H3C S6300 Switch Series System Log Messages Reference-R24xx-6W100

HomeSupportSwitchesS6300 SeriesReference GuidesLog Message ReferencesH3C S6300 Switch Series System Log Messages Reference-R24xx-6W100
Download Book

 

H3C S6300 Switch Series

System Log Messages Reference

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Document version: 6W100-20210413

 

Copyright © 2021 New H3C Technologies Co., Ltd. All rights reserved.

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.

The information in this document is subject to change without notice.


Contents

Introduction· 1

System log message format 1

Managing and obtaining system log messages· 3

Obtaining log messages from the console terminal 3

Obtaining log messages from a monitor terminal 3

Obtaining log messages from the log buffer 4

Obtaining log messages from the log file· 4

Obtaining log messages from a log host 4

Software module list 4

Using this document 7

AAA messages· 8

AAA_FAILURE· 8

AAA_LAUNCH· 9

AAA_SUCCESS· 9

ACL messages· 9

ACL_IPV6_STATIS_INFO·· 10

ACL_NO_MEM·· 10

ACL_STATIS_INFO·· 10

ACL_RESOURCE_INFO·· 11

APMGR messages· 11

APMGR_ADDBAC_INFO·· 11

APMGR_DELBAC_INFO·· 12

ARP messages· 12

ARP_ACTIVE_ACK_NO_REPLY· 12

ARP_ACTIVE_ACK_NOREQUESTED_REPLY· 13

ARP_RATE_EXCEEDED·· 13

ARP_SENDER_IP_INVALID·· 14

ARP_SENDER_MAC_INVALID·· 14

ARP_SENDER_SMACCONFLICT_VSI 15

ARP_SENDER_SMACCONFLICT· 15

ARP_SRC_MAC_FOUND_ATTACK· 16

ARP_TARGET_IP_INVALID·· 16

DUPIFIP· 17

DUPIP· 17

DUPVRRPIP· 18

ATK messages· 19

ATKDF_ICMP_ADDRMASK_REQ·· 20

ATKDF_ICMP_ADDRMASK_REQ_RAW·· 21

ATKDF_ICMP_ADDRMASK_RPL· 22

ATKDF_ICMP_ADDRMASK_RPL_RAW·· 23

ATKDF_ICMP_ECHO_REQ·· 24

ATKDF_ICMP_ECHO_REQ_RAW·· 25

ATKDF_ICMP_ECHO_RPL· 26

ATKDF_ICMP_ECHO_RPL_RAW·· 27

ATKDF_ICMP_FLOOD·· 27

ATKDF_ICMP_INFO_REQ·· 28

ATKDF_ICMP_INFO_REQ_RAW·· 29

ATKDF_ICMP_INFO_RPL· 30

ATKDF_ICMP_INFO_RPL_RAW·· 31

ATKDF_ICMP_LARGE· 32

ATKDF_ICMP_LARGE_RAW·· 33

ATKDF_ICMP_PARAPROBLEM·· 34

ATKDF_ICMP_PARAPROBLEM_RAW·· 35

ATKDF_ICMP_PINGOFDEATH· 36

ATKDF_ICMP_PINGOFDEATH_RAW·· 37

ATKDF_ICMP_REDIRECT· 38

ATKDF_ICMP_REDIRECT_RAW·· 39

ATKDF_ICMP_SMURF· 40

ATKDF_ICMP_SMURF_RAW·· 41

ATKDF_ICMP_SOURCEQUENCH· 42

ATKDF_ICMP_SOURCEQUENCH_RAW·· 43

ATKDF_ICMP_TIMEEXCEED·· 44

ATKDF_ICMP_TIMEEXCEED_RAW·· 45

ATKDF_ICMP_TRACEROUTE· 46

ATKDF_ICMP_TRACEROUTE_RAW·· 47

ATKDF_ICMP_TSTAMP_REQ·· 48

ATKDF_ICMP_TSTAMP_REQ_RAW·· 49

ATKDF_ICMP_TSTAMP_RPL· 50

ATKDF_ICMP_TSTAMP_RPL_RAW·· 51

ATKDF_ICMP_TYPE· 52

ATKDF_ICMP_TYPE_RAW·· 53

ATKDF_ICMP_UNREACHABLE· 54

ATKDF_ICMP_UNREACHABLE_RAW·· 55

ATKDF_ICMPV6_DEST_UNREACH· 56

ATKDF_ICMPV6_DEST_UNREACH_RAW·· 57

ATKDF_ICMPV6_ECHO_REQ·· 58

ATKDF_ICMPV6_ECHO_REQ_RAW·· 59

ATKDF_ICMPV6_ECHO_RPL· 60

ATKDF_ICMPV6_ECHO_RPL_RAW·· 61

ATKDF_ICMPV6_FLOOD·· 61

ATKDF_ICMPV6_GROUPQUERY· 62

ATKDF_ICMPV6_GROUPQUERY_RAW·· 63

ATKDF_ICMPV6_GROUPREDUCTION· 64

ATKDF_ICMPV6_GROUPREDUCTION_RAW·· 65

ATKDF_ICMPV6_GROUPREPORT· 66

ATKDF_ICMPV6_GROUPREPORT_RAW·· 67

ATKDF_ICMPV6_LARGE· 68

ATKDF_ICMPV6_LARGE_RAW·· 69

ATKDF_ICMPV6_PACKETTOOBIG·· 70

ATKDF_ICMPV6_PACKETTOOBIG_RAW·· 71

ATKDF_ICMPV6_PARAPROBLEM·· 72

ATKDF_ICMPV6_PARAPROBLEM_RAW·· 73

ATKDF_ICMPV6_TIMEEXCEED·· 74

ATKDF_ICMPV6_TIMEEXCEED_RAW·· 75

ATKDF_ICMPV6_TRACEROUTE· 76

ATKDF_ICMPV6_TRACEROUTE_RAW·· 77

ATKDF_ICMPV6_TYPE· 78

ATKDF_ICMPV6_TYPE_RAW·· 79

ATKDF_IP_OPTION· 80

ATKDF_IP_OPTION_RAW·· 81

ATKDF_IP4_ACK_FLOOD·· 82

ATKDF_IP4_DIS_PORTSCAN· 82

ATKDF_IP4_DNS_FLOOD·· 83

ATKDF_IP4_FIN_FLOOD·· 83

ATKDF_IP4_FRAGMENT· 84

ATKDF_IP4_FRAGMENT_RAW·· 85

ATKDF_IP4_HTTP_FLOOD·· 86

ATKDF_IP4_IMPOSSIBLE· 87

ATKDF_IP4_IMPOSSIBLE_RAW·· 88

ATKDF_IP4_IPSWEEP· 89

ATKDF_IP4_PORTSCAN· 89

ATKDF_IP4_RST_FLOOD·· 90

ATKDF_IP4_SYN_FLOOD·· 90

ATKDF_IP4_SYNACK_FLOOD·· 91

ATKDF_IP4_TCP_ALLFLAGS· 92

ATKDF_IP4_TCP_ALLFLAGS_RAW·· 93

ATKDF_IP4_TCP_FINONLY· 94

ATKDF_IP4_TCP_FINONLY_RAW·· 95

ATKDF_IP4_TCP_INVALIDFLAGS· 96

ATKDF_IP4_TCP_INVALIDFLAGS_RAW·· 97

ATKDF_IP4_TCP_LAND·· 98

ATKDF_IP4_TCP_LAND_RAW·· 99

ATKDF_IP4_TCP_NULLFLAG·· 100

ATKDF_IP4_TCP_NULLFLAG_RAW·· 101

ATKDF_IP4_TCP_SYNFIN· 102

ATKDF_IP4_TCP_SYNFIN_RAW·· 103

ATKDF_IP4_TCP_WINNUKE· 104

ATKDF_IP4_TCP_WINNUKE_RAW·· 105

ATKDF_IP4_TEARDROP· 106

ATKDF_IP4_TEARDROP_RAW·· 107

ATKDF_IP4_TINY_FRAGMENT· 108

ATKDF_IP4_TINY_FRAGMENT_RAW·· 109

ATKDF_IP4_UDP_BOMB· 110

ATKDF_IP4_UDP_BOMB_RAW·· 111

ATKDF_IP4_UDP_FLOOD·· 112

ATKDF_IP4_UDP_FRAGGLE· 113

ATKDF_IP4_UDP_FRAGGLE_RAW·· 114

ATKDF_IP4_UDP_SNORK· 115

ATKDF_IP4_UDP_SNORK_RAW·· 116

ATKDF_IP6_ACK_FLOOD·· 116

ATKDF_IP6_DIS_PORTSCAN· 117

ATKDF_IP6_DNS_FLOOD·· 117

ATKDF_IP6_FIN_FLOOD·· 118

ATKDF_IP6_FRAGMENT· 119

ATKDF_IP6_FRAGMENT_RAW·· 120

ATKDF_IP6_HTTP_FLOOD·· 121

ATKDF_IP6_IMPOSSIBLE· 122

ATKDF_IP6_IMPOSSIBLE_RAW·· 123

ATKDF_IP6_IPSWEEP· 123

ATKDF_IP6_PORTSCAN· 124

ATKDF_IP6_RST_FLOOD·· 124

ATKDF_IP6_SYN_FLOOD·· 125

ATKDF_IP6_SYNACK_FLOOD·· 125

ATKDF_IP6_TCP_ALLFLAGS· 126

ATKDF_IP6_TCP_ALLFLAGS_RAW·· 127

ATKDF_IP6_TCP_FINONLY· 128

ATKDF_IP6_TCP_FINONLY_RAW·· 129

ATKDF_IP6_TCP_INVALIDFLAGS· 130

ATKDF_IP6_TCP_INVALIDFLAGS_RAW·· 131

ATKDF_IP6_TCP_LAND·· 132

ATKDF_IP6_TCP_LAND_RAW·· 133

ATKDF_IP6_TCP_NULLFLAG·· 134

ATKDF_IP6_TCP_NULLFLAG_RAW·· 135

ATKDF_IP6_TCP_SYNFIN· 136

ATKDF_IP6_TCP_SYNFIN_RAW·· 137

ATKDF_IP6_TCP_WINNUKE· 138

ATKDF_IP6_TCP_WINNUKE_RAW·· 139

ATKDF_IP6_UDP_FLOOD·· 139

ATKDF_IP6_UDP_FRAGGLE· 140

ATKDF_IP6_UDP_FRAGGLE_RAW·· 141

ATKDF_IP6_UDP_SNORK· 142

ATKDF_IP6_UDP_SNORK_RAW·· 143

ATKDF_IPOPT_ABNORMAL· 144

ATKDF_IPOPT_ABNORMAL_RAW·· 145

ATKDF_IPOPT_LOOSESRCROUTE· 146

ATKDF_IPOPT_LOOSESRCROUTE_RAW·· 147

ATKDF_IPOPT_RECORDROUTE· 148

ATKDF_IPOPT_RECORDROUTE_RAW·· 149

ATKDF_IPOPT_ROUTEALERT· 150

ATKDF_IPOPT_ROUTEALERT_RAW·· 151

ATKDF_IPOPT_SECURITY· 152

ATKDF_IPOPT_SECURITY_RAW·· 153

ATKDF_IPOPT_STREAMID·· 154

ATKDF_IPOPT_STREAMID_RAW·· 155

ATKDF_IPOPT_STRICTSRCROUTE· 156

ATKDF_IPOPT_STRICTSRCROUTE_RAW·· 157

ATKDF_IPOPT_TIMESTAMP· 158

ATKDF_IPOPT_TIMESTAMP_RAW·· 159

ATKDF_IPV6_EXT_HEADER· 160

ATKDF_IPV6_EXT_HEADER_RAW·· 161

BFD messages· 161

BFD_CHANGE_FSM·· 161

BFD_MAD_INTERFACE_CHANGE_STATE· 162

BFD_REACHED_UPPER_LIMIT· 162

BGP messages· 162

BGP_EXCEED_ROUTE_LIMIT· 163

BGP_EXCEEDS_THRESHOLD·· 163

BGP_MEM_ALERT· 163

BGP_STATE_CHANGED·· 164

CFD messages· 164

CFD_CROSS_CCM·· 164

CFD_ERROR_CCM·· 165

CFD_LOST_CCM·· 165

CFD_RECEIVE_CCM·· 166

CFGMAN messages· 166

CFGMAN_CFGCHANGED·· 166

CFGMAN_OPTCOMPLETION· 167

DEV messages· 167

BOARD_REBOOT· 167

BOARD_REMOVED·· 168

BOARD_STATE_FAULT· 168

BOARD_STATE_NORMAL· 169

CFCARD_INSERTED·· 169

CFCARD_REMOVED·· 169

CHASSIS_REBOOT· 170

DEV_CLOCK_CHANGE· 170

FAN_ABSENT· 171

FAN_DIRECTION_NOT_PREFERRED·· 171

FAN_FAILED·· 172

FAN_RECOVERED·· 172

POWER_ABSENT· 173

POWER_FAILED·· 174

POWER_MONITOR_ABSENT· 175

POWER_MONITOR_FAILED·· 176

POWER_MONITOR_FAN_FAILED·· 176

POWER_MONITOR_OVERTEMPERATURE· 177

POWER_MONITOR_RECOVERED·· 178

POWER_RECOVERED·· 179

RPS_ABSENT· 179

RPS_NORMAL· 180

SUBCARD_FAULT· 180

SUBCARD_INSERTED·· 181

SUBCARD_REBOOT· 181

SUBCARD_REMOVED·· 182

SYSTEM_REBOOT· 182

TEMPERATURE_ALARM·· 183

TEMPERATURE_LOW·· 183

TEMPERATURE_NORMAL· 184

TEMPERATURE_SHUTDOWN· 184

TEMPERATURE_WARNING·· 185

DHCP·· 185

DHCP_NOTSUPPORTED·· 185

DHCP_NORESOURCES· 186

DHCPR·· 186

DHCPR_SERVERCHANGE· 186

DHCPR_SWITCHMASTER· 187

DHCPS messages· 187

DHCPS_ALLOCATE_IP· 187

DHCPS_CONFLICT_IP· 188

DHCPS_EXTEND_IP· 188

DHCPS_FILE· 189

DHCPS6 messages· 189

DHCPS6_ALLOCATE_ADDRESS· 189

DHCPS6_ALLOCATE_PREFIX· 190

DHCPS6_CONFLICT_ADDRESS· 190

DHCPS6_EXTEND_ADDRESS· 191

DHCPS6_EXTEND_PREFIX· 191

DHCPS6_FILE· 192

DHCPS6_RECLAIM_ADDRESS· 192

DHCPSP4· 192

DHCPSP4_FILE· 193

DHCPSP6· 193

DHCPSP6_FILE· 193

DIAG messages· 193

MEM_ALERT· 194

MEM_BELOW_THRESHOLD·· 195

MEM_EXCEED_THRESHOLD·· 195

DLDP messages· 196

DLDP_AUTHENTICATION_FAILED·· 196

DLDP_LINK_BIDIRECTIONAL· 196

DLDP_LINK_UNIDIRECTIONAL· 197

DLDP_NEIGHBOR_AGED·· 197

DLDP_NEIGHBOR_CONFIRMED·· 198

DLDP_NEIGHBOR_DELETED·· 198

DOT1X messages· 198

DOT1X_LOGIN_FAILURE· 199

DOT1X_LOGIN_SUCC· 199

DOT1X_LOGOFF· 200

DOT1X_NOTENOUGH_EADFREEIP_RES· 200

DOT1X_NOTENOUGH_EADFREERULE_RES· 201

DOT1X_NOTENOUGH_EADMACREDIR_RES· 201

DOT1X_NOTENOUGH_EADPORTREDIR_RES· 202

DOT1X_NOTENOUGH_ENABLEDOT1X_RES· 202

DOT1X_SMARTON_FAILURE· 203

DOT1X_UNICAST_NOT_EFFECTIVE· 203

ETHOAM messages· 203

ETHOAM_CONNECTION_FAIL_DOWN· 204

ETHOAM_CONNECTION_FAIL_TIMEOUT· 204

ETHOAM_CONNECTION_FAIL_UNSATISF· 204

ETHOAM_CONNECTION_SUCCEED·· 205

ETHOAM_DISABLE· 205

ETHOAM_DISCOVERY_EXIT· 205

ETHOAM_ENABLE· 206

ETHOAM_ENTER_LOOPBACK_CTRLLED·· 206

ETHOAM_ENTER_LOOPBACK_CTRLLING·· 206

ETHOAM_LOCAL_DYING_GASP· 207

ETHOAM_LOCAL_ERROR_FRAME· 207

ETHOAM_LOCAL_ERROR_FRAME_PERIOD·· 207

ETHOAM_LOCAL_ERROR_FRAME_SECOND·· 208

ETHOAM_LOCAL_LINK_FAULT· 208

ETHOAM_LOOPBACK_EXIT· 208

ETHOAM_LOOPBACK_EXIT_ERROR_STATU· 209

ETHOAM_LOOPBACK_NO_RESOURCE· 209

ETHOAM_LOOPBACK_NOT_SUPPORT· 209

ETHOAM_QUIT_LOOPBACK_CTRLLED·· 210

ETHOAM_QUIT_LOOPBACK_CTRLLING·· 210

ETHOAM_REMOTE_CRITICAL· 210

ETHOAM_REMOTE_DYING_GASP· 211

ETHOAM_REMOTE_ERROR_FRAME· 211

ETHOAM_REMOTE_ERROR_FRAME_PERIOD·· 211

ETHOAM_REMOTE_ERROR_FRAME_SECOND·· 212

ETHOAM_REMOTE_ERROR_SYMBOL· 212

ETHOAM_REMOTE_EXIT· 212

ETHOAM_REMOTE_FAILURE_RECOVER· 213

ETHOAM_REMOTE_LINK_FAULT· 213

ETHOAM_NO_ENOUGH_RESOURCE· 213

ETHOAM_NOT_CONNECTION_TIMEOUT· 214

EVB messages· 214

EVB_AGG_FAILED·· 214

EVB_VSI_OFFLINE· 215

EVB_VSI_ONLINE· 215

EVB_WARNING_NO_LICENSE· 215

EVIISIS messages· 216

EVIISIS_LICENSE_EXPIRED·· 216

EVIISIS_LICENSE_EXPIRED_TIME· 217

EVIISIS_LICENSE_UNAVAILABLE· 217

EVIISIS_MEM_ALERT· 217

EVIISIS_NBR_CHG·· 218

FILTER messages· 218

FILTER_EXECUTION_ICMP· 219

FILTER_EXECUTION_ICMPV6· 220

FILTER_IPV4_EXECUTION· 221

FILTER_IPV6_EXECUTION· 222

FCOE messages· 222

FCOE_INTERFACE_NOTSUPPORT_FCOE· 223

FCOE_LAGG_BIND_ACTIVE· 223

FCOE_LAGG_BIND_DEACTIVE· 224

FCOE_LICENSE_ERROR· 224

FCOE_LICENSE_EXPIRED_EXIT· 224

FCOE_LICENSE_EXPIRED_TIME· 225

FCLINK messages· 225

FCLINK_FDISC_REJECT_NORESOURCE· 225

FCLINK_FLOGI_REJECT_NORESOURCE· 226

FCZONE messages· 226

FCZONE_HARDZONE_DISABLED·· 226

FCZONE_HARDZONE_ENABLED·· 227

FIPS messages· 227

FCOE_FIPS_HARD_RESOURCE_NOENOUGH· 227

FCOE_FIPS_HARD_RESOURCE_RESTORE· 227

FTPD messages· 228

FTPD_REACH_SESSION_LIMIT· 228

FTPD_AUTHOR_FAILED·· 228

HA messages· 228

HA_BATCHBACKUP_FINISHED·· 229

HA_BATCHBACKUP_STARTED·· 229

HA_STANDBY_NOT_READY· 229

HA_STANDBY_TO_MASTER· 230

HTTPD messages· 230

HTTPD_CONNECT· 230

HTTPD_CONNECT_TIMEOUT· 231

HTTPD_DISCONNECT· 231

HTTPD_FAIL_FOR_ACL· 231

HTTPD_FAIL_FOR_ACP· 232

HTTPD_REACH_CONNECT_LIMIT· 232

IFNET messages· 232

IF_BUFFER_CONGESTION_OCCURRENCE· 233

IFNET_MAD·· 233

INTERFACE_INSERTED·· 233

INTERFACE_REMOVED·· 234

LINK_UPDOWN· 234

PHY_UPDOWN· 234

PROTOCOL_UPDOWN· 235

IKE messages· 235

IKE_P1_SA_ESTABLISH_FAIL· 236

IKE_P2_SA_ESTABLISH_FAIL· 236

IKE_P2_SA_TERMINATE· 237

IPSEC messages· 237

IPSEC_PACKET_DISCARDED·· 237

IPSEC_SA_ESTABLISH· 238

IPSEC_SA_ESTABLISH_FAIL· 239

IPSEC_SA_INITINATION· 239

IPSEC_SA_TERMINATE· 240

IPSG messages· 240

IPSG_ADDENTRY_ERROR· 241

IPSG_DELENTRY_ERROR· 242

IPSG_ADDEXCLUDEDVLAN_ERROR· 243

IPSG_DELEXCLUDEDVLAN_ERROR· 244

IRDP messages· 244

IRDP_EXCEED_ADVADDR_LIMIT· 244

ISIS messages· 245

ISIS_MEM_ALERT· 245

ISIS_NBR_CHG·· 245

ISSU messages· 245

ISSU_ROLLBACKCHECKNORMAL· 246

ISSU_PROCESSWITCHOVER· 246

L2PT messages· 246

L2PT_SET_MULTIMAC_FAILED·· 247

L2PT_CREATE_TUNNELGROUP_FAILED·· 247

L2PT_ADD_GROUPMEMBER_FAILED·· 247

L2PT_ENABLE_DROP_FAILED·· 248

L2VPN messages· 248

L2VPN_HARD_RESOURCE_NOENOUGH· 248

L2VPN_HARD_RESOURCE_RESTORE· 249

LAGG messages· 249

LACP_MAD_INTERFACE_CHANGE_STATE· 249

LAGG_ACTIVE· 250

LAGG_INACTIVE_AICFG·· 250

LAGG_INACTIVE_CONFIGURATION· 251

LAGG_INACTIVE_DUPLEX· 251

LAGG_INACTIVE_HARDWAREVALUE· 252

LAGG_INACTIVE_LOWER_LIMIT· 252

LAGG_INACTIVE_PARTNER· 253

LAGG_INACTIVE_PHYSTATE· 253

LAGG_INACTIVE_RESOURCE_INSUFICIE· 254

LAGG_INACTIVE_SPEED·· 254

LAGG_INACTIVE_UPPER_LIMIT· 255

LDP messages· 255

LDP_SESSION_CHG·· 256

LDP_SESSION_GR· 257

LDP_SESSION_SP· 257

LDP_MPLSLSRID_CHG·· 258

LLDP messages· 258

LLDP_CREATE_NEIGHBOR· 258

LLDP_DELETE_NEIGHBOR· 259

LLDP_LESS_THAN_NEIGHBOR_LIMIT· 259

LLDP_NEIGHBOR_AGE_OUT· 260

LLDP_PVID_INCONSISTENT· 260

LLDP_REACH_NEIGHBOR_LIMIT· 261

LOAD messages· 261

BOARD_LOADING·· 261

LOAD_FAILED·· 262

LOAD_FINISHED·· 262

LOGIN messages· 262

LOGIN_FAILED·· 263

LPDT messages· 263

LPDT_LOOPED·· 263

LPDT_RECOVERED·· 263

LS messages· 264

LS_ADD_USER_TO_GROUP· 264

LS_AUTHEN_FAILURE· 264

LS_AUTHEN_SUCCESS· 265

LS_DEL_USER_FROM_GROUP· 265

LS_DELETE_PASSWORD_FAIL· 265

LS_PWD_ADDBLACKLIST· 266

LS_PWD_CHGPWD_FOR_AGEDOUT· 266

LS_PWD_CHGPWD_FOR_AGEOUT· 266

LS_PWD_CHGPWD_FOR_COMPOSITION· 267

LS_PWD_CHGPWD_FOR_FIRSTLOGIN· 267

LS_PWD_CHGPWD_FOR_LENGTH· 267

LS_PWD_FAILED2WRITEPASS2FILE· 268

LS_PWD_MODIFY_FAIL· 268

LS_PWD_MODIFY_SUCCESS· 269

LS_REAUTHEN_FAILURE· 269

LS_UPDATE_PASSWORD_FAIL· 269

LS_USER_CANCEL· 270

LS_USER_PASSWORD_EXPIRE· 270

LS_USER_ROLE_CHANGE· 270

LSPV messages· 271

LSPV_PING_STATIS_INFO·· 271

MAC messages· 271

MAC_TABLE_FULL_GLOBAL· 271

MAC_TABLE_FULL_PORT· 272

MAC_TABLE_FULL_VLAN· 272

MACA messages· 272

MACA_ENABLE_NOT_EFFECTIVE· 273

MACA_LOGIN_FAILURE· 273

MACA_LOGIN_SUCC· 274

MACA_LOGOFF· 274

MACSEC messages· 274

MACSEC_MKA_KEEPALIVE_TIMEOUT· 275

MACSEC_MKA_PRINCIPAL_ACTOR· 275

MACSEC_MKA_SAK_REFRESH· 276

MACSEC_MKA_SESSION_REAUTH· 276

MACSEC_MKA_SESSION_SECURED·· 277

MACSEC_MKA_SESSION_START· 277

MACSEC_MKA_SESSION_STOP· 278

MACSEC_MKA_SESSION_UNSECURED·· 278

MBFD messages· 278

MBFD_TRACEROUTE_FAILURE· 279

MDC messages· 279

MDC_CREATE· 279

MDC_CREATE_ERR· 280

MDC_DELETE· 280

MDC_LICENSE_EXPIRE· 281

MDC_NO_FORMAL_LICENSE· 281

MDC_NO_LICENSE_EXIT· 281

MDC_OFFLINE· 282

MDC_ONLINE· 282

MDC_STATE_CHANGE· 282

MFIB messages· 282

MFIB_MEM_ALERT· 283

MGROUP messages· 283

MGROUP_APPLY_SAMPLER_FAIL· 283

MGROUP_RESTORE_CPUCFG_FAIL· 284

MGROUP_RESTORE_IFCFG_FAIL· 284

MGROUP_SYNC_CFG_FAIL· 285

MPLS messages· 285

MPLS_HARD_RESOURCE_NOENOUGH· 285

MPLS_HARD_RESOURCE_RESTORE· 286

MSTP messages· 286

MSTP_BPDU_PROTECTION· 286

MSTP_BPDU_RECEIVE_EXPIRY· 287

MSTP_DETECTED_TC· 287

MSTP_DISABLE· 287

MSTP_DISCARDING·· 288

MSTP_ENABLE· 288

MSTP_FORWARDING·· 288

MSTP_LOOP_PROTECTION· 289

MSTP_NOT_ROOT· 289

MSTP_NOTIFIED_TC· 289

MSTP_ROOT_PROTECTION· 290

MTLK messages· 290

MTLK_UPLINK_STATUS_CHANGE· 290

ND messages· 290

ND_CONFLICT· 291

ND_DUPADDR· 291

ND_RAGUARD_DROP· 292

NQA messages· 292

NQA_LOG_UNREACHABLE· 292

NTP messages· 292

NTP_CHANGE_LEAP· 293

NTP_CHANGE_STRATUM·· 293

NTP_CLOCK_CHANGE· 294

NTP_SOURCE_CHANGE· 294

NTP_SOURCE_LOST· 294

OFP·· 295

OFP_ACTIVE· 295

OFP_ACTIVE_FAILED·· 295

OFP_CONNECT· 296

OFP_FAIL_OPEN· 296

OFP_FLOW_ADD·· 297

OFP_FLOW_ADD_DUP· 297

OFP_FLOW_ADD_FAILED·· 298

OFP_FLOW_ADD_FAILED_SMOOTH· 298

OFP_FLOW_ADD_TABLE_MISS· 299

OFP_FLOW_ADD_TABLE_MISS_FAILED·· 299

OFP_FLOW_DEL· 300

OFP_FLOW_DEL_TABLE_MISS· 300

OFP_FLOW_DEL_TABLE_MISS_FAILED·· 301

OFP_FLOW_MOD·· 301

OFP_FLOW_MOD_FAILED·· 302

OFP_FLOW_MOD_TABLE_MISS· 302

OFP_FLOW_MOD_TABLE_MISS_FAILED·· 303

OFP_FLOW_RMV_GROUP· 303

OFP_FLOW_RMV_HARDTIME· 304

OFP_FLOW_RMV_IDLETIME· 304

OFP_FLOW_RMV_METER· 305

OFP_GROUP_ADD·· 305

OFP_GROUP_ADD_FAILED·· 306

OFP_GROUP_DEL· 306

OFP_GROUP_MOD·· 307

OFP_GROUP_MOD_FAILED·· 307

OFP_LOCAL_FLOW_FAILED·· 308

OFP_METER_ADD·· 308

OFP_METER_ADD_FAILED·· 309

OFP_METER_DEL· 309

OFP_METER_MOD·· 310

OFP_METER_MOD_FAILED·· 310

OFP_MISS_RMV_GROUP· 311

OFP_MISS_RMV_HARDTIME· 311

OFP_MISS_RMV_IDLETIME· 311

OFP_MISS_RMV_METER· 312

OPTMOD messages· 312

BIAS_HIGH· 312

BIAS_LOW·· 312

BIAS_NORMAL· 313

CFG_ERR· 313

CHKSUM_ERR· 313

IO_ERR· 314

MOD_ALM_OFF· 314

MOD_ALM_ON· 314

MODULE_IN· 315

MODULE_OUT· 315

PHONY_MODULE· 315

RX_ALM_OFF· 316

RX_ALM_ON· 316

RX_POW_HIGH· 316

RX_POW_LOW·· 317

RX_POW_NORMAL· 317

TEMP_HIGH· 317

TEMP_LOW·· 318

TEMP_NORMAL· 318

TX_ALM_OFF· 318

TX_ALM_ON· 319

TX_POW_HIGH· 319

TX_POW_LOW·· 319

TX_POW_NORMAL· 320

TYPE_ERR· 320

VOLT_HIGH· 320

VOLT_LOW·· 321

VOLT_NORMAL· 321

OSPF messages· 321

OSPF_DUP_RTRID_NBR· 322

OSPF_IP_CONFLICT_INTRA· 322

OSPF_LAST_NBR_DOWN· 323

OSPF_MEM_ALERT· 323

OSPF_NBR_CHG·· 324

OSPF_RTRID_CONFLICT_INTRA· 324

OSPF_RTRID_CONFLICT_INTER· 325

OSPF_RT_LMT· 325

OSPF_RTRID_CHG·· 325

OSPF_VLINKID_CHG·· 326

OSPFV3 messages· 326

OSPFV3_LAST_NBR_DOWN· 326

OSPFV3_MEM_ALERT· 327

OSPFV3_NBR_CHG·· 327

OSPFV3_RT_LMT· 327

PBB messages· 328

PBB_JOINAGG_WARNING·· 328

PBR messages· 328

PBR_HARDWARE_ERROR· 328

PEX messages· 329

PEX_ASSOCIATEID_MISMATCHING·· 329

PEX_CONFIG_ERROR· 329

PEX_CONNECTION_ERROR· 330

PEX_FORBID_STACK· 330

PEX_LINK_BLOCK· 331

PEX_LINK_DOWN· 332

PEX_LINK_FORWARD·· 332

PEX_REG_JOININ· 333

PEX_REG_LEAVE· 333

PEX_REG_REQUEST· 334

PEX_STACKCONNECTION_ERROR· 334

PFILTER messages· 334

PFILTER_GLB_IPV4_DACT_NO_RES· 335

PFILTER_GLB_IPV4_DACT_UNK_ERR· 335

PFILTER_GLB_IPV6_DACT_NO_RES· 335

PFILTER_GLB_IPV6_DACT_UNK_ERR· 336

PFILTER_GLB_MAC_DACT_NO_RES· 336

PFILTER_GLB_MAC_DACT_UNK_ERR· 336

PFILTER_GLB_NO_RES· 337

PFILTER_GLB_NOT_SUPPORT· 337

PFILTER_GLB_UNK_ERR· 338

PFILTER_IF_IPV4_DACT_NO_RES· 338

PFILTER_IF_IPV4_DACT_UNK_ERR· 339

PFILTER_IF_IPV6_DACT_NO_RES· 339

PFILTER_IF_IPV6_DACT_UNK_ERR· 340

PFILTER_IF_MAC_DACT_NO_RES· 340

PFILTER_IF_MAC_DACT_UNK_ERR· 341

PFILTER_IF_NO_RES· 341

PFILTER_IF_NOT_SUPPORT· 342

PFILTER_IF_UNK_ERR· 342

PFILTER_IPV6_STATIS_INFO·· 343

PFILTER_STATIS_INFO·· 343

PFILTER_VLAN_IPV4_DACT_NO_RES· 344

PFILTER_VLAN_IPV4_DACT_UNK_ERR· 344

PFILTER_VLAN_IPV6_DACT_NO_RES· 345

PFILTER_VLAN_IPV6_DACT_UNK_ERR· 345

PFILTER_VLAN_MAC_DACT_NO_RES· 346

PFILTER_VLAN_MAC_DACT_UNK_ERR· 346

PFILTER_VLAN_NO_RES· 347

PFILTER_VLAN_NOT_SUPPORT· 347

PFILTER_VLAN_UNK_ERR· 348

PIM messages· 348

PIM_MEM_ALERT· 348

PIM_NBR_DOWN· 349

PIM_NBR_UP· 349

PING messages· 349

PING_STATIS_INFO·· 350

PING_VPN_STATIS_INFO·· 350

PKI messages· 351

REQUEST_CERT_FAIL· 351

REQUEST_CERT_SUCCESS· 351

PKT2CPU messages· 351

PKT2CPU_NO_RESOURCE· 352

PORTSEC messages· 352

PORTSEC_ACL_FAILURE· 352

PORTSEC_LEARNED_MACADDR· 353

PORTSEC_NTK_NOT_EFFECTIVE· 353

PORTSEC_PORTMODE_NOT_EFFECTIVE· 354

PORTSEC_PROFILE_FAILURE· 354

PORTSEC_VIOLATION· 355

PPP messages· 355

IPPOOL_ADDRESS_EXHAUSTED·· 355

PWDCTL messages· 355

ADDBLACKLIST· 356

CHANGEPASSWORD·· 356

FAILEDTOWRITEPWD·· 356

QoS messages· 357

QOS_CBWFQ_REMOVED·· 357

QOS_POLICY_APPLYCOPP_CBFAIL· 357

QOS_POLICY_APPLYCOPP_FAIL· 358

QOS_POLICY_APPLYGLOBAL_CBFAIL· 358

QOS_POLICY_APPLYGLOBAL_FAIL· 359

QOS_POLICY_APPLYIF_CBFAIL· 359

QOS_POLICY_APPLYIF_FAIL· 360

QOS_POLICY_APPLYVLAN_CBFAIL· 360

QOS_POLICY_APPLYVLAN_FAIL· 361

QOS_NOT_ENOUGH_BANDWIDTH· 361

RADIUS messages· 361

RADIUS_AUTH_FAILURE· 362

RADIUS_AUTH_SUCCESS· 362

RADIUS_DELETE_HOST_FAIL· 362

RIP messages· 362

RIP_MEM_ALERT· 363

RIP_RT_LMT· 363

RIPNG messages· 363

RIPNG_MEM_ALERT· 363

RIPNG_RT_LMT· 364

RM messages· 364

RM_ACRT_REACH_LIMIT· 364

RM_ACRT_REACH_THRESVALUE· 365

RM_THRESHLD_VALUE_REACH· 365

SCM messages· 365

JOBINFO·· 366

RECV_DUPLICATEEVENT· 366

SERVICE_RESTART· 366

SERVICE_STATEERROR· 367

SERVICE_STATUSFAILED·· 367

SET_WRONGSTATUS· 367

SCRLSP messages· 368

SCRLSP_LABEL_DUPLICATE· 368

SFLOW messages· 368

SFLOW_HARDWARE_ERROR· 368

SHELL messages· 369

SHELL_CMD·· 369

SHELL_CMD_CONFIRM·· 369

SHELL_CMD_EXECUTEFAIL· 370

SHELL_CMD_INPUT· 370

SHELL_CMD_INPUT_TIMEOUT· 371

SHELL_CMD_MATCHFAIL· 371

SHELL_CMDDENY· 372

SHELL_CMDFAIL· 372

SHELL_CRITICAL_CMDFAIL· 372

SHELL_LOGIN· 373

SHELL_LOGOUT· 373

SLSP messages· 373

SLSP_LABEL_DUPLICATE· 374

SMLK messages· 374

SMLK_LINK_SWITCH· 374

SNMP messages· 374

SNMP_ACL_RESTRICTION· 375

SNMP_GET· 375

SNMP_NOTIFY· 376

SNMP_SET· 376

SNMP_USM_NOTINTIMEWINDOW·· 377

SNMP_AUTHENTICATION_FAILURE· 377

SPBM messages· 377

SPBM_LICENSE_EXPIRED·· 378

SPBM_LICENSE_EXPIRED_TIME· 378

SPBM_LICENSE_UNAVAILABLE· 378

SSHS messages· 379

SSHS_ALGORITHM_MISMATCH· 379

SSHS_AUTH_EXCEED_RETRY_TIMES· 379

SSHS_AUTH_FAIL· 380

SSHS_AUTH_TIMEOUT· 380

SSHS_CONNECT· 381

SSHS_DECRYPT_FAIL· 381

SSHS_DISCONNECT· 381

SSHS_ENCRYPT_FAIL· 382

SSHS_LOG·· 382

SSHS_MAC_ERROR· 383

SSHS_REACH_SESSION_LIMIT· 383

SSHS_REACH_USER_LIMIT· 383

SSHS_SCP_OPER· 384

SSHS_SFTP_OPER· 384

SSHS_SRV_UNAVAILABLE· 385

SSHS_VERSION_MISMATCH· 385

STAMGR messages· 385

STAMGR_ADDBAC_INFO·· 386

STAMGR_ADDSTA_INFO·· 386

STAMGR_DELBAC_INFO·· 386

STAMGR_DELSTA_INFO·· 387

STAMGR_STAIPCHANGE_INFO·· 387

STM messages· 387

STM_AUTO_UPDATE· 388

STM_MEMBERID_CONFLICT· 388

STM_MERGE· 388

STM_MERGE_NEED_REBOOT· 389

STM_LINK_RECOVERY· 389

STM_LINK_STATUS_DOWN· 389

STM_LINK_STATUS_TIMEOUT· 390

STM_LINK_STATUS_UP· 390

STM_SOMER_CHECK· 390

STP messages· 391

STP_DISPUTE· 391

STP_LOOPBACK_PROTECTION· 391

SYSEVENT· 391

EVENT_TIMEOUT· 392

SYSLOG messages· 392

SYSLOG_LOGFILE_FULL· 392

SYSLOG_RESTART· 393

TACACS messages· 393

TACACS_AUTH_FAILURE· 393

TACACS_AUTH_SUCCESS· 394

TACACS_DELETE_HOST_FAIL· 394

TELNETD messages· 394

TELNETD_REACH_SESSION_LIMIT· 394

TRILL messages· 395

TRILL_DUP_SYSTEMID·· 395

TRILL_INTF_CAPABILITY· 395

TRILL_INTF ENTERED_SUSPENDED·· 396

TRILL_INTF EXITED_SUSPENDED·· 396

TRILL_LICENSE_UNAVAILABLE· 397

TRILL_LICENSE_EXPIRED·· 397

TRILL_LICENSE_EXPIRED_TIME· 397

TRILL_MEM_ALERT· 398

TRILL_NBR_CHG·· 398

VLAN messages· 398

VLAN_FAILED·· 399

VLAN_VLANMAPPING_FAILED·· 399

VLAN_VLANTRANSPARENT_FAILED·· 399

VRRP messages· 400

VRRP_AUTH_FAILED·· 400

VRRP_CONFIG_ERROR· 400

VRRP_PACKET_ERROR· 401

VRRP_STATUS_CHANGE· 401

VRRP_VF_STATUS_CHANGE· 402

VRRP_VMAC_INEFFECTIVE· 402

VRRP_STATUS_CHANGE· 403

VRRP_VF_STATUS_CHANGE· 404

VRRP_VMAC_INEFFECTIVE· 404


Introduction

This document includes the following system messages:

·     Messages specific to Release 24xx of the device.

·     Messages for the Comware 7 software platform version based on which Release 24xx was produced. Some platform system messages might not be available on the device.

This document is intended only for managing 6300 switches. Do not use this document for any other device models.

This document assumes that the readers are familiar with data communications technologies and H3C networking products.

System log message format

By default, the system log messages use one of the following formats depending on the output destination:

·     Log host:

<PRI>TIMESTAMP Sysname %%vendorMODULE/severity/MNEMONIC: location; CONTENT

·     Destinations except for the log host:

Prefix TIMESTAMP Sysname MODULE/severity/MNEMONIC: CONTENT

Table 1 System log message elements

Element

Description

<PRI>

Priority identifier. It is calculated by using the following formula:

Priority identifier=facilityx8+severity

Where:

·     Facility is specified by using the info-center loghost command. A log host uses this parameter to identify log sources and filter log messages.

·     Severity represents the importance of the message. For more information about severity levels, see Table 2.

Prefix

Message type identifier.

The element uses the following symbols to indicate message severity:

·     Percentage sign (%)—Informational and higher levels.

·     Asterisk (*)—Debug level.

TIMESTAMP

Date and time when the event occurred.

The following are commands for configuring the timestamp format:

·     Log host—Use the info-center timestamp loghost command.

·     Non-log host destinations—Use the info-center timestamp command.

Sysname

Name or IP address of the device that generated the message.

%%vendor

Manufacturer flag. This element is %%10 for H3C.

MODULE

Name of the module that produced the message.

severity

Severity level of the message. (For more information about severity levels, see Table 2.)

MNEMONIC

Text string that uniquely identifies the system message. The maximum length is 32 characters.

location

Optional. This element presents location information for the message in the following format:

-attribute1=x-attribute2=y…-attributeN=z

This element is separated from the message description by using a semicolon (;).

CONTENT

Text string that contains detailed information about the event or error.

For variable fields in this element, this document uses the representations in Table 3.

 

System log messages are classified into eight severity levels from 0 to 7. The lower the number, the higher the severity.

Table 2 System log message severity levels

Level

Severity

Description

0

Emergency

The system is unusable. For example, the system authorization has expired.

1

Alert

Action must be taken immediately. For example, traffic on an interface exceeds the upper limit.

2

Critical

Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails.

3

Error

Error condition. For example, the link state changes or a storage card is unplugged.

4

Warning

Warning condition. For example, an interface is disconnected, or the memory resources are used up.

5

Notification

Normal but significant condition. For example, a terminal logs in to the device, or the device reboots.

6

Informational

Informational message. For example, a command or a ping operation is executed.

7

Debug

Debugging message.

 

For variable fields in the message text, this document uses the representations in Table 3. The values are case insensitive, even though the representations are uppercase letters.

Table 3 Variable field representations

Representation

Information type

INT16

Signed 16-bit decimal number.

UINT16

Unsigned 16-bit decimal number.

INT32

Signed 32-bit decimal number.

UINT32

Unsigned 32-bit decimal number.

INT64

Signed 64-bit decimal number.

UINT64

Unsigned 64-bit decimal number.

DOUBLE

Two dot-separated signed 32-bit decimal numbers. The format is [INTEGER].[INTEGER].

HEX

Hexadecimal number.

CHAR

Single character.

STRING

Character string.

IPADDR

IP address.

MAC

MAC address.

DATE

Date.

TIME

Time.

 

Managing and obtaining system log messages

You can manage system log messages by using the information center.

By default, the information center is enabled. Log messages can be output to the console, log buffer, monitor terminal, log host, and log file.

To filter log messages, use the info-center source command to specify log output rules. A log output rule specifies the source modules and the lowest severity level of log messages that can be output to a destination. A log message is output if its severity level is higher than or equal to the specified level. For example, if you specify a severity level of 6 (informational), log messages that have a severity level from 0 to 6 are output.

For more information about using the information center, see the network management and monitoring configuration guide for the product.

Obtaining log messages from the console terminal

Access the device through the console port. Real-time log messages are displayed on the console terminal.

Obtaining log messages from a monitor terminal

Monitor terminals refer to terminals that access the device through the AUX, VTY, or TTY lines (for example, Telnet).

To display log messages on the monitor terminal, you must execute the terminal monitor command. The lowest level of log messages that can be displayed is determined by both the terminal logging level and info-center source commands.

The terminal monitor and terminal logging level commands take effect only for the current terminal session. To display log messages on the monitor terminal or filter displayed log messages by severity after a relogin, you must re-execute the commands.

Obtaining log messages from the log buffer

Use the display logbuffer command to display history log messages in the log buffer.

Obtaining log messages from the log file

By default, the log file feature automatically saves logs from the log file buffer to the log file every 24 hours. You can use the info-center logfile frequency command to change the automatic saving internal. To manually save logs to the log file, use the logfile save command.

The log file buffer is cleared each time a save operation is performed.

By default, you can obtain the log file from the cfa0:/logfile/ path if the CF card is not partitioned. If the CF card is partitioned, the file path is cfa1:/logfile/. To display the contents of the log file, use the more command.

Obtaining log messages from a log host

Use the info-center loghost command to specify the service port number and IP address of a log host. To specify multiple log hosts, repeat the command.

For a successful log message transmission, make sure the specified port number is the same as the port number used on the log host. The default service port number is 514.

Software module list

Table 4 lists all software modules that might produce system log messages.

Table 4 Software module list

Module name representation

Module name expansion

AAA

Authentication, Authorization and Accounting

ACL

Access Control List

APMGR

Access Point Management

ARP

Address Resolution Protocol

ATK

Attack Detection and Prevention

BFD

Bidirectional Forwarding Detection

BGP

Border Gateway Protocol

CFD

Connectivity Fault Detection

CFGMAN

Configuration Management

DEV

Device Management

DHCP

Dynamic Host Configuration Protocol

DHCPR

DHCP relay agent

DHCPS

DHCP server

DHCPS6

IPv6 DHCP server

DHCPSP4

DHCP snooping

DHCPSP6

IPv6 DHCP snooping

DIAG

Diagnosis

DLDP

Device Link Detection Protocol

DOT1X

802.1X

ETHOAM

Ethernet Operation, Administration and Maintenance

EVB

Edge Virtual Bridging

EVIISIS

Ethernet Virtual Interconnect Intermediate System-to-Intermediate System

FILTER

Filter

FCOE

Fibre Channel Over Ethernet

FCLINK

Fibre Channel Link

FCZONE

Fibre Channel Zone

FIPS

FIP Snooping

FTPD

File Transfer Protocol Daemon

HA

High Availability

HTTPD

Hypertext Transfer Protocol Daemon

IFNET

Interface Net Management

IKE

Internet Key Exchange

IPSEC

IP Security

IPSG

IP Source Guard

IRDP

ICMP Router Discovery Protocol

ISIS

Intermediate System-to-Intermediate System

ISSU

In-Service Software Upgrade

L2PT

Layer 2 Protocol Tunneling

L2VPN

Layer 2 VPN

LAGG

Link Aggregation

LDP

Label Distribution Protocol

LLDP

Link Layer Discovery Protocol

LOAD

Load Management

LOGIN

Login

LPDT

Loopback Detection

LS

Local Server

LSPV

LSP Verification

MAC

Media Access Control

MACA

MAC Authentication

MACSEC

MACsec

MBFD

MPLS BFD

MDC

Multitenant Device Context

MFIB

Multicast Forwarding Information Base

MGROUP

Mirroring group

MPLS

Multiprotocol Label Switching

MSTP

Multiple Spanning Tree Protocol

MTLK

Monitor Link

ND

Neighbor Discovery

NQA

Network Quality Analyzer

NTP

Network Time Protocol

OFP

OpenFlow

OPTMOD

Optical Module

OSPF

Open Shortest Path First

OSPFV3

Open Shortest Path First Version 3

PBB

Provider Backbone Bridge

PBR

Policy-Based Routing

PEX

Port Extender

PFILTER

Packet Filter

PIM

Protocol Independent Multicast

PING

Packet Internet Groper

PKI

Public Key Infrastructure

PKT2CPU

Packet to CPU

PORTSEC

Port Security

PPP

Point to Point Protocol

PWDCTL

Password Control

QOS

Quality of Service

RADIUS

Remote Authentication Dial In User Service

RIP

Routing Information Protocol

RIPNG

Routing Information Protocol Next Generation

RM

Routing Management

SCM

Service Control Manager

SCRLSP

Static CRLSP

SFLOW

Sampled FLOW

SHELL

Shell

SLSP

Static LSP

SMLK

Smart Link

SNMP

Simple Network Management Protocol

SPBM

Shortest Path Bridging MAC Mode

SSHS

Secure Shell Server

STAMGR

Station Management

STM

Stack Topology Management (IRF)

STP

Spanning Tree Protocol

SYSEVENT

System Event

SYSLOG

System Log

TACACS

Terminal Access Controller Access Control System

TELNETD

Telecom Munication Network Protocol Daemon

TRILL

Transparent Interconnect of Lots of Links

VLAN

Virtual Local Area Network

VRRP

Virtual Router Redundancy Protocol

 

Using this document

This document categorizes system log messages by software modules. The modules are ordered alphabetically. For each module, the system log messages are also listed in alphabetic order of their mnemonic names.

This document explains messages in tables. Table 5 describes information provided in these tables.

Table 5 Message explanation table contents

Item

Content

Example

Message text

Presents the message description.

ACL [UINT32] [STRING] [UINT64] packet(s).

Variable fields

Briefly describes the variable fields in the order that they appear in the message text.

The variable fields are numbered in the "$Number" form to help you identify their location in the message text.

$1: ACL number.

$2: ID and content of an ACL rule.

$3: Number of packets that matched the rule.

Severity level

Provides the severity level of the message.

6

Example

Provides a real message example. The examples do not include the "<PRI>TIMESTAMP Sysname %%vendor" part or the "Prefix TIMESTAMP Sysname" part, because information in this part varies with system settings.

ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).

Explanation

Explains the message, including the event or error cause.

Number of packets that matched an ACL rule. This message is sent when the packet counter changes.

Recommended action

Provides recommended actions. For informational messages, no action is required.

No action is required.

 

AAA messages

This section contains AAA messages.

AAA_FAILURE

Message text

-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA failed.

Variable fields

$1: AAA type.

$2: AAA scheme.

$3: Service.

$4: User name.

Severity level

5

Example

AAA/5/AAA_FAILURE: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA is failed.

Explanation

An AAA request was rejected.

The following are the common reasons:

·     No response was received from the server.

·     The user name or password was incorrect.

·     The service type that the user applied for was incorrect.

Recommended action

1.     Verify that the device is correctly connected to the server.

2.     Enter the correct username and password.

3.     Verify that the server settings are the same as the settings on the device.

4.     If the problem persists, contact H3C Support.

 

AAA_LAUNCH

Message text

-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA launched.

Variable fields

$1: AAA type.

$2: AAA scheme.

$3: Service.

$4: User name.

Severity level

6

Example

AAA/6/AAA_LAUNCH: -AAAType=AUTHEN-AAADomain=domain1-Service=login-UserName=cwf@system; AAA launched.

Explanation

An AAA request was received.

Recommended action

No action is required.

 

AAA_SUCCESS

Message text

-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA is successful.

Variable fields

$1: AAA type.

$2: AAA scheme.

$3: Service.

$4: User name.

Severity level

6

Example

AAA/6/AAA_SUCCESS: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA is successful.

Explanation

An AAA request was accepted.

Recommended action

No action is required.

 

ACL messages

This section contains ACL messages.

ACL_IPV6_STATIS_INFO

Message text

IPv6 ACL [UINT32] [STRING] [UINT64] packet(s).

Variable fields

$1: ACL number.

$2: ID and content of an IPv6 ACL rule.

$3: Number of packets that matched the rule.

Severity level

6

Example

ACL6/6/ACL_IPV6_STATIS_INFO: IPv6 ACL 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s).

Explanation

The number of packets matching the IPv6 ACL rule changed.

Recommended action

No action is required.

 

ACL_NO_MEM

Message text

Failed to configure [STRING] ACL [UINT] due to lack of memory.

Variable fields

$1: ACL version.

$2: ACL number.

Severity level

3

Example

ACL/3/ACL_NO_MEM: Failed to configure ACL 2001 due to lack of memory.

Explanation

Configuring the ACL failed because memory is insufficient.

Recommended action

Use the display memory-threshold command to check the memory usage.

 

ACL_STATIS_INFO

Message text

ACL [UINT32] [STRING] [UINT64] packet(s).

Variable fields

$1: ACL number.

$2: ID and content of an IPv4 ACL rule.

$3: Number of packets that matched the rule.

Severity level

6

Example

ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).

Explanation

The number of packets matching the IPv4 ACL rule changed.

Recommended action

No action is required.

 

ACL_RESOURCE_INFO

Message text

The [STRING]’s TCAM resource usage is [UINT32]% ([UINT32] entries used, totally [UINT32] entries), higher than threshold([UINT32]%) on chassis [UINT32] slot [UINT32].

Variable fields

$1: Resource name: MAC, ROUTE, or ACL.

$2: TCAM resource usage.

$3: Number of TCAM entries used.

$4: Total number of TCAM entries.

$5: Resource usage threshold.

$6: IRF member ID.

$7: Slot ID.

Severity level

6

Example

The ACL’s TCAM resource usage is 87%(87 entries used, totally 100 entries), higher than threshold(80%) on chassis 1 slot 2.

Explanation

The TCAM usage exceeded the threshold.

Recommended action

No action is required.

 

APMGR messages

This section contains access point management messages.

APMGR_ADDBAC_INFO

Message text

Add BAS AC [STRING].

Variable fields

$1: MAC address of the BAS AC.

Severity level

6

Example

APMGR/6/APMGR_ADDBAC_INFO:

Add BAS AC 3ce5-a616-28cd.

Explanation

The BAS AC was connected to the master AC.

Recommended action

No action is required.

 

APMGR_DELBAC_INFO

Message text

Delete BAS AC [STRING].

Variable fields

$1: MAC address of the BAS AC.

Severity level

6

Example

APMGR/6/APMGR_DELBAC_INFO:

Delete BAS AC 3ce5-a616-28cd.

Explanation

The BAS AC was disconnected from the master AC.

Recommended action

No action is required.

 

ARP messages

This section contains ARP messages.

ARP_ACTIVE_ACK_NO_REPLY

Message text

No ARP reply from IP [STRING] was received on interface [STRING]

Variable fields

$1: IP address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_ACTIVE_ACK_NO_REPLY: No ARP reply from IP 192.168.10.1 was received on interface GigabitEthernet1/0/1.

Explanation

An attack was detected by ARP active acknowledgement.

An interface sent an ARP request to the sender IP of a received ARP message, but did not receive an ARP reply.

Recommended action

Verify that the host that sends the ARP message is legitimate.

 

ARP_ACTIVE_ACK_NOREQUESTED_REPLY

Message text

Interface [STRING] received from IP [STRING] an ARP reply that was not requested by the device.

Variable fields

$1: Interface name.

$2: IP address.

Severity level

6

Example

ARP/6/ARP_ACTIVE_ACK_NOREQUESTED_REPLY: Interface GigabitEthernet1/0/1 received from IP 192.168.10.1 an ARP reply that was not requested by the device.

Explanation

The ARP active acknowledgement feature received an unsolicited ARP reply from a sender IP.

This message indicates the risk of attacks.

Recommended action

No action is required. The device discards the ARP reply automatically.

 

ARP_RATE_EXCEEDED

Message text

The ARP packet rate ([UINT32] pps) exceeded the rate limit ([UINT32] pps) on interface [STRING] in the last [UINT32] seconds

Variable fields

$1: ARP packet rate.

$2: ARP limit rate.

$3: Interface name.

$4: Interval time.

Severity level

4

Example

ARP/4/ARP_RATE_EXCEEDED: The ARP packet rate (100 pps) exceeded the rate limit (80 pps) on interface GigabitEthernet1/0/1 in the last 10 seconds.

Explanation

An interface received ARP messages at a higher rate than the rate limit.

Recommended action

Verify that the host that sends the ARP packets is legitimate.

 

ARP_SENDER_IP_INVALID

Message text

Sender IP [STRING] was not on the same network as the receiving interface [STRING]

Variable fields

$1: IP address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_SENDER_IP_INVALID: Sender IP 192.168.10.2 was not on the same network as the receiving interface GigabitEthernet1/0/1.

Explanation

The sender IP of a received ARP message was not on the same network as the receiving interface.

Recommended action

Verify that the host with the sender IP address is legitimate.

 

ARP_SENDER_MAC_INVALID

Message text

Sender MAC [STRING] was not identical to Ethernet source MAC [STRING] on interface [STRING]

Variable fields

$1: MAC address.

$2: MAC address.

$3: Interface name.

Severity level

6

Example

ARP/6/ARP_SENDER_MAC_INVALID: Sender MAC 0000-5E14-0E00 was not identical to Ethernet source MAC 0000-5C14-0E00 on interface GigabitEthernet1/0/1.

Explanation

An interface received an ARP message. The sender MAC address in the message body was not identical to the source MAC address in the Ethernet header.

Recommended action

Verify that the host with the sender MAC address is legitimate.

 

ARP_SENDER_SMACCONFLICT_VSI

Message text

Packet was discarded because its sender MAC address was the MAC address of the receiving interface.

Interface: [STRING], sender IP: [STRING], target IP: [STRING],VSI index: [UINT32], link ID: [UINT32].

Variable fields

$1: Interface name.

$2: Sender IP address.

$3: Target IP address.

$4: VSI index.

$5: Link ID.

Severity level

6

Example

ARP/6/ARP_SENDER_SMACCONFLICT_VSI: Packet discarded for the sender MAC address is the same as the receiving interface.

Interface: VSI3 sender IP: 1.1.2.2 target IP: 1.1.2.1, VSI Index: 2, Link ID: 0

Explanation

The device discarded an ARP packet from a VSI because the sender MAC address of the ARP packet is the same as the MAC address of the receiving interface.

Recommended action

No action is required.

 

ARP_SENDER_SMACCONFLICT

Message text

Packet was discarded because its sender MAC address was the MAC address of the receiving interface.

Interface: [STRING], sender IP: [STRING], target IP: [STRING].

Variable fields

$1: Interface name.

$2: Sender IP address.

$3: Target IP address.

Severity level

6

Example

ARP/6/ARP_SENDER_SMACCONFLICT: Packet discarded for the sender MAC address is the same as the receiving interface.

Interface: GE1/0/1 sender IP: 1.1.2.2 target IP: 1.1.2.1,

Explanation

The device discarded an ARP packet because the sender MAC address of the ARP packet is the same as the MAC address of the receiving interface.

Recommended action

No action is required.

 

ARP_SRC_MAC_FOUND_ATTACK

Message text

An attack from MAC [STRING] was detected on interface [STRING]

Variable fields

$1: MAC address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_SRC_MAC_FOUND_ATTACK: An attack from MAC 0000-5E14-0E00 was detected on interface GigabitEthernet1/0/1.

Explanation

An attack was detected by source MAC-based ARP attack detection.

The number of ARP packets that the device received from the same MAC address within 5 seconds exceeded the specified threshold.

Recommended action

Verify that the host with the source MAC address is legitimate.

 

ARP_TARGET_IP_INVALID

Message text

Target IP [STRING] was not the IP of the receiving interface [STRING]

Variable fields

$1: IP address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_TARGET_IP_INVALID: Target IP 192.168.10.2 was not the IP of the receiving interface GigabitEthernet1/0/1.

Explanation

The target IP address of a received ARP message was not the IP address of the receiving interface.

Recommended action

Verify that the host that sends this ARP message is legitimate.

 

DUPIFIP

Message text

Duplicate address [STRING] on interface [STRING], sourced from [STRING]

Variable fields

$1: IP address.

$2: Interface name.

$3: MAC Address.

Severity level

6

Example

ARP/6/DUPIFIP: Duplicate address 1.1.1.1 on interface GigabitEthernet1/0/1, sourced from 0015-E944-A947

Explanation

A duplicate address was detected by ARP.

The sender IP in a received ARP packet was being used by the receiving interface.

Recommended action

Modify the IP address configuration.

 

DUPIP

Message text

IP address [STRING] conflicts with global or imported IP address, sourced from [STRING]

Variable fields

$1: IP address.

$2: MAC Address.

Severity level

6

Example

ARP/6/DUPIP: IP address 30.1.1.1 conflicts with global or import IP address, sourced from 0000-0000-0001

Explanation

The sender IP address of the received ARP packet conflicted with the global or imported IP address.

Recommended action

Modify the IP address configuration.

 

DUPVRRPIP

Message text

IP address [STRING] collision with VRRP virtual IP address on interface [STRING], sourced from [STRING]

Variable fields

$1: IP address.

$2: Interface name.

$3: MAC address.

Severity level

6

Example

ARP/6/DUPVRRPIP: IP address 1.1.1.1 conflicts with VRRP virtual IP address on interface GigabitEthernet1/0/1, sourced from 0015-E944-A947

Explanation

The sender IP address of the received ARP packet conflicted with the VRRP virtual IP address.

Recommended action

Modify the IP address configuration.

 

ARP_SENDER_SMACCONFLICT

Message text

Packet was discarded because its sender MAC address was the MAC address of the receiving interface.

Interface: [STRING], sender IP: [STRING], target IP: [STRING].

Variable fields

$1: Interface name.

$2: Sender IP address.

$3: Target IP address.

Severity level

6

Example

ARP/6/ARP_SENDER_SMACCONFLICT: Packet discarded for the sender MAC address is the same as the receiving interface.

Interface: GigabitEthernet1/0/1 sender IP: 1.1.2.2 target IP: 1.1.2.1,

Explanation

The sender MAC address of a received ARP packet conflicts with the MAC address of the device.

Recommended action

No action is required.

 

ARP_SENDER_SMACCONFLICT_VSI

Message text

Packet was discarded because its sender MAC address was the MAC address of the receiving interface.

Interface: [STRING], sender IP: [STRING], target IP: [STRING],VSI index: [UINT32], link ID: [UINT32].

Variable fields

$1: Interface name.

$2: Sender IP address.

$3: Target IP address.

$4: VSI index.

$5: Link ID.

Severity level

6

Example

ARP/6/ ARP_SENDER_SMACCONFLICT_VSI: Packet discarded for the sender MAC address is the same as the receiving interface.

Interface: VSI3 sender IP: 1.1.2.2 target IP: 1.1.2.1, VSI Index: 2, Link ID: 0

Explanation

The sender MAC address of a received ARP packet conflicts with the MAC address of the device. The receiving interface is a VSI interface.

Recommended action

No action is required.

 

 

 

ATK messages

This section contains attack detection and prevention messages.

ATKDF_ICMP_ADDRMASK_REQ

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_ADDRMASK_REQ: IcmpType(1058)=17; RcvIfName(1023)=GigabitEthernet1/0/1; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2;

Explanation

This message is sent when ICMP address mask request logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMP_ADDRMASK_REQ_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_ADDRMASK_REQ_RAW: IcmpType(1058)=17; RcvIfName(1023)=GigabitEthernet1/0/1; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP address mask request is received.

Recommended action

No action is required.

 

ATKDF_ICMP_ADDRMASK_RPL

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_ADDRMASK_RPL: IcmpType(1058)=18; RcvIfName(1023)=GigabitEthernet1/0/1; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2;

Explanation

This message is sent when ICMP address mask reply logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMP_ADDRMASK_RPL_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_ADDRMASK_RPL_RAW: IcmpType(1058)=18; RcvIfName(1023)=GigabitEthernet1/0/1; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received.

Recommended action

No action is required.

 

ATKDF_ICMP_ECHO_REQ

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_ECHO_REQ: IcmpType(1058)=8; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2;

Explanation

This message is sent when ICMP echo request logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMP_ECHO_REQ_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1004)=[UINT16]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Destination port number.

$7: Name of the receiving VPN instance.

$8: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_ECHO_REQ_RAW: IcmpType(1058)=8; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DstPort(1004)=22; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP echo request is received.

Recommended action

No action is required.

 

ATKDF_ICMP_ECHO_RPL

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_ECHO_RPL: IcmpType(1058)=0; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2;

Explanation

This message is sent when ICMP echo reply logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMP_ECHO_RPL_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_ECHO_RPL_RAW: IcmpType(1058)=0; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP echo reply is received.

Recommended action

No action is required.

 

ATKDF_ICMP_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IP address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_ICMP_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_ICMP_INFO_REQ

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_INFO_REQ: IcmpType(1058)=15; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2;

Explanation

This message is sent when ICMP information request logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMP_INFO_REQ_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_INFO_REQ_RAW: IcmpType(1058)=15; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP information request is received.

Recommended action

No action is required.

 

ATKDF_ICMP_INFO_RPL

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_INFO_RPL: IcmpType(1058)=16; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2;

Explanation

This message is sent when ICMP information reply logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMP_INFO_RPL_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_INFO_RPL_RAW: IcmpType(1058)=16; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP information reply is received.

Recommended action

No action is required.

 

ATKDF_ICMP_LARGE

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_ICMP_LARGE: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2;

Explanation

This message is sent when large ICMP packet logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMP_LARGE_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_ICMP_LARGE_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a large ICMP packet is received.

Recommended action

No action is required.

 

ATKDF_ICMP_PARAPROBLEM

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_PARAPROBLEM: IcmpType(1058)=12; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2;

Explanation

This message is sent when ICMP parameter problem logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMP_PARAPROBLEM_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_PARAPROBLEM_RAW: IcmpType(1058)=12; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received.

Recommended action

No action is required.

 

ATKDF_ICMP_PINGOFDEATH

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_ICMP_PINGOFDEATH: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0.

Recommended action

No action is required.

 

ATKDF_ICMP_PINGOFDEATH_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_ICMP_PINGOFDEATH_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_ICMP_REDIRECT

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_REDIRECT: IcmpType(1058)=5; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2;

Explanation

This message is sent when ICMP redirect logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMP_REDIRECT_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_REDIRECT_RAW: IcmpType(1058)=5; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received.

Recommended action

No action is required.

 

ATKDF_ICMP_SMURF

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_ICMP_SMURF: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses:

·     A broadcast or network address of A, B, or C class.

·     An IP address of D or E class.

·     The broadcast or network address of the network where the receiving interface resides.

Recommended action

No action is required.

 

ATKDF_ICMP_SMURF_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_ICMP_SMURF_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses:

·     A broadcast or network address of A, B, or C class.

·     An IP address of D or E class.

·     The broadcast or network address of the network where the receiving interface resides.

If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time a request is received.

Recommended action

No action is required.

 

ATKDF_ICMP_SOURCEQUENCH

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_SOURCEQUENCH: IcmpType(1058)=4; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2;

Explanation

This message is sent when ICMP source quench logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMP_SOURCEQUENCH_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_SOURCEQUENCH_RAW: IcmpType(1058)=4; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMP source quench packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP source quench packet is received.

Recommended action

No action is required.

 

ATKDF_ICMP_TIMEEXCEED

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_TIMEEXCEED: IcmpType(1058)=11; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2;

Explanation

This message is sent when ICMP time exceeded logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMP_TIMEEXCEED_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_TIMEEXCEED_RAW: IcmpType(1058)=11; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMP time exceeded packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet is received.

Recommended action

No action is required.

 

ATKDF_ICMP_TRACEROUTE

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_ICMP_TRACEROUTE: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for ICMP time exceeded packets of code 0.

Recommended action

No action is required.

 

ATKDF_ICMP_TRACEROUTE_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_ICMP_TRACEROUTE_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMP time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet of code 0 is received.

Recommended action

No action is required.

 

ATKDF_ICMP_TSTAMP_REQ

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_TSTAMP_REQ: IcmpType(1058)=13; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2;

Explanation

This message is sent when ICMP timestamp logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMP_TSTAMP_REQ_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_TSTAMP_REQ_RAW: IcmpType(1058)=13; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMP timestamp packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP timestamp packet is received.

Recommended action

No action is required.

 

ATKDF_ICMP_TSTAMP_RPL

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_TSTAMP_RPL: IcmpType(1058)=14; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2;

Explanation

This message is sent when ICMP timestamp reply logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMP_TSTAMP_RPL_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_TSTAMP_RPL_RAW: IcmpType(1058)=14; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMP timestamp replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP timestamp reply is received.

Recommended action

No action is required.

 

ATKDF_ICMP_TYPE

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_TYPE: IcmpType(1058)=38; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for user-defined ICMP packets.

Recommended action

No action is required.

 

ATKDF_ICMP_TYPE_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_TYPE_RAW: IcmpType(1058)=38; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for user-defined ICMP packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a user-defined ICMP packet is received.

Recommended action

No action is required.

 

ATKDF_ICMP_UNREACHABLE

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_UNREACHABLE: IcmpType(1058)=3; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2;

Explanation

This message is sent when ICMP destination unreachable logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMP_UNREACHABLE_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMP_UNREACHABLE_RAW: IcmpType(1058)=3; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMP destination unreachable packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP destination unreachable packet is received.

Recommended action

No action is required.

 

ATKDF_ICMPV6_DEST_UNREACH

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_DEST_UNREACH: Icmpv6Type(1059)=133; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2;

Explanation

This message is sent when ICMPv6 destination unreachable logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMPV6_DEST_UNREACH_RAW

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_DEST_UNREACH_RAW: Icmpv6Type(1059)=133; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMPv6 destination unreachable packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMPv6 destination unreachable packet is received.

Recommended action

No action is required.

 

ATKDF_ICMPV6_ECHO_REQ

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_ECHO_REQ: Icmpv6Type(1059)=128; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2;

Explanation

This message is sent when ICMPv6 echo request logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMPV6_ECHO_REQ_RAW

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_ECHO_REQ_RAW: Icmpv6Type(1059)=128; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMPv6 echo requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMPv6 echo request is received.

Recommended action

No action is required.

 

ATKDF_ICMPV6_ECHO_RPL

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_ECHO_RPL: Icmpv6Type(1059)=129; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2;

Explanation

This message is sent when ICMPv6 echo reply logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMPV6_ECHO_RPL_RAW

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_ECHO_RPL_RAW: Icmpv6Type(1059)=129; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMPv6 echo replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMPv6 echo reply is received.

Recommended action

No action is required.

 

ATKDF_ICMPV6_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IPv6 address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_ICMPV6_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPv6Addr(1007)=2002::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of ICMPv6 packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_ICMPV6_GROUPQUERY

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_GROUPQUERY: Icmpv6Type(1059)=130; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2;

Explanation

This message is sent when ICMPv6 multicast listener query logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMPV6_GROUPQUERY_RAW

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_GROUPQUERY_RAW: Icmpv6Type(1059)=130; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMPv6 multicast listener queries of the same attributes, this message is sent only when the first query is received.

If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener query is received.

Recommended action

No action is required.

 

ATKDF_ICMPV6_GROUPREDUCTION

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_GROUPREDUCTION: Icmpv6Type(1059)=132; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2;

Explanation

This message is sent when ICMPv6 multicast listener done logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMPV6_GROUPREDUCTION_RAW

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_GROUPREDUCTION_RAW: Icmpv6Type(1059)=132; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMPv6 multicast listener done packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener done packet is received.

Recommended action

No action is required.

 

ATKDF_ICMPV6_GROUPREPORT

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_GROUPREPORT: Icmpv6Type(1059)=131; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2;

Explanation

This message is sent when ICMPv6 multicast listener report logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMPV6_GROUPREPORT_RAW

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_GROUPREPORT_RAW: Icmpv6Type(1059)=131; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMPv6 multicast listener reports of the same attributes, this message is sent only when the first report is received.

If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener report is received.

Recommended action

No action is required.

 

ATKDF_ICMPV6_LARGE

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

$6: Start time of the attack.

$7: End time of the attack.

$8: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_ICMPV6_LARGE: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2;

Explanation

This message is sent when large ICMPv6 packet logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMPV6_LARGE_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_ICMPV6_LARGE_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for large ICMPv6 packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a large ICMPv6 packet is received.

Recommended action

No action is required.

 

ATKDF_ICMPV6_PACKETTOOBIG

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_PACKETTOOBIG: Icmpv6Type(1059)=136; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2;

Explanation

This message is sent when ICMPv6 packet too big logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMPV6_PACKETTOOBIG_RAW

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_PACKETTOOBIG_RAW: Icmpv6Type(1059)=136; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMPv6 packet too big packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMPv6 packet too big packet is received.

Recommended action

No action is required.

 

ATKDF_ICMPV6_PARAPROBLEM

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_PARAPROBLEM: Icmpv6Type(1059)=135; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2;

Explanation

This message is sent when ICMPv6 parameter problem logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMPV6_PARAPROBLEM_RAW

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_PARAPROBLEM_RAW: Icmpv6Type(1059)=135; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMPv6 parameter problem packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMPv6 parameter problem packet is received.

Recommended action

No action is required.

 

ATKDF_ICMPV6_TIMEEXCEED

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_TIMEEXCEED: Icmpv6Type(1059)=134; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2;

Explanation

This message is sent when ICMPv6 time exceeded logs are aggregated.

Recommended action

No action is required.

 

ATKDF_ICMPV6_TIMEEXCEED_RAW

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_TIMEEXCEED_RAW: Icmpv6Type(1059)=134; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for ICMPv6 time exceeded packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet is received.

Recommended action

No action is required.

 

ATKDF_ICMPV6_TRACEROUTE

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

$6: Start time of the attack.

$7: End time of the attack.

$8: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_ICMPV6_TRACEROUTE: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for ICMPv6 time exceeded packets of code 0.

Recommended action

No action is required.

 

ATKDF_ICMPV6_TRACEROUTE_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

$6: Start time of the attack.

$7: End time of the attack.

$8: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_ICMPV6_TRACEROUTE_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435;

Explanation

If log aggregation is enabled, for ICMPv6 time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet of code 0 is received.

Recommended action

No action is required.

 

ATKDF_ICMPV6_TYPE

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_TYPE: Icmpv6Type(1059)=38; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for user-defined ICMPv6 packets.

Recommended action

No action is required.

 

ATKDF_ICMPV6_TYPE_RAW

Message text

Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: ICMPv6 message type.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_ICMPV6_TYPE_RAW: Icmpv6Type(1059)=38; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for user-defined ICMPv6 packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a user-defined ICMPv6 packet is received.

Recommended action

No action is required.

 

ATKDF_IP_OPTION

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

$9: Start time of the attack.

$10: End time of the attack.

$11: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_IP_OPTION: IPOptValue(1057)=38; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for packets with a user-defined IP option.

Recommended action

No action is required.

 

ATKDF_IP_OPTION_RAW

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_IP_OPTION_RAW: IPOptValue(1057)=38; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging;

Explanation

If log aggregation is enabled, for packets with a user-defined IP option and of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet with a user-defined IP option is received.

Recommended action

No action is required.

 

ATKDF_IP4_ACK_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IP address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_ACK_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of IPv4 ACK packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP4_DIS_PORTSCAN

Message text

RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IP address.

$3: Name of the receiving VPN instance.

$4: Actions against the attack.

$5: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_DIS_PORTSCAN: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=vpn1; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009052955.

Explanation

This message is sent when an IPv4 distributed port scan attack is detected.

Recommended action

No action is required.

 

ATKDF_IP4_DNS_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IP address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_DNS_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of IPv4 DNS queries sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP4_FIN_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IP address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_FIN_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of IPv4 FIN packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP4_FRAGMENT

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Protocol type.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_FRAGMENT: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for IPv4 packets with an offset smaller than 5 but bigger than 0.

Recommended action

No action is required.

 

ATKDF_IP4_FRAGMENT_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Protocol type.

$7: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_FRAGMENT_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging;

Explanation

This message is for the IPv4 fragment attack. The attack uses IPv4 packets with an offset smaller than 5 but bigger than 0.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP4_HTTP_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IP address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_HTTP_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of IPv4 HTTP Get packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP4_IMPOSSIBLE

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Protocol type.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_IMPOSSIBLE: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for IPv4 packets whose source IPv4 address is the same as the destination IPv4 address.

Recommended action

No action is required.

 

ATKDF_IP4_IMPOSSIBLE_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Protocol type.

$7: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_IMPOSSIBLE_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging;

Explanation

This message is for the IPv4 impossible packet attack. The attack uses IPv4 packets whose source IPv4 address is the same as the destination IPv4 address.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP4_IPSWEEP

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_IPSWEEP: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009060657.

Explanation

This message is sent when an IPv4 sweep attack is detected.

Recommended action

No action is required.

 

ATKDF_IP4_PORTSCAN

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; DstIPAddr(1007)=[IPADDR]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Name of the receiving VPN instance.

$5: Destination IP address.

$6: Actions against the attack.

$7: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_PORTSCAN: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; DstIPAddr(1007)=6.1.1.5; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009052955.

Explanation

This message is sent when an IPv4 port scan attack is detected.

Recommended action

No action is required.

 

ATKDF_IP4_RST_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IP address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_RST_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of IPv4 RST packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP4_SYN_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IP address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_SYN_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of IPv4 SYN packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP4_SYNACK_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IP address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_SYNACK_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of IPv4 SYN-ACK packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP4_TCP_ALLFLAGS

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TCP_ALLFLAGS: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for IPv4 TCP packets that have all flags set.

Recommended action

No action is required.

 

ATKDF_IP4_TCP_ALLFLAGS_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TCP_ALLFLAGS_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv4 TCP packets that have all flags set.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP4_TCP_FINONLY

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TCP_FINONLY: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for IPv4 TCP packets that have only the FIN flag set.

Recommended action

No action is required.

 

ATKDF_IP4_TCP_FINONLY_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TCP_FINONLY_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv4 TCP packets that have only the FIN flag set.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP4_TCP_INVALIDFLAGS

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TCP_INVALIDFLAGS: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include the following:

·     The RST and FIN flags are both set.

·     The RST and SYN flags are both set.

·     The RST, FIN, and SYN flags are all set.

·     The PSH, RST, and FIN flags are all set.

·     The PSH, RST, and SYN flags are all set.

·     The PSH, RST, SYN, and FIN flags are all set.

·     The ACK, RST, and FIN flags are all set.

·     The ACK, RST, and SYN flags are all set.

·     The ACK, RST, SYN, and FIN flags are all set.

·     The ACK, PSH, SYN, and FIN flags are all set.

·     The ACK, PSH, RST, and FIN flags are all set.

·     The ACK, PSH, RST, and SYN flags are all set.

Recommended action

No action is required.

 

ATKDF_IP4_TCP_INVALIDFLAGS_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TCP_INVALIDFLAGS_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include the following:

·     The RST and FIN flags are both set.

·     The RST and SYN flags are both set.

·     The RST, FIN, and SYN flags are all set.

·     The PSH, RST, and FIN flags are all set.

·     The PSH, RST, and SYN flags are all set.

·     The PSH, RST, SYN, and FIN flags are all set.

·     The ACK, RST, and FIN flags are all set.

·     The ACK, RST, and SYN flags are all set.

·     The ACK, RST, SYN, and FIN flags are all set.

·     The ACK, PSH, SYN, and FIN flags are all set.

·     The ACK, PSH, RST, and FIN flags are all set.

·     The ACK, PSH, RST, and SYN flags are all set.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP4_TCP_LAND

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TCP_LAND: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for IPv4 TCP SYN packets whose source IP address is a loopback address or the same as the destination IP address.

Recommended action

No action is required.

 

ATKDF_IP4_TCP_LAND_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TCP_LAND_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for the IPv4 land attack. The attack uses IPv4 TCP SYN packets whose source IP address is a loopback address or the same as the destination IP address.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP4_TCP_NULLFLAG

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TCP_NULLFLAG: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=4;

Explanation

This message is sent when logs are aggregated for IPv4 TCP packets that have no flag set.

Recommended action

No action is required.

 

ATKDF_IP4_TCP_NULLFLAG_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TCP_NULLFLAG_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv4 TCP packets that have no flag set.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP4_TCP_SYNFIN

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TCP_SYNFIN: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv4 TCP packets that have SYN and FIN flags set.

Recommended action

No action is required.

 

ATKDF_IP4_TCP_SYNFIN_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TCP_SYNFIN_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv4 TCP packets that have SYN and FIN flags set.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP4_TCP_WINNUKE

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TCP_WINNUKE: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=5;

Explanation

This message is sent when logs are aggregated for IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.

Recommended action

No action is required.

 

ATKDF_IP4_TCP_WINNUKE_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TCP_WINNUKE_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for the IPv4 WinNuke attack. The attack uses IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP4_TEARDROP

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Protocol type.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TEARDROP: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for IPv4 overlapping fragments.

Recommended action

No action is required.

 

ATKDF_IP4_TEARDROP_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Protocol type.

$7: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TEARDROP_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging;

Explanation

If log aggregation is enabled, for IPv4 overlapping fragments of the same attributes, this message is sent only when the first overlapping fragment is received.

If log aggregation is disabled, this message is sent every time an IPv4 overlapping fragment is received.

Recommended action

No action is required.

 

ATKDF_IP4_TINY_FRAGMENT

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Protocol type.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TINY_FRAGMENT: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=6;

Explanation

This message is sent when logs are aggregated for IPv4 packets with a datagram smaller than 68 bytes and the MF flag set.

Recommended action

No action is required.

 

ATKDF_IP4_TINY_FRAGMENT_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Protocol type.

$7: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_TINY_FRAGMENT_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging;

Explanation

This message is for the IPv4 tiny fragment attack. The attack uses IPv4 packets with a datagram smaller than 68 bytes and the MF flag set.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP4_UDP_BOMB

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_UDP_BOMB: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header.

Recommended action

No action is required.

 

ATKDF_IP4_UDP_BOMB_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_UDP_BOMB_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv4 UDP bomb attack. The attack uses IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP4_UDP_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IP address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_UDP_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of IPv4 UDP packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP4_UDP_FRAGGLE

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_UDP_FRAGGLE: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=11;

Explanation

This message is sent when logs are aggregated for IPv4 UDP packets with source port 7 and destination port 19.

Recommended action

No action is required.

 

ATKDF_IP4_UDP_FRAGGLE_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_UDP_FRAGGLE_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv4 UDP fraggle attack. The attack uses IPv4 UDP packets with source port 7 and destination port 19.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP4_UDP_SNORK

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_UDP_SNORK: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv4 UDP packets with source port 7, 19, or 135, and destination port 135.

Recommended action

No action is required.

 

ATKDF_IP4_UDP_SNORK_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP4_UDP_SNORK_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv4 UDP snork attack. The attack uses IPv4 UDP packets with source port 7, 19, or 135, and destination port 135.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP6_ACK_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IPv6 address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_ACK_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.

Explanation

This message is sent when the number of IPv6 ACK packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP6_DIS_PORTSCAN

Message text

RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IPv6 address.

$3: Name of the receiving VPN instance.

$4: Actions against the attack.

$5: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_DIS_PORTSCAN: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009100928.

Explanation

This message is sent when an IPv6 distributed port scan attack is detected.

Recommended action

No action is required.

 

ATKDF_IP6_DNS_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IPv6 address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_DNS_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.

Explanation

This message is sent when the number of IPv6 DNS queries sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP6_FIN_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IPv6 address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_FIN_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.

Explanation

This message is sent when the number of IPv6 FIN packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP6_FRAGMENT

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Protocol type.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_FRAGMENT: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging; BeginTime_c(1011)=20131011103335; EndTime_c(1012)=20131011103835; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv6 packets with an offset smaller than 5 but bigger than 0.

Recommended action

No action is required.

 

ATKDF_IP6_FRAGMENT_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Protocol type.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_FRAGMENT_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging;

Explanation

This message is for the IPv6 fragment attack. The attack uses IPv6 packets with an offset smaller than 5 but bigger than 0.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP6_HTTP_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IPv6 address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_HTTP_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.

Explanation

This message is sent when the number of IPv6 HTTP Get packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP6_IMPOSSIBLE

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Protocol type.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_IMPOSSIBLE: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging; BeginTime_c(1011)=20131011103335; EndTime_c(1012)=20131011103835; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv6 packets whose source IPv6 address is the same as the destination IPv6 address.

Recommended action

No action is required.

 

ATKDF_IP6_IMPOSSIBLE_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Protocol type.

$6: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_IMPOSSIBLE_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging;

Explanation

This message is for the IPv6 impossible packet attack. The attack uses IPv6 packets whose source IPv6 address is the same as the destination IPv6 address.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP6_IPSWEEP

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Name of the receiving VPN instance.

$4: Actions against the attack.

$5: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_IPSWEEP: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009100639.

Explanation

This message is sent when an IPv6 sweep attack is detected.

Recommended action

No action is required.

 

ATKDF_IP6_PORTSCAN

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Name of the receiving VPN instance.

$4: Destination IPv6 address.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_PORTSCAN: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; DstIPv6Addr(1037)=2::2; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009100455.

Explanation

This message is sent when an IPv6 port scan attack is detected.

Recommended action

No action is required.

 

ATKDF_IP6_RST_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IPv6 address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_RST_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.

Explanation

This message is sent when the number of IPv6 RST packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP6_SYN_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IPv6 address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_SYN_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.

Explanation

This message is sent when the number of IPv6 SYN packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP6_SYNACK_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IPv6 address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_SYNACK_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.

Explanation

This message is sent when the number of IPv6 SYN-ACK packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP6_TCP_ALLFLAGS

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

$6: Start time of the attack.

$7: End time of the attack.

$8: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_TCP_ALLFLAGS: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv6 TCP packets that have all flags set.

Recommended action

No action is required.

 

ATKDF_IP6_TCP_ALLFLAGS_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_TCP_ALLFLAGS_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv6 TCP packets that have all flags set.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP6_TCP_FINONLY

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

$6: Start time of the attack.

$7: End time of the attack.

$8: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_TCP_FINONLY: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv6 TCP packets that have only the FIN flag set.

Recommended action

No action is required.

 

ATKDF_IP6_TCP_FINONLY_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_TCP_FINONLY_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv6 TCP packets that have only the FIN flag set.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP6_TCP_INVALIDFLAGS

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

$6: Start time of the attack.

$7: End time of the attack.

$8: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_TCP_INVALIDFLAGS: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include the following:

·     The RST and FIN flags are both set.

·     The RST and SYN flags are both set.

·     The RST, FIN, and SYN flags are all set.

·     The PSH, RST, and FIN flags are all set.

·     The PSH, RST, and SYN flags are all set.

·     The PSH, RST, SYN, and FIN flags are all set.

·     The ACK, RST, and FIN flags are all set.

·     The ACK, RST, and SYN flags are all set.

·     The ACK, RST, SYN, and FIN flags are all set.

·     The ACK, PSH, SYN, and FIN flags are all set.

·     The ACK, PSH, RST, and FIN flags are all set.

·     The ACK, PSH, RST, and SYN flags are all set.

Recommended action

No action is required.

 

ATKDF_IP6_TCP_INVALIDFLAGS_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_TCP_INVALIDFLAGS_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include the following:

·     The RST and FIN flags are both set.

·     The RST and SYN flags are both set.

·     The RST, FIN, and SYN flags are all set.

·     The PSH, RST, and FIN flags are all set.

·     The PSH, RST, and SYN flags are all set.

·     The PSH, RST, SYN, and FIN flags are all set.

·     The ACK, RST, and FIN flags are all set.

·     The ACK, RST, and SYN flags are all set.

·     The ACK, RST, SYN, and FIN flags are all set.

·     The ACK, PSH, SYN, and FIN flags are all set.

·     The ACK, PSH, RST, and FIN flags are all set.

·     The ACK, PSH, RST, and SYN flags are all set.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP6_TCP_LAND

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

$6: Start time of the attack.

$7: End time of the attack.

$8: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_TCP_LAND: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv6 TCP SYN packets whose source IPv6 address is a loopback address or the same as the destination IPv6 address.

Recommended action

No action is required.

 

ATKDF_IP6_TCP_LAND_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_TCP_LAND_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for the IPv6 land attack. The attack uses IPv6 TCP SYN packets whose source IPv6 address is a loopback address or the same as the destination IPv6 address.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP6_TCP_NULLFLAG

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

$6: Start time of the attack.

$7: End time of the attack.

$8: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_TCP_NULLFLAG: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv6 TCP packets that have no flag set.

Recommended action

No action is required.

 

ATKDF_IP6_TCP_NULLFLAG_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_TCP_NULLFLAG_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv6 TCP packets that have no flag set.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP6_TCP_SYNFIN

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

$6: Start time of the attack.

$7: End time of the attack.

$8: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_TCP_SYNFIN: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv6 TCP packets that have SYN and FIN flags set.

Recommended action

No action is required.

 

ATKDF_IP6_TCP_SYNFIN_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_TCP_SYNFIN_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv6 TCP packets that have SYN and FIN flags set.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP6_TCP_WINNUKE

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

$6: Start time of the attack.

$7: End time of the attack.

$8: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_TCP_WINNUKE: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.

Recommended action

No action is required.

 

ATKDF_IP6_TCP_WINNUKE_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_TCP_WINNUKE_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for the IPv6 WinNuke attack. The attack uses IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP6_UDP_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IPv6 address.

$3: Name of the receiving VPN instance.

$4: Rate limit.

$5: Actions against the attack.

$6: Start time of the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_UDP_FLOOD: RcvIfName(1023)=GigabitEthernet1/0/2; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.

Explanation

This message is sent when the number of IPv6 UDP packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATKDF_IP6_UDP_FRAGGLE

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

$6: Start time of the attack.

$7: End time of the attack.

$8: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_UDP_FRAGGLE: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv6 UDP packets with source port 7 and destination port 19.

Recommended action

No action is required.

 

ATKDF_IP6_UDP_FRAGGLE_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_UDP_FRAGGLE_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv6 UDP fraggle attack. The attack uses IPv6 UDP packets with source port 7 and destination port 19.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IP6_UDP_SNORK

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

$6: Start time of the attack.

$7: End time of the attack.

$8: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_UDP_SNORK: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv6 UDP packets with source port 7, 19, or 135, and destination port 135.

Recommended action

No action is required.

 

ATKDF_IP6_UDP_SNORK_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IPv6 address.

$3: Destination IPv6 address.

$4: Name of the receiving VPN instance.

$5: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IP6_UDP_SNORK_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

This message is for IPv6 UDP snork attack. The attack uses IPv6 UDP packets with source port 7, 19, or 135, and port 135.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATKDF_IPOPT_ABNORMAL

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Protocol type.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

3

Example

ATTACK/3/ATKDF_IPOPT_ABNORMAL: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011072002; EndTime_c(1012)=20131011072502; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for packets with more than two IP options.

Recommended action

No action is required.

 

ATKDF_IPOPT_ABNORMAL_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Protocol type.

$7: Actions against the attack.

Severity level

3

Example

ATTACK/3/ATKDF_IPOPT_ABNORMAL_RAW: RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging;

Explanation

This message is for packets that each has more than two IP options.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet with more than two IP options is received.

Recommended action

No action is required.

 

ATKDF_IPOPT_LOOSESRCROUTE

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)= [UINT32];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

$9: Start time of the attack.

$10: End time of the attack.

$11: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_IPOPT_LOOSESRCROUTE: IPOptValue(1057)=131; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for packets with IP option 131.

Recommended action

No action is required.

 

ATKDF_IPOPT_LOOSESRCROUTE_RAW

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_IPOPT_LOOSESRCROUTE_RAW: IPOptValue(1057)=131; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging;

Explanation

If log aggregation is enabled, for packets with IP option 131 and of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet with IP option 131 is received.

Recommended action

No action is required.

 

ATKDF_IPOPT_RECORDROUTE

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

$9: Start time of the attack.

$10: End time of the attack.

$11: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_IPOPT_RECORDROUTE: IPOptValue(1057)=7; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for packets with IP option 7.

Recommended action

No action is required.

 

ATKDF_IPOPT_RECORDROUTE_RAW

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_IPOPT_RECORDROUTE_RAW: IPOptValue(1057)=7; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging;

Explanation

If log aggregation is enabled, for packets with IP option 7 and of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet with IP option 7 is received.

Recommended action

No action is required.

 

ATKDF_IPOPT_ROUTEALERT

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

$9: Start time of the attack.

$10: End time of the attack.

$11: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_IPOPT_ROUTEALERT: IPOptValue(1057)=148; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for packets with IP option 148.

Recommended action

No action is required.

 

ATKDF_IPOPT_ROUTEALERT_RAW

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_IPOPT_ROUTEALERT_RAW: IPOptValue(1057)=148; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging;

Explanation

If log aggregation is enabled, for packets with IP option 148 and of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet with IP option 148 is received.

Recommended action

No action is required.

 

ATKDF_IPOPT_SECURITY

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

$9: Start time of the attack.

$10: End time of the attack.

$11: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_IPOPT_SECURITY: IPOptValue(1057)=130; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131009091022; EndTime_c(1012)=20131009091522; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for packets with IP option 130.

Recommended action

No action is required.

 

ATKDF_IPOPT_SECURITY_RAW

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_IPOPT_SECURITY_RAW: IPOptValue(1057)=130; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging;

Explanation

If log aggregation is enabled, for packets with IP option 130 and of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet with IP option 130 is received.

Recommended action

No action is required.

 

ATKDF_IPOPT_STREAMID

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

$9: Start time of the attack.

$10: End time of the attack.

$11: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_IPOPT_STREAMID: IPOptValue(1057)=136; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for packets with IP option 136.

Recommended action

No action is required.

 

ATKDF_IPOPT_STREAMID_RAW

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_IPOPT_STREAMID_RAW: IPOptValue(1057)=136; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging;

Explanation

If log aggregation is enabled, for packets with IP option 136 and of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet with IP option 136 is received.

Recommended action

No action is required.

 

ATKDF_IPOPT_STRICTSRCROUTE

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

$9: Start time of the attack.

$10: End time of the attack.

$11: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_IPOPT_STRICTSRCROUTE: IPOptValue(1057)=137; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for packets with IP option 137.

Recommended action

No action is required.

 

ATKDF_IPOPT_STRICTSRCROUTE_RAW

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_IPOPT_STRICTSRCROUTE_RAW: IPOptValue(1057)=137; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging;

Explanation

If log aggregation is enabled, for packets with IP option 137 and of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet with IP option 137 is received.

Recommended action

No action is required.

 

ATKDF_IPOPT_TIMESTAMP

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

$9: Start time of the attack.

$10: End time of the attack.

$11: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_IPOPT_TIMESTAMP: IPOptValue(1057)=68; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3;

Explanation

This message is sent when logs are aggregated for packets with IP option 68.

Recommended action

No action is required.

 

ATKDF_IPOPT_TIMESTAMP_RAW

Message text

IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: IP option value.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Protocol type.

$8: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_IPOPT_TIMESTAMP_RAW: IPOptValue(1057)=68; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging;

Explanation

If log aggregation is enabled, for packets with IP option 68 and of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet with IP option 68 is received.

Recommended action

No action is required.

 

ATKDF_IPV6_EXT_HEADER

Message text

IPv6ExtHeader(1060)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32];

Variable fields

$1: IPv6 extension header value.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

5

Example

ATTACK/5/ATKDF_IPV6_EXT_HEADER: IPv6ExtHeader(1060)=43; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2;

Explanation

This message is sent when logs are aggregated for IPv6 packets with a user-defined extension header.

Recommended action

No action is required.

 

ATKDF_IPV6_EXT_HEADER_RAW

Message text

IPv6ExtHeader(1060)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING];

Variable fields

$1: IPv6 extension header value.

$2: Receiving interface name.

$3: Source IPv6 address.

$4: Destination IPv6 address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

5

Example

ATTACK/5/ATKDF_IPV6_EXT_HEADER_RAW: IPv6ExtHeader(1060)=43; RcvIfName(1023)=GigabitEthernet1/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging;

Explanation

If log aggregation is enabled, for IPv6 packets with a user-defined extension header and of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an IPv6 packet with a user-defined extension header is received.

Recommended action

No action is required.

 

BFD messages

This section contains BFD messages.

BFD_CHANGE_FSM

Message text

Sess[STRING], Sta: [STRING]->[STRING], Diag: [UINT32]

Variable fields

$1: Source address, destination address, interface, and message type of the BFD session.

$2: Name of FSM before changing.

$3: Name of FSM after changing.

$4: Diagnostic code.

Severity level

5

Example

BFD/5/BFD_CHANGE_FSM:Sess[20.0.4.2/20.0.4.1,LD/RD:533/532, Interface:Vlan204, SessType:Ctrl, LinkType:INET], Sta: INIT->UP, Diag: 0.

Explanation

The FSM of the BFD session has been changed. This informational message appears when a BFD session comes up or goes down. Unexpected session loss might indicate high error or packet loss rates in the network.

Recommended action

Check for incorrect BFD configuration or network congestion.

 

BFD_MAD_INTERFACE_CHANGE_STATE

Message text

[STRING] used for BFD MAD changed to the [STRING] state.

Variable fields

$1: Interface used for BFD MAD.

$2: BFD MAD status of the interface, which can be failure or normal.

Severity level

5

Example

BFD/5/BFD_MAD_INTERFACE_CHANGE_STATE: Vlan-interface2  used for BFD MAD changed to the failure state.

Explanation

The BFD MAD status of the interface changed.

Recommended action

Check whether the interface is down.

BFD_REACHED_UPPER_LIMIT

Message text

The total number of BFD sessions [UINT] reached the upper limit. Please avoid creating a new session.

Variable fields

$1: Total number of BFD sessions.

Severity level

5

Example

BFD/5/BFD_REACHED_UPPER_LIMIT: The total number of BFD sessions 100 reached upper limit. Please avoid creating a new session.

Explanation

The total number of BFD sessions reached the upper limit.

Recommended action

Check the BFD session configuration.

 

BGP messages

This section contains BGP messages.

BGP_EXCEED_ROUTE_LIMIT

Message text

The number of routes from peer [STRING] in exceeded the limit [UINT32].

Variable fields

$1: BGP peer IP address.

$2: Maximum number of routes.

Severity level

4

Example

BGP/4/BGP_EXCEEDED_ROUTE_LIMIT: The number of routes from peer 1.1.1.1 in exceeded the limit 100.

Explanation

The number of routes received from a peer exceeded the maximum number of routes that can be received from the peer.

Recommended action

Check whether you need to increase the maximum number of routes.

 

BGP_EXCEEDS_THRESHOLD

Message text

Threshold value [UINT32] reached for prefixes received from peer  [STRING].

Variable fields

$1: Percentage of received routes to the maximum number of routes.

$2: Peer IP address.

Severity level

5

Example

BGP/5/BGP_RECHED_THRESHOLD: Threshold value 20 reached for prefixes received from peer  1.1.1.1.

Explanation

The number of received routes reached the threshold.

Recommended action

Check whether you need to increase the threshold value or the maximum number of routes that can be received from the peer.

 

BGP_MEM_ALERT

Message text

BGP Process receive system memory alert  [STRING] event.

Variable fields

$1: Type of the memory alarm.

Severity level

5

Example

BGP/5/BGP_MEM_ALERT: BGP Process receive system memory alert start event.

Explanation

BGP received a memory alarm.

Recommended action

Check the system memory.

 

BGP_STATE_CHANGED

Message text

[STRING] state is changed from [STRING] to [STRING].

BGP. [STRING]: [STRING] State is changed from [STRING]to [STRING].

Variable fields

$1: VPN instance name.

$2: Peer IP address.

$3: Name of FSM before a state change.

$4: Name of FSM after a state change.

Severity level

5

Example

BGP/5/BGP_STATE_CHANGED: BGP.vpn1:192.99.0.2 state is changed from ESTABLISHED to IDLE.

Explanation

The FSM of a BGP peer changed.

This message is generated when a BGP peer comes up or goes down.

Recommended action

If a peer goes down unexpectedly, check for network failure or packet loss.

 

CFD messages

This section contains CFD messages.

CFD_CROSS_CCM

Message text

MEP [UINT16] in SI [INT32] received a cross-connect CCM. It’s SrcMAC is [MAC], SeqNum is [INT32], RMEP is [UINT16], MD ID is [STRING], MA ID is [STRING].

Variable fields

$1: Service instance ID.

$2: Local MEP ID.

$3: Source MAC address.

$4: Sequence number.

$5: Remote MEP ID.

$6: MD ID. If no MD ID is available, "without ID" is displayed.

$7: MA ID.

Severity level

6

Example

CFD/6/CFD_CROSS_CCM: MEP 13 in SI 10 received a cross-connect CCM. Its SrcMAC is 0011-2233-4401, SeqNum is 78, RMEP is 12, MD ID is without ID, MA ID is 0.

Explanation

A MEP received a cross-connect CCM containing a different MA ID or MD ID.

Recommended action

Check the configurations of MEPs at both ends. Make sure the MEPs have the same configurations, including MD, MA, and level.

 

CFD_ERROR_CCM

Message text

MEP [UINT16] in SI [INT32] received an error CCM. It’s SrcMAC is [MAC], SeqNum is [INT32], RMEP is [UINT16], MD ID is [STRING], MA ID is [STRING].

Variable fields

$1: Service instance ID.

$2: Local MEP ID.

$3: Source MAC address.

$4: Sequence number.

$5: Remote MEP ID.

$6: MD ID. If no MD ID is available, "without ID" is displayed.

$7: MA ID.

Severity level

6

Example

CFD/6/CFD_ERROR_CCM: MEP 2 in SI 7 received an error CCM. Its SrcMAC is 0011-2233-4401, SeqNum is 21, RMEP is 2, MD ID is 7, MA ID is 1.

Explanation

A MEP received an error CCM containing an unexpected MEP ID or lifetime.

Recommended action

Check the CCM configuration. Make sure the CCM intervals are the same at both ends, and the remote MEP ID is included in the MEP list of the local end.

 

CFD_LOST_CCM

Message text

MEP [UINT16] in SI [INT32] failed to receive CCMs from RMEP [UINT16].

Variable fields

$1: Local MEP ID.

$2: Service instance ID.

$3: Remote MEP ID.

Severity level

6

Example

CFD/6/CFD_LOST_CCM: MEP 1 in SI 7 received CCMs from RMEP 2.

Explanation

A MEP failed to receive CCMs within 3.5 sending intervals because the link was faulty or the remote MEP did not send CCM within 3.5 sending intervals.

Recommended action

1.     Check the link status for a faulty state (for example, the down or unidirectional state), and then recover the link.

2.     Check the configuration of the remote MEP. If the remote MEP is configured with the same service instance, make sure the CCM sending intervals are the same at both ends.

3.     If the problem persists, contact H3C Support.

 

CFD_RECEIVE_CCM

Message text

MEP [UINT16] in SI [INT32] received CCMs from RMEP [UINT16]

Variable fields

$1: Local MEP ID.

$2: Service instance ID.

$3: Remote MEP ID.

Severity level

6

Example

CFD/6/CFD_RECEIVE_CCM: MEP 1 in SI 7 received CCMs from RMEP 2.

Explanation

A MEP received CCMs from a remote MEP.

Recommended action

No action is required.

 

CFGMAN messages

This section contains configuration management messages.

CFGMAN_CFGCHANGED

Message text

-EventIndex=[INT32]-CommandSource=[INT32]-ConfigSource=[INT32]-ConfigDestination=[INT32]; Configuration is changed.

Variable fields

$1: Event index in the range of 1 to 2147483647.

$2: Specify the source command which brought the log, in the range of 1 to 3.

$3: Source of the configuration data event, in the range of 1 to 7.

$4: Destination for the configuration data event, in the range of 1 to 7.

Severity level

5

Example

CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=[6]-Comman

dSource=[2]-ConfigSource=[4]-ConfigDestination=[2]; Configuration is changed.

Explanation

The device recorded the logtale index, cmdsource, configsource, and configdestination for the running configuration that changed in the past 10 minutes.

Recommended action

No action is required.

 

CFGMAN_OPTCOMPLETION

Message text

-OperateType=[INT32]-OperateTime=[INT32]-OperateState=[INT32]-OperateEndTime=[INT32]; Operation is completed.

Variable fields

$1: Operation type in the range of 1 to 6.

$2: Operation time.

$3: Operation state in the range of 1 to 20.

$4: Operation end time.

Severity level

5

Example

CFGMAN/5/CFGMAN_OPTCOMPLETION: -OperateType=[1]-OperateTime=[248]-OperateState=[2]-OperateEndTime=[959983]; Operation is completed.

Explanation

The device recorded the type, state, start time, and end time of an operation.

Recommended action

No action is required.

 

DEV messages

This section contains device management messages.

BOARD_REBOOT

Message text

Board is rebooting on [STRING].

Variable fields

$1: Chassis number and slot number or slot number.

Severity level

5

Example

DEV/5/BOARD_REBOOT: Board is rebooting on Chassis 1 Slot 5.

Explanation

A card was manually or automatically rebooted.

Recommended action

If an unexpected automatic reboot occurred, perform the following tasks:

4.     Execute the display version command after the card starts up.

5.     Check the Last reboot reason field for the reboot reason.

6.     If an exception caused the reboot, contact H3C Support.

 

BOARD_REMOVED

Message text

Board is removed from [STRING], type is [STRING].

Variable fields

$1: Chassis number and slot number or slot number.

$2: Card type.

Severity level

3

Example

DEV/3/BOARD_REMOVED: Board is removed from Chassis 1 Slot 5, type is LSQ1FV48SA.

Explanation

An LPU or standby MPU was removed.

Recommended action

If the LPU or MPU was not manually removed, perform the following tasks:

1.     Verify that the card is securely seated.

2.     Replace the card if the message persists.

3.     If the problem persists, contact H3C Support.

 

BOARD_STATE_FAULT

Message text

Board state changes to FAULT on [STRING], type is [STRING].

Variable fields

$1: Chassis number and slot number or slot number.

$2: Card type.

Severity level

2

Example

DEV/2/BOARD_STATE_FAULT: Board state changes to FAULT on Chassis 1 Slot 5, type is LSQ1FV48SA.

Explanation

The card was starting up (initializing or loading software) or was not operating correctly.

Recommended action

·     If the card was newly installed, wait for the card to start up. The required startup time varies by card model and software version and is typically less than 10 minutes.

·     If the card was not newly installed, contact H3C Support.

 

BOARD_STATE_NORMAL

Message text

Board state changes to NORMAL on [STRING], type is [STRING].

Variable fields

$1: Chassis number and slot number or slot number.

$2: Card type.

Severity level

5

Example

DEV/5/BOARD_STATE_NORMAL: Board state changes to NORMAL on Chassis 1 Slot 5, type is LSQ1FV48SA.

Explanation

A newly installed LPU or standby MPU completed initialization.

Recommended action

No action is required.

 

CFCARD_INSERTED

Message text

Compact Flash Card is inserted in [STRING] Compact Flash Slot [INT32].

Variable fields

$1: Chassis number and slot number or slot number.

$2: CF card slot ID.

Severity level

4

Example

DEV/4/CFCARD_INSERTED: Compact Flash Card is inserted in Chassis 1 Slot 5 Compact Flash Slot 1.

Explanation

A CF card was installed.

Recommended action

No action is required.

 

CFCARD_REMOVED

Message text

Compact Flash Card is removed from [STRING] Compact Flash Slot [INT32].

Variable fields

$1: Chassis number and slot number or slot number.

$2: CF card slot ID.

Severity level

3

Example

DEV/3/CFCARD_REMOVED: Compact Flash Card is removed from Chassis 1 Slot 5 Compact Flash Slot 1.

Explanation

A CF card was removed.

Recommended action

If the CF card was not manually removed, perform the following tasks:

1.     Verify that the card is securely seated.

2.     Replace the card if the message persists.

3.     If the problem persists, contact H3C Support.

 

CHASSIS_REBOOT

Message text

Chassis [INT32] is rebooting now.

Variable fields

$1: Chassis number.

Severity level

5

Example

DEV/5/CHASSIS_REBOOT: Chassis 1 is rebooting now.

Explanation

The chassis was manually or automatically rebooted.

Recommended action

If an unexpected automatic reboot occurs, perform the following tasks:

1.     Execute the display version command after the chassis starts up.

2.     Check the Last reboot reason field for the reboot reason.

3.     If an exception caused the reboot, contact H3C Support.

 

DEV_CLOCK_CHANGE

Message text

-User=[STRING]-IPAddr=[IPADDR]; System clock changed from [STRING] to [STRING].

Variable fields

$1: Username of the login user.

$2: IP address of the login user.

$3: Old time.

$4: New time.

Severity level

5

Example

DEV/5/DEV_CLOCK_CHANGE: -User=[STRING]-IPAddr=[IPADDR]; System clock changed from 15:49:52 11/02/2011 to 15:50:00 11/02/2011.

Explanation

The system time changed.

Recommended action

No action is required.

 

FAN_ABSENT

Message text

Pattern 1:

Fan [INT32] is absent.

Pattern 2:

Chassis [STRING] fan [INT32] is absent.

Variable fields

Pattern 1:

$1: Fan tray ID.

Pattern 2:

$1: Chassis number.

$2: Fan tray ID.

Severity level

3

Example

Pattern 1:

DEV/3/FAN_ABSENT: Fan 2 is absent.

Pattern 2:

DEV/3/FAN_ABSENT: Chassis 1 fan 2 is absent.

Explanation

A fan tray was not in place.

Recommended action

1.     Check the fan tray slot:

¡     If the fan tray slot is empty, install a fan tray.

¡     If a fan tray is present, verify that the fan tray is securely seated.

2.     Replace the fan tray if the message persists.

3.     If the problem persists, contact H3C Support.

 

FAN_DIRECTION_NOT_PREFERRED

Message text

Fan [INT32] airflow direction is not preferred on slot [INT32], please check it.

Variable fields

$1: Fan tray ID.

$2: Slot number.

Severity level

1

Example

DEV/1/FAN_DIRECTION_NOT_PREFERRED: Fan 1 airflow direction is not preferred on slot 3, please check it.

Explanation

The airflow direction of the fan tray is different from the airflow direction setting.

Recommended action

1.     Verify that the airflow direction setting is correct.

2.     Verify that the fan tray model provides the same airflow direction as the configured setting.

3.     If the problem persists, contact H3C Support.

 

FAN_FAILED

Message text

Pattern 1:

Fan [INT32] failed.

Pattern 2:

Chassis [STRING] fan [INT32] failed.

Variable fields

Pattern 1:

$1: Fan tray ID.

Pattern 2:

$1: Chassis number.

$2: Fan tray ID.

Severity level

2

Example

Pattern 1:

DEV/2/FAN_FAILED: Fan 2 failed.

Pattern 2:

DEV/2/FAN_FAILED: Chassis 1 fan 2 failed.

Explanation

The fan tray stopped because of an exception.

Recommended action

Replace the fan tray.

 

FAN_RECOVERED

Message text

Pattern 1:

Fan [INT32] recovered.

Pattern 2:

Chassis [STRING] fan [INT32] recovered.

Variable fields

Pattern 1:

$1: Fan tray ID.

Pattern 2:

$1: Chassis number.

$2: Fan tray ID.

Severity level

5

Example

Pattern 1:

DEV/5/FAN_RECOVERED: Fan 2 recovered.

Pattern 2:

DEV/5/FAN_RECOVERED: Chassis 1 fan 2 recovered.

Explanation

The fan tray started to operate correctly after it was installed.

Recommended action

No action is required.

 

POWER_ABSENT

Message text

Pattern 1:

Power [INT32] is absent.

Pattern 2:

Chassis [STRING] power [INT32] is absent.

Variable fields

Pattern 1:

$1: Power supply ID.

Pattern 2:

$1: Chassis number.

$2: Power supply ID.

Severity level

3

Example

Pattern 1:

DEV/3/POWER_ABSENT: Power 1 is absent.

Pattern 2:

DEV/3/POWER_ABSENT: Chassis 1 power 1 is absent.

Explanation

A power supply was removed.

Recommended action

1.     Check the power supply slot.

¡     If the power supply slot is empty, install a power supply.

¡     If a power supply is present, verify that the power supply is securely seated.

2.     If the problem persists, replace the power supply.

3.     If the problem persists, contact H3C Support.

 

POWER_FAILED

Message text

Pattern 1:

Power [INT32] failed.

Pattern 2:

Chassis [STRING] power [INT32] failed.

Variable fields

Pattern 1:

$1: Power supply ID.

Pattern 2:

$1: Chassis number.

$2: Power supply ID.

Severity level

2

Example

Pattern 1:

DEV/2/POWER_FAILED: Power 1 failed.

Pattern 2:

DEV/2/POWER_FAILED: Chassis 1 power 1 failed.

Explanation

A power supply failed.

Recommended action

Replace the power supply.

 

POWER_MONITOR_ABSENT

Message text

Pattern 1:

Power monitor unit [INT32] is absent.

Pattern 2:

Chassis [STRING] power monitor unit [INT32] is absent.

Variable fields

Pattern 1:

$1: Power monitoring module ID.

Pattern 2:

$1: Chassis number.

$2: Power monitoring module ID.

Severity level

3

Example

Pattern 1:

DEV/3/POWER_MONITOR_ABSENT: Power monitor unit 1 is absent.

Pattern 2:

DEV/3/POWER_MONITOR_ABSENT: Chassis 2 power monitor unit 1 is absent.

Explanation

A power monitoring module was removed.

Recommended action

1.     Check the power monitoring module slot.

¡     If the power monitoring module slot is empty, install a power monitoring module.

¡     If a power monitoring module is present, verify that the power monitoring module is securely seated.

2.     If the problem persists, replace the power monitoring module.

3.     If the problem persists, contact H3C Support.

 

POWER_MONITOR_FAILED

Message text

Pattern 1:

Power monitor unit [INT32] failed.

Pattern 2:

Chassis [STRING] power monitor unit [INT32] failed.

Variable fields

Pattern 1:

$1: Power monitoring module ID.

Pattern 2:

$1: Chassis number.

$2: Power monitoring module ID.

Severity level

2

Example

Pattern 1:

DEV/2/POWER_MONITOR_FAILED: Power monitor unit 1 failed.

Pattern 2:

DEV/2/POWER_MONITOR_FAILED: Chassis 2 power monitor unit 1 failed.

Explanation

A power monitoring module failed.

Recommended action

Replace the power monitoring module.

 

POWER_MONITOR_FAN_FAILED

Message text

Pattern 1:

Warning: Fan of power module [INT32] fails to operate. Please check it.

Pattern 2:

Warning: Fan of power module [INT32] on chassis [INT32] fails to operate. Please check it.

Variable fields

Pattern 1:

$1: Power module ID.

Pattern 2:

$1: Power module ID.

$2: Chassis number.

Severity level

4

Example

Pattern 1:

DRVPLAT/4/DrvDebug: Warning: Fan of power module 2 fails to operate. Please check it.

Explanation

The fan of a power module failed.

Recommended action

Check the fan of the power module. If the fan cannot operate correctly, replace the power module.

 

POWER_MONITOR_OVERTEMPERATURE

Message text

Pattern 1:

Warning: Overtemperature condition is detected on power module [INT32]. Please check it.

Pattern 2:

Warning: Overtemperature condition is detected on power module [INT32] of chassis [INT32]. Please check it.

Variable fields

Pattern 1:

$1: Power module ID.

Pattern 2:

$1: Power module ID.

$2: Chassis number.

Severity level

4

Example

Pattern 1:

DRVPLAT/4/DrvDebug: Warning: Overtemperature condition is detected on power module 2. Please check it.

Explanation

The temperature of a power module exceeded the threshold.

Recommended action

1.     Verify that the ambient temperature is within the allowed temperature range and the ventilation system is operating correctly.

2.     Check the fan of the power module. If the fan cannot operate correctly, replace the power module.

 

POWER_MONITOR_RECOVERED

Message text

Pattern 1:

Power monitor unit [INT32] recovered.

Pattern 2:

Chassis [STRING] power monitor unit [INT32] recovered.

Variable fields

Pattern 1:

$1: Power monitoring module ID.

Pattern 2:

$1: Chassis number.

$2: Power monitoring module ID.

Severity level

5

Example

Pattern 1:

DEV/5/POWER_MONITOR_RECOVERED: Power monitor unit 1 recovered.

Pattern 2:

DEV/5/POWER_MONITOR_RECOVERED: Chassis 2 power monitor unit 1 recovered.

Explanation

The power monitoring module started to operate correctly after it was installed.

Recommended action

No action is required.

 

POWER_RECOVERED

Message text

Pattern 1:

Power [INT32] recovered.

Pattern 2:

Chassis [STRING] power [INT32] recovered.

Variable fields

Pattern 1:

$1: Power supply ID.

Pattern 2:

$1: Chassis number.

$2: Power supply ID.

Severity level

5

Example

Pattern 1:

DEV/5/POWER_RECOVERED: Power 1 recovered.

Pattern 2:

DEV/5/POWER_RECOVERED: Chassis 1 power 1 recovered.

Explanation

The power supply started to operate correctly after it was installed.

Recommended action

No action is required.

RPS_ABSENT

Message text

Pattern 1:

RPS [INT32] is absent.

Pattern 2:

Chassis [STRING] RPS [INT32] is absent.

Variable fields

Pattern 1:

$1: RPS ID.

Pattern 2:

$1: Chassis number.

$2: RPS ID.

Severity level

3

Example

Pattern 1:

DEV/3/RPS_ABSENT: RPS 1 is absent.

Pattern 2:

DEV/3/RPS_ABSENT: Chassis 1 RPS 1 is absent.

Explanation

An RPS was removed.

Recommended action

1.     Check the RPS slot.

¡     If the RPS slot is empty, install a RPS.

¡     If an RPS is present, verify that the RPS is securely seated.

2.     If the problem persists, replace the RPS.

3.     If the problem persists, contact H3C Support.

 

RPS_NORMAL

Message text

Pattern 1:

RPS [INT32] is normal.

Pattern 2:

Chassis [INT32] RPS [INT32] is normal.

Variable fields

Pattern 1:

$1: RPS ID.

Pattern 2:

$1: Chassis number.

$2: RPS ID.

Severity level

5

Example

Pattern 1:

DEV/5/RPS_NORMAL: RPS 1 is normal.

Pattern 2:

DEV/5/RPS_NORMAL: Chassis 1 RPS 1 is normal.

Explanation

The RPS started to operate correctly after it was installed.

Recommended action

No action is required.

 

SUBCARD_FAULT

Message text

SubCard state changes to FAULT on [STRING] SubSlot [INT32], type is [STRING].

Variable fields

$1: Chassis number and slot number or slot number.

$2: Subslot number.

$3: Subcard type.

Severity level

2

Example

DEV/2/SUBCARD_FAULT: SubCard state changes to FAULT on Chassis 1 slot 5 SubSlot 1, type is MIM-1ATM-OC3SML.

Explanation

The subcard failed, or its status changed to Fault after it was rebooted.

Recommended action

Track the status of the subcard.

·     If the status of the subcard changes to Normal later, no action is required.

·     If the status is always Fault, replace the subcard.

 

SUBCARD_INSERTED

Message text

SubCard is inserted in [STRING] SubSlot [INT32], type is [STRING].

Variable fields

$1: Chassis number and slot number or slot number.

$3: Subslot number.

$4: Subcard type.

Severity level

4

Example

DEV/4/SUBCARD_INSERTED: SubCard is inserted in Chassis 1 Slot 5 SubSlot 1, type is MIM-1ATM-OC3SML.

Explanation

A subcard was installed.

Recommended action

No action is required.

 

SUBCARD_REBOOT

Message text

SubCard is rebooting on [STRING] SubSlot [INT32].

Variable fields

$1: Chassis number and slot number or slot number.

$2: Subslot number.

Severity level

5

Example

DEV/5/SUBCARD_REBOOT: SubCard is rebooting on Chassis 1 Slot 5 SubSlot 1.

Explanation

The subcard was manually or automatically rebooted.

Recommended action

·     If the subcard operates correct after it starts up, no action is required.

·     If you want to know the reboot reason or the subcard keeps rebooting, contact H3C Support.

 

SUBCARD_REMOVED

Message text

SubCard is removed from [STRING] SubSlot [INT32], type is [STRING].

Variable fields

$1: Chassis number and slot number or slot number.

$2: Subslot number.

$3: Subcard type.

Severity level

3

Example

DEV/3/SUBCARD_REMOVED: SubCard is removed from Chassis 1 Slot 5 SubSlot 1, type is MIM-1ATM-OC3SML.

Explanation

A subcard was removed.

Recommended action

If the subcard was not manually removed, perform the following tasks:

1.     Verify that the subcard is securely seated.

2.     Replace the subcard if the message persists.

3.     If the problem persists, contact H3C Support.

 

SYSTEM_REBOOT

Message text

System is rebooting now.

Variable fields

N/A

Severity level

5

Example

DEV/5/SYSTEM_REBOOT: System is rebooting now.

Explanation

The system was manually or automatically rebooted.

Recommended action

If an unexpected automatic reboot occurred, perform the following tasks:

1.     Execute the display version command after the system starts up.

2.     Check the Last reboot reason field for the reboot reason.

3.     If an exception caused the reboot, contact H3C Support.

 

TEMPERATURE_ALARM

Message text

Temperature is greater than alarm upper limit on [STRING]sensor [STRING] [INT32].

Variable fields

$1: Chassis number and slot number or slot number.

$2: Sensor type.

$3: Sensor ID.

Severity level

4

Example

DEV/4/TEMPERATURE_ALARM: Temperature is greater than alarm upper limit on Chassis 1 slot 5 sensor inflow 1.

Explanation

A sensor's temperature exceeded the high-temperature alarming threshold. The ambient temperature was too high or the fan tray was not operating correctly.

Recommended action

1.     Verify that the ambient temperature is normal and the ventilation system is operating correctly.

2.     Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it.

 

TEMPERATURE_LOW

Message text

Temperature is less than lower limit on [STRING] sensor [STRING] [INT32].

Variable fields

$1: Chassis number and slot number or slot number.

$2: Sensor type.

$3: Sensor ID.

Severity level

4

Example

DEV/4/TEMPERATURE_LOW: Temperature is less than lower limit on Chassis 1 slot 5 sensor inflow 1.

Explanation

A sensor's temperature fell below the low-temperature threshold.

Recommended action

Adjust the ambient temperature higher.

 

TEMPERATURE_NORMAL

Message text

Temperature changes to normal on [STRING] sensor [STRING] [INT32].

Variable fields

$1: Chassis number and slot number or slot number.

$2: Sensor type.

$3: Sensor ID.

Severity level

5

Example

DEV/5/TEMPERATURE_NORMAL: Temperature changes to normal on Chassis 1 slot 5 sensor inflow 1.

Explanation

A sensor's temperature is normal (between the low-temperature threshold and the high-temperature warning threshold).

Recommended action

No action is required.

 

TEMPERATURE_SHUTDOWN

Message text

Temperature is greater than shutdown upper limit on [STRING] sensor [STRING] [INT32] the slot will be powered off automatically.

Variable fields

$1: Chassis number and slot number or slot number.

$2: Sensor type.

$3: Sensor ID.

Severity level

2

Example

DEV/2/TEMPERATURE_SHUTDOWN: Temperature is greater than shutdown upper limit on Chassis 1 slot 5 sensor inflow 1 the slot will be powered off automatically.

Explanation

A sensor's temperature exceeded the high-temperature shutdown threshold. The ambient temperature was too high or the fan tray was not operating correctly.

Recommended action

1.     Verify that the ambient temperature is normal and the ventilation system is operating correctly.

2.     Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it.

 

TEMPERATURE_WARNING

Message text

Temperature is greater than warning upper limit on [STRING]sensor [STRING] [INT32].

Variable fields

$1: Chassis number and slot number or slot number.

$2: Sensor type.

$3: Sensor ID.

Severity level

4

Example

DEV/4/TEMPERATURE_WARNING: Temperature is greater than warning upper limit on Chassis 1 slot 2 sensor inflow 1.

Explanation

A sensor's temperature exceeded the high-temperature warning threshold. The ambient temperature was too high or the fan tray was not operating correctly.

Recommended action

1.     Verify that the ambient temperature is normal and the ventilation system is operating correctly.

2.     Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it.

 

DHCP

This section contains DHCP messages.

DHCP_NOTSUPPORTED

Message text

Failed to apply filtering rules for DHCP packets because some rules are not supported.

Variable fields

N/A

Severity level

3

Example

DHCP/3/DHCP_NOTSUPPORTED: Failed to apply filtering rules for DHCP packets because some rules are not supported.

Explanation

The system failed to apply filtering rules for DHCP packets because some rules are not supported on the device.

Recommended action

No action is required.

 

DHCP_NORESOURCES

Message text

Failed to apply filtering rules for DHCP packets because hardware resources are insufficient.

Variable fields

N/A

Severity level

3

Example

DHCP/3/DHCP_NORESOURCES: Failed to apply filtering rules for DHCP packets because hardware resources are insufficient.

Explanation

The system failed to apply filtering rules for DHCP packets because the hardware resources are insufficient.

Recommended action

Release hardware resources and apply the rules again.

 

DHCPR

This section contains DHCP relay agent messages.

DHCPR_SERVERCHANGE

Message text

Switched to the server at [IPADDR] because the current server did not respond.

Variable fields

$1: IP address of the DHCP server.

Severity level

3

Example

DHCPR/3/DHCPR_SERVERCHANGE: -MDC=1;

 Switched to the server at 2.2.2.2 because the current server did not respond.

Explanation

The DHCP relay agent did not receive any responses from the current DHCP server and switched to another DHCP server for IP address acquisition.

Recommended action

No action is required.

 

DHCPR_SWITCHMASTER

Message text

Switched to the master DHCP server at [IPADDR].

Variable fields

$1: IP address of the master DHCP server.

Severity level

3

Example

DHCPR/3/DHCPR_SWITCHMASTER: -MDC=1;

 Switched to the master DHCP server at 2.2.2.2.

Explanation

After a switchback delay time, the DHCP relay agent switched from a backup DHCP server to the master DHCP server for IP address acquisition.

Recommended action

No action is required.

 

DHCPS messages

This section contains DHCP server messages.

DHCPS_ALLOCATE_IP

Message text

DHCP server received a DHCP client's request packet on interface [STRING], and allocated an IP address [IPADDR](lease [UINT32] seconds) for the DHCP client(MAC [MAC]) from [STRING] pool.

Variable fields

$1: Name of the interface on which DHCP server is configured.

$2: IPv4 address assigned to the DHCP client.

$3: Lease duration of the assigned IPv4 address.

$4: MAC address of the DHCP client.

$5: Name of the address pool to which the assigned IPv4 address belongs.

Severity level

5

Example

DHCPS/5/DHCPS_ALLOCATE_IP: DHCP server received a DHCP client’s request packet on interface GigabitEthernet1/0/2, and allocated an IP address 1.0.0.91(lease 86400 seconds) for the DHCP client(MAC 0000-0000-905a) from p1 pool.

Explanation

The DHCP server assigned an IPv4 address to a DHCP client.

Recommended action

No action is required.

 

DHCPS_CONFLICT_IP

Message text

A conflict IP [IPADDR] from [STRING] pool was detected by DHCP server on interface [STRING].

Variable fields

$1: IPv4 address that is in conflict.

$2: Name of the address pool to which the conflicting IPv4 address belongs.

$3: Name of the interface on which DHCP server is configured.

Severity level

5

Example

DHCPS/5/DHCPS_CONFLICT_IP: A conflict IP 100.1.1.1 from p1 pool was detected by DHCP server on interface GigabitEthernet1/0/2.

Explanation

The DHCP server deleted a conflicting IPv4 address from an address pool.

Recommended action

No action is required.

 

DHCPS_EXTEND_IP

Message text

DHCP server received a DHCP client's request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IP [IPADDR], MAC [MAC]).

Variable fields

$1: Name of the interface on which DHCP server is configured.

$2: Name of the address pool to which the client's IPv4 address belongs.

$3: IPv4 address of the DHCP client.

$4: MAC address of the DHCP client.

Severity level

5

Example

DHCPS/5/DHCPS_EXTEND_IP: DHCP server received a DHCP client’s request packet on interface GigabitEthernet1/0/2, and extended lease from p1 pool for the DHCP client (IP 1.0.0.91, MAC 0000-0000-905a).

Explanation

The DHCP server extended the lease for a DHCP client.

Recommended action

No action is required.

 

DHCPS_FILE

Message text

Failed to save DHCP client information due to lack of storage resources.

Variable fields

N/A

Severity level

4

Example

DHCPS/4/DHCPS_FILE: Failed to save DHCP client information due to lack of storage resources.

Explanation

The DHCP server failed to save DHCP bindings to the backup file due to lack of storage resources.

Recommended action

Delete unnecessary files to release resources.

 

DHCPS6 messages

This section contains DHCPv6 server messages.

DHCPS6_ALLOCATE_ADDRESS

Message text

DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 address [IPADDR] (lease [UINT32] seconds) for the DHCP client(DUID [HEX], IAID [HEX]) from [STRING] pool.

Variable fields

$1: Name of the interface on which DHCPv6 server is configured.

$2: IPv6 address assigned to the DHCPv6 client.

$3: Lease duration of the assigned IPv6 address.

$4: DUID of the DHCPv6 client.

$5: IAID of the DHCPv6 client.

$6: Name of the address pool to which the assigned IPv6 address belongs.

Severity level

5

Example

DHCPS6/5/DHCPS6_ALLOCATE_ADDRESS: DHCPv6 server received a DHCPv6 client’s request packet on interface GigabitEthernet1/0/2, and allocated an IPv6 address 2000::3(lease 60 seconds) for the DHCP client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool.

Explanation

The DHCPv6 server assigned an IPv6 address to a DHCPv6 client.

Recommended action

No action is required.

 

DHCPS6_ALLOCATE_PREFIX

Message text

DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 prefix [IPADDR] (lease [UINT32] seconds) for the DHCP client(DUID [HEX], IAID [HEX]) from [STRING] pool.

Variable fields

$1: Name of the interface on which DHCPv6 server is configured.

$2: IPv6 prefix assigned to the DHCPv6 client.

$3: Lease duration of the assigned IPv6 prefix.

$4: DUID of the DHCPv6 client.

$5: IAID of the DHCPv6 client.

$6: Name of the address pool to which the assigned IPv6 prefix belongs.

Severity level

5

Example

DHCPS6/5/DHCPS6_ALLOCATE_PREFIX: DHCPv6 server received a DHCPv6 client’s request packet on interface GigabitEthernet1/0/2, and allocated an IPv6 prefix 2000::(lease 60 seconds) for the DHCP client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool.

Explanation

The DHCPv6 server assigned an IPv6 prefix to a DHCPv6 client.

Recommended action

No action is required.

 

DHCPS6_CONFLICT_ADDRESS

Message text

A conflict IPv6 address [IPADDR] from [STRING] pool was detected by DHCPv6 server on interface [STRING].

Variable fields

$1: IPv6 address that is in conflict.

$2: Name of the address pool to which the conflicting IPv6 address belongs.

$3: Name of the interface on which DHCPv6 server is configured.

Severity level

5

Example

DHCPS6/5/DHCPS6_CONFLICT_ADDRESS: A conflict IPv6 address 33::1 from p1 pool was detected by DHCPv6 server on interface GigabitEthernet1/0/2.

Explanation

The DHCPv6 server deleted a conflicting IPv6 address from an address pool.

Recommended action

No action is required.

 

DHCPS6_EXTEND_ADDRESS

Message text

DHCPv6 server received a DHCP client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IPv6 address [IPADDR], DUID [HEX], IAID [HEX]).

Variable fields

$1: Name of the interface on which DHCPv6 server is configured.

$2: Name of the address pool to which the client's IPv6 address belongs.

$3: IPv6 address of the DHCPv6 client.

$4: DUID of the DHCPv6 client.

$5: IAID of the DHCPv6 client.

Severity level

5

Example

DHCPS6/5/DHCPS6_EXTEND_ADDRESS: DHCPv6 server received a DHCP client’s request packet on interface GigabitEthernet1/0/2, and extended lease from p1 pool for the DHCP client (IPv6 address 2000::3, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).

Explanation

The DHCPv6 server extended the address lease for a DHCPv6 client.

Recommended action

No action is required.

 

DHCPS6_EXTEND_PREFIX

Message text

DHCPv6 server received a DHCP client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IPv6 prefix [IPADDR], DUID [HEX], IAID [HEX]).

Variable fields

$1: Name of the interface on which DHCPv6 server is configured.

$2: Name of the address pool to which the client's IPv6 prefix belongs.

$3: IPv6 prefix of the DHCPv6 client.

$4: DUID of the DHCPv6 client.

$5: IAID of the DHCPv6 client.

Severity level

5

Example

DHCPS6/5/DHCPS6_EXTEND_PREFIX: DHCPv6 server received a DHCP client’s request packet on interface GigabitEthernet1/0/2, and extended lease from p1 pool for the DHCP client (IPv6 prefix 2000::, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).

Explanation

The DHCPv6 server extended the prefix lease for a DHCPv6 client.

Recommended action

No action is required.

 

DHCPS6_FILE

Message text

Failed to save DHCP client information due to lack of storage resources.

Variable fields

N/A

Severity level

4

Example

DHCPS6/4/DHCPS6_FILE: Failed to save DHCP client information due to lack of storage resources.

Explanation

The DHCPv6 server failed to save DHCPv6 bindings to the backup file due to lack of storage resources.

Recommended action

Delete unnecessary files to release resources.

 

DHCPS6_RECLAIM_ADDRESS

Message text

DHCPv6 server reclaimed a [STRING] pool's lease(IPv6 address [IPADDR], lease [UINT32] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]).

Variable fields

$1: Name of the address pool to which the assigned IPv6 address belongs.

$2: IPv6 address assigned to the DHCPv6 client.

$3: Lease duration of the assigned IPv6 address.

$4: DUID of the DHCPv6 client.

$5: IAID of the DHCPv6 client.

Severity level

5

Example

DHCPS6/5/DHCPS6_RECLAIM_ADDRESS: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 address 2000::3, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).

Explanation

The DHCPv6 server reclaimed an IPv6 address assigned to a DHCPv6 client.

Recommended action

No action is required.

 

DHCPSP4

This section contains DHCP snooping messages.

DHCPSP4_FILE

Message text

Failed to save DHCP client information due to lack of storage resources.

Variable fields

N/A

Severity level

4

Example

DHCPSP4/4/DHCPSP4_FILE: Failed to save DHCP client information due to lack of storage resources.

Explanation

The DHCP snooping device failed to save DHCP snooping entries to the backup file due to lack of storage resources.

Recommended action

Delete unnecessary files to release resources.

 

DHCPSP6

This section contains DHCPv6 snooping messages.

DHCPSP6_FILE

Message text

Failed to save DHCP client information due to lack of storage resources.

Variable fields

N/A

Severity level

4

Example

DHCPSP6/4/DHCPSP6_FILE: Failed to save DHCP client information due to lack of storage resources.

Explanation

The DHCPv6 snooping device failed to save DHCPv6 snooping entries to the backup file due to lack of storage resources.

Recommended action

Delete unnecessary files to release resources.

 

DIAG messages

This section contains diagnostic messages.

MEM_ALERT

Message text

system memory info:

                    total           used             free        shared       buffers       cached

Mem:    [ULONG]    [ULONG]    [ULONG]    [ULONG]    [ULONG]    [ULONG]

-/+ buffers/cache:    [ULONG]    [ULONG]

Swap:    [ULONG]    [ULONG]    [ULONG]

Lowmem: [ULONG]  [ULONG]    [ULONG]

Variable fields

·     Mem—Memory information of the whole system:

¡     $1: Size of the allocatable physical memory of the system. The system physical memory includes non-allocatable and allocatable physical memory. Non-allocatable physical memory is used for kernel code storage, kernel management cost, and running of basic functions. Allocatable physical memory is used for running of service modules and file storage. The size of non-allocatable physical memory is automatically calculated by the system. The size of the allocatable physical memory is the total physical memory size minus the non-allocatable physical memory size.

¡     $2: Size of the physical memory used by the system.

¡     $3: Size of the free physical memory in the system.

¡     $4: Size of the physical memory shared by processes.

¡     $5: Size of the used file buffer.

¡     $6: Size of memory used by the cache.

·     -/+ buffers/cache—Memory usage information of applications.

¡     $7: -/+ Buffers/Cache:used = Mem:Used – Mem:Buffers – Mem:Cached (size of the physical memory used by applications).

¡     $8: -/+ Buffers/Cache:free = Mem:Free + Mem:Buffers + Mem:Cached (size of the physical memory available for applications).

·     Swap—Swap usage information:

¡     $9: Total size of the swap space.

¡     $10: Size of the used swap space.

¡     $11: Size of the free swap space.

·     Lowmem—Low memory usage information:

¡     $12: Total size of the low memory.

¡     $13: Size of the used low memory.

¡     $14: Size of the free low memory.

Severity level

4

Example

DIAG/4/MEM_ALERT:

system memory info:

                    total         used           free     shared    buffers     cached

Mem:    1784424     920896     863528              0             0      35400

-/+ buffers/cache:    885496     898928

Swap:                0               0               0

Lowmem: 735848     637896      97952

Explanation

A memory alarm was generated, displaying memory usage information.

The system generates this message when the used memory size is greater than or equal to the minor, severe, or critical threshold of memory usage.

Recommended action

1.     Use the display memory-threshold command to display the minor, severe, and critical threshold values. If the thresholds are not proper, use the memory-threshold command to change them.

2.     Display the ARP table and routing table to verify that the device is not under attack.

3.     Examine and optimize the networking, for example, reduce the number of routes or use a device with higher performance.

 

MEM_BELOW_THRESHOLD

Message text

Memory usage has dropped below [STRING] threshold.

Variable fields

$1: Memory usage threshold name: minor, severe, or critical.

Severity level

1

Example

DIAG/1/MEM_BELOW_THRESHOLD: Memory usage has dropped below critical threshold.

Explanation

A memory alarm was removed.

The system generates this message when the size of the system free memory is greater than a memory alarm recovery threshold.

Recommended action

No action is required.

 

MEM_EXCEED_THRESHOLD

Message text

Memory [STRING] threshold has been exceeded.

Variable fields

$1: Memory usage threshold name: minor, severe, or critical.

Severity level

1

Example

DIAG/1/MEM_EXCEED_THRESHOLD: Memory minor threshold has been exceeded.

Explanation

The amount of used memory space exceeded a threshold.

When the used memory size is greater than or equal to the minor, severe, or critical threshold of memory usage, the system generates this message and notifies services modules to perform auto repair, such as releasing memory and stopping requesting memory.

Recommended action

1.     Use the display memory-threshold command to display the minor, severe, and critical threshold values. If the thresholds are not proper, use the memory-threshold command to change them.

2.     Display the ARP table and routing table to verify that the device is not under attack.

Examine and optimize the networking, for example, reduce the number of routes or use a device with higher performance.

 

DLDP messages

This section contains DLDP messages.

DLDP_AUTHENTICATION_FAILED

Message text

The DLDP packet failed the authentication because of unmatched [STRING] field.

Variable fields

$1: Authentication field.

¡     AUTHENTICATION PASSWORD—Authentication password mismatch.

¡     AUTHENTICATION TYPE—Authentication type mismatch.

¡     INTERVAL—Advertisement interval mismatch.

Severity level

5

Example

DLDP/5/DLDP_AUTHENTICATION_FAILED: The DLDP packet failed the authentication because of unmatched INTERVAL field.

Explanation

The packet authentication failed.

Possible reasons:

·     Unmatched authentication type.

·     Unmatched authentication password.

·     Unmatched advertisement interval.

Recommended action

Verify that the two ends use the same DLDP authentication type, authentication password, and advertisement interval.

 

DLDP_LINK_BIDIRECTIONAL

Message text

DLDP detected a bidirectional link on interface [STRING].

Variable fields

$1: Interface name.

Severity level

6

Example

DLDP/6/DLDP_LINK_BIDIRECTIONAL: DLDP detected a bidirectional link on interface GigabitEthernet1/0/1.

Explanation

DLDP detected a bidirectional link on an interface.

Recommended action

No action is required.

 

DLDP_LINK_UNIDIRECTIONAL

Message text

DLDP detected a unidirectional link on interface [STRING]. [STRING].

Variable fields

$1: Interface name.

$2: Action according to the port shutdown mode:

¡     DLDP automatically blocked the interface.

¡     Please manually shut down the interface.

Severity level

3

Example

DLDP/3/DLDP_LINK_UNIDIRECTIONAL: DLDP detected a unidirectional link on interface GigabitEthernet1/0/1. DLDP automatically blocked the interface.

Explanation

DLDP detected a unidirectional link on an interface.

Recommended action

Check for connectivity issues, including incorrect cable connection and cable falloff.

 

DLDP_NEIGHBOR_AGED

Message text

A neighbor on interface [STRING] was deleted because the neighbor was aged. The neighbor's system MAC is [MAC], and the port index is [UINT16].

Variable fields

$1: Interface name.

$2: MAC address.

$3: Port index.

Severity level

5

Example

DLDP/5/DLDP_NEIGHBOR_AGED: A neighbor on interface GigabitEthernet1/0/1 was deleted because the neighbor was aged. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1.

Explanation

The interface deleted an aged neighbor.

Recommended action

No action is required.

 

DLDP_NEIGHBOR_CONFIRMED

Message text

A neighbor was confirmed on interface [STRING]. The neighbor's system MAC is [MAC], and the port index is [UINT16].

Variable fields

$1: Interface name.

$2: MAC address.

$3: Port index.

Severity level

6

Example

DLDP/6/DLDP_NEIGHBOR_CONFIRMED: A neighbor was confirmed on interface GigabitEthernet1/0/1. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1.

Explanation

The interface detected a confirmed neighbor.

Recommended action

No action is required.

 

DLDP_NEIGHBOR_DELETED

Message text

A neighbor on interface [STRING] was deleted because a [STRING] packet arrived. The neighbor's system MAC is [MAC], and the port index is [UINT16].

Variable fields

$1: Interface name.

$2: Packet type, DISABLE or LINKDOWN.

$3: MAC address.

$4: Port index.

Severity level

5

Example

DLDP/5/DLDP_NEIGHBOR_DELETED: A neighbor on interface GigabitEthernet1/0/1 was deleted because a DISABLE packet arrived. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1.

Explanation

The interface deleted a confirmed neighbor because it received a DISABLE or LINKDOWN packet.

Recommended action

No action is required.

 

DOT1X messages

This section contains 802.1X messages.

DOT1X_LOGIN_FAILURE

Message text

-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; User failed 802.1X authentication.

Variable fields

$1: Interface type and number.

$2: MAC address.

$3: VLAN ID.

$4: Username.

Severity level

6

Example

DOT1X/6/DOT1X_LOGIN_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa; User failed 802.1X authentication.

Explanation

The user failed 802.1X authentication.

Recommended action

Locate the failure cause and handle the issue according to the failure cause.

 

DOT1X_LOGIN_SUCC

Message text

-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; User passed 802.1X authentication and came online.

Variable fields

$1: Interface type and number.

$2: MAC address.

$3: VLAN ID.

$4: Username.

Severity level

6

Example

DOT1X/6/DOT1X_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa; User passed 802.1X authentication and came online.

Explanation

The user passed 802.1X authentication.

Recommended action

No action is required.

 

DOT1X_LOGOFF

Message text

-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-ErrCode=[STRING]; 802.1X user was logged off.

Variable fields

$1: Interface type and number.

$2: MAC address.

$3: VLAN ID.

$4: Username.

$5: Error code.

Severity level

6

Example

DOT1X/6/DOT1X_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa-ErrCode=11; 802.1X user was logged off.

Explanation

The 802.1X user was logged off.

Recommended action

Locate the failure cause and handle the issue according to the failure cause. If the logoff is as requested, no action is required.

 

DOT1X_NOTENOUGH_EADFREEIP_RES

Message text

Failed to assign a rule for free IP [IPADDR] on interface [STRING] due to lack of ACL resources.

Variable fields

$1: Free IP.

$2: Interface type and number.

Severity level

3

Example

DOT1X/3/DOT1X_NOTENOUGH_EADFREEIP_RES: Failed to assign a rule for free IP 1.1.1.0 on interface GigabitEthernet3/1/2 due to lack of ACL resources.

Explanation

The device failed to assign an ACL rule to permit a free IP on an interface because of ACL resource shortage.

Recommended action

Disable 802.1X on the interface, and then re-enable 802.1X.

 

DOT1X_NOTENOUGH_EADFREERULE_RES

Message text

Failed to assign a rule for permitting DHCP and DNS packets on interface [STRING] due to lack of ACL resources.

Variable fields

$1: Interface type and number.

Severity level

3

Example

DOT1X/3/DOT1X_NOTENOUGH_EADFREERULE_RES: Failed to assign a rule for permitting DHCP and DNS packets on interface GigabitEthernet3/1/2 due to lack of ACL resources.

Explanation

The device failed to assign an ACL rule to permit DHCP and DNS packets on an interface because of ACL resource shortage.

Recommended action

Disable 802.1X on the interface, and then re-enable 802.1X.

 

DOT1X_NOTENOUGH_EADMACREDIR_RES

Message text

Failed to assign a rule for redirecting HTTP packets with source MAC address [MAC] on interface [STRING].

Variable fields

$1: Source MAC address of HTTP packets.

$2: Interface type and number.

Severity level

3

Example

DOT1X/3/DOT1X_NOTENOUGH_EADMACREDIR_RES: Failed to assign a rule for redirecting HTTP packets with source MAC address 00e0-fc00-5915 on interface GigabitEthernet3/1/2.

Explanation

The device failed to assign a rule for redirecting HTTP packets with the designated source MAC on an interface because of ACL resource shortage.

Recommended action

Disable 802.1X on the interface, and then re-enable 802.1X.

 

DOT1X_NOTENOUGH_EADPORTREDIR_RES

Message text

Failed to assign a rule for redirecting HTTP packets on interface [STRING] due to lack of ACL resources.

Variable fields

$1: Interface type and number.

Severity level

3

Example

DOT1X/3/DOT1X_NOTENOUGH_EADPORTREDIR_RES: Failed to assign a rule for redirecting HTTP packets on interface GigabitEthernet3/1/2 due to lack of ACL resources.

Explanation

The device failed to assign an ACL rule to redirect HTTP packets on an interface because of ACL resource shortage.

Recommended action

Disable 802.1X on the interface, and then re-enable 802.1X.

 

DOT1X_NOTENOUGH_ENABLEDOT1X_RES

Message text

Failed to enable 802.1X on interface [STRING] due to lack of ACL resources.

Variable fields

$1: Interface type and number.

Severity level

3

Example

DOT1X/3/DOT1X_NOTENOUGH_ENABLEDOT1X_RES: Failed to enable 802.1X on interface GigabitEthernet3/1/2 due to lack of ACL resources.

Explanation

Failed to enable 802.1X on an interface because of ACL resource shortage.

Recommended action

Disable 802.1X on the interface, and then re-enable 802.1X.

 

DOT1X_SMARTON_FAILURE

Message text

-IfName=[STRING]-MACAddr=[STRING]; User failed SmartOn authentication because [STRING].

Variable fields

$1: Interface type and number.

$2: MAC address.

$3: Cause of failure:

¡     the password is mismatched.

¡     the switch ID is mismatched.

Severity level

6

Example

DOT1X/6/DOT1X_SMARTON_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; User failed SmartOn authentication because the password is mismatched.

Explanation

SmartOn authentication failed for a specific reason.

Recommended action

Handle the issue according to the failure cause.

 

DOT1X_UNICAST_NOT_EFFECTIVE

Message text

The unicast trigger feature is enabled but is not effective on interface [STRING].

Variable fields

$1: Interface type and number.

Severity level

3

Example

DOT1X/3/DOT1X_UNICAST_NOT_EFFECTIVE: The unicast trigger feature is enabled but is not effective on interface GigabitEthernet3/1/2.

Explanation

The unicast trigger setting does not take effect on an interface, because the interface does not support unicast trigger.

Recommended action

1.     Reconnect the 802.1X clients to an interface that supports the unicast trigger feature.

2.     Enable 802.1X and the unicast trigger feature on the new interface.

 

ETHOAM messages

This section contains Ethernet OAM messages.

ETHOAM_CONNECTION_FAIL_DOWN

Message text

The link is down on port [string] because a remote failure occurred on peer port.

Variable fields

$1: Port name.

Severity level

5

Example

ETHOAM/5/ETHOAM_OAM_LINK_DOWN: The link is down on port GigabitEthernet1/0/1 because a remote failure occurred on peer port.

Explanation

The link went down because a remote failure occurred on the peer port.

Recommended action

Check the link status or the OAM status on the peer.

 

ETHOAM_CONNECTION_FAIL_TIMEOUT

Message text

Port [string] removed the OAM connection because it received no Information OAMPDU before the timer times out.

Variable fields

$1: Port name.

Severity level

5

Example

ETHOAM/5/ETHOAM_CONNECTION_FAIL_TIMEOUT: Port GigabitEthernet1/0/1 removed the OAM connection because it received no Information OAMPDU before the timer times out.

Explanation

The port removed the OAM connection because it had not received Information OAMPDUs before the timer timed out.

Recommended action

Check the link status or the OAM status on the peer.

 

ETHOAM_CONNECTION_FAIL_UNSATISF

Message text

Port [string] failed to establish an OAM connection because the peer doesn’t match the capacity of the local port.

Variable fields

$1: Port name.

Severity level

3

Example

ETHOAM/3/ETHOAM_CONNECTION_FAIL_UNSATISF: Port GigabitEthernet1/0/1 failed to establish an OAM connection because the peer doesn’t match the capacity of the local port.

Explanation

Failed to establish an OAM connection because the OAM protocol states do not match at the two ends.

Recommended action

Check the protocol state field of OAM packets sent by both ends.

 

ETHOAM_CONNECTION_SUCCEED

Message text

An OAM connection is established on port [string].

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ETHOAM_CONNECTION_SUCCEED: An OAM connection is established on port GigabitEthernet1/0/1.

Explanation

An OAM connection was established.

Recommended action

No action is required.

 

ETHOAM_DISABLE

Message text

Ethernet OAM is now disabled on port [string].

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ETHOAM_DISABLE: Ethernet OAM is now disabled on port GigabitEthernet1/0/1.

Explanation

Ethernet OAM was disabled.

Recommended action

No action is required.

 

ETHOAM_DISCOVERY_EXIT

Message text

OAM port [string] quits OAM connection.

Variable fields

$1: Port name.

Severity level

5

Example

ETHOAM/5/ ETHOAM_DISCOVERY_EXIT: OAM port GigabitEthernet1/0/1 quits OAM connection.

Explanation

The local port ended the OAM connection.

Recommended action

No action is required.

 

ETHOAM_ENABLE

Message text

Ethernet OAM is now enabled on port [string].

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ETHOAM_ENABLE: Ethernet OAM is now enabled on port GigabitEthernet1/0/1.

Explanation

Ethernet OAM was enabled.

Recommended action

No action is required.

 

ETHOAM_ENTER_LOOPBACK_CTRLLED

Message text

The local OAM entity enters remote loopback as controlled DTE on OAM port [string].

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ ETHOAM_ENTER_LOOPBACK_CTRLLED: The local OAM entity enters remote loopback as controlled DTE on OAM port GigabitEthernet1/0/1.

Explanation

This event occurs when you enable OAM loopback on the peer end.

Recommended action

No action is required.

 

ETHOAM_ENTER_LOOPBACK_CTRLLING

Message text

The local OAM entity enters remote loopback as controlling DTE on OAM port [string].

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ ETHOAM_ENTER_LOOPBACK_CTRLLING: The local OAM entity enters remote loopback as controlling DTE on OAM port GigabitEthernet1/0/1.

Explanation

This event occurs when you enable OAM loopback on the port.

Recommended action

No action is required.

 

ETHOAM_LOCAL_DYING_GASP

Message text

A local Dying Gasp event has occurred on [string].

Variable fields

$1: Interface name.

Severity level

4

Example

ETHOAM/4/ETHOAM_LOCAL_DYING_GASP: A local Dying Gasp event has occurred on GigabitEthernet1/0/1.

Explanation

A local Dying Gasp event occurs when you reboot the local device or shut down the interface.

Recommended action

Do not use the link until it recovers.

 

ETHOAM_LOCAL_ERROR_FRAME

Message text

An errored frame event occurred on local port [string].

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME: An errored frame event occurred on local port GigabitEthernet1/0/1.

Explanation

An errored frame event occurred on the local port.

Recommended action

Check the link.

 

ETHOAM_LOCAL_ERROR_FRAME_PERIOD

Message text

An errored frame period event occurred on local port [string].

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME_PERIOD: An errored frame period event occurred on local port GigabitEthernet1/0/1.

Explanation

An errored frame period event occurred on the local port.

Recommended action

Check the link.

 

ETHOAM_LOCAL_ERROR_FRAME_SECOND

Message text

An errored frame seconds event occurred on local port [string].

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME_SECOND: An errored frame seconds event occurred on local port GigabitEthernet1/0/1.

Explanation

An errored frame seconds event occurred on the local port.

Recommended action

Check the link.

 

ETHOAM_LOCAL_LINK_FAULT

Message text

A local Link Fault event occurred on [string].

Variable fields

$1: Port name.

Severity level

4

Example

ETHOAM/4/ETHOAM_LOCAL_LINK_FAULT: A local Link Fault event occurred on GigabitEthernet1/0/1.

Explanation

This event occurs when the local link goes down.

Recommended action

Re-connect the Rx end of the fiber on the local port.

 

ETHOAM_LOOPBACK_EXIT

Message text

OAM port [string] quits remote loopback.

Variable fields

$1: Port name.

Severity level

4

Example

ETHOAM/4/ETHOAM_LOOPBACK_EXIT: OAM port GigabitEthernet1/0/1 quits remote loopback.

Explanation

The OAM port ended remote loopback after remote loopback was disabled on the port and the OAM connection was torn down.

Recommended action

No action is required.

 

ETHOAM_LOOPBACK_EXIT_ERROR_STATU

Message text

OAM port [string] quits remote loopback due to incorrect multiplexer or parser status.

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ETHOAM_LOOPBACK_EXIT_ERROR_STATU: OAM port GigabitEthernet1/0/1 quits remote loopback due to incorrect multiplexer or parser status.

Explanation

OAM port GigabitEthernet1/0/1 ended remote loopback due to incorrect multiplexer or parser status.

Recommended action

Disable, and then re-enable Ethernet OAM on the OAM entity.

 

ETHOAM_LOOPBACK_NO_RESOURCE

Message text

OAM port [string] can’t enter remote loopback due to insufficient resources.

Variable fields

$1: Port name.

Severity level

4

Example

ETHOAM/4/ETHOAM_LOOPBACK_NO_RESOURCE: OAM port GigabitEthernet1/0/1 can’t enter remote loopback due to insufficient resources.

Explanation

The OAM port cannot enter remote loopback due to insufficient resources when you execute the oam remote-loopback start command on the local or remote OAM entity.

Recommended action

Release the resources, and then execute the oam remote-loopback start command again.

 

ETHOAM_LOOPBACK_NOT_SUPPORT

Message text

OAM port [string] can’t enter remote loopback because the operation is not supported.

Variable fields

$1: Port name.

Severity level

4

Example

ETHOAM/4/ETHOAM_LOOPBACK_NOT_SUPPORT: OAM port GigabitEthernet1/0/1 can't enter remote loopback because the operation is not supported.

Explanation

The OAM port cannot enter remote loopback because the operation is not supported on the device.

Recommended action

No action is required.

 

ETHOAM_QUIT_LOOPBACK_CTRLLED

Message text

The local OAM entity quits remote loopback as controlled DTE on OAM port [string].

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ ETHOAM_QUIT_LOOPBACK_CTRLLED: The local OAM entity quits remote loopback as controlled DTE on OAM port GigabitEthernet1/0/1.

Explanation

The local OAM entity ended remote loopback as controlled DTE after you disabled OAM loopback on the peer end.

Recommended action

No action is required.

 

ETHOAM_QUIT_LOOPBACK_CTRLLING

Message text

The local OAM entity quits remote loopback as controlling DTE on OAM port [string].

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ETHOAM_QUIT_LOOPBACK_CONTROLLING: The local OAM entity quits remote loopback as controlling DTE on OAM port GigabitEthernet1/0/1.

Explanation

The local OAM entity ended remote loopback as controlling DTE after you disabled OAM loopback on the port.

Recommended action

No action is required.

 

ETHOAM_REMOTE_CRITICAL

Message text

A remote Critical event occurred on [string].

Variable fields

$1: Port name.

Severity level

4

Example

ETHOAM/4/ETHOAM_REMOTE_CRITICAL: A remote Critical event occurred on GigabitEthernet1/0/1.

Explanation

A remote critical event occurred.

Recommended action

Do not use the link until it recovers.

 

ETHOAM_REMOTE_DYING_GASP

Message text

A remote Dying Gasp event occurred on [string].

Variable fields

$1: Port name.

Severity level

4

Example

ETHOAM/4/ETHOAM_REMOTE_DYING_GASP: A remote Dying Gasp event occurred on GigabitEthernet1/0/1.

Explanation

This event occurs when you reboot the remote device and shut down the port.

Recommended action

Do not use this link until it recovers.

 

ETHOAM_REMOTE_ERROR_FRAME

Message text

An errored frame event occurred on the peer port [string].

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME: An errored frame event occurred on the peer port GigabitEthernet1/0/1.

Explanation

An errored frame event occurred on the peer.

Recommended action

Check the link.

 

ETHOAM_REMOTE_ERROR_FRAME_PERIOD

Message text

An errored frame period event occurred on the peer port [string].

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME_PERIOD: An errored frame period event occurred on the peer port GigabitEthernet1/0/1.

Explanation

An errored frame period event occurred on the peer port.

Recommended action

Check the link.

 

ETHOAM_REMOTE_ERROR_FRAME_SECOND

Message text

An errored frame seconds event occurred on the peer port [string].

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME_SECOND: An errored frame seconds event occurred on the peer port GigabitEthernet1/0/1.

Explanation

An errored frame seconds event occurred on the peer.

Recommended action

Check the link.

 

ETHOAM_REMOTE_ERROR_SYMBOL

Message text

An errored symbol event occurred on the peer port [string].

Variable fields

$1: Port name.

Severity level

6

Example

ETHOAM/6/ETHOAM_REMOTE_ERROR_SYMBOL: An errored symbol event occurred on the peer port GigabitEthernet1/0/1.

Explanation

An errored symbol event occurred on the peer.

Recommended action

Check the link.

 

ETHOAM_REMOTE_EXIT

Message text

OAM port [string] quits OAM connection because Ethernet OAM is disabled on the peer port.

Variable fields

$1: Port name.

Severity level

5

Example

ETHOAM/5/ ETHOAM_REMOTE_EXIT: OAM port GigabitEthernet1/0/1  quits OAM connection because Ethernet OAM is disabled on the peer port.

Explanation

The local port ended the OAM connection because Ethernet OAM was disabled on the peer port.

Recommended action

No action is required.

 

ETHOAM_REMOTE_FAILURE_RECOVER

Message text

Peer port [string] recovered.

Variable fields

$1: Port name.

Severity level

5

Example

ETHOAM/5/ ETHOAM_REMOTE_FAILURE_RECOVER: Peer port GigabitEthernet1/0/1 recovered.

Explanation

The Link fault was cleared from the peer port and the OAM connection was restored.

Recommended action

No action is required.

 

ETHOAM_REMOTE_LINK_FAULT

Message text

A remote Link Fault event occurred on [string].

Variable fields

$1: Port name.

Severity level

4

Example

ETHOAM/4/ETHOAM_REMOTE_LINK_FAULT: A remote Link Fault event occurred on GigabitEthernet1/0/1.

Explanation

The remote link went down.

Recommended action

Reconnect the Rx end of the fiber on the remote port.

 

ETHOAM_NO_ENOUGH_RESOURCE

Message text

OAM port [string] the configuration failed because of insufficient hardware resources.

Variable fields

$1: Port name.

Severity level

4

Example

ETHOAM/4/ ETHOAM_NO_ENOUGH_RESOURCE: GigabitEthernet1/0/1 the configuration failed because of insufficient hardware resources.

Explanation

The configuration failed on the OAM port because of insufficient hardware resources.

Recommended action

Release the resources, and execute the command again.

 

ETHOAM_NOT_CONNECTION_TIMEOUT

Message text

Port [string] quits Ethernet OAM because it received no Information OAMPDU before the timer times out.

Variable fields

$1: Port name.

Severity level

5

Example

ETHOAM/5/ ETHOAM_NOT_CONNECTION_TIMEOUT: Port GigabitEthernet1/0/1 quits Ethernet OAM because it received no Information OAMPDU before the timer times out.

Explanation

The local port ended Ethernet OAM because it had not received Information OAMPDUs before the timer timed out.

Recommended action

Check the link status or the OAM status on the peer.

 

EVB messages

This section contains EVB messages.

EVB_AGG_FAILED

Message text

Remove the port [STRING] from the aggregation group [STRING]. Otherwise, the EVB feature does not take effect.

Variable fields

$1: Port name.

$2: Aggregate interface name.

Severity level

6

Example

EVB/6/EVB_AGG_FAILED: Remove the port GigabitEthernet1/0/5 from the aggregation group Bridge-Aggregation5. Otherwise, the EVB feature does not take effect.

Explanation

The EVB bridge failed to process a port in an aggregation group.

Recommended action

Remove the port from the aggregation group.

 

EVB_VSI_OFFLINE

Message text

VSI [STRING] went offline.

Variable fields

$1: VSI name.

Severity level

6

Example

EVB/6/EVB_VSI_OFFLINE: VSI Schannel-Aggregation1:2.0 went offline.

Explanation

The VSI interface was deleted.

This event occurs in the following situations:

·     The EVB bridge receives a VDP packet from the EVB station.

·     The EVB bridge has not received an acknowledgement after a VDP packet times out.

Recommended action

No action is required.

 

EVB_VSI_ONLINE

Message text

VSI [STRING] came online, status is [STRING].

Variable fields

$1: VSI name.

$2: VSI status.

Severity level

6

Example

EVB/6/EVB_VSI_ONLINE: VSI Schannel-Aggregation1:2.0 came online, status is association.

Explanation

The EVB bridge received a VDP packet and created a VSI successfully.

Recommended action

No action is required.

 

EVB_WARNING_NO_LICENSE

Message text

License of the [STRING] feature will be expired in [UINT32] days. Install a permanent license.

Variable fields

$1: Feature name.

$2: Validity period of the license.

Severity level

6

Example

EVB/6/EVB_WARNING_NO_LICENSE: License of the EVB feature will be expired in 15 days. Install a permanent license.

Explanation

The EVB license on an MPU is about to expire.

Recommended action

Renew the license.

 

EVIISIS messages

This section contains EVI IS-IS messages.

EVIISIS_LICENSE

Message text

The EVIISIS feature has [STRING] license.

Variable fields

$1: License state:

¡  available—A valid license was found.

¡  no available—The current license became invalid, or no valid license was found.

Severity level

5

Example

EVIISIS/5/EVIISIS_LICENSE: The EVIISIS feature has available license.

Explanation

This message is generated when EVI IS-IS license status changes. For example, an EVI IS-IS license is installed or becomes invalid.

Recommended action

Install a valid EVI IS-IS license if the current EVI IS-IS license is invalid or no license is available.

 

EVIISIS_LICENSE_EXPIRED

Message text

The EVIISIS feature is being disabled, because its license has expired.

Variable fields

N/A

Severity level

3

Example

EVIISIS/3/EVIISIS_LICENSE_EXPIRED: The EVIISIS feature is being disabled, because its license has expired.

Explanation

The EVI IS-IS license has expired.

Recommended action

Install a valid license for EVI IS-IS.

 

EVIISIS_LICENSE_EXPIRED_TIME

Message text

The EVIISIS feature will be disabled in [ULONG] days.

Variable fields

$1: Available period of the feature.

Severity level

5

Example

EVIISIS/5/EVIISIS_LICENSE_EXPIRED_TIME: The EVIISIS feature will be disabled in 2 days.

Explanation

EVI IS-IS will be disabled because no EVI IS-IS license is available. After an active/standby MPU switchover, you can use EVI IS-IS only for 30 days if the new active MPU does not have an EVI IS-IS license.

Recommended action

Install a new license.

 

EVIISIS_LICENSE_UNAVAILABLE

Message text

The EVIISIS feature has no available license.

Variable fields

N/A

Severity level

3

Example

EVIISIS/3/EVIISIS_LICENSE_UNAVAILABLE: The EVIISIS feature has no available license.

Explanation

No license was found for EVI IS-IS when the EVI IS-IS process started.

Recommended action

Install a valid license for EVI IS-IS.

 

EVIISIS_MEM_ALERT

Message text

EVIISIS process receive system memory alert [STRING] event.

Variable fields

$1: Type of the memory alert.

Severity level

5

Example

EVIISIS/5/EVIISIS_MEM_ALERT: EVIISIS process receive system memory alert start event.

Explanation

EVI IS-IS received a memory alarm.

Recommended action

Check the system memory.

 

EVIISIS_NBR_CHG

Message text

EVIISIS [UINT32], [STRING] adjacency [STRING] ([STRING]), state change to: [STRING].

Variable fields

$1: EVI IS-IS process ID.

$2: EVI IS-IS neighbor level.

$3: Neighbor system ID.

$4: Interface name.

$5: Current adjacency state.

Severity level

5

Example

EVIISIS/5/EVIISIS_NBR_CHG: EVIISIS 1, Level-1 adjacency 0011.2200.1501 (Evi-Link0), state change to: down.

Explanation

The EVI IS-IS adjacency state changed on an interface.

Recommended action

If the adjacency with a neighbor changes to down or initializing on an interface, check for EVI IS-IS configuration errors and loss of network connectivity.

 

FILTER messages

This section contains filter messages.

FILTER_EXECUTION_ICMP

Message text

RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];IcmpType(1062)=[STRING]([UINT16]);IcmpCode(1063)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Direction.

$3: ACL type.

$4: ACL number or name.

$5: Layer 4 protocol name.

$6: Source IP address.

$7: Destination IP address.

$8: ICMP message type.

$9: ICMP message code.

$10: Match count.

$11: Event information.

Severity level

6

Example

FILTER/6/FILTER_EXECUTION_ICMP: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1067)=inbound;AclType(1064)=ACL;Acl(1065)=3000;Protocol(1001)=ICMP;SrcIPAddr(1003)=100.1.1.1;DstIPAddr(1007)=200.1.1.1;IcmpType(1059)=Echo(8);IcmpCode(1060)=0;MatchAclCount(1066)=1000;Event(1048)=Permit;

Explanation

ICMP packets matched the packet filter. This message is sent when the first ICMP packet of a flow matches the packet filter, and it will be sent regularly for the flow.

Recommended action

No action is required.

 

FILTER_EXECUTION_ICMPV6

Message text

RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];Icmpv6Type(1064)=[STRING]([UINT16]);Icmpv6Code(1065)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Direction.

$3: ACL type.

$4: ACL number or name.

$5: Layer 4 protocol name.

$6: Source IPv6 address.

$7: Destination IPv6 address.

$8: ICMPv6 message type.

$9: ICMPv6 message code.

$10: Match count.

$11: Event information.

Severity level

6

Example

FILTER/6/FILTER_EXECUTION_ICMPV6: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1067)=inbound;AclType(1064)=ACL;Acl(1065)=3000;Protocol(1001)=ICMPV6;SrcIPv6Addr(1036)=2001::1;DstIPv6Addr(1037)=3001::1;Icmpv6Type(1064)=Echo(128);Icmpv6Code(1065)=0;MatchAclCount(1066)=1000;Event(1048)=Permit;

Explanation

ICMPv6 packets matched the packet filter. This message is sent when the first ICMPv6 packet of a flow matches the packet filter, and it will be sent regularly for the flow.

Recommended action

No action is required.

 

FILTER_IPV4_EXECUTION

Message text

RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Direction.

$3: ACL type.

$4: ACL number or name.

$5: Layer 4 protocol name.

$6: Source IP address.

$7: Source port.

$8: Destination IP address.

$9: Destination port number.

$10: Match count.

$11: Event information.

Severity level

6

Example

FILTER/6/FILTER_IPV4_EXECUTION: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;AclType(1067)=ACL;Acl(1068)=3000;Protocol(1001)=TCP;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchAclCount(1069)=1000;Event(1048)=Permit;

Explanation

Packets other than ICMP packets matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and it will be sent regularly for the flow.

Recommended action

No action is required.

 

FILTER_IPV6_EXECUTION

Message text

RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING];

Variable fields

$1: Receiving interface name.

$2: Direction.

$3: ACL type.

$4: ACL number or name.

$5: Layer 4 protocol name.

$6: Source IPv6 address.

$7: Source port number.

$8: Destination IPv6 address.

$9: Destination port number.

$10: Match count.

$11: Event information.

Severity level

6

Example

FILTER/6/FILTER_IPV6_EXECUTION: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;AclType(1067)=ACL;Acl(1068)=3000;Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3001::1;DstPort(1008)=1026;MatchAclCount(1069)=1000;Event(1048)=Permit;

Explanation

IPv6 packets other than ICMPv6 packets matched the packet filter. This message is sent when the first IPv6 packet of a flow matches the packet filter, and it will be sent regularly for the flow.

Recommended action

No action is required.

 

FCOE messages

This section contains FCoE messages.

FCOE_INTERFACE_NOTSUPPORT_FCOE

Message text

Because the aggregate interface [STRING] has been bound to a VFC interface, assigning the interface [STRING] that does not support FCoE to the aggregate interface will cause incorrect processing.

Variable fields

$1: Aggregate interface name.

$2: Ethernet interface name.

Severity level

4

Example

FCOE/4/FCOE_INTERFACE_NOTSUPPORT_FCOE: Because the aggregate interface Bridge-Aggregation 1 has been bound to a VFC interface, assigning the interface Ten-GigabitEthernet 2/0/1 that does not support FCoE to the aggregate interface will cause incorrect processing.

Explanation

This message is generated when an interface that does not support FCoE is assigned to an aggregate interface that has been bound to a VFC interface.

Recommended action

Assign an interface that supports FCoE to the aggregate interface, or remove the binding from the VFC interface.

 

FCOE_LAGG_BIND_ACTIVE

Message text

The binding between aggregate interface [STRING] and the VFC interface takes effect again, because the member port is unbound from its bound VFC interface or removed from the aggregate interface.

Variable fields

$1: Aggregate interface name.

Severity level

4

Example

FCOE/4/FCOE_LAGG_BIND_ACTIVE: The binding between aggregate interface Bridge-Aggregation1 and the VFC interface takes effect again, because the member port is unbound from its bound VFC interface or removed from the aggregate interface.

Explanation

The binding between an aggregate interface and a VFC interface takes effect, because a member port of the aggregate interface was unbound from its bound VFC interface or removed from the aggregate interface.

Recommended action

No action is required.

 

FCOE_LAGG_BIND_DEACTIVE

Message text

The binding between aggregate interface [STRING] and the VFC interface is no longer in effect, because the new member port has been bound to a VFC interface.

Variable fields

$1: Aggregate interface name.

Severity level

4

Example

FCOE/4/FCOE_LAGG_BIND_DEACTIVE: The binding between aggregate interface Bridge-Aggregation1 and the VFC interface is no longer in effect, because the new member port has been bound to a VFC interface.

Explanation

The binding between an aggregate interface and a VFC interface is no longer in effect, because a member port of the aggregate interface was bound to a VFC interface.

Recommended action

No action is required.

 

FCOE_LICENSE_ERROR

Message text

No license is found for FCoE.

Variable fields

N/A

Severity level

3

Example

FCOE/3/FCOE_LICENSE_ERROR: No license is found for FCoE.

Explanation

No license is found for FCoE.

Recommended action

Install a license for FCoE.

 

FCOE_LICENSE_EXPIRED_EXIT

Message text

FCoE is unavailable because its license has expired.

Variable fields

N/A

Severity level

3

Example

FCOE/3/FCOE_LICENSE_EXPIRED_EXIT: FCoE is unavailable because its license has expired.

Explanation

The FCoE license has expired.

Recommended action

Install a valid license for FCoE.

 

FCOE_LICENSE_EXPIRED_TIME

Message text

FCoE will become unavailable in [ULONG] days.

Variable fields

$1: Available period of the feature.

Severity level

4

Example

FCOE/4/FCOE_LICENSE_EXPIRED_TIME: FCoE will become unavailable in 2 days.

Explanation

FCoE will be disabled because the FCoE license has expired. You can use FCoE for 30 days after the license is expired.

Recommended action

Install a new license.

 

FCLINK messages

This section contains FC link messages.

FCLINK_FDISC_REJECT_NORESOURCE

Message text

VSAN [UINT16], Interface [STRING]: An FDISC was rejected because the hardware resource is not enough.

Variable fields

$1: VSAN ID.

$2: Interface name.

Severity level

4

Example

FCLINK/4/FCLINK_FDISC_REJECT_NORESOURCE: VSAN 1, Interface FC2/0/1: An FDISC was rejected because the hardware resource is not enough.

Explanation

This event occurs if an FDISC packet is received when hardware resources are insufficient.

Recommended action

Reduce the number of nodes.

 

FCLINK_FLOGI_REJECT_NORESOURCE

Message text

VSAN [UINT16], Interface [STRING]: An FLOGI was rejected because the hardware resource is not enough.

Variable fields

$1: VSAN ID.

$2: Interface name.

Severity level

4

Example

FCLINK/4/FCLINK_FLOGI_REJECT_NORESOURCE: VSAN 1, Interface FC2/0/1: An FLOGI was rejected because the hardware resource is not enough.

Explanation

This event occurs if an FLOGI packet is received when hardware resources are insufficient.

Recommended action

Reduce the number of nodes.

 

FCZONE messages

This section contains FC zone messages.

FCZONE_HARDZONE_DISABLED

Message text

VSAN [UINT16]: No enough hardware resource for zone rule, switched to soft zoning.

Variable fields

$1: VSAN ID.

Severity level

2

Example

FCZONE/2/FCZONE_HARDZONE_DISABLED: VSAN 2: No enough hardware resource for zone rule, switched to soft zoning.

Explanation

This event occurs when hardware resources are insufficient.

Recommended action

Activate a smaller zone set.

 

FCZONE_HARDZONE_ENABLED

Message text

VSAN [UINT16]: Hardware resource for zone rule is restored, switched to hard zoning.

Variable fields

$1: VSAN ID.

Severity level

1

Example

FCZONE/1/FCZONE_HARDZONE_ENABLED: VSAN 2: Hardware resource for zone rule is restored, switched to hard zoning.

Explanation

Hard zoning in the VSAN was enabled because hardware resources were restored.

Recommended action

No action is required.

 

FIPS messages

This section contains FIP snooping messages.

FCOE_FIPS_HARD_RESOURCE_NOENOUGH

Message text

No enough hardware resource for FIP Snooping rule.

Variable fields

N/A

Severity level

4

Example

FIPS/4/FCOE_FIPS_HARD_RESOURCE_NOENOUGH: No enough hardware resource for FIP Snooping rule.

Explanation

This message is generated if hardware resources are insufficient.

Recommended action

No action is required.

 

FCOE_FIPS_HARD_RESOURCE_RESTORE

Message text

Hardware resource for FIP Snooping rule is restored.

Variable fields

N/A

Severity level

6

Example

FIPS/6/FCOE_FIPS_HARD_RESOURCE_RESTORE: Hardware resource for FIP Snooping is restored.

Explanation

This message is generated when hardware resources for FIP snooping rules are restored.

Recommended action

No action is required.

 

FTPD messages

This section contains FTP messages.

FTPD_REACH_SESSION_LIMIT

Message text

FTP client [IPADDR] failed to log in. Number of FTP sessions reached the limit.

Variable fields

$1: IP address of an FTP client.

Severity level

6

Example

FTPD/6/FTPD_REACH_SESSION_LIMIT: FTP client 1.1.1.1 failed to log in. Number of FTP sessions reached the limit.

Explanation

Number of online FTP users already reached the limit.

Recommended action

No action is required.

 

FTPD_AUTHOR_FAILED

Message text

Authorization failed for user [STRING]@[STRING].

Variable fields

$1: Username.

$2: User IP address.

Severity level

6

Example

FTPD/6/FTPD_AUTHOR_FAILED: Authorization failed for user admin@10.11.115.63.

Explanation

Authorization failed for an FTP user.

Recommended action

Verify that the FTP service is assigned to the user.

 

HA messages

This section contains HA messages.

HA_BATCHBACKUP_FINISHED

Message text

Batch backup of standby board in [STRING] is finished.

Variable fields

$1: MPU location.

Severity level

5

Example

HA/5/HA_BATCHBACKUP_FINISHED: Batch backup of standby board in chassis 0 slot 1 is finished.

Explanation

Batch backup from the active MPU to the standby MPU was finished.

Recommended action

No action is required.

 

HA_BATCHBACKUP_STARTED

Message text

Batch backup(s) of standby board(s) in [STRING] started.

Variable fields

$1: MPU location.

Severity level

5

Example

HA/5/HA_BATCHBACKUP_STARTED: Batch backup(s) of standby board(s) in chassis 0 slot 1 started.

Explanation

Batch backup from the active MPU to the standby MPU started.

Recommended action

No action is required.

 

HA_STANDBY_NOT_READY

Message text

Standby board in [STRING] is not ready, reboot ...

Variable fields

$1: MPU location.

Severity level

4

Example

HA/4/HA_STANDBY_NOT_READY: Standby board in chassis 0 slot 1 is not ready, reboot ...

Explanation

Both the active and standby MPUs were rebooted.

This event occurs if you perform an active/standby switchover while the standby MPU is backing up the configuration in bulk.

Recommended action

Do not perform an active/standby switchover before the standby MPU completes the batch backup.

 

HA_STANDBY_TO_MASTER

Message text

Standby board in [STRING] changes to master.

Variable fields

$1: MPU location.

Severity level

5

Example

HA/5/HA_STANDBY_TO_MASTER: Standby board in chassis 0 slot 1 changes to master.

Explanation

The standby MPU changed to active.

Recommended action

No action is required.

 

HTTPD messages

This section contains HTTP daemon messages.

HTTPD_CONNECT

Message text

[STRING] client [STRING] connected to the server successfully.

Variable fields

$1: Connection type, HTTP or HTTPS.

$2: Client IP address.

Severity level

6

Example

HTTPD/6/HTTPD_CONNECT: HTTP client 192.168.30.117 connected to the server successfully.

Explanation

The HTTP or HTTPS server accepted the request from a client. The HTTP or HTTPS connection was set up.

Recommended action

No action is required.

 

HTTPD_CONNECT_TIMEOUT

Message text

[STRING] client [STRING] connection idle timeout.

Variable fields

$1: Connection type, HTTP or HTTPS.

$2: Client IP address.

Severity level

6

Example

HTTPD/6/HTTPD_CONNECT_TIMEOUT: HTTP client 192.168.30.117 connection to server idle timeout.

Explanation

An HTTP or HTTPS connection was disconnected because its idle timeout timer expired.

Recommended action

No action is required.

 

HTTPD_DISCONNECT

Message text

[STRING] client [STRING] disconnected from the server.

Variable fields

$1: Connection type, HTTP or HTTPS.

$2: Client IP address.

Severity level

6

Example

HTTPD/6/HTTPD_DISCONNECT: HTTP client 192.168.30.117 disconnected from the server.

Explanation

An HTTP or HTTPS client was disconnected from the server.

Recommended action

No action is required.

 

HTTPD_FAIL_FOR_ACL

Message text

[STRING] client [STRING] failed the ACL check and could not connect to the server.

Variable fields

$1: Connection type, HTTP or HTTPS.

$2: Client IP address.

Severity level

6

Example

HTTPD/6/HTTPD_FAIL_FOR_ACL: HTTP client 192.168.30.117 failed the ACL check and cannot connect to the server.

Explanation

An HTTP or HTTPS client was filtered by the ACL.

Recommended action

No action is required.

 

HTTPD_FAIL_FOR_ACP

Message text

[STRING] client [STRING] was denied by the certificate access control policy and could not connect to the server.

Variable fields

$1: Connection type, HTTP or HTTPS.

$2: Client IP address.

Severity level

6

Example

HTTPD/6/HTTPD_FAIL_FOR_ACP: HTTP client 192.168.30.117 was denied by the certificate attribute access control policy and could not connect to the server.

Explanation

An HTTP or HTTPS client was denied by the certificate access control policy.

Recommended action

No action is required.

 

HTTPD_REACH_CONNECT_LIMIT

Message text

[STRING] client [STRING] failed to connect to the server, because the number of connections reached the upper limit.

Variable fields

$1: Connection type, HTTP or HTTPS.

$2: Client IP address.

Severity level

6

Example

HTTPD/6/HTTPD_REACH_CONNECT_LIMIT: HTTP client 192.168.30.117 failed to connect to the server, because the number of connections reached the upper limit.

Explanation

The number of connections reached the limit.

Recommended action

No action is required.

 

IFNET messages

This section contains interface management messages.

IF_BUFFER_CONGESTION_OCCURRENCE

Message text

[STRING] congestion occurs on queue [UINT32] of [STRING].

Variable fields

$1: Buffer type, ingress or egress.

$2: Queue ID in the range of 0 to 7.

$3: Interface name.

Severity level

4

Example

IFNET/4/IF_BUFFER_CONGESTION_OCCURRENCE: Ingress congestion occurs on queue 1 of GigabitEthernet 1/0/1.

Explanation

Congestion occurred in the ingress buffer for queue 1 on GigabitEthernet 1/0/1.

Recommended action

Check the network status.

 

IFNET_MAD

Message text

Multi-active devices detected, please fix it.

Variable fields

N/A

Severity level

1

Example

IFNET/1/IFNET_MAD: Multi-active devices detected, please fix it.

Explanation

MAD detected multiple identical active IRF fabrics. This message appears when an IRF fabric splits.

Recommended action

Check the IRF connections for a link failure, and use the IRF configuration guide as a reference to merge the split IRF fabrics.

 

INTERFACE_INSERTED

Message text

Interface [STRING] is inserted.

Variable fields

$1: Interface name.

Severity level

6

Example

IFNET/6/INTERFACE_INSERTED: Interface GigabitEthernet1/0/1 is inserted.

Explanation

An interface was added.

Recommended action

No action is required.

 

INTERFACE_REMOVED

Message text

Interface [STRING] is removed.

Variable fields

$1: Interface name.

Severity level

6

Example

IFNET/6/INTERFACE_REMOVED: Interface GigabitEthernet1/0/1 is removed.

Explanation

An interface was removed.

Recommended action

No action is required.

 

LINK_UPDOWN

Message text

Line protocol on the interface [STRING] is [STRING].

Variable fields

$1: Interface name.

$2: State of link layer protocol.

Severity level

5

Example

IFNET/5/LINK_UPDOWN: Line protocol on the interface GigabitEthernet1/0/1 is down.

Explanation

The state of the link layer protocol changed on an interface.

Recommended action

No action is required.

 

PHY_UPDOWN

Message text

[STRING]: link status is [STRING].

Variable fields

$1: Interface name.

$2: Link state.

Severity level

3

Example

IFNET/3/PHY_UPDOWN: GigabitEthernet1/0/1: link status is down.

Explanation

The link state changed on an interface.

Recommended action

No action is required.

 

PROTOCOL_UPDOWN

Message text

Protocol [STRING] on the interface [STRING] is [STRING].

Variable fields

$1: Protocol name.

$2: Interface name.

$3: Protocol state.

Severity level

5

Example

IFNET/5/PROTOCOL_UPDOWN: Protocol IPX on the interface GigabitEthernet1/0/1 is up.

Explanation

The state of a protocol changed on an interface.

Recommended action

No action is required.

 

VLAN_MODE_CHANGE

Message text

Dynamic VLAN [INT32] has changed to a static VLAN.

Variable fields

$1: VLAN ID.

Severity level

5

Example

IFNET/5/VLAN_MODE_CHANGE: Dynamic VLAN 20 has changed to a static VLAN.

Explanation

Creating a VLAN interface for a VLAN cause the dynamic VLAN to become a static VLAN.

Recommended action

No action is required.

 

IKE messages

This section contains IKE messages.

IKE_P1_SA_ESTABLISH_FAIL

Message text

Failed to establish phase 1 SA for the reason of [STRING]. The SA’s source address is [STRING], and its destination address is [STRING].

Variable fields

$1: no matching proposal | invalid ID information | unavailable certificate | unsupported DOI | unsupported situation | invalid proposal syntax | invalid SPI | invalid protocol ID | invalid certificate | authentication failure | invalid message header | invalid transform ID | malformed payload | retransmission timeout | incorrect configuration.

$2: Source address.

$3: Destination address.

Severity level

6

Example

IKE/6/IKE_P1_SA_ESTABLISH_FAIL: Failed to establish phase 1 SA for the reason of no matching proposal. The SA’s source address is 1.1.1.1 and its destination address is 2.2.2.2.

Explanation

An IKE SA was not established because of the displayed reason.

Recommended action

Check the IKE configuration on the local and remote devices.

 

IKE_P2_SA_ESTABLISH_FAIL

Message text

Failed to establish phase 2 SA for the reason of [STRING]. The SA’s source address is [STRING], and its destination address is [STRING].

Variable fields

$1: invalid key information | invalid ID information | unavailable proposal | unsupported DOI | unsupported situation | invalid proposal syntax |  invalid SPI | invalid protocol ID | invalid hash information | invalid message header | malformed payload | retransmission timeout | incorrect configuration.

$2: Source address.

$3: Destination address.

Severity level

6

Example

IKE/6/IKE_P2_SA_ESTABLISH_FAIL: Failed to establish phase 2 SA for the reason of invalid key information. The SA’s source address is 1.1.1.1, and its destination address is 2.2.2.2.

Explanation

An IPsec SA was not established because of the displayed reason.

Recommended action

Check the IKE and IPsec configurations on the local and remote devices.

 

IKE_P2_SA_TERMINATE

Message text

The IKE phase 2 SA was deleted for the reason of [STRING]. The SA’s source address is [STRING], and its destination address is [STRING].

Variable fields

$1: Reason that the SA is deleted, which is SA expiration.

$2: Source address.

$3: Destination address.

Severity level

6

Example

IKE/6/IKE_P2_SA_TERMINATE: The IKE phase 2 SA was deleted for the reason of SA expiration. The SA’s source address is 1.1.1.1, and its destination address is 2.2.2.2.

Explanation

An IPsec SA was deleted because it expired.

Recommended action

No action is required.

 

IPSEC messages

This section contains IPsec messages.

IPSEC_PACKET_DISCARDED

Message text

IPsec packet discarded, Src IP:[STRING], Dst IP:[STRING], SPI:[UINT32], SN:[UINT32], Cause:[STRING].

Variable fields

$1: Source IP address.

$2: Destination IP address.

$3: Security parameter index (SPI).

$4: Sequence number of the packet.

$5: Reason for dropping this packet:

¡     Anti-replay checking failed.

¡     AH authentication failed.

¡     ESP authentication failed.

¡     Invalid SA.

¡     ESP decryption failed.

¡     Source address of packet does not match the SA.

¡     No ACL rule matched.

Severity level

6

Example

IPSEC/6/IPSEC_PACKET_DISCARDED: IPsec packet discarded, Src IP:1.1.1.2, Dest IP:1.1.1.4, SPI:1002, SN:0, Cause:ah authentication failed

Explanation

An IPsec packet was dropped. Possible reasons include anti-replay checking failed, AH/ESP authentication failed, invalid SA, ESP decryption failed, source address of packet did not match the SA, and no ACL rule matched.

Recommended action

No action is required.

 

IPSEC_SA_ESTABLISH

Message text

Established IPsec SA. The SA’s source address is [STRING], destination address is [STRING], protocol is [STRING], and SPI is [UINT32].

Variable fields

$1: Source address.

$2: Destination address.

$3: Security protocol.

$4: SPI.

Severity level

6

Example

IPSEC/6/IPSEC_SA_ESTABLISH: Established IPsec SA. The SA’s source address is 1.1.1.1, destination address is 2.2.2.2, protocol is AH, and SPI is 2435.

Explanation

An IPsec SA was established.

Recommended action

No action is required.

 

IPSEC_SA_ESTABLISH_FAIL

Message text

Failed to establish IPsec SA for the reason of [STRING]. The SA’s source address is [STRING], and its destination address is [STRING].

Variable fields

$1: Reason for the IPsec SA establishment failure:

¡     Tunnel establishment failure.

¡     Incomplete configuration.

¡     Unavailable transform set.

$2: Source address.

$3: Destination address.

Severity level

6

Example

IPSEC/6/IPSEC_SA_ESTABLISH_FAIL: Failed to establish IPsec SA for the reason of creating tunnel failure. The SA’s source address is 1.1.1.1, and its destination address is 2.2.2.2.

Explanation

An IPsec SA was not established. Possible reasons include tunnel establishment failure, incomplete configuration, and unavailable transform set.

Recommended action

Verify the IPsec configuration on the local and remote devices.

IPSEC_SA_INITINATION

Message text

Began to establish IPsec SA. The SA’s source address is [STRING], and its destination address is [STRING].

Variable fields

$1: Source address.

$2: Destination address.

Severity level

6

Example

IPSEC/6/IPSEC_SA_INITINATION: Began to establish IPsec SA. The SA’s source address is 1.1.1.1, and its destination address is 2.2.2.2.

Explanation

An IPsec SA was being established.

Recommended action

No action is required.

 

IPSEC_SA_TERMINATE

Message text

The IPsec SA was deleted for the reason of [STRING]. The SA’s source address is [STRING], destination address is [STRING], protocol is [STRING], and SPI is [UINT32].

Variable fields

$1: Reason for the IPsec SA removal:

¡     SA idle timeout.

¡     reset command executed.

$2: Source address.

$3: Destination address.

$4: Security protocol.

$5: SPI.

Severity level

6

Example

IPSEC/6/IPSEC_SA_TERMINATE: The IPsec SA was deleted for the reason of SA idle timeout. The SA’s source address is 1.1.1.1, destination address is 2.2.2.2, protocol is ESP, and SPI is 34563.

Explanation

An IPsec SA was deleted. Possible reasons include SA idle timeout and using the reset command.

Recommended action

No action is required.

 

IPSG messages

This section contains IPSG messages.

IPSG_ADDENTRY_ERROR

Message text

Failed to add an IP source guard binding (IP [STRING], MAC [STRING], and VLAN [UINT16]) on interface [STRING]. [STRING].

Variable fields

$1: IP address. If you do not specify an IP address, this field displays N/A.

$2: MAC address. If you do not specify a MAC address, this field displays N/A.

$3: VLAN ID. If you do not specify a VLAN, this field displays 65535.

$4: Interface name. If you do not specify an interface, this field displays N/A.

$5: Failure reason. Available options include:

¡     Feature not supported

¡     Resources not sufficient

¡     Unknown error

Severity level

6

Example

IPSG/6/IPSG_ADDENTRY_ERROR: Failed to add an IP source guard binding (IP 1.1.1.1, MAC 0001-0001-0001, and VLAN 1) on interface Vlan-interface1. Resources not sufficient.

Explanation

IPSG failed to issue a static or dynamic IPSG binding. The message is sent in any of the following situations:

·     The IPSG feature is not supported.

·     The hardware resources are not sufficient for the operation.

·     An unknown error occurs.

Recommended action

To resolve the problem, you can perform the following tasks:

·     Clear the memory to release hardware resources when the failure is caused by insufficient hardware resources.

·     Add the IPSG binding again if you are adding a static binding.

·     Contact H3C Support if the failure is caused by an unknown error.

 

IPSG_DELENTRY_ERROR

Message text

Failed to delete an IP source guard binding (IP [STRING], MAC [STRING], and VLAN [UINT16]) on interface [STRING]. [STRING].

Variable fields

$1: IP address. If you do not specify an IP address, this field displays N/A.

$2: MAC address. If you do not specify a MAC address, this field displays N/A.

$3: VLAN ID. If you do not specify a VLAN, this field displays 65535.

$4: Interface name. If you do not specify an interface, this field displays N/A.

$5: Failure reason. Available options include:

¡     Feature not supported

¡     Unknown error

Severity level

6

Example

IPSG/6/IPSG_DELENTRY_ERROR: Failed to delete an IP source guard binding (IP 1.1.1.1, MAC 0001-0001-0001, and VLAN 1) on interface Vlan-interface1. Unknown error.

Explanation

IPSG failed to delete a global static IPSG binding. The message is sent in any of the following situations:

·     The IPSG feature is not supported.

·     An unknown error occurs.

Recommended action

To resolve the problem, you can perform the following tasks:

·     Delete the global static IPSG binding again.

·     Contact H3C Support if the failure is caused by an unknown error.

 

IPSG_ADDEXCLUDEDVLAN_ERROR

Message text

Failed to add excluded VLANs (start VLAN [UINT16] to end VLAN [UINT16]). [STRING].

Variable fields

$1: Start VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering.

$2: End VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering.

$3: Failure reason. Available options include:

¡     Feature not supported

¡     Resources not sufficient

¡     Unknown error

Severity level

6

Example

IPSG/6/IPSG_ADDEXCLUDEDVLAN_ERROR: -MDC=1-Slot=4; Failed to add excluded VLANs (start VLAN 1 to end VLAN 5). Resources not sufficient.

Explanation

IPSG failed to issue the specified excluded VLANs. The message is sent in any of the following situations:

·     Excluded VLANs are not supported.

·     The hardware resources are not sufficient for the operation.

·     An unknown error occurs.

Recommended action

To resolve the problem, you can perform the following tasks:

·     Clear the memory to release hardware resources when the failure is caused by insufficient hardware resources. Then configure the excluded VLANs again.

·     Contact H3C Support if the failure is caused by an unknown error.

 

IPSG_DELEXCLUDEDVLAN_ERROR

Message text

Failed to delete excluded VLANs (start VLAN [UINT16] to end VLAN [UINT16]). [STRING].

Variable fields

$1: Start VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering.

$2: End VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering.

$3: Failure reason. Available options include:

¡     Feature not supported

¡     Resources not sufficient

¡     Unknown error

Severity level

6

Example

IPSG/6/IPSG_DELEXCLUDEDVLAN_ERROR: -MDC=1-Slot=4; Failed to delete excluded VLANs (start VLAN 1 to end VLAN 5). Resources not sufficient.

Explanation

IPSG failed to delete the specified excluded VLANs. The message is sent in any of the following situations:

·     Excluded VLANs are not supported.

·     The hardware resources are not sufficient for the operation.

·     An unknown error occurs.

Recommended action

To resolve the problem, you can perform the following tasks:

·     Clear the memory to release hardware resources when the failure is caused by insufficient hardware resources. Then delete the excluded VLANs again.

·     Contact H3C Support if the failure is caused by an unknown error.

 

IRDP messages

This section contains IRDP messages.

IRDP_EXCEED_ADVADDR_LIMIT

Message text

The number of advertisement addresses on interface [STRING] exceeded the limit 255.

Variable fields

$1: Interface name.

Severity level

6

Example

IRDP/6/IRDP_EXCEED_ADVADDR_LIMIT: The number of advertisement addresses on interface GigabitEthernet1/0/2 exceeded the limit 255.

Explanation

The number of addresses to be advertised on an interface exceeded the upper limit.

Recommended action

Remove unused addresses on the interface.

 

ISIS messages

This section contains IS-IS messages.

ISIS_MEM_ALERT

Message text

ISIS Process receive system memory alert  [STRING] event.

Variable fields

$1: Type of the memory alarm.

Severity level

5

Example

ISIS/5/ISIS_MEM_ALERT: ISIS Process receive system memory alert start event.

Explanation

IS-IS received a memory alarm.

Recommended action

Check the system memory.

 

ISIS_NBR_CHG

Message text

IS-IS [UINT32], [STRING] adjacency %s (%s), state change to: %s.

Variable fields

$1: IS-IS process ID.

$2: Neighbor level.

$2: Neighbor ID.

$3: Interface name.

$4: Current adjacency state.

Severity level

5

Example

ISIS/5/ISIS_NBR_CHG: IS-IS 1, Level-1 adjacency 0000.0000.8888 (Eth1/4/1/3), state change to:DOWN.

Explanation

The IS-IS adjacency state changed on an interface.

Recommended action

When the adjacency with a neighbor changes to down on an interface, check for IS-IS configuration errors and loss of network connectivity.

 

ISSU messages

This section contains ISSU messages.

ISSU_ROLLBACKCHECKNORMAL

Message text

The rollback might not be able to restore the previous version for [STRING] because the status is not normal.

Variable fields

$1: Slot number of an MPU, such as slot 1 or chassis 1 slot 2.

Severity level

4

Example

ISSU/4/ISSU_ROLLBACKCHECKNORMAL: The rollback might not be able to restore the previous version for chassis 1 slot 2 because the state is not normal.

Explanation

While an ISSU was in switching state, a user executed the issu rollback command or the ISSU automatic-rollback timer expired. However, the status of the MPU was not normal.

Recommended action

No action is required.

 

ISSU_PROCESSWITCHOVER

Message text

Switchover completed. The standby process became the active process.

Variable fields

N/A

Severity level

5

Example

ISSU/5/ISSU_PROCESSWITCHOVER: Switchover completed. The standby process became the active process.

Explanation

A user executed the issu run switchover command.

Recommended action

No action is required.

 

L2PT messages

This section contains L2PT messages.

L2PT_SET_MULTIMAC_FAILED

Message text

Failed to set a tunnel destination MAC address to [MAC].

Variable fields

$1: MAC address.

Severity level

4

Example

L2PT/4/L2PT_SET_MULTIMAC_FAILED: Failed to set a tunnel destination MAC address to 010f-e200-0003.

Explanation

Failed to specify the destination multicast MAC address for tunneled packets.

Recommended action

No action is required.

 

L2PT_CREATE_TUNNELGROUP_FAILED

Message text

Failed to create a VLAN tunnel group for [STRING].

Variable fields

$1: Protocol name.

Severity level

4

Example

L2PT/4/L2PT_CREATE_TUNNELGROUP_FAILED: Failed to create a VLAN tunnel group for STP.

Explanation

Failed to create a VLAN tunnel group for a protocol.

Recommended action

No action is required.

 

L2PT_ADD_GROUPMEMBER_FAILED

Message text

Failed to add [STRING] as a member to the VLAN tunnel group for [STRING].

Variable fields

$1: Interface name.

$2: Protocol name.

Severity level

4

Example

L2PT/4/L2PT_ADD_GROUPMEMBER_FAILED: Failed to add GigabitEthernet2/0/1 as a member to the VLAN tunnel group for STP.

Explanation

Failed to add an interface to a VLAN tunnel group for a protocol.

Recommended action

No action is required.

 

L2PT_ENABLE_DROP_FAILED

Message text

Failed to enable [STRING] packet drop on [STRING].

Variable fields

$1: Protocol name.

$2: Interface name.

Severity level

4

Example

L2PT/4/L2PT_ENABLE_DROP_FAILED: Failed to enable STP packet drop on GigabitEthernet2/0/1.

Explanation

Failed to enable L2PT drop for a protocol on an interface.

Recommended action

No action is required.

 

L2VPN messages

This section contains L2VPN messages.

L2VPN_HARD_RESOURCE_NOENOUGH

Message text

No enough hardware resource for L2VPN.

Variable fields

N/A

Severity level

4

Example

L2VPN/4/L2VPN_HARD_RESOURCE_NOENOUGH: No enough hardware resource for L2VPN.

Explanation

Hardware resources for L2VPN were insufficient.

Recommended action

Check whether unnecessary VSIs, PWs, or ACs had been generated. If yes, delete them.

 

L2VPN_HARD_RESOURCE_RESTORE

Message text

Hardware resource for L2VPN is restored.

Variable fields

N/A

Severity level

6

Example

L2VPN/6/L2VPN_HARD_RESOURCE_RESTORE: Hardware resource for L2VPN is restored.

Explanation

Hardware resources for L2VPN restored.

Recommended action

No action is required.

 

LAGG messages

This section contains link aggregation messages.

LACP_MAD_INTERFACE_CHANGE_STATE

Message text

[STRING] used for LACP MAD changed to the [STRING] state.

Variable fields

$1: Aggregate interface name.

$2: LACP MAD status of the aggregate interface: failure or normal.

Severity level

5

Example

LAGG/5/LACP_MAD_INTERFACE_CHANGE_STATE: Bridge-Aggregation1 used for LACP MAD changed to the failure state.

Explanation

The LACP MAD status of an aggregate interface changed.

Recommended action

If the LACP MAD status of an aggregate interface changed to failure, you can perform the following tasks:

·     Check whether the aggregate interface is down.

·     Check whether the peer supports LACP MAD.

 

LAGG_ACTIVE

Message text

Member port [STRING] of aggregation group [STRING] became active.

Variable fields

$1: Port name.

$2: Link aggregation group type and ID.

Severity level

6

Example

LAGG/6/LAGG_ACTIVE: Member port FGE1/0/50 of aggregation group BAGG1 became active.

Explanation

A member port in an aggregation group changed to the Selected state.

Recommended action

No action is required.

 

LAGG_INACTIVE_AICFG

Message text

Member port [STRING] of aggregation group [STRING] became inactive, because the aggregation configuration of the port is different from that of the aggregation group.

Variable fields

$1: Port name.

$2: Link aggregation group type and ID.

Severity level

6

Example

LAGG/6/LAGG_INACTIVE_AICFG: Member port FGE1/0/50 of aggregation group BAGG1 became inactive, because the aggregation configuration of the port is different from that of the aggregation group.

Explanation

A member port in an aggregation group changed to the Unselected state because the member port and the aggregate interface had different attribute configurations.

Recommended action

Modify the attribute configurations of the member port to be consistent with the aggregate interface.

 

LAGG_INACTIVE_CONFIGURATION

Message text

Member port [STRING] of aggregation group [STRING] became inactive, because the aggregation configuration on the port is improper.

Variable fields

$1: Port name.

$2: Link aggregation group type and ID.

Severity level

6

Example

LAGG/6/LAGG_INACTIVE_CONFIGURATION: Member port FGE1/0/50 of aggregation group BAGG1 became inactive, because the aggregation configuration on the port is improper.

Explanation

A member port in an aggregation group changed to the Unselected state because the member port and the aggregate interface had different aggregation configuration.

Recommended action

No action is required.

 

LAGG_INACTIVE_DUPLEX

Message text

Member port [STRING] of aggregation group [STRING] became inactive, because the duplex mode configuration on the port is improper.

Variable fields

$1: Port name.

$2: Link aggregation group type and ID.

Severity level

6

Example

LAGG/6/LAGG_INACTIVE_DUPLEX: Member port FGE1/0/50 of aggregation group BAGG1 became inactive, because the duplex mode configuration on the port is improper.

Explanation

A member port in an aggregation group changed to the Unselected state because the duplex mode was different between the member port and the Selected ports.

Recommended action

Change the duplex mode of the member port to be the same as the Selected ports.

 

LAGG_INACTIVE_HARDWAREVALUE

Message text

Member port [STRING] of aggregation group [STRING] became inactive, because the hardware restriction on the port is improper.

Variable fields

$1: Port name.

$2: Link aggregation group type and ID.

Severity level

6

Example

LAGG/6/LAGG_INACTIVE_HARDWAREVALUE: Member port FGE1/0/50 of aggregation group BAGG1 became inactive, because the hardware restriction on the port is improper.

Explanation

A member port in an aggregation group changed to the Unselected state because of the port's hardware restriction.

Recommended action

No action is required.

 

LAGG_INACTIVE_LOWER_LIMIT

Message text

Member port [STRING] of aggregation group [STRING] became inactive, because the number of active ports is below the lower limit.

Variable fields

$1: Port name.

$2: Link aggregation group type and ID.

Severity level

6

Example

LAGG/6/LAGG_INACTIVE_LOWER_LIMIT: Member port FGE1/0/50 of aggregation group BAGG1 became inactive, because the number of active ports is below the lower limit.

Explanation

A member port in an aggregation group was placed in Unselected state because the required minimum number of Selected ports was not reached.

Recommended action

Make sure the minimum number of Selected ports is met.

 

LAGG_INACTIVE_PARTNER

Message text

Member port [STRING] of aggregation group [STRING] became inactive, because the aggregation configuration of its partner is improper.

Variable fields

$1: Port name.

$2: Link aggregation group type and ID.

Severity level

6

Example

LAGG/6/LAGG_INACTIVE_PARTNER: Member port FGE1/0/50 of aggregation group BAGG1 became inactive, because the aggregation configuration of its partner is improper.

Explanation

A member port in an aggregation group changed to the Unselected state because the port's partner changed to the Unselected state.

Recommended action

No action is required.

 

LAGG_INACTIVE_PHYSTATE

Message text

Member port [STRING] of aggregation group [STRING] became inactive, because the physical state of the port is down.

Variable fields

$1: Port name.

$2: Link aggregation group type and ID.

Severity level

6

Example

LAGG/6/LAGG_INACTIVE_PHYSTATE: Member port FGE1/0/50 of aggregation group BAGG1 became inactive, because the physical state of the port is down.

Explanation

A member port in an aggregation group changed to the Unselected state because the port went down.

Recommended action

Bring up the member port.

 

LAGG_INACTIVE_RESOURCE_INSUFICIE

Message text

Member port [STRING] of aggregation group [STRING] became inactive, because all aggregate resources are occupied.

Variable fields

$1: Port name.

$2: Link aggregation group type and ID.

Severity level

6

Example

LAGG/6/LAGG_INACTIVE_RESOURCE_INSUFICIE: Member port FGE1/0/50 of aggregation group BAGG1 became inactive, because all aggregate resources are occupied.

Explanation

A member port in an aggregation group changed to the Unselected state because all aggregation resources were used.

Recommended action

No action is required.

 

LAGG_INACTIVE_SPEED

Message text

Member port [STRING] of aggregation group [STRING] became inactive, because the speed configuration on the port is improper.

Variable fields

$1: Port name.

$2: Link aggregation group type and ID.

Severity level

6

Example

LAGG/6/LAGG_INACTIVE_SPEED: Member port FGE1/0/50 of aggregation group BAGG1 became inactive, because the speed configuration on the port is improper.

Explanation

A member port in an aggregation group changed to the Unselected state because the speed was different between the member port and the Selected ports.

Recommended action

Change the speed of the member port to be the same as the Selected ports.

 

LAGG_INACTIVE_UPPER_LIMIT

Message text

Member port [STRING] of aggregation group [STRING] became inactive, because the number of active ports has reached the upper limit.

Variable fields

$1: Port name.

$2: Link aggregation group type and ID.

Severity level

6

Example

LAGG/6/LAGG_INACTIVE_UPPER_LIMIT: Member port FGE1/0/50 of aggregation group BAGG1 became inactive, because the number of active ports has reached the upper limit.

Explanation

The number of Selected ports reached the upper limit in a dynamic aggregation group. A member port in the aggregation group changed to the Unselected state because a more eligible port joined the aggregation group.

Recommended action

No action is required.

 

LDP messages

This section contains LDP messages.

LDP_SESSION_CHG

Message text

Session ([STRING], [STRING]) is [STRING].

Variable fields

$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained.

$2: VPN instance's name. Value public instance indicates that the session belongs to the public network.

$3: State of the session, up or down. When the state is down, the reason why the session becomes down is bracketed. Reasons include:

¡     interface not operational.

¡     MPLS disabled on interface.

¡     LDP disabled on interface.

¡     LDP auto-configure disabled on interface.

¡     VPN instance changed on interface.

¡     LDP instance deleted.

¡     targeted peer deleted.

¡     L2VPN disabled targeted peer.

¡     TE tunnel disabled targeted peer.

¡     session protection disabled targeted peer.

¡     process deactivated.

¡     failed to receive the initialization message.

¡     graceful restart reconnect timer expired.

¡     failed to recover adjacency by NSR.

¡     failed to upgrade session by NSR.

¡     closed the GR session.

¡     keepalive hold timer expired.

¡     adjacency hold timer expired.

¡     session reset manually.

¡     TCP connection down.

¡     received a fatal notification message.

¡     internal error.

¡     memory in critical state.

¡     transport address changed on interface.

Severity level

5

Example

LDP/5/LDP_SESSION_CHG: Session (22.22.22.2:0, public instance) is up.

LDP/5/LDP_SESSION_CHG: Session (22.22.22.2:0, VPN instance: vpn1) is down (hello hold timer expired).

Explanation

The session state changed.

Recommended action

1.     When the session state comes up, no action is required.

2.     When the session state goes down, check the interface state, link state, and other configurations depending on the reason displayed.

 

LDP_SESSION_GR

Message text

Session ([STRING], [STRING]): ([STRING]).

Variable fields

$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained.

$2: VPN instance's name. Value public instance indicates that the session belongs to the public network.

$3: State of the session graceful restart:

¡     Start reconnection.

¡     Reconnection failed.

¡     Start recovery.

¡     Recovery completed.

Severity level

5

Example

LDP/5/LDP_SESSION_GR: Session (22.22.22.2:0, VPN instance: vpn1): Start reconnection.

Explanation

When a GR-capable LDP session went down, LDP GR started. This message is generated during the GR of the LDP session, indicating the current GR state.

Recommended action

1.     Check for the reason of session graceful restart, which can be obtained from the LDP_SESSION_CHG log message.

2.     When the graceful restart state Reconnection failed is displayed, verify the interface state, link state, and other configurations according to the reason for the session graceful restart. No action is required for other graceful restart states.

 

LDP_SESSION_SP

Message text

Session ([STRING], [STRING]): ([STRING]).

Variable fields

$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained.

$2: VPN instance's name. Value public instance indicates that the session belongs to the public network.

$3: State of the session protection:

¡     Hold up the session.

¡     Session recovered successfully.

¡     Session recovery failed.

Severity level

5

Example

LDP/5/LDP_SESSION_SP: Session (22.22.22.2:0, VPN instance: vpn1): Hold up the session.

Explanation

When the last hello adjacency of the session was removed, session protection started. This message is generated during the session protection process, indicating the current session protection state.

Recommended action

Verify the interface state and link state.

 

LDP_MPLSLSRID_CHG

Message text

Please reset LDP sessions if you want to make the new MPLS LSR ID take effect.

Variable fields

N/A

Severity level

5

Example

LDP/5/LDP_MPLSLSRID_CHG: -MDC=1; Please reset LDP sessions if you want to make the new MPLS LSR ID take effect.

Explanation

If you configure an LDP LSR ID by using the lsr-id command in LDP view or LDP-VPN instance view, LDP uses the LDP LSR ID. If no LDP LSR ID is configured, LDP uses the MPLS LSR ID configured by the mpls lsr-id command.

If no LDP LSR ID is configured, this message is sent when the MPLS LSR ID is modified.

Recommended action

1.     Execute the display mpls ldp parameter [ vpn-instance vpn-instance-name ] command to display the LSR ID.

2.     Check whether the LSR ID is the same as the configured MPLS LSR ID.
If they are not the same, reset LDP sessions by executing the reset mpls ldp command.

 

LLDP messages

This section contains LLDP messages.

LLDP_CREATE_NEIGHBOR

Message text

[STRING] agent new neighbor created on Port [STRING] (IfIndex [UINT32]), Chassis ID is [STRING], Port ID is [STRING].

Variable fields

$1: Agent type.

$2: Port name.

$3: Port ifIndex.

$4: Neighbor's chassis ID.

$5: Neighbor's port ID.

Severity level

6

Example

LLDP/6/LLDP_CREATE_NEIGHBOR: Nearest bridge agent new neighbor created on Port Ten-GigabitEthernet10/0/15 (IfIndex 599), Chassis ID is 3822-d666-ba00, Port ID is GigabitEthernet6/0/5.

Explanation

The port received an LLDP message from a new neighbor.

Recommended action

No action is required.

 

LLDP_DELETE_NEIGHBOR

Message text

[STRING] agent neighbor deleted on Port [STRING] (IfIndex [UINT32]), Chassis ID is [STRING], Port ID is [STRING].

Variable fields

$1: Agent type.

$2: Port name.

$3: Port ifIndex.

$4: Neighbor's chassis ID.

$5: Neighbor's port ID.

Severity level

6

Example

LLDP/6/LLDP_DELETE_NEIGHBOR: Nearest bridge agent neighbor deleted on Port Ten-GigabitEthernet10/0/15 (IfIndex 599), Chassis ID is 3822-d666-ba00, Port ID is GigabitEthernet6/0/5.

Explanation

The port received a deletion message when a neighbor was deleted.

Recommended action

No action is required.

LLDP_LESS_THAN_NEIGHBOR_LIMIT

Message text

The number of [STRING] agent neighbors maintained by port [STRING] (IfIndex [UINT32]) is less than [UINT32], and new neighbors can be added.

Variable fields

$1: Agent type.

$2: Port name.

$3: Port ifIndex.

$4: Maximum number of neighbors a port can maintain.

Severity level

6

Example

LLDP/6/LLDP_LESS_THAN_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by port 1 (IfIndex 587599) is less than 16, and new neighbors can be added.

Explanation

New neighbors can be added for the port because the limit has not been reached.

Recommended action

No action is required.

 

LLDP_NEIGHBOR_AGE_OUT

Message text

[STRING] agent neighbor aged out on Port [STRING] (IfIndex [UINT32]), Chassis ID is [STRING], Port ID is [STRING].

Variable fields

$1: Agent type.

$2: Port name.

$3: Port ifIndex.

$4: Neighbor's chassis ID.

$5: Neighbor's port ID.

Severity level

5

Example

LLDP/5/LLDP_NEIGHBOR_AGE_OUT: Nearest bridge agent neighbor aged out on Port Ten-GigabitEthernet10/0/15 (IfIndex599), Chassis ID is 3822-d666-ba00, Port ID is GigabitEthernet6/0/5.

Explanation

This message is generated when the port failed to receive LLDPDUs from the neighbor within a certain period of time.

Recommended action

Verify the link status or the receive/transmit status of LLDP on the peer.

 

LLDP_PVID_INCONSISTENT

Message text

PVID mismatch discovered on [STRING] (PVID [UINT32]), with [STRING] [STRING] (PVID [STRING]).

Variable fields

$1: Port name.

$2: VLAN ID.

$3: System name.

$4: Port name.

$5: VLAN ID.

Severity level

5

Example

LLDP/5/LLDP_PVID_INCONSISTENT: MDC=1; PVID mismatch discovered on Ten-GigabitEthernet0/2/6 (PVID 1), with Ten-GigabitEthernet0/2/7 (PVID 500).

Explanation

This message is generated when the PVID on the peer is different from the PVID of the local interface.

Recommended action

Configure the same PVID for the local and peer interfaces.

 

LLDP_REACH_NEIGHBOR_LIMIT

Message text

The number of [STRING] agent neighbors maintained by the port [STRING] (IfIndex [UINT32]) has reached [UINT32], and no more neighbors can be added.

Variable fields

$1: Agent type.

$2: Port name.

$3: Port ifIndex.

$4: Maximum number of neighbors a port can maintain.

Severity level

5

Example

LLDP/5/LLDP_REACH_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by the port Ten-GigabitEthernet1/0/15 (IfIndex 15) has reached 5, and no more neighbors can be added.

Explanation

This message is generated when the port with its maximum number of neighbors reached received an LLDP packet.

Recommended action

No action is required.

 

LOAD messages

This section contains load management messages.

BOARD_LOADING

Message text

Board is loading file on Chassis [INT32] Slot [INT32].

Variable fields

$1: Chassis ID.

$2: Slot ID.

Severity level

4

Example

LOAD/4/BOARD_LOADING: Board is loading file on Chassis 1 Slot 5.

Explanation

The card might have just rebooted.

Recommended action

No action is required.

 

LOAD_FAILED

Message text

Board failed to load file on Chassis [INT32] Slot [INT32].

Variable fields

$1: Chassis ID.

$2: Slot ID.

Severity level

3

Example

LOAD/3/LOAD_FAILED: Board failed to load file on Chassis 1 Slot 5.

Explanation

The card failed to load the startup software images during the startup process.

Recommended action

1.     Execute the display boot-loader command to display the startup software images for the card to load at next startup.

2.     Execute the dir command to verify that the startup software images exist. If the startup software images do not exist or are damaged, re-obtain the startup software images or use other software images as the startup software images.

3.     If the issue persists, contact H3C support..

 

LOAD_FINISHED

Message text

Board has finished loading file on Chassis [INT32] Slot [INT32].

Variable fields

$1: Chassis ID.

$2: Slot ID.

Severity level

5

Example

LOAD/5/LOAD_FINISHED: Board has finished loading file on Chassis 1 Slot 5.

Explanation

The card has finished loading files.

Recommended action

No action is required.

 

LOGIN messages

This section contains login messages.

LOGIN_FAILED

Message text

[STRING] failed to login from [STRING].

Variable fields

$1: Username.

$2: Line name or IP address.

Severity level

5

Example

LOGIN/5/LOGIN_FAILED: TTY failed to log in from console0.

LOGIN/5/LOGIN_FAILED: usera failed to log in from 192.168.11.22.

Explanation

A login attempt failed.

Recommended action

No action is required.

 

LPDT messages

This section contains loop detection messages.

LPDT_LOOPED

Message text

Loopback exists on [STRING].

Variable fields

$1: Interface name.

Severity level

4

Example

LPDT/4/LPDT_LOOPED:  Loopback exists on GigabitEthernet 6/4/2.

Explanation

A loop was detected on a port.

Recommended action

Check the links and configuration on the device for the loop, and remove the loop.

 

LPDT_RECOVERED

Message text

Loopback on [STRING] recovered.

Variable fields

$1: Interface name.

Severity level

5

Example

LPDT/5/LPDT_RECOVERED: Loopback on GigabitEthernet 6/4/1 recovered.

Explanation

A loop on a port was removed.

Recommended action

No action is required.

 

LS messages

This section contains Local Server messages.

LS_ADD_USER_TO_GROUP

Message text

Admin [STRING] added user [STRING] to group [STRING].

Variable fields

$1: Admin name.

$2: Username.

$3: User group name.

Severity level

4

Example

LS/4/LS_ADD_USER_TO_GROUP: Admin admin added user user1 to group group1.

Explanation

The administrator added a user into a user group.

Recommended action

No action is required.

 

LS_AUTHEN_FAILURE

Message text

User [STRING] from [STRING] failed authentication. [STRING]

Variable fields

$1: Username.

$2: IP address.

$3: Reason of failure:

¡     User not found.

¡     Password verified failed.

¡     User not active.

¡     Access type mismatch.

¡     Binding attribute is failed.

¡     User in blacklist.

Severity level

5

Example

LS/5/LS_AUTHEN_FAILURE: User cwf@system from 192.168.0.22 failed authentication. "User not found."

Explanation

The local server rejected a user's authentication request.

Recommended action

No action is required.

 

LS_AUTHEN_SUCCESS

Message text

User [STRING] from [STRING] was authenticated successfully.

Variable fields

$1: Username.

$2: IP address.

Severity level

6

Example

LS/6/LS_AUTHEN_SUCCESS: User cwf@system from 192.168.0.22 was authenticated successfully.

Explanation

The local server accepted a user's authentication request.

Recommended action

No action is required.

 

LS_DEL_USER_FROM_GROUP

Message text

Admin [STRING] delete user [STRING] from group [STRING].

Variable fields

$1: Admin name.

$2: Username.

$3: User group name.

Severity level

4

Example

LS/4/LS_DEL_USER_FROM_GROUP: Admin admin delete user user1 from group group1.

Explanation

The administrator deleted a user from a user group.

Recommended action

No action is required.

 

LS_DELETE_PASSWORD_FAIL

Message text

Failed to delete the password for user [STRING].

Variable fields

$1: Username.

Severity level

4

Example

LS/4/LS_DELETE_PASSWORD_FAIL: Failed to delete the password for user abcd.

Explanation

Failed to delete the password for a user.

Recommended action

Check the file system for errors.

 

LS_PWD_ADDBLACKLIST

Message text

User [STRING] was added to the blacklist due to multiple login failures, [STRING].

Variable fields

$1: Username.

$2: Options include:

¡     but could make other attempts.

¡     and is permanently blocked.

¡     and was temporarily blocked for the specified period (in minutes).

Severity level

4

Example

LS/4/LS_PWD_ADDBLACKLIST: user1 was added to the blacklist due to multiple login failures, but could make other attempts.

Explanation

A user was added to the blacklist because of multiple login failures.

Recommended action

Check the user's password.

 

LS_PWD_CHGPWD_FOR_AGEDOUT

Message text

User [STRING] changed the password because it was expired.

Variable fields

$1: Username.

Severity level

4

Example

LS/4/LS_PWD_CHGPWD_FOR_AGEDOUT: aaa changed the password because it was expired.

Explanation

A user changed the password because the password expired.

Recommended action

No action is required.

 

LS_PWD_CHGPWD_FOR_AGEOUT

Message text

User [STRING] changed the password because it was about to expire.

Variable fields

$1: Username.

$2: Aging time.

Severity level

4

Example

LS/4/LS_PWD_CHGPWD_FOR_AGEOUT: aaa changed the password because it was about to expire.

Explanation

A user changed the password because the password is about to expire.

Recommended action

No action is required.

 

LS_PWD_CHGPWD_FOR_COMPOSITION

Message text

User [STRING] changed the password because it had an invalid composition.

Variable fields

$1: Username.

Severity level

4

Example

LS/4/LS_PWD_CHGPWD_FOR_COMPOSITION: aaa changed the password because it had an invalid composition.

Explanation

A user changed the password because it had an invalid composition.

Recommended action

No action is required.

 

LS_PWD_CHGPWD_FOR_FIRSTLOGIN

Message text

User [STRING] changed the password at the first login.

Variable fields

$1: Username.

Severity level

4

Example

LS/4/LS_PWD_CHGPWD_FOR_FIRSTLOGIN: aaa changed the password at the first login.

Explanation

A user changed the password at the first login.

Recommended action

No action is required.

 

LS_PWD_CHGPWD_FOR_LENGTH

Message text

User [STRING] changed the password because it was too short.

Variable fields

$1: Username.

Severity level

4

Example

LS/4/LS_PWD_CHGPWD_FOR_LENGTH: aaa changed the password because it was too short.

Explanation

A user changed the password because it was too short.

Recommended action

No action is required.

 

LS_PWD_FAILED2WRITEPASS2FILE

Message text

Failed to write the password records to file.

Variable fields

N/A

Severity level

4

Example

LS/4/LS_PWD_FAILED2WRITEPASS2FILE: Failed to write the password records to file.

Explanation

Failed to write the password records to file.

Recommended action

No action is required.

 

LS_PWD_MODIFY_FAIL

Message text

Admin [STRING] from [STRING] could not modify the password for user [STRING], because [STRING].

Variable fields

$1: Admin name.

$2: IP address.

$3: Username.

$4: Reason. Options include:

¡     passwords did not match.

¡     the password history cannot be written.

¡     the password cannot be verified.

Severity level

4

Example

LS/4/LS_PWD_MODIFY_FAIL: Admin admin from 1.1.1.1 could not modify the password for user user1, because passwords do not match.

Explanation

An administrator failed to modify a user's password.

Recommended action

No action is required.

 

LS_PWD_MODIFY_SUCCESS

Message text

Admin [STRING] from [STRING] modify the password for user [STRING] successfully.

Variable fields

$1: Admin name.

$2: IP address.

$3: Username.

Severity level

6

Example

LS/6/LS_PWD_MODIFY_SUCCESS: Admin admin from 1.1.1.1 modify the password for user abc successfully.

Explanation

An administrator successfully modified a user's password.

Recommended action

No action is required.

 

LS_REAUTHEN_FAILURE

Message text

User [STRING] from [STRING] failed reauthentication.

Variable fields

$1: Username.

$2: IP address.

Severity level

5

Example

LS/5/LS_REAUTHEN_FAILURE: User abcd from 1.1.1.1 failed reauthentication.

Explanation

A user failed reauthentication.

Recommended action

Check the old password.

 

LS_UPDATE_PASSWORD_FAIL

Message text

Failed to update the password for user [STRING].

Variable fields

$1: Username.

Severity level

4

Example

LS/4/LS_UPDATE_PASSWORD_FAIL: Failed to update the password for user abc.

Explanation

Failed to update the password for a user.

Recommended action

Check the file system for errors.

 

LS_USER_CANCEL

Message text

User [STRING] from [STRING] cancelled inputting the password.

Variable fields

$1: Username.

$2: IP address.

Severity level

5

Example

LS/5/LS_USER_CANCEL: User 1 from 1.1.1.1 cancelled inputting the password.

Explanation

The user cancelled inputting the password or did not input the password in 90 seconds.

Recommended action

No action is required.

 

LS_USER_PASSWORD_EXPIRE

Message text

User [STRING]'s login idle timer timed out.

Variable fields

$1: Username.

Severity level

5

Example

LS/5/LS_USER_PASSWORD_EXPIRE: User 1's login idle timer timed out.

Explanation

The login idle time for a user expired.

Recommended action

No action is required.

 

LS_USER_ROLE_CHANGE

Message text

Admin [STRING] [STRING] the user role [STRING] for [STRING].

Variable fields

$1: Admin name.

$2: Added/Deleted.

$3: User role.

$4: Username.

Severity level

4

Example

LS/4/LS_USER_ROLE_CHANGE: Admin admin add user role network-admin for user abcd.

Explanation

The administrator added a user role for a user.

Recommended action

No action is required.

 

LSPV messages

This section contains LSP verification messages.

LSPV_PING_STATIS_INFO

Message text

Ping statistics for [STRING]: [UINT32] packet(s) transmitted, [UINT32] packet(s) received, [DOUBLE]% packet loss, round-trip min/avg/max = [UINT32]/[ UINT32]/[ UINT32] ms.

Variable fields

$1: FEC.

$2: Number of echo requests sent.

$3: Number of echo replies received.

$4: Percentage of the non-replied packets to the total requests.

$5: Minimum round-trip delay.

$6: Average round-trip delay.

$7: Maximum round-trip delay.

Severity level

6

Example

LSPV/6/LSPV_PING_STATIS_INFO: Ping statistics for FEC 192.168.1.1/32: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max = 1/2/5 ms.

Explanation

Ping statistics for an LSP tunnel or a PW.

This message is generated when the ping mpls command is executed.

Recommended action

If no reply is received, verify the connectivity of the LSP tunnel or the PW.

 

MAC messages

This section contains MAC messages.

MAC_TABLE_FULL_GLOBAL

Message text

MAC address table exceeded maximum number [UINT32].

Variable fields

$1: Maximum number of MAC addresses.

Severity level

4

Example

MAC/4/MAC_TABLE_FULL_GLOBAL: MAC address table exceeded maximum number 2.

Explanation

The number of entries in the global MAC address table exceeded the upper limit.

Recommended action

No action is required.

 

MAC_TABLE_FULL_PORT

Message text

MAC address table exceeded maximum number [UINT32] on interface [STRING].

Variable fields

$1: Maximum number of MAC addresses.

$2: Interface name.

Severity level

4

Example

MAC/4/MAC_TABLE_FULL_PORT: MAC address table exceeded maximum number 2 on interface GigabitEthernet2/0/32.

Explanation

The number of entries in the MAC address table for an interface exceeded the upper limit.

Recommended action

No action is required.

 

MAC_TABLE_FULL_VLAN

Message text

MAC address table exceeded maximum number [UINT32] on Vlan [UINT32].

Variable fields

$1: Maximum number of MAC addresses.

$2: VLAN ID.

Severity level

4

Example

MAC/4/MAC_TABLE_FULL_VLAN: MAC address table exceeded maximum number 2 on Vlan 2.

Explanation

The number of entries in the MAC address table for a VLAN exceeded the upper limit.

Recommended action

No action is required.

 

MACA messages

This section contains MAC authentication messages.

MACA_ENABLE_NOT_EFFECTIVE

Message text

MAC authentication is enabled but is not effective on interface [STRING].

Variable fields

$1: Interface type and number.

Severity level

3

Example

MACA/3/MACA_ENABLE_NOT_EFFECTIVE: MAC authentication is enabled but is not effective on interface GigabitEthernet3/1/2.

Explanation

MAC authentication configuration does not take effect on an interface, because the interface does not support MAC authentication.

Recommended action

1.     Disable MAC authentication on the interface.

2.     Reconnect the connected devices to an interface that supports MAC authentication.

3.     Enable MAC authentication on the new interface.

 

MACA_LOGIN_FAILURE

Message text

-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; User failed MAC authentication.

Variable fields

$1: Interface type and number.

$2: MAC address.

$3: VLAN ID.

$4: Username.

$5: User account format.

Severity level

6

Example

MACA/6/MACA_LOGIN_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; User failed MAC authentication.

Explanation

A user failed MAC authentication.

Recommended action

Locate the failure cause and handle the issue according to the failure cause.

 

MACA_LOGIN_SUCC

Message text

-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; User passed MAC authentication and came online.

Variable fields

$1: Interface type and number.

$2: MAC address.

$3: VLAN ID.

$4: Username.

$5: User account format.

Severity level

6

Example

MACA/6/MACA_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; User passed MAC authentication and came online.

Explanation

A user passed MAC authentication.

Recommended action

No action is required.

 

MACA_LOGOFF

Message text

-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; MAC authentication user was logged off.

Variable fields

$1: Interface type and number.

$2: MAC address.

$3: VLAN ID.

$4: Username.

$5: User account format.

Severity level

6

Example

MACA/6/MACA_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; MAC authentication user was logged off.

Explanation

A MAC authentication user was logged off.

Recommended action

Locate the logoff cause and remove the issue. If the logoff was requested by the user, no action is required.

 

MACSEC messages

This section contains MACsec messages.

MACSEC_MKA_KEEPALIVE_TIMEOUT

Message text

The live peer with SCI [STRING] and CKN [STRING] aged out on interface [STRING].

Variable fields

$1: SCI.

$2: CKN.

$3: Interface type and number.

Severity level

4

Example

MACSEC/4/MACSEC_MKA_KEEPALIVE_TIMEOUT: The live peer with SCI 00E00100000A0006 and CKN 80A0EA0CB03D aged out on interface GigabitEthernet1/0/1.

Explanation

A live peer aged out on an interface, because the local participant had not received any MKA packets from the peer before the keepalive timer expired. The local participant removed the peer information from the port.

Recommended action

Check the link between the local participant and the live peer for link failure. If the link is down, recover the link.

 

MACSEC_MKA_PRINCIPAL_ACTOR

Message text

The actor with CKN [STRING] became principal actor on interface [STRING].

Variable fields

$1: CKN.

$2: Interface type and number.

Severity level

6

Example

MACSEC/6/MACSEC_MKA_PRINCIPAL_ACTOR: The actor with CKN 80A0EA0CB03D became principal actor on interface GigabitEthernet1/0/1.

Explanation

The actor with the highest key server priority became the principal actor.

Recommended action

No action is required.

 

MACSEC_MKA_SAK_REFRESH

Message text

The SAK has been refreshed on interface [STRING].

Variable fields

$1: Interface type and number.

Severity level

6

Example

MACSEC/6/MACSEC_MKA_SAK_REFRESH: The SAK has been refreshed on interface GigabitEthernet1/0/1.

Explanation

The participant on the interface derived or received a new SAK.

Recommended action

No action is required.

 

MACSEC_MKA_SESSION_REAUTH

Message text

The MKA session with CKN [STRING] was re-authenticated on interface [STRING].

Variable fields

$1: CKN.

$2: Interface type and number.

Severity level

6

Example

MACSEC/6/MACSEC_MKA_SESSION_REAUTH: The MKA session with CKN 80A0EA0CB03D was re-authenticated on interface GigabitEthernet1/0/1.

Explanation

The interface performed 802.1X reauthentication.

After the 802.1X reauthentication, the participants received a new CAK and used it to re-establish the MKA session.

Recommended action

No action is required.

 

MACSEC_MKA_SESSION_SECURED

Message text

The MKA session with CKN [STRING] was secured on interface [STRING].

Variable fields

$1: CKN.

$2: Interface type and number.

Severity level

6

Example

MACSEC/6/MACSEC_MKA_SESSION_SECURED: The MKA session with CKN 80A020EA0CB03D was secured on interface GigabitEthernet1/0/1.

Explanation

The MKA session on the interface was secured. Packets are encrypted and transmitted in cipher text. The event occurs in the following situations:

·     The MKA session state changes from unsecured to secured.

·     The local participant and the peer negotiate a new MKA session when the following conditions exist:

¡     Both the key server and the peer support MACsec.

¡     A minimum of one participant is enabled with the MACsec desire feature.

Recommended action

No action is required.

 

MACSEC_MKA_SESSION_START

Message text

The MKA session with CKN [STRING] started on interface [STRING].

Variable fields

$1: CKN.

$2: Interface type and number.

Severity level

6

Example

MACSEC/6/MACSEC_MKA_SESSION_START: The MKA session with CKN 80A020EA0CB03D started on interface GigabitEthernet1/0/1.

Explanation

The MKA session negotiation was initiated. Possible reasons include:

·     New CAK is available after MKA is enabled.

·     The user re-establishes the MKA session.

·     The interface that failed MKA session negotiation receives an MKA packet.

Recommended action

No action is required.

 

MACSEC_MKA_SESSION_STOP

Message text

The MKA session with CKN [STRING] stopped on interface [STRING].

Variable fields

$1: CKN.

$2: Interface type and number.

Severity level

5

Example

MACSEC/5/MACSEC_MKA_SESSION_STOP: The MKA session with CKN 80A020EA0CB03D stopped on interface GigabitEthernet1/0/1.

Explanation

The MKA session was terminated. Possible reasons include:

·     The user removes or re-establishes the MKA session on the interface.

·     The link associated to the session is down.

Recommended action

1.     Use the display mka session command to check whether the session exists:

¡     If the session has been re-established, ignore the message.

¡     If the session does not exist and is not removed by the user, check the link associated with the session for link failure.

2.     Recover the link if the link is down.

 

MACSEC_MKA_SESSION_UNSECURED

Message text

The MKA session with CKN [STRING] was not secured on interface [STRING].

Variable fields

$1: CKN.

$2: Interface type and number.

Severity level

5

Example

MACSEC/5/MACSEC_MKA_SESSION_UNSECURED: The MKA session with CKN 80A020EA0CB03D was not secured on interface GigabitEthernet1/0/1.

Explanation

The MKA session on the interface was not secured. Packets are transmitted in plain text. The event occurs in the following situations:

·     The MKA session state changes from secured to unsecured.

·     The local participant and the peer negotiate a new MKA session when the following conditions exist:

¡     The key server and the peer are not both MACsec capable.

¡     No participant is enabled with the MACsec desire feature.

Recommended action

To secure the MKA session, perform the following tasks:

·     Verify that both the key server and the peer support MACsec.

·     Verify that a minimum of one participant is enabled with the MACsec desire feature.

 

MBFD messages

This section contains MPLS BFD messages.

MBFD_TRACEROUTE_FAILURE

Message text

[STRING] in failure. ([STRING].)

Variable fields

$1: LSP information.

$2: Reason for the LSP failure.

Severity level

5

Example

MBFD/5/MBFD_TRACEROUTE_FAILURE: LSP (LDP IPv4: 22.22.2.2/32, nexthop: 20.20.20.2) in failure. (Replying router has no mapping for the FEC.)

MBFD/5/MBFD_TRACEROUTE_FAILURE: TE tunnel (RSVP IPv4: Tunnel1) in failure. (No label entry.)

Explanation

LSP/MPLS TE tunnel failure was detected by periodic MPLS traceroute. This message is generated when the system receives an MPLS echo reply with an error return code.

Recommended action

Verify the configuration for the LSP or MPLS TE tunnel.

 

MDC messages

This section contains MDC messages.

MDC_CREATE

Message text

MDC [UINT16] is created.

Variable fields

$1: MDC ID.

Severity level

5

Example

MDC/5/MDC_CREATE: MDC 2 is created.

Explanation

An MDC was created successfully.

Recommended action

No action is required.

 

MDC_CREATE_ERR

Message text

Failed to create MDC [UINT16] for not enough resources.

Variable fields

$1: MDC ID.

Severity level

5

Example

MDC/5/MDC_CREATE_ERR: Failed to create MDC 2 for not enough resources.

Explanation

The standby MPU did not have enough resources to create the MDC.

At startup, the standby MPU obtains MDC configuration information from the active MPU and tries to create the same MDCs. If the standby MPU does not have enough resources to create an MDC, it outputs this log message.

Recommended action

1.     Use the display mdc resource command to display the CPU, memory, and disk space resources on the standby MPU.

2.     Perform one of the following tasks:

¡     If the memory space is insufficient, increase the memory space. If the disk space is insufficient, delete unused files.

¡     Use the undo mdc command to remove the specified MDC.

3.     Remove the standby MPU.

 

MDC_DELETE

Message text

MDC [UINT16] is deleted.

Variable fields

$1: MDC ID.

Severity level

5

Example

MDC/5/MDC_DELETE: MDC 2 is deleted.

Explanation

An MDC was deleted successfully.

Recommended action

No action is required.

 

MDC_LICENSE_EXPIRE

Message text

The MDC feature's license will expire in [UINT32] days.

Variable fields

$1: Number of days, in the range of 1 to 30.

Severity level

5

Example

MDC/5/MDC_NO_LICENSE_EXIT: The MDC feature's license will expire in 5 days.

Explanation

The license for the MDC feature was about to expire.

Recommended action

Install a new license.

 

MDC_NO_FORMAL_LICENSE

Message text

The feature MDC has no available formal license.

Variable fields

N/A

Severity level

5

Example

MDC/5/MDC_NO_FORMAL_LICENSE: The feature MDC has no available formal license.

Explanation

The standby MPU became the active MPU but it did not have a formal license. The MDC feature has a free trial period. To use the feature after the period elapses, you must install a license for the standby MPU.

Recommended action

Install a formal license.

 

MDC_NO_LICENSE_EXIT

Message text

The MDC feature is being disabled, because it has no license.

Variable fields

N/A

Severity level

5

Example

MDC/5/MDC_NO_LICENSE_EXIT: The MDC feature is being disabled, because it has no license.

Explanation

The MDC feature was disabled because the license for the MDC feature expired or was uninstalled.

Recommended action

Install the required license.

 

MDC_OFFLINE

Message text

MDC [UINT16] is offline now.

Variable fields

$1: MDC ID.

Severity level

5

Example

MDC/5/MDC_OFFLINE: MDC 2 is offline now.

Explanation

An MDC was stopped.

Recommended action

No action is required.

 

MDC_ONLINE

Message text

MDC [UINT16] is online now.

Variable fields

$1: MDC ID.

Severity level

5

Example

MDC/5/MDC_ONLINE: MDC 2 is online now.

Explanation

An MDC was started.

Recommended action

No action is required.

 

MDC_STATE_CHANGE

Message text

MDC [UINT16] state changed to [STRING].

Variable fields

$1: MDC ID.

$2: Current status.

Severity level

5

Example

MDC/5/MDC_STATE_CHANGE: MDC 2 state changed to active.

Explanation

The status of an MDC changed.

Recommended action

No action is required.

 

MFIB messages

This section contains MFIB messages.

MFIB_MEM_ALERT

Message text

MFIB Process receive system memory alert [STRING] event.

Variable fields

$1: Type of the memory alert event.

Severity level

5

Example

MFIB/5/MFIB_MEM_ALERT: MFIB Process receive system memory alert start event.

Explanation

MFIB received a memory alert event.

Recommended action

Adjust memory-intensive modules and release free memory.

 

MGROUP messages

This section contains mirroring group messages.

MGROUP_APPLY_SAMPLER_FAIL

Message text

Failed to apply the sampler for mirroring group [UINT16], because the sampler resources are insufficient.

Variable fields

$1: Mirroring group ID.

Severity level

3

Example

MGROUP/3/MGROUP_APPLY_SAMPLER_FAIL: Failed to apply the sampler for mirroring group 1, because the sampler resources are insufficient.

Explanation

A sampler was not applied to the mirroring group because the sampler resources were insufficient.

Recommended action

No action is required.

 

MGROUP_RESTORE_CPUCFG_FAIL

Message text

Failed to restore configuration for mirroring CPU of [STRING] in mirroring group [UINT16], because [STRING]

Variable fields

$1: Slot number.

$2: Mirroring group ID.

$3: Failure reason.

Severity level

3

Example

MGROUP/3/MGROUP_RESTORE_CPUCFG_FAIL: Failed to restore configuration for mirroring CPU of chassis 1 slot 2 in mirroring group 1, because the type of the monitor port in the mirroring group is not supported.

Explanation

When the CPU of the card in the slot is the source CPU in the mirroring group, configuration changes after the card is removed. When the card is reinstalled into the slot, restoring the source CPU configuration might fail.

Recommended action

Check for the failure reason. If the reason is that the system does not support the changed configuration, delete the unsupported configuration, and reconfigure the source CPU in the mirroring group.

 

MGROUP_RESTORE_IFCFG_FAIL

Message text

Failed to restore configuration for interface [STRING] in mirroring group [UINT16], because [STRING]

Variable fields

$1: Interface name.

$2: Mirroring group ID.

$3: Failure reason.

Severity level

3

Example

MGROUP/3/MGROUP_RESTORE_IFCFG_FAIL: Failed to restore configuration for interface GigabitEthernet1/0/2 in mirroring group 1, because the type of the monitor port in the mirroring group is not supported.

Explanation

When the interface of the card in the slot is the monitor port in the mirroring group, configuration changes after the card is removed. When the card is reinstalled into the slot, restoring the monitor port configuration might fail.

Recommended action

Check for the failure reason. If the reason is that the system does not support the changed configuration, delete the unsupported configuration, and reconfigure the monitor port in the mirroring group.

 

MGROUP_SYNC_CFG_FAIL

Message text

Failed to restore configuration for mirroring group [UINT16] in [STRING], because [STRING]

Variable fields

$1: Mirroring group ID.

$2: Slot number.

$3: Failure reason.

Severity level

3

Example

MGROUP/3/MGROUP_SYNC_CFG_FAIL: Failed to restore configuration for mirroring group 1 in chassis 1 slot 2, because monitor resources are insufficient.

Explanation

When the complete mirroring group configuration was synchronized on the card in the slot, restoring configuration failed because resources on the card were insufficient.

Recommended action

Delete the mirroring group.

 

MPLS messages

This section contains MPLS messages.

MPLS_HARD_RESOURCE_NOENOUGH

Message text

No enough hardware resource for MPLS.

Variable fields

N/A

Severity level

4

Example

MPLS/4/MPLS_HARD_RESOURCE_NOENOUGH: No enough hardware resource for MPLS.

Explanation

Hardware resources for MPLS were insufficient.

Recommended action

Check whether unnecessary LSPs had been generated. If yes, configure or modify the LSP generation policy, label advertisement policy, and label acceptance policy to filter out unnecessary LSPs.

 

MPLS_HARD_RESOURCE_RESTORE

Message text

Hardware resource for MPLS is restored.

Variable fields

N/A

Severity level

6

Example

MPLS/6/MPLS_HARD_RESOURCE_RESTORE: Hardware resource for MPLS is restored.

Explanation

Hardware resources for MPLS restored.

Recommended action

No action is required.

 

MSTP messages

This section contains MSTP messages.

MSTP_BPDU_PROTECTION

Message text

BPDU-Protection port [STRING] received BPDUs.

Variable fields

$1: Interface name.

Severity level

4

Example

MSTP/4/MSTP_BPDU_PROTECTION: BPDU-Protection port GigabitEthernet 1/0/4 received BPDUs.

Explanation

A BPDU-guard-enabled port received BPDUs.

Recommended action

Check whether the downstream device is a terminal and check for possible attacks from the downstream device or other devices.

 

MSTP_BPDU_RECEIVE_EXPIRY

Message text

Instance [UINT32]'s port [STRING] received no BPDU within the rcvdInfoWhile interval. Information of the port aged out.

Variable fields

$1: Instance ID.

$2: Interface name.

Severity level

5

Example

MSTP/5/MSTP_BPDU_RECEIVE_EXPIRY: Instance 0's port GigabitEthernet 1/0/1 received no BPDU within the rcvdInfoWhile interval. Information of the port aged out.

Explanation

The state changed because a non-designated port did not receive a BPDU within the max age.

Recommended action

Check the STP status of the upstream device and possible attacks from other devices.

 

MSTP_DETECTED_TC

Message text

Instance [UINT32]'s port [STRING] detected a topology change.

Variable fields

$1: Instance ID.

$2: Interface name.

Severity level

6

Example

MSTP/6/MSTP_DETECTED_TC: Instance 0's port GigabitEthernet 1/0/1 detected a topology change.

Explanation

The MSTP instance to which the port belongs had a topology change, and the local end detected the change.

Recommended action

Identify the topology change cause and handle the issue. For example, if the change is caused by a link down event, recover the link.

 

MSTP_DISABLE

Message text

STP is now disabled on the device.

Variable fields

N/A

Severity level

6

Example

MSTP/6/MSTP_DISABLE: STP is now disabled on the device.

Explanation

STP was disabled globally on the device.

Recommended action

No action is required.

 

MSTP_DISCARDING

Message text

Instance [UINT32]'s port [STRING] has been set to discarding state.

Variable fields

$1: Instance ID.

$2: Interface name.

Severity level

6

Example

MSTP/6/MSTP_DISCARDING: Instance 0's port GigabitEthernet 1/0/2 has been set to discarding state.

Explanation

MSTP calculated the state of the ports within the instance, and a port was set to the discarding state.

Recommended action

No action is required.

 

MSTP_ENABLE

Message text

STP is now enabled on the device.

Variable fields

N/A

Severity level

6

Example

MSTP/6/MSTP_ENABLE: STP is now enabled on the device.

Explanation

STP was enabled globally on the device.

Recommended action

No action is required.

 

MSTP_FORWARDING

Message text

Instance [UINT32]'s port [STRING] has been set to forwarding state.

Variable fields

$1: Instance ID.

$2: Interface name.

Severity level

6

Example

MSTP/6/MSTP_FORWARDING: Instance 0's port GigabitEthernet 1/0/2 has been set to forwarding state.

Explanation

MSTP calculated the state of the ports within the instance, a port was set to the forwarding state.

Recommended action

No action is required.

 

MSTP_LOOP_PROTECTION

Message text

Instance [UINT32]'s LOOP-Protection port [STRING] failed to receive configuration BPDUs.

Variable fields

$1: Instance ID.

$2: Interface name.

Severity level

4

Example

MSTP/4/MSTP_LOOP_PROTECTION: Instance 0's LOOP-Protection port GigabitEthernet 1/0/2 failed to receive configuration BPDUs.

Explanation

A loop-guard-enabled port failed to receive configuration BPDUs.

Recommended action

Check the STP status of the upstream device and possible attacks from other devices.

 

MSTP_NOT_ROOT

Message text

The current switch is no longer the root of instance [UINT32].

Variable fields

$1: Instance ID.

Severity level

5

Example

MSTP/5/MSTP_NOT_ROOT: The current switch is no longer the root of instance 0.

Explanation

The current switch is no longer the root bridge of an instance. It received a superior BPDU after it was configured as the root bridge.

Recommended action

Check the bridge priority configuration and possible attacks from other devices.

 

MSTP_NOTIFIED_TC

Message text

Instance [UINT32]'s port [STRING] was notified of a topology change.

Variable fields

$1: Instance ID.

$2: Interface name.

Severity level

6

Example

MSTP/6/MSTP_NOTIFIED_TC: Instance 0's port GigabitEthernet 1/0/1 was notified of a topology change.

Explanation

The neighboring device notified the current device that a topology change occurred in the instance to which the port belongs.

Recommended action

Identify the topology change cause and handle the issue. For example, if the change is caused by a link down event, recover the link.

 

MSTP_ROOT_PROTECTION

Message text

Instance [UINT32]'s ROOT-Protection port [STRING] received superior BPDUs.

Variable fields

$1: Instance ID.

$2: Interface name.

Severity level

4

Example

MSTP/4/MSTP_ROOT_PROTECTION: Instance 0's ROOT-Protection port GigabitEthernet 1/0/2 received superior BPDUs.

Explanation

A root-guard-enabled port received BPDUs that are superior to the BPDUs generated by itself.

Recommended action

Check the bridge priority configuration and possible attacks from other devices.

 

MTLK messages

This section contains Monitor Link messages.

MTLK_UPLINK_STATUS_CHANGE

Message text

The uplink of monitor link group [UINT32] is [STRING].

Variable fields

$1: Monitor link group ID.

$2: Monitor Link group status, up or down.

Severity level

6

Example

MTLK/6/MTLK_UPLINK_STATUS_CHANGE: The uplink of monitor link group 1 is up.

Explanation

The uplink status of a monitor link group changed to up or down.

Recommended action

Check a link when it fails.

 

ND messages

This section contains ND messages.

ND_CONFLICT

Message text

[STRING] is inconsistent

Variable fields

$1: Configuration type:

¡     M_FLAG.

¡     O_FLAG.

¡     CUR_HOP_LIMIT.

¡     REACHABLE TIME.

¡     NS INTERVAL.

¡     MTU.

¡     PREFIX VALID TIME.

¡     PREFIX PREFERRED TIME.

Severity level

6

Example

ND/6/ND_CONFLICT: PREFIX VALID TIME is inconsistent

Explanation

A router advertisement was received, which caused the configuration inconsistency between neighboring routers.

Recommended action

Verify that the configurations on the device and the neighboring router are consistent.

 

ND_DUPADDR

Message text

Duplicate address: [STRING] on the interface [STRING]

Variable fields

$1: Address that is to be assigned to an interface.

$2: Name of the interface.

Severity level

6

Example

ND/6/ND_DUPADDR: Duplicate address: 33::8 on interface Vlan-interface9.

Explanation

The address that was to be assigned to the interface is already used by another device.

Recommended action

Assign a different address to the interface.

 

ND_RAGUARD_DROP

Message text

Dropped RA messages with the source IPv6 address [STRING] on interface [STRING]. [STRING] messages dropped in total on the interface.

Variable fields

$1: Source IP address of the dropped RA messages.

$2: Name of the interface that received the dropped RA messages.

$3: Number of the RA messages dropped on the interface.

Severity level

4

Example

ND/4/ND_RAGUARD_DROP: Dropped RA messages with the source IPv6 address FE80::20 on interface GigabitEthernet 1/0/1. 20 messages dropped in total on the interface.

Explanation

Forged RA messages were detected on the interface. The device dropped the forged RA messages and generated a log.

Recommended action

Check the vadility of the device or host that sends the RA messages based on the RA guard configuration.

 

NQA messages

This section contains NQA messages.

NQA_LOG_UNREACHABLE

Message text

Server [STRING] unreachable.

Variable fields

$1: IP address of the NQA server.

Severity level

6

Example

NQA/6/NQA_LOG_UNREACHABLE: Server 192.168.30.117 unreachable.

Explanation

An unreachable server was detected.

Recommended action

Check the network environment.

 

NTP messages

This section contains NTP messages.

NTP_CHANGE_LEAP

Message text

System Leap Indicator changed from [UINT32] to [UINT32] after clock update.

Variable fields

$1: Original Leap Indicator.

$2: Current Leap Indicator.

Severity level

5

Example

NTP/5/NTP_CHANGE_LEAP: System Leap Indicator changed from 00 to 01 after clock update.

Explanation

The system Leap Indicator changed. For example, the NTP status changed from unsynchronized to synchronized.

NTP Leap Indicator is a two-bit code warning of an impending leap second to be inserted in the NTP timescale.

The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rolloverinterval) in the day of insertion to be increased or decreased by one.

Recommended action

No action is required.

 

NTP_CHANGE_STRATUM

Message text

System stratum changed from [UINT32] to [UINT32] after clock update.

Variable fields

$1: Original stratum.

$2: Current stratum.

Severity level

5

Example

NTP/5/NTP_CHANGE_STRATUM: System stratum changed from 6 to 5 after clock update.

Explanation

System stratum changed.

Recommended action

No action is required.

 

NTP_CLOCK_CHANGE

Message text

System clock changed from [STRING] to [STRING], the server is [STRING].

Variable fields

$1: Time before synchronization.

$2: Time after synchronization.

$3: IP address.

Severity level

5

Example

NTP/5/NTP_CLOCK_CHANGE: System clock changed from 02:12:58:345 12/28/2012 to 02:29:12:879 12/28/2012, the server is 192.168.30.116.

Explanation

The NTP server triggered the NTP client to synchronize the client time.

Recommended action

No action is required.

 

NTP_SOURCE_CHANGE

Message text

NTP server changed from [STRING] to [STRING].

Variable fields

$1: IP address of the original time source.

$2: IP address of the new time source.

Severity level

5

Example

NTP/5/NTP_SOURCE_CHANGE: NTP server changed from 1.1.1.1 to 1.1.1.2.

Explanation

The system changed the time source.

Recommended action

Assign another NTP server as the time source.

 

NTP_SOURCE_LOST

Message text

Lost synchronization with NTP server [STRING].

Variable fields

$1: IP address.

Severity level

5

Example

NTP/5/NTP_SOURCE_LOST: Lost synchronization with NTP server 1.1.1.1.

Explanation

The clock source of the NTP association is in unsynchronized state or it is unreachable.

Recommended action

Check the NTP server and network connection. If the NTP server is faulty, configure a new server as the clock source for the client.

 

OFP

This section contains OpenFlow messages.

OFP_ACTIVE

Message text

Activate openflow instance [UINT16]

Variable fields

$1: Instance ID.

Severity level

5

Example

OFP/5/OFP_ACTIVE: Activate openflow instance 1.

Explanation

A command was received to activate an OpenFlow instance.

Recommended action

No action is required.

 

OFP_ACTIVE_FAILED

Message text

Failed to activate instance [UINT16].

Variable fields

$1: Instance ID.

Severity level

4

Example

OFP/4/OFP_ACTIVE_FAILED: Failed to activate instance 1.

Explanation

An OpenFlow instance failed to be activated.

Recommended action

No action is required.

 

OFP_CONNECT

Message text

Openflow instance [UINT16], controller [CHAR] is [STRING].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Connection status: connected or disconnected.

Severity level

5

Example

OFP/5/OFP_CONNECT: Openflow instance 1, controller 0 is connected.

Explanation

The status of the connection between an OpenFlow instance and a controller changed.

Recommended action

No action is required.

 

OFP_FAIL_OPEN

Message text

Openflow instance [UINT16] is in fail [STRING] mode.

Variable fields

$1: Instance ID.

$2: Connection interruption mode: secure or standalone.

Severity level

5

Example

OFP/5/OFP_FAIL_OPEN: Openflow instance 1 is in fail secure mode.

Explanation

An activated instance failed to connect to a controller or was disconnected from all controllers. The connection interruption mode was displayed.

Recommended action

No action is required.

 

OFP_FLOW_ADD

Message text

Openflow instance [UINT16] controller [CHAR]: add flow entry [UINT32], xid 0x[HEX], cookie 0x[HEX], table id [CHAR].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Rule ID.

$4: XID.

$5: Cookie of the flow entry.

$6: Table ID.

Severity level

5

Example

OFP/5/OFP_FLOW_ADD: Openflow instance 1 controller 0: add flow entry 1, xid 0x1, cookie 0x0, table id 0.

Explanation

A flow entry was to be added to a flow table according to a flow table modification message that has passed the packet check.

Recommended action

No action is required.

 

OFP_FLOW_ADD_DUP

Message text

Openflow instance [UINT16] controller [CHAR]: add duplicate flow entry [UINT32], xid 0x[HEX], cookie 0x[HEX], table id [CHAR].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Rule ID.

$4: XID.

$5: Cookie.

$6: Table ID.

Severity level

5

Example

OFP/5/OFP_FLOW_ADD_DUP: Openflow instance 1 controller 0: add duplicate flow entry 1, xid 0x1, cookie 0x1, table id 0.

Explanation

A duplicate flow entry was added.

Recommended action

No action is required.

 

OFP_FLOW_ADD_FAILED

Message text

Openflow instance [UINT16] controller [CHAR]: failed to add flow entry [UINT32], table id [CHAR].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Rule ID.

$4: Table ID.

Severity level

4

Example

OFP/4/OFP_FLOW_ADD_FAILED: Openflow instance 1 controller 0: failed to add flow entry 1, table id 0.

Explanation

A flow entry failed to be added.

Recommended action

No action is required.

 

OFP_FLOW_ADD_FAILED_SMOOTH

Message text

Openflow instance [UINT16]: failed to add flow entry [UINT32], table id [CHAR].

Variable fields

$1: Instance ID.

$2: Rule ID.

$3: Table ID.

Severity level

4

Example

OFP/4/OFP_FLOW_ADD_FAILED: Openflow instance 1: failed to add flow entry 1, table id 0.

Explanation

A flow entry failed to be added when a newly installed interface card was synchronizing flow tables from the MPU.

Recommended action

No action is required.

 

OFP_FLOW_ADD_TABLE_MISS

Message text

Openflow instance [UINT16] controller [CHAR]: add table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: XID.

$4: Cookie of the flow entry.

$5: Table ID.

Severity level

5

Example

OFP/5/OFP_FLOW_ADD_TABLE_MISS: Openflow instance 1 controller 0: add table miss flow entry, xid 0x1, cookie 0x0, table id 0.

Explanation

A table-miss flow entry was to be added to a flow table according to a flow table modification message that has passed the packet check.

Recommended action

No action is required.

 

OFP_FLOW_ADD_TABLE_MISS_FAILED

Message text

Openflow instance [UINT16] controller [CHAR]: failed to add table miss flow entry, table id [CHAR].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Table ID.

Severity level

4

Example

OFP/4/OFP_FLOW_ADD_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to add table miss flow entry, table id 0.

Explanation

A table-miss flow entry failed to be added.

Recommended action

No action is required.

 

OFP_FLOW_DEL

Message text

Openflow instance [UINT16] controller [CHAR]: delete flow entry, xid 0x[HEX], cookie 0x[HEX], table id [STRING].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: XID.

$4: Cookie of the flow entry.

$5: Table ID.

Severity level

5

Example

OFP/5/OFP_FLOW_DEL: Openflow instance 1 controller 0: delete flow entry, xid 0x1, cookie 0x0, table id 0.

Explanation

A list of flow entries were to be deleted according to a flow table modification message that has passed the packet check.

Recommended action

No action is required.

 

OFP_FLOW_DEL_TABLE_MISS

Message text

Openflow instance [UINT16] controller [CHAR]: delete table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [STRING].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: XID.

$4: Cookie of the flow entry.

$5: Table ID.

Severity level

5

Example

OFP/5/OFP_FLOW_DEL_TABLE_MISS: Openflow instance 1 controller 0: delete table miss flow entry, xid 0x1, cookie 0x0, table id 0.

Explanation

A list of table-miss flow entries were to be deleted according to a flow table modification message that has passed the packet check.

Recommended action

No action is required.

 

OFP_FLOW_DEL_TABLE_MISS_FAILED

Message text

Openflow instance [UINT16] controller [CHAR]: failed to delete table miss flow entry, table id [STRING].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Table ID.

Severity level

4

Example

OFP/4/OFP_FLOW_DEL_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to delete table miss flow entry, table id 0.

Explanation

A table-miss flow entry failed to be deleted.

Recommended action

No action is required.

 

OFP_FLOW_MOD

Message text

Openflow instance [UINT16] controller [CHAR]: modify flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: XID.

$4: Cookie of the flow entry.

$5: Table ID.

Severity level

5

Example

OFP/5/OFP_FLOW_MOD: Openflow instance 1 controller 0: modify flow entry, xid 0x1, cookie 0x0, table id 0.

Explanation

A list of flow entries were to be modified according to a flow table modification message that has passed the packet check.

Recommended action

No action is required.

 

OFP_FLOW_MOD_FAILED

Message text

Openflow instance [UINT16] controller [CHAR]: failed to modify flow entry, table id [CHAR].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Table ID.

Severity level

4

Example

OFP/4/OFP_FLOW_MOD_FAILED: Openflow instance 1 controller 0: failed to modify flow entry, table id 0.

Explanation

A flow entry failed to be modified.

Recommended action

Retry to modify the flow entry. If the flow entry still cannot be modified, delete it.

 

OFP_FLOW_MOD_TABLE_MISS

Message text

Openflow instance [UINT16] controller [CHAR]: modify table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: XID.

$4: Cookie of the flow entry.

$5: Table ID.

Severity level

5

Example

OFP/5/OFP_FLOW_MOD_TABLE_MISS: Openflow instance 1 controller 0: modify table miss flow entry, xid 0x1, cookie 0x0, table id 0.

Explanation

A list of table-miss flow entries were to be modified according to a flow table modification message that has passed the packet check.

Recommended action

No action is required.

 

OFP_FLOW_MOD_TABLE_MISS_FAILED

Message text

Openflow instance [UINT16] controller [CHAR]: failed to modify table miss flow entry, table id [CHAR].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Table ID.

Severity level

4

Example

OFP/4/OFP_FLOW_MOD_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to modify table miss flow entry, table id 0.

Explanation

A table-miss flow entry failed to be modified.

Recommended action

Retry to modify the table-miss flow entry. If the entry still cannot be modified, delete it.

 

OFP_FLOW_RMV_GROUP

Message text

The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted with a group_mod message.

Variable fields

$1: Rule ID.

$2: Table ID.

$3: Instance ID.

Severity level

5

Example

OFP/5/OFP_FLOW_RMV_GROUP: The flow entry 1 in table 0 of instance 1 was deleted with a group_mod message.

Explanation

A flow entry was deleted due to a group modification message.

Recommended action

No action is required.

 

OFP_FLOW_RMV_HARDTIME

Message text

The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted because of an hard-time expiration.

Variable fields

$1: Rule ID.

$2: Table ID.

$3: Instance ID.

Severity level

5

Example

OFP/5/OFP_FLOW_RMV_HARDTIME: The flow entry 1 in table 0 of instance 1 was deleted because of an hard-time expiration.

Explanation

A flow entry was deleted because of a hard time expiration.

Recommended action

No action is required.

 

OFP_FLOW_RMV_IDLETIME

Message text

The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted because of an idle-time expiration.

Variable fields

$1: Rule ID.

$2: Table ID.

$3: Instance ID.

Severity level

5

Example

OFP/5/OFP_FLOW_RMV_IDLETIME: The flow entry 1 in table 0 of instance 1 was deleted because of an idle-time expiration.

Explanation

A flow entry was deleted because of an idle time expiration.

Recommended action

No action is required.

 

OFP_FLOW_RMV_METER

Message text

The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted with a meter_mod message.

Variable fields

$1: Rule ID.

$2: Table ID.

$3: Instance ID.

Severity level

5

Example

OFP/5/OFP_FLOW_RMV_GROUP: The flow entry 1 in table 0 of instance1 was deleted with a meter_mod message.

Explanation

A flow entry was deleted due to a meter modification message.

Recommended action

No action is required.

 

OFP_GROUP_ADD

Message text

Openflow instance [UINT16] controller [CHAR]: add group [STRING], xid 0x[HEX].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Group ID.

$4: XID.

Severity level

5

Example

OFP/5/OFP_GROUP_ADD: Openflow instance 1 controller 0: add group 1, xid 0x1.

Explanation

A group entry was to be added to a group table according to a group table modification message that has passed the packet check.

Recommended action

No action is required.

 

OFP_GROUP_ADD_FAILED

Message text

Openflow instance [UINT16] controller [CHAR]: failed to add group [STRING].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Group ID.

Severity level

4

Example

OFP/4/OFP_GROUP_ADD_FAILED: Openflow Instance 1 controller 0: failed to add group 1.

Explanation

A group entry failed to be added.

Recommended action

No action is required.

 

OFP_GROUP_DEL

Message text

Openflow instance [UINT16] controller [CHAR]: delete group [STRING], xid [HEX].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Group ID.

$4: XID.

Severity level

5

Example

OFP/5/OFP_GROUP_DEL: Openflow instance 1 controller 0: delete group 1, xid 0x1.

Explanation

A group entry was to be deleted according to a group table modification message that has passed the packet check.

Recommended action

No action is required.

 

OFP_GROUP_MOD

Message text

Openflow instance [UINT16] controller [CHAR]: modify group [STRING], xid 0x[HEX].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Group ID.

$4: XID.

Severity level

5

Example

OFP/5/OFP_GROUP_MOD: Openflow instance 1 controller 0: modify group 1, xid 0x1.

Explanation

A group entry was to be modified according to a group table modification message that has passed the packet check.

Recommended action

No action is required.

 

OFP_GROUP_MOD_FAILED

Message text

Openflow instance [UINT16] controller [CHAR]: failed to modify group [STRING].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Group ID.

Severity level

4

Example

OFP/4/OFP_GROUP_MOD_FAILED: Openflow instance 1 controller 0: failed to modify group 1.

Explanation

A group entry failed to be modified.

Recommended action

Retry to modify the group entry. If the group entry still cannot be modified, delete it.

 

OFP_LOCAL_FLOW_FAILED

Message text

OpenFlow instance [STRING] : failed to deploy local [STRING] flow entry, table id [STRING].

Variable fields

$1: OpenFlow instance ID.

$2: Flow entry type:

¡     MissTable-miss entry.

¡     standaloneStandalone entry.

¡     vlan [id] manageInband management VLAN entry.

¡     slowSlow protocol entry.

$3: Flow entry ID.

$4: Table ID.

Severity level

6

Example

OFP/6/OFP_KERNEL_LOCAL_FLOW_FAILED: OpenFlow instance 1 : failed to deploy local standalone flow entry, table id 0.

Explanation

The system failed to deploy a local flow entry.

Recommended action

Verify that ACL resources are sufficient.

 

OFP_METER_ADD

Message text

Openflow instance [UINT16] controller [CHAR]: add meter [STRING], xid 0x[HEX].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Meter ID.

$4: XID.

Severity level

5

Example

OFP/5/OFP_METER_ADD: Openflow instance 1 controller 0: add meter 1, xid 0x1.

Explanation

A meter entry was to be added to a meter table according to a meter table modification message that has passed the packet check.

Recommended action

No action is required.

 

OFP_METER_ADD_FAILED

Message text

Openflow instance [UINT16] controller [CHAR]: failed to add meter [STRING].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Meter ID.

Severity level

4

Example

OFP/4/OFP_METER_ADD_FAILED: Openflow Instance 1 controller 0: failed to add meter 1.

Explanation

A meter entry failed to be added.

Recommended action

No action is required.

 

OFP_METER_DEL

Message text

Openflow instance [UINT16] controller [CHAR]: delete meter [STRING], xid 0x[HEX].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Meter ID.

$4: XID.

Severity level

5

Example

OFP/5/OFP_METER_DEL: Openflow instance 1 controller 0: delete meter 1, xid 0x1.

Explanation

A meter entry was to be deleted according to a meter table modification message that has passed the packet check.

Recommended action

No action is required.

 

OFP_METER_MOD

Message text

Openflow instance [UINT16] controller [CHAR]: modify meter [STRING], xid 0x[HEX].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Meter ID.

$4: XID.

Severity level

5

Example

OFP/5/OFP_METER_MOD: Openflow Instance 1 controller 0: modify meter 1, xid 0x1.

Explanation

A meter entry was to be modified according to a meter table modification message that has passed the packet check.

Recommended action

No action is required.

 

OFP_METER_MOD_FAILED

Message text

Openflow instance [UINT16] controller [CHAR]: failed to modify meter [STRING].

Variable fields

$1: Instance ID.

$2: Controller ID.

$3: Meter ID.

Severity level

4

Example

OFP/4/OFP_METER_MOD_FAILED: Openflow instance 1 controller 0: failed to modify meter 1.

Explanation

A meter entry failed to be modified.

Recommended action

Retry to modify the meter entry. If the meter entry still cannot be modified, delete it.

 

OFP_MISS_RMV_GROUP

Message text

The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted with a group_mod message.

Variable fields

$1: Table ID.

$2: Instance ID.

Severity level

5

Example

OFP/5/OFP_MISS_RMV_GROUP: The table-miss flow entry in table 0 of instance 1 was deleted with a group_mod message.

Explanation

The table-miss flow entry was deleted due to a group modification message.

Recommended action

No action is required.

 

OFP_MISS_RMV_HARDTIME

Message text

The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted because of an hard-time expiration.

Variable fields

$1: Table ID.

$2: Instance ID.

Severity level

5

Example

OFP/5/OFP_MISS_RMV_HARDTIME: The table-miss flow entry in table 0 of instance 1 was deleted because of an hard-time expiration.

Explanation

The table-miss flow entry was deleted because of a hard time expiration.

Recommended action

No action is required.

 

OFP_MISS_RMV_IDLETIME

Message text

The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted because of an idle-time expiration.

Variable fields

$1: Table ID.

$2: Instance ID.

Severity level

5

Example

OFP/5/OFP_MISS_RMV_IDLETIME: The table-miss flow entry in table 0 of instance 1 was deleted because of an idle-time expiration.

Explanation

The table-miss flow entry was deleted because of an idle time expiration.

Recommended action

No action is required.

 

OFP_MISS_RMV_METER

Message text

The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted with a meter_mod message.

Variable fields

$1: Table ID.

$2: Instance ID.

Severity level

5

Example

OFP/5/OFP_MISS_RMV_METER: The table-miss flow entry in table 0 of instance 1 was deleted with a meter_mod message.

Explanation

The table-miss flow entry was deleted due to a meter modification message.

Recommended action

No action is required.

 

OPTMOD messages

This section contains transceiver module messages.

BIAS_HIGH

Message text

[STRING]: Bias current is high!

Variable fields

$1: Interface type and number.

Severity level

2

Example

OPTMOD/2/BIAS_HIGH: GigabitEthernet1/0/13: Bias current is high!

Explanation

The bias current of the transceiver module has exceeded the upper limit.

Recommended action

Locate the fault and fix it. If it cannot be fixed, replace the transceiver module.

 

BIAS_LOW

Message text

[STRING]: Bias current is low!

Variable fields

$1: Interface type and number.

Severity level

5

Example

OPTMOD/5/BIAS_LOW: GigabitEthernet1/0/13: Bias current is low!

Explanation

The bias current of the transceiver module is below the lower limit.

Recommended action

Locate the fault and fix it. If it cannot be fixed, replace the transceiver module.

 

BIAS_NORMAL

Message text

[STRING]: Bias current is normal!

Variable fields

$1: Interface type and number.

Severity level

5

Example

OPTMOD/5/BIAS_NORMAL: GigabitEthernet1/0/13: Bias current is normal!

Explanation

The bias current of the transceiver module has returned to the acceptable range.

Recommended action

No action is required.

 

CFG_ERR

Message text

[STRING]: The transceiver type does not match port configuration!

Variable fields

$1: Interface type and number.

Severity level

3

Example

OPTMOD/3/CFG_ERR: GigabitEthernet1/0/13: The transceiver type does not match port configuration!

Explanation

The transceiver module type does not match the port configuration.

Recommended action

Identify the reason causing the mismatch and replace the transceiver module.

 

CHKSUM_ERR

Message text

[STRING]: The checksum of transceiver information is bad!

Variable fields

$1: Interface type and number

Severity level

5

Example

OPTMOD/5/CHKSUM_ERR: GigabitEthernet1/0/13: The checksum of transceiver information is bad!

Explanation

The checksum verification on the register information on the transceiver module failed.

Recommended action

Locate the fault and fix it. If it cannot be fixed, replace the transceiver module.

 

IO_ERR

Message text

[STRING]: The transceiver information I/O failed!

Variable fields

$1: Interface type and number.

Severity level

5

Example

OPTMOD/5/IO_ERR: GigabitEthernet1/0/13: The transceiver information I/O failed!

Explanation

The device failed to access the register information of the transceiver module.

Recommended action

Locate the fault and fix it. If it cannot be fixed, replace the transceiver module.

 

MOD_ALM_OFF

Message text

[STRING]: [STRING] is gone.

Variable fields

$1: Interface type and number.

$2: Fault type.

Severity level

5

Example

OPTMOD/5/MOD_ALM_OFF: GigabitEthernet1/0/13: Module_not_ready is gone.

Explanation

A fault was removed from the transceiver module.

Recommended action

No action is required.

 

MOD_ALM_ON

Message text

[STRING]: [STRING] is detected!

Variable fields

$1: Interface type and number.

$2: Fault type.

Severity level

5

Example

OPTMOD/5/MOD_ALM_ON: GigabitEthernet1/0/13: Module_not_ready is detected!

Explanation

A fault was detected on the transceiver module.

Recommended action

Fix the fault. If it cannot be fixed, replace the transceiver module.

 

MODULE_IN

Message text

[STRING]: The transceiver is [STRING].

Variable fields

$1: Interface type and number.

$2: Type of the transceiver module.

Severity level

4

Example

OPTMOD/4/MODULE_IN: GigabitEthernet1/0/13: The transceiver is 1000_BASE_T_AN_SFP.

Explanation

When a transceiver module is inserted, the OPTMOD module generates the message to display the transceiver module type.

Recommended action

No action is required.

 

MODULE_OUT

Message text

[STRING]: The transceiver is absent.

Variable fields

$1: Interface type and number.

Severity level

4

Example

OPTMOD/4/MODULE_OUT: GigabitEthernet1/0/13: The transceiver is absent.

Explanation

The transceiver module was removed.

Recommended action

No action is required.

 

PHONY_MODULE

Message text

[STRING]: This transceiver is NOT sold by H3C. H3C therefore shall NOT guarantee the normal function of the device or assume the maintenance responsibility thereof!

Variable fields

$1: Interface type and number.

Severity level

4

Example

OPTMOD/4/PHONY_MODULE: GigabitEthernet1/0/13: This transceiver is NOT sold by H3C. H3C therefore shall NOT guarantee the normal function of the device or assume the maintenance responsibility thereof!

Explanation

The transceiver module is not sold by H3C.

Recommended action

Verify the transceiver module compatibility. If it is not compatible, replace it.

 

RX_ALM_OFF

Message text

[STRING]: [STRING] is gone.

Variable fields

$1: Interface type and number.

$2: RX fault type.

Severity level

5

Example

OPTMOD/5/RX_ALM_OFF: GigabitEthernet1/0/13: RX_not_ready is gone.

Explanation

An RX fault was removed from the transceiver module.

Recommended action

No action is required.

 

RX_ALM_ON

Message text

[STRING]: [STRING] is detected!

Variable fields

$1: Interface type and number.

$2: RX fault type.

Severity level

5

Example

OPTMOD/5/RX_ALM_ON: GigabitEthernet1/0/13: RX_not_ready is detected!

Explanation

An RX fault was detected on the transceiver module.

Recommended action

Fix the fault. If it cannot be fixed, replace the transceiver module.

 

RX_POW_HIGH

Message text

[STRING]: RX power is high!

Variable fields

$1: Interface type and number.

Severity level

5

Example

OPTMOD/5/RX_POW_HIGH: GigabitEthernet1/0/13: RX power is high!

Explanation

The RX power of the transceiver module has exceeded the upper limit.

Recommended action

Locate the fault and fix it. If it cannot be fixed, replace the transceiver module.

 

RX_POW_LOW

Message text

[STRING]: RX power is low!

Variable fields

$1: Interface type and number.

Severity level

5

Example

OPTMOD/5/RX_POW_LOW: GigabitEthernet1/0/13: RX power is low!

Explanation

The RX power of the transceiver module is below the lower limit.

Recommended action

Locate the fault and fix it. If it cannot be fixed, replace the transceiver module.

 

RX_POW_NORMAL

Message text

[STRING]: RX power is normal!

Variable fields

$1: Interface type and number.

Severity level

5

Example

OPTMOD/5/RX_POW_NORMAL: GigabitEthernet1/0/13: RX power is normal!

Explanation

The RX power of the transceiver module has returned to the acceptable range.

Recommended action

No action is required.

 

TEMP_HIGH

Message text

[STRING]: Temperature is high!

Variable fields

$1: Interface type and number

Severity level

5

Example

OPTMOD/5/TEMP_HIGH: GigabitEthernet1/0/13: Temperature is high!

Explanation

The temperature of the transceiver module has exceeded  the upper limit.

Recommended action

Locate the fault and fix it. If it cannot be fixed, replace the transceiver module.

 

TEMP_LOW

Message text

[STRING]: Temperature is low!

Variable fields

$1: Interface type and number.

Severity level

5

Example

OPTMOD/5/TEMP_LOW: GigabitEthernet1/0/13: Temperature is low!

Explanation

The temperature of the transceiver module is below the lower limit.

Recommended action

Locate the fault and fix it. If it cannot be fixed, replace the transceiver module.

 

TEMP_NORMAL

Message text

[STRING]: Temperature is normal!

Variable fields

$1: Interface type and number.

Severity level

5

Example

OPTMOD/5/TEMP_NORMAL: GigabitEthernet1/0/13: Temperature is normal!

Explanation

The temperature of the transceiver module has returned to the acceptable range.

Recommended action

No action is required.

 

TX_ALM_OFF

Message text

[STRING]: [STRING] is gone.

Variable fields

$1: Interface type and number.

$2: TX fault type.

Severity level

5

Example

OPTMOD/5/TX_ALM_OFF: GigabitEthernet1/0/13: TX_fault is gone.

Explanation

A TX fault was removed from the transceiver module.

Recommended action

No action is required.

 

TX_ALM_ON

Message text

[STRING]: [STRING] is detected!

Variable fields

$1: Interface type and number.

$2: TX fault type.

Severity level

5

Example

OPTMOD/5/TX_ALM_ON: GigabitEthernet1/0/13: TX_fault is detected!

Explanation

A TX fault was detected on the transceiver module.

Recommended action

Fix the fault. If it cannot be fixed, replace the transceiver module.

 

TX_POW_HIGH

Message text

[STRING]: TX power is high!

Variable fields

$1: Interface type and number.

Severity level

2

Example

OPTMOD/2/TX_POW_HIGH: GigabitEthernet1/0/13: TX power is high!

Explanation

The TX power of the transceiver module has exceeded the upper limit.

Recommended action

Locate the fault and fix it. If it cannot be fixed replace the transceiver module.

 

TX_POW_LOW

Message text

[STRING]: TX power is low!

Variable fields

$1: Interface type and number.

Severity level

5

Example

OPTMOD/5/TX_POW_LOW: GigabitEthernet1/0/13: TX power is low!

Explanation

The TX power of the transceiver module is below the lower limit.

Recommended action

Locate the fault and fix it. If it cannot be fixed, replace the transceiver module.

 

TX_POW_NORMAL

Message text

[STRING]: TX power is normal!

Variable fields

$1: Interface type and number.

Severity level

5

Example

OPTMOD/5/TX_POW_NORMAL: GigabitEthernet1/0/13: TX power is normal!

Explanation

The TX power of the transceiver module has returned to the acceptable range.

Recommended action

No action is required.

 

TYPE_ERR

Message text

[STRING]: The transceiver type is not supported by port hardware!

Variable fields

$1: Interface type and number.

Severity level

3

Example

OPTMOD/3/TYPE_ERR: GigabitEthernet1/0/13: The transceiver type is not supported by port hardware!

Explanation

The transceiver module is not supported by the port.

Recommended action

Replace the transceiver module.

 

VOLT_HIGH

Message text

[STRING]: Voltage is high!

Variable fields

$1: Interface type and number

Severity level

5

Example

OPTMOD/5/VOLT_HIGH: GigabitEthernet1/0/13: Voltage is high!

Explanation

The voltage of the transceiver module has exceeded the upper limit.

Recommended action

Locate the fault and fix it. If it cannot be fixed, replace the transceiver module.

 

VOLT_LOW

Message text

[STRING]: Voltage is low!

Variable fields

$1: Interface type and number.

Severity level

5

Example

OPTMOD/5/VOLT_LOW: GigabitEthernet1/0/13: Voltage is low!

Explanation

The voltage of the transceiver module is below the lower limit.

Recommended action

Locate the fault and fix it. If it cannot be fixed, replace the transceiver module.

 

VOLT_NORMAL

Message text

[STRING]: Voltage is normal!

Variable fields

$1: Interface type and number.

Severity level

5

Example

OPTMOD/5/VOLT_NORMAL: GigabitEthernet1/0/13: Voltage is normal!

Explanation

The voltage of the transceiver module has returned to the acceptable range.

Recommended action

No action is required.

 

OSPF messages

This section contains OSPF messages.

OSPF_DUP_RTRID_NBR

Message text

OSPF [UINT16] Duplicate router ID [STRING] on interface [STRING], sourced from IP address [IPADDR].

Variable fields

$1: OSPF process ID.

$2: Router ID.

$3: Interface name.

$4: IP address.

Severity level

6

Example

OSPF/6/OSPF_DUP_RTRID_NBR: OSPF 1 Duplicate router ID 11.11.11.11 on interface GigabitEthernet1/0/3, sourced from IP address 11.2.2.2.

Explanation

Two directly connected devices are configured with the same router ID.

Recommended action

Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

 

OSPF_IP_CONFLICT_INTRA

Message text

OSPF [UINT16] Received newer self-originated network-LSAs. Possible conflict of IP address [IPADDR] in area [STRING] on interface [STRING].

Variable fields

$1: OSPF process ID.

$2: IP address.

$3: OSPF area ID.

$4: Interface name.

Severity level

6

Example

OSPF/6/OSPF_IP_CONFLICT_INTRA: OSPF 1 Received newer self-originated network-LSAs. Possible conflict of IP address 11.1.1.1 in area 0.0.0.1 on interface GigabitEthernet1/0/3.

Explanation

The interfaces on two devices in the same OSPF area might have the same primary IP address. At least one of the devices is a DR.

Recommended action

Modify the IP address configuration and make sure the modification does not cause router ID conflicts in the same OSPF area.

 

OSPF_LAST_NBR_DOWN

Message text

OSPF [UINT32] Last neighbor down event: Router ID: [STRING] Local address: [STRING] Remote address: [STRING] Reason: [STRING]

Variable fields

$1: OSPF process ID.

$2: Router ID.

$3: Local IP address.

$4: Neighbor IP address.

$5: Reason.

Severity level

6

Example

OSPF/6/OSPF_LAST_NBR_DOWN: OSPF 1 Last neighbor down event: Router ID: 2.2.2.2 Local address: 10.1.1.1 Remote address: 10.1.1.2 Reason: Dead Interval timer expired.

Explanation

The device records the OSPF neighbor down event caused by a specific reason.

Recommended action

1.     When a down event occurred because of configuration changes (for example, interface parameter changes), check for the configuration errors.

2.     When a down event occurred because of dead interval expiration, check for the dead interval configuration error and loss of network connectivity.

3.     When a down event occurred because of BFD session down, check for the BFD detection time configuration error and loss of network connectivity.

4.     When a down event occurred because of interface status changes, check for loss of network connectivity.

 

OSPF_MEM_ALERT

Message text

OSPF Process receive system memory alert  [STRING] event.

Variable fields

$1: Type of the memory alarm.

Severity level

5

Example

OSPF/5/OSPF_MEM_ALERT: OSPF Process receive system memory alert start event.

Explanation

OSPF received a memory alarm.

Recommended action

Check the system memory.

 

OSPF_NBR_CHG

Message text

OSPF [UINT32] Neighbor [STRING] ([STRING]) from [STRING] to [STRING]

Variable fields

$1: OSPF process ID.

$2: Neighbor IP address.

$3: Interface name.

$4: Old adjacency state.

$5: New adjacency state.

Severity level

5

Example

OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 2.2.2.2 (Vlan-interface100) from Full to Down.

Explanation

The OSPF adjacency state changed on an interface.

Recommended action

When the adjacency with a neighbor changes from Full to another state on an interface, check for OSPF configuration errors and loss of network connectivity.

 

OSPF_RTRID_CONFLICT_INTRA

Message text

OSPF [UINT16] Received newer self-originated router-LSAs. Possible conflict of router ID [STRING] in area [STRING].

Variable fields

$1: OSPF process ID.

$2: Router ID.

$3: OSPF area ID.

Severity level

6

Example

OSPF/6/OSPF_RTRID_CONFLICT_INTRA: OSPF 1 Received newer self-originated router-LSAs. Possible conflict of router ID 11.11.11.11 in area 0.0.0.1.

Explanation

Two indirectly connected devices in the same OSPF area might have the same router ID.

Recommended action

Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

 

OSPF_RTRID_CONFLICT_INTER

Message text

OSPF [UINT16] Received newer self-originated ase-LSAs. Possible conflict of router ID [STRING].

Variable fields

$1: OSPF process ID.

$2: Router ID.

Severity level

6

Example

OSPF/6/OSPF_RTRID_CONFILICT_INTER: OSPF 1 Received newer self-originated ase-LSAs. Possible conflict of router ID 11.11.11.11.

Explanation

Two indirectly connected devices in the same OSPF area might have the same router ID. One of the devices is an ASBR.

Recommended action

Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

 

OSPF_RT_LMT

Message text

OSPF [UINT32] route limit reached.

Variable fields

$1: OSPF process ID.

Severity level

4

Example

OSPF/4/OSPF_RT_LMT: OSPF 1 route limit reached.

Explanation

The number of routes of an OSPF process reached the upper limit.

Recommended action

1.     Check for network attacks.

2.     Reduce the number of routes.

 

OSPF_RTRID_CHG

Message text

OSPF [UINT32] New router ID elected, please restart OSPF if you want to make the new router ID take effect.

Variable fields

$1: OSPF process ID.

Severity level

5

Example

OSPF/5/OSPF_RTRID_CHG: OSPF 1 New router ID elected, please restart OSPF if you want to make the new router ID take effect.

Explanation

The OSPF router ID was changed because the user changed the router ID or the interface IP address used as the router ID changed.

Recommended action

Use the reset ospf process command to make the new router ID take effect.

 

OSPF_VLINKID_CHG

Message text

OSPF [UINT32] Router ID changed, re-configure Vlink on peer

Variable fields

$1: OSPF process ID.

Severity level

5

Example

OSPF/5/OSPF_VLINKID_CHG:OSPF 1 Router ID changed, re-configure Vlink on peer

Explanation

A new OSPF router ID takes effect.

Recommended action

Check and modify the virtual link configuration on the peer router to match the new router ID.

 

OSPFV3 messages

This section contains OSPFv3 messages.

OSPFV3_LAST_NBR_DOWN

Message text

OSPFv3 [UINT32] Last neighbor down event: Router ID: [STRING]  local Interface Id: [UINT32]  Remote Interface Id: [UINT32]  Reason: [STRING].

Variable fields

$1: OSPFv3 process ID.

$2: Router ID.

$3: Local interface ID.

$4: Remote interface ID.

$5: Reason.

Severity level

6

Example

OSPFV3/6/OSPFV3_LAST_NBR_DOWN: OSPF 1 Last neighbor down event: Router ID: 2.2.2.2 local Interface Id: 1111  Remote Interface Id: 2222 Reason: Dead Interval timer expired.

Explanation

The device records the most recent OSPFv3 neighbor down event caused by a specific reason.

Recommended action

Check the reason for the most recent OSPFv3 neighbor down event.

 

OSPFV3_MEM_ALERT

Message text

OSPFV3 Process receive system memory alert  [STRING] event.

Variable fields

$1: Type of the memory alarm.

Severity level

5

Example

OSPFV3/5/OSPFV3_MEM_ALERT: OSPFV3 Process receive system memory alert start event.

Explanation

OSPFv3 received a memory alarm.

Recommended action

Check the system memory.

 

OSPFV3_NBR_CHG

Message text

OSPFv3 [UINT32] Neighbor [STRING] ([STRING]) received [STRING]  and its state from [STRING]  to [STRING].

Variable fields

$1: Process ID.

$2: Neighbor router ID.

$3: Interface name.

$4: Neighbor event.

$5: Old adjacency state.

$6: New adjacency state.

Severity level

5

Example

OSPFV3/5/OSPFV3_NBR_CHG: OSPFv3 1 Neighbor 2.2.2.2 (Vlan100)  received  1-Way  from Full to Init.

Explanation

The OSPFv3 adjacency state changed on an interface.

Recommended action

When the adjacency with a neighbor changes to down on an interface, check for OSPFv3 configuration errors and loss of network connectivity.

 

OSPFV3_RT_LMT

Message text

OSPFv3 [UINT32] Route limit reached.

Variable fields

$1: Process ID.

Severity level

5

Example

OSPFV3/5/OSPFV3_RT_LMT:OSPFv3 1 Route limit reached.

Explanation

The number of routes of an OSPFv3 process reached the upper limit.

Recommended action

Modify the route limit configuration.

 

PBB messages

This section contains PBB messages.

PBB_JOINAGG_WARNING

Message text

Because the aggregate interface [STRING] has been configured with PBB, assigning the interface [STRING] that does not support PBB to the aggregate group will cause incorrect processing.

Variable fields

$1: Aggregation group name.

$2: Interface name.

Severity level

4

Example

PBB/4/PBB_JOINAGG_WARNING: Because the aggregate interface Bridge-Aggregation1 has been configured with PBB, assigning the interface Ten-GigabitEthernet9/0/30 that does not support PBB to the aggregate group will cause incorrect processing.

Explanation

Because the interface does not support PBB, assigning the interface to an aggregation group configured with PBB will cause incorrect processing. If an aggregate interface is a PBB uplink port, all its members should support PBB.

Recommended action

Remove the interface from the aggregation group.

 

PBR messages

This section contains PBR messages.

PBR_HARDWARE_ERROR

Message text

Failed to update policy [STRING] due to [STRING].

Variable fields

$1: Policy name.

$2: Hardware error reasons:

·     The hardware resources are insufficient.

·     The system does not support the operation.

·     The hardware resources are insufficient and the system does not support the operation.

Severity level

4

Example

PBR/4/PBR_HARDWARE_ERROR: Failed to update policy aaa due to insufficient hardware resources and not supported operations.

Explanation

The device failed to update PBR configuration.

Recommended action

Modify the PBR policy configuration according to the failure reason.

 

PEX messages

This section contains PEX messages.

PEX_ASSOCIATEID_MISMATCHING

Message text

The associated ID of PEX port [UNIT32] is [UNIT32] on the parent fabric, but the PEX connected to the port has obtained ID [UNIT32].

Variable fields

$1: PEX port ID.

$2: Virtual slot or chassis number configured on the parent fabric for a PEX.

$3: Virtual slot or chassis number that the PEX has obtained.

Severity level

5

Example

PEX/5/PEX_ASSOCIATEID_MISMATCHING: The associated ID of PEX port 1 is 100 on the parent fabric, but the PEX connected to the port has obtained ID 101.

Explanation

The configured virtual slot or chassis number for a PEX is different from the virtual slot or chassis number that the PEX has obtained.

Recommended action

Check the network connection.

 

PEX_CONFIG_ERROR

Message text

PEX port [UINT32] discarded a REGISTER request received from [STRING] through interface [STRING]. Reason: The PEX was not assigned an ID, or the PEX was assigned an ID equal to or greater than the maximum value ([UINT32]).

Variable fields

$1: PEX port ID.

$2: PEX model.

$3: Name of a PEX physical interface.

$4: Maximum virtual slot or chassis number for the PEX model.

Severity level

4

Example

PEX/4/PEX_CONFIG_ERROR: PEX port 1 discarded a REGISTER request received from PEX-S5120HI-S5500HI through interface Ten-GigabitEthernet10/0/31. Reason: The PEX was not assigned an ID, or the PEX was assigned an ID equal to or greater than the maximum value 130.

Explanation

This message is generated in the following situations:

·     The PEX is not assigned a virtual slot or chassis number.

·     The PEX is assigned a virtual slot or chassis number that is greater than the maximum value allowed for the PEX model.

Recommended action

1.     Use the associate command to assign a valid slot or chassis number to the PEX. Make sure the slot or chassis number is within the value range for the PEX model.

2.     If the problem persists, contact H3C Support.

 

PEX_CONNECTION_ERROR

Message text

PEX port [UINT32] discarded a REGISTER request received from [STRING] through interface [STRING]. Reason: Another PEX has been registered on the PEX port.

Variable fields

$1: PEX port ID.

$2: PEX model.

$3: Name of a PEX physical interface.

Severity level

4

Example

PEX/4/PEX_CONNECTION_ERROR: PEX port 1 discarded a REGISTER request received from PEX-S5120HI-S5500HI through interface Ten-GigabitEthernet10/0/31. Reason: Another PEX has been registered on the PEX port.

Explanation

This message is generated if a PEX port is connected to multiple PEXs.

Recommended action

1.     Reconnect PEXs to ensure sure that only one PEX is connected to the PEX port.

2.     If the problem persists, contact H3C Support.

 

PEX_FORBID_STACK

Message text

Can't connect PEXs [UNIT32] and [UNIT32]: The PEX ports to which the PEXs belong are in different PEX port groups.

Variable fields

$1: Virtual slot or chassis number of a PEX.

$2: Virtual slot or chassis number of a PEX.

Severity level

5

Example

PEX/5/PEX_FORBID_STACK: Can't connect PEXs 100 and 102: The PEX ports to which the PEXs belong are in different PEX port groups.

Explanation

PEXs belonging to PEX ports of different PEX port groups were connected.

Recommended action

Check the network connection.

 

PEX_LINK_BLOCK

Message text

Status of [STRING] changed from [STRING] to blocked.

Variable fields

$1: Name of a PEX physical interface.

$2: Data link status of the interface.

Severity level

4

Example

PEX/4/PEX_LINK_BLOCK: Status of Ten-GigabitEthernet2/0/1 changed from forwarding to blocked.

Explanation

Data link of the PEX physical interface has changed to blocked. The blocked state is a transitional state between forwarding and down. In blocked state, a PEX physical interface can forward protocol packets, but it cannot forward data packets.

This state change occurs in one of the following situations:

·     Incorrect physical connection:

¡     The PEX physical links on a PEX are connected to different PEX ports on the parent device.

¡     The PEX port on the parent device contains physical links to different PEXs.

·     The data link is forced to the blocked state. In the startup phase, a PEX blocks the link of a PEX physical interface if the interface is physically up, but it is not used for loading startup software.

·     The physical state of the interface is up, but the PEX connection between the PEX and the parent device has been disconnected. The PEX and the parent device cannot receive PEX heartbeat packets from each other.

Recommended action

If a down PEX link changes from blocked to up quickly, you do not need to take action. If the link stays in blocked state, check the PEX cabling to verify that:

·     The PEX's all PEX physical interfaces are connected to the physical interfaces assigned to the same PEX port on the parent device.

·     The PEX port contains only physical links to the same PEX.

If a forwarding PEX link stays in blocked state when it is changing to the down state, verify that an IRF fabric split has occurred. When an IRF fabric split occur, a PEX link is be blocked if it is connected to the Recovery-state IRF member device.

 

PEX_LINK_DOWN

Message text

Status of [STRING] changed from [STRING] to down.

Variable fields

$1: Name of a PEX physical interface.

$2: Data link status of the interface.

Severity level

4

Example

PEX/4/PEX_LINK_DOWN: Status of Ten-GigabitEthernet2/0/1 changed from forwarding to down.

Explanation

Data link of the PEX physical interface has changed to the down state and cannot forward any packets.

The following are common reasons for this state change:

·     Physical link fails.

·     The interface is shut down administratively.

·     The system reboots.

Recommended action

If the interface has been shut down administratively or in the down state because of a system reboot, use the undo shutdown command to bring up the interface as needed.

If the interface is down because of a physical link failure, verify that the cable has been securely connected and is in good condition.

 

PEX_LINK_FORWARD

Message text

Status of [STRING] changed from [STRING] to forwarding.

Variable fields

$1: Name of a PEX physical interface.

$2: Data link status of the interface.

Severity level

5

Example

PEX/5/PEX_LINK_FORWARD: Status of Ten-GigabitEthernet2/0/1 changed from blocked to forwarding.

Explanation

Data link of the PEX physical interface has changed to the forwarding state and can forward data packets.

This link state change occurs when one of the following events occurs:

·     The link is detected again after it changes to the blocked state.

·     The PEX finishes loading startup software images from the parent device through the interface.

Recommended action

No action is required.

 

PEX_REG_JOININ

Message text

PEX ([STRING]) registered successfully on PEX port [UINT32].

Variable fields

$1: Virtual slot or chassis number of a PEX.

$2: PEX port ID.

Severity level

5

Example

PEX/5/PEX_REG_JOININ: PEX (slot 101) registered successfully on PEX port 1.

Explanation

The PEX has been registered successfully. You can configure and manage the PEX attached to the PEX port on the parent device as if the PEX was an interface card.

Recommended action

No action is required.

 

PEX_REG_LEAVE

Message text

PEX ([STRING]) unregistered on PEX port [UINT32].

Variable fields

$1: Virtual slot or chassis number of a PEX.

$2: PEX port ID.

Severity level

4

Example

PEX/4/PEX_REG_LEAVE: PEX (slot 101) unregistered on PEX port 1.

Explanation

The PEX has been unregistered. You cannot operate the PEX from the parent device.

A PEX unregister event occurs when one of the following events occurs:

·     The PEX reboots.

·     All physical interfaces in the PEX port are down. For example, all physical interfaces are shut down administratively, or all the physical links are disconnected.

·     The PEX fails to start up within 30 minutes.

·     Link detection fails on all physical interfaces in the PEX port.

Recommended action

If the event occurs because the PEX reboots or PEX physical interfaces are shut down administratively, use the undo shutdown command to bring up the interfaces as needed.

To resolve the problem that occurs for any other reasons:

·     Use the display device command to verify that the slot or chassis number of the PEX is present and the state is correct.

·     Use the display pex-port command to verify that the PEX physical interfaces are configured correctly and in a correct state.

·     Use the display interface command to verify that the physical state of the PEX physical interfaces is up. If the Current state field displays down, check the cabling for a physical link failure.

 

PEX_REG_REQUEST

Message text

Received a REGISTER request on PEX port [UINT32] from PEX ([STRING]).

Variable fields

$1: PEX port ID.

$2: Virtual slot or chassis number of a PEX.

Severity level

5

Example

Pattern 1:

PEX/5/PEX_REG_REQUEST: Received a REGISTER request on PEX port 1 from PEX (slot 101).

Pattern 2:

PEX/5/PEX_REG_REQUEST: Received a REGISTER request on PEX port 1 from PEX (chassis 101).

Explanation

The PEX sent a registration request to the parent device.

This event occurs when the PEX starts up after PEX configuration is completed and the PEX device is connected to the patent device correctly. The parent device will allow the PEX to load startup software images after it receives a REGISTER request.

Recommended action

No action is required.

 

PEX_STACKCONNECTION_ERROR

Message text

A device was connected to a PEX that already had two neighboring devices.

Variable fields

N/A

Severity level

5

Example

PEX/5/PEX_STACKCONNECTION_ERROR: A device was connected to a PEX that already had two neighboring devices.

Explanation

Connection error was detected. A device was connected to a PEX that already has two neighboring devices in an IRF 3 system.

Recommended action

Check the network connection.

 

PFILTER messages

This section contains packet filter messages.

PFILTER_GLB_IPV4_DACT_NO_RES

Message text

Failed to apply or refresh the IPv4 default action to the [STRING] direction globally. The resources are insufficient.

Variable fields

$1: Traffic direction.

Severity level

3

Example

PFILTER/3/PFILTER_GLB_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction globally. The resources are insufficient.

Explanation

The system failed to apply or refresh the IPv4 default action globally because of insufficient hardware resources.

Recommended action

Use the display qos-acl resource command to check the hardware resource usage.

 

PFILTER_GLB_IPV4_DACT_UNK_ERR

Message text

Failed to apply or refresh the IPv4 default action to the [STRING] direction globally.

Variable fields

$1: Traffic direction.

Severity level

3

Example

PFILTER/3/PFILTER_GLB_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction globally.

Explanation

The system failed to apply or refresh the IPv4 default action globally because of unknown errors.

Recommended action

None.

 

PFILTER_GLB_IPV6_DACT_NO_RES

Message text

Failed to apply or refresh the IPv6 default action to the [STRING] direction globally. The resources are insufficient.

Variable fields

$1: Traffic direction.

Severity level

3

Example

PFILTER/3/PFILTER_GLB_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction globally. The resources are insufficient.

Explanation

The system failed to apply or refresh the IPv6 default action globally because of insufficient hardware resources.

Recommended action

Use the display qos-acl resource command to check the hardware resource usage.

 

PFILTER_GLB_IPV6_DACT_UNK_ERR

Message text

Failed to apply or refresh the IPv6 default action to the [STRING] direction globally.

Variable fields

$1: Traffic direction.

Severity level

3

Example

PFILTER/3/PFILTER_GLB_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction globally.

Explanation

The system failed to apply or refresh the IPv6 default action globally because of unknown errors.

Recommended action

None.

 

PFILTER_GLB_MAC_DACT_NO_RES

Message text

Failed to apply or refresh the MAC default action to the [STRING] direction globally. The resources are insufficient.

Variable fields

$1: Traffic direction.

Severity level

3

Example

PFILTER/3/PFILTER_GLB_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction globally. The resources are insufficient.

Explanation

The system failed to apply or refresh the MAC default action globally because of insufficient hardware resources.

Recommended action

Use the display qos-acl resource command to check the hardware resource usage.

 

PFILTER_GLB_MAC_DACT_UNK_ERR

Message text

Failed to apply or refresh the MAC default action to the [STRING] direction globally.

Variable fields

$1: Traffic direction.

Severity level

3

Example

PFILTER/3/PFILTER_GLB_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction globally.

Explanation

The system failed to apply or refresh the MAC default action globally because of unknown errors.

Recommended action

None.

 

PFILTER_GLB_NO_RES

Message text

Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. The resources are insufficient.

Variable fields

$1: ACL type.

$2: ACL number.

$3: Rule ID.

$4: Traffic direction.

Severity level

3

Example

PFILTER/3/PFILTER_GLB_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. The resources are insufficient.

Explanation

The system failed to apply or refresh an ACL rule globally because of insufficient hardware resources.

Recommended action

Use the display qos-acl resource command to check the hardware resource usage.

 

PFILTER_GLB_NOT_SUPPORT

Message text

Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. The ACL is not supported.

Variable fields

$1: ACL type.

$2: ACL number.

$3: Rule ID.

$4: Traffic direction.

Severity level

3

Example

PFILTER/3/PFILTER_GLB_NOT_SUPPORT: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. The ACL is not supported.

Explanation

The system failed to apply or refresh an ACL rule globally because the ACL rule is not supported.

Recommended action

Delete unsupported content from the ACL rule.

 

PFILTER_GLB_UNK_ERR

Message text

Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally.

Variable fields

$1: ACL type.

$2: ACL number.

$3: Rule ID.

$4: Traffic direction.

Severity level

3

Example

PFILTER/3/PFILTER_GLB_UNK_ERR: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally.

Explanation

The system failed to apply or refresh an ACL rule globally because of unknown errors.

Recommended action

None.

 

PFILTER_IF_IPV4_DACT_NO_RES

Message text

Failed to apply or refresh the IPv4 default action to the [STRING] direction of interface [STRING]. The resources are insufficient.

Variable fields

$1: Traffic direction.

$2: Interface name.

Severity level

3

Example

PFILTER/3/PFILTER_IF_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction of interface GigabitEthernet 3/1/2. The resources are insufficient.

Explanation

The system failed to apply or refresh the IPv4 default action for an interface because of insufficient hardware resources.

Recommended action

Use the display qos-acl resource command to check the hardware resource usage.

 

PFILTER_IF_IPV4_DACT_UNK_ERR

Message text

Failed to apply or refresh the IPv4 default action to the [STRING] direction of interface [STRING].

Variable fields

$1: Traffic direction.

$2: Interface name.

Severity level

3

Example

PFILTER/3/PFILTER_IF_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction of interface GigabitEthernet 3/1/2.

Explanation

The system failed to apply or refresh the IPv4 default action for an interface because of unknown errors.

Recommended action

None.

 

PFILTER_IF_IPV6_DACT_NO_RES

Message text

Failed to apply or refresh the IPv6 default action to the [STRING] direction of interface [STRING]. The resources are insufficient.

Variable fields

$1: Traffic direction.

$2: Interface name.

Severity level

3

Example

PFILTER/3/PFILTER_IF_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction of interface GigabitEthernet 3/1/2. The resources are insufficient.

Explanation

The system failed to apply or refresh the IPv6 default action for an interface because of insufficient hardware resources.

Recommended action

Use the display qos-acl resource command to check the hardware resource usage.

 

PFILTER_IF_IPV6_DACT_UNK_ERR

Message text

Failed to apply or refresh the IPv6 default action to the [STRING] direction of interface [STRING].

Variable fields

$1: Traffic direction.

$2: Interface name.

Severity level

3

Example

PFILTER/3/PFILTER_IF_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction of interface GigabitEthernet 3/1/2.

Explanation

The system failed to apply or refresh the IPv6 default action for an interface because of unknown errors.

Recommended action

None.

 

PFILTER_IF_MAC_DACT_NO_RES

Message text

Failed to apply or refresh the MAC default action to the [STRING] direction of interface [STRING]. The resources are insufficient.

Variable fields

$1: Traffic direction.

$2: Interface name.

Severity level

3

Example

PFILTER/3/PFILTER_IF_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction of interface GigabitEthernet 3/1/2. The resources are insufficient.

Explanation

The system failed to apply or refresh the MAC default action for an interface because of insufficient hardware resources.

Recommended action

Use the display qos-acl resource command to check the hardware resource usage.

 

PFILTER_IF_MAC_DACT_UNK_ERR

Message text

Failed to apply or refresh the MAC default action to the [STRING] direction of interface [STRING].

Variable fields

$1: Traffic direction.

$2: Interface name.

Severity level

3

Example

PFILTER/3/PFILTER_IF_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction of interface GigabitEthernet 3/1/2.

Explanation

The system failed to apply or refresh the MAC default action for an interface because of unknown errors.

Recommended action

None.

 

PFILTER_IF_NO_RES

Message text

Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. The resources are insufficient.

Variable fields

$1: ACL type.

$2: ACL number.

$3: Rule ID.

$4: Traffic direction.

$5: Interface name.

Severity level

3

Example

PFILTER/3/PFILTER_IF_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface GigabitEthernet 3/1/2. The resources are insufficient.

Explanation

The system failed to apply or refresh an ACL rule to an interface because of insufficient hardware resources.

Recommended action

Use the display qos-acl resource command to check the hardware resource usage.

 

PFILTER_IF_NOT_SUPPORT

Message text

Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. The ACL is not supported.

Variable fields

$1: ACL type.

$2: ACL number.

$3: Rule ID.

$4: Traffic direction.

$5: Interface name.

Severity level

3

Example

PFILTER/3/PFILTER_IF_NOT_SUPPORT: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface GigabitEthernet 3/1/2. The ACL is not supported.

Explanation

The system failed to apply or refresh an ACL rule to an interface because the ACL rule is not supported.

Recommended action

Delete unsupported content from the ACL rule.

 

PFILTER_IF_UNK_ERR

Message text

Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING].

Variable fields

$1: ACL type.

$2: ACL number.

$3: Rule ID.

$4: Traffic direction.

$5: Interface name.

Severity level

3

Example

PFILTER/3/PFILTER_IF_UNK_ERR: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface GigabitEthernet 3/1/2.

Explanation

The system failed to apply or refresh an ACL rule to an interface because of unknown errors.

Recommended action

None.

 

PFILTER_IPV6_STATIS_INFO

Message text

[STRING] ([STRING]): Packet-filter IPv6 [UINT32] [STRING] [STRING] [UINT64] packet(s).

Variable fields

$1: Application destination.

$2: Traffic direction.

$3: ACL number.

$4: Rule ID and rule content.

$5: Number of packets matching the rule.

Severity level

6

Example

ACL/6/PFILTER_IPV6_STATIS_INFO: GigabitEthernet1/0/4 (inbound): Packet-filter IPv6 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s).

Explanation

This message is generated when the number of packets matching the IPv6 ACL rule changed.

Recommended action

No action is required.

 

PFILTER_STATIS_INFO

Message text

[STRING] ([STRING]): Packet-filter [UINT32] [STRING] [UINT64] packet(s).

Variable fields

$1: Application destination.

$2: Traffic direction.

$3: ACL number.

$4: Rule ID and rule content.

$5: Number of packets matching the rule.

Severity level

6

Example

ACL/6/PFILTER_STATIS_INFO: GigabitEthernet1/0/4 (inbound): Packet-filter 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).

Explanation

This message is generated when the number of packets matching the IPv4 ACL rule changed.

Recommended action

No action is required.

 

PFILTER_VLAN_IPV4_DACT_NO_RES

Message text

Failed to apply or refresh the IPv4 default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.

Variable fields

$1: Traffic direction.

$2: VLAN ID.

Severity level

3

Example

PFILTER/3/PFILTER_VLAN_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction of VLAN 1. The resources are insufficient.

Explanation

The system failed to apply or refresh the IPv4 default action for a VLAN because of insufficient hardware resources.

Recommended action

Use the display qos-acl resource command to check the hardware resource usage.

 

PFILTER_VLAN_IPV4_DACT_UNK_ERR

Message text

Failed to apply or refresh the IPv4 default action to the [STRING] direction of VLAN [UINT16].

Variable fields

$1: Traffic direction.

$2: VLAN ID.

Severity level

3

Example

PFILTER/3/PFILTER_VLAN_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction of VLAN 1.

Explanation

The system failed to apply or refresh the IPv4 default action for a VLAN because of unknown errors.

Recommended action

None.

 

PFILTER_VLAN_IPV6_DACT_NO_RES

Message text

Failed to apply or refresh the IPv6 default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.

Variable fields

$1: Traffic direction.

$2: VLAN ID.

Severity level

3

Example

PFILTER/3/PFILTER_VLAN_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction of VLAN 1. The resources are insufficient.

Explanation

The system failed to apply or refresh the IPv6 default action for a VLAN because of insufficient hardware resources.

Recommended action

Use the display qos-acl resource command to check the hardware resource usage.

 

PFILTER_VLAN_IPV6_DACT_UNK_ERR

Message text

Failed to apply or refresh the IPv6 default action to the [STRING] direction of VLAN [UINT16].

Variable fields

$1: Traffic direction.

$2: VLAN ID.

Severity level

3

Example

PFILTER/3/PFILTER_VLAN_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction of VLAN 1.

Explanation

The system failed to apply or refresh the IPv6 default action for a VLAN because of unknown errors.

Recommended action

None.

 

PFILTER_VLAN_MAC_DACT_NO_RES

Message text

Failed to apply or refresh the MAC default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.

Variable fields

$1: Traffic direction.

$2: VLAN ID.

Severity level

3

Example

PFILTER/3/PFILTER_VLAN_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction of VLAN 1. The resources are insufficient.

Explanation

The system failed to apply or refresh the MAC default action for a VLAN because of insufficient hardware resources.

Recommended action

Use the display qos-acl resource command to check the hardware resource usage.

 

PFILTER_VLAN_MAC_DACT_UNK_ERR

Message text

Failed to apply or refresh the MAC default action to the [STRING] direction of VLAN [UINT16].

Variable fields

$1: Traffic direction.

$2: VLAN ID.

Severity level

3

Example

PFILTER/3/PFILTER_VLAN_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction of VLAN 1.

Explanation

The system failed to apply or refresh the MAC default action for a VLAN because of unknown errors.

Recommended action

None.

 

PFILTER_VLAN_NO_RES

Message text

Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.

Variable fields

$1: ACL type.

$2: ACL number.

$3: Rule ID.

$4: Traffic direction.

$5: VLAN ID.

Severity level

3

Example

PFILTER/3/PFILTER_VLAN_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of VLAN 1. The resources are insufficient.

Explanation

The system failed to apply or refresh an ACL rule to a VLAN because of insufficient hardware resources.

Recommended action

Use the display qos-acl resource command to check the hardware resource usage.

 

PFILTER_VLAN_NOT_SUPPORT

Message text

Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. The ACL is not supported.

Variable fields

$1: ACL type.

$2: ACL number.

$3: Rule ID.

$4: Traffic direction.

$5: VLAN ID.

Severity level

3

Example

PFILTER/3/PFILTER_VLAN_NOT_SUPPORT: Failed to apply or refresh ACL 2000 rule 1 to the inbound direction of VLAN 1. The ACL is not supported.

Explanation

The system failed to apply or refresh an ACL rule to a VLAN because the ACL rule is not supported.

Recommended action

Delete unsupported content from the ACL rule.

 

PFILTER_VLAN_UNK_ERR

Message text

Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16].

Variable fields

$1: ACL type.

$2: ACL number.

$3: Rule ID.

$4: Traffic direction.

$5: VLAN ID.

Severity level

3

Example

PFILTER/3/PFILTER_VLAN_UNK_ERR: Failed to apply or refresh ACL 2000 rule 1 to the inbound direction of VLAN 1.

Explanation

The system failed to apply or refresh an ACL rule to a VLAN because of unknown errors.

Recommended action

None.

 

PIM messages

This section contains PIM messages.

PIM_MEM_ALERT

Message text

PIM Process receive system memory alert [STRING] event.

Variable fields

$1: Event type of the memory alert.

Severity level

5

Example

PIM/5/PIM_MEM_ALERT: PIM Process receive system memory alert start event.

Explanation

When the memory changed, the PIM module received a memory alert event.

Recommended action

Check the system memory.

 

PIM_NBR_DOWN

Message text

[STRING]: Neighbor [STRING] ([STRING]) is down.

Variable fields

$1: VPN instance name enclosed in parentheses (()). If the PIM neighbor belongs to the public network, this field is not displayed.

Public network or VPN instance.

$2: IP address of the neighbor.

$3: Interface name.

Severity level

5

Example

PIM/5/PIM_NBR_DOWN: Neighbor 10.1.1.1(Vlan-interface10) is down.

Explanation

The PIM neighbor went down.

Recommended action

Check the PIM configuration and network status.

 

PIM_NBR_UP

Message text

[STRING]: Neighbor [STRING] ([STRING]) is up.

Variable fields

$1: VPN instance name enclosed in parentheses (()). If the PIM neighbor belongs to the public network, this field is not displayed.

$2: IP address of the neighbor.

$3: Interface name.

Severity level

5

Example

PIM/5/PIM_NBR_UP: Neighbor 10.1.1.1(Vlan-interface10) is up.

Explanation

The PIM neighbor came up.

Recommended action

No action is required.

 

PING messages

This section contains ping messages.

PING_STATIS_INFO

Message text

[STRING] [STRING] statistics: [UINT32] packet(s) transmitted, [UINT32] packet(s) received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms.

Variable fields

$1: IP address, IPv6 address, or host name for the destination.

$2: Ping or ping6.

$3: Number of echo requests sent.

$4: Number of echo replies received.

$5: Percentage of the non-replied packets to the total request packets.

$6: Minimum round-trip delay.

$7: Average round-trip delay.

$8: Maximum round-trip delay.

$9: Standard deviation round-trip delay.

Severity level

6

Example

PING/6/PING_STATIS_INFO: 192.168.0.115 ping statistics: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms.

Explanation

Statistics for a ping operation.

Recommended action

If there is no packet received, identify whether the interface is down.

 

PING_VPN_STATIS_INFO

Message text

[STRING] in VPN-instance [STRING] [STRING] statistics: [UINT32] packet(s) transmitted, [UINT32] packet(s) received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms.

Variable fields

$1: IP address, IPv6 address, or host name for the destination.

$2: VPN instance name.

$3: ping or ping6.

$4: Number of echo requests sent.

$5: Number of echo replies received.

$6: Percentage of the non-replied packets to the total request packets.

$7: Minimum round-trip delay.

$8: Average round-trip delay.

$9: Maximum round-trip delay.

$10: Standard deviation round-trip delay.

Severity level

6

Example

PING/6/PING_VPN_STATIS_INFO: 192.168.0.115 in VPN-instance VPNA ping statistics: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms.

Explanation

Statistics for a ping operation.

Recommended action

If there is no packet received, identify whether the interface is down.

 

PKI messages

This section contains PKI messages.

REQUEST_CERT_FAIL

Message text

Failed to request certificate of domain [STRING].

Variable fields

$1: PKI domain name

Severity level

5

Example

PKI/5/REQUEST_CERT_FAIL: Failed to request certificate of domain abc.

Explanation

Failed to request certificate for a domain.

Recommended action

Check the configuration of the device and CA server, and the network between them.

 

REQUEST_CERT_SUCCESS

Message text

Request certificate of domain [STRING] successfully.

Variable fields

$1: PKI domain name

Severity level

5

Example

PKI/5/REQUEST_CERT_SUCCESS: Request certificate of domain abc successfully.

Explanation

Successfully requested certificate for a domain.

Recommended action

No action is required.

 

PKT2CPU messages

This section contains PKT2CPU messages.

PKT2CPU_NO_RESOURCE

Message text

-Interface=[STRING]-ProtocolType=[UINT32]-MacAddr=[STRING]; The resources is insufficient.

-Interface=[STRING]-ProtocolType=[UINT32]-SrcPort=[UINT32]-DstPort=[UINT32]; The resources is insufficient.

Variable fields

$1: Interface type and number.

$2: Protocol type.

$3: MAC address or source port.

$4: Destination port.

Severity level

4

Example

PKT2CPU/4/PKT2CPU_NO_RESOURCE: -Interface=GigabitEthernet1/0/2-ProtocolType=21-MacAddr=0180-c200-0014; The resources is insufficient.

Explanation

Hardware resources were insufficient.

Recommended action

Remove the configuration.

 

PORTSEC messages

This section contains port security messages.

PORTSEC_ACL_FAILURE

Message text

-IfName=[STRING]-MACAddr=[STRING]; ACL authorization failed because [STRING].

Variable fields

$1: Interface type and number.

$2: MAC address.

$3: Cause of failure:

¡     the specified ACL didn't exist.

¡     this type of ACL is not supported.

¡     hardware resources were insufficient.

¡     the specified ACL conflicted with other ACLs applied to the interface.

¡     the specified ACL didn't contain any rules.

Severity level

5

Example

PORTSEC/5/PORTSEC_ACL_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; ACL authorization failed because the specified ACL didn't exist.

Explanation

ACL authorization failed.

Recommended action

Handle the issue according to the failure cause.

 

PORTSEC_LEARNED_MACADDR

Message text

-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]; A new MAC address was learned.

Variable fields

$1: Interface type and number.

$2: MAC address.

$3: VLAN ID.

Severity level

6

Example

PORTSEC/6/PORTSEC_LEARNED_MACADDR:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444; A new MAC address was learned.

Explanation

A new secure MAC address was learned on the interface.

Recommended action

No action is required.

 

PORTSEC_NTK_NOT_EFFECTIVE

Message text

The NeedToKnow feature is configured but is not effective on interface [STRING].

Variable fields

$1: Interface type and number.

Severity level

3

Example

PORTSEC/3/PORTSEC_NTK_NOT_EFFECTIVE: The NeedToKnow feature is configured but is not effective on interface GigabitEthernet3/1/2.

Explanation

The NeedToKnow mode does not take effect on an interface, because the interface does not support the NeedToKnow mode.

Recommended action

Remove the issue depending on the network requirements:

1.     If the NeedToKnow feature is not required, disable the NeedToKnow feature on the interface.

2.     If the NeedToKnow feature is required, reconnect the connected devices to another interface that supports the NeedToKnow mode. Then, configure the NeedToKnow mode on the new interface.

3.     If the problem persists, contact H3C Support.

 

PORTSEC_PORTMODE_NOT_EFFECTIVE

Message text

The port-security mode is configured but is not effective on interface [STRING].

Variable fields

$1: Interface name.

Severity level

3

Example

PORTSEC/3/PORTSEC_PORTMODE_NOT_EFFECTIVE: The port-security mode is configured but is not effective on interface GigabitEthernet3/1/2.

Explanation

The port security mode does not take effect on an interface, because the interface does not support this mode.

Recommended action

Change the port security mode or disable the port security feature on the interface.

 

PORTSEC_PROFILE_FAILURE

Message text

-IfName=[STRING]-MACAddr=[STRING]; Failed to assign a user profile to driver.

Variable fields

$1: Interface type and number.

$2: MAC address.

Severity level

5

Example

PORTSEC/5/PORTSEC_PROFILE_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; Failed to assign a user profile to driver.

Explanation

The device failed to assign a user profile to the driver.

Recommended action

No action is required.

 

PORTSEC_VIOLATION

Message text

-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-IfStatus=[STRING]; Intrusion protection was triggered.

Variable fields

$1: Interface type and number.

$2: MAC address.

$3: VLAN ID.

$4: Interface status.

Severity level

5

Example

PORTSEC/5/PORTSEC_VIOLATION:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-IfStatus=Up; Intrusion protection was triggered.

Explanation

Intrusion protection was triggered.

Recommended action

·     Check the authentication and port security configuration.

·     Change the port security mode.

 

PPP messages

This section contains PPP messages.

IPPOOL_ADDRESS_EXHAUSTED

Message text

The address pool [STRING] is exhausted.

Variable fields

$1: Pool name.

Severity level

5

Example

PPP/5/IPPOOL_ADDRESS_EXHAUSTED: The address pool aaa is exhausted.

Explanation

This message is generated when the last address is assigned from the pool.

Recommended action

1.     Add addresses to the pool.

2.     If the problem persists, contact H3C Support.

 

PWDCTL messages

This section contains password control messages.

ADDBLACKLIST

Message text

[STRING] was added to the blacklist for failed login attempts.

Variable fields

$1: Username.

Severity level

6

Example

PWDCTL/6/ADDBLACKLIST: hhh was added to the blacklist for failed login attempts.

Explanation

A user was added to the password control blacklist because of a login failure caused by a wrong password.

Recommended action

No action is required.

 

CHANGEPASSWORD

Message text

[STRING] changed the password because [STRING].

Variable fields

$1: Username.

$2: Reasons for changing the password.

¡     Because it is the first login of the account.

¡     Because the password had expired.

¡     Because the password was too short.

¡     Because the password was not complex enough.

Severity level

6

Example

PWDCTL/6/CNAHGEPASSWORD: hhh changed the password because first login.

Explanation

The user changed the password for some reason, for example, for the first login.

Recommended action

No action is required.

 

FAILEDTOWRITEPWD

Message text

Failed to write the password records to file.

Variable fields

N/A

Severity level

6

Example

PWDCTL/6/FAILEDTOWRITEPWD: Failed to write the password records to file.

Explanation

The device failed to write a password to a file.

Recommended action

1.     Check the file system of the device for memory space insufficiency.

2.     If the problem persists, contact H3C Support.

 

QoS messages

This section contains QoS messages.

QOS_CBWFQ_REMOVED

Message text

CBWFQ is removed from [STRING].

Variable fields

$1: Interface name.

Severity level

3

Example

QOS/3/QOS_CBWFQ_REMOVED: CBWFQ is removed from GigabitEthernet4/0/1.

Explanation

CBWFQ was removed from an interface because the maximum bandwidth or speed configured on the interface was below the bandwidth or speed required for CBWFQ.

Recommended action

Increase the bandwidth or speed and apply the removed CBWFQ again.

 

QOS_POLICY_APPLYCOPP_CBFAIL

Message text

Failed to apply classifier-behavior [STRING] in policy [STRING] to the  [STRING] direction of control plane slot [UINT32]. [STRING].

Variable fields

$1: Name of a classifier-behavior association.

$2: Policy name.

$3: Traffic direction.

$4: Slot number.

$5: Cause.

Severity level

4

Example

QOS/4/QOS_POLICY_APPLYCOPP_CBFAIL: Failed to apply classifier-behavior d in policy b to the inbound direction of control plane slot 3. No actions in behavior.

Explanation

The system failed to perform one of the following actions:

·     Apply a classifier-behavior association to a specific direction of a control plane.

·     Update a classifier-behavior association applied to a specific direction of a control plane.

Recommended action

Configure actions for the behavior.

 

QOS_POLICY_APPLYCOPP_FAIL

Message text

Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING].

Variable fields

$1: Policy name.

$2: Traffic direction.

$3: Slot number.

$4: Cause.

Severity level

4

Example

QOS/4/QOS_POLICY_APPLYCOPP_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of control plane slot 3. Not supported by hardware.

Explanation

The system failed to perform one of the following actions:

·     Apply a QoS policy to a specific direction of a control plane.

·     Update a QoS policy applied to a specific direction of a control plane.

Recommended action

Modify the contents of the QoS policy.

 

QOS_POLICY_APPLYGLOBAL_CBFAIL

Message text

Failed to apply classifier-behavior [STRING] in policy [STRING] to the  [STRING] direction globally. [STRING].

Variable fields

$1: Name of a classifier-behavior association.

$2: Policy name.

$3: Traffic direction.

$4: Cause.

Severity level

4

Example

QOS/4/QOS_POLICY_APPLYGLOBAL_CBFAIL: Failed to apply classifier-behavior a in policy b to the outbound direction globally. No actions in behavior.

Explanation

The system failed to perform one of the following actions:

·     Apply a classifier-behavior association to a specific direction globally.

·     Update a classifier-behavior association applied to a specific direction globally.

Recommended action

Configure actions for the behavior.

 

QOS_POLICY_APPLYGLOBAL_FAIL

Message text

Failed to apply or refresh QoS policy [STRING] to the [STRING] direction globally. [STRING].

Variable fields

$1: Policy name.

$2: Traffic direction.

$3: Cause.

Severity level

4

Example

QOS/4/ QOS_POLICY_APPLYGLOBAL_FAIL: Failed to apply or refresh QoS policy b to the inbound direction globally. Not supported by hardware.

Explanation

The system failed to perform one of the following actions:

·     Apply a QoS policy to a specific direction globally.

·     Update a QoS policy applied to a specific direction globally.

Recommended action

Modify the contents of the QoS policy.

 

QOS_POLICY_APPLYIF_CBFAIL

Message text

Failed to apply classifier-behavior [STRING] in policy [STRING] to the  [STRING] direction of interface [STRING]. [STRING].

Variable fields

$1: Name of a classifier-behavior association.

$2: Policy name.

$3: Traffic direction.

$4: Interface name.

$5: Cause.

Severity level

4

Example

QOS/4/QOS_POLICY_APPLYIF_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of interface GigabitEthernet1/0/2. No actions in behavior.

Explanation

The system failed to perform one of the following actions:

·     Apply a classifier-behavior association to a specific direction of an interface.

·     Update a classifier-behavior association applied to a specific direction of an interface.

Recommended action

Configure actions for the behavior.

 

QOS_POLICY_APPLYIF_FAIL

Message text

Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of interface [STRING]. [STRING].

Variable fields

$1: Policy name.

$2: Traffic direction.

$3: Interface name.

$4: Cause.

Severity level

4

Example

QOS/4/QOS_POLICY_APPLYIF_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of interface GigabitEthernet1/0/2. Not supported by hardware.

Explanation

The system failed to perform one of the following actions:

·     Apply a QoS policy to a specific direction of an interface.

·     Update a QoS policy applied to a specific direction of an interface.

Recommended action

Modify the contents of the QoS policy.

 

QOS_POLICY_APPLYVLAN_CBFAIL

Message text

Failed to apply classifier-behavior [STRING] in policy [STRING] to the  [STRING] direction of VLAN [UINT32]. [STRING].

Variable fields

$1: Name of a classifier-behavior association.

$2: Policy name.

$3: Traffic direction.

$4: VLAN ID.

$5: Cause.

Severity level

4

Example

QOS/4QOS_POLICY_APPLYVLAN_CBFAIL: Failed to apply  classifier-behavior b in policy b to the inbound direction of VLAN 2. No actions in behavior.

Explanation

The system failed to perform one of the following actions:

·     Apply a classifier-behavior association to a specific direction of a VLAN.

·     Update a classifier-behavior association applied to a specific direction of a VLAN.

Recommended action

Configure actions for the behavior.

 

QOS_POLICY_APPLYVLAN_FAIL

Message text

Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING].

Variable fields

$1: Policy name.

$2: Traffic direction.

$3: VLAN ID.

$4: Cause.

Severity level

4

Example

QOS/4/QOS_POLICY_APPLYVLAN_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of VLAN 2. Not supported by hardware.

Explanation

The system failed to perform one of the following actions:

·     Apply a QoS policy to a specific direction of a VLAN.

·     Update a QoS policy applied to a specific direction of a VLAN.

Recommended action

Modify the contents of the QoS policy.

 

QOS_NOT_ENOUGH_BANDWIDTH

Message text

Policy [STRING] requested bandwidth [UINT32](kbps). Only [UINT32](kbps) is available on [STRING].

Variable fields

$1: Policy name.

$2: Required bandwidth for CBWFQ.

$3: Available bandwidth on an interface.

$4: Interface name.

Severity level

3

Example

QOS/3/QOS_NOT_ENOUGH_BANDWIDTH: Policy d requested bandwidth 10000(kbps). Only 80(kbps) is available on GigabitEthernet4/0/1.

Explanation

Configuring CBWFQ on an interface failed because the maximum bandwidth on the interface was less than the bandwidth required for CBWFQ.

Recommended action

Increase the maximum bandwidth configured for the interface or set lower bandwidth required for CBWFQ.

 

RADIUS messages

This section contains RADIUS messages.

RADIUS_AUTH_FAILURE

Message text

User [STRING] from [STRING] failed authentication.

Variable fields

$1: Username.

$2: IP address.

Severity level

5

Example

RADIUS/5/RADIUS_AUTH_FAILURE: User abc@system from 192.168.0.22 failed authentication.

Explanation

An authentication request was rejected by the RADIUS server.

Recommended action

No action is required.

 

RADIUS_AUTH_SUCCESS

Message text

User [STRING] from [STRING] was authenticated successfully.

Variable fields

$1: Username.

$2: IP address.

Severity level

6

Example

RADIUS/6/RADIUS_AUTH_SUCCESS: User abc@system from 192.168.0.22 was authenticated successfully.

Explanation

An authentication request was accepted by the RADIUS server.

Recommended action

No action is required.

 

RADIUS_DELETE_HOST_FAIL

Message text

Failed to delete servers in scheme [STRING].

Variable fields

$1: Scheme name.

Severity level

4

Example

RADIUS/4/RADIUS_DELETE_HOST_FAIL: Failed to delete servers in scheme abc.

Explanation

Failed to delete servers from a RADIUS scheme.

Recommended action

No action is required.

 

RIP messages

This section contains RIP messages.

RIP_MEM_ALERT

Message text

RIP Process receive system memory alert  [STRING] event.

Variable fields

$1: Type of the memory alarm.

Severity level

5

Example

RIP/5/RIP_MEM_ALERT: RIP Process receive system memory alert start event.

Explanation

RIP received a memory alarm.

Recommended action

Check the system memory.

 

RIP_RT_LMT

Message text

RIP [UINT32] Route limit reached

Variable fields

$1: Process ID.

Severity level

6

Example

RIP/6/RIP_RT_LMT: RIP 1 Route limit reached.

Explanation

The number of routes of a RIP process reached the upper limit.

Recommended action

1.     Check for network attacks.

2.     Reduce the number of routes.

 

RIPNG messages

This section contains RIPng messages.

RIPNG_MEM_ALERT

Message text

RIPNG Process receive system memory alert  [STRING] event.

Variable fields

$1: Type of the memory alarm.

Severity level

5

Example

RIPNG/5/RIPNG_MEM_ALERT: RIPNG Process receive system memory alert start event.

Explanation

RIPng received a memory alarm.

Recommended action

Check the system memory.

 

RIPNG_RT_LMT

Message text

RIPng [UINT32] Route limit reached

Variable fields

$1: Process ID

Severity level

6

Example

RIPNG/6/RIPNG_RT_LMT: RIPng 1 Route limit reached.

Explanation

The number of routes of a RIPng process reached the upper limit.

Recommended action

1.     Check for network attacks.

2.     Reduce the number of routes.

 

RM messages

This section contains RM messages.

RM_ACRT_REACH_LIMIT

Message text

Max active [STRING] routes [UINT32] reached in URT of [STRING]

Variable fields

$1: IPv4 or IPv6.

$2: Maximum number of active routes.

$3: VPN instance name.

Severity level

4

Example

RM/4/RM_ACRT_REACH_LIMIT: Max active IPv4 routes 100000 reached in URT of VPN1

Explanation

The number of active routes reached the upper limit in the unicast routing table of a VPN instance.

Recommended action

Remove unused active routes.

 

RM_ACRT_REACH_THRESVALUE

Message text

Threshold value [UINT32] of max active [STRING] routes reached in URT of [STRING]

Variable fields

$1: Threshold of the maximum number of active routes in percentage.

$2: IPv4 or IPv6.

$3: VPN instance name.

Severity level

4

Example

RM/4/RM_ACRT_REACH_THRESVALUE: Threshold value 50% of max active IPv4 routes reached in URT of vpn1

Explanation

The percentage of the maximum number of active routes was reached in the unicast routing table of a VPN instance.

Recommended action

Modify the threshold value or the route limit configuration.

 

RM_THRESHLD_VALUE_REACH

Message text

Threshold value [UINT32] of active [STRING] routes reached in URT of [STRING]

Variable fields

$1: Maximum number of active routes.

$2: IPv4 or IPv6.

$3: VPN instance name.

Severity level

4

Example

RM/4/RM_THRESHLD_VALUE_REACH: Threshold value 10000 of active IPv4 routes reached in URT of vpn1

Explanation

The number of active routes reached the threshold in the unicast routing table of a VPN instance.

Recommended action

Modify the route limit configuration.

 

SCM messages

This section contains SCM messages.

JOBINFO

Message text

The service [STRING] is[STRING]...

Variable fields

$1: Service name.

$2: State of the service.

Severity level

6

Example

SCM/6/JOBINFO: The service DEV is starting...

Explanation

The system is starting, or a user is managing the service.

Recommended action

No action is required.

 

RECV_DUPLICATEEVENT

Message text

The service [STRING] receives a duplicate event in status [STRING], ignore it.

Variable fields

$1: Service name.

$2: Service state.

Severity level

5

Example

The service DEV set status stopping (Must be starting), Ignore.

Explanation

A service received a duplicate event in the same state.

Recommended action

No action is required.

 

SERVICE_RESTART

Message text

Standby service [STRING] in [STRING] failed to become the active service and restarted because of incomplete synchronization.

Variable fields

$1: Service name.

$2: Card location.

Severity level

4

Example

SCM/4/SERVICE_RESTART: Standby service ospf in slot 0 failed to become the active service and restarted because of incomplete synchronization.

Explanation

The active service abnormally stopped when the standby service did not complete synchronization to the active service.

Recommended action

No action is required.

 

SERVICE_STATEERROR

Message text

The service [STRING] receives an error event in status [STRING], drop it.

Variable fields

$1: Service name.

$2: Service state.

Severity level

5

Example

SCM/5/SERVICE_STATEERROR: The service DEV receives an error event in status starting, drop it.

Explanation

A service received an error event in a specific state.

Recommended action

No action is required.

 

SERVICE_STATUSFAILED

Message text

The service %s status failed : no response!

Variable fields

$1: Service name.

Severity level

5

Example

SCM/5/SERVICE_STATUSFAILED: The service DEV status failed : no response!

Explanation

A service failed.

Recommended action

No action is required.

 

SET_WRONGSTATUS

Message text

The service [STRING] set status [STRING] (Must be [STRING]), Ignore.

Variable fields

$1: Service name.

$2: Service state.

$3: Service state.

Severity level

5

Example

SCM/5/SET_WRONGSTATUS: The service DEV receives a duplicate event in status starting, ignore it.

Explanation

A service received an event in an incorrect state.

Recommended action

No action is required.

 

SCRLSP messages

This section contains static CRLSP messages.

SCRLSP_LABEL_DUPLICATE

Message text

Incoming label [INT32] for static CRLSP [STRING] is duplicate.

Variable fields

$1: Incoming label value.

$2: Static CRLSP name.

Severity level

4

Example

SCRLSP/4/SCRLSP_LABEL_DUPLICATE: Incoming label 1024 for static CRLSP aaa is duplicate.

Explanation

The incoming label of a static CRLSP was used by a static PW or by a static LSP. This message is generated when one of the following occurs:

·     When MPLS is enabled, configure a static CRLSP with the same incoming label as an existing static PW or static LSP.

·     Enable MPLS when a static CRLSP has the same incoming label as an existing static PW or static LSP.

Recommended action

Remove this static CRLSP, and reconfigure it with another incoming label.

 

SFLOW messages

This section contains sFlow messages.

SFLOW_HARDWARE_ERROR

Message text

Failed to [STRING] on interface [STRING] due to [STRING].

Variable fields

$1: Configuration item: update sampling mode

$2: Interface name.

$3: Failure reason: not supported operation

Severity level

4

Example

SFLOW/4/SFLOW_HARDWARE_ERROR: Failed to update sampling mode on interface GigabitEthernet1/0/1 due to not supported operation.

Explanation

The configuration failed because the device does not support the fixed flow sampling mode.

Recommended action

Specify the random flow sampling mode.

 

SHELL messages

This section contains shell messages.

SHELL_CMD

Message text

-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command is [STRING]

Variable fields

$1: Line name. If there is not a line name, '**' is displayed.

$2: IP address. If there is not an IP address, '**' is displayed.

$3: Username. If there is not a username, '**' is displayed.

$4: Command string.

Severity level

6

Example

SHELL/6/SHELL_CMD: -Line=aux0-IPAddr=**-User=**; Command is quit

Explanation

A command was executed successfully.

Recommended action

No action is required.

 

SHELL_CMD_CONFIRM

Message text

Confirm option of command [STRING] is [STRING].

Variable fields

$1: Command string.

$4: Confirm option:

·     yes—The user confirmed the operation.

·     no—The user denied the operation.

·     timeout—The user did not confirm or deny the operation before the timeout timer expired.

·     cancel—The user pressed Ctrl+C to abort the operation.

Severity level

6

Example

SHELL/6/SHELL_CMD_CONFIRM: Confirm option of command save is no.

Explanation

This message indicates the confirmation option that the user selected for the command.

Recommended action

No action is required.

 

SHELL_CMD_EXECUTEFAIL

Message text

-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be executed.

Variable fields

$1: Username.

$2: IP address.

$3: Command string.

$4: Command view.

Severity level

4

Example

SHELL/4/SHELL_CMD_EXECUTEFAIL: -User=**-IPAddr=192.168.62.138; Command description 10 in view system failed to be executed.

Explanation

The command failed to be executed.

Recommended action

1.     Verify that the command does not conflict with a configured feature.

2.     If the problem persists, contact H3C Support.

 

SHELL_CMD_INPUT

Message text

Input string for the [STRING] command is [STRING].

Variable fields

$1: Command string.

$2: Input string.

Severity level

6

Example

SHELL/6/SHELL_CMD_INPUT: Input string for the save command is startup.cfg.

SHELL/6/SHELL_CMD_INPUT: Input string for the save command is CTRL_C.

SHELL/6/SHELL_CMD_INPUT: Input string for the save command is the Enter key.

Explanation

An interactive command was executed and the user interacted with the command.

Recommended action

No action is required.

 

SHELL_CMD_INPUT_TIMEOUT

Message text

Operation timed out: Getting input for the [STRING] command.

Variable fields

$1: Command string.

Severity level

6

Example

SHELL/6/SHELL_CMD_INPUT_TIMEOUT: Operation timed out: Getting input for the fdisk command.

Explanation

An interactive command was executed but the user did not interact with the command before timeout timer expired.

Recommended action

No action is required.

 

SHELL_CMD_MATCHFAIL

Message text

-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be matched.

Variable fields

$1: Username.

$2: IP address.

$3: Command string.

$4: Command view.

Severity level

4

Example

SHELL/4/SHELL_CMD_MATCHFAIL: -User=**-IPAddr=192.168.62.138; Command description 10 in view system failed to be matched.

Explanation

The command string has errors, or the view does not support the command.

Recommended action

1.     Check whether the view supports the command.

2.     Verify that you enter the correct command string.

3.     If the problem persists, contact H3C Support.

 

SHELL_CMDDENY

Message text

-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command [STRING] is permission denied.

Variable fields

$1: Line name. If there is not a line name, '**' is displayed.

$2: IP address. If there is not an IP address, '**' is displayed.

$3: Username. If there is not a username, '**' is displayed.

$4: Command string.

Severity level

5

Example

SHELL/5/SHELL_CMDDENY: -Line=vty0-IPAddr=192.168.62.138-User=**; Command vlan 10 is permission denied.

Explanation

A command was not executed because the user did not have the right to use the command.

Recommended action

No action is required.

 

SHELL_CMDFAIL

Message text

Command [STRING] fails to recover configuration.

Variable fields

$1: Command string.

Severity level

6

Example

SHELL/6/SHELL_CMDFAIL: Command display this fails to recover configuration.

Explanation

The configuration restore operation failed.

Recommended action

No action is required.

 

SHELL_CRITICAL_CMDFAIL

Message text

 -User=[STRING]-IPAddr=[STRING]; Command is [STRING] .

Variable fields

$1: Username.

$2: IP address.

$3: Command string.

Severity level

6

Example

SHELL/6/SHELL_CRITICAL_CMDFAIL: -User=admin-IPAddr=169.254.0.7; Command is save.

Explanation

A command failed to be executed or was canceled.

Recommended action

No action is required.

 

SHELL_LOGIN

Message text

[STRING] login from [STRING].

Variable fields

$1: Username.

$2: Line name.

Severity level

5

Example

SHELL/5/SHELL_LOGIN: Console logged in from console0.

Explanation

A user logged in.

Recommended action

No action is required.

 

SHELL_LOGOUT

Message text

[STRING] logout from [STRING].

Variable fields

$1: Username.

$2: Line name.

Severity level

5

Example

SHELL/5/SHELL_LOGOUT: Console logged out from console0.

Explanation

A user logged out.

Recommended action

No action is required.

 

SLSP messages

This section contains static LSP messages.

SLSP_LABEL_DUPLICATE

Message text

Incoming label [INT32] for static LSP [STRING] is duplicate.

Variable fields

$1: Incoming label value.

$2: Static LSP name.

Severity level

4

Example

SLSP/4/SLSP_LABEL_DUPLICATE: Incoming label 1024 for static LSP aaa is duplicate.

Explanation

The incoming label of a static LSP was used by a static PW or by a static CRLSP. This message is generated when one of the following occurs:

·     When MPLS is enabled, configure a static LSP with the same incoming label as an existing static CRLSP or static PW.

·     Enable MPLS when a static LSP has the same incoming label as an existing static CRLSP or static PW.

Recommended action

Remove this static LSP, and reconfigure it with another incoming label.

 

SMLK messages

This section contains Smart Link messages.

SMLK_LINK_SWITCH

Message text

Status of port [STRING] in smart link group [UINT16] changes to active.

Variable fields

$1: Port name.

$2: Smart link group ID.

Severity level

4

Example

SMLK/4/SMLK_LINK_SWITCH: Status of port GigabitEthernet1/0/4 in smart link group 1 changes to active.

Explanation

The port took over to forward traffic after the former primary port failed.

Recommended action

Remove the network faults.

 

SNMP messages

This section contains SNMP messages.

SNMP_ACL_RESTRICTION

Message text

SNMP [STRING] from [STRING] is rejected due to ACL restriction.

Variable fields

$1: SNMP community/usm-user/group.

$2: IP address of the NMS.

Severity level

3

Example

SNMP/3/SNMP_ACL_RESTRICTION: SNMP community public from 192.168.1.100 is rejected due to ACL restrictions.

Explanation

A syslog is printed if SNMP packets are denied because of ACL restrictions.

Recommended action

Check the ACL configuration on the SNMP agent, and check if the agent was attacked.

 

SNMP_GET

Message text

-seqNO=[UINT32]-srcIP=[STRING]-op=GET-node=[STRING]-value=[STRING]; The agent received a message.

Variable fields

$1: Sequence number of an SNMP operation log.

$2: IP address of the NMS.

$3: MIB object name and OID.

$4: Value field of the request packet.

Severity level

6

Example

SNMP/6/SNMP_GET: -seqNO=1-srcIP=192.168.28.28-op=GET-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=; The agent received a message.

Explanation

SNMP received a Get request from an NMS. The system logs SNMP operations only when SNMP logging is enabled.

Recommended action

No action is required.

 

SNMP_NOTIFY

Message text

Notification [STRING] [STRING].

Variable fields

$1: Notification name.

$2: The variable-binding filed of notifications. If no variable-binding exists, the OID becomes a null value.

Severity level

6

Example

SNMP/6/SNMP_NOTIFY: Notification hh3cLogIn(1.3.6.1.4.1.25506.2.2.1.1.3.0.1) with hh3cTerminalUserName(1.3.6.1.4.1.25506.2.2.1.1.2.1.0)=;hh3cTerminalSource(1.3.6.1.4.1.25506.2.2.1.1.2.2.0)=Console.

Explanation

The SNMP agent sent a notification. This message displays the notification content.

Recommended action

No action is required.

 

SNMP_SET

Message text

-seqNO=[UINT32]-srcIP=[STRING]-op=SET-errorIndex=[UINT32]-errorStatus=[STRING]-node=[STRING]-value=[STRING]; The agent received a message.

Variable fields

$1: Sequence number of an SNMP operation log.

$2: IP address of the NMS.

$3: Error index of the Set operation.

$4: Error status of the Set operation.

$5: MIB object name and OID.

$6: Value of the MIB object changed by the Set operation.

Severity level

6

Example

SNMP/6/SNMP_SET: -seqNO=3-srcIP=192.168.28.28-op=SET-errorIndex=0-errorStatus=noError-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=Hangzhou China; The agent received a message.

Explanation

SNMP received a Set request from an NMS. The system logs SNMP operations only when SNMP logging is enabled.

Recommended action

No action is required.

 

SNMP_USM_NOTINTIMEWINDOW

Message text

 -User=[STRING]-IPAddr=[STRING]; SNMPv3 message is not in time window.

Variable fields

$1: Username.

$2: IP address.

Severity level

4

Example

SNMP/4/SNMP_USM_NOTINTIMEWINDOW: -User=admin-IPAddr=169.254.0.7; SNMPv3 message is not in time window.

Explanation

The SNMPv3 message is not in the time window.

Recommended action

No action is required.

 

SNMP_AUTHENTICATION_FAILURE

Message text

Failed to authenticate SNMP message.

Variable fields

N/A

Severity level

4

Example

SNMP/4/SNMP_AUTHENTICATION_FAILURE: Failed to authenticate SNMP message.

Explanation

The SNMP agent failed to authenticate an NMS because the community name or username is not the same on the agent and NMS.

Recommended action

Verify that an NMS and an SNMP agent use the same community name or username. For SNMPv3, the authentication and privacy modes, and authentication and privacy keys must also be the same on the NMS and agent.

 

SPBM messages

This section contains SPBM messages.

SPBM_LICENSE_EXPIRED

Message text

The SPBM feature is being disabled, because its license has expired.

Variable fields

N/A

Severity level

3

Example

SPBM/3/SPBM_LICENSE_EXPIRED: The SPBM feature is being disabled, because its license has expired.

Explanation

The SPBM license has expired.

Recommended action

Install a valid license for SPBM.

 

SPBM_LICENSE_EXPIRED_TIME

Message text

The SPBM feature will be disabled in [ULONG] days.

Variable fields

$1: Available period of the feature.

Severity level

5

Example

SPBM/5/SPBM_LICENSE_EXPIRED_TIME: The SPBM feature will be disabled in 2 days.

Explanation

SPBM will be disabled because the SPBM license has expired. You can use SPBM for 30 days after the license has expired.

Recommended action

Install a new license.

 

SPBM_LICENSE_UNAVAILABLE

Message text

The SPBM feature has no available license.

Variable fields

N/A

Severity level

3

Example

SPBM/3/SPBM_LICENSE_UNAVAILABLE: The SPBM feature has no available license.

Explanation

No license is found for SPBM.

Recommended action

Install a valid license for SPBM.

 

SSHS messages

This section contains SSH server messages.

SSHS_ALGORITHM_MISMATCH

Message text

SSH client [STRING] failed to log in because of [STRING] algorithm mismatch.

Variable fields

$1: IP address of the SSH client.

$2: Type of the algorithm, including encryption, key exchange, MAC, and public key.

Severity level

6

Example

SSHS/6/SSHS_ALGORITHM_MISMATCH: SSH client 192.168.30.117 failed to log in because of encryption algorithm mismatch.

Explanation

The SSH client and the SSH server used different algorithms.

Recommended action

Check that the SSH client and the SSH server use the same algorithm.

 

SSHS_AUTH_EXCEED_RETRY_TIMES

Message text

SSH user [STRING] (IP: [STRING]) failed to log in, because the number of authentication attempts exceeded the upper limit.

Variable fields

$1: User name.

$2: IP address of the SSH client.

Severity level

6

Example

SSHS/6/SSHS_AUTH_EXCEED_RETRY_TIMES: SSH user David (IP: 192.168.30.117) failed to log in, because the number of authentication attempts exceeded the upper limit.

Explanation

The number of authentication attempts by an SSH user reached the upper limit.

Recommended action

Prompt the SSH user to use the correct login data to try again.

 

SSHS_AUTH_FAIL

Message text

SSH user [STRING] (IP: [STRING]) didn't pass public key authentication for [STRING].

Variable fields

$1: Username.

$2: IP address of the SSH client.

$3: Failure reasons:

¡     Wrong public key algorithm.

¡     Wrong public key.

¡     Wrong digital signature.

Severity level

5

Example

SSHS/5/SSHS_AUTH_FAIL: SSH user David (IP: 192.168.30.117) didn't pass public key authentication for wrong public key algorithm.

Explanation

An SSH user failed the publickey authentication.

Recommended action

Tell the SSH user to try to log in again.

 

SSHS_AUTH_TIMEOUT

Message text

Authentication timed out for [IPADDR].

Variable fields

$1: IP address of the SSH client.

Severity level

6

Example

SSHS/6/SSHS_AUTH_TIMEOUT: Authentication timed out for 1.1.1.1.

Explanation

The authentication timeout timer expired, and the SSH user failed the authentication.

Recommended action

Make sure the SSH user enters the correct authentication information before the authentication timeout timer expires.

 

SSHS_CONNECT

Message text

SSH user [STRING] (IP: [STRING]) connected to the server successfully.

Variable fields

$1: Username.

$2: IP address of the SSH client.

Severity level

6

Example

SSHS/6/SSHS_CONNECT: SSH user David (IP: 192.168.30.117) connected to the server successfully.

Explanation

An SSH user logged in to the server successfully.

Recommended action

No action is required.

 

SSHS_DECRYPT_FAIL

Message text

The packet from [STRING] failed to be decrypted with [STRING].

Variable fields

$1: IP address of the SSH client.

$2: Encryption algorithm, such as AES256-CBC.

Severity level

5

Example

SSHS/5/SSHS_DECRYPT_FAIL: The packet from 192.168.30.117 failed to be decrypted with aes256-cbc.

Explanation

A packet from an SSH client failed to be decrypted.

Recommended action

No action is required.

 

SSHS_DISCONNECT

Message text

SSH user [STRING] (IP: [STRING]) disconnected from the server.

Variable fields

$1: Username.

$2: IP address of the SSH client.

Severity level

6

Example

SSHS/6/SSHS_DISCONNECT: SSH user David (IP: 192.168.30.117) disconnected from the server.

Explanation

An SSH user logged out.

Recommended action

No action is required.

 

SSHS_ENCRYPT_FAIL

Message text

The packet to [STRING] failed to be encrypted with [STRING].

Variable fields

$1: IP address of the SSH client.

$2: Encryption algorithm, such as aes256-cbc.

Severity level

5

Example

SSHS/5/SSHS_ENCRYPT_FAIL: The packet to 192.168.30.117 failed to be encrypted with aes256-cbc.

Explanation

A packet to an SSH client failed to be encrypted.

Recommended action

No action is required.

 

SSHS_LOG

Message text

Authentication failed for user [STRING] from [STRING] port [INT32] because of invalid username or wrong password.

Authorization failed for user [STRING] from [STRING] port [INT32].

Variable fields

$1: Username.

$2: IP address of the SSH client.

$3: Port number.

Severity level

6

Example

SSHS/6/SSHS_LOG: Authentication failed for user David from 140.1.1.46 port 16266 because of invalid username or wrong password.

SSHS/6/SSHS_LOG: Authorization failed for user David from 140.1.2.46 port 15000.

Explanation

An SSH user failed password authentication because the username or password was wrong.

Authorization to an SSH user failed.

Recommended action

No action is required.

 

SSHS_MAC_ERROR

Message text

SSH server received a packet with wrong message authentication code (MAC) from [STRING].

Variable fields

$1: IP address of the SSH client.

Severity level

6

Example

SSHS/6/SSHS_MAC_ERROR: SSH server received a packet with wrong message authentication code (MAC) from 192.168.30.117.

Explanation

The SSH server received a packet with a wrong MAC from a client.

Recommended action

No action is required.

 

SSHS_REACH_SESSION_LIMIT

Message text

SSH client [STRING] failed to log in, because the number of SSH sessions reached the upper limit.

Variable fields

$1: IP address of the SSH client.

Severity level

6

Example

SSHS/6/SSHS_REACH_SESSION_LIMIT: SSH client 192.168.30.117 failed to log in, because the number of SSH sessions reached the upper limit.

Explanation

The number of SSH sessions reached the upper limit.

Recommended action

No action is required.

 

SSHS_REACH_USER_LIMIT

Message text

SSH client [STRING] failed to log in, because the number of users reached the upper limit.

Variable fields

$1: IP address of the SSH client.

Severity level

6

Example

SSHS/6/SSHS_REACH_USER_LIMIT: SSH client 192.168.30.117 failed to log in, because the number of users reached the upper limit.

Explanation

The number of SSH users reached the upper limit.

Recommended action

No action is required.

 

SSHS_SCP_OPER

Message text

User [STRING] at [IPADDR] requested operation: [STRING].

Variable fields

$1: Username.

$2: IP address of the SSH client.

$3: Requested file operation:

¡     get file "name"—Downloads the file name.

¡     put file "name"—Uploads the file name.

Severity level

6

Example

SSHS/6/SSHS_SCP_OPER: User user1 at 1.1.1.1 requested operation: put file " flash:/aa".

Explanation

The SCP sever received a file operation request from an SSH client.

Recommended action

No action is required.

 

SSHS_SFTP_OPER

Message text

User [STRING] at [IPADDR] requested operation: [STRING].

Variable fields

$1: Username.

$2: IP address of the SSH client.

$3: Requested operation on a file or directory:

¡     open dir "path"—Opens the directory path.

¡     open "file" (attribute code code) in MODE mode—Opens the file file with the attribute code code in Mode mode.

¡     remove file "path"—Deletes the file path.

¡     mkdir "path" (attribute code code)—Creates a new directory path with the attribute code code.

¡     rmdir "path"Deletes the directory path.

¡     rename old "old-name" to new "new-name"Changes the name of a file or folder from old-name to new-name.

Severity level

6

Example

SSHS/6/SSHS_SFTP_OPER: User user1 at 1.1.1.1 requested operation: open dir "flash:/".

Explanation

The SFTP sever received an operation request from an SSH client.

Recommended action

No action is required.

 

SSHS_SRV_UNAVAILABLE

Message text

The [STRING] server is disabled or the [STRING] service type is not supported.

Variable fields

$1: Service type:

¡     Stelnet.

¡     SCP.

¡     SFTP.

¡     NETCONF.

Severity level

6

Example

SSHS/6/SSHS_SRV_UNAVAILABLE: The SCP server is disabled or the SCP service type is not supported.

Explanation

The Stelnet, SCP, SFTP, or NETCONF over SSH service is not available.

Recommended action

Check the service status or user configuration.

 

SSHS_VERSION_MISMATCH

Message text

SSH client [STRING] failed to log in because of version mismatch.

Variable fields

$1: IP address of the SSH client.

Severity level

6

Example

SSHS/6/SSHS_VERSION_MISMATCH: SSH client 192.168.30.117 failed to log in because of version mismatch.

Explanation

The SSH client and the SSH server used different SSH versions.

Recommended action

Check that the SSH client and the SSH server use the same SSH version.

 

STAMGR messages

This section contains station management messages.

STAMGR_ADDBAC_INFO

Message text

Add BAS AC [STRING].

Variable fields

$1: MAC address of the BAS AC.

Severity level

6

Example

STAMGR/6/STAMGR_ADDBAC_INFO:

Add BAS AC 3ce5-a616-28cd.

Explanation

The BAS AC was connected to the master AC.

Recommended action

No action is required.

 

STAMGR_ADDSTA_INFO

Message text

Add client [STRING].

Variable fields

$1: MAC address of the client.

Severity level

6

Example

STAMGR/6/STAMGR_ADDSTA_INFO:

Add client 3ce5-a616-28cd.

Explanation

The client was connected to the BAS AC.

Recommended action

No action is required.

 

STAMGR_DELBAC_INFO

Message text

Delete BAS AC [STRING].

Variable fields

$1: MAC address of the BAS AC.

Severity level

6

Example

STAMGR/6/STAMGR_DELBAC_INFO:

Delete BAS AC 3ce5-a616-28cd.

Explanation

The BAS AC was disconnected from the master AC.

Recommended action

No action is required.

 

STAMGR_DELSTA_INFO

Message text

Delete client [STRING].

Variable fields

$1: MAC address of the client.

Severity level

6

Example

STAMGR/6/STAMGR_DELSTA_INFO:

Delete client 3ce5-a616-28cd.

Explanation

The client was disconnected from the BAS AC.

Recommended action

No action is required.

 

STAMGR_STAIPCHANGE_INFO

Message text

IP address of client [STRING] changed to [STRING].

Variable fields

$1: MAC address of the client.

$1: New IP address of the client.

Severity level

6

Example

STAMGR/6/STAMGR_STAIPCHANGE_INFO:

IP address of client 3ce5-a616-28cd changed to 4.4.4.4.

Explanation

The IP address of the client was updated.

Recommended action

No action is required.

 

STM messages

This section contains IRF messages.

STM_AUTO_UPDATE

Message text

Slot [UINT32] auto-update failed because [STRING].

Variable fields

$1: Slot ID.

$2: Failure reason.

Severity level

4

Example

STM/4/STM_AUTO_UPDATE: Slot 5 auto-update failed because incompatible software version.

Explanation

Software synchronization from the master failed on a slot.

Recommended action

Upgrade software manually for the device to join the IRF fabric.

 

STM_MEMBERID_CONFLICT

Message text

Self member-id is changed from [UINT32] to [UINT32].

Variable fields

$1: Old member ID.

$2: New member ID.

Severity level

4

Example

STM/4/STM_MEMBERID_CONFLICT: Self member-id changed from 1 to 4.

Explanation

The device's member ID changed.

Recommended action

No action is required.

 

STM_MERGE

Message text

Merge occurs. This IRF need NOT be rebooted.

Variable fields

N/A

Severity level

5

Example

STM/5/STM_MERGE: Merge occurs. This IRF need NOT be rebooted.

Explanation

You do not need to reboot the current IRF fabric for IRF merge, because it was elected the master.

Recommended action

No action is required.

 

STM_MERGE_NEED_REBOOT

Message text

Merge occurs. This IRF need be rebooted.

Variable fields

N/A

Severity level

4

Example

STM/4/STM_MERGE_NEED_REBOOT: Merge occurs. This IRF need be rebooted.

Explanation

You must reboot the current IRF fabric for IRF merge, because it failed in the master election.

Recommended action

No action is required.

 

STM_LINK_RECOVERY

Message text

Merge occurs.

Variable fields

N/A

Severity level

4

Example

STM/4/STM_LINK_RECOVERY: Merge occurs.

Explanation

IRF merge occurred.

Recommended action

No action is required.

 

STM_LINK_STATUS_DOWN

Message text

IRF port [UINT32] is down.

Variable fields

$1: IRF port name.

Severity level

3

Example

STM/3/STM_LINK_STATUS_DOWN: IRF port 2 is down.

Explanation

The IRF port went down. This event occurs when all physical interfaces bound to an IRF port are down.

Recommended action

Check the physical interfaces bound to the IRF port. Make sure at least one member physical interface is up.

 

STM_LINK_STATUS_TIMEOUT

Message text

IRF port [UINT32] is down because heartbeat timed out.

Variable fields

$1: IRF port name.

Severity level

2

Example

STM/2/STM_LINK_STATUS_TIMEOUT: IRF port 1 is down because heartbeat timed out.

Explanation

The IRF port went down because of heartbeat timeout.

Recommended action

Check the IRF link for link failure.

 

STM_LINK_STATUS_UP

Message text

IRF port [UINT32] is up.

Variable fields

$1: IRF port name.

Severity level

6

Example

STM/6/STM_LINK_STATUS_UP: IRF port 1 is up.

Explanation

An IRF port came up.

Recommended action

No action is required.

 

STM_SOMER_CHECK

Message text

Neighbor of IRF port [UINT32] can't be stacked.

Variable fields

$1: IRF port name.

Severity level

3

Example

STM/3/STM_SOMER_CHECK: Neighbor of IRF port 1 can't be stacked.

Explanation

The neighbor connected to the IRF port cannot form an IRF fabric with the device.

Recommended action

1.     Check the following items:

2.     The device models can form an IRF fabric.

3.     The IRF settings are correct. For more information, see the IRF configuration guide for the device.

4.     If the problem persists, contact H3C Support.

 

STP messages

This section contains STP messages.

STP_DISPUTE

Message text

[STRING] [UINT32]'s port [STRING] received an inferior BPDU from a designated port which is in forwarding or learning state.

Variable fields

$1: Instance or VLAN.

$2: Instance ID or VLAN ID.

$3: Interface name.

Severity level

4

Example

STP/4/STP_DISPUTE: Instance 0's port GigabitEthernet1/0/2 received an inferior BPDU from a designated port which is in forwarding or learning state.

Explanation

A port in the MSTI or VLAN received a low-priority BPDU from a designated port in forwarding or learning state.

Recommended action

Verify that the peer port can receive packets from the local port:

1.     Use the display stp abnormal-port command to display information about ports that are blocked by dispute protection.

2.     Verify that the VLAN configurations on the local and peer ports are consistent.

3.     Shut down the link between the two ports and then bring up the link, or connect the local port to another port.

 

STP_LOOPBACK_PROTECTION

Message text

[STRING] [UINT32]'s port [STRING] received its own BPDU.

Variable fields

$1: Instance or VLAN.

$2: Instance ID or VLAN ID.

$3: Interface name.

Severity level

4

Example

STP/4/STP_LOOPBACK_PROTECTION: Instance 0's port GigabitEthernet1/0/2 received its own BPDU.

Explanation

A port in the MSTI or VLAN received a BPDU sent by itself.

Recommended action

Check for forged BPDUs from attackers or loops in the network.

 

SYSEVENT

This section contains system event messages.

EVENT_TIMEOUT

Message text

Module [UINT32]'s processing for event [UINT32] timed out.

Variable fields

$1: Module ID.

$2: Event ID.

Severity level

6

Example

SYSEVENT/6/EVENT_TIMEOUT: -MDC=1; Module 0x1140000's processing for event 0x20000010 timed out.

Explanation

A module's processing for an event timed out.

Recommended action

No action is required.

 

SYSLOG messages

This section contains syslog messages.

SYSLOG_LOGFILE_FULL

Message text

Log file space is full.

Variable fields

N/A

Severity level

4

Example

SYSLOG/4/SYSLOG_LOGFILE_FULL: Log file space is full.

Explanation

The log file space is full.

Recommended action

Back up the log file, delete the original log file, and then bring up interfaces if needed.

 

SYSLOG_RESTART

Message text

System restarted --

[STRING] [STRING] Software.

Variable fields

$1: Company name. Available options include H3C.

$2: Software name. Available options include Comware and Router.

Severity level

6

Example

SYSLOG/6/SYSLOG_RESTART: System restarted --

H3C Comware Software

Explanation

A system restart log was created.

Recommended action

No action is required.

 

TACACS messages

This section contains TACACS messages.

TACACS_AUTH_FAILURE

Message text

User [STRING] from [STRING] failed authentication.

Variable fields

$1: Username.

$2: IP address.

Severity level

5

Example

TACACS/5/TACACS_AUTH_FAILURE: User cwf@system from 192.168.0.22 failed authentication.

Explanation

An authentication request was rejected by the TACACS server.

Recommended action

No action is required.

 

TACACS_AUTH_SUCCESS

Message text

User [STRING] from [STRING] was authenticated successfully.

Variable fields

$1: Username.

$2: IP address.

Severity level

6

Example

TACACS/6/TACACS_AUTH_SUCCESS: User cwf@system from 192.168.0.22 was authenticated successfully.

Explanation

An authentication request was accepted by the TACACS server.

Recommended action

No action is required.

TACACS_DELETE_HOST_FAIL

Message text

Failed to delete servers in scheme [STRING].

Variable fields

$1: Scheme name.

Severity level

4

Example

TACACS/4/TACACS_DELETE_HOST_FAIL: Failed to delete servers in scheme abc.

Explanation

Failed to delete servers from a TACACS scheme.

Recommended action

No action is required.

 

TELNETD messages

This section contains Telnet messages.

TELNETD_REACH_SESSION_LIMIT

Message text

Telnet client [IPADDR] failed to log in. Number of Telnet sessions reached the limit.

Variable fields

$1: IP address of a Telnet client.

Severity level

6

Example

TELNETD/6/TELNETD_REACH_SESSION_LIMIT:Telent client 1.1.1.1 failed to log in. Number of Telnet sessions reached the limit.

Explanation

Number of online Telnet users already reached the limit.

Recommended action

No action is required.

 

TRILL messages

This section contains TRILL messages.

TRILL_DUP_SYSTEMID

Message text

Duplicate system ID [STRING] in [STRING] PDU sourced from RBridge 0x[HEX].

Variable fields

$1: System ID.

$2: PDU type.

$3: Source RBridge's nickname.

Severity level

5

Example

TRILL/5/TRILL_DUP_SYSTEMID: Duplicate system ID 0011.2200.1501 in LSP PDU sourced from RBridge 0xc758.

Explanation

The local RBridge received an LSP or IIH PDU that has the same system ID as the local RBridge. The possible reasons include:

·     The same system ID is assigned to the local RBridge and the remote RBridge.

·     The local RBridge received a self-generated LSP PDU with an old nickname.

Recommended action

Please check the RBridge system IDs on the campus network.

 

TRILL_INTF_CAPABILITY

Message text

The interface [STRING] does not support TRILL.

Variable fields

$1: Interface name.

Severity level

4

Example

TRILL/4/TRILL_INTF_CAPABILITY: The interface GigabitEthernet1/0/3 does not support TRILL.

Explanation

An interface that does not support TRILL was assigned to a link aggregation group.

Recommended action

Remove the interface that does not support TRILL from the link aggregation group.

 

TRILL_INTF ENTERED_SUSPENDED

Message text

Interface [STRING] entered the suspended state.

Variable fields

$1: Interface name.

Severity level

4

Example

TRILL/4/TRILL_INTF_ENTERED_SUSPENDED: Interface Ten-GigabitEthernet1/0/1 entered the suspended state.

Explanation

The RB put a TRILL port to the suspended state. The message is sent in any of the following situations:

·     The TRILL port is on the same broadcast network as a high-priority TRILL port of the RB.

·     Loops exist on the TRILL port.

Recommended action

To resolve the problem, perform the following tasks:

·     Remove redundant TRILL ports of the RB from the broadcast network.

·     Eliminate the loops on the TRILL port.

 

TRILL_INTF EXITED_SUSPENDED

Message text

Interface [STRING] exited the suspended state.

Variable fields

$1: Interface name.

Severity level

4

Example

TRILL/4/TRILL_INTF_EXITED_SUSPENDED: Interface Ten-GigabitEthernet1/0/1 exited the suspended state.

Explanation

A TRILL port exited the suspended state. The message is sent in any of the following situations:

·     Redundant TRILL ports of the RB are removed from the broadcast network that is connected to the TRILL port.

·     Loops are eliminated from the TRILL port.

Recommended action

No action is required.

 

TRILL_LICENSE_UNAVAILABLE

Message text

The TRILL feature has no available license.

Variable fields

N/A

Severity level

3

Example

TRILL/3/TRILL_LICENSE_UNAVAILABLE: The TRILL feature has no available license.

Explanation

No license was found for TRILL when the TRILL process started.

Recommended action

Install a license for TRILL.

 

TRILL_LICENSE_EXPIRED

Message text

The TRILL feature is being disabled, because its license has expired.

Variable fields

N/A

Severity level

3

Example

TRILL/3/TRILL_LICENSE_EXPIRED: The TRILL feature is being disabled, because its license has expired.

Explanation

TRILL is being disabled because its license has expired.

Recommended action

Install a valid license for TRILL.

 

TRILL_LICENSE_EXPIRED_TIME

Message text

The TRILL feature will be disabled in [ULONG] days.

Variable fields

$1: Available period of the feature.

Severity level

5

Example

TRILL/5/TRILL_LICENSE_EXPIRED_TIME: The TRILL feature will be disabled in 2 days.

Explanation

TRILL will be disabled because no TRILL license is available. After an active/standby MPU switchover, you can use TRILL only for 30 days if the new active MPU does not have a TRILL license.

Recommended action

Install a new license.

 

TRILL_MEM_ALERT

Message text

TRILL process receive system memory alert [STRING] event.

Variable fields

$1: Type of the memory alert event.

Severity level

5

Example

TRILL/5/TRILL_MEM_ALERT: TRILL process receive system memory alert start event.

Explanation

TRILL received a memory alert event from the system.

Recommended action

Check the system memory.

 

TRILL_NBR_CHG

Message text

TRILL [UINT32], [STRING] adjacency [STRING] ([STRING]), state change to: [STRING].

Variable fields

$1: TRILL process ID.

$2: Neighbor level.

$3: Neighbor system ID.

$4: Interface name.

$5: Current neighbor state.

Severity level

5

Example

TRILL/5/TRILL_NBR_CHG: TRILL 1, Level-1 adjacency 0011.2200.1501 (GigabitEthernet1/0/3), state change to: down.

Explanation

The state of a TRILL neighbor changed.

Recommended action

When the neighbor state changes to down or initializing, please check the TRILL configuration and network status according to the reason for the neighbor state change.

 

VLAN messages

This section contains VLAN messages.

VLAN_FAILED

Message text

Failed to add interface [STRING] to the default VLAN.

Variable fields

$1: Interface name.

Severity level

4

Example

VLAN/4/VLAN_FAILED: Failed to add interface S-Channel 4/2/0/19:100 to the default VLAN.

Explanation

An S-channel interface was created when hardware resources were insufficient. The S-channel interface failed to be assigned to the default VLAN.

Recommended action

No action is required.

 

VLAN_VLANMAPPING_FAILED

Message text

The configuration failed because of resource insufficiency or conflicts on [STRING].

Variable fields

$1: Interface name.

Severity level

4

Example

VLAN/4/VLAN_VLANMAPPING_FAILED: The configuration failed because of resource insufficiency or conflicts on GigabitEthernet1/0/1.

Explanation

Part of or all VLAN mapping configurations on the interface were lost because of one of the following occurrences:

·     Hardware resources were insufficient for the interface.

·     The interface joined or left a Layer 2 aggregation group.

Recommended action

No action is required.

 

VLAN_VLANTRANSPARENT_FAILED

Message text

The configuration failed because of resource insufficiency or conflicts on [STRING].

Variable fields

$1: Interface name.

Severity level

4

Example

VLAN/4/VLAN_VLANTRANSPARENT_FAILED: The configuration failed because of resource insufficiency or conflicts on GigabitEthernet1/0/1.

Explanation

Part of or all VLAN transparent transmission configurations on the interface were lost because of one of the following occurrences:

·     Hardware resources were insufficient for the interface.

·     The interface joined or left a Layer 2 aggregation group.

Recommended action

No action is required.

 

VRRP messages

This section contains VRRP messages.

VRRP_AUTH_FAILED

Message text

Authentication failed in [STRING] virtual router [UINT32] (configured on [STRING]): [STRING].

Variable fields

$1: VRRP version.

$2: VRRP group number.

$3: Name of the interface where the VRRP group is configured.

$4: Error information details.

Severity level

6

Example

VRRP/6/VRRP_AUTH_FAILED: Authentication failed in IPv4 virtual router 10 (configured on GigabitEthernet1/0/1): authentication type mismatch.

Explanation

A VRRP packet was received, but did not pass the authentication examination.

Recommended action

Check the configuration of the VRRP group on the specified interface. Make sure every router in the VRRP group uses the same authentication mode and authentication key.

 

VRRP_CONFIG_ERROR

Message text

The [STRING] virtual router [UINT32] (configured on [STRING]) detected a VRRP configuration error: [STRING].

Variable fields

$1: VRRP version.

$2: VRRP group number.

$3: Name of the interface where VRRP group is configured.

$4: Error information details.

Severity level

6

Example

VRRP/6/VRRP_CONFIG_ERROR: The IPv4 virtual router 10 (configured on GigabitEthernet1/0/1) detected a VRRP configuration error: VIRTUAL IP ADDRESS COUNT ERROR.

Explanation

The VRRP group configuration was not correct. For example, the virtual IP address count of the VRRP group was not the same on the members.

Recommended action

Check the VRRP group configuration on the specified interface. Make sure every member in the VRRP group uses the same configuration.

 

VRRP_PACKET_ERROR

Message text

The [STRING] virtual router [UINT32] (configured on [STRING]) received an error packet: [STRING].

Variable fields

$1: VRRP version.

$2: VRRP group number.

$3: Interface where the VRRP group is configured.

$4: Error information details.

Severity level

6

Example

VRRP/6/VRRP_PACKET_ERROR: The IPv4 virtual router 10 (configured on GigabitEthernet1/0/1) received an error packet: CKSUM ERROR.

Explanation

The VRRP group received an invalid VRRP packet. For example, the checksum was not correct.

Recommended action

Check the VRRP group configuration on the specified interface.

 

VRRP_STATUS_CHANGE

Message text

The status of [STRING] virtual router [UINT32] (configured on [STRING]) changed from [STRING] to [STRING]: [STRING].

Variable fields

$1: VRRP version.

$2: VRRP group number.

$3: Name of the interface where the VRRP group is configured.

$4: Original status.

$5: Current status.

$6: Reason for status change.

Severity level

6

Example

VRRP/6/VRRP_STATUS_CHANGE: The status of IPv4 virtual router 10 (configured on GigabitEthernet1/0/1) changed (from Backup to Master): Timer expired.

Explanation

The VRRP group status changed because the timer expired.

Recommended action

Check the VRRP group status to make sure it is operating correctly.

 

VRRP_VF_STATUS_CHANGE

Message text

The [STRING] virtual router [UINT32] (configured on [STRING]) virtual forwarder [UINT32] detected status change (from [STRING] to [STRING]): [STRING].

Variable fields

$1: VRRP version.

$2: VRRP group number.

$3: Name of the interface where the VRRP group is configured.

$4: VF ID.

$5: Original status of VF.

$6: Current status of VF.

$7: Reason for the status change.

Severity level

6

Example

VRRP/6/VRRP_VF_STATUS_CHANGE: The IPv4 virtual router 10 (configured on GigabitEthernet5/0/1) virtual forwarder 2 detected status change (from Active to Initialize): Weight changed.

Explanation

The status of the virtual forwarder changed because the weight changed, the timeout timer expired, or VRRP went down.

Recommended action

Check the status of the track entry.

 

VRRP_VMAC_INEFFECTIVE

Message text

The [STRING] virtual router [UINT32] (configured on [STRING]) failed to add virtual MAC: [STRING].

Variable fields

$1: VRRP version.

$2: VRRP group number.

$3: Name of the interface where the VRRP group is configured.

$4: Reason for the error.

Severity level

3

Example

VRRP/3/VRRP_VMAC_INEFFECTIVE: The IPv4 virtual router 10 (configured on GigabitEthernet1/0/1) failed to add virtual MAC: Hardware resources insufficient.

Explanation

The virtual router failed to add a virtual MAC address.

Recommended action

Find out the root cause for the operation failure and fix the problem.

 

VRRP_STATUS_CHANGE

Message text

The status of [STRING] virtual router [UINT32] (configured on [STRING]) changed from [STRING] to [STRING]: [STRING].

Variable fields

$1: VRRP version.

$2: VRRP group number.

$3: Name of the interface where the VRRP group is configured.

$4: Original status.

$5: Current status.

$6: Reason for status change:

·     Interface event received—An interface event was received.

·     IP address deleted—The virtual IP address has been deleted.

·     The status of the tracked object changed—The status of the associated track entry changed.

·     VRRP packet received—A VRRP advertisement was received.

·     Current device has changed to IP address owner—The current device has become the IP address owner.

·     Master-down-timer expired—The master down timer (3 × VRRP advertisement interval + Skew_Time) expired.

·     Zero priority packet received—A VRRP packet containing priority 0 was received.

·     Preempt—Preemption occurred.

·     Master group drove—The state of the master group changed.

Severity level

6

Example

VRRP/6/VRRP_STATUS_CHANGE: The status of IPv4 virtual router 10 (configured on GigabitEthernet1/0/1) changed (from Backup to Master): Master-down-timer expired.

Explanation

The VRRP group status changed because of the following reasons:

·     An interface event was received.

·     The virtual IP address has been deleted.

·     The status of the associated track entry changed.

·     A VRRP advertisement was received.

·     The current device has become the IP address owner.

·     The master down timer (3 × VRRP advertisement interval + Skew_Time) expired.

·     A VRRP packet containing priority 0 was received.

·     Preemption occurred.

·     The state of the master group changed.

Recommended action

Check the VRRP group status to make sure it is operating correctly.

 

VRRP_VF_STATUS_CHANGE

Message text

The [STRING] virtual router [UINT32] (configured on [STRING]) virtual forwarder [UINT32] detected status change (from [STRING] to [STRING]): [STRING].

Variable fields

$1: VRRP version.

$2: VRRP group number.

$3: Name of the interface where the VRRP group is configured.

$4: VF ID.

$5: Original status of VF.

$6: Current status of VF.

$7: Reason for the status change.

Severity level

6

Example

VRRP/6/VRRP_VF_STATUS_CHANGE: The IPv4 virtual router 10 (configured on GigabitEthernet5/1) virtual forwarder 2 detected status change (from Active to Initialize): Weight changed.

Explanation

The status of the virtual forwarder has changed because the weight changed, the timeout timer expired, or VRRP went down.

Recommended action

Check the status of the track entry.

 

VRRP_VMAC_INEFFECTIVE

Message text

The [STRING] virtual router [UINT32] (configured on [STRING]) failed to add virtual MAC: [STRING].

Variable fields

$1: VRRP version.

$2: VRRP group number.

$3: Name of the interface where the VRRP group is configured.

$4: Reason for the error.

Severity level

3

Example

VRRP/3/VRRP_VMAC_INEFFECTIVE: The IPv4 virtual router 10 (configured on GigabitEthernet1/0/1) failed to add virtual MAC: Insufficient hardware resources.

Explanation

The virtual router failed to add a virtual MAC address.

Recommended action

Find out the root cause for the operation failure and fix the problem.

 

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网