable fields |
$1: Traffic direction. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_GLB_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction globally. |
|
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction globally. · Updating the MAC default action applied to a specific direction globally. |
|
Recommended action |
No action is required. |
PFILTER_GLB_NO_RES
|
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. The resources are insufficient. |
|
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_GLB_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. The resources are insufficient. |
|
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally. |
|
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_GLB_NOT_SUPPORT
|
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. The ACL is not supported. |
|
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_GLB_NOT_SUPPORT: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. The ACL is not supported. |
|
Explanation |
The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally. |
|
Recommended action |
Verify the ACL configuration and remove the settings that are not supported. |
PFILTER_GLB_ RES_CONFLICT
|
Message text |
Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction globally. [STRING] ACL [UINT] has already been applied globally. |
|
Variable fields |
$1: ACL type. $2: ACL number. $3: Traffic direction. $4: ACL type. $5: ACL number. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_GLB_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction globally. IPv6 ACL 3000 has already been applied globally. |
|
Explanation |
The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction globally. · Updating the ACL applied to a specific direction globally. |
|
Recommended action |
Remove the ACL of the same type. |
PFILTER_GLB_UNK_ERR
|
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. |
|
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_GLB_UNK_ERR: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. |
|
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally. |
|
Recommended action |
No action is required. |
PFILTER_IF_IPV4_DACT_NO_RES
|
Message text |
Failed to apply or refresh the IPv4 default action to the [STRING] direction of interface [STRING]. The resources are insufficient. |
|
Variable fields |
$1: Traffic direction. $2: Interface name. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_IF_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient. |
|
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction of an interface. · Updating the IPv4 default action applied to a specific direction of an interface. |
|
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_IF_IPV4_DACT_UNK_ERR
|
Message text |
Failed to apply or refresh the IPv4 default action to the [STRING] direction of interface [STRING]. |
|
Variable fields |
$1: Traffic direction. $2: Interface name. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_IF_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction of interface Ethernet 3/1/2. |
|
Explanation |
The system failed to perform one of the following actions because an unknown error: · Applying the IPv4 default action to a specific direction of an interface. · Updating the IPv4 default action applied to a specific direction of an interface. |
|
Recommended action |
No action is required. |
PFILTER_IF_IPV6_DACT_NO_RES
|
Message text |
Failed to apply or refresh the IPv6 default action to the [STRING] direction of interface [STRING]. The resources are insufficient. |
|
Variable fields |
$1: Traffic direction. $2: Interface name. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_IF_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient. |
|
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction of an interface. · Updating the IPv6 default action applied to a specific direction of an interface. |
|
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_IF_IPV6_DACT_UNK_ERR
|
Message text |
Failed to apply or refresh the IPv6 default action to the [STRING] direction of interface [STRING]. |
|
Variable fields |
$1: Traffic direction. $2: Interface name. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_IF_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction of interface Ethernet 3/1/2. |
|
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction of an interface. · Updating the IPv6 default action applied to a specific direction of an interface. |
|
Recommended action |
No action is required. |
PFILTER_IF_MAC_DACT_NO_RES
|
Message text |
Failed to apply or refresh the MAC default action to the [STRING] direction of interface [STRING]. The resources are insufficient. |
|
Variable fields |
$1: Traffic direction. $2: Interface name. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_IF_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient. |
|
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction of an interface. · Updating the MAC default action applied to a specific direction of an interface. |
|
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_IF_MAC_DACT_UNK_ERR
|
Message text |
Failed to apply or refresh the MAC default action to the [STRING] direction of interface [STRING]. |
|
Variable fields |
$1: Traffic direction. $2: Interface name. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_IF_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction of interface Ethernet 3/1/2. |
|
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction of an interface. · Updating the MAC default action applied to a specific direction of an interface. |
|
Recommended action |
No action is required. |
PFILTER_IF_NO_RES
|
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. The resources are insufficient. |
|
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_IF_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient. |
|
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface. |
|
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_IF_NOT_SUPPORT
|
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. The ACL is not supported. |
|
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_IF_NOT_SUPPORT: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2. The ACL is not supported. |
|
Explanation |
The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface. |
|
Recommended action |
Verify the ACL configuration and remove the settings that are not supported. |
PFILTER_IF_RES_CONFLICT
|
Message text |
Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction of interface [STRING]. [STRING] ACL [UINT] has already been applied to the interface. |
|
Variable fields |
$1: ACL type. $2: ACL number. $3: Traffic direction. $4: Interface name. $5: ACL type. $6: ACL number. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_IF_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction of interface Ethernet 3/1/2. IPv6 ACL 3000 has already been applied to the interface. |
|
Explanation |
The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction of an interface. · Updating the ACL applied to a specific direction of an interface. |
|
Recommended action |
Remove the ACL of the same type. |
PFILTER_IF_UNK_ERR
|
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. |
|
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_IF_UNK_ERR: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2. |
|
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface. |
|
Recommended action |
No action is required. |
PFILTER_IPV4_FLOW_INFO
|
Message text |
ACL [STRING] [STRING] [STRING] rule [STRING] [STRING] |
|
Variable fields |
$1: ACL number or name. $2: Traffic direction. $3: Destination to which packet filter applies. $4: ID and content of an ACL rule. $5: Information about the first packet of a flow that matches the rule. |
|
Severity level |
6 |
|
Example |
PFILTER/6/PFILTER_IPV4_FLOW_INFO: ACL 3000 inbound Ethernet 3/1/2 rule 0 permit tcp 192.168.1.1(1024) -> 192.168.5.1(1024). |
|
Explanation |
This message is sent when the first packet of a flow matches an IPv4 advanced ACL rule for packet filtering. The rule has been configured with the flow-logging keyword. |
|
Recommended action |
No action is required. |
PFILTER_IPV4_FLOW_STATIS
|
Message text |
ACL [STRING] [STRING] rule [STRING] [STRING], [UINT64] packet(s). |
|
Variable fields |
$1: ACL number or name. $2: Traffic direction. $3: ID and content of an ACL rule. $4: Information about the first packet of a flow that matched the rule. $5: Number of packets that match the rule. |
|
Severity level |
6 |
|
Example |
PFILTER/6/PFILTER_IPV4_FLOWLOG_STATIS: ACL 3000 inbound rule 0 permit icmp 192.168.1.1(1024) -> 192.168.5.1(1024), 1000 packets. |
|
Explanation |
This message is sent at the logging interval. The rule has been configured with the flow-logging keyword. |
|
Recommended action |
No action is required. |
PFILTER_IPV6_FLOW_INFO
|
Message text |
IPv6 ACL [STRING] [STRING] [STRING] rule [STRING] [STRING] |
|
Variable fields |
$1: ACL number or name. $2: Traffic direction. $3: Destination to which packet filter applies. $4: ID and content of an ACL rule. $5: Information about the first packet of a flow that matches the rule. |
|
Severity level |
6 |
|
Example |
PFILTER/6/PFILTER_IPV6_FLOW_INFO: IPv6 ACL 3000 inbound Ethernet 3/1/2 rule 0 permit tcp 0:1020::200:0(0)->0:720::200:0(0). |
|
Explanation |
This message is sent when the first packet of a flow matches an IPv6 advanced ACL rule applied for packet filtering. The rule has been configured with the flow-logging keyword. |
|
Recommended action |
No action is required. |
PFILTER_IPV6_FLOW_STATIS
|
Message text |
IPv6 ACL [STRING] [STRING] rule [STRING] [STRING], [UINT64] packet(s). |
|
Variable fields |
$1: ACL number or name. $2: Traffic direction. $3: ID and content of an ACL rule. $4: Information about the first packet of a flow that matched the rule. $5: Number of packets that match the rule. |
|
Severity level |
6 |
|
Example |
PFILTER/6/PFILTER_IPV6_FLOWLOG_STATIS: IPv6 ACL 3000 rule 0 permit icmpv6 0:1020::200:0(0)->0:720::200:0(0), 1000 packets. |
|
Explanation |
This message is sent at the logging interval. The rule has been configured with the flow-logging keyword. |
|
Recommended action |
No action is required. |
PFILTER_IPV6_STATIS_INFO
|
Message text |
[STRING] ([STRING]): Packet-filter IPv6 [UINT32] [STRING] [STRING] [UINT64] packet(s). |
|
Variable fields |
$1: Destination to which packet filter applies. $2: Traffic direction. $3: ACL number or name. $4: ID and content of an ACL rule. $5: Number of packets that matched the rule. |
|
Severity level |
6 |
|
Example |
PFILTER/6/PFILTER_IPV6_STATIS_INFO: Ethernet0/4/0 (inbound): Packet-filter IPv6 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s). |
|
Explanation |
This message is generated at the logging interval. The rule has been configured with the logging keyword. |
|
Recommended action |
No action is required. |
PFILTER_MAC_FLOW_INFO
|
Message text |
MAC ACL [STRING] [STRING] [STRING] rule [STRING] [STRING] |
|
Variable fields |
$1: ACL number or name. $2: Traffic direction. $3: Destination to which packet filter applies. $4: ID and content of an ACL rule. $5: Information about the first packet that matches the rule. |
|
Severity level |
6 |
|
Example |
PFILTER/6/PFILTER_MAC_FLOW_INFO: MAC ACL 4000 inbound Ethernet 3/1/2 rule 0 permit 0800-2700-9000 -> 0CDA-411D-0676. |
|
Explanation |
This message is sent when the first packet matches an Layer 2 ACL rule for packet filtering. |
|
Recommended action |
No action is required. |
PFILTER_STATIS_INFO
|
Message text |
[STRING] ([STRING]): Packet-filter [UINT32] [STRING] [UINT64] packet(s). |
|
Variable fields |
$1: Destination to which packet filter applies. $2: Traffic direction. $3: ACL number or name. $4: ID and content of an ACL rule. $5: Number of packets that matched the rule. |
|
Severity level |
6 |
|
Example |
PFILTER/6/PFILTER_STATIS_INFO: Ethernet0/4/0 (inbound): Packet-filter 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s). |
|
Explanation |
This message is sent at the logging interval. |
|
Recommended action |
No action is required. |
PFILTER_VLAN_IPV4_DACT_NO_RES
|
Message text |
Failed to apply or refresh the IPv4 default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient. |
|
Variable fields |
$1: Traffic direction. $2: VLAN ID. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_VLAN_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction of VLAN 1. The resources are insufficient. |
|
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction of a VLAN. · Updating the IPv4 default action applied to a specific direction of a VLAN. |
|
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_VLAN_IPV4_DACT_UNK_ERR
|
Message text |
Failed to apply or refresh the IPv4 default action to the [STRING] direction of VLAN [UINT16]. |
|
Variable fields |
$1: Traffic direction. $2: VLAN ID. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_VLAN_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction of VLAN 1. |
|
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the IPv4 default action to a specific direction of a VLAN. · Updating the IPv4 default action applied to a specific direction of a VLAN. |
|
Recommended action |
No action is required. |
PFILTER_VLAN_IPV6_DACT_NO_RES
|
Message text |
Failed to apply or refresh the IPv6 default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient. |
|
Variable fields |
$1: Traffic direction. $2: VLAN ID. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_VLAN_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction of VLAN 1. The resources are insufficient. |
|
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction of a VLAN. · Updating the IPv6 default action applied to a specific direction of a VLAN. |
|
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_VLAN_IPV6_DACT_UNK_ERR
|
Message text |
Failed to apply or refresh the IPv6 default action to the [STRING] direction of VLAN [UINT16]. |
|
Variable fields |
$1: Traffic direction. $2: VLAN ID. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_VLAN_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction of VLAN 1. |
|
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction of a VLAN. · Updating the IPv6 default action applied to a specific direction of a VLAN. |
|
Recommended action |
No action is required. |
PFILTER_VLAN_MAC_DACT_NO_RES
|
Message text |
Failed to apply or refresh the MAC default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient. |
|
Variable fields |
$1: Traffic direction. $2: VLAN ID. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_VLAN_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction of VLAN 1. The resources are insufficient. |
|
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction of a VLAN. · Updating the MAC default action applied to a specific direction of a VLAN. |
|
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_VLAN_MAC_DACT_UNK_ERR
|
Message text |
Failed to apply or refresh the MAC default action to the [STRING] direction of VLAN [UINT16]. |
|
Variable fields |
$1: Traffic direction. $2: VLAN ID. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_VLAN_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction of VLAN 1. |
|
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction of a VLAN. · Updating the MAC default action applied to a specific direction of a VLAN. |
|
Recommended action |
No action is required. |
PFILTER_VLAN_NO_RES
|
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. The resources are insufficient. |
|
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_VLAN_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of VLAN 1. The resources are insufficient. |
|
Explanation |
The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN. |
|
Recommended action |
Use the display qos-acl resource command to check hardware resource usage. |
PFILTER_VLAN_NOT_SUPPORT
|
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. The ACL is not supported. |
|
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_VLAN_NOT_SUPPORT: Failed to apply or refresh ACL 2000 rule 1 to the inbound direction of VLAN 1. The ACL is not supported. |
|
Explanation |
The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN. |
|
Recommended action |
Verify the ACL configuration and remove the settings that are not supported. |
PFILTER_VLAN_RES_CONFLICT
|
Message text |
Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction of VLAN [UINT16]. [STRING] ACL [UINT] has already been applied to the VLAN. |
|
Variable fields |
$1: ACL type. $2: ACL number. $3: Traffic direction. $4: VLAN ID. $5: ACL type. $6: ACL number. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_VLAN_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction of VLAN 1. IPv6 ACL 3000 has already been applied to the VLAN. |
|
Explanation |
The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction of a VLAN. · Updating the ACL applied to a specific direction of a VLAN. |
|
Recommended action |
Remove the ACL of the same type. |
PFILTER_VLAN_UNK_ERR
|
Message text |
Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. |
|
Variable fields |
$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID. |
|
Severity level |
3 |
|
Example |
PFILTER/3/PFILTER_VLAN_UNK_ERR: Failed to apply or refresh ACL 2000 rule 1 to the inbound direction of VLAN 1. |
|
Explanation |
The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN. |
|
Recommended action |
No action is required. |
PIM messages
This section contains PIM messages.
PIM_NBR_DOWN
|
Message text |
[STRING]: Neighbor [STRING] ([STRING]) is down. |
|
Variable fields |
$1: VPN instance name. If the PIM neighbor belongs to the public network, this field is not displayed. $2: IP address of the PIM neighbor. $3: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
PIM/5/PIM_NBR_DOWN: Neighbor 10.1.1.1(Vlan-interface10) is down. |
|
Impact |
PIM neighbor relationship setup will fail and data forwarding will be terminated. |
|
Cause |
· The hold timer of the PIM neighbor has expired. · The interface where the PIM neighbor resides went down. · The PIM neighbor was deleted. · The device received a neighbor message with the hold time as 0. · The BFD session of the neighbor went down. |
|
Recommended action |
1. Use the display this command to identify whether the pim neighbor-policy or ipv6 pim neighbor-policy command is executed on the interface. ¡ If yes, go to step 2. ¡ If no, go to step 3. 2. Use the display acl or display acl ipv6 command to identify whether the neighbor is permitted by the ACL. ¡ If yes, go to step 3. ¡ If no, reconfigure the ACL to permit the neighbor. 3. Use the display interface command on the local device and the neighbor device to identify the physical state of the interface. ¡ If the physical state is Administratively DOWN, execute the undo shutdown command. ¡ If the physical state is Down, check the physical connection (including whether the network cable and transceiver module are loose or disconnected), and reconnect the physical connection. ¡ If the physical state is Up, go to step 4. 4. Use the display ip interface or display ipv6 interface command on the local device and the neighbor device to identify the protocol state of the interface. ¡ If the protocol state is Up, go to step 5. ¡ If the protocol state is Down, use the ip address or ipv6 address command to assign an IP address to the interface. 5. Use the display this command on the local device and the neighbor device to identify whether the interface is enabled with PIM SM or IPv6 PIM SM. ¡ If yes, go to step 6. ¡ If no, execute the pim sm or ipv6 pim sm command on the interface. 6. Use the display current-configuration command on the local device and the neighbor device to identify whether the VPN instance is enabled multicast routing or IPv6 multicast routing. ¡ If yes, go to step 7. ¡ If no, execute the multicast routing or ipv6 multicast routing command on the interface. 7. Use the display memory command on the local device and the neighbor device to identify the memory usage. ¡ If the memory is insufficient, address the memory issue. ¡ If the memory is sufficient, go to step 8. 8. Use the ping or ping ipv6 command on the local device to test the connectivity with the neighbor device. ¡ If the ping succeeds, go to step 10. ¡ If the ping fails, go to step 9. 9. Use the display ip routing-table or display ipv6 routing-table command on the local device and the neighbor device to identify the unicast routes to each other are normal. ¡ If the unicast routes are normal, go to step 10. ¡ If the unicast routes are abnormal, address the route issues. 10. If the issue persists, collect alarm information and configuration data, and then contact H3C Support for help. |
PIM_NBR_UP
|
Message text |
[STRING]: Neighbor [STRING] ([STRING]) is up. |
|
Variable fields |
$1: VPN instance name. If the PIM neighbor belongs to the public network, this field is not displayed. $2: IP address of the PIM neighbor. $3: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
PIM/5/PIM_NBR_UP: Neighbor 10.1.1.1(Vlan-interface10) is up. |
|
Impact |
No negative impact on the system. |
|
Cause |
A PIM interface received a hello packet and a PIM neighbor was created. |
|
Recommended action |
No action is required. |
PIM_SELECTUPSTREAM_FAIL
|
Message text |
[STRING]: During multicast load balancing based on bandwidth usage, the system failed to select an upstream interface for the ([STRING], [STRING]) entry due to insufficient available bandwidth for multicast streams on all links. |
|
Variable fields |
$1: VPN instance name. If the PIM neighbor belongs to the public network, this field is not displayed. $2: Multicast source address. $3: Multicast group address |
|
Severity level |
5 (Notification) |
|
Example |
PIM/5/SELECTUPSTREAM_FAIL: During multicast load balancing based on bandwidth usage, the system failed to select an upstream interface for the (1.2.3.4, 225.0.0.1) entry due to insufficient available bandwidth for multicast streams on all links. |
|
Impact |
The system will fail to select an upstream interface for the (S, G) entry and a multicast traffic forwarding exception will occur. |
|
Cause |
The available bandwidth for multicast streams on all links is insufficient when the multicast load balancing mode is flow-ucmp. |
|
Recommended action |
Adjust the bandwidth plan in the network. |
PING messages
This section contains ping messages.
PING_STATISTICS
|
Message text |
[STRING] statistics for [STRING]: [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms. |
|
Variable fields |
$1: Ping or ping6. $2: IP address, IPv6 address, or host name for the destination. $3: Number of sent echo requests. $4: Number of received echo replies. $5: Percentage of the non-replied packets to the total request packets. $6: Minimum round-trip delay. $7: Average round-trip delay. $8: Maximum round-trip delay. $9: Standard deviation round-trip delay. |
|
Severity level |
6 |
|
Example |
PING/6/PING_STATISTICS: Ping statistics for 192.168.0.115: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms. |
|
Explanation |
A user uses the ping command to identify whether a destination in the public network is reachable. |
|
Recommended action |
If there is no packet received, identify whether the interface is down. |
PING_VPN_STATISTICS
|
Message text |
[STRING] statistics for [STRING] in VPN instance [STRING] : [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms. |
|
Variable fields |
$1: Ping or ping6. $2: IP address, IPv6 address, or host name for the destination. $3: VPN instance name. $4: Number of sent echo requests. $5: Number of received echo replies. $6: Percentage of the non-replied packets to the total request packets. $7: Minimum round-trip delay. $8: Average round-trip delay. $9: Maximum round-trip delay. $10: Standard deviation round-trip delay. |
|
Severity level |
6 |
|
Example |
PING/6/PING_VPN_STATISTICS: Ping statistics for 192.168.0.115 in VPN instance vpn1: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms. |
|
Explanation |
A user uses the ping command to identify whether a destination in a private network is reachable. |
|
Recommended action |
If there is no packet received, identify whether the interface is down and identify whether a valid route exists in the routing table. |
PKG messages
This section contains package management messages.
PKG_ACTIVE_NEED_RESTART
|
Message text |
The installation of patch [STRING] on [STRING] requires a restart. |
|
Variable fields |
$1: Patch image file name. $2: Device or card to be restarted. |
|
Severity level |
5 |
|
Example |
PKG/5/PKG_ACTIVE_NEED_RESTART: The installation of patch system-patch1.bin on CPU 0 of slot 5 requires a restart. |
|
Explanation |
This notification is generated after a patch that requires a restart to take effect has been installed. |
|
Recommended action |
Reboot the device or card. |
PKG_BOOTLOADER_FILE_FAILED
|
Message text |
Failed to execute the boot-loader file command. |
|
Variable fields |
None |
|
Severity level |
5 |
|
Example |
PKG/5/PKG_BOOTLOADER_FILE_FAILED: -IPAddr=192.168.79.1-User=**; Failed to execute the boot-loader file command. |
|
Explanation |
A user executed the boot-loader file command, but the command failed. |
|
Recommended action |
Take actions as prompted by the command. |
PKG_INACTIVE_NEED_RESTART
|
Message text |
The uninstallation of patch [STRING] on [STRING] requires a restart. |
|
Variable fields |
$1: Patch image file name. $2: Device or card to be restarted. |
|
Severity level |
5 |
|
Example |
PKG/5/ PKG_INACTIVE_NEED_RESTART: The uninstallation of patch system-patch1.bin on CPU 0 of slot 5 requires a restart. |
|
Explanation |
This notification is generated after a patch that requires a restart to take effect has been uninstalled. |
|
Recommended action |
Reboot the device or card. |
PKG_BOOTLOADER_FILE_SUCCESS
|
Message text |
Executed the boot-loader file command successfully. |
|
Variable fields |
None |
|
Severity level |
5 |
|
Example |
PKG/5/PKG_BOOTLOADER_FILE_SUCCESS: -IPAddr=192.168.79.1-User=**; Executed the boot-loader file command successfully. |
|
Explanation |
A user executed the boot-loader file command successfully. |
|
Recommended action |
No action is required. |
PKG_INSTALL_ACTIVATE_FAILED
|
Message text |
Failed to execute the install activate command. |
|
Variable fields |
None |
|
Severity level |
5 |
|
Example |
PKG/5/PKG_INSTALL_ACTIVATE_FAILED: -IPAddr=192.168.79.1-User=**; Failed to execute the install activate command. |
|
Explanation |
A user executed the install activate command, but the command failed. |
|
Recommended action |
Take actions as prompted by the command. |
PKG_INSTALL_ACTIVATE_SUCCESS
|
Message text |
Executed the install activate command successfully. |
|
Variable fields |
None |
|
Severity level |
5 |
|
Example |
PKG/5/PKG_INSTALL_ACTIVATE_SUCCESS: -IPAddr=192.168.79.1-User=**; Executed the install activate command successfully. |
|
Explanation |
A user executed the install activate command successfully. |
|
Recommended action |
No action is required. |
PKG_UPGRADE_INFO
|
Message text |
The [STRING] device upgraded the software version from [STRING] to software [STRING]. |
|
Variable fields |
$1: Device model. $2: Software version before upgrade. $3: Software version after upgrade. |
|
Severity level |
5 (Notification) |
|
Example |
PKG/5/PKG_UPGRADE_INFO: The S6850-56HF device upgraded the software version from software version 1-patch version 1 to software version 2-patch version 2. |
|
Impact |
None. |
|
Cause |
This notification is generated when an install, issu, or boot-loader command is executed successfully. |
|
Recommended action |
No action is required. |
PKI messages
This section contains PKI messages.
GET_CERT_FROM_CA_SERVER_FAIL
|
Message text |
Failed to get the CA or RA certificate from the CA server. Reason: [STRING]. |
|
Variable fields |
$1: Failure reason: · Failed to get the source IP address of PKI protocol packets. · Failed to get the certificate chain. · Root CA not found in the certificate chain. · Failed to verify the CA/RA certificate chain (%s). |
|
Severity level |
5 (Notification) |
|
Example |
PKI/5/GET_CERT_FROM_CA_SERVER_FAIL: Failed to get the CA or RA certificate from the CA server. Reason: root CA not found in the certificate chain. |
|
Impact |
Certificate-related services are unavailable. |
|
Cause |
Failed to get the CA or RA certificate from the CA server. For specific failure reasons, see Variable fields. |
|
Recommended action |
Take the actions corresponding to the failure reasons. |
IMPORT_CERT_FAIL
|
Message text |
Failed to import the certificate. Reason: [STRING]. |
|
Variable fields |
$1: Failure reason: · Unable to get issuer certificate. · Unable to get certificate CRL. · Unable to decrypt CRL's signature. · Unable to decode issuer public key. · Certificate signature failure. · CRL signature failure. · Unable to decrypt certificate's signature. · Certificate is not yet valid. · Certificate has expired. · CRL is not yet valid. · CRL has expired. · Format error in certificate's notBefore field. · Format error in certificate's notAfter field. · Format error in CRL's lastUpdate field. · Format error in CRL's nextUpdate field. · Out of memory. · Self signed certificate. · Self signed certificate in certificate chain. · Unable to get local issuer certificate. · Unable to verify the first certificate. · Certificate chain too long. · Certificate revoked. · Invalid CA certificate. · Invalid non-CA certificate (has CA markings). · Path length constraint exceeded. · Proxy path length constraint exceeded. · Proxy certificates not allowed, please set the appropriate flag. · Unsupported certificate purpose. · Certificate not trusted. · Certificate rejected. · Application verification failure. · Subject issuer mismatch. · Authority and subject key identifier mismatch. · Authority and issuer serial number mismatch. · Key usage does not include certificate signing. · Unable to get CRL issuer certificate. · Unhandled critical extension. · Key usage does not include CRL signing. · Key usage does not include digital signature. · Unhandled critical CRL extension. · Invalid or inconsistent certificate extension. · Invalid or inconsistent certificate policy extension. · No explicit policy. · Different CRL scope. · Unsupported extension feature. · RFC 3779 resource not subset of parent's resources. · Permitted subtree violation. · Excluded subtree violation. · Name constraints minimum and maximum not supported. · Unsupported name constraint type. · CRL path validation error. · Unsupported or invalid name syntax. · Unsupported or invalid name constraint syntax. · Suite B: certificate version invalid. · Suite B: invalid public key algorithm. · Suite B: invalid ECC curve. · Suite B: invalid signature algorithm. · Suite B: curve not allowed for this LOS. · Suite B: cannot sign P-384 with P-256. · Hostname mismatch. · Email address mismatch. · IP address mismatch. · Invalid certificate verification context. · Issuer certificate lookup error. · proxy subject name violation. |
|
Severity level |
5 (Notification) |
|
Example |
PKI/5/IMPORT_CERT_FAIL: Failed to import the certificate. Reason: invalid CA certificate. |
|
Impact |
Certificate-related services are unavailable. |
|
Cause |
Failed to import a certificate. For specific failure reasons, see Variable fields. |
|
Recommended action |
Take the actions corresponding to the failure reasons. |
REQUEST_CERT_FAIL
|
Message text |
Failed to request certificate of domain [STRING]. |
|
Variable fields |
$1: PKI domain name |
|
Severity level |
5 (Notification) |
|
Example |
PKI/5/REQUEST_CERT_FAIL: Failed to request certificate of domain abc. |
|
Impact |
· Certificate-related services are unavailable because no certificate exists on the system. · Certificate-related services are unavailable when the current certificate expires. |
|
Cause |
Failed to request certificate for a domain. |
|
Recommended action |
1. Use the display clock command to view whether the device is time synchronized with the CA server: ¡ If no, use the clock datetime command in user view to synchronize the system time of the device with that of the CA server. ¡ If yes, go to step 2. 2. Use the ping command to check whether the device and the CA server are reachable to each other: ¡ If no, troubleshoot the routes and physical links, and make sure they are reachable to each other. ¡ If yes, go to step 3. 3. Check whether the services on the CA server are normal: ¡ If no, make sure the services on the CA server are normal. ¡ If yes, go to step 4. 4. If the issue persists, collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
REQUEST_CERT_SUCCESS
|
Message text |
Request certificate of domain [STRING] successfully. |
|
Variable fields |
$1: PKI domain name |
|
Severity level |
5 (Notification) |
|
Example |
PKI/5/REQUEST_CERT_SUCCESS: Request certificate of domain abc successfully. |
|
Impact |
No negative impact on the system. |
|
Cause |
Successfully requested certificate for a domain. |
|
Recommended action |
No action is required. |
RETRIEVE_CRL_FAIL
|
Message text |
Failed to retrieve the CRL. Reason: [STRING]. |
|
Variable fields |
$1: Failure reason: · Certificate request URL is not configured. · No local certificate. · No RA certificate. · Type of certificate request reception authority is not configured. · Failed to get the source IP address of PKI protocol packets. · Local certificate and key mismatch. · Failed to get the encryption certificate. · Failed to get issuer name from CA certificate. · Failed to get serial number from CA certificate. · Failed to parse the URL. · Failed to get CRLs from reply. · Failed to get CRL data from the reply. · Unable to get local issuer certificate. · CRL signature failure. · Unable to decode issuer public key. · Format error in CRL's lastUpdate field. · CRL is not yet valid. · Format error in CRL's nextUpdate field. · CRL has expired. · Unable to get issuer certificate. · Failed to save the CRL to the device. · Unable to get certificate CRL. · Unable to decrypt CRL's signature. |
|
Severity level |
5 (Notification) |
|
Example |
PKI/5/RETRIEVE_CRL_FAIL: Failed to retrieve the CRL. Reason: CRL has expired. |
|
Impact |
· Certificate-related services are unavailable because no CRL exists on the system. · Certificate-related services are unavailable when the current CRL expires. |
|
Cause |
Failed to retrieve the CRL. For specific failure reasons, see Variable fields. |
|
Recommended action |
Take the actions corresponding to the failure reasons. |
VALIDATE_CERT_FAIL
|
Message text |
Failed to validate the certificate. Reason: [STRING]. |
|
Variable fields |
$1: Failure reason: · Unable to get issuer certificate. · Unable to get certificate CRL. · Unable to decrypt CRL's signature. · Unable to decode issuer public key. · Certificate signature failure. · CRL signature failure. · Unable to decrypt certificate's signature. · Certificate is not yet valid. · Certificate has expired. · CRL is not yet valid. · CRL has expired. · Format error in certificate's notBefore field. · Format error in certificate's notAfter field. · Format error in CRL's lastUpdate field. · Format error in CRL's nextUpdate field. · Out of memory. · Self signed certificate. · Self signed certificate in certificate chain. · Unable to get local issuer certificate. · Unable to verify the first certificate. · Certificate chain too long. · Certificate revoked. · Invalid CA certificate. · Invalid non-CA certificate (has CA markings). · Path length constraint exceeded. · Proxy path length constraint exceeded. · Proxy certificates not allowed, please set the appropriate flag. · Unsupported certificate purpose. · Certificate not trusted. · Certificate rejected. · Application verification failure. · Subject issuer mismatch. · Authority and subject key identifier mismatch. · Authority and issuer serial number mismatch. · Key usage does not include certificate signing. · Unable to get CRL issuer certificate. · Unhandled critical extension. · Key usage does not include CRL signing. · Key usage does not include digital signature. · Unhandled critical CRL extension. · Invalid or inconsistent certificate extension. · Invalid or inconsistent certificate policy extension. · No explicit policy. · Different CRL scope. · Unsupported extension feature. · RFC 3779 resource not subset of parent's resources. · Permitted subtree violation. · Excluded subtree violation. · Name constraints minimum and maximum not supported. · Unsupported name constraint type. · CRL path validation error. · Unsupported or invalid name syntax. · Unsupported or invalid name constraint syntax. · Suite B: certificate version invalid. · Suite B: invalid public key algorithm. · Suite B: invalid ECC curve. · Suite B: invalid signature algorithm. · Suite B: curve not allowed for this LOS. · Suite B: cannot sign P-384 with P-256. · Hostname mismatch. · Email address mismatch. · IP address mismatch. · Invalid certificate verification context. · Issuer certificate lookup error. · Proxy subject name violation. |
|
Severity level |
5 (Notification) |
|
Example |
PKI/5/VALIDATE_CERT_FAIL: Failed to validate the certificate. Reason: Invalid CA certificate. |
|
Impact |
Certificate-related services are unavailable. |
|
Cause |
Failed to validate the certificate. For specific failure reasons, see Variable fields. |
|
Recommended action |
Take the actions corresponding to the failure reasons. |
PKT2CPU messages
This section contains PKT2CPU messages.
PKT2CPU_NO_RESOURCE
|
Message text |
-Interface=[STRING]-ProtocolType=[UINT32]-MacAddr=[STRING]; The resources are insufficient. -Interface=[STRING]-ProtocolType=[UINT32]-SrcPort=[UINT32]-DstPort=[UINT32]; The resources are insufficient. |
|
Variable fields |
$1: Interface type and number. $2: Protocol type. $3: MAC address or source port. $4: Destination port. |
|
Severity level |
4 (Warning) |
|
Example |
PKT2CPU/4/PKT2CPU_NO_RESOURCE: -Interface=Ethernet0/0/2-ProtocolType=21-MacAddr=0180-c200-0014; The resources are insufficient. |
|
Impact |
The service processing capability is affected, because the hardware resources are insufficient. |
|
Cause |
This message is generated when the hardware resources were insufficient. |
|
Recommended action |
1. Cancel the configuration that is not needed. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
PKTCPT
This section contains packet capture messages.
PKTCPT_AP_OFFLINE
|
Message text |
Failed to start packet capture. Reason: AP was offline. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
PKTCPT/6/PKTCPT_AP_OFFLINE: Failed to start packet capture. Reason: AP was offline. |
|
Impact |
No impact on the system. |
|
Cause |
Packet capture failed to start because the AP configured with packet capture was offline. |
|
Recommended action |
Execute the display wlan ap all command to check the state of the AP. If the State field displays R, R/M, or R/B, it means that the AP is online and running stably, and the packet capture feature can be enabled. |
PKTCPT_AREADY_EXIT
|
Message text |
Failed to start packet capture. Reason: The AP was uploading frames captured during the previous capturing operation. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
PKTCPT/6/PKTCPT_AREADY_EXIT: Failed to start packet capture. Reason: The AP was uploading frames captured during the previous capturing operation. |
|
Impact |
No impact on the system. |
|
Cause |
When packet capture is stopped on the AC, the fit AP might be still uploading the captured frames. This message is generated when the user restarted packet capture at that time. |
|
Recommended action |
1. Restart packet capture later. 2. If the problem persists, contact H3C Support. |
PKTCPT_CONN_FAIL
|
Message text |
Failed to start packet capture. Reason: Failed to connect to the FTP server. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
PKTCPT/6/PKTCPT_CONN_FAIL: Failed to start packet capture. Reason: Failed to connect to the FTP server. |
|
Impact |
No impact on the system. |
|
Cause |
When packet capture is configured, the captured packets will be saved to the specified FTP server. Packet capture failed to start because the device failed to be connected to the FTP server. |
|
Recommended action |
1. Ping the FTP server address. If the ping operation fails, resolve the ping failure first. 2. Restart the packet capture feature. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
PKTCPT_INVALID_FILTER
|
Message text |
Failed to start packet capture. Reason: Invalid expression for matching packets to be captured. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
PKTCPT/6/PKTCPT_INVALD_FILTER: Failed to start packet capture. Reason: Invalid expression for matching packets to be captured. |
|
Impact |
No impact on the system. |
|
Cause |
Packet capture failed to start because the capture filter expression was invalid. |
|
Recommended action |
1. Correct the capture filter expression. 2. If the problem persists, contact H3C Support. |
PKTCPT_LOGIN_DENIED
|
Message text |
Packet capture aborted. Reason: FTP server login failure. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
PKTCPT/6/PKTCPT_LOGIN_DENIED: Packet capture aborted. Reason: FTP server login failure. |
|
Impact |
No impact on the system. |
|
Cause |
Packet capture stopped because the user failed to log in to the FTP server. |
|
Recommended action |
Identify whether the username and password used for logging in to the FTP server match those configured on the FTP server. If not, you cannot log in to the FTP server. Execute the ftp command on the device, enter the username and password, and attempt to upload a file to the FTP server. If the test fails, troubleshoot and resolve the FTP upload failure issue. |
PKTCPT_MEMORY_ALERT
|
Message text |
Packet capture aborted. Reason: Memory threshold reached. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
PKTCPT/6/PKTCPT_MEMORY_ALERT: Packet capture aborted. Reason: Memory threshold reached. |
|
Impact |
No impact on the system. |
|
Cause |
Packet capture stopped because the memory threshold was reached. |
|
Recommended action |
1. Release memory resources. For example, execute the logfile save command to manually save the contents of the log file buffer to the log file and release the memory resources occupied by the log file buffer. 2. Execute the display memory command to check the memory usage: ¡ If the memory usage has not dropped below the threshold, execute the display process command to check the memory usage of user-state processes. If a particular process is consuming a significant amount of memory, you can enable or disable the corresponding software functionality of that process to release memory. ¡ If the memory usage drops below the alarm threshold, the memory alarm will be cleared. The Tcl monitoring policy will continue to be effective, so no additional action is required. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
PKTCPT_OPEN_FAIL
|
Message text |
Failed to start packet capture. Reason: File for storing captured frames not opened. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
PKTCPT/6/PKTCPT_OPEN_FAIL: Failed to start packet capture. Reason: File for storing captured frames not opened. |
|
Impact |
No impact on the system. |
|
Cause |
Packer capture failed to start because the file for storing the captured frames cannot be opened. |
|
Recommended action |
· If the current logged-in user does not have the permission to write the file, the administrator must use the RBAC feature to configure the permission to write the file for the user. Alternatively, switch to a user with the permission to write the file, log in to the device again, and then enable the packet capture feature. · If the specified file is currently being accessed by another process, try again by using a different file name. |
PKTCPT_OPERATION_TIMEOUT
|
Message text |
Failed to start or continue packet capture. Reason: Operation timed out. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
PKTCPT/6/PKTCPT_OPERATION_TIMEOUT: Failed to start or continue packet capture. Reason: Operation timed out. |
|
Impact |
No impact on the system. |
|
Cause |
This message is generated in the following situations: · Packet capture failed to start because the FTP server in a different network segment is not reachable and the connection timed out. · Packet capture stopped because the FTP server in a different network segment is offline and uploading the captured frames timed out. |
|
Recommended action |
1. Ping the FTP server to identify whether the FTP server is reachable. If the ping fails, resolve the connectivity issue with the FTP server. 2. Identify whether the FTP server is providing services properly. On the device, execute the ftp command, provide the username and password, and attempt to upload a file to the FTP server. If the test fails, identify and resolve the issue causing the FTP upload failure. |
PKTCPT_SERVICE_FAIL
|
Message text |
Failed to start packet capture. Reason: TCP or UDP port binding faults. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
PKTCPT/6/PKTCPT_SERVICE_FAIL: Failed to start packet capture. Reason: TCP or UDP port binding faults. |
|
Impact |
No impact on the system. |
|
Cause |
Packet capture failed to start because an error occurs during TCP or UDP port binding. |
|
Recommended action |
Perform packet capture with a new port number: 1. Execute the display tcp and display udp commands on the device to check the current TCP and UDP port numbers being used by the device. 2. Use an unused TCP or UDP port number as the RPCAP service listening port number when executing the packet-capture remote command. 3. Connect the client to the device and specify the device IP address as the server-side IP address and the port value configured in the packet-capture remote command as the server-side listening port value. The client will establish an RPCAP connection to the device by using the specified IP address and port number. 4. The device will send the captured packets to the client through the RPCAP connection. 5. The client can parse and display the received packets. |
PKTCPT_UNKNOWN_ERROR
|
Message text |
Failed to start or continue packet capture. Reason: Unknown error. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
PKTCPT/6/PKTCPT_UNKNOWN_ERROR: Failed to start or continue the packet capture. Reason: Unknown error. |
|
Impact |
No impact on the system. |
|
Cause |
Packet capture failed to start or packet capture stopped because of an unknown error. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PKTCPT_UPLOAD_ERROR
|
Message text |
Packet capture aborted. Reason: Failed to upload captured frames. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
PKTCPT/6/PKTCPT_UPLOAD_ERROR: Packet capture aborted. Reason: Failed to upload captured frames. |
|
Impact |
No impact on the system. |
|
Cause |
If the specified directory for saving captured data packets does not exist or you do not have permissions to write the directory, the captured data packets will fail to be uploaded and the packet capture process will stop. |
|
Recommended action |
1. Identify whether the specified directory in the packet-capture command exists on the FTP server: If the directory does not exist, create it on the FTP server before performing the packet capture operation on the device. 2. Identify whether you have permissions to write the specified directory in the packet-capture command: Execute the ftp command on the device. Enter the username and password for the FTP server. Try to upload a file to the directory specified in the packet-capture command: ¡ If the upload is successful, it means you have permissions to write the directory. ¡ If the upload fails, it means you do not have permissions to write the directory. Try a different directory within the FTP server's working path and try again. |
PKTCPT_WRITE_FAIL
|
Message text |
Packet capture aborted. Reason: Not enough space to store captured frames. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
PKTCPT/6/PKTCPT_WRITE_FAIL: Packet capture aborted. Reason: Not enough space to store captured frames. |
|
Impact |
No impact on the system. |
|
Cause |
Packet capture stopped because the memory space is not enough for storing captured frames. |
|
Recommended action |
Execute the dir command in user view to view the file information in the device's storage media. To release storage space, you can use the delete /unreserved command to delete unnecessary files. |
PoE messages
This section contains PoE messages.
POE_AI_CLEAR
|
Message text |
Clearing all preceding AI configurations on PoE port [STRING]. Reason: The port still cannot supply power to the PD after forced power supply has been enabled on the port. |
|
Variable fields |
$1: PI name. |
|
Severity level |
6 |
|
Example |
POE/6/POE_AI_CLEAR: Recover the ai PoE configuration on the PoE port GigabitEthernet1/0/1. Reason: The port still cannot supply power to the PD after forced power supply has been enabled on the port. |
|
Explanation |
A PI still cannot supply power to the PD after forced power supply has been enabled on it. The system is clearing all preceding AI configurations on the PI. |
|
Recommended action |
Check the link between the PI and PD for hardware faults. |
POE_AI_DETECTIONMODE_NONE
|
Message text |
Changing the PD detection mode for PoE port [STRING] to none. Reason: The port still cannot supply power to the PD after the PD detection mode has been changed to simple. |
|
Variable fields |
$1: PI name. |
|
Severity level |
6 |
|
Example |
POE/6/POE_AI_DETECTIONMODE_NONE: Changing the PD detection mode for PoE port GigabitEthernet1/0/1 to none. Reason: The port still cannot supply power to the PD after the PD detection mode has been changed to simple. |
|
Explanation |
A PI still cannot supply power to the PD after the PD detection mode has been changed to simple. The system is changing the PD detection mode on the PI to none. |
|
Recommended action |
No action is required |
POE_AI_DETECTIONMODE_SIMPLE
|
Message text |
Changing the PD detection mode for PoE port [STRING] to simple. Reason: The port still cannot supply power to the PD after non-standard PD detection is enabled. |
|
Variable fields |
$1: PI name. |
|
Severity level |
6 |
|
Example |
POE/6/POE_AI_DETECTIONMODE_SIMPLE: Changing the PD detection mode for PoE port GigabitEthernet1/0/1 to simple. Reason: The port still cannot supply power to the PD after non-standard PD detection is enabled. |
|
Explanation |
A PI still cannot supply power to the PD after non-standard PD detection is enabled. The system is changing the PD detection mode on the PI to simple. |
|
Recommended action |
No action is required. |
POE_AI_DISCONNECT_AC
|
Message text |
Changing from MPS detection to AC detection on PoE port [STRING]. Reason: The port still cannot supply power to the PD after MPS detection is delayed. |
|
Variable fields |
$1: PI name. |
|
Severity level |
6 |
|
Example |
POE/6/POE_AI_DISCONNET_AC: Changing from MPS detection to AC detection on PoE port GigabitEthernet1/0/1. Reason: The port still cannot supply power to the PD after MPS detection is delayed. |
|
Explanation |
A PI still cannot supply power to the PD after MPS detection is delayed. The system is changing the detection mode on the PI to AC detection from MPS detection. |
|
Recommended action |
No action is required. |
POE_AI_DISCONNECT_DELAY
|
Message text |
Delaying the MPS detection on PoE port [STRING]. Reason: The port has stopped power supply because of MPS current insufficiency. |
|
Variable fields |
$1: PI name. |
|
Severity level |
6 |
|
Example |
POE/6/POE_AI_DISCONNET_DELAY: Delaying the MPS detection on PoE port GigabitEthernet1/0/1. Reason: The port has stopped power supply because of MPS current insufficiency. |
|
Explanation |
A PI has stopped power supply to the PD because of MPS current insufficiency. The system is delaying the MPS detection on the PI. |
|
Recommended action |
No action is required. |
POE_AI_FORCE_PoE
|
Message text |
Enabling forced power supply on PoE port [STRING]. Reason: The port still cannot supply power to the PD after the PD detection mode has been changed to none. |
|
Variable fields |
$1: PI name. |
|
Severity level |
6 |
|
Example |
POE/6/POE_AI_FORCE_PoE: Enabling forced power supply on PoE port GigabitEthernet1/0/1. Reason: The port still cannot supply power to the PD after the PD detection mode has been changed to none. |
|
Explanation |
A PI still cannot supply power to the PD after the PD detection mode has been changed to none. The system is enabling forced power supply on the PI. |
|
Recommended action |
No action is required. |
POE_AI_HIGH_INRUSH
|
Message text |
Increasing the inrush current threshold for PoE port [STRING]. Reason: The port has stopped power supply because of a high inrush current. |
|
Variable fields |
N/A |
|
Severity level |
6 |
|
Example |
POE/6/POE_AI_HIGH_INRUSH: Increasing the inrush current threshold for PoE port GigabitEthernet1/0/1. Reason: The port has stopped power supply because of a high inrush current. |
|
Explanation |
A PI has stopped power supply to the PD because of a high inrush current. The system is Increasing the inrush current threshold for the PI. |
|
Recommended action |
No action is required. |
POE_AI_LEGACY
|
Message text |
Enabling non-standard PD detection on PoE port [STRING]. Reason: The port cannot supply power to the PD. |
|
Variable fields |
$1: PI name. |
|
Severity level |
6 |
|
Example |
POE/6/POE_AI_LEGACY: Enabling non-standard PD detection on PoE port GigabitEthernet1/0/1. Reason: The port cannot supply power to the PD. |
|
Explanation |
A PI cannot supply power to the PD. The system is enabling non-standard PD detection on the PI. |
|
Recommended action |
No action is required. |
POE_AI_MAXPOWER
|
Message text |
Increasing the maximum power of PoE port [STRING] to [UINT32]. Reason: An instant power surge has caused overload self-protection of the port |
|
Variable fields |
$1: PI name. $2: Maximum power. |
|
Severity level |
6 |
|
Example |
POE/6/POE_AI_MAXPOWER: Increasing the maximum power of PoE port GigabitEthernet1/0/1 to 2000. Reason: An instant power surge has caused overload self-protection of the port. |
|
Explanation |
A PI has entered overload self-protection due to an instant power surge. The system is increasing the maximum power of the PI. |
|
Recommended action |
No action is required. |
POE_AI_RESTART
|
Message text |
Re-enabling PoE on port [STRING]. Reason: The power consumption of the port is 0. |
|
Variable fields |
$1: PI name. |
|
Severity level |
6 |
|
Example |
POE/6/POE_AI_RESTART: Re-enabling PoE on port GigabitEthernet1/0/1. Reason: The power consumption of the port is 0. |
|
Explanation |
A PI is in power supply state but its power consumption is 0. The system is re-enabling PoE on the PI. |
|
Recommended action |
No action is required. |
POE_TRACK_POWEROFF
|
Message text |
Shut off power to PoE port [STRING]. Reason: The associated track entry detects that the PD is unreachable. |
|
Variable fields |
$1: PI name. |
|
Severity level |
5 |
|
Example |
POE/5/POE_TRACK_POWEROFF: Shut off power to PoE port GigabitEthernet 1/0/1. Reason: The associated track entry detects that the PD is unreachable. |
|
Explanation |
The track entry associated with the specified PI detects that the PD is unreachable, and the system reboots the PD. |
|
Recommended action |
1. Ensure good link connectivity between the device and PD. 2. Make sure the PD is operating correctly. |
POE_TRACK_UNREACHABLE
|
Message text |
The associated track entry detects that the PD connected to port [STRING] is unreachable. |
|
Variable fields |
$1: PI name. |
|
Severity level |
5 |
|
Example |
POE/5/POE_TRACK_UNREACHABLE: The associated track entry detects that the PD connected to port GigabitEthernet 1/0/1 is unreachable. |
|
Explanation |
The track entry associated with the specified PI detects that the PD connected to the PI is unreachable. |
|
Recommended action |
1. Ensure good link connectivity between the device and PD. 2. Make sure the PD is operating correctly. |
PSE_PORT_ON_OFF_CHANGE
|
Message text |
Trap <pethPsePortOnOffNotification>: PSE [UINT32], IfIndex [UINT32], Detection Status [INTEGER] [STRING] |
|
Variable fields |
$1: PSE ID. $2: PI index. $3: PI power supply status code. $4: PI power supply status. ¡ disabled: The PI is disabled from supplying power. This status maps status code 1. ¡ searching: The PI is searching for PDs. This status maps status code 2. ¡ deliveringPower: The PI is supplying power. This status maps status code 3. ¡ fault: The PI has a power supply failure, for example, insufficient power to supply the PD. This status maps status code 4. ¡ test: The PI is checking whether the PD meets the power supply requirements. This status maps status code 5. ¡ otherFault: The PI has other power supply faults such as PD overload and short circuit, resulting in power supply failure. This status maps status code 6. |
|
Severity level |
1 |
|
Example |
PoE/1/PSE_PORT_ON_OFF_CHANGE: Trap <pethPsePortOnOffNotification>: PSE 1, IfIndex 25, Detection Status 3(deliveringPower) |
|
Explanation |
This log is generated when the power status of a PI changes. |
|
Recommended action |
· When the power supply status of the PI is disabled, execute the poe enable command in PI view as needed to enable PoE on the PI. · No action is required when the power supply status of the PI is searching, deliveringPower, or test. · When the power supply status of the PI is fault or otherFault, perform the following steps: a. Verify that the link between the device and PD is active. b. Verify that the PD is running correctly. c. Execute the display poe interface command to check whether the value of the Remaining field is less than the sum of guard band and PD rated power. If the value of the Remaining field is smaller, add a PSE. d. If the issue persists, collect configuration file, log information, and alarm information, and contact Technical Support. |
Portal messages
This section contains portal messages.
PORTAL_RULE_FAILED
|
Message text |
Failed to assign a portal rule. Reason=[STRING]. |
|
Variable fields |
$1: Reason for portal filtering rule assignment failure, see Table 10. |
|
Severity level |
4 (Warning) |
|
Example |
PORTAL/4/PORTAL_RULE_FAILED: Failed to assign a portal rule. Reason=Not enough resources. |
|
Impact |
The device cannot correctly control user packets. |
|
Cause |
Failed to assign a portal filtering rule. For specific failure reasons, see Table 10. |
|
Recommended action |
Choose recommended actions according to the reasons (see Table 10). |
Table 10 Reason for rule assignment failure and recommended action
|
Reason |
Recommended action |
|
Portal failed to assign a rule to the driver. |
Collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
|
Input parameters in the rule are incorrect. |
Collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
|
The rule already exists. |
Collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
|
The driver doesn't support rule assignment. |
Identify whether the device supports portal filtering rules. · If the device does not support portal filtering rules, no action is required. · If the device supports portal filtering rules, collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
|
1. Examine the hardware resource usage by using the display qos-acl resource command. 2. Release some hardware resources. |
PORTSEC messages
This section contains port security messages.
PORTSEC_ACL_FAILURE
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]; ACL authorization failed because [STRING]. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: Cause of failure: · the specified ACL didn't exist. · this type of ACL is not supported. · hardware resources were insufficient. · the specified ACL conflicted with other ACLs applied to the interface. · the specified ACL didn't contain any rules. · unknown error. |
|
Severity level |
4 |
|
Example |
PORTSEC/4/PORTSEC_ACL_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; ACL authorization failed because the specified ACL didn't exist. |
|
Explanation |
ACL authorization failed for a specific reason. |
|
Recommended action |
Handle the issue according to the failure cause. |
PORTSEC_CAR_FAILURE
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]; Failed to assign CAR attributes to driver. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. |
|
Severity level |
5 |
|
Example |
PORTSEC/5/PORTSEC_CAR_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; Failed to assign CAR attributes to driver. |
|
Explanation |
The device failed to assign CAR attributes to the driver. |
|
Recommended action |
No action is required. |
PORTSEC_CREATEAC_FAILURE
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]; Failed to create AC. Reason: [STRING]. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: Cause of failure: · hardware resources were insufficient. · unknown error. |
|
Severity level |
3 |
|
Example |
PORTSEC/3/PORTSEC_CREATEAC_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; Failed to create AC. Reason: hardware resources were insufficient. |
|
Explanation |
Creating AC failed for a specific reason. |
|
Recommended action |
If creating AC failed because of reasons except insufficient hardware resources, execute the display l2vpn vsi command and verify that the VSI exists. If the VSI does not exist, create the VSI by using the vsi command. |
PORTSEC_LEARNED_MACADDR
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]; A new MAC address was learned. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. |
|
Severity level |
6 |
|
Example |
PORTSEC/6/PORTSEC_LEARNED_MACADDR:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444; A new MAC address was learned. |
|
Explanation |
A new secure MAC address was learned on the interface. |
|
Recommended action |
No action is required. |
PORTSEC_NTK_NOT_EFFECTIVE
|
Message text |
The NeedToKnow feature is configured but is not effective on interface [STRING]. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 |
|
Example |
PORTSEC/3/PORTSEC_NTK_NOT_EFFECTIVE: The NeedToKnow feature is configured but is not effective on interface Ethernet3/1/2. |
|
Explanation |
The NeedToKnow mode does not take effect on an interface, because the interface does not support the NeedToKnow mode. |
|
Recommended action |
1. Disable the NeedToKnow feature on the interface. 2. Reconnect the connected devices to another interface that supports the NeedToKnow mode. 3. Configure the NeedToKnow mode on the new interface. |
PORTSEC_PORTMODE_NOT_EFFECTIVE
|
Message text |
The port security mode is configured but is not effective on interface [STRING]. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 |
|
Example |
PORTSEC/3/PORTSEC_PORTMODE_NOT_EFFECTIVE: The port security mode is configured but is not effective on interface Ethernet3/1/2. |
|
Explanation |
The port security mode does not take effect on an interface, because the interface does not support this mode. |
|
Recommended action |
· Change the port security mode to another mode that is supported by the interface. · Reconnect the connected devices to another interface that supports this port security mode, and configure the port security mode on the new interface. |
PORTSEC_PROFILE_FAILURE
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]; Failed to assign a user profile to driver. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. |
|
Severity level |
5 |
|
Example |
PORTSEC/5/PORTSEC_PROFILE_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; Failed to assign a user profile to driver. |
|
Explanation |
The device failed to assign a user profile to the driver. |
|
Recommended action |
No action is required. |
PORTSEC_URL_FAILURE
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]; URL authorization failed because [STRING]. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: Cause of failure: · this operation was not supported. · hardware resources were insufficient. · parameters were invalid. · an unknown error existed. |
|
Severity level |
4 |
|
Example |
PORTSEC/4/PORTSEC_URL_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; URL authorization failed because hardware resources were insufficient. |
|
Explanation |
URL authorization failed for a specific reason. |
|
Recommended action |
Handle the issue according to the failure cause. |
PORTSEC_VIOLATION
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-IfStatus=[STRING]; Intrusion protection was triggered. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Interface status. |
|
Severity level |
5 |
|
Example |
PORTSEC/5/PORTSEC_VIOLATION:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-IfStatus=Up; Intrusion protection was triggered. |
|
Explanation |
Intrusion protection was triggered. |
|
Recommended action |
· Check the port security configuration. · Change the port security mode to another mode. |
PORTSEC_VLANMACLIMIT
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]; Maximum number of MAC addresses already reached in the VLAN. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. |
|
Severity level |
5 |
|
Example |
PORTSEC/5/PORTSEC_VLANMACLIMIT:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444; Maximum number of MAC addresses already reached in the VLAN. |
|
Explanation |
Access attempt from a new user in a VLAN was rejected on a port because the number of MAC addresses has reached port security's limit on the port for that VLAN. |
|
Recommended action |
Examine the network for the risk of unknown source MAC attacks. |
PPP messages
This section contains PPP messages.
IPPOOL_ADDRESS_EXHAUSTED
|
Message text |
The address pool [STRING] was exhausted. |
|
Variable fields |
$1: Pool name. |
|
Severity level |
5 (Notification) |
|
Example |
PPP/5/IPPOOL_ADDRESS_EXHAUSTED: The address pool aaa was exhausted. |
|
Impact |
The address pool cannot allocate addresses to new online users. |
|
Cause |
This message is generated when the last address is assigned from the pool. |
|
Recommended action |
Add new addresses to the pool. |
PPP_USER_LOGOFF
|
Message text |
-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OutVlan=[UINT16]-InVlan=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; User logged off. |
|
Variable fields |
$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Cause (see Table 11). |
|
Severity level |
6 (Informational) |
|
Example |
PPP/6/PPP_USER_LOGOFF: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OutVlan=1000-InVlan=4000-MACAddr=0230-0103-5601-Reason=Use request; User logged off. |
|
Impact |
N/A |
|
Cause |
For user offline causes, see Table 11. |
|
Recommended action |
No action is required. |
Table 11 Typical offline causes
|
Offline cause |
Description |
|
User request |
The user session was terminated at the user's request. |
|
Lost carrier |
The Keepalive packets were lost, possibly because the link between the user device and the device connecting to the BAS fails. |
|
Lost service |
The service server terminated the service, such as L2TP. |
|
BAS error |
The BAS software errors caused the user logoff. |
|
BAS reboot |
The BAS sent disconnection information before an unexpected reboot. |
|
Admin reset |
The user session was terminated because of management reasons. |
|
BAS request |
Unknown reasons. |
|
Session timeout |
The user session timed out or the traffic quota was used up. |
|
Server command |
The AAA server logged off the user. |
|
Idle timeout |
The user traffic did not reach the threshold within the specified period. |
|
Account update fail |
The accounting update failed. |
|
Port error |
The BAS detected errors on the user access port. |
|
Admin reboot |
The BAS sent disconnection information before a reboot. |
PPP_USER_LOGON_FAILED
|
Message text |
-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OutVlan=[UINT16]-InVlan=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; User got online failed. |
|
Variable fields |
$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Cause (see Table 12). |
|
Severity level |
5 (Notification) |
|
Example |
PPP/5/PPP_USER_LOGON_FAILED: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OutVlan=1000-InVlan=4000-MACAddr=0230-0103-5601-Reason=Authentication failed; User got online failed. |
|
Impact |
A user cannot come online. |
|
Cause |
For user online failure causes, see Table 12. |
|
Recommended action |
1. Verify that the username and password are correct. 2. Verify that the AAA server is operating correctly. 3. Verify that the address pool is configured correctly. |
Table 12 Typical online failure causes
|
Online failure cause |
Description |
|
Authentication failed |
Authentication failed. |
|
Authorization failed |
Authorization failed. |
|
Assign IP failed |
IP allocation failed. |
|
Accounting failed |
Accounting failed. |
PPP_USER_LOGON_SUCCESS
|
Message text |
-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OutVlan=[UINT16]-InVlan=[UINT16]-MACAddr=[MAC]; User got online successfully. |
|
Variable fields |
$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. |
|
Severity level |
6 (Informational) |
|
Example |
PPP/6/PPP_USER_LOGON_SUCCESS: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OutVlan=1000-InVlan=4000-MACAddr=0230-0103-5601; User got online successfully. |
|
Impact |
N/A |
|
Cause |
The user has come online. |
|
Recommended action |
No action is required. |
PTP messages
This section contains PTP messages.
PTP_MASTER_CLOCK_CHANGE
|
Message text |
In PTP instance [UINT16], PTP master clock property changed. (OldMasterClockId=[STRING], CurrentMasterClockId=[STRING], NewSourceIfIndex=[UINT16], OldSourcePortNum=[UINT16], CurrentSourcePortNum=[UINT16], OldSourcePortName=[STRING], CurrentSourcePortName=[STRING]) |
|
Variable fields |
$1: ID of the PTP instance. (Support for PTP instances depends on the device model.) $2: ID of the original master clock. $3: ID of the current master clock. $4: Index of the new clock source. $5: Number of the interface through which the old clock source distributed its time to the device. $6: Number of the interface through which the new clock source distributes its time to the device. $7: Name of the interface through which the old clock source distributed its time to the device. $8: Name of the interface through which the new clock source distributes its time to the device. |
|
Severity level |
4 |
|
Example |
PTP/4/PTP_MASTER_CLOCK_CHANGE: In PTP instance 1, PTP master clock property changed. (OldMasterClockId=000FE2-FFFE-FF0000, CurrentMasterClockId=000FE2-FFFE-FF0000, NewSourceIfIndex=1, OldSourcePortNum=2, CurrentSourcePortNum=1, OldSourcePortName=GigabitEthernet1/0/2, CurrentSourcePortName=GigabitEthernet1/0/1) |
|
Explanation |
The attributes of the master clock changed. Possible reasons include: · The attributes of the clock nodes in the PTP domain had changed. As a result, a clock source with higher priority appeared or the path to the clock source changed. · The device had connected to a clock source with higher priority. · The PTP interface that received clock source signals is down or its link is down. |
|
Recommended action |
Execute the display ptp interface brief command to check for PTP interfaces in Disabled state. · If a PTP interface is in Disabled state, the interface does not handle PTP messages. Collect log and configuration information and contact the Technical Support. · If no PTP interface is in Disabled state, identify whether PTP settings have changed. ¡ If PTP settings have changed, restore the settings. ¡ If PTP settings have not changed, collect log and configuration information and contact the Technical Support. |
PTP_MEAN_PATH_DELAY_ABNORMAL
|
Message text |
In PTP instance [UINT16], PTP mean path delay is abnormal. (Delay-mechanism=[UINT64], MeanPathDelay=[UINT64] ns, MeanPathDelayThreshold=[UINT64] ns) |
|
Variable fields |
$1: PTP instance ID. (Support for PTP instances depends on the device model.) $2: Delay measurement mechanism: ¡ e2e—Request-response delay measurement mechanism. ¡ p2p—Peer delay measurement mechanism. $3: Mean path delay, in ns. $4: Mean path delay threshold, in ns. |
|
Severity level |
5 |
|
Example |
PTP/5/PTP_MEAN_PATH_DELAY_ABNORMAL: In PTP instance 1, PTP mean path delay is abnormal. (Delay-mechanism=e2e, MeanPathDelay=70000 ns, MeanPathDelayThreshold=7000 ns) |
|
Explanation |
This log is generated when the mean path delay in a PTP instance reaches the threshold. |
|
Recommended action |
PTP time synchronization continues even if the PTP mean path delay is increased. · If increase of the mean path delay is caused by network environment changes, check the network. · If the network delay is stable and has not fluctuated, collect alarm, log, and configuration information and contact Technical Support. |
PTP_PKTLOST
|
Message text |
In PTP instance [UINT16], PTP packets were lost. (PortName=[STRING], PktType=[STRING]) |
|
Variable fields |
$1: ID of the PTP instance. (Support for PTP instances depends on the device model.) $2: Name of the PTP interface. $3: PTP message type: ¡ Delay_Resp ¡ Announce ¡ Sync ¡ Pdelay_Resp |
|
Severity level |
4 |
|
Example |
PTP/4/PTP_PKTLOST: In PTP instance 1, PTP packets were lost. (PortName=GigabitEthernet1/0/1, PktType=Announce) |
|
Explanation |
The subordinate port failed to receive Announce, Delay_Resp, and Sync messages within the timeout period. |
|
Recommended action |
Execute the display ptp statistics command to identify whether the counts of the received PTP messages are increasing. · If the counts are increasing, the timeout was caused by link delay. No action is required. · If the counts are not increasing, execute the display ptp statistics command to identify whether the counts of transmitted messages are increasing. ¡ If the counts are increasing, a link failure caused the timeout. Resolve the issue and recover the link. ¡ If the counts are not increasing, collect log and configuration information and contact the Technical Support. |
PTP_PKTLOST_RECOVER
|
Message text |
In PTP instance [UINT16], PTP packets lost were recovered. (PortName=[STRING], PktType=[STRING]) |
|
Variable fields |
$1: ID of the PTP instance. (Support for PTP instances depends on the device model.) $1: Name of the PTP interface. $3: PTP message type: ¡ Delay_Resp ¡ Announce ¡ Sync ¡ Pdelay_Resp |
|
Severity level |
4 |
|
Example |
PTP/4/PTP_PKTLOST_RECOVER: In PTP instance 1, PTP packets lost were recovered. (PortName=GigabitEthernet1/0/1, PktType =Announce) |
|
Explanation |
· The subordinate port resumed receiving of Announce, Delay_Resp, and Sync messages. A timeout had occurred before. · The device role changed from member clock to master clock. A PTP message receiving timeout had occurred before. |
|
Recommended action |
No action is required. |
PTP_PORT_BMCINFO_CHANGE
|
Message text |
In PTP instance [UINT16], PTP BMC info for port [UINT16] changed. (PortName=[STRING], PortSourceId=[STRING], PortSourcePortNum=[UINT16], PortSourceStepsRemoved=[UINT16], CurrentMasterClockId=[STRING]) |
|
Variable fields |
$1: ID of the PTP instance. (Support for PTP instances depends on the device model.) $2: PTP interface index. $3: PTP interface name. $4: Clock source ID that the PTP interface receives. $5: Clock source port number that the PTP interface receives. $6: Number of removed steps that the PTP interface receives. $7: Master clock ID. |
|
Severity level |
5 |
|
Example |
PTP/5/PTP_PORT_BMCINFO_CHANGE: In PTP instance 1, PTP BMC info for port 1 changed. (PortName=GigabitEthernet1/0/1, PortSourceId=000FE2-FFFE-FF0001, PortSourcePortNum=1, PortSourceStepsRemoved=5, CurrentMasterClockId=000FE2-FFFE-FF0000) |
|
Explanation |
Clock source information received by the PTP interface changed, including the clock source ID, port number, and number of removed steps. |
|
Recommended action |
No action is required. |
PTP_PORT_STATE_CHANGE
|
Message text |
In PTP instance [UINT16], PTP port state changed. (IfIndex=[UINT16], PortName=[STRING], PortState=[STRING], OldPortState=[STRING]) |
|
Variable fields |
$1: ID of the PTP instance. (Support for PTP instances depends on the device model.) $2: PTP interface index. $3: PTP interface name. $4: PTP interface state. ¡ Master—Sends synchronization messages. ¡ Slave—Receives synchronization messages. ¡ Passive—Neither receives nor sends synchronization messages. A PTP interface is in passive state after it receives an announce message. ¡ Listening—Neither receives nor sends synchronization messages. A PTP interface is in listening state after being initialized. ¡ Faulty—PTP is running incorrectly. A PTP interface in faulty state does not process PTP messages. ¡ Initializing—The interface is initializing. A PTP interface in initializing state does not process PTP messages. ¡ Premaster—Temporary state before the interface enters Master state. ¡ Disabled—PTP is not running on the interface. The interface does not process PTP messages. ¡ Uncalibrated—Temporary state before the interface enters Slave state. $5: Previous state of the PTP interface. |
|
Severity level |
5 |
|
Example |
PTP/5/PTP_PORT_STATE_CHANGE: In PTP instance 1, PTP port state changed. (IfIndex=1, PortName=GigabitEthernet1/0/1, PortState=Slave, OldPortState=Master) |
|
Explanation |
PTP interface state changed. Possible reasons include: · The attributes of the clock nodes in the PTP domain had changed, including the priority, time class, time accuracy, and NotSlave feature. · The device had connected to another clock source with higher priority. · The PTP interface or its link had gone down. |
|
Recommended action |
Execute the display ptp interface brief command to identify whether a PTP interface is in Fault state. · If there is a PTP interface in Fault state, the PTP interface or its link was down. Resolve the issue and recover the link. · If no PTP interface is in Fault state, identify whether PTP settings have changed. ¡ If PTP settings have changed, restore the settings. ¡ If PTP settings have not changed, collect log and configuration information and contact the Technical Support. |
PTP_SRC_CHANGE
|
Message text |
In PTP instance [UINT16], PTP clock source property changed. (SourceName=[STRING], Priority1=[UCHAR], Priority2=[UCHAR], ClockClass=[UINT16], ClockAccuracy=[UINT16]], ClockSourceType=[STRING]) |
|
Variable fields |
$1: ID of the PTP instance. (Support for PTP instances depends on the device model.) $2: Clock source: ¡ Local ¡ ToD1 ¡ ToD2 $3: Priority 1 $4: Priority 2 $5: Class of the clock source $6: Accuracy of the clock source $7: GM type: ¡ Atomic clock. ¡ Global Positioning System (GPS). ¡ Handset. ¡ Internal oscillator. ¡ NTP. ¡ Other. ¡ PTP. ¡ Terrestrial radio. ¡ Unknown. |
|
Severity level |
5 |
|
Example |
PTP/5/PTP_SRC_CHANGE: In PTP instance 1, PTP clock source property changed. (SourceName=Tod1, Priority1=1, Priority2=2, ClockClass=6, ClockAccuracy=20, ClockSourceType=Atomic clock) |
|
Explanation |
The attributes of the clock source changed. Possible reasons include: · Command lines had been executed to change the clock source attributes. · The device had connected to another clock source with a higher accuracy. |
|
Recommended action |
No action is required. |
PTP_SRC_SWITCH
|
Message text |
In PTP instance [UINT16], PTP clock source switched. (LastClockID=[STRING], CurrentClockID=[STRING]) |
|
Variable fields |
$1: ID of the PTP instance. (Support for PTP instances depends on the device model.) $2: ID of the original clock source $3: ID of the current clock source. |
|
Severity level |
4 |
|
Example |
PTP/4/PTP_SRC_SWITCH: In PTP instance 1, PTP clock source switched.(LastSource=000FE2-FFFE-FF0000, CurrentSource=000FE2-FFFE-FF0001) |
|
Explanation |
A clock source with higher accuracy and priority had been added to the PTP domain. The device had selected another clock source. |
|
Recommended action |
No action is required. |
PTP_SYNC_RESUME
|
Message text |
In PTP instance [UINT16], PTP time synchronization resumed because the PTP time offset between the instance and the master fell below the threshold or the maximum suppression counts were reached. (TimeOffset=[INT64] ns, TimeOffsetThreshold=[UINT64] ns, SuppressionCounts=[UINT16]) |
|
Variable fields |
$1: PTP instance ID. (Support for PTP instances depend on the device model.) $2: Offset between the current PTP time and the most recent PTP time provided from the master, in ns. $3: Maximum offset between the current PTP time and the most recent PTP time provided from the master, in ns. $4: Maximum counts that PTP time synchronization is suppressed. |
|
Severity level |
4 |
|
Example |
PTP/4/PTP_SYNC_RESUME: In PTP instance 1, PTP time synchronization resumed because the PTP time offset between the instance and the master fell below the threshold or the maximum suppression counts were reached. (TimeOffset=50 ns, TimeOffsetThreshold=3000 ns, SuppressionCounts=3) |
|
Explanation |
PTP time synchronization suppression in the specified PTP instance was released because the PTP time offset between the instance and the master had fallen below the threshold or the maximum suppression counts had been reached. |
|
Recommended action |
No action is required. |
PTP_SYNC_SUPPRESS
|
Message text |
In PTP instance [UINT16], PTP time synchronization was suppressed because the PTP time offset between the instance and the master exceeded the threshold. (TimeOffset=[INT64] ns, TimeOffsetThreshold=[UINT64] ns) |
|
Variable fields |
$1: PTP instance ID. (Support for PTP instances depend on the device model.) $2: Offset between the current PTP time and the most recent PTP time provided from the master, in ns. $3: Maximum offset between the current PTP time and the most recent PTP time provided from the master, in ns. |
|
Severity level |
4 |
|
Example |
PTP/4/PTP_SYNC_SUPPRESS: In PTP instance 1, PTP time synchronization was suppressed because the PTP time offset between the instance and the master exceeded the threshold. (TimeOffset=5000 ns, TimeOffsetThreshold=3000 ns) |
|
Explanation |
PTP time synchronization in the specified PTP instance was suppressed because the PTP time offset between the instance and the master had exceeded the threshold. |
|
Recommended action |
Collect alarm, log, and configuration information and contact Technical Support. |
PTP_TIME_LOCK
|
Message text |
Time resumed to locked state. |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
PTP/3/PTP_TIME_LOCK: Time resumed to locked state. |
|
Explanation |
The clock time has resumed to locked state from unlocked state. |
|
Recommended action |
No action is required. |
PTP_TIME_NOT_LOCK
|
Message text |
Time not in locked state. |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
PTP/3/PTP_TIME_NOT_LOCK: Time not in locked state. |
|
Explanation |
The clock time has been unlocked. Possible reasons include: · The clock frequency has been unlocked. · The subcard or clock daughter card is faulty. · The timestamps received on the DSP are unchanged or wrong. |
|
Recommended action |
Identify whether the subordinate PTP port is down or has a failed link. · If the port is down or has a failed link, fix the fault. · If the port and its link are operate correctly, identify whether the PTP configuration has changed. ¡ If the PTP configuration has changed, restore the configuration. ¡ If the PTP configuration has not changed, collect alarm, log, and configuration information and contact Technical Support. |
PTS
This section contains Platform Trust Services (PTS) messages.
PTS_AK_AUTH_FAILED
|
Message text |
Inconsistent authorization data for attestation key [STRING]. |
|
Variable fields |
$1: AK name. |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_AK_AUTH_FAILED: Inconsistent authorization data for attestation key abc. |
|
Impact |
The AK cannot be used. |
|
Cause |
The authorization data used when the AK was specified for integrity reporting is different from the authorization data specified when the AK was created. |
|
Recommended action |
Make sure the authorization data used when you specify the AK for integrity reporting is the same as the authorization data specified when you created the AK (by using the key create command). |
PTS_AK_INVALID
|
Message text |
The attestation key [STRING] is incorrect. |
|
Variable fields |
$1: AK name. |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_AK_INVALID: The attestation key abc is incorrect. |
|
Impact |
The AK cannot be used. |
|
Cause |
The specified AK is invalid. |
|
Recommended action |
Specify a valid AK for integrity reporting. |
PTS_AK_NO_CERT
|
Message text |
No certificate file found for attestation key [STRING]. |
|
Variable fields |
$1: AK name. |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_AK_NO_CERT: No certificate file found for attestation key abc. |
|
Impact |
The AK cannot be used. |
|
Cause |
No certificate was found for the AK. |
|
Recommended action |
Use the manager to sign an AK certificate for the AK of the device. |
PTS_AK_NO_EXIST
|
Message text |
Attestation key [STRING] doesn't exist. |
|
Variable fields |
$1: AK name. |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_AK_NO_EXIST: The attestation key abc doesn't exist. |
|
Impact |
The AK cannot be used. |
|
Cause |
The AK does not exist. |
|
Recommended action |
Use the key create command to create the AK. |
PTS_AK_NO_LOAD
|
Message text |
The attestation key [STRING] is not loaded. |
|
Variable fields |
$1: AK name. |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_AK_NO_LOAD: The attestation key abc is not loaded. |
|
Impact |
The AK cannot be used. |
|
Cause |
The AK is not loaded to the TC chip. |
|
Recommended action |
Use the key load command to load the AK to the TC chip. |
PTS_BTW_PCR_FAILED
|
Message text |
Hash value computed based on BootWare IML is not consistent with that in PCR ([UINT]). |
|
Variable fields |
$1: PCR index. |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_BTW_PCR_FAILED: Hash value computed based on BootWare IML is not consistent with that in PCR(0). |
|
Impact |
The BootWare is not trustworthy. |
|
Cause |
The hash value computed by using the BootWare IML for the basic or extended segment is different from the hash value stored in the PCR. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_CHECK_RM_VERSION_FAILED
|
Message text |
Version the RM file [STRING] is not supported. |
|
Variable fields |
$1: RM file name. |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_CHECK_RM_VERSION_FAILED: Version the RM file BOOTWARE_BASIC_52B.rm is not supported. |
|
Impact |
The trust status of the file became untrusted. |
|
Cause |
The device does not support the RM file version. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_CREATE_AGED_TIMER_FAILED
|
Message text |
Failed to create PTS session ageing timer. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_CREATE_AGED_TIMER_FAILED: Failed to create PTS session ageing timer. |
|
Impact |
The PTS service is not available. |
|
Cause |
PTS failed to create the session aging timer. |
|
Recommended action |
1. Execute the undo pts command and the pts command in turn to restart the PTS service. 2. If the problem persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_CREATE_CHECK_TIMER_FAILED
|
Message text |
Failed to create server check timer. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_CREATE_CHECK_TIMER_FAILED: Failed to create server check timer. |
|
Impact |
The PTS service is not available. |
|
Cause |
PTS failed to create the server check timer. |
|
Recommended action |
2. Execute the undo pts command and the pts command in turn to restart the PTS service. 3. If the problem persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_CREATE_CONTEXT_FAILED
|
Message text |
Failed to create TSS context. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_CREATE_CONTEXT_FAILED: Failed to create TSS context. |
|
Impact |
The TC service is not available. |
|
Cause |
PTS failed to create the TPM software stack context. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_CREATE_EPOLL_FAILED
|
Message text |
Failed to create epoll service. |
|
Variable fields |
N/A |
|
Severity level |
3 (Error) |
|
Example |
PTS/3/PTS_CREATE_EPOLL_FAILED: Failed to create epoll service. |
|
Impact |
The PTS service is not available. |
|
Cause |
PTS failed to create the epoll service. |
|
Recommended action |
4. Execute the undo pts command and the pts command in turn to restart the PTS service. 1. If the problem persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_CREATE_HASH_FAILED
|
Message text |
Failed to create hash table. |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
PTS/3/PTS_CREATE_HASH_FAILED: Failed to create hash table. |
|
Impact |
The PTS service is not available. |
|
Cause |
PTS failed to create the hash table. |
|
Recommended action |
2. Execute the undo pts command and the pts command in turn to restart the PTS service. 1. If the problem persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_CREATE_SELFVERIFY_COUNTER_FAILED
|
Message text |
Failed to create selfverify counter. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_CREATE_SELFVERIFY_COUNTER_FAILED: Failed to create selfverify counter. |
|
Impact |
The PTS service is not available. |
|
Cause |
PTS failed to create the integrity self-verification IML counter. The integrity self-verification feature is not available. |
|
Recommended action |
2. Execute the undo pts command and the pts command in turn to restart the PTS service. 1. If the problem persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_CREATE_SELFVERIFY_TIMER_FAILED
|
Message text |
Failed to create selfverify timer. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_CREATE_SELFVERIFY_TIMER_FAILED: Failed to create selfverify timer. |
|
Impact |
The PTS periodic integrity self-verification service is not available. |
|
Cause |
PTS failed to create the integrity self-verification timer. |
|
Recommended action |
· Use the integrity selfverify command to manually perform an integrity self-verification. · Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_CREATE_SOCKET_FAILED
|
Message text |
Failed to create socket service. |
|
Variable fields |
N/A |
|
Severity level |
3 (Error) |
|
Example |
PTS/3/PTS_CREATE_SOCKET_FAILED: Failed to create socket service. |
|
Impact |
The PTS service is not available. |
|
Cause |
PTS failed to create the socket service. |
|
Recommended action |
2. Execute the undo pts command and the pts command in turn to restart the PTS service. 3. If the problem persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_CREATE_TIMER_FAILED
|
Message text |
Failed to create timer. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_CREATE_TIMER_FAILED: Failed to create timer. |
|
Impact |
The PTS service is not available. |
|
Cause |
PTS failed to create a timer. PTS generates this log message whenever it fails to create a timer. |
|
Recommended action |
1. Execute the undo pts command and the pts command in turn to restart the PTS service. 2. If the problem persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_FILE_HASH_FAILED
|
Message text |
Hash value of file [STRING] is not consistent with that in the RM file. |
|
Variable fields |
$1: Name of the file of which you want to measure the integrity. |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_FILE_HASH_FAILED: Hash value of file /sbin/ls is not consistent with that in the RM file. |
|
Impact |
The file is not trustworthy. |
|
Cause |
The hash value computed for the specified file is different from the hash value of the file stored in the RM file. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_LOAD_KEY_FAILED
|
Message text |
Failed to load attestation key [STRING]. |
|
Variable fields |
$1: AK name. |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_LOAD_KEY_FAILED: Failed to load attestation key abc. |
|
Impact |
The AK cannot be used. |
|
Cause |
PTS failed to load the AK name to the TPM. |
|
Recommended action |
3. Verify that the AK exists and is enabled. To display AK information, use the display tcsm key name command. 1. If the problem persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_PARSE_IML_FAILED
|
Message text |
Failed to parse IML. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_PARSE_IML_FAILED: Failed to parse IML. |
|
Impact |
The PTS service is not available. |
|
Cause |
PTS failed to parse an IML. |
|
Recommended action |
2. Execute the undo pts command and the pts command in turn to restart the PTS service. 1. If the problem persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_PKG_PCR_FAILED
|
Message text |
Hash value computed based on Package IML is not consistent with that in PCR ([UINT]). |
|
Variable fields |
$1: PCR index. |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_PKG_PCR_FAILED: Hash value computed based on Package IML is not consistent with that in PCR (12). |
|
Impact |
The Comware images are not trustworthy. |
|
Cause |
The hash value computed by using the Comware image IML is different from the hash value stored in the PCR. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_READ_PCR_FAILED
|
Message text |
Failed to read PCR ([UINT]). |
|
Variable fields |
$1: PCR index. |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_READ_PCR_FAILED: Failed to read PCR(0). |
|
Impact |
The PTS service is not available. |
|
Cause |
PTS failed to read PCR data. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_RM_FILE_FAILED
|
Message text |
Wrong signature for RM file [STRING]. |
|
Variable fields |
$1: RM file name. |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_RM_FILE_FAILED: Wrong signature for RM file BOOTWARE_BASIC_52B.rm. |
|
Impact |
The TC measurement feature is not available. |
|
Cause |
The signature for the RM file is incorrect. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_RUNTIME_PCR_FAILED
|
Message text |
Hash value computed based on runtime IML is not consistent with that in PCR ([UINT]). |
|
Variable fields |
$1: PCR index. |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_RUNTIME_PCR_FAILED: Hash value computed based on runtime IML is not consistent with that in PCR (10). |
|
Impact |
The executable files measured during Comware runtime are not trustworthy. |
|
Cause |
The hash value computed by using the runtime IML is different from the hash value stored in the PCR. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_SELFVERIFY_FAILED
|
Message text |
Failed to start integrity selfverify. Reason: TPM doesn't exist or isn't enabled. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_SELFVERIFY_FAILED: Failed to start integrity selfverify. Reason: TPM doesn't exist or isn't enabled. |
|
Impact |
The PTS service is not available. |
|
Cause |
TPM did not exist or was disabled. |
|
Recommended action |
Verify that the TPM is available. To display relevant information, use the display tcsm trusted-computing-chip command. |
PTS_SELFVERIFY_START_FAILED
|
Message text |
Failed to start selfverify. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_SELFVERIFY_START_FAILED: Failed to start selfverify. |
|
Impact |
The PTS service is not available. |
|
Cause |
PTS failed to start integrity self-verification. |
|
Recommended action |
2. Start integrity self-verification again. 1. If the problem persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PTS_TEMPLATE_HASH_FAILED
|
Message text |
Calculated template hash value of [STRING] is not consistent with that in IML. |
|
Variable fields |
$1: Name of the file of which you want to measure the integrity. |
|
Severity level |
4 (Warning) |
|
Example |
PTS/4/PTS_TEMPLATE_HASH_FAILED: Calculated template hash value of /sbin/ls is not consistent with that in IML. |
|
Impact |
The target file is not trustworthy. |
|
Cause |
The template hash value computed by using parameters including the measurement time and the hash value of the program file is different from the template hash value in the IML. The IML might have been tempered with. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PWDCTL messages
This section contains password control messages.
PWDCTL_ADD_BLACKLIST
|
Message text |
User [STRING] from [STRING] was added to the blacklist for failed login attempts. |
|
Variable fields |
$1: Username. $1: User IP address. |
|
Severity level |
6 |
|
Example |
PWDCTL/6/PWDCTL_ADD_BLACKLIST: User hhh from 1.1.1.1 was added to the blacklist for failed login attempts. |
|
Explanation |
The user entered an incorrect password, the user access mode is not matched, or the user is not activated. It failed to log in to the device and was added to the password control blacklist. |
|
Recommended action |
No action is required. |
PWDCTL_CHANGE_PASSWORD
|
Message text |
[STRING] changed the password because [STRING]. |
|
Variable fields |
$1: Username. $2: The reasons for changing the password. ¡ it was the first login of the account. ¡ the password had expired. ¡ the password was too short. ¡ the password was not complex enough. ¡ the password was default password |
|
Severity level |
6 |
|
Example |
PWDCTL/6/PWDCTL_CHANGE_PASSWORD: hhh changed the password because it was the first login of the account. |
|
Explanation |
The user changed the password for some reason. For example, the user changed the password because it is the first login of the user's account. |
|
Recommended action |
No action is required. |
PWDCTL_FAILED_TO_WRITEPWD
|
Message text |
Failed to write the password records to file. |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
PWDCTL/3/PWDCTL_FAILED_TO_WRITEPWD: Failed to write the password records to file. |
|
Explanation |
The device failed to write a password to a file. |
|
Recommended action |
Check the file system of the device for memory space insufficiency. |
PWDCTL_FAILED_TO_OPENFILE
|
Message text |
Failed to open the password file. |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
PWDCTL/3/PWDCTL_FAILED_TO_OPENFILE: Failed to open the password file. |
|
Explanation |
The device failed to create or open a .dat file because of file system exception. |
|
Recommended action |
No action is required. |
PWDCTL_NOENOUGHSPACE
|
Message text |
Not enough free space on the storage media where the file is located. |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
PWDCTL/3/PWDCTL_NOENOUGHSPACE: Not enough free space on the storage media where the file is located. |
|
Explanation |
Operation failed. There is no sufficient memory space on the storage media such as the flash or CF card where the .dat file is located. |
|
Recommended action |
Check the file system of the device for memory space insufficiency. |
PWDCTL_NOTFOUNDUSER
|
Message text |
Can't find the username in the file. |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
PWDCTL/3/PWDCTL_NOTFOUNDUSER: Can't find the username in the file. |
|
Explanation |
This message is sent when the user information cannot be found in the file *.dat. |
|
Recommended action |
Perform either of the following actions: · Create a new local user. · Disable the password control feature and enable it. |
PWDCTL_UPDATETIME
|
Message text |
Last login time updated after clock update. |
|
Variable fields |
N/A |
|
Severity level |
6 |
|
Example |
PWDCTL/6/PWDCTL_UPDATETIME: Last login time updated after clock update. |
|
Explanation |
This message is sent when the last login time is updated. |
|
Recommended action |
No action is required. |
QOS messages
This section contains QoS messages.
QOS_MIRROR_SYNC_CFG_FAIL
|
Message text |
Failed to restore configuration for monitoring group [UINT32] in [STRING], because [STRING] |
|
Variable fields |
$1: Monitoring group. $2: Chassis number plus slot number or slot number. $3: Failure cause. |
|
Severity level |
4 |
|
Example |
QOS/4/MIRROR_SYNC_CFG_FAIL: Failed to restore configuration for monitoring group 1 in chassis 2 slot 1, because monitoring resources are insufficient. |
|
Explanation |
After a card was installed, the system failed to restore the configuration for a monitoring group on the card for the following possible reasons: · The number of member ports in the monitoring group exceeds the limit. · The monitoring resources are insufficient on the card. · Member ports in the monitoring group are not supported by the card. |
|
Recommended action |
Delete or modify unsupported settings. |
QOS_CAR_APPLYUSER_FAIL
|
Message text |
[STRING]; Failed to apply the [STRING] CAR in [STRING] profile [STRING] to the user. Reason: [STRING]. |
|
Variable fields |
$1: User identity. $2: Application direction. $3: Profile type. $4: Profile name. $5: Failure cause. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_CAR_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to apply the inbound CAR in user profile a to the user. Reason: The resources are insufficient. |
|
Explanation |
The system failed to perform one of the following actions: · Apply a CAR policy when a user went online. · Modify a configured CAR policy or configure a new CAR policy when a user is online. |
|
Recommended action |
Delete the CAR policy from the profile or modify the parameters of the CAR policy. |
QOS_CBWFQ_REMOVED
|
Message text |
CBWFQ is removed from [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
3 |
|
Example |
QOS/3/QOS_CBWFQ_REMOVED: CBWFQ is removed from GigabitEthernet4/0/1. |
|
Explanation |
CBWFQ was removed from an interface because the maximum bandwidth or speed configured on the interface was below the bandwidth or speed required for CBWFQ. |
|
Recommended action |
Increase the bandwidth or speed and apply the removed CBWFQ again. |
QOS_GTS_APPLYUSER_FAIL
|
Message text |
[STRING]; Failed to apply GTS in user profile [STRING] to the user. Reason: [STRING]. |
|
Variable fields |
$1: User identity. $2: User profile name. $3: Failure cause. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_GTS_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply GTS in user profile a to the user. Reason: The resources are insufficient. |
|
Explanation |
The system failed to perform one of the following actions: · Apply a GTS action when a user went online. · Modify a configured GTS action or configure a new GTS action when a user is online. |
|
Recommended action |
Delete the GTS action from the user profile or modify the parameters of the GTS action. |
QOS_IFA_CONFIG_FAIL
|
Message text |
Failed to configure [STRING]. [STRING] |
|
Variable fields |
$1: INT configuration content: ¡ the collector. ¡ the device ID. ¡ packet drop. $2: Failure reason: ¡ Reason: The operation conflicts with some existing configurations. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_IFA_CONFIG_FAIL: -Slot=2; Failed to configure the device ID. |
|
Explanation |
The system failed to issue an INT configuration to a slot. |
|
Recommended action |
Collect log messages, and contact Technical Support. INT is mutually exclusive with telemetry stream, NetStream, or sFlow. |
QOS_IFA_REFRESH_FAIL
|
Message text |
Failed to refresh IFA action [UINT32] on interface [STRING]. |
|
Variable fields |
$1: INT action ID. $2: Interface name. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_IFA_REFRESH_FAIL: Failed to refresh IFA action 1 on interface GigabitEthernet1/0/1. |
|
Explanation |
The system failed to issue an INT action to an interface. |
|
Recommended action |
1. Check whether the ACL in the action is correctly configured. 2. Reconfigure the action. |
QOS_LR_APPLYIF_FAIL
|
Message text |
Failed to apply the rate limit on interface [STRING]. Reason: [STRING] |
|
Variable fields |
$1: Interface name. $2: Failure cause: ¡ The operation is not supported. ¡ The resources are insufficient. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_LR_APPLYIF_FAIL: Failed to apply the rate limit on interface GigabitEthernet1/0/1. Reason: The operation is not supported. |
|
Explanation |
The system failed to apply the rate limit on an interface because the interface does not support rate limit configuration or the resources are insufficient. |
|
Recommended action |
Delete or modify the rate limit configuration according to the failure cause. |
QOS_MPORT_APPLY_FAIL
|
Message text |
Failed to refresh configuration for interface [STRING] in the monitoring group [UINT32]. [STRING]. |
|
Variable fields |
$1: Interface name. $2: Monitoring group ID. $2: Failure cause: ¡ Monitoring resources are insufficient. ¡ Ports of the specified type cannot be configured as monitoring ports. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_MPORT_APPLY_FAIL: Failed to refresh configuration for interface M-GigabitEthernet0/0/0 in monitoring group 1. Monitoring resources are insufficient. |
|
Impact |
The member port in a monitoring group does not take effect. |
|
Cause |
Monitoring resources are insufficient, or the interface type is not supported. |
|
Recommended action |
1. Use an interface on another card as a member port of monitoring group. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
QOS_NOT_ENOUGH_BANDWIDTH
|
Message text |
Policy [STRING] requested bandwidth [UINT32](kbps). Only [UINT32](kbps) is available on [STRING]. |
|
Variable fields |
$1: Policy name. $2: Required bandwidth for CBWFQ. $3: Available bandwidth on an interface. $4: Interface name. |
|
Severity level |
3 |
|
Example |
QOS/3/QOS_NOT_ENOUGH_BANDWIDTH: Policy d requested bandwidth 10000(kbps). Only 80(kbps) is available on GigabitEthernet4/0/1. |
|
Explanation |
Configuring CBWFQ on an interface failed because the maximum bandwidth on the interface was less than the bandwidth required for CBWFQ. |
|
Recommended action |
Increase the maximum bandwidth configured for the interface or set lower bandwidth required for CBWFQ. |
QOS_NOT_ENOUGH_NNIBANDWIDTH
|
Message text |
The total UNI bandwidth is greater than the NNI bandwidth. The total UNI bandwidth is greater than the NNI bandwidth. The bandwidth of [STRING] is changed. The total UNI bandwidth is greater than the NNI bandwidth. [STRING] is created based on [STRING] of the UNI interface |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
QOS/4/ QOS_NOT_ENOUGH_NNIBANDWIDTH: The total UNI bandwidth is greater than the NNI bandwidth. QOS/4/ QOS_NOT_ENOUGH_NNIBANDWIDTH: The total UNI bandwidth is greater than the NNI bandwidth. The bandwidth of GigabitEthernet4/0/1 is changed. QOS/4/ QOS_NOT_ENOUGH_NNIBANDWIDTH: The total UNI bandwidth is greater than the NNI bandwidth. Virtual-Access1 is created based on Virtual-Template1 of the UNI interface. |
|
Explanation |
This message is generated when the total UNI bandwidth is still greater than the NNI bandwidth after the NNI bandwidth is increased or the total UNI bandwidth is reduced. This message is generated when the total UNI bandwidth is greater than the NNI bandwidth because the interface bandwidth is changed. This message is generated when the total UNI bandwidth is greater than the NNI bandwidth because a virtual access interface is created based on a virtual template of the UNI interface. |
|
Recommended action |
Increase the NNI bandwidth or reduce the total UNI bandwidth. |
QOS_POLICY_APPLYCOPP_CBFAIL
|
Message text |
Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING]. |
|
Variable fields |
$1: Name of a classifier-behavior association. $2: Policy name. $3: Application direction. $4: Slot number. $5: Failure cause. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_POLICY_APPLYCOPP_CBFAIL: Failed to apply classifier-behavior d in policy b to the inbound direction of control plane slot 3. The behavior is empty. |
|
Explanation |
The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of a control plane. · Update a classifier-behavior association applied to a specific direction of a control plane. |
|
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_POLICY_APPLYCOPP_FAIL
|
Message text |
Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING]. |
|
Variable fields |
$1: Policy name. $2: Traffic direction. $3: Slot number. $4: Failure cause. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_POLICY_APPLYCOPP_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of control plane slot 3. The operation is not supported. |
|
Explanation |
The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of a control plane. · Update a QoS policy applied to a specific direction of a control plane. |
|
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_POLICY_APPLYGLOBAL_CBFAIL
|
Message text |
Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction globally. [STRING]. |
|
Variable fields |
$1: Name of a classifier-behavior association. $2: Policy name. $3: Traffic direction. $4: Failure cause. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_POLICY_APPLYGLOBAL_CBFAIL: Failed to apply classifier-behavior a in policy b to the outbound direction globally. The behavior is empty. |
|
Explanation |
The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction globally. · Update a classifier-behavior association applied to a specific direction globally. |
|
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_POLICY_APPLYGLOBAL_FAIL
|
Message text |
Failed to apply or refresh QoS policy [STRING] to the [STRING] direction globally. [STRING]. |
|
Variable fields |
$1: Policy name. $2: Traffic direction. $3: Failure cause. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_POLICY_APPLYGLOBAL_FAIL: Failed to apply or refresh QoS policy b to the inbound direction globally. The operation is not supported. |
|
Explanation |
The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction globally. · Update a QoS policy applied to a specific direction globally. |
|
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_POLICY_APPLYIF_CBFAIL
|
Message text |
Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of interface [STRING]. [STRING]. |
|
Variable fields |
$1: Name of a classifier-behavior association. $2: Policy name. $3: Traffic direction. $4: Interface name. $5: Failure cause: · The behavior is empty. · The card where the interface specified in the class-behavior association resides is not in position. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_POLICY_APPLYIF_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of interface Ethernet3/1/2. The behavior is empty. |
|
Explanation |
The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of an interface. · Update a classifier-behavior association applied to a specific direction of an interface. |
|
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_POLICY_APPLYIF_FAIL
|
Message text |
Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of interface [STRING]. [STRING]. |
|
Variable fields |
$1: Policy name. $2: Traffic direction. $3: Interface name. $4: Failure cause. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_POLICY_APPLYIF_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of interface Ethernet3/1/2. The operation is not supported. |
|
Explanation |
The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of an interface. · Update a QoS policy applied to a specific direction of an interface. |
|
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_POLICY_APPLYUSER_FAIL
|
Message text |
[STRING]; Failed to apply the [STRING] QoS policy [STRING] in user profile [STRING] to the user.Reason: [STRING]. |
|
Variable fields |
$1: User identity. $2: Application direction. $3: QoS policy name. $4: User profile name. $5: Failure cause. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_POLICY_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply the inbound QoS policy p in user profile a to the user.Reason: The QoS policy is not supported. |
|
Explanation |
The system failed to perform one of the following actions: · Issue the settings of a QoS policy when a user went online. · Modify an applied QoS policy or apply a new QoS policy when a user is online. |
|
Recommended action |
Remove the QoS policy from the user profile or modify the parameters of the QoS policy. |
QOS_POLICY_APPLYVLAN_CBFAIL
|
Message text |
Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING]. |
|
Variable fields |
$1: Name of a classifier-behavior association. $2: Policy name. $3: Application direction. $4: VLAN ID. $5: Failure cause. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_POLICY_APPLYVLAN_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of VLAN 2. The behavior is empty. |
|
Explanation |
The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of a VLAN. · Update a classifier-behavior association applied to a specific direction of a VLAN. |
|
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_POLICY_APPLYVLAN_FAIL
|
Message text |
Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING]. |
|
Variable fields |
$1: Policy name. $2: Application direction. $3: VLAN ID. $4: Failure cause. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_POLICY_APPLYVLAN_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of VLAN 2. The operation is not supported. |
|
Explanation |
The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of a VLAN. · Update a QoS policy applied to a specific direction of a VLAN. |
|
Recommended action |
Modify the configuration of the QoS policy according to the failure cause. |
QOS_QMPROFILE_APPLYIF_FAIL
|
Message text |
Failed to apply queue scheduling profile [STRING] on interface [STRING]. Reason: [STRING] |
|
Variable fields |
$1: Queue scheduling profile name. $2: Interface name. $3: Failure cause: ¡ The operation is not supported. ¡ The resources are insufficient. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_QMPROFILE_APPLYIF_FAIL: Failed to apply queue scheduling profile b on interface GigabitEthernet1/0/1. Reason: The operation is not supported. |
|
Explanation |
The system failed to apply a queue scheduling profile to an interface because the interface does not support queue scheduling profiles or the resources are insufficient. |
|
Recommended action |
Remove or modify the queue scheduling profile configuration according to the failure cause. |
QOS_QMPROFILE_APPLYUSER_FAIL
|
Message text |
[STRING]; Failed to apply queue scheduling profile [STRING] in session group profile [STRING] to the user. Reason: [STRING]. |
|
Variable fields |
$1: User identity. $2: Queue scheduling profile name. $3: Session group profile name. $4: Failure cause. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_QMPROFILE_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-SVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply queue scheduling profile b in session group profile a to the user. Reason: The QMProfile is not supported. |
|
Explanation |
The system failed to perform one of the following actions: · Issue the settings of a queue scheduling profile when a user went online. · Modify an applied queue scheduling profile or apply a new queue scheduling profile when a user is online. |
|
Recommended action |
Remove the queue scheduling profile from the session group profile or modify the parameters of the queue scheduling profile. |
QOS_QMPROFILE_MODIFYQUEUE_FAIL
|
Message text |
Failed to configure queue [UINT32] in queue scheduling profile [STRING]. [STRING]. |
|
Variable fields |
$1: Queue ID. $2: Profile name. $3: Failure cause. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_QMPROFILE_MODIFYQUEUE_FAIL: Failed to configure queue 1 in queue scheduling profile myqueue. The value is out of range. |
|
Explanation |
The system failed to modify a queue in a queue scheduling profile successfully applied to an interface because the new parameter was beyond port capabilities. |
|
Recommended action |
Remove the queue scheduling profile from the interface, and then modify the parameters for the queue. |
QOS_QUEUE_APPLYIF_FAIL
|
Message text |
Failed to apply queue scheduling on interface [STRING]. Reason: [STRING] |
|
Variable fields |
$1: Interface name. $2: Failure cause: ¡ The operation is not supported. ¡ The resources are insufficient. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_QUEUE_APPLYIF_FAIL: Failed to apply queue scheduling on interface GigabitEthernet1/0/1. Reason: The operation is not supported. |
|
Explanation |
The system failed to apply queuing configuration to an interface because the interface does not support queuing configuration or the resources are insufficient. |
|
Recommended action |
Delete or modify the queuing configuration according to the failure cause. |
QOS_UNI_RESTORE_FAIL
|
Message text |
Failed to restore the UNI configuration of [STRING], because the total UNI bandwidth is greater than the NNI bandwidth. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
QOS/4/ QOS_NNIBANDWIDTH_OVERFLOW: Failed to restore the UNI configuration of the interface GigabitEthernet5/1/5, because the total UNI bandwidth is greater than the NNI bandwidth. |
|
Explanation |
The system failed to restore the UNI configuration of an interface, because the total UNI bandwidth is greater than the NNI bandwidth. |
|
Recommended action |
Increase the NNI bandwidth or reduce the total UNI bandwidth, and then reconfigure the downlink ports as UNI ports. |
QOS_WRED_TABLE_APPLYFABRIC_FAIL
|
Message text |
Failed to apply WRED table [STRING] to internal interfaces. Reason: [STRING]. |
|
Variable fields |
$1: WRED table name. $2: Failure cause: ¡ Hardware resources are insufficient. ¡ ECN is not supported. |
|
Severity level |
4 |
|
Example |
QOS/4/QOS_WRED_TABLE_APPLYFABRIC_FAIL: Failed to apply WRED table to internal interfaces. Hardware resources are insufficient. |
|
Explanation |
Failed to apply WRED table to internal interfaces, because hardware resources are insufficient or ECN is not supported. |
|
Recommended action |
Release some hardware resources if hardware resources are insufficient. |
QOS_WRED_TABLE_CFG_FAIL
|
Message text |
Failed to dynamically modify the configuration of WRED table [STRING], because [STRING]. |
|
Variable fields |
$1: WRED table name. $2: Failure cause. |
|
Severity level |
4 |
|
Example |
QOS/4/WRED_TABLE_CFG_FAIL: Failed to dynamically modify the configuration of WRED table a, because ECN is not supported. |
|
Explanation |
Failed to dynamically modify the configuration of a WRED table, because some settings are not supported. |
|
Recommended action |
No action is required. |
RADIUS messages
This section contains RADIUS messages.
RADIUS_ACCT_SERVER_DOWN
|
Message text |
RADIUS accounting server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the accounting server. $2: Port number of the accounting server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
4 |
|
Example |
RADIUS/4/RADIUS_ACCT_SERVER_DOWN: RADIUS accounting server was blocked: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Explanation |
An accounting server became blocked. |
|
Recommended action |
1. Verify that the accounting server has started up. 2. Ping the accounting server to verify that the server is reachable. If the server is not reachable, check the link for connectivity issues and resolve the issues. 3. Collect logs and diagnostic logs, and then contact H3C Support. |
RADIUS_ACCT_SERVER_UP
|
Message text |
RADIUS accounting server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the accounting server. $2: Port number of the accounting server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
6 |
|
Example |
RADIUS/6/RADIUS_ACCT_SERVER_UP: RADIUS accounting server became active: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Explanation |
An accounting server became active. |
|
Recommended action |
No action is required. |
RADIUS_AUTH_FAILURE
|
Message text |
User [STRING] at [STRING] failed authentication. |
|
Variable fields |
$1: Username. $2: IP address. |
|
Severity level |
5 |
|
Example |
RADIUS/5/RADIUS_AUTH_FAILURE: User abc@system at 192.168.0.22 failed authentication. |
|
Explanation |
An authentication request was rejected by the RADIUS server. |
|
Recommended action |
No action is required. |
RADIUS_AUTH_SERVER_DOWN
|
Message text |
RADIUS authentication server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the authentication server. $2: Port number of the authentication server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
4 |
|
Example |
RADIUS/4/RADIUS_AUTH_SERVER_DOWN: RADIUS authentication server was blocked: Server IP= 1.1.1.1, port=1812, VPN instance=public. |
|
Explanation |
An authentication server became blocked. |
|
Recommended action |
1. Verify that the authentication server has started up. 2. Ping the authentication server to verify that the server is reachable. If the server is not reachable, check the link for connectivity issues and resolve the issues. 3. Collect logs and diagnostic logs, and then contact H3C Support. |
RADIUS_AUTH_SERVER_UP
|
Message text |
RADIUS authentication server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the authentication server. $2: Port number of the authentication server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
6 |
|
Example |
RADIUS/6/RADIUS_AUTH_SERVER_UP: RADIUS authentication server became active: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Explanation |
An authentication server became active. |
|
Recommended action |
No action is required. |
RADIUS_AUTH_SUCCESS
|
Message text |
User [STRING] at [STRING] was authenticated successfully. |
|
Variable fields |
$1: Username. $2: IP address. |
|
Severity level |
6 |
|
Example |
RADIUS/6/RADIUS_AUTH_SUCCESS: User abc@system at 192.168.0.22 was authenticated successfully. |
|
Explanation |
An authentication request was accepted by the RADIUS server. |
|
Recommended action |
No action is required. |
RADIUS_REMOVE_SERVER_FAIL
|
Message text |
Failed to remove servers in scheme [STRING]. |
|
Variable fields |
$1: Scheme name. |
|
Severity level |
4 |
|
Example |
RADIUS/4/RADIUS_REMOVE_SERVER_FAIL: Failed to remove servers in scheme abc. |
|
Explanation |
Failed to delete servers from a RADIUS scheme. |
|
Recommended action |
No action is required. |
RDDC messages
This section contains RDDC messages.
RDDC_ACTIVENODE_CHANGE
|
Message text |
Redundancy group [STRING] active node changed to [STRING], because of [STRING]. |
|
Variable fields |
$1: Redundancy group name. $2: Active node information. $3: Status change reason: ¡ manual switchover ¡ group's configuration changed ¡ node's weight changed |
|
Severity level |
5 |
|
Example |
RDDC/5/RDDC_ACTIVENODE_CHANGE: Redundancy group 1 active node changed to node 1 (chassis 1), because of manual switchover. |
|
Explanation |
The active node in the redundancy group changed because of manual switchover, configuration change of the group, or weight change of the node. |
|
Recommended action |
No action is required. |
RESMON
This section contains resource monitoring messages.
RESMON_MINOR
|
Message text |
-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource decreased to or below minor threshold [STRING]. [STRING]. |
|
Variable fields |
$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Minor resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information. |
|
Severity level |
4 |
|
Example |
RESMON/4/RESMON_MINOR: -Resource=AA-Total=100%-Used=83%-Free=17%; Free resource decreased to or below minor threshold 20%. |
|
Explanation |
When the available resource amount decreases to or below the minor resource depletion threshold, the resource type enters minor alarm state and the device outputs this log message periodically. |
|
Recommended action |
Configure the device based on the resource type so the device allocates the type of resources reasonably. |
RESMON_MINOR_RECOVERY
|
Message text |
-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource increased above minor threshold [STRING]. [STRING]. |
|
Variable fields |
$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Minor resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information. |
|
Severity level |
5 |
|
Example |
RESMON/5/RESMON_MINOR_RECOVER: -Resource=AA-Total=100%-Used=77%-Free=23%; Free resource increased above minor threshold 20%. |
|
Explanation |
When the available resource amount increases above the minor resource depletion threshold, the resource type enters recovered state. The device removes the minor resource depletion alarm and outputs this log message. |
|
Recommended action |
No action is required. |
RESMON_SEVERE
|
Message text |
-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource decreased to or below severe threshold [STRING]. [STRING]. |
|
Variable fields |
$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Severe resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information. |
|
Severity level |
3 |
|
Example |
RESMON/3/RESMON_SEVERE: -Resource=AA-Total=100%-Used=93%-Free=7%; Free resource decreased to or below severe threshold 10%. |
|
Explanation |
When the available resource amount decreases to or below the severe resource depletion threshold, the resource type enters severe alarm state and the device outputs this log message periodically. |
|
Recommended action |
Configure the device based on the resource type so the device allocates the type of resources reasonably. |
RESMON_SEVERE_RECOVERY
|
Message text |
-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource increased above severe threshold [STRING]. [STRING]. |
|
Variable fields |
$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Severe resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information. |
|
Severity level |
5 |
|
Example |
RESMON/5/RESMON_SEVERE_RECOVER: -Resource=AA-Total=100%-Used=83%-Free=17%; Free resource increased above severe threshold 10%. |
|
Explanation |
When the available resource amount increases above the severe resource depletion threshold, the device removes the severe resource depletion alarm and outputs this log message. |
|
Recommended action |
No action is required. |
RESMON_USEDUP
|
Message text |
-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Resources used up. [STRING]. |
|
Variable fields |
$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Resource usage description. Some types of resources do not have description information. |
|
Severity level |
2 |
|
Example |
RESMON/2/RESMON_USEDUP: -Resource=vlaninterface-Total=2048-Used=2048-Free=0; Resources used up. |
|
Explanation |
When the available resource amount decreases to zero, the device outputs this log message periodically. |
|
Recommended action |
To ensure correct operation of the relevant services, immediately clear data or entries of the resource type that are not used. |
RESMON_USEDUP_RECOVERY
|
Message text |
-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; The amount of free resources increased from zero to a non-zero value. [STRING]. |
|
Variable fields |
$1: Resource type. $2: Total amount, which can be 100% or an integer for an absolute value. $3: Used amount, a percentage or an integer for an absolute value. $4: Available amount, a percentage or an integer for an absolute value. $5: Additional resource usage information. This field might be null. |
|
Severity level |
5 |
|
Example |
RESMON/5/RESMON_USEDUP_RECOVER: -Resource=vlaninterface-Total=2048-Used=2047-Free=1; The amount of free resources increased from zero to a non-zero value. |
|
Explanation |
When the available resource amount increases from zero, the device outputs this log message. |
|
Recommended action |
No action is required. |
RIP messages
This section contains RIP messages.
RIPLOG
|
Message text |
RIP: Interfaces [STRING] [STRING] Multicast group failed, return value [STRING] |
|
Variable fields |
$1: Interface name. $2: Failure of quitting or joining the multicast group. Options include: · Quitting: Failed to quit the multicast group. · Joining: Failed to join the multicast group. $3: Error code. Options include: · 22: Invalid parameter. · 99: Incorrect multicast source address. · 105: Insufficient device memory. |
|
Severity level |
6 (Informational) |
|
Example |
RIP/6/RIPLOG:RIP: Interfaces GigabitEthernet1/0/1 Joining Multicast group failed, return value 22 |
|
Impact |
N/A |
|
Cause |
The interface failed to join or quit the multicast group, and cannot correctly start or stop receiving or sending RIP multicast packets. |
|
Recommended action |
1. Restart the interface or device. 2. If the issue persists, collect log information, and then contact Technical Support for help. |
RIPNG messages
This section contains RIPng messages.
RIPNGLOG
|
Message text |
RIPng: Interfaces [STRING] [STRING] Multicast group failed, return value [STRING]. |
|
Variable fields |
$1: Interface name. $2: Failure of quitting or joining the multicast group. Options include: · Quitting: Failed to quit the multicast group. · Joining: Failed to join the multicast group. $3: Error code. Options include: · 22: Invalid parameter. · 99: Incorrect multicast source address. · 105: Insufficient device memory. |
|
Severity level |
6 (Informational) |
|
Example |
RIPng/6/RIPNGLOG:RIPng: Interfaces GigabitEthernet1/0/1 Joining Multicast group failed, return value 22. |
|
Impact |
N/A |
|
Cause |
The interface failed to join or quit the multicast group, and cannot correctly start or stop receiving or sending RIPng multicast packets. |
|
Recommended action |
1. Restart the interface or device. 2. If the issue persists, collect log information, and then contact Technical Support for help. |
|
Message text |
RIPng Socket Set-option failed on [STRING], this packet will be sent next time. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
RIPng/6/RIPNGLOG:RIPng Socket Set-option failed on GigabitEthernet1/0/1, this packet will be sent next time. |
|
Impact |
N/A |
|
Cause |
The RIPng interface failed to set the socket option when sending packets. |
|
Recommended action |
No action is required. |
RM messages
This section contains RM messages.
RM_ACRT_REACH_LIMIT
|
Message text |
Max active [STRING] routes [UINT32] reached in URT of [STRING] |
|
Variable fields |
$1: IPv4 or IPv6. $2: Maximum number of active routes. $3: VPN instance name. |
|
Severity level |
4 |
|
Example |
RM/4/RM_ACRT_REACH_LIMIT: Max active IPv4 routes 100000 reached in URT of VPN1 |
|
Explanation |
The number of active routes reached the upper limit in the unicast routing table of a VPN instance. |
|
Recommended action |
Remove unused active routes. |
RM_ACRT_REACH_THRESVALUE
|
Message text |
Threshold value [UINT32] of max active [STRING] routes reached in URT of [STRING] |
|
Variable fields |
$1: Threshold of the maximum number of active routes in percentage. $2: IPv4 or IPv6. $3: VPN instance name. |
|
Severity level |
4 |
|
Example |
RM/4/RM_ACRT_REACH_THRESVALUE: Threshold value 50% of max active IPv4 routes reached in URT of vpn1 |
|
Explanation |
The percentage of the maximum number of active routes was reached in the unicast routing table of a VPN instance. |
|
Recommended action |
Modify the threshold value or the route limit configuration. |
RM_THRESHLD_VALUE_REACH
|
Message text |
Threshold value [UINT32] of active [STRING] routes reached in URT of [STRING] |
|
Variable fields |
$1: Maximum number of active routes. $2: IPv4 or IPv6. $3: VPN instance name. |
|
Severity level |
4 |
|
Example |
RM/4/RM_THRESHLD_VALUE_REACH: Threshold value 10000 of active IPv4 routes reached in URT of vpn1 |
|
Explanation |
The number of active routes reached the threshold in the unicast routing table of a VPN instance. |
|
Recommended action |
Modify the route limit configuration. |
RM_TOTAL_THRESHLD_VALUE_REACH
|
Message text |
Threshold value [UINT32] reached for active [STRING] routes in all URTs |
|
Variable fields |
$1: Maximum number of active routes. $2: IPv4 or IPv6. |
|
Severity level |
4 |
|
Example |
RM/4/ RM_TOTAL_THRESHLD_VALUE_REACH:Threshold value 1000 reached for active IPv4 routes in all URTs |
|
Explanation |
The total number of active routes in the public network and all VPN instances reached the alarm threshold. |
|
Recommended action |
Check the routing table and take relevant actions. |
RPR messages
This section contains RPR messages.
RPR_EXCEED_MAX_SEC_MAC
|
Message text |
A maximum number of secondary MAC addresses exceeded defect is present on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
RPR/4/RPR_EXCEED_MAX_SEC_MAC: A maximum number of secondary MAC addresses exceeded defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The number of RPR secondary MAC addresses on the ring has reached the upper limit. |
|
Recommended action |
Disable VRRP on RPR stations. |
RPR_EXCEED_MAX_SEC_MAC_OVER
|
Message text |
A maximum number of secondary MAC addresses exceeded defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
RPR/5/RPR_EXCEED_MAX_SEC_MAC_OVER: A maximum number of secondary MAC addresses exceeded defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The number of secondary MAC addresses on the ring has dropped below the upper limit. |
|
Recommended action |
No action is required. |
RPR_EXCEED_MAX_STATION
|
Message text |
A maximum number of stations exceeded defect is present on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
RPR/4/RPR_EXCEED_MAX_STATION: A maximum number of stations exceeded defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The number of RPR stations on the ring has reached the upper limit. |
|
Recommended action |
Remove some RPR stations. |
RPR_EXCEED_MAX_STATION_OVER
|
Message text |
A maximum number of stations exceeded defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
RPR/5/RPR_EXCEED_MAX_STATION_OVER: A maximum number of stations exceeded defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The number of RPR stations on the ring has dropped below the upper limit. |
|
Recommended action |
No action is required. |
RPR_EXCEED_RESERVED_RATE
|
Message text |
An excess reserved rate defect is present on ringlet0/ringlet1 corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
3 |
|
Example |
RPR/3/RPR_EXCEED_RESERVED_RATE: An excess reserved rate defect is present on ringlet0 corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The reserved bandwidth for the RPR station was greater than the total bandwidth of the RPR ring. |
|
Recommended action |
Reduce the reserved bandwidth. |
RPR_EXCEED_RESERVED_RATE_OVER
|
Message text |
An excess reserved rate defect is cleared on ringlet0/ringlet1 corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
RPR/5/RPR_EXCEED_RESERVED_RATE_OVER: An excess reserved rate defect is cleared on ringlet0 corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The reserved bandwidth for the RPR station was smaller than the total bandwidth of the RPR ring. |
|
Recommended action |
No action is required. |
RPR_IP_DUPLICATE
|
Message text |
A duplicate IP address defect is present on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
3 |
|
Example |
RPR/3/RPR_IP_DUPLICATE: A duplicate IP address defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
Another RPR station used the same IP address. |
|
Recommended action |
Locate the RPR station, and change its IP address. |
RPR_IP_DUPLICATE_OVER
|
Message text |
A duplicate IP address defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
RPR/5/RPR_IP_DUPLICATE_OVER: A duplicate IP address defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The duplicate IP address defect was cleared. |
|
Recommended action |
No action is required. |
RPR_JUMBO_INCONSISTENT
|
Message text |
A jumbo configuration defect is present on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
RPR/6/RPR_JUMBO_INCONSISTENT: A jumbo configuration defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
An RPR station used different Jumbo frame configuration. |
|
Recommended action |
Locate the RPR station and change its Jumbo frame configuration. |
RPR_JUMBO_INCONSISTENT_OVER
|
Message text |
A jumbo configuration defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 |
|
Example |
RPR/6/RPR_JUMBO_INCONSISTENT_OVER: A jumbo configuration defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The Jumbo frame configuration inconsistency defect was cleared. |
|
Recommended action |
No action is required. |
RPR_LAGGCONFIG_INCONSISTENT
|
Message text |
An inconsistent LAGG configuration is present on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
RPR/4/RPR_LAGGCONFIG_INCONSISTENT: An inconsistent LAGG configuration is present on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
An RPR station used different link aggregation configuration. |
|
Recommended action |
Locate the RPR station and change its link aggregation configuration. |
RPR_LAGGCONFIG_INCONSISTENT_OVER
|
Message text |
An inconsistent LAGG configuration is cleared on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
RPR/5/RPR_LAGGCONFIG_INCONSISTENT: An inconsistent LAGG configuration is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The link aggregation configuration inconsistency defect was cleared. |
|
Recommended action |
No action is required. |
RPR_MISCABLING
|
Message text |
A miscabling defect is present on ringlet0/ringlet1 corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
3 |
|
Example |
RPR/3/RPR_MISCABLING: A miscabling defect is present on ringlet0 corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The west port of an RPR station was not connected to the east port of anther RPR station. |
|
Recommended action |
Examine the physical port connection of the two RPR stations. |
RPR_MISCABLING_OVER
|
Message text |
A miscabling defect is cleared on ringlet0/ringlet1 corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
RPR/5/RPR_MISCABLING_OVER: A miscabling defect is cleared on ringlet0 corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The RPR physical port connection defect was cleared. |
|
Recommended action |
No action is required. |
RPR_PROTECTION_INCONSISTENT
|
Message text |
A protection configuration defect is present on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
3 |
|
Example |
RPR/3/RPR_PROTECTION_INCONSISTENT: A protection configuration defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
An RPR station used different protection mode. |
|
Recommended action |
Locate the RPR station and change its protection mode. |
RPR_PROTECTION_INCONSISTENT_OVER
|
Message text |
A protection configuration defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
RPR/5/RPR_PROTECTION_INCONSISTENT_OVER: A protection configuration defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The protection mode inconsistency defect was cleared. |
|
Recommended action |
No action is required. |
RPR_SEC_MAC_DUPLICATE
|
Message text |
A duplicate secondary MAC addresses defect is present on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
3 |
|
Example |
RPR/3/RPR_SEC_MAC_DUPLICATE: A duplicate secondary MAC addresses defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
Another RPR station used the same secondary MAC address. |
|
Recommended action |
Locate the RPR station, and change its secondary MAC address. |
RPR_SEC_MAC_DUPLICATE_OVER
|
Message text |
A duplicate secondary MAC addresses defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
RPR/5/RPR_SEC_MAC_DUPLICATE_OVER: A duplicate secondary MAC addresses defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The duplicate secondary MAC address defect was cleared. |
|
Recommended action |
No action is required. |
RPR_TOPOLOGY_INCONSISTENT
|
Message text |
An inconsistent topology defect is present on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
3 |
|
Example |
RPR/3/RPR_TOPOLOGY_INCONSISTENT: An inconsistent topology defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The topology information collected by the ports on the PRP stations was different. |
|
Recommended action |
Execute the shutdown command and then the undo shutdown command on the ports to collect topology information again. |
RPR_TOPOLOGY_INCONSISTENT_OVER
|
Message text |
An inconsistent topology defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
RPR/5/RPR_TOPOLOGY_INCONSISTENT_OVER: An inconsistent topology defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The topology information inconsistency defect was cleared. |
|
Recommended action |
No action is required. |
RPR_TOPOLOGY_INSTABILITY
|
Message text |
A topology instability defect is present on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
RPR/4/RPR_TOPOLOGY_INSTABILITY: A topology instability defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The RPR ring topology was unstable. |
|
Recommended action |
No action is required. |
RPR_TOPOLOGY_INSTABILITY_OVER
|
Message text |
A topology instability defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
RPR/5/RPR_TOPOLOGY_INSTABILITY_OVER: A topology instability defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The RPR ring topology was stable. |
|
Recommended action |
No action is required. |
RPR_TOPOLOGY_INVALID
|
Message text |
A topology invalid defect is present on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
RPR/4/RPR_TOPOLOGY_INVALID: A topology invalid defect is present on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The topology information collected by the RPR stations was invalid. |
|
Recommended action |
Execute the shutdown command and then the undo shutdown command on the RPR stations to collect topology information again. |
RPR_TOPOLOGY_INVALID_OVER
|
Message text |
A topology invalid defect is cleared on the ring corresponding to RPR logical interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 |
|
Example |
RPR/5/RPR_TOPOLOGY_INVALID_OVER: A topology invalid defect is cleared on the ring corresponding to RPR logical interface RPR-Router1. |
|
Explanation |
The topology information collected by the RPR stations was valid. |
|
Recommended action |
No action is required. |
RRPP messages
This section contains RRPP messages.
RRPP_PEERLINK_CHECK
|
Message text |
An RRPP port can't be configured as a peer-link interface. |
|
Variable fields |
None. |
|
Severity level |
6 (Informational) |
|
Example |
RRPP/6/RRPP_PEERLINK_CHECK: An RRPP port can't be configured as a peer-link interface. |
|
Impact |
The RRPP ring cannot be established. |
|
Cause |
This message is generated when you configure an RRPP port as a peer-link interface. |
|
Recommended action |
Configure the RRPP port as a non-peer-link interface. |
RRPP_RING_FAIL
|
Message text |
Ring [UINT32] in Domain [UINT32] failed. |
|
Variable fields |
$1: Ring ID. $2: Domain ID. |
|
Severity level |
4 (Warning) |
|
Example |
RRPP/4/RRPP_RING_FAIL: Ring 1 in Domain 1 failed. |
|
Impact |
The network topology has changed and service traffic might be lost. |
|
Cause |
The link of an RRPP ring failed. |
|
Recommended action |
Check each RRPP node to clear the network fault. |
RRPP_RING_RESTORE
|
Message text |
Ring [UINT32] in Domain [UINT32] recovered. |
|
Variable fields |
$1: Ring ID. $2: Domain ID. |
|
Severity level |
4 (Warning) |
|
Example |
RRPP/4/RRPP_RING_RESTORE: Ring 1 in Domain 1 recovered. |
|
Impact |
No negative impact on the system, |
|
Cause |
The failed link of an RRPP ring recovered. |
|
Recommended action |
No action is required. |
RTM messages
This section contains RTM messages.
RTM_EMAIL_SUCCESS
|
Message text |
Succeed in sending an email with the subject [STRING] to [STRING]. |
|
Variable fields |
$1: Email subject. $2: Email recipient. |
|
Severity level |
6 |
|
Example |
RTM/6/RTM_EMAIL_SUCCESS: Succeed in sending an email with the subject Interface info to [email protected],[email protected]. |
|
Explanation |
EAA automatically sent emails successfully. |
|
Recommended action |
No action is required. |
RTM_EMAIL_FAILED
|
Message text |
Failed to send an email with the subject of [STRING] to [STRING], please check email domain, username password, max size and email server settings. |
|
Variable fields |
$1: Email subject. $12: Email recipient. |
|
Severity level |
4 |
|
Example |
RTM/4/RTM_EMAIL_FAILED: Failed to send an email with subject of Interface info to [email protected], please check email domain, username password, max size and email server settings. |
|
Explanation |
EAA failed to send emails automatically. Possible reasons: · The emails are oversized. · The email configuration is incomplete. · The device and the sending email server cannot reach each other. · The mailing service on the sending email server is not available. |
|
Recommended action |
1. Verify that the email size limit set by the rtm email max-size command is appropriate. 2. Verify that the configuration by the rtm email domain、rtm email username password command is correct. 3. Ping the sending email server to verify that it is reachable. 4. Perform the HTTP operation for the NQA client to verify that the mailing service on the sending email server is available. 5. The parameters on the sending email server are compatible with the mailing configuration on the device. |
RTM_ENVIRONMENT
|
Message text |
Can't find environment variable [STRING]. |
|
Variable fields |
$1: Name of the EAA environment variable. |
|
Severity level |
4 |
|
Example |
RTM/4/RTM_ENVIRONMENT: Can't find environment variable eee. |
|
Explanation |
The CLI monitoring policy failed to find the specified environment variable when it tried to replace the variable. The CLI monitoring policy failed to be executed. |
|
Recommended action |
Define the EAA environment variable before using the variable. |
RTM_TCL_LOAD_FAILED
|
Message text |
Failed to load the Tcl script file of policy [STRING]. |
|
Variable fields |
$1: Name of a Tcl-defined policy. |
|
Severity level |
4 |
|
Example |
RTM/4/RTM_TCL_LOAD_FAILED: Failed to load the Tcl script file of policy test. |
|
Explanation |
The system failed to load the Tcl script file for the policy to memory. |
|
Recommended action |
No action is required. |
RTM_TCL_MODIFY
|
Message text |
Failed to execute Tcl-defined policy [STRING] because the policy's Tcl script file had been modified. |
|
Variable fields |
$1: Name of a Tcl-defined policy. |
|
Severity level |
4 |
|
Example |
RTM/4/RTM_TCL_MODIFY: Failed to execute Tcl-defined policy aaa because the policy's Tcl script file had been modified. |
|
Explanation |
The Tcl script file for the policy was modified. |
|
Recommended action |
Reconfigure the policy, or modify the Tcl script to be the same as it was when it was bound with the policy. |
RTM_TCL_NOT_EXIST
|
Message text |
Failed to execute Tcl-defined policy [STRING] because the policy's Tcl script file was not found. |
|
Variable fields |
$1: Name of a Tcl-defined policy. |
|
Severity level |
4 |
|
Example |
RTM/4/RTM_TCL_NOT_EXIST: Failed to execute Tcl-defined policy aaa because the policy's Tcl script file was not found. |
|
Explanation |
The system did not find the Tcl script file for the policy while executing the policy. |
|
Recommended action |
1. Check that the Tcl script file exists. 2. Reconfigure the policy. |
SAVA messages
This section contains SAVA messages.
SAVA_SET_DRV_FAILED
|
Message text |
Failed to set the driver for enabling IPv6 SAVA on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
SAVA/5/SAVA_SET_DRV_FAILED: Failed to set the driver for enabling IPv6 SAVA on interface GigabitEthernet1/0/1. |
|
Impact |
The SAVA feature cannot be used normally. |
|
Cause |
The device failed to issue the command of enabling IPv6 SAVA on an interface to the driver. |
|
Recommended action |
1. Re-execute the ipv6 sava enable command to enable IPv6 SAVA on the interface. 2. If the issue persists, collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
SAVA_SPOOFING_DETECTED
|
Message text |
Source IP address [STRING] spoofing packet detected : destination IP [STRING], protocol [STRING], source port [UNIT], destination port [UNIT] on interface [STRING]. |
|
Variable fields |
$1: Spoofed source IPv6 address. $2: Destination IP address. $3: IP packet protocol number. $4: Source port number. $5: Destination port number. $6: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
SAVA/6/SAVA_SPOOFING_DETECTED: Source IP address 2000::1 spoofing packet detected : destination IP 3000::2, protocol 6, source port 200, destination port 3000 on interface GigabitEthernet1/0/1. |
|
Impact |
The spoofing packet is dropped. |
|
Cause |
The device detected a source IPv6 address spoofing packet. An illegal host used the IP address of a legal user. |
|
Recommended action |
1. Check whether the packet source is legal: ¡ If the packet source is illegal, no action is required. ¡ If the packet source is legal, first execute the undo ipv6 sava packet-drop enable command to disable dropping of SAVA-detected spoofing packets. Then analyze and adjust the network configuration based on the content of the output spoofing packet log message, and execute the ipv6 sava enable command to enable dropping of SAVA-detected spoofing packets. 2. If the issue persists, collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
SAVI messages
This section contains SAVI messages.
SAVI_FILTER_ENTRY_ADD
|
Message text |
Filter entry add with IP address [STRING], MAC [STRING] on interface [STRING] and VLAN [UINT32]. |
|
Variable fields |
$1: IP address. $2: MAC address. $3: Interface name. $4: VLAN ID. |
|
Severity level |
6 |
|
Example |
SAVI/6/SAVI_FILTER_ENTRY_ADD: Filter entry add with IP address 3000::22, MAC 0011-0231-4520 on interface GigabitEthernet1/0/1 and VLAN 112. |
|
Explanation |
SAVI created a new entry for filtering invalid packets. |
|
Recommended action |
No action is required. |
SAVI_FILTER_ENTRY_DEL
|
Message text |
Filter entry delete with IP address [STRING], MAC [STRING] on interface [STRING] and VLAN [UINT32]. |
|
Variable fields |
$1: IP address. $2: MAC address. $3: Interface name. $4: VLAN ID. |
|
Severity level |
6 |
|
Example |
SAVI/6/ SAVI_FILTER_ENTRY_DEL: Filter entry delete with IP address 3000::22, MAC 0011-0231-4520 on interface GigabitEthernet1/0/1 and VLAN 112. |
|
Explanation |
SAVI deleted an entry for filtering invalid packets. |
|
Recommended action |
No action is required. |
SAVI_SPOOFING_DETECTED
|
Message text |
Spoofing packet detected: source IP [STRING], MAC [STRING], destination IP [STRING], protocol [UINT32], source port [UINT32], destination port [UINT32], incoming interface [STRING], VLAN [UINT32]. |
|
Variable fields |
$1: Spoofing source IP address. $2: Source MAC address. $3: Destination IP address. $4: IP protocol version number. $5: Source port number. $6: Destination port number. $7: Interface name. $8: VLAN ID. |
|
Severity level |
6 |
|
Example |
SAVI/6/SAVI_SPOOFING_DETECTED: Spoofing packet detected: source IP 2000::1, MAC 0011-0231-4520, destination IP 3000::2, protocol 6, source port 299, destination port 399, incoming interface GigabitEthernet1/0/1, VLAN 40. |
|
Explanation |
SAVI detected a spoofed packet. |
|
Recommended action |
Check the validity of the source addresses of incoming packets. |
SCMD messages
This section contains SCMD messages.
PROCESS_ABNORMAL
|
Message text |
The process [STRING] exited abnormally. ServiceName=[STRING], ExitCode=[STRING], KillSignal=[STRING], StartTime=[STRING], StopTime=[STRING]. |
|
Variable fields |
$1: Process name. $2: Service name defined in the script. $3: Process exit code. If the process was closed by a signal, this field displays NA. $4: Signal that closed the process. If the process was not closed by a signal, this field displays NA. $5: Time when the process was created. $6: Time when the process was closed. |
|
Severity level |
4 |
|
Example |
SCMD/4/PROCESS_ABNORMAL: The process diagd exited abnormally. ServiceName=DIAG, ExitCode=1, KillSignal=NA, StartTime=2019-03-06 14:18:06, StopTime=2019-03-06 14:35:25. |
|
Explanation |
A process exited abnormally. You can use the process parameters for troubleshooting. |
|
Recommended action |
1. Use the display process command to identify whether the process exists. If the process exists, the process is recovered. a. Execute the view /var/log/trace.log > trace.log command in probe view. b. Upload the trace.log file saved in the storage media of the device to the server through FTP or TFTP (in binary mode). c. Contact H3C Support. Do not reboot the device so H3C Support can help you locate the problem. |
PROCESS_ACTIVEFAILED
|
Message text |
The standby process [STRING] failed to switch to the active process due to uncompleted synchronization, and was restarted. |
|
Variable fields |
$1: Process name. |
|
Severity level |
4 |
|
Example |
SCMD/4/PROCESS_ACTIVEFAILED: The standby process [STRING] failed to switch to the active process due to uncompleted synchronization, and was restarted. |
|
Explanation |
The standby process failed to switch to the active process because the active process exited abnormally when the standby process has not completed synchronization. The standby process was restarted. |
|
Recommended action |
No action is required. |
PROCESS_CORERECORD
|
Message text |
Exceptions occurred with process [STRING]. A core dump file was generated. |
|
Variable fields |
$1: Process name. |
|
Severity level |
4 |
|
Example |
SCMD/4/PROCESS_CORERECORD: Exceptions occurred with process diagd. A core dump file was generated. |
|
Explanation |
Exceptions occurred with the process and a core dump file was generated. The core dump file contains information relevant to the process exceptions. You can use the file for troubleshooting. |
|
Recommended action |
1. Execute the display exception context command to collect process exception information, and save the information to a file. 2. Execute the display exception filepath command to display the core file. 3. Upload the core file and the file that stores the process exception information to the server through FTP or TFTP (in binary mode). 4. Contact H3C Support. Do not reboot the device so H3C Support can help you locate the problem. |
SCM_ABNORMAL_REBOOT
|
Message text |
Failed to restore process [STRING]. Rebooting [STRING]. |
|
Variable fields |
$1: Process name. $2: Chassis number and slot number, slot number, or string the system. |
|
Severity level |
3 |
|
Example |
SCMD/3/SCM_ABNORMAL_REBOOT: Failed to restore process ipbased. Rebooting slot 1. |
|
Explanation |
The process exited abnormally during the device startup. If the process cannot recover after multiple automatic restart attempts, the slot or device will restart automatically. |
|
Recommended action |
1. Use the display process command to verify that the process has recovered after the card or device restarts. 2. If the problem persists, contact H3C Support. |
SCM_ABNORMAL_REBOOTMDC
|
Message text |
Failed to restore process [STRING] on [STRING] [UINT16]. Rebooting [STRING] [UINT16]. |
|
Variable fields |
$1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Object type, MDC or context. $5: ID of the MDC or context. |
|
Severity level |
3 |
|
Example |
SCMD/3/SCM_ABNORMAL_REBOOTMDC: Failed to restore process ipbased on MDC 2. Rebooting MDC 2. |
|
Explanation |
The process exited abnormally during the startup of the MDC on the active MPU or the context on the main security engine in the security engine group. If the process cannot recover after multiple automatic restart attempts, the MDC or context will restart automatically. This message will be output in MDC 1 or Context 1. |
|
Recommended action |
1. Use the display process command to verify that the process has recovered after the card restarts. 2. If the problem persists, contact H3C Support. |
SCM_ABORT_RESTORE
|
Message text |
|
|
Variable fields |
$1: Process name. |
|
Severity level |
3 |
|
Example |
SCMD/3/SCM_ABORT_RESTORE: Failed to restore process ipbased. Restoration aborted. |
|
Explanation |
The process exited abnormally during the system operation. If the process cannot recover after multiple automatic restart attempts, the device will not restore the process. |
|
Recommended action |
1. Use the display process log command in any view to display the details about process exit. 2. Restart the card or the MDC where the process is located. 3. Provide the output from the display process log command to H3C Support. |
SCM_INSMOD_ADDON_TOOLONG
|
Message text |
Failed to finish loading [STRING] in [UINT32] minutes. |
|
Variable fields |
$1: Kernel file name. $2: File loading duration. |
|
Severity level |
4 |
|
Example |
SCMD/4/SCM_INSMOD_ADDON_TOOLONG: Failed to finish loading addon.ko in 30 minutes. |
|
Explanation |
Kernel file loading timed out during device startup. |
|
Recommended action |
1. Restart the card. 2. Contact H3C Support. |
SCM_KERNEL_INIT_TOOLONG
|
Message text |
Kernel init in sequence [STRING] function [STRING] is still starting for [UINT32] minutes. |
|
Variable fields |
$1: Kernel event phase. $2: Address of the function corresponding to the kernel event. $3: Time duration. |
|
Severity level |
4 |
|
Example |
SCMD/4/SCM_KERNEL_INIT_TOOLONG: Kernel init in sequence 0x25e7 function 0x6645ffe2 is still starting for 15 minutes. |
|
Explanation |
A function at a phase during kernel initialization ran too long. |
|
Recommended action |
1. Restart the card. 2. Contact H3C Support. |
SCM_KILL_PROCESS
|
Message text |
Pattern 1: The process [STRING] was killed because it failed to stop within [STRING]. Pattern 2: The process [STRING] on [STRING] [UINT16] was killed because it failed to stop within [STRING]. |
|
Variable fields |
Pattern 1: $1: Process name. $2: Time that elapsed after the process received the stop signal and before the device output this log message. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Time that elapsed after the process received the stop signal and before the device output this log message. |
|
Severity level |
6 |
|
Example |
SCMD/6/SCM_KILL_PROCESS: The process stamgrd was killed because it failed to stop within 30 minutes. |
|
Explanation |
If a process does not stop after running a specific period of time, the system will kill the process. |
|
Recommended action |
1. After the system, MDC, or context operates stably, use the display process command to identify whether the process has recovered. 2. If the process does not recover, contact H3C Support. |
SCM_PROCESS_HEALTHY
|
Message text |
Process [%s] is healthy. |
|
Variable fields |
$1: Process name. |
|
Severity level |
6 |
|
Example |
SCMD/6/SCM_PROCESS_HEALTHY: Process fsd is healthy. |
|
Explanation |
A process started correctly and entered healthy state. |
|
Recommended action |
No action is required. |
SCM_PROCESS_UNHEALTHY
|
Message text |
Process [%s] is unhealthy. |
|
Variable fields |
$1: Process name. |
|
Severity level |
4 |
|
Example |
SCMD/6/SCM_PROCESS_UNHEALTHY: Process fsd is unhealthy. |
|
Explanation |
A process failed to start in time and entered unhealthy state during device or card startup. If the process stays in unhealthy state, the system will keep attempting to start the device or card. If the device or card fails to start after six hours, the system will ignore the startup progress and proceed to the next step. |
|
Recommended action |
No action is required. |
SCM_PROCESS_STARTING_TOOLONG
|
Message text |
Pattern 1: The process [STRING] has not finished starting in [UINT32] hours. Pattern 2: The process [STRING] on [STRING] [UINT16] has not finished starting in [STRING] hours. |
|
Variable fields |
Pattern 1: $1: Process name. $2: Time duration. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Time duration. |
|
Severity level |
4 |
|
Example |
SCMD/4/SCM_PROCESS_STARTING_TOOLONG: The process ipbased has not finished starting in 1 hours. |
|
Explanation |
The process initialization takes a long time and has not been finished. Too many processes have been configured or the process is abnormal. |
|
Recommended action |
1. Wait 6 hours and then verify that the process has been started. 2. Restart the card/MDC/context, and then use the display process command to verify that the process has recovered. 3. Contact H3C Support. |
SCM_PROCESS_STILL_STARTING
|
Message text |
Pattern 1: The process [STRING] is still starting for [UINT32] minutes. Pattern 2: The process [STRING] on [STRING] [UINT16] is still starting for [STRING] minutes. |
|
Variable fields |
Pattern 1: $1: Process name. $2: Time duration. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Time duration. |
|
Severity level |
6 |
|
Example |
SCMD/6/SCM_PROCESS_STILL_STARTING: The process ipbased is still starting for 20 minutes. |
|
Explanation |
A process is always in startup state. |
|
Recommended action |
No action is required. |
SCM_SKIP_PROCESS
|
Message text |
Pattern 1: The process [STRING] was skipped because it failed to start within 6 hours. Pattern 2: The process [STRING] on [STRING] [UINT16] was skipped because it failed to start within 6 hours. |
|
Variable fields |
Pattern 1: $1: Process name. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. |
|
Severity level |
3 |
|
Example |
SCMD/3/SCM_SKIP_PROCESS: The process ipbased was skipped because it failed to start within 6 hours. |
|
Explanation |
A process failed to start within 6 hours. The device will skip this process and continue to start. |
|
Recommended action |
1. Restart the card/MDC/context, and then use the display process command to verify that the process has restored. 2. Contact H3C Support. |
SCRLSP messages
This section contains static CRLSP messages.
SCRLSP_LABEL_DUPLICATE
|
Message text |
Incoming label [INT32] for static CRLSP [STRING] is duplicate. |
|
Variable fields |
$1: Incoming label value. $2: Static CRLSP name. |
|
Severity level |
4 (Warning) |
|
Example |
SCRLSP/4/SCRLSP_LABEL_DUPLICATE: Incoming label 1024 for static CRLSP aaa is duplicate. |
|
Impact |
The static CRLSP cannot forward service traffic. |
|
Cause |
The incoming label of a static CRLSP was occupied by a static PW or static LSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static CRLSP with an incoming label which is already occupied by a static PW or static LSP. · Enable MPLS when a static CRLSP exists with an incoming label that is occupied by a static PW or static LSP. |
|
Recommended action |
Remove this static CRLSP, and reconfigure it with another incoming label. |
SESSION messages
This section contains session messages.
SESSION_IPV4_FLOW
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation.. $6: Destination IP address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Total number of inbound packets. $11: Total number of inbound bytes. $12: Total number of outbound packets. $13: Total number of outbound bytes. $14: Source VPN instance name. $15: Destination VPN instance name. $16: Source DS-Lite tunnel. $17: Destination DS-Lite tunnel. $18: Time when the session is created. $19: Time when the session is removed. $20: Event type. $20: Event description: · Session created. · Active flow threshold. · Normal over. · Aged for timeout. · Aged for reset or config-change. · Other. |
|
Severity level |
6 |
|
Example |
SESSION/6/SESSION_IPV4_FLOW: Protocol(1001)=UDP;SrcIPAddr(1003)=10.10.10.1;SrcPort(1004)=1024;NATSrcIPAddr(1005)=10.10.10.1;NATSrcPort(1006)=1024;DstIPAddr(1007)=20.20.20.1;DstPort(1008)=21;NATDstIPAddr(1009)=20.20.20.1;NATDstPort(1010)=21;InitPktCount(1044)=1;InitByteCount(1046)=50;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=03182024082546;EndTime_e(1014)=;Event(1048)=(8)Session created; |
|
Explanation |
This message is sent in one of the following conditions: · An IPv4 session is created or removed. · Periodically during an IPv4 session. · The traffic-based or time-based threshold of an IPv4 session is reached. |
|
Recommended action |
No action is required. |
SESSION_IPV6_FLOW
|
Message text |
Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IP address. $5: Destination port number. $6: Total number of inbound packets. $7: Total number of inbound bytes. $8: Total number of outbound packets. $9: Total number of outbound bytes. $10: Source VPN instance name. $11: Destination VPN instance name. $12: Time when the session is created. $13: Time when the session is removed. $14: Event type. $15: Event description: · Session created. · Active flow threshold. · Normal over. · Aged for timeout. · Aged for reset or config-change. · Other. |
|
Severity level |
6 |
|
Example |
SESSION/6/SESSION_IPV6_FLOW: Protocol(1001)=UDP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=1024;DstIPv6Addr(1037)=3001::2;DstPort(1008)=53;InitPktCount(1044)=1;InitByteCount(1046)=110;RplyPktCount(1047)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;BeginTime_e(1013)=03182024082901;EndTime_e(1014)=;Event(1048)=(8)Session created; |
|
Explanation |
This message is sent in one of the following conditions: · An IPv6 session is created or removed. · Periodically during an IPv6 session. · The traffic-based or time-based threshold of an IPv6 session is reached. |
|
Recommended action |
No action is required. |
SFLOW messages
This section contains sFlow messages.
SFLOW_HARDWARE_ERROR
|
Message text |
|
|
Variable fields |
$1: Configuration item: update sampling mode $2: Interface name. $3: Failure reason: not supported operation |
|
Severity level |
4 (Warning) |
|
Example |
|
|
Impact |
The new sampling mode cannot be deployed. |
|
Cause |
A sampling mode that is not supported by the device is configured. |
|
Recommended action |
1. Specify a sampling mode that is supported by the device. 2. If the issue persists, collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
SHELL messages
This section contains shell messages.
SHELL_CMD
|
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command is [STRING] |
|
Variable fields |
$1: User line type and number. If there is not user line information, this field displays two asterisks (**). $2: IP address. If there is not IP address information, this field displays two asterisks (**). $3: Username. If there is not username information, this field displays two asterisks (**). $4: Command string. |
|
Severity level |
6 |
|
Example |
SHELL/6/SHELL_CMD: -Line=aux0-IPAddr=**-User=**; Command is quit |
|
Explanation |
A command was executed. |
|
Recommended action |
No action is required. |
SHELL_CMD_CANCEL
|
Message text |
-Line=[STRING]-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] canceled to be executed. Result=Success. |
|
Variable fields |
$1: User line type and number. If there is not user line information, this field displays two asterisks (**). $2: Username. If there is not username information, this field displays two asterisks (**). $2: IP address. If there is not IP address information, this field displays two asterisks (**). $4: Command string. $5: Command view. |
|
Severity level |
6 |
|
Example |
SHELL/6/SHELL_CMD_CANCEL: -Line=vty0-IPAddr=**-User=**; Command save in view system canceled to be executed. Result=Success. |
|
Explanation |
The execution of the command is canceled manually. |
|
Recommended action |
No action is required |
SHELL_CMD_CONFIRM
|
Message text |
Confirm option of command [STRING] is [STRING]. |
|
Variable fields |
$1: Command string. $2: Confirm option. |
|
Severity level |
6 |
|
Example |
SHELL/6/SHELL_CMD_CONFIRM: Confirm option of command save is no. |
|
Explanation |
A user selected a confirmation option for a command. |
|
Recommended action |
No action is required. |
SHELL_CMD_EXECUTEFAIL
|
Message text |
-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be executed. |
|
Variable fields |
$1: User line type and number. If there is not user line information, this field displays two asterisks (**). $2: Username. If there is not username information, this field displays two asterisks (**). $3: IP address. If there is not IP address information, this field displays two asterisks (**). $4: Command string. $5: Command view. |
|
Severity level |
4 |
|
Example |
SHELL/4/SHELL_CMD_ EXECUTEFAIL: -Line=vty0-User=**-IPAddr=192.168.62.138; Command save in view system failed to be executed.Result=Failed. |
|
Explanation |
A command that a background program issued failed to be executed. |
|
Recommended action |
1. Execute the command again. 2. Verify that the command view is correct. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
SHELL_CMD_EXECUTESUCCESS
|
Message text |
-Line=[STRING]-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] succeed to be executed. Result=Success. |
|
Variable fields |
$1: User line type and number. If there is not user line information, this field displays two asterisks (**). $2: Username. If there is not username information, this field displays two asterisks (**). $3: IP address. If there is not IP address information, this field displays two asterisks (**). $4: Command string. $5: Command view. |
|
Severity level |
6 |
|
Example |
SHELL/6/SHELL_CMD_EXECUTESUCCESS: -Line=vty0-User=**-IPAddr=192.168.62.138; Command save in view system succeed to be executed. Result=Success. |
|
Explanation |
The command is executed successfully. |
|
Recommended action |
No action is required |
SHELL_CMD_INPUT
|
Message text |
|
|
Variable fields |
$1: Command string. $2: String entered by the user. |
|
Severity level |
6 |
|
Example |
SHELL/6/SHELL_CMD_INPUT: Input string for the save command is startup.cfg. SHELL/6/SHELL_CMD_INPUT: Input string for the save command is CTRL_C. SHELL/6/SHELL_CMD_INPUT: Input string for the save command is the Enter key. |
|
Explanation |
A user responded to the input requirement of a command. |
|
Recommended action |
No action is required. |
SHELL_CMD_INPUT_TIMEOUT
|
Message text |
Operation timed out: Getting input for the [STRING] command. |
|
Variable fields |
$1: Command string. |
|
Severity level |
6 |
|
Example |
SHELL/6/SHELL_CMD_INPUT_TIMEOUT: Operation timed out: Getting input for the fdisk command. |
|
Explanation |
The user did not respond to the input requirement of a command before the timeout timer expired. |
|
Recommended action |
No action is required. |
SHELL_CMD_INVALID_CHARACTER
|
Message text |
Execution failed for the [STRING] command. Reason: The command contains invalid characters (? or \t). |
|
Variable fields |
$1: Command to be executed. |
|
Severity level |
6 |
|
Example |
SHELL/6/SHELL_CMD_INVALID_CHARACTER: Execution failed for the sysname abc?? command. Reason: The command contains invalid characters (? or \t). |
|
Explanation |
Invalid characters (? or \t) were detected in the text-type configuration file used for configuration deployment, such as configuration restoration or rollback. |
|
Recommended action |
Delete the invalid characters and deploy the configuration manually. |
SHELL_CMD_MATCHFAIL
|
Message text |
-Line=[STRING]-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be matched.Result=Failed. |
|
Variable fields |
$1: User line type and number. If there is not user line information, this field displays two asterisks (**). $2: Username. If there is not username information, this field displays two asterisks (**). $3: IP address. If there is not IP address information, this field displays two asterisks (**). $4: Command string. $5: Command view. |
|
Severity level |
4 |
|
Example |
SHELL/4/SHELL_CMD_MATCHFAIL: -Line=vty0-User=**-IPAddr=192.168.62.138; Command description 10 in view system failed to be matched.Result=Failed. |
|
Explanation |
The command string has errors, or the view does not support the command. |
|
Recommended action |
1. Verify the command is correct. 2. Verify that the command view is correct. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
SHELL_CMDDENY
|
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command=[STRING] is permission denied.Result=Failed. |
|
Variable fields |
$1: User line type and number. If there is not user line information, this field displays two asterisks (**). $2: IP address. If there is not IP address information, this field displays two asterisks (**). $3: Username. If there is not username information, this field displays two asterisks (**). $4: Command string. |
|
Severity level |
5 |
|
Example |
SHELL/5/SHELL_CMDDENY: -Line=vty0-IPAddr=192.168.62.138-User=**; Command vlan 10 is permission denied.Result=Failed. |
|
Explanation |
The user did not have the right to execute the command. |
|
Recommended action |
Verify that the user has the permission to execute the command. |
SHELL_CMDFAIL
|
Message text |
The [STRING] command failed to restore the configuration. |
|
Variable fields |
$1: Command string. |
|
Severity level |
6 |
|
Example |
SHELL/6/SHELL_CMDFAIL: The “vlan 1024” command failed to restore the configuration. |
|
Explanation |
The specified command failed to be restored during a configuration restoration from a .cfg file. |
|
Recommended action |
No action is required. |
SHELL_COMMIT
|
Message text |
The configuration has been committed. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
SHELL/5/SHELL_COMMIT: The configuration has been committed. |
|
Explanation |
A configuration commit operation succeeded. |
|
Recommended action |
No action is required. |
SHELL_COMMIT_DELAY
|
Message text |
A configuration rollback will be performed in [INT32] minutes. |
|
Variable fields |
$1: Configuration commit delay timer. |
|
Severity level |
5 |
|
Example |
SHELL/5/SHELL_COMMIT_DELAY: A configuration rollback will be performed in 3 minutes. |
|
Explanation |
The configuration commit delay timer was set successfully. |
|
Recommended action |
Complete and commit the configuration before the timer expires. If you cannot complete the configuration, execute the configuration commit delay command again to delay the expiration. |
SHELL_COMMIT_REDELAY
|
Message text |
The commit delay has been reset, a configuration rollback will be performed in [INT32] minutes. |
|
Variable fields |
$1: Configuration commit delay timer reconfigured. |
|
Severity level |
5 |
|
Example |
SHELL/5/SHELL_COMMIT_REDELAY: The commit delay has been reset, a configuration rollback will be performed in 3 minutes. |
|
Explanation |
The configuration commit delay timer was reconfigured before the timer expires. |
|
Recommended action |
No action is required. |
SHELL_COMMIT_ROLLBACK
|
Message text |
The configuration commit delay is overtime, a configuration rollback will be performed. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
SHELL/5/SHELL_COMMIT_ROLLBACK: The configuration commit delay is overtime, a configuration rollback will be performed. |
|
Explanation |
The configuration commit delay timer expired. A configuration rollback will occur. |
|
Recommended action |
Stop configuring the device and wait for the rollback to finish. |
SHELL_COMMIT_ROLLBACKDONE
|
Message text |
The configuration rollback has been performed. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
SHELL/5/SHELL_COMMIT_ROLLBACKDONE: The configuration rollback has been performed. |
|
Explanation |
The configuration rollback was finished. |
|
Recommended action |
You can continue to configure the device as required. |
SHELL_COMMIT_WILLROLLBACK
|
Message text |
A configuration rollback will be performed in 1 minute. To retain the configuration you have made after executing the configuration commit delay command, execute the commit command. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
SHELL/5/SHELL_COMMIT_WILLROLLBACK: A configuration rollback will be performed in 1 minute. To retain the configuration you have made after executing the configuration commit delay command, execute the commit command. |
|
Explanation |
A configuration rollback will be performed in 1 minute. |
|
Recommended action |
Complete the configuration within 1 minute and commit the configuration, or execute the configuration commit delay command again to delay the expiration. |
SHELL_CRITICAL_CMDFAIL
|
Message text |
-User=[STRING]-IPAddr=[STRING]; Command=[STRING] . |
|
Variable fields |
$1: Username. $2: IP address. $3: Command string. |
|
Severity level |
6 |
|
Example |
SHELL/6/SHELL_CRITICAL_CMDFAIL: -User=admin-IPAddr=169.254.0.7; Command is save. |
|
Explanation |
A command failed to be executed. |
|
Recommended action |
No action is required. |
SHELL_LOGIN
|
Message text |
[STRING] logged in from [STRING]. |
|
Variable fields |
$1: Username. $2: User line type and number. |
|
Severity level |
5 |
|
Example |
SHELL/5/SHELL_LOGIN: Console logged in from console0. |
|
Explanation |
A user logged in. If the user logged in to the standby MPU, the user line type and number field displays local. |
|
Recommended action |
No action is required. |
SHELL_LOGOUT
|
Message text |
[STRING] logged out from [STRING], reason: [STRING]. |
|
Variable fields |
$1: Username. $2: User line type and number. $3: Exit reason. This parameter is displayed only in FIPS mode. · exit normally—The user exits normally. · time out—User login timed out. |
|
Severity level |
5 |
|
Example |
SHELL/5/SHELL_LOGOUT: Console logged out from console0, reason: exit normally. |
|
Explanation |
A user logged out. If the user logged out from the standby MPU, the user line type and number field displays local. In FIPS mode, the system displays the reason why the user exits. |
|
Recommended action |
No action is required. |
SIMMGR messages
This section contains simulation management messages.
SIMMGR_LIC_EXPIRE
|
Message text |
Local license is about to expire in [INT32] days. |
|
Variable fields |
$1: Remaining validity period of the local license. |
|
Severity level |
5 (Notification) |
|
Example |
SIMMGR/5/SIMMGR_LIC_EXPIRE: Local license is about to expire in 10 days. |
|
Impact |
The features authorized by the license are about to become unavailable. |
|
Cause |
The local license is about to expire. Starting from 10 days before the expiration date, this log will be generated. |
|
Recommended action |
To ensure a correct use of the device, install a new formal license. |
SIMMGR_NOLIC
|
Message text |
No license available. [STRING]. |
|
Variable fields |
$1: Action description. · The packet forwarding function will be disabled in [FLOAT] hours. · The packet forwarding function was disabled. · The device will be rebooted in [FLOAT] minutes. · The device will be rebooted immediately. |
|
Severity level |
4 (Warning) |
|
Example |
SIMMGR/4/SIMMGR_NOLIC: No license available. The device will be rebooted immediately. |
|
Impact |
The features authorized by the license are unavailable. |
|
Cause |
No license is available. |
|
Recommended action |
Install a license. |
SIMMGR_REMOTE_LIC_EXPIRE
|
Message text |
License requested from the license server is about to expire in [INT32] days. |
|
Variable fields |
$1: Remaining validity period of the license requested from the license server. |
|
Severity level |
5 (Notification) |
|
Example |
SIMMGR/5/SIMMGR_REMOTE_LIC_EXPIRE: License requested from the license server is about to expire in 10 days. |
|
Impact |
The features authorized by the license are about to become unavailable. |
|
Cause |
The local license is about to expire. Starting from 10 days before the expiration date, this log will be generated. |
|
Recommended action |
To ensure a correct use of the device, install a new formal license. |
SLSP messages
This section contains static LSP messages.
SLSP_LABEL_DUPLICATE
|
Message text |
Incoming label [INT32] for static LSP [STRING] is duplicate. |
|
Variable fields |
$1: Incoming label value. $2: Static LSP name. |
|
Severity level |
4 (Warning) |
|
Example |
SLSP/4/SLSP_LABEL_DUPLICATE: Incoming label 1024 for static LSP aaa is duplicate. |
|
Impact |
The static LSP is unavailable and cannot be used to forward service traffic. |
|
Cause |
The incoming label of the static LSP was occupied by a static PW, static CRLSP, or a static SRLSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static LSP with an incoming label which is already occupied by a static PW, static CRLSP, or static SRLSP. · Enable MPLS when a static LSP exists with an incoming label that is occupied by a static PW, static CRLSP, or static SRLSP. |
|
Recommended action |
Remove this static LSP, and reconfigure it with another incoming label. |
SMARTMC messages
This section contains Smart Management Center (SmartMC) messages.
ERROR
|
Message text |
Failed to set a password for device [UNIT]. |
|
Variable fields |
$1: Member device ID. |
|
Severity level |
3 (Error) |
|
Example |
SMARTMC/3/ERROR: Failed to set a password for device 10. |
|
Impact |
The TM cannot manage the TC. |
|
Cause |
This message is generated if the password setting operation triggered by executing the smartmc tc password command fails. |
|
Recommended action |
· Execute the display password-control command and view the values of the Password length, Password composition, and Password complexity fields in the command output to identify password requirements. · Use the password-control length, password-control composition, and password-control complexity commands to change the password complexity requirements. |
SMLK messages
This section contains Smart Link messages.
SMLK_LINK_INACTIVE
|
Message text |
Not all the members in smart link group [UINT16] are M-LAG interfaces. A peer-link interface can't be a member of a smart link group. |
|
Variable fields |
$1: Smart link group ID. |
|
Severity level |
4 |
|
Example |
SMLK/4/SMLK_PORT_INACTIVE: -MDC=1; Not all the members in smart link group 1 are M-LAG interfaces. |
|
Explanation |
This message is generated for an M-LAG network when not all the members in a smart link group are M-LAG interfaces or a smart link group includes a peer-link interface. |
|
Recommended action |
Add only M-LAG interfaces to a smart link group in an M-LAG network. |
SMLK_LINK_SWITCH
|
Message text |
Status of port [STRING] in smart link group [UINT16] changes to active. |
|
Variable fields |
$1: Port name. $2: Smart link group ID. |
|
Severity level |
4 |
|
Example |
SMLK/4/SMLK_LINK_SWITCH: Status of port GigabitEthernet0/1/4 in smart link group 1 changes to active. |
|
Explanation |
The port takes over to forward traffic after the original active port fails. |
|
Recommended action |
Remove the network faults. |
SNMP messages
This section contains SNMP messages.
SNMP_ACL_RESTRICTION
|
Message text |
SNMP [STRING] from [STRING] is rejected due to ACL restriction. |
|
Variable fields |
$1: SNMP community/usm-user/group. $2: IP address of the NMS. |
|
Severity level |
3 (Error) |
|
Example |
SNMP/3/SNMP_ACL_RESTRICTION: SNMP community public from 192.168.1.100 is rejected due to ACL restrictions. |
|
Explanation |
SNMP packets are denied because of ACL restrictions. |
|
Recommended action |
Check the ACL configuration on the SNMP agent, and identify whether the agent was attacked. |
SNMP_AUTHENTICATION_FAILURE
|
Message text |
Failed to authenticate SNMP message. Pattern 2: Failed to authenticate SNMP message.[STRING][STRING] |
|
Variable fields |
$1: IP address of the NMS that fails the authentication. This field is available only after you configure the snmp-agent trap snmpv2-mib authenticationfailure extended command. $2: NMS authentication failure reason. This field is available only after you configure the snmp-agent trap snmpv2-mib authenticationfailure extended command. Options include: · Invalid communityname—SNMP version v1/v2c is used, and the SNMP request contains an invalid community name. · Illegal operation for the community supplied—SNMP version v1/v2c is used, and the carried community name has not permissions for a specific operation. · USM authentication failure(incorrect password or key)—SNMP version v3 is used. The authentication type and authentication password are incorrect, or the device is configured with authentication/encryption, but the request does not carry an authentication/encryption field. |
|
Severity level |
4 (Warning) |
|
Example |
SNMP/4/SNMP_AUTHENTICATION_FAILURE: Failed to authenticate SNMP message. Pattern 1: SNMP/4/SNMP_AUTHENTICATION_FAILURE: -MDC=1; Failed to authenticate SNMP message. IPAddress = 14.1.1.2, Reason = Invalid communityname. |
|
Explanation |
An NMS failed to be authenticated by the agent. |
|
Recommended action |
No action is required. |
SNMP_GET
|
Message text |
-seqNO=[UINT32]-srcIP=[STRING]-op=GET-node=[STRING]-value=[STRING]; The agent received a message. |
|
Variable fields |
$1: Sequence number of an SNMP operation log. $2: IP address of the NMS. $3: MIB object name and OID. $4: Value field of the request packet. |
|
Severity level |
6 |
|
Example |
SNMP/6/SNMP_GET: -seqNO=1-srcIP=192.168.28.28-op=GET-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=; The agent received a message. |
|
Explanation |
SNMP received a Get request from an NMS. The system logs SNMP operations only when SNMP logging is enabled. |
|
Recommended action |
No action is required. |
SNMP_INFORM_LOST
|
Message text |
Inform failed to reach NMS [STRING]: Inform [STRING][STRING]. |
|
Variable fields |
$1: NMS host address and port number. $2: Notification name and OID. $3: Variable-binding field of notifications. ¡ If no MIB object exists, NMS host address and port number and notification name and OID are displayed. ¡ If MIB objects are included, " with " are displayed before the MIB object and OID. MIB objects are separated by semicolons (;). |
|
Severity level |
3 |
|
Example |
SNMP/3/SNMP_INFORM_LOST: Inform failed to reach NMS 192.168.111.222(163): Inform coldStart(1.3.6.1.6.3.1.1.5.1). |
|
Explanation |
If the SNMP agent sends an Inform packet to an NMS and does not receive any response, the SNMP agent determines that the NMS is unreachable. The agent will print the message for issue location. If a message is oversized, the system will automatically fragment the message and add a location identifier "-PART=xx" to each fragment before sending them. xx represents the sequence number of a fragment. |
|
Recommended action |
Identify whether the SNMP agent and the NMS are reachable to each other. |
SNMP_NOTIFY
|
Message text |
Notification [STRING][STRING]. |
|
Variable fields |
$1: Notification name and OID. $2: Variable-binding field of notifications. ¡ If no MIB object exists, only notification name and OID are displayed. ¡ If MIB objects are included, " with " are displayed before the MIB object and OID. MIB objects are separated by semicolons (;). |
|
Severity level |
6 |
|
Example |
Example of a complete message: SNMP/6/SNMP_NOTIFY: Notification hh3cLogIn(1.3.6.1.4.1.25506.2.2.1.1.3.0.1) with hh3cTerminalUserName(1.3.6.1.4.1.25506.2.2.1.1.2.1.0)=;hh3cTerminalSource(1.3.6.1.4.1.25506.2.2.1.1.2.2.0)=Console. Example of a fragmented message: SNMP/6/SNMP_NOTIFY: -MDC=1; -PART=1; Notification syslogMsgNotification(1.3.6.1.2.1.192.0.1) with syslogMsgFacility(1.3.6.1.2.1.192.1.2.1.2.1)=23;syslogMsgSeverity(1.3.6.1.2.1.192.1.2.1.3.1)=6;syslogMsgVersion(1.3.6.1.2.1.192.1.2.1.4.1)=1;syslogMsgTimeStamp(1.3.6.1.2.1.192.1.2.1.5.1)=07-e2-04-12-12-26-35-00-00-00-2d-00-00[hex];syslogMsgHostName(1.3.6.1.2.1.192.1.2.1.6.1)=H3C;syslogMsgAppName(1.3.6.1.2.1.192.1.2.1.7.1)=SHELL;syslogMsgProcID(1.3.6.1.2.1.192.1.2.1.8.1)=-;syslogMsgMsgID(1.3.6.1.2.1.192.1.2.1.9.1)=SHELL_CMD;syslogMsgSDParams(1.3.6.1.2.1.192.1.2.1.10.1)=4;syslogMsgMsg(1.3.6.1.2.1.192.1.2.1.11.1)= Command is snmp-agent trap enable syslog;syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.1.12.83.121.115.76.111.99.64.50.53.53.48.54.3.77.68.67)=1;syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.2.12.65.112.112.76.111.99.64.50.53.53.48.54.4.76.105.110.101)=con0. SNMP/6/SNMP_NOTIFY: -MDC=1; -PART=2; Notification syslogMsgNotification(1.3.6.1.2.1.192.0.1) with syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.3.12.65.112.112.76.111.99.64.50.53.53.48.54.6.73.80.65.100.100.114)=**;syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.4.12.65.112.112.76.111.99.64.50.53.53.48.54.4.85.115.101.114)=**. |
|
Explanation |
The SNMP agent sent a notification. This message displays the notification content. If a message is oversized, the system will automatically fragment the message and add a location identifier "-PART=xx" to each fragment before sending them. xx represents the sequence number of a fragment. |
|
Recommended action |
No action is required. |
SNMP_SET
|
Message text |
-seqNO=[UINT32]-srcIP=[STRING]-op=SET-errorIndex=[UINT32]-errorStatus=[STRING]-node=[STRING]-value=[STRING]; The agent received a message. |
|
Variable fields |
$1: Sequence number of an SNMP operation log. $2: IP address of the NMS. $3: Error index of the Set operation. $4: Error status of the Set operation. $5: MIB object name and OID. $6: Value of the MIB object changed by the Set operation. |
|
Severity level |
6 |
|
Example |
SNMP/6/SNMP_SET: -seqNO=3-srcIP=192.168.28.28-op=SET-errorIndex=0-errorStatus=noError-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=Hangzhou China; The agent received a message. |
|
Explanation |
SNMP received a Set request from an NMS. The system logs SNMP operations only when SNMP logging is enabled. |
|
Recommended action |
No action is required. |
SNMP_USM_NOTINTIMEWINDOW
|
Message text |
-User=[STRING]-IPAddr=[STRING]; SNMPv3 message is not in the time window. |
|
Variable fields |
$1: Username. $2: IP address of the NMS. |
|
Severity level |
4 |
|
Example |
SNMP/4/SNMP_USM_NOTINTIMEWINDOW: -User=admin-IPAddr=169.254.0.7; SNMPv3 message is not in the time window. |
|
Explanation |
The SNMPv3 message is not in the time window. |
|
Recommended action |
No action is required. |
SOCKET messages
This section contains socket messages.
SOCKET_TCP_UNREAD
|
Message text |
Data stays in the receive buffer for [INTEGER] secs. Owner=[STRING], VRF index=[INTEGER], local address/port=[STRING]/[INTEGER], remote address/port=[STRING]/[INTEGER], buffered sent bytes=[INTEGER], buffered received bytes=[INTEGER]. |
|
Variable fields |
$1: Duration. $2: Process. $3: VPN index. $4: Local IP address. $5: Local TCP port. $6: Remote IP address. $7: Remote TCP port. $8: Bytes in sending buffer. $9: Bytes in receiving buffer. |
|
Severity level |
6 (Informational) |
|
Example |
SOCKET/6/SOCKET_TCP_UNREAD: Data stays in the receive buffer for 40 secs. Owner=bgpd, VRF index =0, local address/port=1.1.1.1/179, remote address/port=1.1.1.2/12345, buffered sent bytes=1000, buffered received bytes=50. |
|
Impact |
None. |
|
Cause |
The upper-layer service is inactive, and the time interval between two reads of the TCP data buffer exceeds 30 seconds. |
|
Recommended action |
No action is required. |
SOCKET_TCP_MD5AUTHENFAIL
|
Message text |
MD5 connected of TCP is failing to authenticate.SrcAddr=[STRING], SrcPort=[UINT32], DstAddr=[STRING], DstPort=[UINT32], Protocol=[STRING], VRF=[UINT32]. |
|
Variable fields |
$1: Local IP address of the TCP packet. $2: Local port number of the TCP packet. $3: Remote IP address of the TCP packet. $4: Remote port number of the TCP packet. $5: Upper-layer application name in the TCP packet. $6: VRF name in the TCP packet. |
|
Severity level |
5 |
|
Example |
SOCKET/5/SOCKET_TCP_MD5AUTHENFAIL: MD5 connected of TCP is failing to authenticate.SrcAddr=1.1.1.1, SrcPort=1000, DstAddr=1.1.1.2, DstPort=1000, Protocol=8, VRFname=1. |
|
Impact |
The TCP connection cannot be established normally, causing upper-layer routing protocols such as LDP/BGP to be unable to establish sessions. |
|
Cause |
· The MD5 keys configured at both ends of the TCP connection are inconsistent. · Only one end of the TCP connection is configured with an MD5 key. |
|
Recommended action |
1. Execute the display current-configuration command at both ends to check whether MD5 keys are configured. ¡ If only one end is configured with an MD5 key, also configure the key on the other end. If the issue persists, go to step 3. ¡ If the configured MD5 keys are different, go to step 2. 2. Reconfigure the same MD5 key at both ends. 3. Collect log messages and configuration data, and then contact Technical Support for help. |
SSHC messages
This section contains SSH client messages.
SSHC_ALGORITHM_MISMATCH
|
Message text |
The SSH client failed to log in because of [STRING] algorithm mismatch. |
|
Variable fields |
$1: Type of the algorithm: ¡ encryption—Encryption algorithm. ¡ key exchange—Key exchange algorithm. ¡ MAC—HMAC algorithm. ¡ public key—Public key algorithm. |
|
Severity level |
6 (Informational) |
|
Example |
SSHC/5/SSHC_ALGORITHM_MISMATCH: The SSH client failed to log in because of encryption algorithm mismatch. |
|
Explanation |
The SSH client failed to log in because the algorithms on the SSH client did not have a match on the SSH server. |
|
Recommended action |
Change algorithms used by the SSH client to ensure that the SSH client and the SSH server use the same algorithms. |
SSHC_AUTH_PASSWORD_FAIL
|
Message text |
SSH user [STRING] failed to pass password authentication because of invalid username or wrong password. |
|
Variable fields |
$1: Username. |
|
Severity level |
6 (Informational) |
|
Example |
SSHC/5/SSHC_AUTH_PASSWORD_FAIL: SSH user aaa failed to pass password authentication because of invalid username or wrong password. |
|
Explanation |
The SSH user failed to pass password authentication because of invalid username or wrong password. |
|
Recommended action |
Make sure the username and the user password are correct. |
SSHC_AUTH_PUBLICKEY_FAIL
|
Message text |
SSH user [STRING] failed to pass publickey authentication. |
|
Variable fields |
$1: Username. |
|
Severity level |
5 (Notification) |
|
Example |
SSHC/5/SSHC_AUTH_PUBLICKEY_FAIL: SSH user abc failed to pass publickey authentication. |
|
Explanation |
The SSH user failed to pass publickey authentication. |
|
Recommended action |
Verify that the correct public key of the client is saved on the SSH server. |
SSHC_CERT_VERIFY_FAIL
|
Message text |
Failed to verify the certificate because [STRING]. |
|
Variable fields |
$1: Failure reason: ¡ null certificate. ¡ null certificate name. ¡ unable to get issuer certificate. ¡ unable to get certificate CRL. ¡ unable to decrypt CRL's signature. ¡ certificate signature failure. ¡ CRL signature failure. ¡ unable to decrypt certificate's signature. ¡ certificate is not yet valid. ¡ certificate has expired. ¡ CRL is not yet valid. ¡ CRL has expired. ¡ format error in certificate's notBefore field. ¡ format error in certificate's notAfter field. ¡ format error in CRL's lastUpdate field. ¡ format error in CRL's nextUpdate field. ¡ out of memory. ¡ self signed certificate. ¡ self signed certificate in certificate chain. ¡ unable to verify the first certificate. ¡ certificate chain too long. ¡ certificate revoked. ¡ invalid CA certificate. ¡ invalid non-CA certificate (has CA markings). ¡ path length constraint exceeded. ¡ proxy path length constraint exceeded. ¡ proxy certificates not allowed, please set the appropriate flag. ¡ unsupported certificate purpose. ¡ certificate not trusted. ¡ certificate rejected. ¡ application verification failure. ¡ subject issuer mismatch. ¡ authority and subject key identifier mismatch. ¡ authority and issuer serial number mismatch. ¡ key usage does not include certificate signing. ¡ unable to get CRL issuer certificate. ¡ unhandled critical extension. ¡ key usage does not include CRL signing. ¡ key usage does not include digital signature. ¡ unhandled critical CRL extension. ¡ invalid or inconsistent certificate extension. ¡ invalid or inconsistent certificate policy extension. ¡ no explicit policy. ¡ Different CRL scope. ¡ CRL path validation error. ¡ unsupported or invalid name syntax. ¡ unsupported or invalid name constraint syntax. ¡ Suite B: certificate version invalid. ¡ Suite B: invalid public key algorithm. ¡ Suite B: invalid ECC curve. ¡ Suite B: invalid signature algorithm. ¡ Suite B: curve not allowed for this LOS. ¡ Suite B: cannot sign P-384 with P-256. ¡ Invalid certificate verification context. ¡ Issuer certificate lookup error. ¡ proxy subject name violation. ¡ Absence of basic Constraints extension. ¡ failure to establish revocation status. |
|
Severity level |
5 (Notification) |
|
Example |
SSHC/5/SSHC_CERT_VERIFY_FAIL: Failed to verify the certificate because null certificate. |
|
Explanation |
Certificate authentication failed. |
|
Recommended action |
Make sure the certificate is valid. |
SSHC_CONNECT_FAIL
|
Message text |
The SSH client failed to connect to SSH server [IPADDR] port [UINT32]. |
|
Variable fields |
$1: IP address of the SSH server. $2: Port number of the SSH server. |
|
Severity level |
5 (Notification) |
|
Example |
SSHC/5/SSHC_CONNECT_FAIL: The SSH client failed to connect to SSH server 1.1.1.1 port 2000. |
|
Explanation |
The SSH client failed to establish a connection to the SSH server. |
|
Recommended action |
Verify that the IP address and port number of the SSH server are correct and the SSH server service has been enabled. |
SSHC_DECRYPT_FAIL
|
Message text |
The SSH client failed to use [STRING] to decrypt the packet received from the SSH server. |
|
Variable fields |
$1: Encryption algorithm. |
|
Severity level |
5 (Notification) |
|
Example |
SSHC/5/SSHC_DECRYPT_FAIL: The SSH client failed to use aes256-cbc to decrypt the packet received from the SSH server. |
|
Explanation |
The SSH client failed to decrypt the packet received from the SSH server. |
|
Recommended action |
Please contact H3C Support. |
SSHC_DISCONNECT
|
Message text |
The SSH client was disconnected from the SSH server because the network was not available. |
|
Variable fields |
None. |
|
Severity level |
5 (Notification) |
|
Example |
SSHC/5/SSHC_DISCONNECT: The SSH client was disconnected from the SSH server because the network was not available. |
|
Explanation |
The SSH client was disconnected from the SSH server because the network was not available. |
|
Recommended action |
Make sure the network is available. |
SSHC_ENCRYPT_FAIL
|
Message text |
The SSH client failed to use [STRING] to encrypt the packet sent to the SSH server. |
|
Variable fields |
$1: Encryption algorithm, such as aes256-cbc. |
|
Severity level |
5 |
|
Example |
SSHC/5/SSHC_ENCRYPT_FAIL: The SSH client failed to use aes256-cbc to encrypt the packet sent to the SSH server. |
|
Explanation |
The SSH client failed to encrypt the packet sent to the SSH server. |
|
Recommended action |
Please contact H3C Support. |
SSHC_HOST_NAME_ERROR
|
Message text |
The SSH server host name [STRING] is incorrect. |
|
Variable fields |
$1: Host name. |
|
Severity level |
5 |
|
Example |
SSHC/5/SSHC_HOST_NAME_ERROR: The SSH server host name AAA is incorrect. |
|
Explanation |
The host name of the SSH server is incorrect. |
|
Recommended action |
Verify that the host name is correct. |
SSHC_KEY_EXCHANGE_FAIL
|
Message text |
The SSH client failed to exchange keys with the SSH server. |
|
Variable fields |
None. |
|
Severity level |
5 |
|
Example |
SSHC/5/SSHC_KEY_EXCHANGE_FAIL: The SSH client failed to exchange keys with the SSH server. |
|
Explanation |
The SSH client failed to exchange keys with the SSH server. |
|
Recommended action |
Verify that the SSH client and the SSH server use the same key exchange algorithm. If the algorithms used by the two parties do not match, change the algorithm on the SSH client. |
SSHC_MAC_ERROR
|
Message text |
The SSH client received from the SSH server a packet with incorrect message authentication code. |
|
Variable fields |
None. |
|
Severity level |
5 |
|
Example |
SSHC/5/SSHC_MAC_ERROR: The SSH client received from the SSH server a packet with incorrect message authentication code. |
|
Explanation |
The SSH client received a packet from the SSH server, and the message authentication code of the packet was incorrect. |
|
Recommended action |
No action is required. |
SSHC_PUBLICKEY_NOT_EXIST
|
Message text |
The public key of the SSH server does not exist. |
|
Variable fields |
None. |
|
Severity level |
5 |
|
Example |
SSHC/5/SSHC_PUBLICKEY_NOT_EXIST: The public key of the SSH server does not exist. |
|
Explanation |
The specified public key of the SSH server does not exist. |
|
Recommended action |
Use the display public-key peer command on the SSH client to verify that the client has the specified public key of the SSH server. |
SSHC_VERSION_MISMATCH
|
Message text |
The SSH client failed to log in because of version mismatch. |
|
Variable fields |
None. |
|
Severity level |
5 |
|
Example |
SSHC/5/SSHC_VERSION_MISMATCH: The SSH client failed to log in because of version mismatch. |
|
Explanation |
The SSH client failed login because the SSH client and the SSH server use different SSH versions. |
|
Recommended action |
Modify the SSH client version on the client to ensure that it uses the same SSH version as the SSH server. |
SSHS messages
This section contains SSH server messages.
SSHS_ACL_DENY
|
Message text |
The SSH Connection [IPADDR]([STRING]) request was denied according to ACL rules. |
|
Variable fields |
$1: IP address of the SSH client. $2: VPN instance to which the IP address of the SSH client belongs. |
|
Severity level |
5 |
|
Example |
SSHS/5/SSH_ACL_DENY: The SSH Connection 1.2.3.4(vpn1) request was denied according to ACL rules. |
|
Explanation |
The SSH server detected a login attempt from the invalid SSH client and denied the connection request of the client by using the ACL rules. |
|
Recommended action |
No action is required. |
SSHS_ALGORITHM_MISMATCH
|
Message text |
SSH client [STRING] failed to log in because of [STRING] algorithm mismatch. |
|
Variable fields |
$1: IP address of the SSH client. $2: Type of the algorithm, including encryption, key exchange, MAC, and public key. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_ALGORITHM_MISMATCH: SSH client 192.168.30.117 failed to log in because of encryption algorithm mismatch. |
|
Explanation |
The SSH client and the SSH server used different algorithms. |
|
Recommended action |
Verify that the SSH client and the SSH server use the same algorithm. |
SSHS_AUTH_EXCEED_RETRY_TIMES
|
Message text |
SSH user [STRING] (IP: [STRING]) failed to log in, because the number of authentication attempts exceeded the upper limit. |
|
Variable fields |
$1: Username. $2: IP address of the SSH client. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_AUTH_EXCEED_RETRY_TIMES: SSH user David (IP: 192.168.30.117) failed to log in, because the number of authentication attempts exceeded the upper limit. |
|
Explanation |
The number of authentication attempts by an SSH user reached the upper limit. |
|
Recommended action |
Prompt the SSH user to use the correct login data to try again. |
SSHS_AUTH_FAIL
|
Message text |
SSH user [STRING] (IP: [STRING]) didn't pass public key authentication for [STRING]. |
|
Variable fields |
$1: Username. $2: IP address of the SSH client. $3: Failure reasons: ¡ Wrong public key algorithm. ¡ Wrong public key. ¡ Wrong digital signature. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_AUTH_FAIL: SSH user David (IP: 192.168.30.117) didn't pass public key authentication for wrong public key algorithm. |
|
Explanation |
An SSH user failed the publickey authentication. |
|
Recommended action |
Tell the SSH user to try to log in again. |
SSHS_AUTH_KBDINT_FAIL
|
Message text |
SSH user [STRING] (IP: [STRING]) didn't pass keyboard-interactive authentication. |
|
Variable fields |
$1: Username. $2: IP address of the SSH client. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_AUTH_KBDINT_FAIL: SSH user David (IP: 192.168.30.117) didn't pass keyboard-interactive authentication. |
|
Explanation |
An SSH user failed the keyboard-interactive authentication. |
|
Recommended action |
Tell the SSH user to try to log in again. |
SSHS_AUTH_PWD_FAIL
|
Message text |
Authentication failed for user [STRING] from [STRING] port [INT32] because of invalid username or wrong password. |
|
Variable fields |
$1: Username. $2: IP address of the SSH client. $3: Port number. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_AUTH_PWD_FAIL: Authentication failed for user David from 140.1.1.46 port 16266 because of invalid username or wrong password. |
|
Explanation |
An SSH user failed authentication because of invalid username or wrong password. |
|
Recommended action |
Make sure the SSH user uses correct username and password. |
SSHS_AUTH_TIMEOUT
|
Message text |
Authentication timed out for [IPADDR]. |
|
Variable fields |
$1: IP address of the SSH client. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_AUTH_TIMEOUT: Authentication timed out for 1.1.1.1. |
|
Explanation |
The authentication timeout timer expired, and the SSH user failed the authentication. |
|
Recommended action |
Make sure the SSH user enters correct authentication information before the authentication timeout timer expires. |
SSHS_AUTH_SUCCESS
|
Message text |
SSH user [STRING] from [IPADDR] port [INTEGER] passed [STRING] authentication. |
|
Variable fields |
$1: Username. $2: IP address of the SSH client. $3: TCP source port. $4: Authentication method: keyboard-interactive, password, or publickey. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_AUTH_SUCCESS: SSH user ABC from 1.1.1.1 port 55361 passed keyboard-interactive authentication. |
|
Explanation |
An SSH user passed authentication. |
|
Recommended action |
No action is required. |
SSHS_AUTHOR_FAIL
|
Message text |
Authorization failed for user [STRING] from [STRING] port [INT32]. |
|
Variable fields |
$1: Username. $2: IP address of the SSH client. $3: Port number. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_AUTHOR_FAIL: Authorization failed for user David from 140.1.2.46 port 15000. |
|
Explanation |
Authorization failed for an SSH user. |
|
Recommended action |
Check the configuration of the local user or the authentication server. |
SSHS_CERT_VERIFY_FAIL
|
Message text |
Failed to verify the certificate because [STRING]. |
|
Variable fields |
$1: Failure reason: ¡ null certificate. ¡ null certificate name. ¡ unable to get issuer certificate. ¡ unable to get certificate CRL. ¡ unable to decrypt CRL's signature. ¡ certificate signature failure. ¡ CRL signature failure. ¡ unable to decrypt certificate's signature. ¡ certificate is not yet valid. ¡ certificate has expired. ¡ CRL is not yet valid. ¡ CRL has expired. ¡ format error in certificate's notBefore field. ¡ format error in certificate's notAfter field. ¡ format error in CRL's lastUpdate field. ¡ format error in CRL's nextUpdate field. ¡ out of memory. ¡ self signed certificate. ¡ self signed certificate in certificate chain. ¡ unable to verify the first certificate. ¡ certificate chain too long. ¡ certificate revoked. ¡ invalid CA certificate. ¡ invalid non-CA certificate (has CA markings). ¡ path length constraint exceeded. ¡ proxy path length constraint exceeded. ¡ proxy certificates not allowed, please set the appropriate flag. ¡ unsupported certificate purpose. ¡ certificate not trusted. ¡ certificate rejected. ¡ application verification failure. ¡ subject issuer mismatch. ¡ authority and subject key identifier mismatch. ¡ authority and issuer serial number mismatch. ¡ key usage does not include certificate signing. ¡ unable to get CRL issuer certificate. ¡ unhandled critical extension. ¡ key usage does not include CRL signing. ¡ key usage does not include digital signature. ¡ unhandled critical CRL extension. ¡ invalid or inconsistent certificate extension. ¡ invalid or inconsistent certificate policy extension. ¡ no explicit policy. ¡ Different CRL scope. ¡ CRL path validation error. ¡ unsupported or invalid name syntax. ¡ unsupported or invalid name constraint syntax. ¡ Suite B: certificate version invalid. ¡ Suite B: invalid public key algorithm. ¡ Suite B: invalid ECC curve. ¡ Suite B: invalid signature algorithm. ¡ Suite B: curve not allowed for this LOS. ¡ Suite B: cannot sign P-384 with P-256. ¡ Invalid certificate verification context. ¡ Issuer certificate lookup error. ¡ proxy subject name violation. ¡ Absence of basic Constraints extension. ¡ failure to establish revocation status. |
|
Severity level |
5 |
|
Example |
SSHS/5/SSHS_CERT_VERIFY_FAIL: Failed to verify the certificate because null certificate. |
|
Explanation |
Certificate authentication fails. |
|
Recommended action |
Make sure the certificate is valid. |
SSHS_CONNECT
|
Message text |
SSH user [STRING] (IP: [STRING]) connected to the server successfully. |
|
Variable fields |
$1: Username. $2: IP address of the SSH client. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_CONNECT: SSH user David (IP: 192.168.30.117) connected to the server successfully. |
|
Explanation |
An SSH user logged in to the server successfully. |
|
Recommended action |
No action is required. |
SSHS_DECRYPT_FAIL
|
Message text |
The packet from [STRING] failed to be decrypted with [STRING]. |
|
Variable fields |
$1: IP address of the SSH client. $2: Encryption algorithm, such as AES256-CBC. |
|
Severity level |
5 |
|
Example |
SSHS/5/SSHS_DECRYPT_FAIL: The packet from 192.168.30.117 failed to be decrypted with aes256-cbc. |
|
Explanation |
A packet from an SSH client failed to be decrypted. |
|
Recommended action |
No action is required. |
SSHS_DISCONNECT
|
Message text |
SSH user [STRING] (IP: [STRING]) disconnected from the server. |
|
Variable fields |
$1: Username. $2: IP address of the SSH client. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_DISCONNECT: SSH user David (IP: 192.168.30.117) disconnected from the server. |
|
Explanation |
An SSH user logged out. |
|
Recommended action |
No action is required. |
SSHS_ENCRYPT_FAIL
|
Message text |
The packet to [STRING] failed to be encrypted with [STRING]. |
|
Variable fields |
$1: IP address of the SSH client. $2: Encryption algorithm, such as aes256-cbc. |
|
Severity level |
5 |
|
Example |
SSHS/5/SSHS_ENCRYPT_FAIL: The packet to 192.168.30.117 failed to be encrypted with aes256-cbc. |
|
Explanation |
A packet to an SSH client failed to be encrypted. |
|
Recommended action |
No action is required. |
SSHS_LOG
|
Message text |
Authentication failed for user [STRING] from [STRING] port [INT32] because of invalid username or wrong password. Authorization failed for user [STRING] from [STRING] port [INT32]. |
|
Variable fields |
$1: Username. $2: IP address of the SSH client. $3: Port number. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_LOG: Authentication failed for user David from 140.1.1.46 port 16266 because of invalid username or wrong password. SSHS/6/SSHS_LOG: Authorization failed for user David from 140.1.2.46 port 15000. |
|
Explanation |
An SSH user failed authentication because the username or password was wrong. An SSH user failed authorization. |
|
Recommended action |
No action is required. |
SSHS_MAC_ERROR
|
Message text |
SSH server received a packet with wrong message authentication code (MAC) from [STRING]. |
|
Variable fields |
$1: IP address of the SSH client. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_MAC_ERROR: SSH server received a packet with wrong message authentication code (MAC) from 192.168.30.117. |
|
Explanation |
The SSH server received a packet with a wrong MAC from a client. |
|
Recommended action |
No action is required. |
SSHS_REACH_SESSION_LIMIT
|
Message text |
SSH client [STRING] failed to log in. The current number of SSH sessions is [NUMBER]. The maximum number allowed is [NUMBER]. |
|
Variable fields |
$1: IP address of the SSH client. $2: Current number of SSH sessions. $3: Maximum number of SSH sessions allowed on the device. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_REACH_SESSION_LIMIT: SSH client 192.168.30.117 failed to log in. The current number of SSH sessions is 10. The maximum number allowed is 10. |
|
Explanation |
The number of SSH sessions reached the upper limit. |
|
Recommended action |
No action is required. |
SSHS_REACH_USER_LIMIT
|
Message text |
SSH client [STRING] failed to log in, because the number of users reached the upper limit. |
|
Variable fields |
$1: IP address of the SSH client. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_REACH_USER_LIMIT: SSH client 192.168.30.117 failed to log in, because the number of users reached the upper limit. |
|
Explanation |
The number of SSH users reached the upper limit. |
|
Recommended action |
No action is required. |
SSHS_SCP_DISCONNECT
|
Message text |
SCP user [STRING] (IP: [STRING]) disconnected from the server, reason: [STRING]. |
|
Variable fields |
$1: Username. $2: IP address of the SCP client. $3: Reason for disconnection: · User logout. · Forced logout by admin. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_SCP_DISCONNECT: SCP user David (IP: 192.168.30.117) disconnected from the server, reason: User logout. |
|
Explanation |
An SCP user was disconnected from the server. |
|
Recommended action |
No action is required. |
SSHS_SCP_OPER
|
Message text |
User [STRING] at [IPADDR] requested operation: [STRING]. |
|
Variable fields |
$1: Username. $2: IP address of the SCP client. $3: Requested file operations: ¡ get file "name"'—Downloads the file name from the SCP server. ¡ put file "name"—Uploads the file name to the SCP server. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_SCP_OPER: -MDC=1; User user1 at 1.1.1.1 requested operation: put file "aa". |
|
Explanation |
The SCP sever received an operation request from an SCP client. |
|
Recommended action |
No action is required. |
SSHS_SFTP_DISCONNECT
|
Message text |
SFTP user [STRING] (IP: [STRING]) disconnected from the server, reason: [STRING]. |
|
Variable fields |
$1: Username. $2: IP address of the SFTP client. $3: Reason for disconnection: · User logout. · Timeout. · Forced logout by admin. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_SFTP_DISCONNECT: SFTP user David (IP: 192.168.30.117) disconnected from the server, reason: Timeout. |
|
Explanation |
An SFTP user was disconnected from the server. |
|
Recommended action |
No action is required. |
SSHS_SFTP_OPER
|
Message text |
User [STRING] at [IPADDR] requested operation: [STRING]. |
|
Variable fields |
$1: Username. $2: IP address of the SFTP client. $3: Requested operations on a file or directory: ¡ open dir "path"—Opens the directory path. ¡ open "file" (attribute code code) in MODE mode—Opens the file file with the attribute code code in mode MODE. ¡ remove file "path"—Deletes the file path. ¡ mkdir "path" (attribute code code)—Creates a new directory path with the attribute code code. ¡ rmdir "path"—Deletes the directory path. ¡ rename old "old-name" to new "new-name"—Changes the name of a file or folder from old-name to new-name. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_SFTP_OPER: User user1 at 1.1.1.1 requested operation: open dir "flash:/". |
|
Explanation |
The SFTP sever received an operation request from an SFTP client. |
|
Recommended action |
No action is required. |
SSHS_SRV_UNAVAILABLE
|
Message text |
The [STRING] server is disabled or the [STRING] service type is not supported. |
|
Variable fields |
$1: Service type, which can be Stelnet, SCP, SFTP, or NETCONF. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_SRV_UNAVAILABLE: The SCP server is disabled or the SCP service type is not supported. |
|
Explanation |
The server was disconnecting the connection because of unavailable Stelnet/SCP/SFTP service. |
|
Recommended action |
Verify that the Stelnet/SCP/SFTP service is available and the user configuration is correct. |
SSHS_VERSION_MISMATCH
|
Message text |
SSH client [STRING] failed to log in because of version mismatch. |
|
Variable fields |
$1: IP address of the SSH client. |
|
Severity level |
6 |
|
Example |
SSHS/6/SSHS_VERSION_MISMATCH: SSH client 192.168.30.117 failed to log in because of version mismatch. |
|
Explanation |
The SSH client and the SSH server used different SSH versions. |
|
Recommended action |
Verify that the SSH client and the SSH server use the same SSH version. |
STAMGR messages
This section contains station management messages.
STAMGR_ADD_FAILVLAN
|
Message text |
-SSID=[STRING]-UserMAC=[STRING]; Added a user to the Fail VLAN [STRING]. |
|
Variable fields |
$1: SSID. $2: MAC address of the client. $3: ID of the Fail VLAN. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
None. |
|
Cause |
The client failed to pass the authentication and was assigned to the Auth-Fail VLAN. |
|
Recommended action |
No action is required. |
STAMGR_AUTHORACL_FAILURE
|
Message text |
-SSID=[STRING]-UserMAC=[STRING]; Failed to assign an ACL. Reason: [STRING]. |
|
Variable fields |
$1: SSID. $2: MAC address of the client. $3: Reason: · Not enough hardware resources. · The ACL conflicts with other ACLs. · The ACL doesn't contain any rules. · Unknown error. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
The specified ACL rule cannot be authorized. |
|
Cause |
See the output for the authorization ACL failure reason. |
|
Recommended action |
1. Modify the ACL configuration based on the output failure reason. 2. When the memory is insufficient, release memory resources. For example, use the logfile save command to manually save all contents from the log file buffer to the log file, releasing the memory resources occupied by the log file buffer. Then, use the display memory command to check the memory usage: ¡ If the memory usage has not dropped below the threshold, use the display process command to check the memory usage of user processes. If a process is consuming excessive memory, you can enable or disable the corresponding software functionality to free up memory. ¡ If the memory usage has dropped below the alarm threshold, the memory alarm will be cleared, and the Tcl monitoring policy will continue to take effect without additional processing. 3. If the issue persists, collect the alarm information and configuration details, and contact Technical Support. |
STAMGR_AUTHORUSERPROFILE_FAILURE
|
Message text |
-SSID=[STRING]-UserMAC=[STRING]; Failed to assign a user profile. |
|
Variable fields |
$1: SSID. $2: MAC address of the client. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
The specified User Profile cannot be authorized. |
|
Cause |
See the output for the reason of the authorization User Profile failure. |
|
Recommended action |
1. When the memory is insufficient, release memory resources. For example, use the logfile save command to manually save all contents from the log file buffer to the log file, releasing the memory resources occupied by the log file buffer. Then, use the display memory command to check the memory usage: ¡ If the memory usage has not dropped below the threshold, use the display process command to check the memory usage of user processes. If a process is consuming excessive memory, you can enable or disable the corresponding software functionality to free up memory. ¡ If the memory usage has dropped below the alarm threshold, the memory alarm will be cleared, and the Tcl monitoring policy will continue to take effect without additional processing. 2. If the issue persists, collect the alarm information and configuration details, and contact Technical Support. |
STAMGR_CLIENT_OFFLINE
|
Message text |
Client [STRING] went offline from BSS [STRING] with [STRING]. State changed to Unauth. |
|
Variable fields |
$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR/6/STAMGR_CLIENT_OFFLINE: Client 0023-8933-2147 went offline from BSS 0023-12ef-78dc with SSID abc. State changed to Unauth. |
|
Impact |
None. |
|
Cause |
The client went offline from the BSS. The state of the client changed to Unauth. |
|
Recommended action |
1. Examine whether the AP and its radios operate correctly if the client went offline abnormally. 2. If they do not operate correctly, check the debugging information to locate the issue and resolve it. 3. If the issue persists, contact Technical Support. |
STAMGR_CLIENT_ONLINE
|
Message text |
Client [STRING] went online from BSS [STRING] with SSID [STRING]. State changed to Run. |
|
Variable fields |
$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template. |
|
Severity level |
6 (Informational) |
|
Impact |
None. |
|
Cause |
STAMGR/6/STAMGR_CLIENT_ONLINE: Client 0023-8933-2147 went online from BSS 0023-12ef-78dc with SSID abc. State changed to Run. |
|
Explanation |
The client came online from the BSS. The state of the client changed to Run. |
|
Recommended action |
No action is required. |
STAMGR_DOT1X_LOGIN_FAILURE
|
Message text |
|
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
802.1X authentication failed. |
|
Cause |
The failure can be caused by one of the following reasons: · Unavailable AAA server. · Incorrect username or password. |
|
Recommended action |
1. Examine the network connection between the device and the AAA server. 2. Verify that the AAA server works correctly. 3. Verify that the AAA server is configured with the correct username and password. 4. If the issue persists, contact Technical Support. |
STAMGR_DOT1X_LOGIN_SUCC
|
Message text |
|
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. |
|
Severity level |
6 (Informational) |
|
Example |
|
|
Impact |
None. |
|
Cause |
The client came online after passing 802.1X authentication. |
|
Recommended action |
No action is required. |
STAMGR_DOT1X_LOGOFF
|
Message text |
|
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. |
|
Severity level |
6 (Informational) |
|
Example |
|
|
Impact |
None. |
|
Cause |
The 802.1X authenticated client was logged off. |
|
Recommended action |
No action is required. |
STAMGR_MACA_LOGIN_FAILURE
|
Message text |
|
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. $5: Username format: · fixed. · MAC address. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
MAC address authentication is unavailable. |
|
Cause |
The failure can be caused by one of the following reasons: · Unavailable AAA server. · Incorrect username or password. |
|
Recommended action |
To resolve the issue: 1. Examine the network connection between the device and the AAA server. 2. Verify that the AAA server works correctly. 3. Verify that the AAA server is configured with the correct username and password. 4. If the issue persists, contact Technical Support. |
STAMGR_MACA_LOGIN_SUCC
|
Message text |
|
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. $5: Username format: · fixed. · MAC address. |
|
Severity level |
6 (Informational) |
|
Example |
|
|
Impact |
None. |
|
Cause |
The client came online after passing MAC authentication. |
|
Recommended action |
No action is required. |
STAMGR_MACA_LOGOFF
|
Message text |
|
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. $5: Username format: · fixed. · MAC address. |
|
Severity level |
6 (Informational) |
|
Example |
|
|
Impact |
None. |
|
Cause |
The MAC authenticated client was logged off. |
|
Recommended action |
No action is required. |
STAMGR_STAIPCHANGE_INFO
|
Message text |
IP address of client [STRING] changed to [STRING]. |
|
Variable fields |
$1: MAC address of the client. $1: New IP address of the client. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR/6/STAMGR_STAIPCHANGE_INFO: IP address of client 3ce5-a616-28cd changed to 4.4.4.4. |
|
Impact |
None. |
|
Cause |
The IP address of the client was updated. |
|
Recommended action |
No action is required. |
STAMGR_TRIGGER_IP
|
Message text |
|
|
Variable fields |
$1: SSID. $2: MAC address of the client. $4: VLAN ID. $5: Action: · Added the user to the blocked MAC address list. · Closed the user's BSS temporarily. · Closed the user's BSS permanently. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
None. |
|
Cause |
The device has detected an unauthorized user attempting to access the network. |
|
Recommended action |
No action is required. |
STM messages
This section contains IRF messages.
STM_AUTO_UPDATE_FAILED
|
Message text |
Pattern 1: Slot [UINT32] auto-update failed. Reason: [STRING]. Pattern 2: Chassis [UINT32] slot [UINT32] auto-update failed. Reason: [STRING]. |
|
Variable fields |
Pattern 1: $1: IRF member ID. $2: Failure reason: ¡ Timeout when loading—The IRF member device failed to complete loading software within the required time period. ¡ Wrong description when loading—The file description in the software image file does not match the current attributes of the software image. This issue might occur when the file does not exist or is corrupted. ¡ Disk full when writing to disk—The storage medium does not have sufficient space. Pattern 2: $1: IRF member ID. $2: Slot number of an MPU. $3: Failure reason: ¡ Timeout when loading—The MPU failed to complete loading software within the required time period. ¡ Wrong description when loading—The file description in the software image file does not match the current attributes of the software image. This issue might occur when the file does not exist or is corrupted. ¡ Disk full when writing to disk—The MPU does not have sufficient storage space. |
|
Severity level |
4 (Warning) |
|
Example |
STM/4/STM_AUTO_UPDATE_FAILED: Slot 5 auto-update failed. Reason: Timeout when loading. |
|
Impact |
The device cannot join the IRF fabric. |
|
Cause |
Pattern 1: Software synchronization from the master failed on a subordinate device. Pattern 2: Software synchronization from the global active MPU failed on a standby MPU. |
|
Recommended action |
To resolve the issue: 1. Remove the issue depending on the failure reason: ¡ If the failure reason is Timeout when loading, verify that all IRF links are up. ¡ If the failure reason is Wrong description when loading, download the software images again. ¡ If the failure reason is Disk full when writing to disk, delete unused files to free the storage space. 2. Upgrade software manually for the device or MPU to join the IRF fabric, and then connect the device to the IRF fabric. |
STM_AUTO_UPDATE_FINISHED
|
Message text |
Pattern 1: File loading finished on slot [UINT32]. Pattern 2: File loading finished on chassis [UINT32] slot [UINT32]. |
|
Variable fields |
Pattern 1: $1: IRF member ID. Pattern 2: $1: IRF member ID. $2: Slot number of an MPU. |
|
Severity level |
5 (Notification) |
|
Example |
STM/5/STM_AUTO_UPDATE_FINISHED: File loading finished on slot 3. |
|
Impact |
No negative impact on the system. |
|
Cause |
Pattern 1: The member device finished loading software images. Pattern 2: The MPU finished loading software images. |
|
Recommended action |
No action is required. |
STM_AUTO_UPDATING
|
Message text |
Pattern 1: Don't reboot the slot [UINT32]. It is loading files. Pattern 2: Don't reboot the chassis [UINT32] slot [UINT32]. It is loading files. |
|
Variable fields |
Pattern 1: $1: IRF member ID. Pattern 2: $1: IRF member ID. $2: Slot number of an MPU. |
|
Severity level |
5 (Notification) |
|
Example |
STM/5/STM_AUTO_UPDATING: Don't reboot the slot 2. It is loading files. |
|
Impact |
No negative impact on the system. |
|
Cause |
Pattern 1: The member device is loading software images. To avoid software upgrade failure, do not reboot the member device. Pattern 2: The MPU is loading software images. To avoid software upgrade failure, do not reboot the MPU. |
|
Recommended action |
No action is required. |
STM_BRIDGE_MAC_CHANGE
|
Message text |
Bridge MAC on IRF member [UINT32] changed. |
|
Variable fields |
$1: Member ID of an IRF member device. |
|
Severity level |
5 (Notification) |
|
Example |
STM/5/STM_BRIDGE_MAC_CHANGE: Bridge MAC on IRF member 1 changed. |
|
Impact |
No negative impact on the system. |
|
Cause |
Bridge MAC address on an IRF member device changed. The new bridge MAC address is the bridge MAC address of the new master device. |
|
Recommended action |
No action is required. To retain the bridge MAC address after the address owner leaves the IRF fabric, use the irf mac-address persistent command. |
STM_HELLOPKT_NOTRCV
|
Message text |
Hello thread hasn't received packets for [UINT] seconds. |
|
Variable fields |
$1: Time value. |
|
Severity level |
5 (Notification) |
|
Example |
STM/5/STM_HELLOPKT_NOTRCV: Hello thread hasn't received packets for 10 seconds. |
|
Impact |
This issue might cause IRF split. |
|
Cause |
The hello thread hasn't received packets for 10 seconds. |
|
Recommended action |
Check the IRF links for link failures. For this purpose, log in to the local device, and then execute the display irf link command to obtain the IRF physical interfaces used on the device. Perform the following tasks based on the IRF physical interfaces: 1. Execute the display device command on the neighboring member device to identify whether the neighboring member device is running correctly. If it is not running correctly, locate the cause and resolve the issue accordingly. 2. Execute the display irf link command on the neighboring member device to check the IRF port configuration for configuration errors. If configuration errors exist, modify IRF port bindings in IRF port view. 3. Verify that the IRF connections are correct. You must connect the physical interfaces of IRF-port 1 on one member to the physical interfaces of IRF-port 2 on the other. If the IRF fabric contains only two member devices, do not connect them in ring topology. After you ensure that the IRF connections are correct, execute the display irf link command again to verify that the IRF physical interfaces are up. If the IRF physical interfaces are not up, go to the next step. 4. Use other ports to replace the IRF physical interfaces that are not up. For this purpose, execute the undo port group interface command in IRF port view to unbind the IRF physical interfaces from the IRF port, and then execute the port group interface command in IRF port view to bind other ports to the IRF port. Connect the new IRF physical interfaces to the IRF physical interfaces on the neighboring member device. Then, execute the display irf link command again to verify that the new IRF physical interfaces are up. If the IRF physical interfaces are not up, go to the next step. 5. Change the cables or fibers, and then execute the display irf link command again to verify that the IRF physical interfaces are up. If the IRF physical interfaces are not up, go to the next step. 6. If the issue persists, collect alarm information and configuration data, and then contact Technical Support for help. |
STM_HELLOPKT_NOTSEND
|
Message text |
Hello thread hasn't sent packets for [UINT32] seconds. |
|
Variable fields |
$1: Time value. |
|
Severity level |
5 (Notification) |
|
Example |
STM/5/STM_HELLOPKT_NOTSEND: Hello thread hasn't sent packets for 10 seconds. |
|
Impact |
This issue might cause IRF split. |
|
Cause |
The hello thread hasn't sent packets for 10 seconds. |
|
Recommended action |
To resolve the issue: 1. Execute the display cpu-usage command to identify whether the CPU usage has increased to a high level for a period of time. If yes, decrease the CPU usage. For example, the CPU usage increases dramatically when an attack occurs or when the system is processing CPU-intensive tasks. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
STM_LINK_DOWN
|
Message text |
IRF port [UINT32] went down. |
|
Variable fields |
$1: IRF port index. |
|
Severity level |
3 (Error) |
|
Example |
STM/3/STM_LINK_DOWN: IRF port 2 went down. |
|
Impact |
This issue causes IRF split. |
|
Cause |
All physical interfaces bound to an IRF port have been down. |
|
Recommended action |
Log in to the local device, and then execute the display irf link command to obtain the IRF physical interfaces used on the device. Perform the following tasks based on the IRF physical interfaces: 1. Execute the display device command on the neighboring member device to identify whether the neighboring member device is running correctly. If it is not running correctly, locate the cause and resolve the issue accordingly. 2. Execute the display irf link command on the neighboring member device to check the IRF port configuration for configuration errors. If configuration errors exist, modify IRF port bindings in IRF port view. 3. Verify that the IRF connections are correct. You must connect the physical interfaces of IRF-port 1 on one member to the physical interfaces of IRF-port 2 on the other. If the IRF fabric contains only two member devices, do not connect them in ring topology. After you ensure that the IRF connections are correct, execute the display irf link command again to verify that the IRF physical interfaces are up. If the IRF physical interfaces are not up, go to the next step. 4. Use other ports to replace the IRF physical interfaces that are not up. For this purpose, execute the undo port group interface command in IRF port view to unbind the IRF physical interfaces from the IRF port, and then execute the port group interface command in IRF port view to bind other ports to the IRF port. Connect the new IRF physical interfaces to the IRF physical interfaces on the neighboring member device. Then, execute the display irf link command again to verify that the new IRF physical interfaces are up. If the IRF physical interfaces are not up, go to the next step. 5. Change the cables or fibers, and then execute the display irf link command again to verify that the IRF physical interfaces are up. If the IRF physical interfaces are not up, go to the next step. 6. If the issue persists, collect alarm information and configuration data, and then contact Technical Support for help. |
STM_LINK_TIMEOUT
|
Message text |
IRF port [UINT32] went down because the heartbeat timed out. |
|
Variable fields |
$1: IRF port index. |
|
Severity level |
2 (Critical) |
|
Example |
STM/2/STM_LINK_TIMEOUT: IRF port 1 went down because the heartbeat timed out. |
|
Impact |
This issue causes IRF split. |
|
Cause |
IRF heartbeat timed out. |
|
Recommended action |
Check the IRF links for link failures. For this purpose, log in to the local device, and then execute the display irf link command to obtain the IRF physical interfaces used on the device. Perform the following tasks based on the IRF physical interfaces: 1. Execute the display device command on the neighboring member device to identify whether the neighboring member device is running correctly. If it is not running correctly, locate the cause and resolve the issue accordingly. 2. Execute the display irf link command on the neighboring member device to check the IRF port configuration for configuration errors. If configuration errors exist, modify IRF port bindings in IRF port view. 3. Verify that the IRF connections are correct. You must connect the physical interfaces of IRF-port 1 on one member to the physical interfaces of IRF-port 2 on the other. If the IRF fabric contains only two member devices, do not connect them in ring topology. After you ensure that the IRF connections are correct, execute the display irf link command again to verify that the IRF physical interfaces are up. If the IRF physical interfaces are not up, go to the next step. 4. Use other ports to replace the IRF physical interfaces that are not up. For this purpose, execute the undo port group interface command in IRF port view to unbind the IRF physical interfaces from the IRF port, and then execute the port group interface command in IRF port view to bind other ports to the IRF port. Connect the new IRF physical interfaces to the IRF physical interfaces on the neighboring member device. Then, execute the display irf link command again to verify that the new IRF physical interfaces are up. If the IRF physical interfaces are not up, go to the next step. 5. Change the cables or fibers, and then execute the display irf link command again to verify that the IRF physical interfaces are up. If the IRF physical interfaces are not up, go to the next step. 6. If the issue persists, collect alarm information and configuration data, and then contact Technical Support for help. |
STM_LINK_UP
|
Message text |
IRF port [UINT32] came up. |
|
Variable fields |
$1: IRF port index. |
|
Severity level |
6 (Informational) |
|
Example |
STM/6/STM_LINK_UP: IRF port 1 came up. |
|
Impact |
This issue causes IRF merge. |
|
Cause |
An IRF link recovered from failure. |
|
Recommended action |
No action is required. |
STM_LOGIC_PORT_LINK_ERR
|
Message text |
Link error detected on the IRF port. Reason: [STRING]. |
|
Variable fields |
$1: Reason that caused the IRF port link error. Values include: ¡ Both ends of a link are local physical interfaces. ¡ The IRF-port contains links connected to two remote IRF-ports. ¡ The IRF-port contains links connected to different IRF member devices. ¡ The IRF-port contains links connected to non-IRF network ports. ¡ Inconsistent system-working-mode (if configurable) settings between peer devices or inconsistent switch-mode (if configurable) settings between peer IRF-connect cards. |
|
Severity level |
3 (Error) |
|
Example |
STM/3/STM_LOGIC_PORT_LINK_ERR: Link error detected on the IRF port. Reason: Both ends of a link are local physical interfaces. |
|
Impact |
No negative impact on the system. |
|
Cause |
A link error was detected on an IRF port during IRF setup. |
|
Recommended action |
To resolve the issue: 1. Execute the display irf link and display irf topology commands to view IRF port link information and topology information and verify that the IRF port configuration is correct. You must connect the physical interfaces of IRF-port 1 on one member to the physical interfaces of IRF-port 2 on the other. If the IRF fabric contains only two member devices, it supports only the daisy-chain topology rather than the ring topology. 2. Correctly connect IRF physical interfaces according to the error reason. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
STM_LOGIC_PORT_LINK_ERR_RECOVER
|
Message text |
Link error removed from the IRF port. Removed error: [STRING]. |
|
Variable fields |
$1: Reason that caused the IRF port link error. |
|
Severity level |
3 (Error) |
|
Example |
STM/3/STM_LOGIC_PORT_LINK_ERR_RECOVER: Link error removed from the IRF port. Removed error: [STRING]. |
|
Impact |
No negative impact on the system. |
|
Cause |
An IRF link failure recovered. |
|
Recommended action |
No action is required. |
STM_MEMBER_JOIN
|
Message text |
IRF member [UINT32] added. |
|
Variable fields |
$1: Member ID of an IRF member device. |
|
Severity level |
6 (Informational) |
|
Example |
STM/6/STM_MEMBER_JOIN: IRF member 1 added. |
|
Impact |
No negative impact on the system. |
|
Cause |
A new member device was added to the IRF fabric. |
|
Recommended action |
No action is required. |
STM_MEMBER_LEAVE
|
Message text |
IRF member [UINT32] left. |
|
Variable fields |
$1: Member ID of an IRF member device. |
|
Severity level |
6 (Informational) |
|
Example |
STM/6/STM_MEMBER_LEAVE: IRF member 1 left. |
|
Impact |
No negative impact on the system. |
|
Cause |
A member device was removed from the IRF fabric. |
|
Recommended action |
· No action is required if the administrator actively removes the member device. · If the member device accidentally leaves the IRF fabric, check the device physical links for connectivity issues. |
STM_MEMBER_LIMIT
|
Message text |
The number of members has reached the limit ([UINT32]). No new members can be added. |
|
Variable fields |
$1: Maximum number of member devices in an IRF fabric. |
|
Severity level |
5 (Notification) |
|
Example |
STM/5/STM_MEMBER_LIMIT: The number of members has reached the limit (32). No new members can be added. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated if you add a member device to an IRF fabric after the number of member devices in that IRF fabric has reached the upper limit. |
|
Recommended action |
Remove a member device before you add a new member device. |
STM_MERGE
|
Message text |
IRF merge occurred. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
STM/4/STM_MERGE: IRF merge occurred. |
|
Impact |
No negative impact on the system. |
|
Cause |
An IRF link came up. |
|
Recommended action |
No action is required. |
STM_MERGE_NEED_REBOOT
|
Message text |
IRF merge occurred. This IRF system needs a reboot. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
STM/4/STM_MERGE_NEED_REBOOT: IRF merge occurred. This IRF system needs a reboot. |
|
Impact |
The local IRF system cannot provide services during reboot. |
|
Cause |
An IRF link came up, which led to IRF merge. In addition, the local IRF system failed in the master election. |
|
Recommended action |
Reboot the local IRF system. After it reboots, all its member devices join the IRF system that has won the master election as subordinate devices. |
STM_MERGE_NOT_NEED_REBOOT
|
Message text |
IRF merge occurred. This IRF system does not need to reboot. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
STM/5/STM_MERGE_NOT_NEED_REBOOT: IRF merge occurred. This IRF system does not need to reboot. |
|
Impact |
No negative impact on the system. |
|
Cause |
An IRF link came up, which led to IRF merge. In addition, the local IRF system succeeded in the master election. |
|
Recommended action |
No action is required. |
STM_PHY_DOWN
|
Message text |
Physical interface [STRING] of IRF port [UINT32] went down. |
|
Variable fields |
$1: IRF physical interface name. $2: IRF port index. |
|
Severity level |
3 (Error) |
|
Example |
STM/3/STM_PHY_DOWN: Physical interface Ten-GigabitEthernet1/0/1 of IRF port 1 went down. |
|
Impact |
This issue causes IRF split. |
|
Cause |
An IRF physical interface went down. |
|
Recommended action |
Log in to the local device, and then execute the display irf link command to obtain the status of the IRF physical interface and verify that the IRF physical interface is up. Perform the following tasks based on the IRF physical interface: 1. Execute the display device command on the neighboring member device to identify whether the neighboring member device is running correctly. If it is not running correctly, locate the cause and resolve the issue accordingly. 2. Execute the display irf link command on the neighboring member device to check the IRF port configuration for configuration errors. If configuration errors exist, modify IRF port bindings in IRF port view. 3. Verify that the IRF connections are correct. You must connect the physical interfaces of IRF-port 1 on one member to the physical interfaces of IRF-port 2 on the other. If the IRF fabric contains only two member devices, do not connect them in ring topology. After you ensure that the IRF connections are correct, execute the display irf link command again to verify that the IRF physical interface in the message is up. If the IRF physical interface is not up, go to the next step. 4. Use another port to replace the IRF physical interface in this message. For this purpose, execute the undo port group interface command in IRF port view to unbind the IRF physical interface from the IRF port, and then execute the port group interface command in IRF port view to bind another port to the IRF port. Connect the new IRF physical interface to the peer IRF physical interface on the neighboring member device. Then, execute the display irf link command again to verify that the new IRF physical interface is up. If the new IRF physical interface is not up, go to the next step. 5. Change the cable or fiber connected to the IRF physical interface that cannot come up, and then execute the display irf link command again to verify that the IRF physical interface has come up. If the IRF physical interface is not up, go to the next step. 6. If the issue persists, collect alarm information and configuration data, and then contact Technical Support for help. |
STM_PHY_UP
|
Message text |
Physical interface [STRING] of IRF port [UINT32] came up. |
|
Variable fields |
$1: IRF physical interface name. $2: IRF port index. |
|
Severity level |
6 (Informational) |
|
Example |
STM/6/STM_PHY_UP: Physical interface Ten-GigabitEthernet1/0/1 of IRF port 1 came up. |
|
Impact |
This issue leads to IRF merge. |
|
Cause |
An IRF physical interface came up. |
|
Recommended action |
When an IRF merge event occurs, the member devices perform master election. If an IRF system fails the election, it generates the STM_MERGE_NEED_REBOOT log. You need to reboot that IRF system. After that IRF system reboots, it automatically merges with the IRF system that succeeds in the election. |
STM_PORT_LOOP_ALARM
|
Message text |
Traffic loop detected on IRF port [UINT32] on IRF member [UINT32]. |
|
Variable fields |
$1: IRF port index. $2: Member ID of an IRF member device. |
|
Severity level |
5 (Notification) |
|
Example |
STM/5/STM_PORT_LOOP_ALARM: Traffic loop detected on IRF port 1 on IRF member 1. |
|
Impact |
This issue might result in a packet storm, which causes the normal packets to be processed untimely. |
|
Cause |
Traffic loop detected on an IRF port. Packets sent from the IRF port were returned to the local device through the same IRF port. |
|
Recommended action |
To resolve the issue: 1. Execute the display irf link and display irf topology commands to view IRF port link information and topology information and verify that the IRF port configuration is correct. You must connect the physical interfaces of IRF-port 1 on one member to the physical interfaces of IRF-port 2 on the other. If the IRF fabric contains only two member devices, use the daisy-chain topology as a best practice. 2. Verify that the IRF connections adhere to the network planning topology. If not, reconnect IRF physical interfaces. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
STM_PORT_LOOP_ALARM_RECOVER
|
Message text |
Traffic loop removed on IRF port [UINT32] on IRF member [UINT32]. |
|
Variable fields |
$1: IRF port index. $2: Member ID of an IRF member device. |
|
Severity level |
5 (Notification) |
|
Example |
STM/5/STM_PORT_LOOP_ALARM_RECOVER: Traffic loop removed on IRF port 1 on IRF member 1. |
|
Impact |
No negative impact on the system. |
|
Cause |
Traffic loop was removed on an IRF port. |
|
Recommended action |
No action is required. |
STM_SAMEMAC
|
Message text |
Failed to stack because of the same bridge MAC addresses. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
STM/4/STM_SAMEMAC: Failed to stack because of the same bridge MAC addresses. |
|
Impact |
No negative impact on the system. |
|
Cause |
A new member device uses the same bridge MAC address as an existing member device. |
|
Recommended action |
A device is typically shipped with a bridge MAC address, which cannot be modified through command lines. To resolve the issue, collect alarm information and configuration data, and then contact Technical Support for help. |
STM_SET_UP_FAILED
|
Message text |
IRF stacking failed on device with member ID [UINT32]. |
|
Variable fields |
$1: Member ID of a device. |
|
Severity level |
3 (Error) |
|
Example |
STM/3/STM_SET_UP_FAILED: IRF stacking failed on device with member ID 1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The hardware of a member device does not meet the IRF setup requirements. It cannot join the IRF fabric. |
|
Recommended action |
To resolve the issue: 1. Check whether the hardware of the member device meets the IRF setup requirements. 2. Use hardware that meets the IRF setup requirements to set up the IRF fabric. For example, the device model, MPUs, interface modules, and IRF physical interfaces must meet the IRF setup requirements. For this purpose, execute the display version command. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
STM_SOMER_CHECK
|
Message text |
Neighbor of IRF port [UINT32] cannot be stacked. |
|
Variable fields |
$1: IRF port index. |
|
Severity level |
3 (Error) |
|
Example |
STM/3/STM_SOMER_CHECK: Neighbor of IRF port 1 cannot be stacked. |
|
Impact |
No negative impact on the system. |
|
Cause |
The neighbor connected to the IRF port cannot form an IRF fabric with the device. |
|
Recommended action |
Check the following items: · The device models can form an IRF fabric. · The IRF settings are correct. For more information, see the IRF configuration guide for the device. |
STP messages
This section contains STP messages.
STP_BPDU_PROTECTION
|
Message text |
BPDU-Protection port [STRING] received BPDUs. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
STP/4/STP_BPDU_PROTECTION: BPDU-Protection port GigabitEthernet1/0/1 received BPDUs. |
|
Explanation |
A BPDU-guard-enabled port received BPDUs. |
|
Recommended action |
Check whether the downstream device is a terminal and check for possible attacks from the downstream device or other devices. |
STP_BPDU_RECEIVE_EXPIRY
|
Message text |
Instance [UINT32]'s port [STRING] received no BPDU within the rcvdInfoWhile interval. Information of the port aged out. |
|
Variable fields |
$1: Instance ID. $2: Interface name. |
|
Severity level |
5 |
|
Example |
STP/5/STP_BPDU_RECEIVE_EXPIRY: Instance 0's port GigabitEthernet1/0/1 received no BPDU within the rcvdInfoWhile interval. Information of the port aged out. |
|
Explanation |
The state of a non-designated port changed because the port did not receive a BPDU within the max age. |
|
Recommended action |
Check the STP status of the upstream device and possible attacks from other devices. |
STP_CONSISTENCY_CHECK
|
Message text |
M-LAG role assignment finished. Please verify that the local device and the peer device have consistent global and mlag-interface-specific STP settings. |
|
Variable fields |
N/A |
|
Severity level |
5 |
|
Example |
STP/5/STP_CONSISTENCY_CHECK: M-LAG role assignment finished. Please verify that the local device and the peer device have consistent global and mlag-interface-specific STP settings. |
|
Explanation |
The M-LAG member devices in an M-LAG system must have the same global and M-LAG-interface-specific STP settings. |
|
Recommended action |
Check the global and M-LAG-interface-specific STP settings on the local and peer M-LAG member devices. |
STP_CONSISTENCY_RESTORATION
|
Message text |
|
|
Variable fields |
$1: VLAN ID. $2: Interface name. |
|
Severity level |
6 |
|
Example |
STP/6/STP_CONSISTENCY_RESTORATION: Consistency restored on VLAN 10's port GigabitEthernet1/0/1. |
|
Explanation |
Port link type or PVID inconsistency was removed on a port. |
|
Recommended action |
No action is required. |
STP_DETECTED_TC
|
Message text |
[STRING] [UINT32]'s port [STRING] detected a topology change. |
|
Variable fields |
$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name. |
|
Severity level |
6 |
|
Example |
STP/6/STP_DETECTED_TC: Instance 0's port GigabitEthernet1/0/1 detected a topology change. |
|
Explanation |
The MSTP instance or VLAN to which a port belongs had a topology change, and the local end detected the change. |
|
Recommended action |
Identify the topology change cause and handle the issue. For example, if the change is caused by a link down event, recover the link. |
STP_DISABLE
|
Message text |
STP is now disabled on the device. |
|
Variable fields |
N/A |
|
Severity level |
6 |
|
Example |
STP/6/STP_DISABLE: STP is now disabled on the device. |
|
Explanation |
STP was globally disabled on the device. |
|
Recommended action |
No action is required. |
STP_DISCARDING
|
Message text |
Instance [UINT32]'s port [STRING] has been set to discarding state. |
|
Variable fields |
$1: Instance ID. $2: Interface name. |
|
Severity level |
6 |
|
Example |
STP/6/STP_DISCARDING: Instance 0's port GigabitEthernet1/0/1 has been set to discarding state. |
|
Explanation |
MSTP calculated the state of ports within an instance, and a port was set to the discarding state. |
|
Recommended action |
No action is required. |
STP_DISPUTE
|
Message text |
[STRING] [UINT32]'s port [STRING] received an inferior BPDU from a designated port which is in forwarding or learning state. The designated bridge ID contained in the BPDU is [STRING], and the designated port ID contained in the BPDU is [STRING]. |
|
Variable fields |
$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name. $4: Designated bridge ID contained in the inferior BPDU. $5: Designated port ID contained in the inferior BPDU. |
|
Severity level |
4 |
|
Example |
STP/4/STP_DISPUTE: Instance 0's port GigabitEthernet1/0/2 received an inferior BPDU from a designated port which is in forwarding or learning state. The designated bridge ID contained in the BPDU is 32768.9a5c-5e0b-0300, and the designated port ID contained in the BPDU is 128.1293. |
|
Explanation |
A port in the MSTI or VLAN received a low-priority BPDU from a designated port in forwarding or learning state. |
|
Recommended action |
Verify that the peer port can receive packets from the local port: 1. Use the display stp abnormal-port command to display information about ports that are blocked by dispute protection. 2. Verify that the VLAN configurations on the local and peer ports are consistent. 3. Shut down the link between the two ports and then bring up the link, or connect the local port to another port. 4. Locate the BPDU sender device based on the designated bridge ID and designated port ID in the inferior BPDU and examine the link to the device to verify connectivity. |
STP_DISPUTE_RESTORATION
|
Message text |
[STRING] [UINT32]'s port [STRING] exited the dispute state. |
|
Variable fields |
$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name. |
|
Severity level |
6 |
|
Example |
STP/6/STP_DISPUTE_RESTORATION: Instance 0's port GigabitEthernet1/0/2 exited the dispute state. |
|
Explanation |
A port in an MSTI or VLAN exited the dispute state. |
|
Recommended action |
No action is required. |
STP_EDGEPORT_INACTIVE
|
Message text |
Port [STRING] became a non-edge port after receiving a BPDU. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
STP/4/STP_EDGEPORT_INACTIVE: Port GigabitEthernet1/0/1 became a non-edge port after receiving a BPDU. |
|
Explanation |
An edge port received BPDUs and became a non-ednge port. |
|
Recommended action |
Verify that the network has been attacked by malicious users with forged BPDUs. |
STP_ENABLE
|
Message text |
STP is now enabled on the device. |
|
Variable fields |
N/A |
|
Severity level |
6 |
|
Example |
STP/6/STP_ENABLE: STP is now enabled on the device. |
|
Explanation |
STP was globally enabled on the device. |
|
Recommended action |
No action is required. |
STP_FORWARDING
|
Message text |
Instance [UINT32]'s port [STRING] has been set to forwarding state. |
|
Variable fields |
$1: Instance ID. $2: Interface name. |
|
Severity level |
6 |
|
Example |
STP/6/STP_FORWARDING: Instance 0's port GigabitEthernet1/0/1 has been set to forwarding state. |
|
Explanation |
MSTP calculated the state of ports within an instance, and a port was set to the forwarding state. |
|
Recommended action |
No action is required. |
STP_LOOP_PROTECTION
|
Message text |
Instance [UINT32]'s LOOP-Protection port [STRING] failed to receive configuration BPDUs. |
|
Variable fields |
$1: Instance ID. $2: Interface name. |
|
Severity level |
4 |
|
Example |
STP/4/STP_LOOP_PROTECTION: Instance 0's LOOP-Protection port GigabitEthernet1/0/1 failed to receive configuration BPDUs. |
|
Explanation |
A loop-guard-enabled port failed to receive configuration BPDUs. |
|
Recommended action |
Check the STP status of the upstream device and possible attacks from other devices. |
STP_LOOPBACK_PROTECTION
|
Message text |
[STRING] [UINT32]'s port [STRING] received its own BPDU. |
|
Variable fields |
$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name. |
|
Severity level |
4 |
|
Example |
STP/4/STP_LOOPBACK_PROTECTION: Instance 0's port GigabitEthernet1/0/2 received its own BPDU. |
|
Explanation |
A port in the MSTI or VLAN received a BPDU sent by itself. |
|
Recommended action |
Check for forged BPDUs from attackers or loops in the network. |
STP_NOT_ROOT
|
Message text |
The current switch is no longer the root of instance [UINT32]. |
|
Variable fields |
$1: Instance ID. |
|
Severity level |
5 |
|
Example |
STP/5/STP_NOT_ROOT: The current switch is no longer the root of instance 0. |
|
Explanation |
The current switch is no longer the root bridge of an instance. It received a superior BPDU after it was configured as the root bridge. |
|
Recommended action |
Check the bridge priority configuration and possible attacks from other devices. |
STP_NOTIFIED_TC
|
Message text |
[STRING] [UINT32]'s port [STRING] was notified of a topology change. |
|
Variable fields |
$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name. |
|
Severity level |
6 |
|
Example |
STP/6/STP_NOTIFIED_TC: Instance 0's port GigabitEthernet1/0/1 was notified of a topology change. |
|
Explanation |
The neighboring device on a port notified the current device that a topology change occurred in the instance or VLAN to which the port belongs. |
|
Recommended action |
Identify the topology change cause and handle the issue. For example, if the change is caused by a link down event, recover the link. |
STP_PORT_TYPE_INCONSISTENCY
|
Message text |
Access port [STRING] in VLAN [UINT32] received PVST BPDUs from a trunk or hybrid port. |
|
Variable fields |
$1: Interface name. $2: VLAN ID. |
|
Severity level |
4 |
|
Example |
|
|
Explanation |
An access port received PVST BPDUs from a trunk or hybrid port. |
|
Recommended action |
Check the port link type setting on the ports. |
STP_PVID_INCONSISTENCY
|
Message text |
Port [STRING] with PVID [UINT32] received PVST BPDUs from a port with PVID [UINT32]. |
|
Variable fields |
$1: Interface name. $2: VLAN ID. $3: VLAN ID. |
|
Severity level |
4 |
|
Example |
|
|
Explanation |
A port received PVST BPDUs from a remote port with a different PVID. |
|
Recommended action |
Verify that the PVID is consistent on both ports. |
STP_PVST_BPDU_PROTECTION
|
Message text |
PVST BPDUs were received on port [STRING], which is enabled with PVST BPDU protection. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
|
|
Explanation |
In MSTP mode, a port enabled with PVST BPDU guard received PVST BPDUs. |
|
Recommended action |
Identify the device that sends the PVST BPDUs. |
STP_ROOT_PROTECTION
|
Message text |
Instance [UINT32]'s ROOT-Protection port [STRING] received superior BPDUs. |
|
Variable fields |
$1: Instance ID. $2: Interface name. |
|
Severity level |
4 |
|
Example |
STP/4/STP_ROOT_PROTECTION: Instance 0's ROOT-Protection port GigabitEthernet1/0/1 received superior BPDUs. |
|
Explanation |
A root-guard-enabled port received BPDUs that are superior to the BPDUs generated by itself. |
|
Recommended action |
Check the bridge priority configuration and possible attacks from other devices. |
STP_STG_NUM_DETECTION
|
Message text |
STG count [UINT32] is smaller than the MPU's STG count [UINT32]. |
|
Variable fields |
$1: Number of STGs on a card. $2: Number of STGs on the MPU. |
|
Severity level |
4 |
|
Example |
STP/4/STP_STG_NUM_DETECTION: STG count 64 is smaller than the MPU's STG count 65. |
|
Explanation |
The system detected that the STG count on a card was smaller than that on the MPU. |
|
Recommended action |
Make sure the number of spanning tree instances is not larger than the smallest card-specific STG count. For example, if the number of spanning tree instances is m and the smallest STG count among cards is n, m cannot be larger than n. |
SYSEVENT
This section contains system event messages.
EVENT_TIMEOUT
|
Message text |
Module [UINT32]'s processing for event [UINT32] timed out. Module [UINT32]'s processing for event [UINT32] on [STRING] timed out. |
|
Variable fields |
$1: Module ID. $2: Event ID. $3: MDC MDC-ID or Context Context-ID. |
|
Severity level |
6 (Informational) |
|
Example |
SYSEVENT/6/EVENT_TIMEOUT: -MDC=1; Module 0x1140000's processing for event 0x20000010 timed out. SYSEVENT/6/EVENT_TIMEOUT: -Context=1; Module 0x33c0000's processing for event 0x20000010 on context 16 timed out. |
|
Impact |
Determine the impact on the system based on the actual condition. |
|
Cause |
A module's processing for an event timed out on an MDC or context. Logs generated on non-default MDCs or contexts do not include the MDC MDC-ID or Context Context-ID. Logs generated on the default MDC or context include the following types: · Logs of the default MDC or context, which do not include the MDC MDC-ID or Context Context-ID. · Logs of non-default MDCs or contexts, which include their MDC MDC-ID or Context Context-ID. |
|
Recommended action |
Collect alarm information and configuration data, and then contact H3C Support for help. |
SWITCH
This section contains DIP switch messages.
SWITCH_FLOW_CONTROL
|
Message text |
The flow-control-switch(switch 1) is turned [STRING]. |
|
Variable fields |
$1: DIP switch status · on: Enabled. · on: Disabled. |
|
Severity level |
5 |
|
Example |
SWITCH/5/SWITCH_FLOW_CONTROL: The flow-control-switch(switch 1) is turned on. |
|
Impact |
Enabling DIP switch 1 (traffic control switch) can help reduce packet loss due to congestion. |
|
Cause |
The status of DIP switch 1 (traffic control switch) changes. |
|
Recommended action |
No action is required. |
SWITCH_BROADCAST_SUPPRESSION
|
Message text |
The broadcast-suppression-switch(switch 2) is turned [STRING]. |
|
Variable fields |
$1: DIP switch status · on: Enabled. · on: Disabled. |
|
Severity level |
5 |
|
Example |
SWITCH/5/SWITCH_BROADCAST_SUPPRESSION: The broadcast-suppression-switch(switch 2) is turned on. |
|
Impact |
Enabling DIP switch 2 (broadcast suppression switch) can reduce the proportion of broadcast traffic in the bandwidth. |
|
Cause |
The status of DIP switch 2 (broadcast suppression switch) changes. |
|
Recommended action |
No action is required. |
SWITCH_LINK_AGGREGATION
|
Message text |
The link-aggregation-switch(switch 3) is turned [STRING]. |
|
Variable fields |
$1: DIP switch status · on: Enabled. · on: Disabled. |
|
Severity level |
5 |
|
Example |
SWITCH/5/SWITCH_LINK_AGGREGATION: The link-aggregation-switch(switch 3) is turned off. |
|
Impact |
When DIP switch 3 (link aggregation switch) is off, the device loses the ability to increase link bandwidth and redundancy backup. |
|
Cause |
The status of DIP switch 3 (link aggregation switch) changes. |
|
Recommended action |
No action is required. |
SWITCH_RRPP
|
Message text |
The RRPP-switch(switch 4) is turned [STRING]. |
|
Variable fields |
$1: DIP switch status · on: Enabled. · on: Disabled. |
|
Severity level |
5 |
|
Example |
SWITCH/5/SWITCH_RRPP: The RRPP-switch(switch 4) is turned off. |
|
Impact |
When DIP switch 4 (RRPP switch) is disabled, the port will not be blocked in the event of a loop. |
|
Cause |
The status of DIP switch 4 (RRPP switch) changes. |
|
Recommended action |
No action is required. |
SYSLOG messages
This section contains syslog (information center) messages.
SYSLOG_LOGBUFFER_FAILURE
|
Message text |
Log cannot be sent to the logbuffer because of communication timeout between syslog and DBM processes. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
SYSLOG/4/SYSLOG_LOGBUFFER_FAILURE: Log cannot be sent to the logbuffer because of communication timeout between syslog and DBM processes. |
|
Explanation |
Failed to output logs to the logbuffer because of the communication timeout between syslog and DBM processes. |
|
Recommended action |
Reboot the device or contact H3C Support. |
SYSLOG_LOGFILE_CREATE
|
Message text |
Going to create new logfile [STRING]. |
|
Variable fields |
$1: Name of the log file. |
|
Severity level |
6 |
|
Example |
SYSLOG/6/SYSLOG_LOGFILE_CREATE: Going to create new logfile flash:/logfile/logfile2.log. |
|
Explanation |
The device is going to create a log file to store new logs. |
|
Recommended action |
No action is required. |
SYSLOG_LOGFILE_FULL
|
Message text |
Log file space is full. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
SYSLOG/4/SYSLOG_LOGFILE_FULL: Log file space is full. |
|
Explanation |
The log file is full. |
|
Recommended action |
Back up the log file, remove the original file, and then bring up interfaces as needed. |
SYSLOG_LOGFILE_OVERWRITE
|
Message text |
The logfile [STRING] will be overwritten. |
|
Variable fields |
$1: Name of the log file. |
|
Severity level |
6 |
|
Example |
SYSLOG/6/SYSLOG_LOGFILE_OVERWRITE: The logfile flash:/logfile/logfile.log will be overwritten. |
|
Explanation |
The log file is full. The device will overwrite logs in the log file to store new logs. |
|
Recommended action |
Back up the log file. |
SYSLOG_NO_SPACE
|
Message text |
Failed to save log file due to lack of space resources. |
|
Variable fields |
N/A |
|
Severity level |
4 |
|
Example |
SYSLOG/4/SYSLOG_NO_SPACE: -MDC=1; Failed to save log file due to lack of space resources. |
|
Explanation |
Failed to save logs to the log file due to lack of storage space. |
|
Recommended action |
Clean up the storage space of the device regularly to ensure sufficient storage space for saving logs to the log file. |
SYSLOG_RESTART
|
Message text |
System restarted -- [STRING] [STRING] Software. |
|
Variable fields |
$1: Company name. $2: Software name. |
|
Severity level |
6 |
|
Example |
SYSLOG/6/SYSLOG_RESTART: System restarted -- H3C Comware Software |
|
Explanation |
A system restart log was generated. |
|
Recommended action |
No action is required. |
SYSLOG_RTM_EVENT_BUFFER_FULL
|
Message text |
In the last minute, [STRING] syslog logs were not monitored because the buffer was full. |
|
Variable fields |
$1: Number of system logs that were not sent to the EAA module in the last minute. |
|
Severity level |
5 |
|
Example |
SYSLOG/5/SYSLOG_RTM_EVENT_BUFFER_FULL: In the last minute, 100 syslog logs were not monitored because the buffer was full. |
|
Explanation |
This message records the number of system logs that are not processed by EAA because the log buffer monitored by EAA is full. The log buffer can be filled up if the device generates large numbers of system logs in a short period of time. |
|
Recommended action |
· Identify log sources and take actions to reduce system logs. · Use the rtm event syslog buffer-size command to increase the log buffer size. |
TACACS messages
This section contains TACACS messages.
TACACS_ACCT_SERVER_DOWN
|
Message text |
TACACS accounting server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the accounting server. $2: Port number of the accounting server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
4 (Warning) |
|
Example |
TACACS/4/TACACS_ACCT_SERVER_DOWN: TACACS accounting server was blocked: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
A server becomes unreachable, which results in user online failures. |
|
Cause |
The device detected that a TACACS accounting server became blocked from active. |
|
Recommended action |
To resolve this issue: 1. Use the display interface command to view whether the interface connected to the TACACS accounting server is up: ¡ If no, troubleshoot the physical links. ¡ If yes, go to step 2. 2. Use the ping command to check whether the TACACS accounting server is reachable: ¡ If no, first check the network reachability between the device and the TACACS accounting server, and then check whether firewalls exist in the network. Make sure the TACACS accounting server is reachable. ¡ If yes, go to step 3. 3. Use the display current-configuration command to view whether the TACACS accounting server's configurations are correct: ¡ If no, modify the TACACS accounting server's configurations. For more information about TACACS server configurations, see AAA commands in Security Command Reference and AAA configuration in Security Configuration Guide of the device. ¡ If yes, go to step 4. 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TACACS_ACCT_SERVER_UP
|
Message text |
TACACS accounting server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the accounting server. $2: Port number of the accounting server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
6 (Informational) |
|
Example |
TACACS/6/TACACS_ACCT_SERVER_UP: TACACS accounting server became active: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device detected that a TACACS accounting server became active from blocked. |
|
Recommended action |
No action is required. |
TACACS_AUTH_FAILURE
|
Message text |
User [STRING] at [STRING] failed authentication. |
|
Variable fields |
$1: Username. $2: IP address. |
|
Severity level |
5 (Notification) |
|
Example |
TACACS/5/TACACS_AUTH_FAILURE: User cwf@system at 192.168.0.22 failed authentication. |
|
Impact |
A user fails authentication. |
|
Cause |
An authentication request was rejected by the TACACS server. |
|
Recommended action |
To resolve this issue: 1. Verify that the TACACS authentication-related configurations are correct on the device. 2. If the issue persists, contact the server administrator to confirm the reason for rejecting the authentication request, and resolve the issue based on the reason. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TACACS_AUTH_SERVER_DOWN
|
Message text |
TACACS authentication server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the authentication server. $2: Port number of the authentication server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
4 (Warning) |
|
Example |
TACACS/4/TACACS_AUTH_SERVER_DOWN: TACACS authentication server was blocked: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
This issue will result in user authentication failures during login. If no secondary authentication servers are available, users might be disconnected. |
|
Cause |
The device detected that a TACACS authentication server became blocked from active. |
|
Recommended action |
To resolve this issue: 1. Use the display interface command to view whether the interface connected to the TACACS authentication server is up: ¡ If no, troubleshoot the physical links. ¡ If yes, go to step 2. 2. Use the ping command to check whether the TACACS authentication server is reachable: ¡ If no, first check the network reachability between the device and the TACACS authentication server, and then check whether firewalls exist in the network. Make sure the TACACS authentication server is reachable. ¡ If yes, go to step 3. 3. Use the display current-configuration command to view whether the TACACS authentication server's configurations are correct: ¡ If no, modify the TACACS authentication server's configurations. For more information about TACACS server configurations, see AAA commands in Security Command Reference and AAA configuration in Security Configuration Guide of the device. ¡ If yes, go to step 4. 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TACACS_AUTH_SERVER_UP
|
Message text |
TACACS authentication server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the authentication server. $2: Port number of the authentication server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
6 (Informational) |
|
Example |
TACACS/6/TACACS_AUTH_SERVER_UP: TACACS authentication server became active: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device detected that a TACACS authentication server became active from blocked. |
|
Recommended action |
No action is required. |
TACACS_AUTH_SUCCESS
|
Message text |
User [STRING] at [STRING] was authenticated successfully. |
|
Variable fields |
$1: Username. $2: IP address. |
|
Severity level |
6 (Informational) |
|
Example |
TACACS/6/TACACS_AUTH_SUCCESS: User cwf@system at 192.168.0.22 was authenticated successfully. |
|
Impact |
No negative impact on the system. |
|
Cause |
An authentication request was accepted by the TACACS server. |
|
Recommended action |
No action is required. |
TACACS_AUTHOR_SERVER_DOWN
|
Message text |
TACACS authorization server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the authorization server. $2: Port number of the authorization server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
4 (Warning) |
|
Example |
TACACS/4/TACACS_AUTHOR_SERVER_DOWN: TACACS authorization server was blocked: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
This issue will result in user authentication failures during login. If no secondary authentication servers are available, users might be disconnected. |
|
Cause |
The device detected that a TACACS authorization server became blocked from active. |
|
Recommended action |
To resolve this issue: 1. Use the display interface command to view whether the interface connected to the TACACS authorization server is up: ¡ If no, troubleshoot the physical links. ¡ If yes, go to step 2. 2. Use the ping command to check whether the TACACS authorization server is reachable: ¡ If no, first check the network reachability between the device and the TACACS authorization server, and then check whether firewalls exist in the network. Make sure the TACACS authorization server is reachable. ¡ If yes, go to step 3. 3. Use the display current-configuration command to view whether the TACACS authorization server's configurations are correct: ¡ If no, modify the TACACS authorization server's configurations. For more information about TACACS server configurations, see AAA commands in Security Command Reference and AAA configuration in Security Configuration Guide of the device. ¡ If yes, go to step 4. 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TACACS_AUTHOR_SERVER_UP
|
Message text |
TACACS authorization server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the authorization server. $2: Port number of the authorization server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
6 (Informational) |
|
Example |
TACACS/6/TACACS_AUTHOR_SERVER_UP: TACACS authorization server became active: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device detected that a TACACS authorization server became active from blocked. |
|
Recommended action |
No action is required. |
TACACS_DELETE_HOST_FAIL
|
Message text |
Failed to delete servers in scheme [STRING]. |
|
Variable fields |
$1: Scheme name. |
|
Severity level |
4 (Warning) |
|
Example |
TACACS/4/TACACS_DELETE_HOST_FAIL: Failed to delete servers in scheme abc. |
|
Impact |
The impact on the system is determined based on the actual situation. |
|
Cause |
Failed to use a command line to delete servers from a TACACS scheme. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TCSM
This section contains Trusted Computing Services Management (TCSM) messages.
TCSM_CERT_BROKEN
|
Message text |
Certificate [STRING] is missing or corrupted. |
|
Variable fields |
$1: Certificate name. |
|
Severity level |
3 (Error) |
|
Example |
TCSM/3/TCSM_CERT_BROKEN: Certificate ak1-cert is missing or corrupted. |
|
Impact |
The specified certificate cannot be used. |
|
Cause |
The certificate stored in a storage medium is lost or corrupted. |
|
Recommended action |
· If the certificate is user defined, perform the following tasks: a. Replace the storage medium. b. From the manager, sign a new certificate for the TCSM key of the device. · If the certificate is system defined (prefixed with default), collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TCSM_KEY_BROKEN
|
Message text |
Key [STRING] is corrupted or missing. |
|
Variable fields |
$1: Key name. |
|
Severity level |
3 (Error) |
|
Example |
TCSM/3/TCSM_KEY_BROKEN: Key abc is corrupted or missing. |
|
Impact |
The specified key cannot be used. |
|
Cause |
The key file stored in a storage medium is lost or corrupted. |
|
Recommended action |
· If the key is user defined, perform the following tasks: a. Use the key destroy command to destroy the key. b. As a best practice, replace the storage medium. · If the key is system defined, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TCSM_KEY_HIERARCHY_BROKEN
|
Message text |
Key hierarchy of [STRING] is corrupted. |
|
Variable fields |
$1: Key name |
|
Severity level |
3 (Error) |
|
Example |
TCSM/3/TCSM_KEY_HIERARCHY_BROKEN: Key hierarchy of abc is corrupted. |
|
Impact |
The specified key cannot be used. |
|
Cause |
An upper-level key of the specified key is corrupted. |
|
Recommended action |
2. Use the key destroy command to destroy the specified key and its upper-level keys. 1. As a best practice, replace the storage medium. |
TCSM_TSS_SVC_DOWN
|
Message text |
TSS service is down. |
|
Variable fields |
N/A |
|
Severity level |
3 (Error) |
|
Example |
TCSM/3/TCSM_TSS_SVC_DOWN: TSS service is down. |
|
Impact |
Trusted computing services cannot be used. |
|
Cause |
The TPM software stack process is down. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TCSM_TSS_SVC_UP
|
Message text |
TSS service is up. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
TCSM/5/TCSM_TSS_SVC_UP: TSS service is up. |
|
Impact |
No negative impact on the system. |
|
Cause |
The TPM software stack process is up. |
|
Recommended action |
No action is required. |
TELNETD messages
This section contains Telnet daemon messages.
TELNETD_ACL_DENY
|
Message text |
The Telnet Connection [IPADDR]([STRING]) request was denied according to ACL rules. |
|
Variable fields |
$1: IP address of the Telnet client. $2: VPN instance to which the IP address of the Telnet client belongs. |
|
Severity level |
5 |
|
Example |
TELNETD/5/TELNETD_ACL_DENY: The Telnet Connection 1.2.3.4(vpn1) request was denied according to ACL rules. |
|
Explanation |
The ACL for controlling Telnet access denied the access request of a Telnet client. |
|
Recommended action |
No action is required. |
TELNETD_REACH_SESSION_LIMIT
|
Message text |
Telnet client [STRING] failed to log in. The current number of Telnet sessions is [NUMBER]. The maximum number allowed is ([NUMBER]). |
|
Variable fields |
$1: IP address of the Telnet client. $2: Current number of Telnet sessions. $3: Maximum number of Telnet sessions allowed by the device. |
|
Severity level |
|
|
Example |
|
|
Explanation |
The number of Telnet connections reached the limit. |
|
Recommended action |
1. Use the display current-configuration | include session-limit command to view the current limit for Telnet connections. If the command does not display the limit, the device is using the default setting. 2. If you want to set a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required. |
TRACK messages
This section contains Track messages.
TRACK_STATE_CHANGE
|
Message text |
The state of track entry [UINT32] changed from [STRING] to [STRING]. |
|
Variable fields |
$1: Track entry ID. The value range is 1 to 1024. $2: Previous state. Options include Positive, Negative, and NotReady. $3: Current state. Options include Positive, Negative, and NotReady. |
|
Severity level |
6 |
|
Example |
TRACK/6/TRACK_STATE_CHANGE: -MDC=1; The state of track entry 1 changed from Negative to Positive. |
|
Explanation |
The track entry state changed. The Track module changes the state of the track entry as follows: · If the tracked object is operating correctly, the state of the track entry is Positive. For example, the track entry state is Positive in one of the following conditions: ¡ The target interface is up. ¡ The target network is reachable. · If the tracked object is not operating correctly, the state of the track entry is Negative. For example, the track entry state is Negative in one of the following conditions: ¡ The target interface is down. ¡ The target network is unreachable. · If the detection result is invalid, the state of the track entry is NotReady. For example, the track entry state is NotReady if its associated NQA operation does not exist. |
|
Recommended action |
Check the detection module to ensure that it is operating correctly. |
TRILL messages
This section contains TRILL messages.
TRILL_DUP_SYSTEMID
|
Message text |
Duplicate system ID [STRING] in [STRING] PDU sourced from RBridge 0x[HEX]. |
|
Variable fields |
$1: System ID. $2: PDU type. $3: Source RBridge's nickname. |
|
Severity level |
5 |
|
Example |
TRILL/5/TRILL_DUP_SYSTEMID: Duplicate system ID 0011.2200.1501 in LSP PDU sourced from RBridge 0xc758. |
|
Explanation |
The local RBridge received an LSP or IIH PDU that has the same system ID as the local RBridge. The possible reasons include: · The same system ID is assigned to the local RBridge and the remote RBridge. · The local RBridge received a self-generated LSP PDU with an old nickname. |
|
Recommended action |
Please check the RBridge system IDs on the campus network. |
TRILL_INTF_CAPABILITY
|
Message text |
The interface [STRING] does not support TRILL. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
TRILL/4/TRILL_INTF_CAPABILITY: The interface GigabitEthernet0/1/3 does not support TRILL. |
|
Explanation |
An interface that does not support TRILL is assigned to a link aggregation group. |
|
Recommended action |
Remove the interface that does not support TRILL from the link aggregation group. |
TRILL_LICENSE_EXPIRED
|
Message text |
The TRILL feature is being disabled, because its license has expired. |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
TRILL/3/TRILL_LICENSE_EXPIRED: The TRILL feature is being disabled, because its license has expired. |
|
Explanation |
The TRILL license has expired. |
|
Recommended action |
Install a valid license for TRILL. |
TRILL_LICENSE_EXPIRED_TIME
|
Message text |
The TRILL feature will be disabled in [ULONG] days. |
|
Variable fields |
$1: Available period of the feature. |
|
Severity level |
5 |
|
Example |
TRILL/5/TRILL_LICENSE_EXPIRED_TIME: The TRILL feature will be disabled in 2 days. |
|
Explanation |
TRILL will be disabled because no TRILL license is available. After an active/standby MPU switchover, you can use TRILL only for 30 days if the new active MPU does not have a TRILL license. |
|
Recommended action |
Install a new license. |
TRILL_LICENSE_UNAVAILABLE
|
Message text |
The TRILL feature has no available license. |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
TRILL/3/TRILL_LICENSE_UNAVAILABLE: The TRILL feature has no available license. |
|
Explanation |
No license was found for TRILL when the TRILL process started. |
|
Recommended action |
Install a valid license for TRILL. |
TRILL_MEM_ALERT
|
Message text |
TRILL process receive system memory alert [STRING] event. |
|
Variable fields |
$1: Type of the memory alert event. |
|
Severity level |
5 |
|
Example |
TRILL/5/TRILL_MEM_ALERT: TRILL process receive system memory alert start event. |
|
Explanation |
TRILL receives a memory alert event from the system. |
|
Recommended action |
Check the system memory. |
TRILL_NBR_CHG
|
Message text |
TRILL [UINT32], [STRING] adjacency [STRING] ([STRING]), state changed to [STRING]. |
|
Variable fields |
$1: TRILL process ID. $2: Neighbor level. $3: Neighbor system ID. $4: Interface name. $5: Current neighbor state: · up—The neighbor has been established, and can operate correctly. · initializing—The neighbor is being initialized. · down—The neighbor is down. |
|
Severity level |
5 |
|
Example |
TRILL/5/TRILL_NBR_CHG: TRILL 1, Level-1 adjacency 0011.2200.1501 (GigabitEthernet0/1/3), state changed to down. |
|
Explanation |
The state of a TRILL neighbor changed. |
|
Recommended action |
When the neighbor state changed to down or initializing, please check the TRILL configuration and network status according to the reason for the neighbor state change. |
Telemetry stream messages
This section contains telemetry stream messages.
TELEMETRY_STREAM_ENCAP_FAIL
|
Message text |
Failed to set telemetry stream addressing parameters. Reason: [STRING]. |
|
Variable fields |
$1: Failure reason: · Driver encapsulation error. · The output interface index is an invalid value. · The operation is not supported. · Not enough resources to complete the operation. |
|
Severity level |
4 |
|
Example |
TSTREAM/4/TELEMETRY_STREAM_ENCAP_FAIL: Failed to set telemetry stream addressing parameters. Reason: The operation is not supported. |
|
Explanation |
This message is generated when the telemetry stream collector command fails to be executed. |
|
Recommended action |
Do not configure telemetry stream together with INT, NetStream, or sFlow. |
TUNNEL
This section contains tunnel messages.
TUNNEL_IFNUM_EXCEEDED
|
Message text |
The number of tunnel interfaces on the device exceeds the limit.CurNum=[UINT32], MaxNum=[UINT32]. |
|
Variable fields |
$1: Current number of tunnel interfaces. $2: Maximum number of tunnel interfaces. |
|
Severity level |
5 |
|
Example |
TUNNEL/5/TUNNEL_IFNUM_EXCEEDED: The number of tunnel interfaces on the device exceeds the limit.CurNum=81, MaxNum=100. |
|
Impact |
The number of tunnel interfaces has reached the upper limit. No more tunnel interfaces can be added. |
|
Cause |
The number of tunnel interfaces on the device has exceeded the limit, which is 80% of the maximum allowed. |
|
Recommended action |
Use the display interface tunnel command to view information about all tunnels. Identify unnecessary tunnels and then delete them. |
TUNNEL_VXLAN_CFGFAILED
|
Message text |
Failed to issue the configuration for VXLAN tunnel [UNIT32]. |
|
Variable fields |
$1: Tunnel interface name. |
|
Severity level |
4 |
|
Example |
TUNNEL/5/TUNNEL_VXLAN_CFGFAILED: Failed to issue the configuration for VXLAN tunnel 1. |
|
Impact |
Configuration deployment fails and function is unavailable. |
|
Cause |
The device failed to deploy the VXLAN tunnel configuration. |
|
Recommended action |
1. Check whether the deployed configuration parameters are correct. ¡ If errors exist, correct the errors and then redeploy the parameters. ¡ If the parameter settings are correct, go to step 2. 2. Collect log messages and configuration data, and then contact Technical Support for help. |
TUNNEL_VXLAN_FAILDECAPPKT
|
Message text |
Failed to decapsulate VXLAN packets on device.Vni=[UINT32], SrcAddr=[STRING], DstAddr=[STRING]. |
|
Variable fields |
$1: VNI of a VXLAN tunnel. $2: Source IP address of the VXLAN tunnel. $3: Destination IP address of the VXLAN tunnel. |
|
Severity level |
4 |
|
Example |
TUNNEL/5/TUNNEL_VXLAN_FAILDECAPPKT: Failed to decapsulate VXLAN packets on device.Vni=[UINT32], SrcAddr=[STRING], DstAddr=[STRING]. |
|
Impact |
Tunnel packets cannot be decapsulated and will be dropped. Services might be affected. |
|
Cause |
VXLAN packet decapsulation failed. |
|
Recommended action |
2. Identify whether the packet is destined for the local tunnel according to the information in the notification message. If yes, go to step 2. If not, no action is required. 1. Collect log messages and configuration data, and then contact Technical Support for help. |
TUNNEL_VXLAN_STATUSDOWN
|
Message text |
The link layer of a vxlan tunnel on the device is down.SrcAddr=[STRING], DstAddr=[STRING]. |
|
Variable fields |
$1: Source address of the tunnel. $2: Destination address of the tunnel. |
|
Severity level |
5 |
|
Example |
TUNNEL/5/TUNNEL_VXLAN_STATUSUP: The link layer of a vxlan tunnel on the device is down.SrcAddr=1.1.1.1, DstAddr=1.1.1.2. |
|
Impact |
The tunnel is unavailable. Service traffic carried on the tunnel will be interrupted. |
|
Cause |
The link layer of the VXLAN tunnel went down. |
|
Recommended action |
1. Use the display interface and display ip routing-table commands to check whether the tunnel route and outgoing interface are normal. ¡ If the interface is down, verify that the link is well connected. ¡ If the route is lost, verify that the remote end is online. 2. Collect log messages and configuration data, and then contact Technical Support for help. |
TUNNEL_VXLAN_STATUSUP
|
Message text |
The link layer of a vxlan tunnel on the device is up.SrcAddr=[STRING], DstAddr=[STRING]. |
|
Variable fields |
$1: Source address of the tunnel. $2: Destination address of the tunnel. |
|
Severity level |
5 |
|
Example |
TUNNEL/5/TUNNEL_VXLAN_STATUSUP: The link layer of a vxlan tunnel on the device is up.SrcAddr=1.1.1.1, DstAddr=1.1.1.2. |
|
Impact |
No negative impact on the system. |
|
Cause |
The link layer of the VXLAN tunnel came up. |
|
Recommended action |
No action is required. |
USBDPY
This section contains USB deployment messages in automatic configuration.
USBDPY_START
|
Message text |
Deployment via USB is starting. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
USBDPY/6/USBDPY_START: Deployment via USB is starting. |
|
Impact |
No impact on the system. |
|
Cause |
Started deployment via USB. |
|
Recommended action |
No action is required. |
USBDPY_SUCCEEDED
|
Message text |
Deployment via USB succeeded. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
USBDPY/6/USBDPY_SUCCEEDED: Deployment via USB succeeded. |
|
Impact |
No impact on the system. |
|
Cause |
Deployment via USB succeeded. |
|
Recommended action |
No action is required. |
USBDPY_FAILED
|
Message text |
Failed to run deployment via USB. Please see the usbload_error.txt file for failure reason. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
USBDPY/4/USBDPY_FAILED: Failed to run deployment via USB. Please see the usbload_error.txt file for failure reason. |
|
Impact |
The impact on the system depends on the actual situation. |
|
Cause |
Typical failure reasons include: · Failed to parse smart config.ini. · No matching device was found in smart_config.ini. |
|
Recommended action |
Collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
USBDPY_DPY
|
Message text |
Set startup file: [STRING] |
|
Variable fields |
$1: Software package or configuration file used in deployment. |
|
Severity level |
5 (Notification) |
|
Example |
USBDPY/5/USBDPY_DPY: Set startup file: S12600G.ipe. |
|
Impact |
No impact on the system. |
|
Cause |
Prompted the software package or configuration file used in deployment before deployment via USB started. |
|
Recommended action |
No action is required. |
VCF messages
This section contains VCF messages.
VCF_AGGR_CREAT
|
Message text |
Phase [STRING], Device [STRING] created Layer 2 aggregation group [INT32]: member ports=[STRING]. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: ID of a Layer 2 aggregation group. $4: List of Layer 2 aggregation member ports. |
|
Severity level |
6 |
|
Example |
VCF/6/VCF_AGGR_CREAT: Phase 2.0.5, Device 0000-0000-0000 created Layer 2 aggregation group 10: member ports=Ten-GigabitEthernet1/0/2, Ten-GigabitEthernet1/0/10. |
|
Explanation |
A Layer 2 aggregation group was created and member ports were added to the aggregation group. |
|
Recommended action |
No action is required. |
VCF_AGGR_DELETE
|
Message text |
Phase [STRING], Device [STRING] deleted Layer 2 aggregation group [INT32]. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: ID of a Layer 2 aggregation group. |
|
Severity level |
6 |
|
Example |
VCF/6/VCF_AGGR_DELETE: Phase 2.0.6, Device 0000-0000-0000 deleted Layer 2 aggregation group 10. |
|
Explanation |
A Layer 2 aggregation group was deleted when only one link in the aggregation group was up. |
|
Recommended action |
No action is required. |
VCF_AGGR_FAILED
|
Message text |
Phase [STRING], Device [STRING] failed to create Layer 2 aggregation group [INT32]. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: ID of a Layer 2 aggregation group. |
|
Severity level |
3 |
|
Example |
VCF/3/ VCF_AGGR_FAILED: Phase 2.0.7, Device 0000-0000-0000 failed to create Layer 2 aggregation group 10. |
|
Explanation |
Failed to create a Layer 2 aggregation group. |
|
Recommended action |
Troubleshoot the reasons for the aggregation group creation failure, such as insufficient resources. |
VCF_AUTO_ANALYZE_USERDEF
|
Message text |
Phase [STRING], Device [STRING] started to parse template file. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. |
|
Severity level |
6 |
|
Example |
VCF/6/VCF_AUTO_ANALYZE_USERDEF: Phase 1.2.2, Device 0000-0000-0000 started to parse template file. |
|
Explanation |
Started to parse user-defined configurations in the template file. |
|
Recommended action |
No action is required. |
VCF_AUTO_NO_USERDEF
|
Message text |
Phase [STRING], Device [STRING] found undefined variable [STRING] in command [STRING] on line [INTEGER]. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: Undefined user variable. $4: Command in which the undefined user variable resides. $5: Number of the command line. |
|
Severity level |
3 |
|
Example |
VCF/3/VCF_AUTO_NO_USERDEF: Phase 1.2.3, Device 0000-0000-0000 found undefined variable $$_ABC in command interface $$_ABC on line 192. |
|
Explanation |
An undefined user variable exists in the template file. This message is displayed each time an undefined user variable is detected. |
|
Recommended action |
Verify whether the user-defined variables in the template file are correct. |
VCF_AUTO_START
|
Message text |
Phase [STRING], Device [STRING] (Role [STRING]) started VCF automated deployment. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: Role of the device, spine, leaf, or access. |
|
Severity level |
5 |
|
Example |
VCF/5/VCF_AUTO_START: Phase 1.0.1, Device 0000-0000-0000 (Role leaf) started VCF automated deployment. |
|
Explanation |
Started VCF automated deployment. |
|
Recommended action |
No action is required. |
VCF_AUTO_STATIC_CMD
|
Message text |
Phase [STRING], Device [STRING] automatically executed static commands. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. |
|
Severity level |
6 |
|
Example |
VCF/6/VCF_AUTO_STATIC_CMD: Phase 1.2.4, Device 0000-0000-0000 automatically executed static commands. |
|
Explanation |
Executed static commands in the template file. Static commands refer to commands that are independent from the VCF fabric topology. |
|
Recommended action |
No action is required. |
VCF_BGP
|
Message text |
Pattern 1: Phase [STRING], Device [STRING] established a BGP session with peer [STRING] in AS [INT32]. Pattern 2: Phase [STRING], Device [STRING] established a BGP session with peers [[STRING]] in AS [INT32]. |
|
Variable fields |
Pattern 1: $1: Phase. $2: MAC address of the device. $3: Address of a BGP peer. $4: Number of the AS where the BGP peer resides. Pattern 2: $1: Phase. $2: MAC address of the device. $3: List of BGP peer addresses, separated by commas (,). $4: Number of the AS where the BGP peers reside. |
|
Severity level |
6 |
|
Example |
Pattern 1: VCF/6/VCF_BGP: Phase 3.0.5, Device 0000-0000-0000 established a BGP session with peer 1.1.1.1 in AS 100. Pattern 2: VCF/6/VCF_BGP: Phase 3.0.5, Device 0000-0000-0000 established a BGP session with peers [‘1.1.1.1’ , ‘1.1.1.2’] in AS 100. |
|
Explanation |
Pattern 1: Established a BGP session with a BGP peer. Pattern 2: Established BGP sessions with multiple BGP peers. Only the master spine node on a Layer 3 network generates this message. |
|
Recommended action |
No action is required. |
VCF_DOWN_LINK
|
Message text |
Phase [STRING], Device [STRING] discovered downlink interface [STRING]. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: Name of a downlink interface. |
|
Severity level |
6 |
|
Example |
VCF/6/VCF_DOWN_LINK: Phase 2.0.8, Device 0000-0000-0000 discovered downlink interface Ten-GigabitEthernet1/0/1. |
|
Explanation |
A downlink interface was found and the device deployed configuration to the downlink interface. On a spine node, a downlink interface is the interface through which the spine node connects to a leaf node. On a leaf node, a downlink interface is the interface through which the leaf node connects to a downstream access device. |
|
Recommended action |
No action is required. |
VCF_DRIVER_INIT
|
Message text |
Phase [STRING], failed to find driver [STRING]. Driver initialization failed. |
|
Variable fields |
$1: Phase. $2: Driver name. |
|
Severity level |
3 |
|
Example |
VCF/3/VCF_DRIVER_INIT: Phase 3.0.8, failed to find driver 6820. Driver initialization failed. |
|
Explanation |
Driver initialization failed because the driver was not found. |
|
Recommended action |
1. Verify that the name of the driver is correct. 2. Contact H3C Support to verify that VCF fabric supports the driver. |
VCF_FAILED_ADD_IRFPORT
|
Message text |
Phase [STRING], failed to bind IRF physical interface [STRING] on device with MAC address [STRING] to an IRF port three times. |
|
Variable fields |
$1: Phase. $2: IRF physical interface. $3: MAC address. |
|
Severity level |
4 |
|
Example |
VCF/4/VCF_FAILED_ADD_IRFPORT: Phase 2.0.10, failed to bind IRF physical interface [STRING] on device with MAC address 4c85-5206-0100 to an IRF port three times. |
|
Explanation |
This message is generated if the system fails to bind an IRF physical interface on a device to an IRF port three times and stops the attempt during automated deployment. |
|
Recommended action |
Check physical links between IRF member devices in the VCF fabric. |
VCF_GET_IMAGE
|
Message text |
Phase [STRING], Device [STRING] obtained information about update startup image file [STRING]: new version=[STRING], current version=[STRING]. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: Name of the new startup image file. $4: Version number of the new startup image file. $5: Version number of the current startup image file. |
|
Severity level |
6 |
|
Example |
VCF/6/VCF_GET_IMAGE: Phase 1.3.1, Device 0000-0000-0000 obtained information about update startup image file s6800.ipe: new version=V300R009B01D002, current version=V300R009B01D001. |
|
Explanation |
Obtained the name and the version number of the new startup image file through the template file. |
|
Recommended action |
No action is required. |
VCF_GET_TEMPLATE
|
Message text |
Phase [STRING], Device [STRING] downloaded template file [STRING]. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: Name of the template file. |
|
Severity level |
6 |
|
Example |
VCF/6/VCF_GET_TEMPLATE: Phase 1.2.1, Device 0000-0000-0000 downloaded template file /mnt/flash:/vxlan_spine.template. |
|
Explanation |
Downloaded the template file for automated deployment. |
|
Recommended action |
No action is required. |
VCF_INSTALL_IMAGE
|
Message text |
Phase [STRING], Device [STRING] started to install the [STRING] version of startup image. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: Version number of the new startup image file. |
|
Severity level |
6 |
|
Example |
VCF/6/VCF_INSTALL_IMAGE: Phase 1.3.3, Device 0000-0000-0000 started to install the V700R001B70D001 version of startup image. |
|
Explanation |
Started to install the new software version. |
|
Recommended action |
No action is required. |
VCF_IRF_FINISH
|
Message text |
Phase [STRING], Device [STRING] finished IRF configuration: result=[INT32]. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: Result of IRF configuration: · 0—Success. · -1—Failure. |
|
Severity level |
5 |
|
Example |
VCF/5/VCF_IRF_FINISH: Phase 2.0.3, Device 0000-0000-0000 finished IRF configuration: result=0. |
|
Explanation |
Finished IRF configuration. |
|
Recommended action |
Contact H3C Support if IRF configuration failed. |
VCF_IRF_FOUND
|
Message text |
Phase [STRING], Device [STRING] (Role [STRING]) found a peer ([STRING]) with the same role, IRF stackability check result: [INT32]. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: Role of the device. $4: MAC address of the peer device. $5: Result of the IRF stackability check: · 0—Capable to form an IRF fabric. · 1—MAC address conflict. |
|
Severity level |
5 |
|
Example |
VCF/5/VCF_IRF_FOUND: Phase 2.0.1, Device 0000-0000-0000 (Role leaf) found a peer 0000-0000-0001 with the same role, IRF stackability check result: 0. |
|
Explanation |
Found a peer device with the same role in VCF fabric topology discovery and checked whether the device can form an IRF fabric with the peer device. |
|
Recommended action |
No action is required. |
VCF_IRF_START
|
Message text |
Phase [STRING], Device [STRING] started IRF configuration: current member ID=[INT32], new member ID=[INT32], priority=[INT32], IRF-port 1's member ports=[STRING], IRF-port 2's member ports=[STRING]. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: Current IRF member ID of the device. $4: New IRF member ID of the device. $5: New IRF member priority of the device. $6: List of IRF physical interfaces bound to IRF-port 1. The value none indicates that no IRF physical interfaces were bound to IRF-port 1. $7: List of IRF physical interfaces bound to IRF-port 2. The value none indicates that no IRF physical interfaces were bound to IRF-port 2. |
|
Severity level |
5 |
|
Example |
VCF/5/VCF_IRF_START: Phase 2.0.2, Device 0000-0000-0000 started IRF configuration: current member ID=2, new member ID=1, priority=2, IRF-port 1's member ports=GigabitEthernet1/0/1, IRF-port 2's member ports=none. |
|
Explanation |
Started to deploy IRF configuration. |
|
Recommended action |
No action is required. |
VCF_LOOPBACK_START
|
Message text |
Phase [STRING], IP address assignment started for [STRING] on other nodes. |
|
Variable fields |
$1: Phase. $2: Interface name. |
|
Severity level |
5 |
|
Example |
VCF/5/VCF_LOOPBACK_START: Phase 3.0.1, IP address assignment started for Loopback0 on other nodes. |
|
Explanation |
The master spine node started to assign IP addresses to interfaces on other devices. |
|
Recommended action |
No action is required. |
VCF_LOOPBACK_START_FAILED
|
Message text |
Phase [STRING], failed to assign IP addresses to [STRING] on other nodes: reason=[STRING]. |
|
Variable fields |
$1: Phase. $2: Interface name. $3: Reason for failure to start IP address assignment: ¡ -1—No IP address range is specified. ¡ -2—Invalid IP addresses. |
|
Severity level |
5 |
|
Example |
VCF/5/VCF_LOOPBACK_START_FAILED: Phase 3.0.1, failed to assign IP addresses to Loopback0 on other nodes: reason=-1. |
|
Explanation |
The master spine node failed to assign IP addresses to interfaces on other devices due to one of the following reasons: · No IP address range is specified. · Invalid IP addresses. |
|
Recommended action |
Verify that whether the IP address range in the template file is correct. |
VCF_LOOPBACK_ALLOC
|
Message text |
Phase [STRING], assigned IP [STRING] to [STRING] on Device [STRING]: result=[INT32]. |
|
Variable fields |
$1: Phase. $2: IP address. $3: Interface name. $4: MAC address of the device. $5: Result of IP address assignment: ¡ 0—Success. ¡ -1—NETCONF failed to implement IP address assignment. ¡ -2—NETCONF processed IP address assignment incorrectly. ¡ -3—NETCONF failed to initialize. |
|
Severity level |
5 |
|
Example |
VCF/5/VCF_LOOPBACK_ALLOC: Phase 3.0.2, assigned IP 10.100.1.1 to Loopback0 on Device 0000-0000-0000: result=0. |
|
Explanation |
The master spine node assigned an IP address to an interface on a device. |
|
Recommended action |
Troubleshoot the reasons for the IP address assignment failure according to the result. |
VCF_LOOPBACK_NO_FREE_IP
|
Message text |
Phase [STRING], no IP addresses available for Device [STRING]. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. |
|
Severity level |
4 |
|
Example |
VCF/4/VCF_LOOPBACK_NO_FREE_IP: Phase 3.0.4, no IP addresses available for Device 0000-0000-0000. |
|
Explanation |
The master spine node failed to assign an IP address to an interface on a device because no IP address was available. |
|
Recommended action |
Verify whether the specified IP address range in the template file is correct. |
VCF_LOOPBACK_RECLAIM
|
Message text |
Phase [STRING], reclaimed IP [STRING] from [STRING] on Device [STRING]: reason=[INT32]. |
|
Variable fields |
$1: Phase. $2: Reclaimed IP address. $3: Interface name. $4: MAC address of the device from which the IP address was reclaimed. $5: Reason for reclaiming the IP address. The value 1 indicates that the device was down. |
|
Severity level |
5 |
|
Example |
VCF/5/VCF_LOOPBACK_RECLAIM: Phase 3.0.3, reclaimed IP 10.10.10.1 from Loopback0 on Device 0000-0000-0000: reason=1. |
|
Explanation |
The master spine node reclaimed the IP address that had been assigned to an interface on a device. |
|
Recommended action |
No action is required. |
VCF_REBOOT
|
Message text |
Phase [STRING], Device [STRING] will reboot. Reason: [STRING]. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: Reboot cause: ¡ Hardware resource mode change. ¡ Version upgrade success. ¡ IRF member ID change. ¡ IRF fabric setup success. ¡ Change of the maximum number of ECMP routes. ¡ Standalone-to-IRF mode switchover. |
|
Severity level |
5 |
|
Example |
VCF/5/VCF_REBOOT: Phase 1.2.3, Device 00e0-fc20-6304 will reboot. Reason: IRF member ID change. |
|
Explanation |
The device was about to reboot because of software update, IRF member ID change, or other reason. |
|
Recommended action |
No action is required. |
VCF_SKIP_INSTALL
|
Message text |
Phase [STRING], Device [STRING] skipped automatic version update. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. |
|
Severity level |
5 |
|
Example |
VCF/5/VCF_SKIP_INSTALL: Phase 1.3.2, Device 0000-0000-0000 skipped automatic version update. |
|
Explanation |
Skipped software upgrade because the current startup image version is the same as the startup image version obtained from the template file. |
|
Recommended action |
No action is required. |
VCF_STATIC_CMD_ERROR
|
Message text |
Phase [STRING], Device [STRING] failed to automatically execute static command '[STRING]' in context '[STRING]'. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: Command that fail to be executed. $4: Context in which the command resides. |
|
Severity level |
4 |
|
Example |
VCF/4/VCF_STATIC_CMD_ERROR: Phase 1.2.5, Device 0000-0000-0000 failed to automatically execute static command 'port link bridge' in context 'interface ten-gigabitethernet1/0/1; port link bridge'. |
|
Explanation |
Failed to execute a static command during automated deployment. |
|
Recommended action |
Troubleshoot the reasons for the failure, correct the errors, and then restart the automated deployment. |
VCF_UP_LINK
|
Message text |
Phase [STRING], Device [STRING] discovered uplink interface [STRING]. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: Name of an uplink interface. |
|
Severity level |
6 |
|
Example |
VCF/6/VCF_UP_LINK: Phase 2.0.9, Device 0000-0000-0000 discovered uplink interface Ten-GigabitEthernet1/0/1. |
|
Explanation |
An uplink interface was found and the device deployed configuration to the uplink interface. An uplink interface is the interface through which a leaf node connects to an upstream spine node. |
|
Recommended action |
No action is required. |
VCF_UPDATE_COPY_FAILED
|
Message text |
Phase [STRING], Device [STRING] failed to copy image. Reason: [STRING]. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. $3: Cause of image copying failure, including: · Insufficient spare space. · Copy failed. |
|
Severity level |
5 |
|
Example |
VCF/5/VCF_UPDATE_COPY_FAILED: Phase 1.3.5, Device 00e0-fc20-6304 failed to copy image. Reason: Insufficient spare space. |
|
Explanation |
A device failed to copy the image during automatic VCF upgrade. If the device failed for three consecutive times, the VCF process exited. |
|
Recommended action |
No action is required. |
VCF_UPDATE_FAILED
|
Message text |
Phase [STRING], Device [STRING] update has failed and end automated deployment. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. |
|
Severity level |
4 |
|
Example |
VCF/5/VCF_UPDATE_FAILED: Phase 1.3.6, Device 00e0-fc20-6304 update has failed and end automated deployment. |
|
Explanation |
A device failed to perform automatic VCF upgrade, and the VCF process exited. |
|
Recommended action |
No action is required. |
VCF_WHITE_LIST_CHECK
|
Message text |
Phase [STRING], Device [STRING] failed whitelist check and automated undelay network deployment stopped. |
|
Variable fields |
$1: Phase. $2: MAC address of the device. |
|
Severity level |
5 |
|
Example |
VCF/5/VCF_WHITE_LIST_CHECK: Phase 1.0.1, Device 00e0-fc20-6304 failed whitelist check and automated undelay network deployment stopped. |
|
Explanation |
The device failed whitelist check, which caused automated undelay network deployment to stop. |
|
Recommended action |
No action is required. |
VLAN messages
This section contains VLAN messages.
VLAN_CREATEFAIL
|
Message text |
Failed to create VLAN [STRING]. The maximum number of VLANs has been reached. |
|
Variable fields |
$1: VLAN ID. |
|
Severity level |
4 |
|
Example |
VLAN/4/ VLAN_CREATEFAIL: Failed to create VLAN 1025-4094. The maximum number of VLANs has been reached. |
|
Explanation |
A VLAN failed to be created because hardware resources were insufficient. |
|
Recommended action |
No action is required. |
VLAN_FAILED
|
Message text |
Failed to add interface [STRING] to the default VLAN. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
VLAN/4/VLAN_FAILED: Failed to add interface S-Channel4/2/0/19:100 to the default VLAN. |
|
Explanation |
An S-channel interface was created when hardware resources were insufficient. The S-channel interface failed to be assigned to the default VLAN. |
|
Recommended action |
No action is required. |
VLAN_QINQETHTYPE_FAILED
|
Message text |
Failed to set the TPID value in CVLAN tags to [UINT32] (hexadecimal). The operation is not supported. |
|
Variable fields |
$1: TPID value in inner VLAN tags |
|
Severity level |
4 |
|
Example |
VLAN/5/VLAN_QINQETHTYPE_FAILED: Failed to set the TPID value in CVLAN tags to 8200 (hexadecimal). The operation is not supported. |
|
Explanation |
In IRF 3.1 system, this message was printed to prompt that the configuration failed when the qinq ethernet-type customer-tag command was executed on a parent fabric if the following conditions existed: · The parent fabric supported setting the TPID value in inner VLAN tags. · PEXs did not support setting the TPID value in inner VLAN tags. |
|
Recommended action |
Identify whether PEXs support setting the TPID value in inner VLAN tags. |
VLAN_VLANMAPPING_FAILED
|
Message text |
The configuration failed because of resource insufficiency or conflicts on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
VLAN/4/VLAN_VLANMAPPING_FAILED: The configuration failed because of resource insufficiency or conflicts on Ethernet0/0. |
|
Explanation |
Part of or all VLAN mapping configurations on the interface were lost because of one of the following occurrences: · Hardware resources were insufficient for the interface. · The interface joined or left a Layer 2 aggregation group. |
|
Recommended action |
No action is required. |
VLAN_VLANTRANSPARENT_FAILED
|
Message text |
The configuration failed because of resource insufficiency or conflicts on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 |
|
Example |
VLAN/4/VLAN_VLANTRANSPARENT_FAILED: The configuration failed because of resource insufficiency or conflicts on Ethernet0/0. |
|
Explanation |
Part of or all VLAN transparent transmission configurations on the interface were lost because of one of the following occurrences: · Hardware resources were insufficient for the interface. · The interface joined or left a Layer 2 aggregation group. |
|
Recommended action |
No action is required. |
VRRP messages
This section contains VRRP messages.
VRRP_STATUS_CHANGE
|
Message text |
The status of [STRING] virtual router [UINT32] (configured on [STRING]) changed from [STRING] to [STRING]: [STRING]. |
|
Variable fields |
$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Original status. $5: Current status. $6: Reason for status change: · Interface event received—An interface event was received. · IP address deleted—The virtual IP address has been deleted. · The status of the tracked object changed—The status of the associated track entry changed. · VRRP packet received—A VRRP advertisement was received. · Current device has changed to IP address owner—The current device has become the IP address owner. · Zero priority packet received—A VRRP packet containing priority 0 was received. · Preempt—Preemption occurred. · Master group drove—The state of the master group changed. |
|
Severity level |
6 |
|
Example |
VRRP/6/VRRP_STATUS_CHANGE: The status of IPv4 virtual router 10 (configured on Ethernet0/0) changed (from Backup to Master): Master-down-timer expired. |
|
Explanation |
The VRRP group status changed because of the following reasons: · An interface event was received. · The virtual IP address has been deleted. · The status of the associated track entry changed. · A VRRP advertisement was received. · The current device has become the IP address owner. · The master down timer (3 × VRRP advertisement interval + Skew_Time) expired. · A VRRP packet containing priority 0 was received. · Preemption occurred. · The state of the master group changed. |
|
Recommended action |
Check the VRRP group status to make sure it is operating correctly. |
VRRP_VF_STATUS_CHANGE
|
Message text |
The [STRING] virtual router [UINT32] (configured on [STRING]) virtual forwarder [UINT32] detected status change (from [STRING] to [STRING]): [STRING]. |
|
Variable fields |
$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: VF ID. $5: Original status of VF. $6: Current status of VF. $7: Reason for the status change. |
|
Severity level |
6 |
|
Example |
VRRP/6/VRRP_VF_STATUS_CHANGE: The IPv4 virtual router 10 (configured on GigabitEthernet5/1) virtual forwarder 2 detected status change (from Active to Initialize): Weight changed. |
|
Explanation |
The status of the virtual forwarder has changed because the weight changed, the timeout timer expired, or VRRP went down. |
|
Recommended action |
Check the status of the track entry. |
VRRP_VMAC_INEFFECTIVE
|
Message text |
The [STRING] virtual router [UINT32] (configured on [STRING]) failed to add virtual MAC: [STRING]. |
|
Variable fields |
$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Reason for the error. |
|
Severity level |
3 |
|
Example |
VRRP/3/VRRP_VMAC_INEFFECTIVE: The IPv4 virtual router 10 (configured on Ethernet0/0) failed to add virtual MAC: Insufficient hardware resources. |
|
Explanation |
The virtual router failed to add a virtual MAC address. |
|
Recommended action |
Find out the root cause for the operation failure and fix the problem. |
VSRP messages
This section contains VSRP messages.
VSRP_BIND_FAILED
|
Message text |
Failed to bind the IP addresses and the port on VSRP peer [STRING]. |
|
Variable fields |
$1: VSRP peer name. |
|
Severity level |
6 |
|
Example |
VSRP/6/VSRP_BIND_FAILED: Failed to bind the IP addresses and the port on VSRP peer aaa. |
|
Explanation |
Failed to bind the IP addresses and the port when creating a TCP connection to the VSRP peer because the TCP port is in use. |
|
Recommended action |
No action is required. |
VXLAN messages
This section contains VXLAN messages.
VXLAN_LICENSE_UNAVAILABLE
|
Message text |
The VXLAN feature is disabled, because no licenses are valid. |
|
Variable fields |
N/A |
|
Severity level |
3 |
|
Example |
VXLAN/3/VXLAN_LICENSE_UNAVAILABLE: The VXLAN feature is disabled, because no licenses are valid. |
|
Explanation |
VXLAN was disabled because no licenses were valid. |
|
Recommended action |
Install valid licenses for VXLAN. |
WEB messages
This section contains WEB messages.
LOGIN
|
Message text |
[STRING] logged in from [STRING]. |
|
Variable fields |
$1: Username. $2: IP address of the user. |
|
Severity level |
5 |
|
Example |
WEB/5/LOGIN: admin logged in from 127.0.0.1. |
|
Explanation |
A user logged in successfully. |
|
Recommended action |
No action is required. |
LOGIN_FAILED
|
Message text |
[STRING] failed to log in from [STRING]. |
|
Variable fields |
$1: Username. $2: IP address of the user. |
|
Severity level |
5 |
|
Example |
WEB/5/LOGIN_FAILED: admin failed to log in from 127.0.0.1. |
|
Explanation |
A user failed to log in. |
|
Recommended action |
No action is required. |
LOGOUT
|
Message text |
[STRING] logged out from [STRING]. |
|
Variable fields |
$1: Username. $2: IP address of the user. |
|
Severity level |
5 |
|
Example |
WEB/5/LOGOUT: admin logged out from 127.0.0.1. |
|
Explanation |
A user logged out. |
|
Recommended action |
No action is required. |
WEBAUTH messages
This section contains Web authentication messages.
WEBAUTH_USER_LOGON_SUCCESS
|
Message text |
-Username=[STRING]-IfName=[STRING]-MACAddr=[STRING]-AccessVLANID=[STRING]-AuthorizationVLANID=[STRING]; User passed Web authentication and came online successfully. |
|
Variable fields |
$1: Username. $2: Interface name. $3: MAC address. $4: ID of the VLAN through which the user accesses the device. $5: Authorization VLAN ID. |
|
Severity level |
6 (Informational) |
|
Example |
WEBAUTH/6/WEBAUTH_USER_LOGON_SUCCESS: -Username=admin-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-AccessVLAN ID=444-AuthorizationVLANID=444; User passed Web authentication and came online successfully. |
|
Impact |
No negative impact on the system. |
|
Cause |
A Web authentication user came online successfully. |
|
Recommended action |
No action is required. |
WEBAUTH_USER_LOGON_ FAILURE
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; User failed Web authentication. Reason: [STRING]. |
|
Variable fields |
$1: Interface name. $2: MAC address. $3: VLAN ID. $4: Username. $5: Reason for the Web authentication failure: · MAC address authorization failed. · VLAN authorization failed. · VSI authorization failed. · ACL authorization failed. · User profile authorization failed. · URL authorization failed. · Microsegment authorization failed. · Authentication process failed. · VSI authorization failed because of insufficient resources. · ACL authorization failed because of insufficient resources. · MAC address authorization failed after a MAC move. · VLAN authorization failed because of failure in authorization VLAN selection. · VLAN authorization failed because a free VLAN was assigned as the authorization VLAN. · VLAN authorization failed because of failure in authorization VLAN creation. · VSI authorization failed because the user belongs to a free VLAN. · VSI authorization failed because the user's access interface does not permit the user VLAN. · VSI authorization failed because of failure in AC creation. · ACL authorization failed because the specified ACL does not exist. · ACL authorization failed because of unsupported ACL type. · ACL authorization failed because the specified ACL conflicts with other ACLs on the user's access interface. · ACL authorization failed because no rule was obtained for the specified ACL. · ACL authorization failed because of ACL parameter error. · User profile authorization failed because an invalid user profile was assigned to the user (the authorization-fail offline feature is enabled). · User profile authorization failed because of failure in issuing the specified user profile to driver. · URL authorization failed because of insufficient resources. · URL authorization failed because of invalid parameter in the specified URL. · URL authorization failed because the specified URL was not supported. · URL authorization failed because of deny rule issuing failure. · URL authorization failed because of failure in issuing the specified URL to driver. · URL authorization failed because no servers were reachable and the url-user-logoff parameter was specified. · URL authorization failed because the escape critical VSI feature of port security was configured. |
|
Severity level |
6 (Informational) |
|
Example |
WEBAUTH/6/WEBAUTH_USER_LOGON_FAILURE: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0000-0001-VLANID=1-Username=0000-0000-0001; User failed Web authentication. Reason: VLAN authorization failed. |
|
Impact |
Web authentication fails for a user. The user cannot come online correctly. |
|
Cause |
A user failed Web authentication. For more information about the reason, see the explanation in variable fields. |
|
Recommended action |
Handle the issue according to the failure reason in the log message. |
WIPS messages
This section contains WIPS messages.
APFLOOD
|
Message text |
-VSD=[STRING]; AP flood detected. |
|
Variable fields |
$1: VSD name. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/APFLOOD: -VSD=home; AP flood detected. |
|
Impact |
When an attack is present in the current wireless network, it may affect the performance of the wireless network. |
|
Cause |
The number of APs detected in the specified VSD reached the threshold. |
|
Recommended action |
1. Configure countermeasures against the devices that initiated the attack and verify if the issue is resolved. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
AP_CHANNEL_CHANGE
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; Channel change detected. |
|
Variable fields |
$1: VSD name. $2: MAC address of the AP. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/AP_CHANNEL_CHANGE: -VSD=home-SrcMAC=1122-3344-5566; Channel change detected. |
|
Impact |
When the AP channel changes, it may affect the channels of other working APs. |
|
Cause |
The channel of the specified AP changed. |
|
Recommended action |
Determine whether the channel change is valid. |
ASSOCIATEOVERFLOW
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; Association/Reassociation DoS attack detected. |
|
Variable fields |
$1: VSD name. $2: MAC address of the AP. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/ASSOCIATEOVERFLOW: -VSD=home-SrcMAC=1122-3344-5566; Association/Reassociation DoS attack detected. |
|
Impact |
When an attack is present in the current wireless network, it may impact the performance of the wireless network. |
|
Cause |
The specified AP sent an association response with the status code 17. |
|
Recommended action |
1. Configure countermeasures against the devices that initiated the attack and verify if the issue is resolved. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
HONEYPOT
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; Honeypot AP detected. |
|
Variable fields |
$1: VSD name. $2: MAC address of the AP. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/HONEYPOT: -VSD=home-SrcMAC=1122-3344-5566; Honeypot AP detected. |
|
Impact |
When an attack is present in the current wireless network, it may impact the performance of the wireless network. |
|
Cause |
The specified AP was detected as a honeypot AP. |
|
Recommended action |
1. Configure countermeasures against the devices that initiated the attack and verify if the issue is resolved. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
HTGREENMODE
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; HT-Greenfield AP detected. |
|
Variable fields |
$1: VSD name. $2: MAC address of the AP. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/HTGREENMODE: -VSD=home-SrcMAC=1122-3344-5566; HT-Greenfield AP detected. |
|
Impact |
When an attack is present in the current wireless network, it may impact the performance of the wireless network. |
|
Cause |
The specified AP was detected as an HT-greenfield AP. |
|
Recommended action |
1. Configure countermeasures against the devices that initiated the attack and verify if the issue is resolved. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
MAN_IN_MIDDLE
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; Man-in-the-middle attack detected. |
|
Variable fields |
$1: VSD name. $2: MAC address of the client. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/MAN_IN_MIDDLE: -VSD=home-SrcMAC=1122-3344-5566; Man-in-the-middle attack detected. |
|
Impact |
When an attack is present in the current wireless network, it may impact the performance of the wireless network. |
|
Cause |
The specified client suffered a man-in-the-middle attack. |
|
Recommended action |
1. Configure countermeasures against the devices that initiated the attack and verify if the issue is resolved. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
WIPS_DOS
|
Message text |
-VSD=[STRING]; [STRING] rate attack detected. |
|
Variable fields |
$1: VSD name. $2: Device type: AP or client. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIPS_DOS: -VSD=home; AP rate attack detected. |
|
Impact |
When an attack is present in the current wireless network, it may impact the performance of the wireless network. |
|
Cause |
The number of device entries learned within the specified interval reached the threshold. |
|
Recommended action |
1. Configure countermeasures against the devices that initiated the attack and verify if the issue is resolved. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
WIPS_FLOOD
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; [STRING] flood detected. |
|
Variable fields |
$1: VSD name. $2: Attacker's MAC address. $3: Flood attack type. Options include the following: · Association request · Authentication · Disassociation · Reassociation request · Deauthentication · Null data · Beacon · Probe request · BlockAck · CTS · RTS · EAPOL start |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIPS_FLOOD: -VSD=home-SrcMAC=1122-3344-5566; Association request flood detected. |
|
Impact |
When an attack is present in the current wireless network, it may impact the performance of the wireless network. |
|
Cause |
The number of a specific type of packets detected within the specified interval reached the threshold. |
|
Recommended action |
1. Configure countermeasures against the devices that initiated the attack and verify if the issue is resolved. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
WIPS_MALF
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; Error detected: [STRING]. |
|
Variable fields |
$1: VSD name. $2: Sender's MAC address. $3: Malformed packet type. Options include the following: · invalid ie length—Invalid IE length. · duplicated ie—Duplicate IE. · redundant ie—Redundant IE. · invalid pkt length—Invalid packet length. · illegal ibss ess—Abnormal IBSS and ESS setting. · invalid source addr—Invalid source MAC address. · overflow eapol key—Oversized EAPOL key. · malf auth—Malformed authentication request frame. · malf assoc req—Malformed association request frame. · malf ht ie—Malformed HT IE. · large duration—Oversized duration. · null probe resp—Malformed probe response frame. · invalid deauth code—Invalid deauthentication code. · invalid disassoc code—Invalid disassociation code. · over flow ssid—Oversized SSID. · fata jack—FATA-Jack. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIPS_MALF: -VSD=home-SrcMAC=1122-3344-5566; Error detected: fata jack. |
|
Impact |
When an attack is present in the current wireless network, it may impact the performance of the wireless network. |
|
Cause |
A malformed packet was detected. |
|
Recommended action |
1. Configure countermeasures against the devices that initiated the attack and verify if the issue is resolved. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
WIPS_SPOOF
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; [STRING] detected. |
|
Variable fields |
$1: VSD name. $2: MAC address of the device being spoofed. $3: Spoofing attack type. Options include the following: · AP spoofing AP—A fake AP spoofs an authorized AP. · AP spoofing client—A fake AP spoofs an authorized client. · AP spoofing ad-hoc—A fake AP spoofs an Ad hoc device. · Ad-hoc spoofing AP—An Ad hoc device spoofs an authorized AP. · Client spoofing AP—A client spoofs an authorized AP. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIPS_SPOOF: -VSD=home-SrcMAC=1122-3344-5566; AP spoofing AP detected. |
|
Impact |
When an attack is present in the current wireless network, it may impact the performance of the wireless network. |
|
Cause |
A spoofing attack was detected. |
|
Recommended action |
1. Configure countermeasures against the devices that initiated the attack and verify if the issue is resolved. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
WIPS_WEAKIV
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; Weak IV detected. |
|
Variable fields |
$1: VSD name. $2: Sender's MAC address. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIPS_WEAKIV: -VSD=home-SrcMAC=1122-3344-5566; Weak IV detected. |
|
Impact |
Using Weak IV encryption increases the likelihood of the key being cracked, which impacts wireless security. |
|
Cause |
A Weak IV was detected. |
|
Recommended action |
Use a more secure encryption method to encrypt packets. |
WIRELESSBRIDGE
|
Message text |
-VSD=[STRING]-AP1=[MAC]-AP2=[MAC]]; Wireless bridge detected. |
|
Variable fields |
$1: VSD name. $2: MAC address of AP 1. $3: MAC address of AP 2. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIRELESSBRIDGE: -VSD=home-AP1=1122-3344-5566-AP2=7788-9966-5544; Wireless bridge detected. |
|
Impact |
A wireless bridge is detected. A security vulnerability exists in the current wireless network. |
|
Cause |
The specified APs set up a wireless bridge. |
|
Recommended action |
Determine whether the wireless bridge is valid. |
