H3C Access Controllers System Log Messages Reference(E1053P01)-5W100

Title	Size	Downloads
H3C Access Controllers System Log Messages Reference(E1053P01)-5W100-book.pdf	1.86 MB

Table of Contents

H3C Access Controllers System Log Messages Reference(E1053P01)-5W100

Related Documents

book

Title	Size	Download
book	1.86 MB


H3C Access Controllers System Log Messages Reference

Software version: ESS 1053P01

Document version: 5W100-20230228

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.

The information in this document is subject to change without notice

Contents

Introduction· 1

System log message format 1

Managing and obtaining system log messages· 3

Obtaining log messages from the console terminal 3

Obtaining log messages from a monitor terminal 3

Obtaining log messages from the log buffer 4

Obtaining log messages from the log file· 4

Obtaining log messages from a log host 4

Software module list 4

Using this document 7

ACL_ACCELERATE_NO_RES· 9

ACL_ACCELERATE_NONCONTIGUOUSMASK· 10

ACL_ACCELERATE_NOT_SUPPORT· 10

ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP· 10

ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG·· 11

ACL_ACCELERATE_UNK_ERR· 11

ACL_IPV6_STATIS_INFO·· 11

ACL_NO_MEM·· 12

ACL_STATIS_INFO·· 12

APMGR messages· 12

AP_CREATE_FAILURE· 12

AP_REBOOT_REASON· 13

APMGR_AP_CFG_FAILED·· 13

APMGR_AP_ONLINE· 13

APMGR_GET_AP_MODEL_FAILURE· 14

APMGR_LOG_ADD_AP_FAIL· 14

APMGR_LOG_MEMALERT· 14

APMGR_LOG_NOLICENSE· 15

APMGR_LOG_OFFLINE· 15

APMGR_LOG_ONLINE· 15

APMGR_LOG_ONLINE_FAILED·· 16

APMGR_REACH_MAX_APNUMBER· 16

APMGR_ERROR· 17

CWS_IMG_DOWNLOAD_FAILED·· 17

CWS_AP_DOWN· 18

CWS_AP_UP· 18

CWS_IMG_DOWNLOAD_COMPLETE· 19

CWS_IMG_DOWNLOAD_FAILED·· 19

CWS_IMG_DOWNLOAD_START· 19

CWS_IMG_OPENFILE_FAILED·· 20

CWS_RUN_DOWNLOAD_COMPLETE· 20

CWS_RUN_DOWNLOAD_START· 20

RADIO·· 21

ARP messages· 21

ARP_ACTIVE_ACK_NO_REPLY· 21

ARP_ACTIVE_ACK_NOREQUESTED_REPLY· 22

ARP_BINDRULETOHW_FAILED·· 22

ARP_DETECTION_LOG·· 23

ARP_DUPLICATE_IPADDR_DETECT· 23

ARP_DYNAMIC· 24

ARP_DYNAMIC_IF· 24

ARP_DYNAMIC_SLOT· 25

ARP_ENTRY_CONFLICT· 26

ARP_HOST_IP_CONFLICT· 26

ARP_LOCALPROXY_ENABLE_FAILED·· 27

ARP_RATE_EXCEEDED·· 27

ARP_RATELIMIT_NOTSUPPORT· 28

ARP_SENDER_IP_INVALID·· 28

ARP_SENDER_MAC_INVALID·· 29

ARP_SENDER_SMACCONFLICT· 29

ARP_SENDER_SMACCONFLICT_VSI 30

ARP_SRC_MAC_FOUND_ATTACK· 30

ARP_SUP_ENABLE_FAILED·· 31

ARP_TARGET_IP_INVALID·· 31

ARP_THRESHOLD_REACHED·· 31

ARP_USER_DUPLICATE_IPADDR_DETECT· 32

ARP_USER_MOVE_DETECT· 33

AUDIT_RULE_MATCH_AS_IPV4_LOG (system log) 35

AUDIT_RULE_MATCH_FILE_IPV4_LOG (system log) 36

AUDIT_RULE_MATCH_FORUM_IPV4_LOG (system log) 37

AUDIT_RULE_MATCH_IM_IPV4_LOG (system log) 38

AUDIT_RULE_MATCH_MAIL_IPV4_LOG (system log) 39

AUDIT_RULE_MATCH_OTHER_IPV4_LOG (system log) 40

AUDIT_RULE_MATCH_SEARCH_IPV4_LOG (system log) 41

AUDIT_RULE_MATCH_AS_IPV4_LOG (fast log) 42

AUDIT_RULE_MATCH_FILE_IPV4_LOG (fast log) 43

AUDIT_RULE_MATCH_FORUM_IPV4_LOG (fast log) 44

AUDIT_RULE_MATCH_IM_IPV4_LOG (fast log) 45

AUDIT_RULE_MATCH_MAIL_IPV4_LOG (fast log) 46

AUDIT_RULE_MATCH_OTHER_IPV4_LOG (fast log) 47

AUDIT_RULE_MATCH_SEARCH_IPV4_LOG (fast log) 48

AUDIT_RULE_MATCH_AS_IPV6_LOG (system log) (fast log) 49

AUDIT_RULE_MATCH_FILE_IPV6_LOG (system log) (fast log) 50

AUDIT_RULE_MATCH_FORUM_IPV6_LOG (system log) (fast log) 51

AUDIT_RULE_MATCH_IM_IPV6_LOG (system log) (fast log) 52

AUDIT_RULE_MATCH_MAIL_IPV6_LOG (system log) (fast log) 53

AUDIT_RULE_MATCH_OTHER_IPV6_LOG (system log) (fast log) 54

AUDIT_RULE_MATCH_SEARCH_IPV6_LOG (system log) (fast log) 55

AVC messages· 55

AVC_MATCH_IPV4_LOG·· 56

AVC_MATCH_IPV6_LOG·· 57

AVC_THRESHOLDWARNING_FASTLOGGING_FMT· 58

AVC_THRESHOLDWARNING_FASTLOGGING_IPV6FMT· 59

CFGMAN messages· 60

CFGMAN_CFGCHANGED·· 60

CFGMAN_OPTCOMPLETION· 60

CLCP·· 61

CLCP_CLIENT_LOGIN_FAIL· 62

CLCP_NEAR_EXPIRE· 62

CLCP_RECLAIM·· 63

CLCP_REQUEST_FAIL· 64

CLCP_RECLAIM_ALARM·· 64

CLCP_CLIENT_OFFLINE· 65

DEV messages· 65

AUTOSWITCH_FAULT· 65

AUTOSWITCH_FAULT_REBOOT· 66

BOARD_ALARM_CLEAR· 66

BOARD_ALARM_OCCUR· 67

BOARD_FATALALARM_OCCUR· 67

BOARD_RUNNING_FAULT· 68

BOARD_RUNNING_FAULT_REBOOT· 68

FAN_ALARM_CLEAR· 68

FAN_ALARM_OCCUR· 69

FAN_FATALALARM_CLEAR· 69

FAN_FATALALARM_OCCUR· 70

POWER_ALARM_CLEAR· 70

POWER_ALARM_OCCUR· 71

POWER_WARNING_CLEAR· 71

POWER_WARNING_OCCUR· 72

TEMPERATURE_ALARM_CLEAR· 72

TEMPERATURE_ALARM_OCCUR· 73

VOLTAGE_ALARM_CLEAR· 73

VOLTAGE_ALARM_OCCUR· 74

VOLTAGE_FATALALARM_CLEAR· 75

VOLTAGE_FATALALARM_OCCUR· 76

DHCP·· 76

DHCP_NORESOURCES· 76

DHCP_NOTSUPPORTED·· 77

DHCPR·· 77

DHCPR_SERVERCHANGE· 77

DHCPR_SWITCHMASTER· 77

DHCPS messages· 78

DHCPS_ALLOCATE_IP· 78

DHCPS_CONFLICT_IP· 78

DHCPS_EXTEND_FAILURE· 79

DHCPS_EXTEND_IP· 79

DHCPS_FILE· 79

DHCPS_RECLAIM_IP· 80

DHCPS_UNAVAILABLE_POOL· 80

DHCPS_VERIFY_CLASS· 80

DHCPS6 messages· 80

DHCPS6_ALLOCATE_ADDRESS· 81

DHCPS6_ALLOCATE_PREFIX· 81

DHCPS6_CONFLICT_ADDRESS· 82

DHCPS6_EXTEND_ADDRESS· 82

DHCPS6_EXTEND_ADDRESS_FAILURE· 83

DHCPS6_EXTEND_PREFIX· 83

DHCPS6_EXTEND_PREFIX_FAILURE· 84

DHCPS6_FILE· 84

DHCPS6_RECLAIM_ADDRESS· 84

DHCPS6_RECLAIM_PREFIX· 85

DHCPS6_UNAVAILABLE_POOL· 85

DHCPSP4· 85

DHCPSP4_FILE· 86

DHCPSP4_UNTRUSTED_SERVER· 86

DHCPSP4_DROP_PACKET· 87

DHCPSP6· 87

DHCPSP6_FILE· 88

DHCPSP6_DROP_PACKET· 88

DIAG messages· 88

CORE_EXCEED_THRESHOLD·· 89

CORE_MINOR_RECOVERY· 89

CORE_MINOR_THRESHOLD·· 89

CORE_RECOVERY· 90

CPU_MINOR_RECOVERY· 90

CPU_MINOR_THRESHOLD·· 90

CPU_SEVERE_RECOVERY· 91

CPU_SEVERE_THRESHOLD·· 91

DIAG_FD_UPLIMIT_REACHED·· 91

DIAG_FD_UPLIMIT_TO_REACH· 92

DIAG_STORAGE_BELOW_THRESHOLD·· 92

DIAG_STORAGE_EXCEED_THRESHOLD·· 92

MEM_ALERT· 93

MEM_BELOW_THRESHOLD·· 94

MEM_EXCEED_THRESHOLD·· 94

DIM engine messages· 94

DIM_SIGNATURE_WARNING·· 95

DIM_ACTIVE_WARNING·· 95

DOT1X messages· 95

DOT1X_CONFIG_NOTSUPPORT· 95

DOT1X_LOGIN_FAILURE· 96

DOT1X_LOGIN_SUCC· 96

DOT1X_LOGIN_SUCC (in open mode) 97

DOT1X_LOGOFF· 97

DOT1X_LOGOFF (in open mode) 98

DOT1X_LOGOFF_ABNORMAL· 98

DOT1X_LOGOFF_ABNORMAL (in open mode) 99

DOT1X_MACBINDING_EXIST· 99

DOT1X_NOTENOUGH_EADFREEIP_RES· 100

DOT1X_NOTENOUGH_EADFREEMSEG_RES· 100

DOT1X_NOTENOUGH_EADFREERULE_RES· 100

DOT1X_NOTENOUGH_EADMACREDIR_RES· 101

DOT1X_NOTENOUGH_EADPORTREDIR_RES· 101

DOT1X_NOTENOUGH_ENABLEDOT1X_RES· 101

DOT1X_PEXAGG_NOMEMBER_RES· 102

DOT1X_SMARTON_FAILURE· 102

DOT1X_UNICAST_NOT_EFFECTIVE· 102

FNOTIFY messages· 103

NOTIFY· 103

FS messages· 103

FS_UNFORMATTED_PARTITION· 103

FTP messages· 104

FTP_REACH_SESSION_LIMIT· 104

HOTPLUG messages· 104

HOTPLUG_PORT_PLUGIN· 104

HOTPLUG_PORT_PLUGOUT· 105

HTTPD messages· 105

HTTPD_CONNECT· 105

HTTPD_CONNECT_TIMEOUT· 105

HTTPD_DISCONNECT· 106

HTTPD_FAIL_FOR_ACP· 106

HTTPD_REACH_CONNECT_LIMIT· 106

Identity messages· 107

IDENTITY_AUTO_IMPORT_FINISHED·· 107

IDENTITY_AUTO_IMPORT_START· 107

IDENTITY_CSV_IMPORT_FAILED·· 107

IDENTITY_IMC_IMPORT_FAILED_NO_MEMORY· 108

IDENTITY_LDAP_IMPORT_FAILED_NO_MEMORY· 108

IDENTITY_LDAP_IMPORT_GROUP_FAILED·· 109

IDENTITY_LDAP_IMPORT_USER_FAILED·· 109

IFMON·· 109

BGTRAFFIC_SEND_BEGIN· 110

BGTRAFFIC_SEND_END·· 110

IFNET messages· 110

IF_BUFFER_CONGESTION_OCCURRENCE· 110

IF_BUFFER_CONGESTION_CLEAR· 111

IF_JUMBOFRAME_WARN· 111

INTERFACE_NOTSUPPRESSED·· 112

INTERFACE_SUPPRESSED·· 112

STORM_CONSTRAIN_BELOW·· 114

STORM_CONSTRAIN_CONTROLLED·· 114

STORM_CONSTRAIN_EXCEED·· 115

STORM_CONSTRAIN_NORMAL· 115

TUNNEL_LINK_UPDOWN· 116

TUNNEL_PHY_UPDOWN· 116

VLAN_MODE_CHANGE· 116

IP6ADDR·· 116

IP6ADDR_CREATEADDRESS_CONFLICT· 117

IP6ADDR_CREATEADDRESS_ERROR· 117

IP6ADDR_CREATEADDRESS_INVALID·· 118

IP6FW messages· 118

IP6FW_ABNORMAL_HEADERS· 118

IP6FW_SETTING_FAILED_NDFW·· 119

IP6FW_SETTING_FAILED_HOPLIMITEXCEED·· 119

IP6FW_SETTING_FAILED_HOPLIMITUNVARIED·· 120

IPADDR messages· 120

IPADDR_HA_EVENT_ERROR· 121

IPADDR_HA_STOP_EVENT· 122

IPFW messages· 122

IPFW_SETTING_FAILED_ARPFW·· 122

IPFW_SETTING_FAILED_TTLEXCEED·· 123

IPFW_SETTING_FAILED_TTLUNVARIED·· 123

IPS messages· 123

IPS_IPV4_INTERZONE· 124

IPS_IPV6_INTERZONE· 126

IPS_WARNING·· 127

IPSEC messages· 128

IPSEC_ANTI-REPLAY_WINDOWS_ERROR· 128

IPSEC_FAILED_ADD_FLOW_TABLE· 129

IPSEC_PACKET_DISCARDED·· 129

IPSEC_SA_ESTABLISH· 130

IPSEC_SA_ESTABLISH_FAIL· 131

IPSEC_SA_INITIATION· 134

IPSEC_SA_TERMINATE· 135

IPSG messages· 136

IPSG_ADDENTRY_ERROR· 136

IPSG_DELENTRY_ERROR· 137

IPSG_ADDEXCLUDEDVLAN_ERROR· 138

IPSG_DELEXCLUDEDVLAN_ERROR· 139

L2TPv2 messages· 139

L2TPV2_TUNNEL_EXCEED_LIMIT· 139

L2TPV2_SESSION_EXCEED_LIMIT· 140

LAGG messages· 140

LAGG_ACTIVE· 140

LAGG_AUTO_AGGREGATION· 141

LAGG_INACTIVE_AICFG·· 141

LAGG_INACTIVE_BFD·· 142

LAGG_INACTIVE_CONFIGURATION· 142

LAGG_INACTIVE_DUPLEX· 143

LAGG_INACTIVE_HARDWAREVALUE· 143

LAGG_INACTIVE_LACP_ISOLATE· 143

LAGG_INACTIVE_LOWER_LIMIT· 144

LAGG_INACTIVE_PARTNER· 144

LAGG_INACTIVE_PHYSTATE· 144

LAGG_INACTIVE_RESOURCE_INSUFICIE· 145

LAGG_INACTIVE_SPEED·· 145

LAGG_INACTIVE_UPPER_LIMIT· 145

License· 146

LICENSE_FILE_LOST· 146

LICENSE_FILE_RESTORE· 146

LICENSE_NEAR_EXPIRE· 146

LICENSE_EXPIRE· 147

LICENSE_TAKE_EFFECT· 147

LICENSE_PRE_NEAR_EXPIRE· 147

LICENSE_PRE_EXPIRE· 148

LIPC messages· 148

LIPC_MTCP_CHECK· 148

LIPC_STCP_CHECK· 149

LIPC_STCP_DUPLICATE_SOCKET· 149

LIPC_SUDP_CHECK· 150

PORT_CHANGE· 150

LLDP messages· 150

LLDP_CREATE_NEIGHBOR· 151

LLDP_DELETE_NEIGHBOR· 151

LLDP_LESS_THAN_NEIGHBOR_LIMIT· 152

LLDP_NEIGHBOR_AGE_OUT· 152

LLDP_NEIGHBOR_PROTECTION_BLOCK· 153

LLDP_NEIGHBOR_PROTECTION_DOWN· 153

LLDP_NEIGHBOR_PROTECTION_UNBLOCK· 154

LLDP_NEIGHBOR_PROTECTION_UP· 154

LLDP_PVID_INCONSISTENT· 154

LLDP_REACH_NEIGHBOR_LIMIT· 155

LOGIN_AUTHENTICATION_FAILED·· 157

LOGIN_FAILED·· 157

LOGIN_ INVALID_USERNAME_PWD·· 157

LPDT messages· 158

LPDT_LOOPED·· 158

LPDT_RECOVERED·· 158

LPDT_VLAN_LOOPED·· 158

LPDT_VLAN_RECOVERED·· 159

LS messages· 159

LOCALSVR_PROMPTED_CHANGE_PWD·· 159

LS_ADD_USER_TO_GROUP· 160

LS_AUTHEN_FAILURE· 160

LS_AUTHEN_SUCCESS· 160

LS_DEL_USER_FROM_GROUP· 161

LS_DELETE_PASSWORD_FAIL· 161

LS_PWD_ADDBLACKLIST· 161

LS_PWD_CHGPWD_FOR_AGEDOUT· 162

LS_PWD_CHGPWD_FOR_AGEOUT· 162

LS_PWD_CHGPWD_FOR_COMPOSITION· 162

LS_PWD_CHGPWD_FOR_FIRSTLOGIN· 163

LS_PWD_CHGPWD_FOR_LENGTH· 163

LS_PWD_FAILED2WRITEPASS2FILE· 163

LS_PWD_MODIFY_FAIL· 164

LS_PWD_MODIFY_SUCCESS· 164

LS_REAUTHEN_FAILURE· 165

LS_UPDATE_PASSWORD_FAIL· 165

LS_USER_CANCEL· 165

LS_USER_PASSWORD_EXPIRE· 166

LS_USER_ROLE_CHANGE· 166

MAC messages· 166

MAC_DRIVER_ADD_ENTRY· 166

MAC_NOTIFICATION· 167

MAC_TABLE_FULL_GLOBAL· 167

MAC_TABLE_FULL_PORT· 168

MAC_TABLE_FULL_VLAN· 168

MAC_VLAN_LEARNLIMIT_NORESOURCE· 168

MAC_VLAN_LEARNLIMIT_NOTSUPPORT· 169

MACA messages· 169

MACA_ENABLE_NOT_EFFECTIVE· 169

MACA_LOGIN_FAILURE· 170

MACA_LOGIN_SUCC· 170

MACA_LOGIN_SUCC (in open mode) 171

MACA_LOGOFF· 171

MACA_LOGOFF (in open mode) 172

MFIB messages· 172

MFIB_MEM_ALERT· 172

NAT messages· 172

EIM_MODE_PORT_USAGE_ALARM·· 173

NAT_ADDR_BIND_CONFLICT· 173

NAT_EIM·· 174

NAT_FLOW·· 175

NAT_SERVER_INVALID·· 176

NAT_SERVICE_CARD_RECOVER_FAILURE· 177

NAT444_SYSLOG·· 177

PORT_USAGE_ALARM·· 178

PORTBLOCK_ALARM·· 178

PORTBLOCKGRP_MEMORY_WARNING·· 179

ND messages· 179

ND_CONFLICT· 179

ND_DUPADDR· 180

ND_LOCALPROXY_ENABLE_FAILED·· 180

ND_MAC_CHECK· 180

ND_RAGUARD_DROP· 181

ND_RATE_EXCEEDED·· 181

ND_RATELIMIT_NOTSUPPORT· 182

ND_SET_PORT_TRUST_NORESOURCE· 182

ND_SET_VLAN_REDIRECT_NORESOURCE· 182

ND_USER_DUPLICATE_IPV6ADDR· 183

ND_USER_MOVE· 184

ND_USER_OFFLINE· 184

ND_USER_ONLINE· 185

NETCONF messages· 185

NQA_ENTRY_PROBE_RESULT· 189

NQA_LOG_UNREACHABLE· 189

NQA_PACKET_OVERSIZE· 190

NQA_SCHEDULE_FAILURE· 190

NQA_SERVER_PORT_UNAVAILABLE· 190

NQA_SERVER_ADDR_UNAVAILABLE· 191

NQA_TWAMP_LIGHT_PACKET_INVALID·· 191

NQA_TWAMP_LIGHT_REACTION· 192

NQA_TWAMP_LIGHT_START_FAILURE· 192

NTP messages· 192

NTP_CLOCK_CHANGE· 193

NTP_LEAP_CHANGE· 193

NTP_SOURCE_CHANGE· 193

NTP_SOURCE_LOST· 194

NTP_STRATUM_CHANGE· 194

FIBER_SFP MODULE_INVALID·· 196

FIBER_SFPMODULE_NOWINVALID·· 197

OPTICAL_WARNING_CLEAR· 199

OPTICAL_WARNING_OCCUR· 199

OPTMOD_COUNTERFEIT_MOUDULE· 200

OPTMOD_MODULE_CHECK· 200

OSPF_DUP_RTRID_NBR· 207

OSPF_IP_CONFLICT_INTRA· 207

OSPF_LAST_NBR_DOWN· 208

OSPF_RTRID_CONFLICT_INTER· 210

OSPF_RTRID_CONFLICT_INTRA· 210

OSPF_VLINKID_CHG·· 210

PBR messages· 211

PBR_HARDWARE_ERROR· 211

PFILTER messages· 211

PFILTER_APPLY_REPEAT· 211

PFILTER_GLB_RES_CONFLICT· 212

PFILTER_GLB_IPV4_DACT_NO_RES· 212

PFILTER_GLB_IPV4_DACT_UNK_ERR· 213

PFILTER_GLB_IPV6_DACT_NO_RES· 213

PFILTER_GLB_IPV6_DACT_UNK_ERR· 214

PFILTER_GLB_MAC_DACT_NO_RES· 214

PFILTER_GLB_MAC_DACT_UNK_ERR· 214

PFILTER_GLB_NO_RES· 215

PFILTER_GLB_NOT_SUPPORT· 215

PFILTER_GLB_UNK_ERR· 216

PFILTER_IF_IPV4_DACT_NO_RES· 216

PFILTER_IF_IPV4_DACT_UNK_ERR· 217

PFILTER_IF_IPV6_DACT_NO_RES· 217

PFILTER_IF_IPV6_DACT_UNK_ERR· 218

PFILTER_IF_MAC_DACT_NO_RES· 218

PFILTER_IF_MAC_DACT_UNK_ERR· 219

PFILTER_IF_NO_RES· 219

PFILTER_IF_NOT_SUPPORT· 220

PFILTER_IF_RES_CONFLICT· 220

PFILTER_IF_UNK_ERR· 221

PFILTER_IPV4_FLOW_INFO·· 221

PFILTER_IPV4_FLOW_STATIS· 222

PFILTER_IPV6_FLOW_INFO·· 222

PFILTER_IPV6_FLOW_STATIS· 223

PFILTER_IPV6_STATIS_INFO·· 223

PFILTER_MAC_FLOW_INFO·· 224

PFILTER_STATIS_INFO·· 224

PFILTER_VLAN_IPV4_DACT_NO_RES· 225

PFILTER_VLAN_IPV4_DACT_UNK_ERR· 225

PFILTER_VLAN_IPV6_DACT_NO_RES· 226

PFILTER_VLAN_IPV6_DACT_UNK_ERR· 226

PFILTER_VLAN_MAC_DACT_NO_RES· 227

PFILTER_VLAN_MAC_DACT_UNK_ERR· 227

PFILTER_VLAN_NO_RES· 228

PFILTER_VLAN_NOT_SUPPORT· 228

PFILTER_VLAN_RES_CONFLICT· 229

PFILTER_VLAN_UNK_ERR· 229

PING messages· 229

PING_STATISTICS· 230

PING_VPN_STATISTICS· 231

PKG messages· 231

PKG_BOOTLOADER_FILE_FAILED·· 231

PKG_BOOTLOADER_FILE_SUCCESS· 232

PKG_INSTALL_ACTIVATE_FAILED·· 232

PKG_INSTALL_ACTIVATE_SUCCESS· 232

PKI messages· 232

REQUEST_CERT_FAIL· 233

REQUEST_CERT_SUCCESS· 233

PKT2CPU messages· 233

PKT2CPU_NO_RESOURCE· 234

Portal messages· 234

PORTAL_USER_LOGOFF· 235

PORTAL_USER_LOGON_FAIL· 238

PORTAL_USER_LOGON_SUCCESS· 239

PPP messages· 239

IPPOOL_ADDRESS_EXHAUSTED·· 240

PPP_USER_LOGON_SUCCESS· 240

PPP_USER_LOGON_FAILED·· 241

PPP_USER_LOGOFF· 242

PPP_USER_LOGOFF_ABNORMAL· 243

PPPOES messages· 244

PPPOES_MAC_THROTTLE· 244

PWDCTL messages· 245

PWDCTL_ADD_BLACKLIST· 245

PWDCTL_CHANGE_PASSWORD·· 245

PWDCTL_FAILED_TO_WRITEPWD·· 245

PWDCTL_UPDATETIME· 246

QOS messages· 246

MIRROR_SYNC_CFG_FAIL· 246

QOS_BANDWIDTH_TOTALCHANNEL· 247

QOS_CAR_APPLYUSER_FAIL· 247

QOS_CBWFQ_REMOVED·· 248

QOS_CHANNEL_APPLYIF_FAIL· 248

QOS_GTS_APPLYUSER_FAIL· 248

QOS_IFA_OUTPUT_IFFAIL· 249

QOS_NOT_ENOUGH_BANDWIDTH· 249

QOS_NOT_ENOUGH_NNIBANDWIDTH· 250

QOS_POLICY_APPLYCOPP_CBFAIL· 250

QOS_POLICY_APPLYCOPP_FAIL· 251

QOS_POLICY_APPLYGLOBAL_CBFAIL· 251

QOS_POLICY_APPLYGLOBAL_FAIL· 252

QOS_POLICY_APPLYIF_CBFAIL· 252

QOS_POLICY_APPLYIF_FAIL· 253

QOS_POLICY_APPLYTUN_FAIL· 253

QOS_POLICY_APPLYTUN_SUCCESS· 254

QOS_POLICY_APPLYUSER_FAIL· 254

QOS_POLICY_APPLYVLAN_CBFAIL· 255

QOS_POLICY_APPLYVLAN_FAIL· 255

QOS_QMPROFILE_APPLYUSER_FAIL· 256

QOS_QMPROFILE_MODIFYQUEUE_FAIL· 256

QOS_UNI_RESTORE_FAIL· 257

WRED_TABLE_CFG_FAIL· 257

RADIUS messages· 257

RADIUS_AUTH_FAILURE· 257

RADIUS_AUTH_SUCCESS· 258

RADIUS_DELETE_HOST_FAIL· 258

RM_ACRT_REACH_LIMIT· 260

RM_ACRT_REACH_THRESVALUE· 260

RM_THRESHLD_VALUE_REACH· 260

RRM messages· 261

RRM_LOG_ADJUSTCHANNEL· 261

RTM messages· 261

RTM_TCL_NOT_EXIST· 261

RTM_TCL_MODIFY· 262

RTM_TCL_LOAD_FAILED·· 262

SCMD messages· 262

PROCESS_ABNORMAL· 263

PROCESS_ACTIVEFAILED·· 263

PROCESS_CORERECORD·· 264

SCM_ABNORMAL_REBOOT· 264

SCM_ABNORMAL_REBOOTMDC· 265

SCM_ABORT_RESTORE· 265

SCM_INSMOD_ADDON_TOOLONG·· 266

SCM_KERNEL_INIT_TOOLONG·· 266

SCM_PROCESS_STARTING_TOOLONG·· 267

SCM_SKIP_PROCESS· 268

SECP messages· 268

SECP_ACCELERATE_NO_RES· 268

SECP_ACCELERATE_NOT_SUPPORT· 269

SECP_ACCELERATE_UNK_ERR· 269

SESSION messages· 269

SESSION_IPV4_FLOW·· 270

SESSION_IPV6_FLOW·· 271

SHELL messages· 272

SHELL_CMD·· 272

SHELL_CMD_CONFIRM·· 272

SHELL_CMD_EXECUTEFAIL· 273

SHELL_CMD_INPUT· 273

SHELL_CMD_INPUT_TIMEOUT· 273

SHELL_CMD_INVALID_CHARACTER· 274

SHELL_CMD_MATCHFAIL· 274

SHELL_CMDDENY· 274

SHELL_CMDFAIL· 275

SHELL_CRITICAL_CMDFAIL· 275

SHELL_LOGIN· 275

SHELL_LOGOUT· 276

SNMP messages· 276

SNMP_ACL_RESTRICTION· 276

SNMP_AUTHENTICATION_FAILURE· 276

SNMP_GET· 277

SNMP_NOTIFY· 277

SNMP_SET· 278

SNMP_USM_NOTINTIMEWINDOW·· 278

SSHS messages· 278

SSHS_ACL_DENY· 279

SSHS_ALGORITHM_MISMATCH· 279

SSHS_AUTH_EXCEED_RETRY_TIMES· 279

SSHS_AUTH_FAIL· 280

SSHS_AUTH_SUCCESS· 280

SSHS_AUTH_TIMEOUT· 280

SSHS_CONNECT· 281

SSHS_DECRYPT_FAIL· 281

SSHS_DISCONNECT· 281

SSHS_ENCRYPT_FAIL· 282

SSHS_LOG·· 282

SSHS_MAC_ERROR· 282

SSHS_REACH_SESSION_LIMIT· 283

SSHS_REACH_USER_LIMIT· 283

SSHS_SCP_OPER· 283

SSHS_SFTP_OPER· 284

SSHS_SRV_UNAVAILABLE· 284

SSHS_VERSION_MISMATCH· 284

SSL VPN messages· 285

SSLVPN_HTTP_BIND_ADDRESS_INUSED·· 285

SSLVPN_HTTP_BIND_PORT_ALLOCETED·· 285

SSLVPN_IP_RESOURCE_DENY· 286

SSLVPN_IP_RESOURCE_FAILED·· 286

SSLVPN_IP_RESOURCE_PERMIT· 287

SSLVPN_IPAC_ALLOC_ADDR_FAIL· 287

SSLVPN_IPAC_ALLOC_ADDR_SUCCESS· 288

SSLVPN_IPAC_CONN_CLOSE· 288

SSLVPN_IPAC_PACKET_DROP· 289

SSLVPN_IPAC_RELEASE_ADD_SUCCESS· 289

SSLVPN_SERVICE_UNAVAILABLE· 290

SSLVPN_USER_LOGIN· 290

SSLVPN_USER_LOGINFAILED·· 291

SSLVPN_USER_LOGOUT· 292

SSLVPN_USER_NUMBER· 292

STAMGR messages· 292

STAMGR_ADD_FAILVLAN· 293

STAMGR_ADDBAC_INFO·· 293

STAMGR_ADDSTA_INFO·· 293

STAMGR_AUTHORACL_FAILURE· 294

STAMGR_AUTHORUSERPROFILE_FAILURE· 295

STAMGR_BSS_FAILURE· 295

STAMGR_CLEINT_BSS_MAXCOUNT· 296

STAMGR_CLIENT_FAILURE· 296

STAMGR_CLIENT_OFFLINE· 303

STAMGR_CLIENT_ONLINE· 307

STAMGR_CLEINT_RADIO_MAXCOUNT· 307

STAMGR_CLIENT_SNOOPING·· 308

STAMGR_DELBAC_INFO·· 308

STAMGR_DELSTA_INFO·· 308

STAMGR_ESCAPE_ACTIVE· 309

STAMGR_ESCAPE_DEACTIVE· 309

STAMGR_DOMAIN_UNREACHABLE· 310

STAMGR_DOMAIN_REACHABLE· 310

STAMGR_MACA_LOGIN_FAILURE· 311

STAMGR_MACA_LOGIN_SUCC· 312

STAMGR_MACA_LOGOFF· 313

STAMGR_ROAM_FAILED·· 314

STAMGR_ROAM_SUCCESS· 315

STAMGR_SAVI_BIND·· 315

STAMGR_SAVI_UNBIND·· 316

STAMGR_SAVI_UNKNOWN_SOURCE_IP· 316

STAMGR_SERVICE_FAILURE· 317

STAMGR_SERVICE_OFF· 321

STAMGR_SERVICE_ON· 322

STAMGR_STA_ADDMOB_LKUP_ENDOFIOCTL· 322

STAMGR_STAIPCHANGE_INFO·· 323

STAMGR_TRIGGER_IP· 323

STP messages· 323

STP_BPDU_PROTECTION· 324

STP_BPDU_RECEIVE_EXPIRY· 324

STP_CONSISTENCY_CHECK· 324

STP_CONSISTENCY_RESTORATION· 325

STP_LOOP_PROTECTION· 327

STP_LOOPBACK_PROTECTION· 327

STP_NOT_ROOT· 328

STP_NOTIFIED_TC· 328

STP_PORT_TYPE_INCONSISTENCY· 328

STP_PVID_INCONSISTENCY· 329

STP_PVST_BPDU_PROTECTION· 329

STP_ROOT_PROTECTION· 329

STP_STG_NUM_DETECTION· 330

SYSLOG messages· 330

SYSLOG_LOGBUFFER_FAILURE· 330

SYSLOG_LOGFILE_FULL· 330

SYSLOG_NO_SPACE· 331

SYSLOG_RESTART· 331

SYSLOG_RTM_EVENT_BUFFER_FULL· 331

TACACS messages· 332

TACACS_AUTH_FAILURE· 332

TACACS_AUTH_SUCCESS· 332

TACACS_DELETE_HOST_FAIL· 332

TELNETD messages· 332

TELNETD_REACH_SESSION_LIMIT· 333

VLAN messages· 333

VLAN_CREATEVLAN_NO_ENOUGH_RESOUR· 333

VLAN_FAILED·· 334

VLAN_VLANMAPPING_FAILED·· 334

VLAN_VLANTRANSPARENT_FAILED·· 334

VRRP messages· 334

VRRP_STATUS_CHANGE· 335

VRRP_VF_STATUS_CHANGE· 336

VRRP_VMAC_INEFFECTIVE· 336

VSRP messages· 336

VSRP_BIND_FAILED·· 337

WIPS messages· 337

AP_CHANNEL_CHANGE· 337

APFLOOD·· 337

ASSOCIATEOVERFLOW·· 338

Introduction

This document includes the following system messages:

· Messages specific to the access controller

· Messages for the Comware 9 software platform. Some platform system messages might not be available on the access controller.

This document is intended only for managing H3C access controllers. Do not use this document for any other device models.

This document assumes that the readers are familiar with data communications technologies and H3C networking products.

System log message format

By default, the system log messages use one of the following formats depending on the output destination:

· Log host:

<PRI>TIMESTAMP Sysname %%vendorMODULE/severity/MNEMONIC: location; CONTENT

· Destinations except for the log host:

Prefix TIMESTAMP Sysname MODULE/severity/MNEMONIC: CONTENT

NOTE:

Log message examples in this document use the format for destinations except the log host. They do not contain elements available only for the log host, including the location element.

Table 1 System log message elements

Element	Description
<PRI>	Priority identifier. This element is contained only in messages sent to the log host. It is calculated by using the following formula: Priority identifier=facilityx8+severity Where: · Facility is specified by using the info-center loghost command. A log host uses this parameter to identify log sources and filter log messages. · Severity represents the importance of the message. For more information about severity levels, see Table 2.
Prefix	Message type identifier. This element is contained in the system log messages sent to non-log-host destinations. The element uses the following symbols to indicate message severity: · Percentage sign (%)—Informational and higher levels. · Asterisk (*)—Debug level.
TIMESTAMP	Date and time when the event occurred. The following are commands for configuring the timestamp format: · Log host—Use the info-center timestamp loghost command. · Non-log-host destinations—Use the info-center timestamp command.
Sysname	Name or IP address of the device that generated the message.
%%vendor	Manufacturer flag. This element is %%10 for H3C. This element is contained only in messages sent to the log host.
MODULE	Name of the module that produced the message.
severity	Severity level of the message. (For more information about severity levels, see Table 2.)
MNEMONIC	Text string that uniquely identifies the system message. The maximum length is 32 characters.
location	Optional. This element identifies where the message occurred. This element is contained only in messages sent to the log host. This element presents location information for the message in the following format: -attribute1=x-attribute2=y…-attributeN=z The following are examples of location attributes: · -MDC=XX, which represents the MDC on which the message occurred. · -DevIp=XXX.XXX.XXX.XXX, which represents the source IP of the message. · -Slot=XX, which represents the slot on which the message occurred. · -Chassis=XX-Slot=XX, which represents the chassis and slot on which the message occurred. This element is separated from the message description by using a semicolon (;).
CONTENT	Text string that contains detailed information about the event or error. For variable fields in this element, this document uses the representations in Table 3.

System log messages are classified into eight severity levels from 0 to 7. The lower the number, the higher the severity, as shown in Table 2.

Table 2 System log message severity levels

Level	Severity	Description
0	Emergency	The system is unusable. For example, the system authorization has expired.
1	Alert	Action must be taken immediately. For example, traffic on an interface exceeds the upper limit.
2	Critical	Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails.
3	Error	Error condition. For example, the link state changes or a storage card is unplugged.
4	Warning	Warning condition. For example, an interface is disconnected, or the memory resources are used up.
5	Notification	Normal but significant condition. For example, a terminal logs in to the device, or the device reboots.
6	Informational	Informational message. For example, a command or a ping operation is executed.
7	Debug	Debugging message.

For variable fields in the message text, this document uses the representations in Table 3. The values are case insensitive, even though the representations are uppercase letters.

Table 3 Variable field representations

Representation	Information type
INT16	Signed 16-bit decimal number.
UINT16	Unsigned 16-bit decimal number.
INT32	Signed 32-bit decimal number.
UINT32	Unsigned 32-bit decimal number.
INT64	Signed 64-bit decimal number.
UINT64	Unsigned 64-bit decimal number.
DOUBLE	Two dot-separated signed 32-bit decimal numbers. The format is [INTEGER].[INTEGER].
HEX	Hexadecimal number.
CHAR	Single character.
STRING	Character string.
IPADDR	IP address.
MAC	MAC address.
DATE	Date.
TIME	Time.

Managing and obtaining system log messages

You can manage system log messages by using the information center.

By default, the information center is enabled. Log messages can be output to the console, monitor terminal, log buffer, log host, and log file.

To filter log messages, use the info-center source command to specify log output rules. A log output rule specifies the source modules and the lowest severity level of log messages that can be output to a destination. A log message is output if its severity level is higher than or equal to the specified level. For example, if you specify a severity level of 6 (informational), log messages that have a severity level from 0 to 6 are output.

For more information about using the information center, see the System Management Configuration Guide for the product.

Obtaining log messages from the console terminal

Access the device through the console port. Real-time log messages are displayed on the console terminal.

Obtaining log messages from a monitor terminal

Monitor terminals refer to terminals that access the device through the AUX, or VTY lines (for example, Telnet). To obtain log messages from a monitor terminal, use the following guidelines:

· To display log messages on the monitor terminal, you must configure the terminal monitor command.

· For monitor terminals, the lowest level of log messages that can be displayed is determined by both the terminal logging level and info-center source commands.

NOTE:

Settings for the terminal monitor and terminal logging level commands take effect only on the current login session. The default settings for the commands restore at a relogin.

Obtaining log messages from the log buffer

Use the display logbuffer command to display history log messages in the log buffer.

Obtaining log messages from the log file

By default, the log file feature automatically saves logs from the log file buffer to the log file every 24 hours. You can use the info-center logfile frequency command to change the automatic saving internal.

To manually save logs to the log file, use the logfile save command. The log file buffer is cleared each time a save operation is performed.

By default, you can obtain the log file from the flash:/logfile path if the device only supports the fixed storage medium flash. If the device supports the fixed storage medium CF card, the file path is cfa0:/logfile/.

To view the contents of the log file on the device, use the more command.

Obtaining log messages from a log host

Use the info-center loghost command to specify the service port number and IP address of a log host. To specify multiple log hosts, repeat the command.

For a successful log message transmission, make sure the specified port number is the same as the port number used on the log host. The default service port number is 514.

Software module list

Table 4 lists all software modules that might produce system log messages.

Table 4 Software module list

Module name representation	Module name expansion
AAA	Authentication, Authorization and Accounting
ACL	Access Control List
APMGR	Access Point Management
ARP	Address Resolution Protocol
AUDIT	Audit
AVC	Application Visible Control
CFGMAN	Configuration Management
DEV	Device Management
DHCP	Dynamic Host Configuration Protocol
DHCPR	IPv4 DHCP Relay
DHCPS	DHCP Server
DHCPS6	DHCPv6 Server
DHCPSP4	DHCP Snooping
DHCPSP6	DHCPv6 Snooping
DIAG	Diagnosis
DIM	DPI Engine
DOT1X	802.1X
FNOTIFY	Fnotify
FS	File System
FTP	File Transfer Protocol
HOTPLUG	Hotplug
HTTPD	Hypertext Transfer Protocol Daemon
IDENTITY	Identity
IFMON	Interface Monitor
IFNET	Interface Net Management
IP6ADDR	IPv6 Addressing
IP6FW	IPv6 Forwarding
IPADDR	IP Addressing
IPFW	IP Forwarding
IPS	Intrusion Prevention System
IPSEC	IP Security
IPSG	IP Source Guard
L2TPV2	Layer 2 Tunneling Protocol Version 2
LAGG	Link Aggregation
License	License
LIPC	Leopard Inter-process Communication
LLDP	Link Layer Discovery Protocol
LOAD	Load Management
LOGIN	Login
LPDT	Loopback Detection
LS	Local Server
MAC	Media Access Control
MACA	MAC Authentication
MFIB	Multicast Forwarding Information Base
NAT	Network Address Translation
ND	Neighbor Discovery
NETCONF	Network Configuration Protocol
NQA	Network Quality Analyzer
NTP	Network Time Protocol
OPTMOD	Optical Module
OSPF	Open Shortest Path First
PBR	Policy-Based Routing
PFILTER	Packet Filter
PING	Packet Internet Groper
PKG	Package
PKI	Public Key Infrastructure
PKT2CPU	Packet to CPU
PORTAL	Portal
PPP	Point to Point Protocol
PPPOES	PPP over Ethernet Server
PWDCTL	Password Control
QOS	Quality of Service
RADIUS	Remote Authentication Dial In User Service
RIP	Routing Information Protocol
RIPNG	Routing Information Protocol Next Generation
RM	Routing Management
RRM	Radio Resource Management
RTM	Real-Time Event Manager
SCMD	Service Control Manager
SECP	Security Policy
SESSION	Session
SHELL	Shell
SNMP	Simple Network Management Protocol
SSHS	Secure Shell Server
SSL VPN	Secure Sockets Layer Virtual Private Network
STAMGR	Station Management
STP	Spanning Tree Protocol
SYSLOG	System Log
TACACS	Terminal Access Controller Access Control System
TELNETD	Telnet Daemon
VLAN	Virtual Local Area Network
VRRP	Virtual Router Redundancy Protocol
VSRP	Virtual Service Redundancy Protocol
WIPS	Wireless Intrusion Prevention System
WSA	Wireless Spectrum Analysis

Using this document

This document categorizes system log messages by software module. The modules are ordered alphabetically. Except for OPENSRC, the system log messages for each module are listed in alphabetic order of their mnemonic names. The OPENSRC messages are unordered because they use the same mnemonic name (SYSLOG). For each OPENSRC message, the section title uses a short description instead of the mnemonic name.

This document explains messages in tables. Table 5 describes information provided in these tables.

Table 5 Message explanation table contents

Item	Content	Example
Message text	Presents the message description.	ACL [UINT32] [STRING] [UINT64] packet(s).
Variable fields	Briefly describes the variable fields in the order that they appear in the message text. The variable fields are numbered in the "$Number" form to help you identify their location in the message text.	$1: ACL number. $2: ID and content of an ACL rule. $3: Number of packets that matched the rule.
Severity level	Provides the severity level of the message.	6
Example	Provides a real message example. The examples do not include the "<PRI>TIMESTAMP Sysname %%vendor" part or the "Prefix TIMESTAMP Sysname" part, because information in this part varies with system settings.	ACL/6/ACL_STATIS_INFO: ACL 2900 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).
Explanation	Explains the message, including the event or error cause.	Number of packets that matched an ACL rule. This message is sent when the packet counter changes.
Recommended action	Provides recommended actions. For informational messages, no action is required.	No action is required.

AAA messages

This section contains AAA messages.

AAA_FAILURE

Message text	-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA failed.
Variable fields	$1: AAA type. $2: AAA scheme. $3: Service. $4: Username.
Severity level	5
Example	AAA/5/AAA_FAILURE: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA failed.
Explanation	An AAA request was rejected. The following are the common reasons: · No response was received from the server. · The username or password was incorrect. · The service type that the user applied for was incorrect.
Recommended action	1. Verify that the device is correctly connected to the server. 2. Enter the correct username and password. 3. Verify that the server settings are the same as the settings on the device. 4. If the problem persists, contact H3C Support.

AAA_LAUNCH

Message text	-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA launched.
Variable fields	$1: AAA type. $2: AAA scheme. $3: Service. $4: Username.
Severity level	6
Example	AAA/6/AAA_LAUNCH: -AAAType=AUTHEN-AAADomain=domain1-Service=login-UserName=cwf@system; AAA launched.
Explanation	An AAA request was received.
Recommended action	No action is required.

AAA_SUCCESS

Message text	-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA succeeded.
Variable fields	$1: AAA type. $2: AAA scheme. $3: Service. $4: Username.
Severity level	6
Example	AAA/6/AAA_SUCCESS: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA succeeded.
Explanation	An AAA request was accepted.
Recommended action	No action is required.

ACL messages

This section contains ACL messages.

ACL_ACCELERATE_NO_RES

Message text	Failed to accelerate [STRING] ACL [UINT32]. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NO_RES: Failed to accelerate IPv6 ACL 2001. The resources are insufficient.
Explanation	Hardware resources were insufficient for accelerating an ACL.
Recommended action	Delete some rules or disabled ACL acceleration for other ACLs to release hardware resources.

ACL_ACCELERATE_NONCONTIGUOUSMASK

Message text	Failed to accelerate ACL [UINT32]. ACL acceleration supports only contiguous wildcard masks.
Variable fields	$1: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NONCONTIGUOUSMASK: Failed to accelerate ACL 2001. ACL acceleration supports only contiguous wildcard masks.
Explanation	ACL acceleration failed because rules containing noncontiguous wildcard masks exist in the ACL.
Recommended action	Check the ACL rules and delete the unsupported configuration.

ACL_ACCELERATE_NOT_SUPPORT

Message text	Failed to accelerate [STRING] ACL [UINT32]. The operation is not supported.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 ACL 2001. The operation is not supported.
Explanation	ACL acceleration failed because the system does not support ACL acceleration.
Recommended action	No action is required.

ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP

Message text	Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support the rules that contain the hop-by-hop keywords.
Variable fields	$1: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support the rules that contain the hop-by-hop keywords.
Explanation	ACL acceleration failed for the IPv6 ACL because rules containing the hop-by-hop keyword exist in the ACL.
Recommended action	Check the ACL rules and delete the unsupported configuration.

ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG

Message text	Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support specifying multiple TCP flags in one rule.
Variable fields	$1: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support specifying multiple TCP flags in one rule.
Explanation	ACL acceleration failed for the IPv6 ACL because rules containing multiple TCP flags exist in the ACL.
Recommended action	Check the ACL rules and delete the unsupported configuration.

ACL_ACCELERATE_UNK_ERR

Message text	Failed to accelerate [STRING] ACL [UINT32].
Variable fields	$1: ACL type. $2: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 ACL 2001.
Explanation	ACL acceleration failed because of an unknown error.
Recommended action	No action is required.

ACL_IPV6_STATIS_INFO

Message text	IPv6 ACL [UINT32] [STRING] [UINT64] packet(s).
Variable fields	$1: ACL number. $2: ID and content of an IPv6 ACL rule. $3: Number of packets that matched the rule.
Severity level	6
Example	ACL/6/ACL_IPV6_STATIS_INFO: IPv6 ACL 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s).
Explanation	The number of packets matching the IPv6 ACL rule changed.
Recommended action	No action is required.

ACL_NO_MEM

Message text	Failed to configure [STRING] ACL [UINT] due to lack of memory.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	3
Example	ACL/3/ACL_NO_MEM: Failed to configure ACL 2001 due to lack of memory.
Explanation	Configuring the ACL failed because memory is insufficient.
Recommended action	Use the display memory-threshold command to check the memory usage.

ACL_STATIS_INFO

Message text	ACL [UINT32] [STRING] [UINT64] packet(s).
Variable fields	$1: ACL number. $2: ID and content of an IPv4 ACL rule. $3: Number of packets that matched the rule.
Severity level	6
Example	ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).
Explanation	The number of packets matching the IPv4 ACL rule changed.
Recommended action	No action is required.

APMGR messages

This section contains access point management messages.

AP_CREATE_FAILURE

Message text	Failed to create an AP with entity ID [UINT32] and model [STRING]. Reason: Region code is not available.
Variable fields	$1: AP ID. $2: AP model.
Severity level	6
Example	APMGR/6/AP_CREATE_FAILURE: Failed to create an AP with entity ID 1 and model WA2620i-AGN. Reason: Region code is not available.
Explanation	The system fails to create an AP because the AP is not specified with a region code.
Recommended action	Specify a region code in global configuration view.

AP_REBOOT_REASON

Message text	AP in Run state is rebooting. Reason: The physical status of the radio is down.
Variable fields	N/A
Severity level	6
Example	APMGR/6/AP_REBOOT_REASON: AP in Run state is rebooting. Reason: The physical status of the radio is down.
Explanation	The AP is rebooting because a physical radio interface of the AP is in down state.
Recommended action	Verify that radio settings on the AP are correct after the reboot.

APMGR_AP_CFG_FAILED

Message text	Failed to reset AP [STRING]. Reason: The AP is writing an image file into the flash.
Variable fields	$1: AP name.
Severity level	4
Example	APMGR/4/APMGR_CFG_FAILD: Fa iled to reset AP ap2. Reason: The AP is writing an image file into the flash.
Explanation	AP reset failed because the AP is writing an image file into the flash.
Recommended action	Restart the AP after the AP finishes writing an image file into the flash.

APMGR_AP_ONLINE

Message text	The AP failed to come online. Reason: AP model [$1] is not supported. AP ID=[$2], MAC address=[$3].
Variable fields	$1: AP model. $2: AP ID. $3: AP MAC address.
Severity level	6
Example	APMGR/6/APMGR_AP_ONLINE: The AP failed to come online. Reason: AP model wa6320 is not supported. AP ID=0, MAC address=b0f9-63da-db20.
Explanation	The AP fails to come online because its model is not supported by the AC and the AC cannot receive discovery requests from the AP.
Recommended action	No action is required.

APMGR_GET_AP_MODEL_FAILURE

Message text	Failed to get an AP model because no region code is configured globally or for AP group [STRING].
Variable fields	$1: AP group name.
Severity level	6
Example	APMGR/6/APMGR_GET_AP_MODEL_FAILURE: Failed to get an AP model because no region code is configured globally or for AP group g2.
Explanation	Failed to obtain the models of APs in an AP group because no region code is specified.
Recommended action	Specify a global region code or specify a region code for the AP group.

APMGR_LOG_ADD_AP_FAIL

Message text	AP [STRING] failed to come online using serial ID [STRING]: MAC address [STRING] is being used by AP [STRING].
Variable fields	$1: AP name. $2: Serial ID. $3: MAC address. $4: AP name.
Severity level	4
Example	APMGR/4/APMGR_LOG_ADD_AP_FAIL: AP ap1 failed to come online using serial ID 01247ef96: MAC address 0023-7961-5201 is being used by AP ap2.
Explanation	The AP failed to come online because a manual AP that has the same MAC address already exists on the AC.
Recommended action	Delete either the manual AP that has the MAC address or the serial ID.

APMGR_LOG_MEMALERT

Message text	The memory usage of the AC has reached the threshold.
Variable fields	N/A
Severity level	4
Example	APMGR/4/APMGR_LOG_MEMALERT: The memory usage of the AC has reached the threshold.
Explanation	The AP failed to come online because the memory utilization exceeded the limit.
Recommended action	Stop creating manual APs and prevent APs from coming online.

APMGR_LOG_NOLICENSE

Message text	AP failed to come online in [STRING]. Reason: No license for the [STRING].
Variable fields	$1: AP state: · discover. · join. $2: AP type: · common AP. · WTU AP.
Severity level	6
Example	APMGR/6/APMGR_LOG_NOLICENSE: AP failed to come online in discover. Reason: No license for the common AP.
Explanation	The AP failed to come online because the number of APs allowed by the license on the AC has reached the upper limit.
Recommended action	Purchase an upgrade license for AP number extension.

APMGR_LOG_OFFLINE

Message text	AP [STRING] went offline. State changed to Idle.
Variable fields	$1: AP name.
Severity level	6
Example	APMGR/6/APMGR_LOG_OFFLINE: AP ap1 went offline. State changed to Idle.
Explanation	The AP went offline. The state of the AP changed to Idle.
Recommended action	If the AP went offline abnormally, check the debugging information to locate the problem and resolve it.

APMGR_LOG_ONLINE

Message text	AP [STRING] came online. State changed to Run.
Variable fields	$1: AP name.
Severity level	6
Example	APMGR/6/APMGR_LOG_ONLINE: AP ap1 came online. State changed to Run.
Explanation	The AP came online. The state of the AP changed to Run.
Recommended action	No action is required.

APMGR_LOG_ONLINE_FAILED

Message text	[STRING] ([STRING]) failed to come online in join state. Reason: [STRING] ([STRING]) was offline.
Variable fields	$1: Name of a WTU or WAP. $2: Serial ID of a WTU or WAP. $3: Name of the connected WT or SPM. $4: Serial ID of the connected WT or SPM.
Severity level	6
Example	· APMGR/6/APMGR_AP_ONLINE_FAILED: WTU (219801A0WA916BQ12535) failed to come online in join state. Reason: WT (219801A11UC173000153) was offline. · APMGR/6/APMGR_AP_ONLINE_FAILED: WAP (219801A0VW916AG00254) failed to come online in join state. Reason: SPM (219801A13DB05B0004350) was offline.
Explanation	· The WTU cannot come online because its connected WT is offline. · The WAP cannot come online because its connected SPM is offline.
Recommended action	Make the WT or SPM come online.

APMGR_REACH_MAX_APNUMBER

Message text	An AP failed to come online: Maximum number of APs already reached.
Variable fields	N/A
Severity level	4
Example	APMGR/4/APMGR_REACH_MAX_APNEMBER: An AP failed to come online: Maximum number of APs already reached.
Explanation	An AP failed to come online because the number of APs on the AC already reached the upper limit.
Recommended action	No action is required.

APMGR_ERROR

Message text	Failed to install WLAN feature package. Reason: Insufficient hardware resources.
Variable fields	N/A
Severity level	6
Example	APMGR/6/ERROR: Failed to install WLAN feature package. Reason: Insufficient hardware resources.
Explanation	The system failed to install the WLAN feature package because of insufficient hardware resources.
Recommended action	To resolve the problem: 1. Uninstall the WLAN feature package. 2. Locate the reason that causes hardware resource exhaustion and remove the issue. 3. Reinstall the WLAN feature package. 4. If the problem persists, contact H3C Support.

CWS_IMG_DOWNLOAD_FAILED

Message text	Failed to download image file [STRING1] for [STRING2] [STRING3].
Variable fields	$1: Image file name. $2: AP or local AC. $3: Name of the AP or local AC.
Severity level	6
Example	CWS/6/CWS_IMG_DOWNLOAD_FAILED: Failed to download image file wa4300.ipe for AP ap1.
Explanation	The AP or the local AC failed to download the image file from the AC.
Recommended action	No action is required.

CWS_AP_DOWN

Message text	CAPWAP tunnel to AP [STRING] went down. Reason: [STRING].
Variable fields	$1: AP name. $2: Reason: · Neighbor dead timer expired. · AP was reset by admin. · AP was reset by CloudTunnel. · AP was reset on cloud. · WT was offline. · AP was deleted. · Serial number changed. · Processed join request in Run state. · Failed to retransmit message. · Received WTP tunnel down event from AP. · Backup AC closed the backup tunnel. · Backup AP upgrade failed. · AC is inactive. · Tunnel switched. · N/A.
Severity level	6
Example	CWS/6/CWS_AP_DOWN: CAPWAP tunnel to AP ap1 went down. Reason: AP was reset by admin.
Explanation	The AP went offline for a specific reason.
Recommended action	To resolve the problem: 1. Examine the network connection between the AP and the AC. 2. Verify that the AP is correctly configured. 3. Verify that the AC is correctly configured. 4. If the problem persists, contact H3C Support.

CWS_AP_UP

Message text	[STRING] CAPWAP tunnel to AP [STRING] went up.
Variable fields	$1: Tunnel type: · Master. · Backup. $2: AP name or serial ID.
Severity level	6
Example	CWS/6/CWS_AP_UP: Backup CAPWAP tunnel to AP ap1 went up.
Explanation	The AP came online and entered Run state.
Recommended action	No action is required.

CWS_IMG_DOWNLOAD_COMPLETE

Message text	System software image file [STRING] downloading through the CAPWAP tunnel for AP [STRING] completed.
Variable fields	$1: Image file name. $2: AP name.
Severity level	6
Example	CWS/6/CWS_IMG_DOWNLOAD_COMPLETE: System software image file 5800.ipe downloading through the CAPWAP tunnel for AP ap2 completed.
Explanation	The AP downloaded the image file from the AC successfully.
Recommended action	No action is required.

CWS_IMG_DOWNLOAD_FAILED

Message text	Failed to download image file [STRING] for the AP. AC memory is not enough.
Variable fields	$1: Name of an image file.
Severity level	6
Example	CWS/6/CWS_IMG_DOWNLOAD_FAILED: Failed to download image file wa4300anchor.ipe for the AP. AC memory is not enough.
Explanation	The AP failed to download an image file from the AC because of insufficient AC memory.
Recommended action	No action is required.

CWS_IMG_DOWNLOAD_START

Message text	AP [STRING] started to download the system software image file [STRING].
Variable fields	$1: AP name. $2: Image file name.
Severity level	6
Example	CWS/6/CWS_IMG_DOWNLOAD_START: AP ap1 started to download the system software image file 5800.ipe.
Explanation	The AP started to download the image file from the AC.
Recommended action	No action is required.

CWS_IMG_OPENFILE_FAILED

Message text	Failed to open the image file [STRING].
Variable fields	$1: Path of the image file to be downloaded to the AP.
Severity level	3
Example	CWS/3/CWS_IMG_OPENFILE_FAILED: Failed to open the image file slot1#cfa0:/wa5600.ipe.
Explanation	The AP failed to open the image file downloaded from the AC.
Recommended action	No action is required.

CWS_RUN_DOWNLOAD_COMPLETE

Message text	File [STRING] successfully downloaded through the CAPWAP tunnel for AP [STRING].
Variable fields	$1: File name. $2: AP name.
Severity level	6
Example	CWS/6/CWS_RUN_DOWNLOAD_COMPLETE: File ac.cfg successfully downloaded through the CAPWAP tunnel for AP ap2.
Explanation	The AP downloaded the file from the AC successfully.
Recommended action	No action is required.

CWS_RUN_DOWNLOAD_START

Message text	AP [STRING] started to download the file [STRING].
Variable fields	$1: AP name. $2: File name.
Severity level	6
Example	CWS/6/CWS_RUN_DOWNLOAD_START: AP ap1 started to download the file ac.cfg.
Explanation	The AP started to download the file from the AC.
Recommended action	No action is required.

RADIO

Message text	APMGR/6/RADIO: Current channel usage [UINT32] of radio [CHAR] on AP [STRING] exceeded the threshold.
Variable fields	$1: Current channel usage. $2: Radio ID. $3: AP name.
Severity level	6
Example	APMGR/6/RADIO: Current channel usage 63% of radio 2 on AP ap1 exceeded the threshold.
Explanation	The current channel usage on a radio has exceeded the channel usage threshold.
Recommended action	Execute the channel command to switch the working channel to a channel with low usage.

ARP messages

This section contains ARP messages.

ARP_ACTIVE_ACK_NO_REPLY

Message text	No ARP reply from IP [STRING] was received on interface [STRING].
Variable fields	$1: IP address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_ACTIVE_ACK_NO_REPLY: No ARP reply from IP 192.168.10.1 was received on interface GigabitEthernet1/0/1.
Explanation	The ARP active acknowledgement feature did not receive an ARP reply after it sent an ARP request to the sender IP of an ARP message. This message indicates the risk of attacks.
Recommended action	1. Verify that the learned ARP entries on the device are consistent with the existing legal devices. When gateways and servers are on the network, check the ARP entries for these devices first. 2. If the ARP entries are correct and the attack continues, contact H3C Support.

ARP_ACTIVE_ACK_NOREQUESTED_REPLY

Message text	Interface [STRING] received from IP [STRING] an ARP reply that was not requested by the device.
Variable fields	$1: Interface name. $2: IP address.
Severity level	6
Example	ARP/6/ARP_ACTIVE_ACK_NOREQUESTED_REPLY: Interface GigabitEthernet1/0/1 received from IP 192.168.10.1 an ARP reply that was not requested by the device.
Explanation	The ARP active acknowledgement feature received an unsolicited ARP reply from a sender IP. This message indicates the risk of attacks.
Recommended action	No action is required. The device discards the ARP reply automatically.

ARP_BINDRULETOHW_FAILED

Message text	Failed to download binding rule to hardware on the interface [STRING], SrcIP [IPADDR], SrcMAC [MAC], VLAN [UINT16], Gateway MAC [MAC].
Variable fields	$1: Interface name. $2: Source IP address. $3: Source MAC address. $4: VLAN ID. $5: Gateway MAC address.
Severity level	5
Example	ARP/5/ARP_BINDRULETOHW_FAILED: Failed to download binding rule to hardware on the interface GigabitEthernet1/0/1, SrcIP 1.1.1.132, SrcMAC 0015-E944-A947, VLAN 1, Gateway MAC 00A1-B812-1108.
Explanation	The system failed to set a binding rule to the hardware on an interface. The message is sent in any of the following situations: · The resources are not sufficient for the operation. · The memory is not sufficient for the operation. · A hardware error occurs.
Recommended action	To resolve the problem: 1. Execute the display qos-acl resource command to check if the ACL resources for the operation are sufficient. ¡ If yes, proceed to step 2. ¡ If no, delete unnecessary configuration to release ACL resources. If no configuration can be deleted, proceed to step 2. 2. Execute the display memory command to check if the memory for the operation is sufficient. ¡ If yes, proceed to step 3. ¡ If no, delete unnecessary configuration to release memory. If no configuration can be deleted, proceed to step 3. 3. Delete the configuration and perform the operation again.

ARP_DETECTION_LOG

Message text	Detected an ARP attack on interface [STRING]: IP [STRING], MAC [STRING], VLAN [STRING]. [UINT32] packet(s) dropped.
Variable fields	$1: Interface name. $2: IP address. $3: MAC address. $4: VLAN ID. $5: Number of dropped packets.
Severity level	5
Example	ARP/5/ARP_INSPECTION: -MDC=1; Detected an ARP attack on interface GigabitEthernet1/0/1: IP 1.1.1.1, MAC 1-1-1, VLAN 100. 2 packet(s) dropped.
Explanation	An ARP attack was detected on an interface and attack packets were dropped.
Recommended action	Check the source of the ARP attack.

ARP_DUPLICATE_IPADDR_DETECT

Message text	Detected an IP address conflict. The device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] and the device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] were using the same IP address [IPADDR].
Variable fields	$1: MAC address. $2: Interface name. (The interface can be a tunnel interface, Layer 3 interface, or Ethernet service instance.) $3: VSI name. $4: MAC address. $5: Interface name. (The interface can be a tunnel interface, Layer 3 interface, or Ethernet service instance.) $6: VSI name. $7: Conflicting IP address.
Severity level	6
Example	ARP/6/ ARP_DUPLICATE_IPADDR_DETECT: Detected an IP address conflict. The device with MAC address 00-00-01 connected to interface GigabitEthernet1/0/1 service-instance 1000 in VSI vpna and the device with MAC address 00-00-02 connected to interface tunnel 10 in VSI vpna were using the same IP address 192.168.1.1.
Explanation	This message is sent when an interface receives an ARP message in which the sender information conflicts with an existing ARP entry. The sender IP address is the same as the IP address in the entry, but the MAC addresses are different.
Recommended action	Change the IP address on either of the two devices.

ARP_DYNAMIC

Message text	The maximum number of dynamic ARP entries for the device reached.
Variable fields	N/A
Severity level	6
Example	ARP/6/ARP_DYNAMIC: The maximum number of dynamic ARP entries for the device reached.
Explanation	The maximum number of dynamic ARP entries for the device was reached.
Recommended action	No action is required.

ARP_DYNAMIC_IF

Message text	The maximum number of dynamic ARP entries for interface [STRING] reached.
Variable fields	$1: Interface name.
Severity level	6
Example	ARP/6/ARP_DYNAMIC_IF: The maximum number of dynamic ARP entries for interface GigabitEthernet1/0/1 reached.
Explanation	The maximum number of dynamic ARP entries for the specified interface was reached.
Recommended action	No action is required.

ARP_DYNAMIC_SLOT

Message text	Pattern 1: The maximum number of dynamic ARP entries for slot [INT32] reached. Pattern 2: The maximum number of dynamic ARP entries for chassis [INT32] slot [INT32] reached.
Variable fields	Pattern 1: $1: Slot number. Pattern 2: $1: Chassis number. $2: Slot number.
Severity level	6
Example	ARP/6/ARP_DYNAMIC_SLOT: The maximum number of dynamic ARP entries for slot 2 reached.
Explanation	Pattern 1: The maximum number of dynamic ARP entries for the slot was reached. Pattern 2: The maximum number of dynamic ARP entries for the slot on the chassis was reached.
Recommended action	No action is required.

ARP_ENTRY_CONFLICT

Message text	The software entry for [STRING] on [STRING] and the hardware entry did not have the same [STRING].
Variable fields	$1: IP address. $2: VPN instance name. If the ARP entry belongs to the public network, this field displays the public network. $3: Inconsistent items: ¡ MAC address. ¡ output interface. ¡ output port. ¡ outermost layer VLAN ID. ¡ second outermost layer VLAN ID. ¡ VSI index. ¡ link ID.
Severity level	6
Example	ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.1 on the VPN a and the hardware entry did not have the same MAC address, output port, VSI index, and link ID. ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.2 on the public network and the hardware entry did not have the same MAC address, output port, VSI index, and link ID.
Explanation	The software entry for the specified IP address is not the same as the hardware entry. For example, they do not have the same output interface.
Recommended action	No action is required. ARP automatically refreshes the hardware entries.

ARP_HOST_IP_CONFLICT

Message text	The host [STRING] connected to interface [STRING] cannot communicate correctly, because it uses the same IP address as the host connected to interface [STRING].
Variable fields	$1: IP address. $2: Interface name. $3: Interface name.
Severity level	4
Example	ARP/4/ARP_HOST_IP_CONFLICT: The host 1.1.1.1 connected to interface GigabitEthernet1/0/1 cannot communicate correctly, because it uses the same IP address as the host connected to interface GigabitEthernet1/0/2.
Explanation	The sender IP address in a received ARP message conflicted with the IP address of a host connected to another interface.
Recommended action	Check whether the hosts that send the ARP messages are legitimate. Disconnect the illegal host from the network.

ARP_LOCALPROXY_ENABLE_FAILED

Message text	Failed to enable local proxy ARP on interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	ARP/4/ARP_LOCALPROXY_ENABLE_FAILED: -MDC=1-Slot=2; Failed to enable local proxy ARP on interface VSI-interface 1.
Explanation	This message is sent when the device fails to enable local proxy ARP on an interface in a slot. If the interface resides on the MPU, the slot number is 0.
Recommended action	1. Verify that the card supports local proxy ARP. 2. Verify that sufficient hardware resources are available.

ARP_RATE_EXCEEDED

Message text	The ARP packet rate ([UINT32] pps) exceeded the rate limit ([UINT32] pps) on interface [STRING] in the last [UINT32] seconds.
Variable fields	$1: ARP packet rate. $2: ARP limit rate. $3: Interface name. $4: Interval time.
Severity level	4
Example	ARP/4/ARP_RATE_EXCEEDED: The ARP packet rate (100 pps) exceeded the rate limit (80 pps) on interface GigabitEthernet1/0/1 in the last 10 seconds.
Explanation	An interface received ARP messages at a higher rate than the rate limit.
Recommended action	Verify that the hosts at the sender IP addresses are legitimate.

ARP_RATELIMIT_NOTSUPPORT

Message text	Pattern 1: ARP packet rate limit is not support on slot [INT32]. Pattern 2: ARP packet rate limit is not support on chassis [INT32] slot [INT32].
Variable fields	Pattern 1: $1: Slot number. Pattern 2: $1: Chassis number. $2: Slot number.
Severity level	6
Example	ARP/6/ARP_RATELIMIT_NOTSUPPORT: ARP packet rate limit is not support on slot 2.
Explanation	Pattern 1: ARP packet rate limit is not supported on the slot. Pattern 2: ARP packet rate limit is not supported on the slot of the chassis was reached.
Recommended action	Verify that the host at the sender IP address is legitimate.

ARP_SENDER_IP_INVALID

Message text	Sender IP [STRING] was not on the same network as the receiving interface [STRING].
Variable fields	$1: IP address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_SENDER_IP_INVALID: Sender IP 192.168.10.2 was not on the same network as the receiving interface GigabitEthernet1/0/1.
Explanation	The sender IP of a received ARP message was not on the same network as the receiving interface.
Recommended action	Verify that the host at the sender IP address is legitimate.

ARP_SENDER_MAC_INVALID

Message text	Sender MAC [STRING] was not identical to Ethernet source MAC [STRING] on interface [STRING].
Variable fields	$1: MAC address. $2: MAC address. $3: Interface name.
Severity level	6
Example	ARP/6/ARP_SENDER_MAC_INVALID: Sender MAC 0000-5E14-0E00 was not identical to Ethernet source MAC 0000-5C14-0E00 on interface GigabitEthernet1/0/1.
Explanation	An interface received an ARP message. The sender MAC address in the message body was not identical to the source MAC address in the Ethernet header.
Recommended action	Verify that the host at the sender MAC address is legitimate.

ARP_SENDER_SMACCONFLICT

Message text	Packet was discarded because its sender MAC address was the MAC address of the receiving interface. Interface: [STRING], sender IP: [STRING], target IP: [STRING].
Variable fields	$1: Interface name. $2: Sender IP address. $3: Target IP address.
Severity level	6
Example	ARP/6/ ARP_SENDER_SMACCONFLICT: Packet discarded for the sender MAC address is the same as the receiving interface. Interface: GigabitEthernet1/0/1 sender IP: 1.1.2.2 target IP: 1.1.2.1,
Explanation	The sender MAC address of a received ARP packet conflicts with the MAC address of the device.
Recommended action	No action is required.

ARP_SENDER_SMACCONFLICT_VSI

Message text	Packet was discarded because its sender MAC address was the MAC address of the receiving interface. Interface: [STRING], sender IP: [STRING], target IP: [STRING],VSI index: [UINT32], link ID: [UINT32].
Variable fields	$1: Interface name. $2: Sender IP address. $3: Target IP address. $4: VSI index. $5: Link ID.
Severity level	6
Example	ARP/6/ ARP_SENDER_SMACCONFLICT_VSI: Packet discarded for the sender MAC address is the same as the receiving interface. Interface: VSI3 sender IP: 1.1.2.2 target IP: 1.1.2.1, VSI Index: 2, Link ID: 0
Explanation	The sender MAC address of a received ARP packet conflicts with the MAC address of the device. The receiving interface is a VSI interface.
Recommended action	No action is required.

ARP_SRC_MAC_FOUND_ATTACK

Message text	An attack from MAC [STRING] was detected on interface [STRING].
Variable fields	$1: MAC address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_SRC_MAC_FOUND_ATTACK: An attack from MAC 0000-5E14-0E00 was detected on interface GigabitEthernet1/0/1.
Explanation	The source MAC-based ARP attack detection feature received more ARP packets from the same MAC address within 5 seconds than the specified threshold. This message indicates the risk of attacks.
Recommended action	Verify that the host at the source MAC address is legitimate.

ARP_SUP_ENABLE_FAILED

Message text	Failed to enable ARP flood suppression on VSI [STRING].
Variable fields	$1: VSI name.
Severity level	4
Example	ARP/4/ARP_SUP_ENABLE_FAILED: -MDC=1; Failed to enable ARP flood suppression on VSI vpna.
Explanation	This message is sent when the system failed to enable ARP flood suppression for a VSI. The minimum interval between two log messages is 2 seconds. To make the system send the message successfully, wait for a minimum of 2 seconds before you enable ARP flood suppression for another VSI.
Recommended action	1. Verify that the device supports ARP flood suppression. 2. Verify that the hardware resources are sufficient.

ARP_TARGET_IP_INVALID

Message text	Target IP [STRING] was not the IP of the receiving interface [STRING].
Variable fields	$1: IP address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_TARGET_IP_INVALID: Target IP 192.168.10.2 was not the IP of the receiving interface GigabitEthernet1/0/1.
Explanation	The target IP address of a received ARP message was not the IP address of the receiving interface.
Recommended action	Verify that the host at the sender IP address is legitimate.

ARP_THRESHOLD_REACHED

Message text	The alarm threshold for dynamic ARP entry learning was reached on interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	ARP/4/ARP_THRESHOLD_REACHED: The alarm threshold for dynamic ARP entry learning was reached on interface GigabitEthernet1/0/1.
Explanation	This message is sent when the alarm threshold for dynamic ARP learning was reached on GigabitEthernet 1/0/1.
Recommended action	Verify that the number of learned dynamic ARP entries matches the actual number of devices in the network and no ARP attack sources exist in the network.

ARP_USER_DUPLICATE_IPADDR_DETECT

Message text	Detected a user IP address conflict. New user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) connecting on interface [STRING] and old user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) connecting on interface [STRING] were using the same IP address [IPADDR].
Variable fields	$1: MAC address of a new user. $2: Outer VLAN to which the new user belongs. $3: Inner VLAN to which the new user belongs. $4: Name of the interface connecting to the new user. $5: MAC address of an old user. $6: Outer VLAN to which the old user belongs. $7: Inner VLAN to which the old user belongs. $8: Name of the interface connecting to the old user. $9: IP address.
Severity level	6
Example	ARP/6/ARP_USER_DUPLICATE_IPADDR_DETECT: Detected a user IP address conflict. New user (MAC 0010-2100-01e1, SVLAN 100, CVLAN 10) connecting on interface GigabitEthernet1/0/1 and old user (MAC 0120-1e00-0102, SVLAN 100, CVLAN 10) connecting on interface GigabitEthernet1/0/1 were using the same IP address 192.168.1.1.
Explanation	ARP detected a user IP address conflict. The IP address of a new user is the same as the IP address of an old user.
Recommended action	Verify that all users have different IP addresses.

ARP_USER_MOVE_DETECT

Message text	Detected a user (IP address [IPADDR], MAC address [STRING]) moved to another interface. Before user move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. After user move: interface [STRING], SVLAN [STRING], CVLAN [STRING].
Variable fields	$1: IP address of the user. $2: MAC address of the user. $3: Interface name before the migration. $4: Outer VLAN to which the user belongs before the migration. $5: Inner VLAN to which the user belongs before the migration. $6: Interface name after the migration. $7: Outer VLAN to which the user belongs after the migration. $8: Inner VLAN to which the user belongs after the migration.
Severity level	6
Example	ARP/6/ARP_USER_MOVE_DETECT: Detected a user (IP address 192.168.1.1, MAC address 0010-2100-01e1) moved to another interface. Before user move: interface GigabitEthernet1/0/1, SVLAN 100, CVLAN 10. After user move: interface GigabitEthernet1/0/2, SVLAN 100, CVLAN 10.
Explanation	ARP detected a user accesses the network through another port.
Recommended action	Use the display arp user-move record command to verify that the migration is legitimate.

DUPIFIP

Message text	Duplicate address [STRING] on interface [STRING], sourced from [STRING].
Variable fields	$1: IP address. $2: Interface name. $3: MAC Address.
Severity level	6
Example	ARP/6/DUPIFIP: Duplicate address 1.1.1.1 on interface GigabitEthernet1/0/1, sourced from 0015-E944-A947.
Explanation	ARP detected a duplicate address. The sender IP in the received ARP packet was being used by the receiving interface.
Recommended action	Modify the IP address configuration.

DUPIP

Message text	IP address [STRING] conflicted with global or imported IP address, sourced from [STRING].
Variable fields	$1: IP address. $2: MAC Address.
Severity level	6
Example	ARP/6/DUPIP: IP address 30.1.1.1 conflicted with global or imported IP address, sourced from 0000-0000-0001.
Explanation	The sender IP address of the received ARP packet conflicted with the global or imported IP address.
Recommended action	Modify the IP address configuration.

DUPVRRPIP

Message text	IP address [STRING] conflicted with VRRP virtual IP address on interface [STRING], sourced from [STRING].
Variable fields	$1: IP address. $2: Interface name. $3: MAC address.
Severity level	6
Example	ARP/6/DUPVRRPIP: IP address 1.1.1.1 conflicted with VRRP virtual IP address on interface GigabitEthernet1/0/1, sourced from 0015-E944-A947.
Explanation	The sender IP address of the received ARP packet conflicted with the VRRP virtual IP address.
Recommended action	Modify the IP address configuration.

AUDIT messages

This section contains application audit and management messages.

AUDIT_RULE_MATCH_AS_IPV4_LOG (system log)

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_AS_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=tonghuashun;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an entertainment or stock application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_FILE_IPV4_LOG (system log)

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],FileName(1097)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: File name $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_FILE_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=ftp;Behavior(1101)=UploadFile;BehaviorContent(1102)={Account(1103)=ghj123,FileName(1097)=abc.txt};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for a file transfer application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_FORUM_IPV4_LOG (system log)

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_FORUM_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=SinaWeibo;Behavior(1101)=Comment;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for a social networking application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_IM_IPV4_LOG (system log)

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING],FileName(1097)=[STRING],FileSize(1105)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: File name. $16: File size. $17: Client type. $18: Application software version. $19: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_IM_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=QQ;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=12345678,Content(1104)=test,FileName(1097)=text,FileSize(1105)=152389};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an IM application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_MAIL_IPV4_LOG (system log)

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Sender_addr(1106)=[STRING],Receiver_addr(1107)=[STRING],Subject(1108)=[STRING],Body(1109)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Sender. $14: Receiver. $15: Subject. $16: Body. $17: Client type. $18: Application software version. $19: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_MAIL_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=smtp;Behavior(1101)=SendMail;BehaviorContent(1102)={Sender_addr(1106)="wb"<[email protected]>,Receiver_addr(1107)=<[email protected]>,Subject(1108)=test,Body(1109)=abc};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an email application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_OTHER_IPV4_LOG (system log)

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Password(1112)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Password. $15: Content. $16: Client type. $17: Application software version. $18: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_OTHER_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=Telnet;Behavior(1101)=Download;BehaviorContent(1102)={Account(1103)=hjk123456,Password(1112)=hhh123,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an unclassified application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_SEARCH_IPV4_LOG (system log)

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Keyword(1095)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Keyword. $14: Client type. $15: Application software version. $16: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_SEARCH_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=BaiduSearch;Behavior(1101)=Search;BehaviorContent(1102)={Keyword(1095)=12345678};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for a search engine application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_AS_IPV4_LOG (fast log)

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Source IPv4 address after NAT. $5: Source port number after NAT. $6: Destination IPv4 address. $7: Destination port number. $8: Destination IPv4 address after NAT. $9: Destination port number after NAT. $10: Source security zone name. $11: Destination security zone name. $12: Username. $13: Application audit and management policy name. $14: Application name. $15: Application behavior. $16: Application behavior content. $17: Account. $18: Content $19: Client type. $20: Application software version. $21: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_AS_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;NATSrcIPAddr(1005)=200.20.20.2;NATSrcPort(1006)=50753;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;NATDstIPAddr(1009)=192.168.56.2;NATDstPort(1010)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=tonghuashun;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an entertainment or stock application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_FILE_IPV4_LOG (fast log)

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],FileName(1097)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Source IPv4 address after NAT. $5: Source port number after NAT. $6: Destination IPv4 address. $7: Destination port number. $8: Destination IPv4 address after NAT. $9: Destination port number after NAT. $10: Source security zone name. $11: Destination security zone name. $12: Username. $13: Application audit and management policy name. $14: Application name. $15: Application behavior. $16: Application behavior content. $17: Account. $18: File name $19: Client type. $20: Application software version. $21: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_FILE_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;NATSrcIPAddr(1005)=200.20.20.2;NATSrcPort(1006)=50753;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;NATDstIPAddr(1009)=192.168.56.2;NATDstPort(1010)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=ftp;Behavior(1101)=UploadFile;BehaviorContent(1102)={Account(1103)=ghj123,FileName(1097)=abc.txt};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for a file transfer application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_FORUM_IPV4_LOG (fast log)

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Source IPv4 address after NAT. $5: Source port number after NAT. $6: Destination IPv4 address. $7: Destination port number. $8: Destination IPv4 address after NAT. $9: Destination port number after NAT. $10: Source security zone name. $11: Destination security zone name. $12: Username. $13: Application audit and management policy name. $14: Application name. $15: Application behavior. $16: Application behavior content. $17: Account. $18: Content. $19: Client type. $20: Application software version. $21: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_FORUM_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;NATSrcIPAddr(1005)=200.20.20.2;NATSrcPort(1006)=50753;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;NATDstIPAddr(1009)=192.168.56.2;NATDstPort(1010)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=SinaWeibo;Behavior(1101)=Comment;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for a social networking application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_IM_IPV4_LOG (fast log)

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING],FileName(1097)=[STRING],FileSize(1105)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Source IPv4 address after NAT. $5: Source port number after NAT. $6: Destination IPv4 address. $7: Destination port number. $8: Destination IPv4 address after NAT. $9: Destination port number after NAT. $10: Source security zone name. $11: Destination security zone name. $12: Username. $13: Application audit and management policy name. $14: Application name. $15: Application behavior. $16: Application behavior content. $17: Account. $18: Content. $19: File name. $20: File size. $21: Client type. $22: Application software version. $23: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_IM_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;NATSrcIPAddr(1005)=200.20.20.2;NATSrcPort(1006)=50753;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;NATDstIPAddr(1009)=192.168.56.2;NATDstPort(1010)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=QQ;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=12345678,Content(1104)=test,FileName(1097)=text,FileSize(1105)=152389};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an IM application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_MAIL_IPV4_LOG (fast log)

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Sender_addr(1106)=[STRING],Receiver_addr(1107)=[STRING],Subject(1108)=[STRING],Body(1109)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Source IPv4 address after NAT. $5: Source port number after NAT. $6: Destination IPv4 address. $7: Destination port number. $8: Destination IPv4 address after NAT. $9: Destination port number after NAT. $10: Source security zone name. $11: Destination security zone name. $12: Username. $13: Application audit and management policy name. $14: Application name. $15: Application behavior. $16: Application behavior content. $17: Sender. $18: Receiver. $19: Subject. $20: Body. $21: Client type. $22: Application software version. $23: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_MAIL_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;NATSrcIPAddr(1005)=200.20.20.2;NATSrcPort(1006)=50753;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;NATDstIPAddr(1009)=192.168.56.2;NATDstPort(1010)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=smtp;Behavior(1101)=SendMail;BehaviorContent(1102)={Sender_addr(1106)="wb"<[email protected]>,Receiver_addr(1107)=<[email protected]>,Subject(1108)=test,Body(1109)=abc};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an email application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_OTHER_IPV4_LOG (fast log)

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Password(1112)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Source IPv4 address after NAT. $5: Source port number after NAT. $6: Destination IPv4 address. $7: Destination port number. $8: Destination IPv4 address after NAT. $9: Destination port number after NAT. $10: Source security zone name. $11: Destination security zone name. $12: Username. $13: Application audit and management policy name. $14: Application name. $15: Application behavior. $16: Application behavior content. $17: Account. $18: Password. $19: Content. $20: Client type. $21: Application software version. $22: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_OTHER_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;NATSrcIPAddr(1005)=200.20.20.2;NATSrcPort(1006)=50753;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;NATDstIPAddr(1009)=192.168.56.2;NATDstPort(1010)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=Telnet;Behavior(1101)=Download;BehaviorContent(1102)={Account(1103)=hjk123456,Password(1112)=hhh123,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an unclassified application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_SEARCH_IPV4_LOG (fast log)

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Keyword(1095)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Source IPv4 address after NAT. $5: Source port number after NAT. $6: Destination IPv4 address. $7: Destination port number. $8: Destination IPv4 address after NAT. $9: Destination port number after NAT. $10: Source security zone name. $11: Destination security zone name. $12: Username. $13: Application audit and management policy name. $14: Application name. $15: Application behavior. $16: Application behavior content. $17: Keyword. $18: Client type. $19: Application software version. $20: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_SEARCH_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;NATSrcIPAddr(1005)=200.20.20.2;NATSrcPort(1006)=50753;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;NATDstIPAddr(1009)=192.168.56.2;NATDstPort(1010)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=BaiduSearch;Behavior(1101)=Search;BehaviorContent(1102)={Keyword(1095)=12345678};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for a search engine application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_AS_IPV6_LOG (system log) (fast log)

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_AS_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=tonghuashun;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for an entertainment or stock application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_FILE_IPV6_LOG (system log) (fast log)

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],FileName(1097)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: File name $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_FILE_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=ftp;Behavior(1101)=UploadFile;BehaviorContent(1102)={Account(1103)=ghj123,FileName(1097)=abc.txt};Client(1110)=PC;SoftVersion(1111)=;
Explanation	This message is generated when an IPv6 packet matches an audit rule for a file transfer application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_FORUM_IPV6_LOG (system log) (fast log)

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_FORUM_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=SinaWeibo;Behavior(1101)=Comment;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for a social networking application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_IM_IPV6_LOG (system log) (fast log)

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING],FileName(1097)=[STRING],FileSize(1105)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: File name. $16: File size. $17: Client type. $18: Application software version. $19: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_IM_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=QQ;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=12345678,Content(1104)=test,FileName(1097)=text,FileSize(1105)=152389};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for an IM application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_MAIL_IPV6_LOG (system log) (fast log)

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Sender_addr(1106)=[STRING],Receiver_addr(1107)=[STRING],Subject(1108)=[STRING],Body(1109)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Sender. $14: Receiver. $15: Subject. $16: Body. $17: Client type. $18: Application software version. $19: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_MAIL_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=smtp;Behavior(1101)=SendMail;BehaviorContent(1102)={Sender_addr(1106)="wb"<[email protected]>,Receiver_addr(1107)=<[email protected]>,Subject(1108)=test,Body(1109)=abc};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for an email application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_OTHER_IPV6_LOG (system log) (fast log)

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Password(1112)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Password. $15: Content. $16: Client type. $17: Application software version. $18: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_OTHER_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=Telnet;Behavior(1101)=Download;BehaviorContent(1102)={Account(1103)=hjk123456,Password(1112)=hhh123,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for an unclassified application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_SEARCH_IPV6_LOG (system log) (fast log)

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Keyword(1095)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Keyword. $14: Client type. $15: Application software version. $16: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_SEARCH_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=BaiduSearch;Behavior(1101)=Search;BehaviorContent(1102)={Keyword(1095)=12345678};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for a search engine application.
Recommended action	No action is required.

AVC messages

This section contains bandwidth management messages.

AVC_MATCH_IPV4_LOG

Message text	Application(1002)=[STRING];UserName(1113)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[USHORT];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[USHORT];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];PolicyName(1079)=[STRING];VistTime(1114)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Application name. $2: User name. $3: Source IPv4 address. $4: Source port number. $5: Destination IPv4 address. $6: Destination port number. $7: Source security zone. $8: Destination security zone. $9: Policy name. $10: Hit time. $11: Rule action.
Severity level	6
Example	AVC/6/AVC_MATCH_IPV4_LOG:Application(1002)=App;UserName(1113)=User1;SrcIPAddr(1003)=12.2.2.2;SrcPort(1004)=5141;DstIPAddr(1007)=13.1.1.14;DstPort(1008)=5784;SrcZoneName(1025)=whx;DstZoneName(1035)=hea;PolicyName(1079)=aaa;VistTime(1114)=Wed, 22 May 2019 16:43:47;Action(1053)=drop;
Explanation	This message is generated and sent to the log host as a fast output log when a packet matches a traffic rule.
Recommended action	None.

AVC_MATCH_IPV6_LOG

Message text	Application(1002)=[STRING];UserName(1113)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[USHORT];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[USHORT];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];PolicyName(1079)=[STRING];VistTime(1114)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Application name. $2: User name. $3: Source IPv6 address. $4: Source port number. $5: Destination IPv6 address. $6: Destination port number. $7: Source security zone. $8: Destination security zone. $9: Policy name. $10: Hit time. $11: Rule action.
Severity level	6
Example	AVC/6/AVC_MATCH_IPV6_LOG:Application(1002)=App;UserName(1113)=User1;SrcIPv6Addr(1036)=12::2;SrcPort(1004)=5141;DstIPv6Addr(1037)=13::4;DstPort(1008)=5784;SrcZoneName(1025)=whx;DstZoneName(1035)=hea;PolicyName(1079)=aaa;VistTime(1114)=Wed, 22 May 2019 16:52:08;Action(1053)=drop;
Explanation	This message is generated and sent to the log host as a fast output log when a packet matches a traffic rule.
Recommended action	None.

AVC_THRESHOLDWARNING_FASTLOGGING_FMT

Message text	SrcIPAddr(1003)=[IPADDR];PolicyName(1079)=[STRING];ProfileName(1158)=[STRING];DeviceInfo(1159)=[STRING];BandwidthUpperLimit(1160)=[UINT32];BandwidthLowerLimit(1161)=[UINT32];UpperWarningValue(1162)=[UINT32];LowerWarningValue(1163)=[UINT32];CurRateValue(1164)=[UINT32];WarningTime(1165)=[STRING];WarningDuration(1166)=[UINT32];
Variable fields	$1: Source IPv4 address. $2: Traffic policy name. $3: Traffic profile name. $4: Device information. $5: Maximum bandwidth threshold in kbps. $6: Minimum bandwidth threshold in kbps. $7: Actual rate in kbps that exceeds the maximum bandwidth threshold. $8: Actual rate in kbps that falls below the minimum bandwidth threshold. $9: Current traffic rate in kbps. $10: Warning time when the device detected a threshold violation. $11: Warning duration. (length of time the threshold violation lasted).
Severity level	6
Example	AVC/6/AVC_THRESHOLDWARNING_FASTLOGGING_FMT:SrcIPAddr(1003)=192.168.1.8;PolicyName(1079)=a;ProfileName(1158)=p;DeviceInfo(1159)=YuShi;BandwidthUpperLimit(1160)=8366;BandwidthLowerLimit(1161)=2091;UpperWarningValue(1162)=6;LowerWarningValue(1163)=6;CurRateValue(1164)=6;WarningTime(1165)=Fri, 8 Oct 2019 17:38:32;WarningDuration(1166)=7;
Explanation	This message is generated and sent to the log host as a fast output log if a threshold violation occurs one minute or more after the previous threshold violation.
Recommended action	None.

AVC_THRESHOLDWARNING_FASTLOGGING_IPV6FMT

Message text	SrcIPv6Addr(1036)=[IPADDR];PolicyName(1079)=[STRING];ProfileName(1158)=[STRING];DeviceInfo(1159)=[STRING];BandwidthUpperLimit(1160)=[UINT32];BandwidthLowerLimit(1161)=[UINT32];UpperWarningValue(1162)=[UINT32];LowerWarningValue(1163)=[UINT32];CurRateValue(1164)=[UINT32];WarningTime(1165)=[STRING];WarningDuration(1166)=[UINT32];
Variable fields	$1: Source IPv6 address. $2: Traffic policy name. $3: Traffic profile name. $4: Device information. $5: Maximum bandwidth threshold in kbps. $6: Minimum bandwidth threshold in kbps. $7: Actual rate in kbps that exceeds the maximum bandwidth threshold. $8: Actual rate in kbps that falls below the minimum bandwidth threshold. $9: Current traffic rate in kbps. $10: Warning time (time when the device detected a threshold violation). $11: Warning duration (length of time the threshold violation lasted).
Severity level	6
Example	AVC/6/AVC_THRESHOLDWARNING_FASTLOGGING_IPV6FMT:SrcIPv6Addr(1036)=2001::1;PolicyName(1079)=a;ProfileName(1158)=p;DeviceInfo(1159)=YuShi;BandwidthUpperLimit(1160)=8366;BandwidthLowerLimit(1161)=2091;UpperWarningValue(1162)=6;LowerWarningValue(1163)=6;CurRateValue(1164)=6;WarningTime(1165)=Fri, 8 Oct 2019 17:38:32;WarningDuration(1166)=7;
Explanation	This message is generated and sent to the log host as a fast output log if a threshold violation occurs more than one minute after the previous threshold violation occurred.
Recommended action	None.

CFGMAN messages

This section contains configuration management messages.

CFGMAN_CFGCHANGED

Message text	-EventIndex=[INT32]-CommandSource=[INT32]-ConfigSource=[INT32]-ConfigDestination=[INT32]; Configuration changed.
Variable fields	$1: Event index in the range of 1 to 2147483647. $2: Configuration change source: ¡ cli—The configuration change came from the CLI. ¡ snmp—The configuration change came from SNMP or was a configuration database change detected by SNMP. ¡ other—The configuration change came from other sources. $3: Source configuration: ¡ erase—Deleting or renaming a configuration file. ¡ running—Saving the running configuration. ¡ commandSource—Copying a configuration file. ¡ startup—Saving the running configuration to the next-startup configuration file. ¡ local—Saving the running configuration to a local file. ¡ networkFtp—Using FTP to transfer and save a configuration file to the device as the running configuration or next-startup configuration file. ¡ hotPlugging—A card hot swapping caused the configuration to be deleted or become ineffective. $4: Destination configuration: ¡ erase—Deleting or renaming a configuration file. ¡ running—Saving the running configuration. ¡ commandSource—Copying a configuration file. ¡ startup—Saving the running configuration to the next-startup configuration file. ¡ local—Saving the running configuration to a local file. ¡ networkFtp—Using FTP to transfer and save a configuration file to the device as the running configuration or next-startup configuration file. ¡ hotPlugging—A card hot swapping caused the configuration to be deleted or become ineffective.
Severity level	5
Example	CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=[6]-CommandSource=[snmp]-ConfigSource=[startup]-ConfigDestination=[running]; Configuration changed.
Explanation	The running configuration changed in the past 10 minutes.
Recommended action	No action is required.

CFGMAN_OPTCOMPLETION

Message text	-OperateType=[INT32]-OperateTime=[INT32]-OperateState=[INT32]-OperateEndTime=[INT32]; Operation completed.
Variable fields	$1: Operation type: ¡ running2startup—Saves the running configuration to the next-startup configuration file. ¡ startup2running—Loads the configuration in the next-startup configuration file. ¡ running2net—Saves the running configuration to a host on the network. ¡ net2running—Transfers a configuration file from a host on the network and loads the configuration. ¡ net2startup—Transfers a configuration file from a host on the network and specifies the file as the next-startup configuration file. ¡ startup2net—Copies the next-startup configuration file to a host on the network. $2: Operation start time. $3: Operation status: ¡ InProcess—Operation is in progress. ¡ success—Operation succeeded. ¡ InvalidOperation—Invalid operation. ¡ InvalidProtocol—Invalid protocol. ¡ InvalidSource—Invalid source file name. ¡ InvalidDestination—Invalid destination file name. ¡ InvalidServer—Invalid server address. ¡ DeviceBusy—The device is busy. ¡ InvalidDevice—Invalid device address. ¡ DeviceError—An error occurred on the device. ¡ DeviceNotWritable—The storage medium on the device is write protected. ¡ DeviceFull—The device does not have enough free storage space for the file. ¡ FileOpenError—Failed to open the file. ¡ FileTransferError—Failed to transfer the file. ¡ ChecksumError—File checksum error. ¡ LowMemory—The memory space is not sufficient. ¡ AuthFailed—User authentication failed. ¡ TransferTimeout—Transfer timed out. ¡ UnknownError—An unknown error occurred. ¡ invalidConfig—Invalid configuration. $4: Operation end time.
Severity level	5
Example	CFGMAN/5/CFGMAN_OPTCOMPLETION: -OperateType=[running2startup]-OperateTime=[248]-OperateState=[success]-OperateEndTime=[959983]; Operation completed.
Explanation	The device is performing or has completed an operation.
Recommended action	If the operation is not successful, locate and resolve the issue.

CLCP

This section contains CLCP messages.

CLCP_CLIENT_LOGIN_FAIL

Message text	Failed to log in. Reason: [STRING].
Variable fields	$1: Login failure reason. Supported values: ¡ Network error. ¡ Incorrect username or password. ¡ Error occurred for communication between license client and license server.
Severity level	4
Example	CLCP/4/CLCP_CLIENT_LOGIN_FAIL: Failed to log in. Reason: Incorrect username or password.
Explanation	The license client failed to log in to the license server.
Recommended action	Handle the issue according to the failure reason: · If the reason is network error, verify that the server address configuration is correct. · If the reason is incorrect username or password, verify that the username and password configured on the device for accessing the license server are the same as those on the license server. · If communication error occurs, contact H3C Support.

CLCP_NEAR_EXPIRE

Message text	License [STRING] will expire in [STRING] days.
Variable fields	$1: Feature name. $2: Remaining validity days.
Severity level	4
Example	CLCP/4/CLCP_NEAR_EXPIRE: License APMGR will expire in 2 days.
Explanation	A license will expire in n days.
Recommended action	Install a new license on the license server.

CLCP_RECLAIM

Message text	License [STRING] was reclaimed. Reason: [STRING].
Variable fields	$1: Feature name. $2: Reclamation reason. Supported values: ¡ The license-based feature was not in use. ¡ The license aged out after the client had been disconnected from the license server for 30 days. ¡ The license was forcibly reclaimed by the license server. ¡ The license expired on the license server. ¡ The license was uninstalled on the license server. ¡ License information is inconsistent between license client and license server. ¡ Unknown.
Severity level	4
Example	CLCP/4/CLCP_RECLAIM: License APMGR was reclaimed. Reason: The license expired on the license server.
Explanation	A license was reclaimed by the license server.
Recommended action	Handle the issue according to the reclamation reason: · If the license-based feature is not in use, no action is required. To use the feature, the license client will automatically request the license again from the license server. · If the license ages out because of long time disconnection, restore the connection between the device and the license server. · If the license is forcibly reclaimed by the license server, no action is required. · If the license expires on the license server, install a new license on the license server. · If the license is uninstalled on the license server, install a new license on the license server. · If license information is inconsistent between license client and license server, the license client will automatically request the license again after the license is reclaimed. In this case, no action is required. If exceptions exist, contact H3C Support. · For unknown reason, the license client will automatically request the license again after the license is reclaimed. In this case, no action is required. If exceptions exist, contact H3C Support.

CLCP _REQUEST_FAIL

Message text	Failed to request license [STRING]. Reason: [STRING].
Variable fields	$1: Feature name. $2: Failure reason. Supported values: ¡ No sufficient license resources on the license server. ¡ Error occurred for communication between license client and license server. ¡ License server system error.
Severity level	4
Example	CLCP/4/CLCP_REQUEST_FAIL: Failed to request license APMGR. Reason: No sufficient license resources on the license server.
Explanation	The license client failed to request a license.
Recommended action	Handle the issue according to the failure reason: · If no sufficient license resources are available on the license server, purchase new licenses and install them on the license server. · If communication error occurs, contact H3C Support. · If a system error exists on the license server, contact H3C Support.

CLCP_RECLAIM_ALARM

Message text	License [STRING] will be reclaimed in [STRING] days. Reason: [STRING].
Variable fields	$1: Feature name. $2: Remaining validity days. $3: Reclamation reason. The value is The license client was disconnected from the license server.
Severity level	4
Example	CLCP/4/CLCP_RECLAIM_ALARM: License APMGR will be reclaimed in 2 days. Reason: The license client was disconnected from the license server.
Explanation	A license will be reclaimed in n days, because the license client has been disconnected from the license server.
Recommended action	Restore the connection between the license client and license server.

CLCP_CLIENT_OFFLINE

Message text	The license client went offline. Reason: [STRING].
Variable fields	$1: Offline reason. Supported values: ¡ The license server forced the license client to go offline. ¡ Client information aged out on the license server. ¡ The license client has been disconnected from the license server for a long time.
Severity level	4
Example	CLCP/4/CLCP_CLIENT_OFFLINE: The license client went offline. Reason: The license server forced the license client to go offline.
Explanation	The license client went offline.
Recommended action	Handle the issue according to the offline reason: · If the license server forces the license client to go offline, no action is required. The device will be automatically reconnected to the license server after a period of time. · If client information ages out on the license server, no action is required. The device will be automatically reconnected to the license server after a period of time. · If the license client has been disconnected from the license server for a long time, restore the connection between the device and the license server.

DEV messages

This section contains device management messages.

AUTOSWITCH_FAULT

Message text	An active/standby or master/subordinate switchover was performed automatically on [STRING], and a fault occurred during the switchover process.
Variable fields	$1: Chassis number. The value is "the device" when the device is in standalone mode.
Severity level	1
Example	DEV/1/ AUTO_SWITCH_FAULT: An active/standby or master/subordinate switchover was performed automatically on Chassis 1, and a fault occurred during the switchover process.
Explanation	A fault occurred during an automatic active/standby or master/subordinate switchover process.
Recommended action	1. Execute the javascript:infosearch(3077425) command to collect and save diagnostic information. 2. Reboot the device manually for clearing the fault. 3. Execute the display device command to display the device status. If the device status is not Normal, contact H3C Support.

AUTOSWITCH_FAULT_REBOOT

Message text	An active/standby or master/subordinate switchover was performed automatically on [STRING], and a fault occurred during the switchover process. The system will immediately restart [STRING] to clear the fault.
Variable fields	$1: Chassis number. The value is "the device" when the device is in standalone mode. $2: Chassis number and slot number or slot number.
Severity level	1
Example	DEV/1/AUTO_SWITCH_FAULT_REBOOT: An active/standby or master/subordinate switchover was performed automatically on Chassis 1, and a fault occurred during the switchover process. The system will immediately restart chassis 1 slot 0 to clear the fault.
Explanation	A fault occurred during an automatic active/standby or master/subordinate switchover process. The device will restart the faulty card immediately to clear the fault.
Recommended action	Execute the display device command to display the card status after the card is rebooted. If the card status is not Normal, contact H3C Support.

BOARD_ALARM_CLEAR

Message text	Board alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	2
Example	DEV/2/BOARD_ALARM_CLEAR: Board alarm cleared. (PhysicalIndex=140, PhysicalName=Level 1 Module 9 on Chassis 1, RelativeResource=1, ErrorCode=441002, Reason=FPGA load failed.)
Explanation	A card alarm was cleared.
Recommended action	No action is required.

BOARD_ALARM_OCCUR

Message text	Board alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	2
Example	DEV/2/BOARD_ALARM_OCCUR: Board alarm occurred. (PhysicalIndex=140, PhysicalName=Level 1 Module 9 on Chassis 1, RelativeResource=1, ErrorCode=441002, Reason=FPGA load failed.)
Explanation	A card alarm occurred.
Recommended action	For more information, review the related alarm information, or contact H3C Support.

BOARD_FATALALARM_OCCUR

Message text	Board fatal alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	1
Example	DEV/1/BOARD_FATALALARM_OCCUR: Board fatal alarm occurred. (PhysicalIndex=180136, PhysicalName=Level 1 Module 5 on Chassis 2, RelativeResource=2/5/0, ErrorCode=000008, Reason=System can't work without SFU board in slot 1.)
Explanation	This message was generated in one of the following situations: · The system cannot operate correctly because a slot is not installed with the correct card. · The system is not installed with the correct type of fabric modules or service modules. For more information, see the fault description.
Recommended action	Execute the display device command to display the fabric module status. If the fabric module status is Normal, but the fault is still present, contact H3C Support.

BOARD_RUNNING_FAULT

Message text	A fault was detected on [STRING].
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	1
Example	DEV/1/ BOARD_FAULT_REBOOT: A fault was detected on Chassis 1 slot 0.
Explanation	A fault was detected on a card.
Recommended action	1. Execute the javascript:infosearch(3077425) command to collect and save diagnostic information. 2. Reboot the card manually for clearing the fault. 3. Execute the display device command to display the card status. If the card status is not Normal, contact H3C Support.

BOARD_RUNNING_FAULT_REBOOT

Message text	A fault was detected on [STRING]. The system will immediately restart [STRING] to clear the fault.
Variable fields	$1: Chassis number and slot number or slot number. $2: Chassis number and slot number or slot number.
Severity level	1
Example	DEV/1/ BOARD_RUNNING_FAULT_REBOOT: A fault was detected on Chassis 1 slot 0. The system will immediately restart Chassis 1 Slot 0 to clear the fault.
Explanation	A fault was detected on a card. The device will restart the card immediately to clear the fault.
Recommended action	If the fault persists after the card reboots, contact H3C Support.

FAN_ALARM_CLEAR

Message text	Fan alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	2
Example	DEV/2/FAN_ALARM_CLEAR: Fan alarm cleared. (PhysicalIndex=199, PhysicalName=Fan 2, RelativeResource=0, ErrorCode=300020, Reason=Fan tray is not present.)
Explanation	A fan tray alarm was cleared.
Recommended action	No action is required.

FAN_ALARM_OCCUR

Message text	Fan alarm occurred. ( PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	2
Example	DEV/2/FAN_ALARM_OCCUR: Fan alarm occurred. (PhysicalIndex=199, PhysicalName=Fan 2, RelativeResource=0, ErrorCode=300020, Reason=Fan tray is not present.)
Explanation	A fan tray alarm occurred.
Recommended action	1. Re-install the fan tray that operates incorrectly. 2. Replace the fan tray. 3. If the issue persists, contact H3C Support.

FAN_FATALALARM_CLEAR

Message text	Fan fatal alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	1
Example	DEV/1/FAN_FATALALARM_CLEAR: Fan warning alarm cleared. (PhysicalIndex=199, PhysicalName=Fan 2, RelativeResource=0, ErrorCode=300016, Reason=The fan resumed running.)
Explanation	A fatal fan tray alarm was cleared.
Recommended action	Contact H3C Support.

FAN_FATALALARM_OCCUR

Message text	Fan fatal alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	1
Example	DEV/1/FAN_FATALALARM_OCCUR: Fan fatal alarm occurred. (PhysicalIndex=199, PhysicalName=Fan 2, RelativeResource=0, ErrorCode=300016, Reason=The fan stopped running.)
Explanation	A fatal fan tray alarm occurred.
Recommended action	Contact H3C Support.

POWER_ALARM_CLEAR

Message text	Power alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	2
Example	DEV/2/POWER_ALARM_CLEAR: Power alarm cleared. (PhysicalIndex=163, PhysicalName=Unknown Power 2, RelativeResource=0, ErrorCode=233001, Reason=Overtemperature occurred on the power supply.)
Explanation	A power supply alarm was cleared.
Recommended action	No action is required.

POWER_ALARM_OCCUR

Message text	Power alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	2
Example	DEV/2/POWER_ALARM_OCCUR: Power alarm occurred. (PhysicalIndex=163, PhysicalName=Unknown Power 2, RelativeResource=0, ErrorCode=233001, Reason=Overtemperature occurred on the power supply.)
Explanation	A power supply alarm was cleared.
Recommended action	1. Execute the display power command to display the power supply status. 2. If the power supply status is Absent, verify that the power supply is installed correctly. 3. Replace the power supply. 4. If the issue persists, contact H3C Support.

POWER_WARNING_CLEAR

Message text	Power warning alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	4
Example	DEV/4/POWER_WARNING_CLEAR: Power warning alarm cleared. (PhysicalIndex=163, PhysicalName=Unknown Power 2, RelativeResource=0, ErrorCode=200037, Reason=No enough power to power on the board in chassis $1 slot $2. Required power is $3 W, available power is $4 W.)
Explanation	A warning power supply alarm was cleared.
Recommended action	No action is required.

POWER_WARNING_OCCUR

Message text	Power warning alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	4
Example	DEV/4/POWER_WARNING_OCCUR: Power warning alarm occurred. (PhysicalIndex=163, PhysicalName=Unknown Power 2, RelativeResource=0, ErrorCode=200037, Reason=No enough power to power on the board in chassis $1 slot $2. Required power is $3 W, available power is $4 W.)
Explanation	A warning power supply alarm occurred.
Recommended action	Replace the power supply or contact H3C Support.

TEMPERATURE_ALARM_CLEAR

Message text	Temperature alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description. $6: Threshold type. $7: Threshold value. $8: Current value.
Severity level	2
Example	DEV/2/TEMPERATURE_ALARM_CLEAR: Temperature alarm cleared. (PhysicalIndex=4011, PhysicalName=Temperature Sensor 1 on Board 0, RelativeResource=0/0, ErrorCode=433009, Reason=Board temperature restored, ThresholdType=LowAlarm, ThresholdValue=7, CurrentValue=31.)
Explanation	A temperature alarm was cleared.
Recommended action	No action is required.

TEMPERATURE_ALARM_OCCUR

Message text	Temperature alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description. $6: Threshold type. $7: Threshold value. $8: Current value.
Severity level	2
Example	DEV/2/TEMPERATURE_ALARM_OCCUR: Temperature alarm occurred. (PhysicalIndex=4011, PhysicalName=Temperature Sensor 1 on Board 0, RelativeResource=0/0, ErrorCode=433009, Reason=Board temperature out of range, ThresholdType=LowAlarm, ThresholdValue=7, CurrentValue=3.)
Explanation	A temperature alarm occurred.
Recommended action	Make sure the ambient temperature is normal.

VOLTAGE_ALARM_CLEAR

Message text	Voltage alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description. $6: Threshold type. $7: Threshold value. $8: Current value.
Severity level	2
Example	DEV/2/VOLTAGE_ALARM_CLEAR: Voltage alarm cleared. (PhysicalIndex=199, PhysicalName=Voltage 2, RelativeResource=0, ErrorCode=420003, Reason=Voltage fell below the high output voltage warning threshold. )
Explanation	A voltage alarm was cleared.
Recommended action	No action is required.

VOLTAGE_ALARM_OCCUR

Message text	Voltage alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description. $6: Threshold type. $7: Threshold value. $8: Current value.
Severity level	2
Example	DEV/2/VOLTAGE_ALARM_OCCUR: Voltage alarm occurred. (PhysicalIndex=4043, PhysicalName=Voltage Sensor 0 on Board 0, RelativeResource=0/0, ErrorCode=420005, Reason=Voltage exceeded the high output voltage shutdown threshold., ThresholdType=LowAlarm, ThresholdValue=1031, CurrentValue=0.)
Explanation	A voltage alarm occurred.
Recommended action	Contact H3C Support.

VOLTAGE_FATALALARM_CLEAR

Message text	Voltage fatal alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description. $6: Threshold type. $7: Threshold value in units. $8: Current value in units.
Severity level	1
Example	DEV/1/VOLTAGE_FATALALARM_CLEAR: Voltage fatal alarm cleared. (PhysicalIndex=5683, PhysicalName=Voltage Sensor 2 on Board 14, RelativeResource=0/14, ErrorCode=420001, Reason= Board powered up, ThresholdType=HighAlarm, ThresholdValue= INVALID, CurrentValue= INVALID)
Explanation	A fatal voltage alarm was cleared.
Recommended action	No action is required.

VOLTAGE_FATALALARM_OCCUR

Message text	Voltage fatal alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description. $6: Threshold type. $7: Threshold value in units. $8: Current value in units.
Severity level	1
Example	DEV/1/VOLTAGE_FATALALARM_OCCUR: Voltage fatal alarm occurred. (PhysicalIndex=5683, PhysicalName=Voltage Sensor 2 on Board 14, RelativeResource=0/14, ErrorCode=420001, Reason=Board failed to power up, ThresholdType=HighAlarm, ThresholdValue=INVALID, CurrentValue= INVALID)
Explanation	A fatal voltage alarm occurred.
Recommended action	1. Execute the display voltage command to verify that the power provided by the power supplies meets the device requirements. 2. If the issue persists, contact H3C Support.

DHCP

This section contains DHCP messages.

DHCP_NORESOURCES

Message text	Failed to apply filtering rules for DHCP packets because hardware resources are insufficient.
Variable fields	N/A
Severity level	3
Example	DHCP/3/DHCP_NORESOURCES: Failed to apply filtering rules for DHCP packets because hardware resources are insufficient.
Explanation	The system failed to apply filtering rules for DHCP packets because the hardware resources are insufficient.
Recommended action	Release hardware resources and then apply the rules again.

DHCP_NOTSUPPORTED

Message text	Failed to apply filtering rules for DHCP packets because some rules are not supported.
Variable fields	N/A
Severity level	3
Example	DHCP/3/DHCP_NOTSUPPORTED: Failed to apply filtering rules for DHCP packets because some rules are not supported.
Explanation	The system failed to apply filtering rules for DHCP packets because some rules are not supported on the device.
Recommended action	No action is required.

DHCPR

This section contains DHCP relay agent messages.

DHCPR_SERVERCHANGE

Message text	Switched to the server at [IPADDR] because the current server did not respond.
Variable fields	$1: IP address of the DHCP server.
Severity level	3
Example	DHCPR/3/DHCPR_SERVERCHANGE: -MDC=1; Switched to the server at 2.2.2.2 because the current server did not respond.
Explanation	The DHCP relay agent did not receive any responses from the current DHCP server and switched to another DHCP server for IP address acquisition.
Recommended action	No action is required.

DHCPR_SWITCHMASTER

Message text	Switched to the master DHCP server at [IPADDR].
Variable fields	$1: IP address of the master DHCP server.
Severity level	3
Example	DHCPR/3/DHCPR_SWITCHMASTER: -MDC=1; Switched to the master DHCP server at 2.2.2.2.
Explanation	After a switchback delay time, the DHCP relay agent switched from a backup DHCP server back to the master DHCP server for IP address acquisition.
Recommended action	No action is required.

DHCPS messages

This section contains DHCP server messages.

DHCPS_ALLOCATE_IP

Message text	DHCP server received a DHCP client's request packet on interface [STRING], and allocated an IP address [IPADDR](lease [UINT32] seconds) for the DHCP client(MAC [MAC]) from [STRING] pool.
Variable fields	$1: Name of the interface on which DHCP server is configured. $2: IPv4 address assigned to the DHCP client. $3: Lease duration of the assigned IPv4 address. $4: MAC address of the DHCP client. $5: Name of the address pool to which the assigned IPv4 address belongs.
Severity level	5
Example	DHCPS/5/DHCPS_ALLOCATE_IP: DHCP server received a DHCP client’s request packet on interface Ethernet0/2, and allocated an IP address 1.0.0.91(lease 86400 seconds) for the DHCP client(MAC 0000-0000-905a) from p1 pool.
Explanation	The DHCP server assigned an IPv4 address with a lease to a DHCP client.
Recommended action	No action is required.

DHCPS_CONFLICT_IP

Message text	A conflict IP [IPADDR] from [STRING] pool was detected by DHCP server on interface [STRING].
Variable fields	$1: IPv4 address that is in conflict. $2: Name of the address pool to which the conflicting IPv4 address belongs. $3: Name of the interface on which DHCP server is configured.
Severity level	5
Example	DHCPS/5/DHCPS_CONFLICT_IP: A conflict IP 100.1.1.1 from p1 pool was detected by DHCP server on interface Ethernet0/2.
Explanation	The DHCP server deleted a conflicting IPv4 address from an address pool.
Recommended action	No action is required.

DHCPS_EXTEND_FAILURE

Message text	Extend request from DHCP client (IP [IPADDR], MAC [MAC]) failed, reply NAK message.
Variable fields	$1: IP address of the DHCP client. $2: MAC address of the DHCP client.
Severity level	5
Example	DHCPS/5/DHCPS_EXTEND_FAILURE: Extend request from DHCP client (IP 1.0.0.91, MAC 0000-0000-905a) failed, reply NAK message.
Explanation	The DHCP server failed to extend the lease for a DHCP client and replied a DHCP-NAK message.
Recommended action	No action is required.

DHCPS_EXTEND_IP

Message text	DHCP server received a DHCP client's request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IP [IPADDR], MAC [MAC]).
Variable fields	$1: Name of the interface on which DHCP server is configured. $2: Name of the address pool to which the client's IPv4 address belongs. $3: IPv4 address of the DHCP client. $4: MAC address of the DHCP client.
Severity level	5
Example	DHCPS/5/DHCPS_EXTEND_IP: DHCP server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IP 1.0.0.91, MAC 0000-0000-905a).
Explanation	The DHCP server extended the lease for a DHCP client.
Recommended action	No action is required.

DHCPS_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPS/4/DHCPS_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCP server failed to back up DHCP bindings to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DHCPS_RECLAIM_IP

Message text	DHCP server reclaimed a [STRING] pool’s lease(IP [IPADDR], lease [UINT32] seconds), which is allocated for the DHCP client (MAC [MAC]).
Variable fields	$1: Name of the address pool to which the assigned IPv4 address belongs. $2: IPv4 address assigned to the DHCP client. $3: Lease duration of the assigned IPv4 address. $4: MAC address of the DHCP client.
Severity level	5
Example	DHCPS/5/DHCPS_RECLAIM_IP: DHCP server reclaimed a p1 pool’s lease(IP 1.0.0.91, lease 86400 seconds), which is allocated for the DHCP client (MAC 0000-0000-905a).
Explanation	The DHCP server reclaimed the IPv4 address assigned to a DHCP client.
Recommended action	No action is required.

DHCPS_UNAVAILABLE_POOL

Message text	Available address pool [STRING] cannot be found.
Variable fields	$1: Address pool name. This field is displayed if the address pool is an authorized pool or a DHCP policy-assigned pool.
Severity level	5
Example	DHCPS/5/DHCPS_UNAVAILABLE_POOL: Available address pool 1 cannot be found.
Explanation	The DHCP server cannot find an available address pool.
Recommended action	Configure an address pool available for address assignment.

DHCPS_VERIFY_CLASS

Message text	Illegal DHCP client-PacketType=[STRING]-ClientAddress=[MAC];
Variable fields	$1: Type of the packet. $2: Hardware address of the DHCP client.
Severity level	5
Example	DHCPS/5/DHCPS_VERIFY_CLASS: Illegal DHCP client-PacketType= DHCPDISCOVER-ClientAddress=0000-5e01-0104;
Explanation	The DHCP server verified that the DHCP client was not on the user class whitelist.
Recommended action	Check the validity of the DHCP client.

DHCPS6 messages

This section contains DHCPv6 server messages.

DHCPS6_ALLOCATE_ADDRESS

Message text	DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 address [IPADDR] (lease [UINT32] seconds) for the DHCP client(DUID [HEX], IAID [HEX]) from [STRING] pool.
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: IPv6 address assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 address. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. $6: Name of the address pool to which the assigned IPv6 address belongs.
Severity level	5
Example	DHCPS6/5/DHCPS6_ALLOCATE_ADDRESS: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and allocated an IPv6 address 2000::3(lease 60 seconds) for the DHCP client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool.
Explanation	The DHCPv6 server assigned an IPv6 address with a lease to a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_ALLOCATE_PREFIX

Message text	DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 prefix [IPADDR] (lease [UINT32] seconds) for the DHCP client(DUID [HEX], IAID [HEX]) from [STRING] pool.
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: IPv6 prefix assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 prefix. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. $6: Name of the address pool to which the assigned IPv6 prefix belongs.
Severity level	5
Example	DHCPS6/5/DHCPS6_ALLOCATE_PREFIX: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and allocated an IPv6 prefix 2000::(lease 60 seconds) for the DHCP client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool.
Explanation	The DHCPv6 server assigned an IPv6 prefix with a lease to a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_CONFLICT_ADDRESS

Message text	A conflict IPv6 address [IPADDR] from [STRING] pool was detected by DHCPv6 server on interface [STRING].
Variable fields	$1: IPv6 address that is in conflict. $2: Name of the address pool to which the conflicting IPv6 address belongs. $3: Name of the interface on which DHCPv6 server is configured.
Severity level	5
Example	DHCPS6/5/DHCPS6_CONFLICT_ADDRESS: A conflict IPv6 address 33::1 from p1 pool was detected by DHCPv6 server on interface Ethernet0/2.
Explanation	The DHCPv6 server deleted a conflicting IPv6 address from an address pool.
Recommended action	No action is required.

DHCPS6_EXTEND_ADDRESS

Message text	DHCPv6 server received a DHCP client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IPv6 address [IPADDR], DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: Name of the address pool to which the client's IPv6 address belongs. $3: IPv6 address of the DHCPv6 client. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_EXTEND_ADDRESS: DHCPv6 server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IPv6 address 2000::3, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server extended the address lease for a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_EXTEND_ADDRESS_FAILURE

Message text	Extend request for address from DHCPv6 client (IPv6 address [IPADDR], DUID [HEX], IAID [HEX]) failed.
Variable fields	$1: IPv6 address of the DHCPv6 client. $2: DUID of the DHCPv6 client. $3: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_EXTEND_ADDRESS_FAILURE: Extend request for address from DHCPv6 client (IPv6 address 2000::3, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) failed.
Explanation	The DHCPv6 server failed to extend the address lease for a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_EXTEND_PREFIX

Message text	DHCPv6 server received a DHCP client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IPv6 prefix [IPADDR], DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: Name of the address pool to which the client's IPv6 prefix belongs. $3: IPv6 prefix of the DHCPv6 client. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_EXTEND_PREFIX: DHCPv6 server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IPv6 prefix 2000::, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server extended the prefix lease for a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_EXTEND_PREFIX_FAILURE

Message text	Extend request for prefix from DHCPv6 client (IPv6 prefix [IPADDR], DUID [HEX], IAID [HEX]) failed.
Variable fields	$1: IPv6 prefix of the DHCPv6 client. $2: DUID of the DHCPv6 client. $3: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_EXTEND_PREFIX_FAILURE: Extend request for prefix from DHCPv6 client (IPv6 prefix 2000::, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) failed.
Explanation	The DHCPv6 server failed to extend the prefix lease for a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPS6/4/DHCPS6_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCPv6 server failed to back up DHCPv6 bindings to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DHCPS6_RECLAIM_ADDRESS

Message text	DHCPv6 server reclaimed a [STRING] pool's lease(IPv6 address [IPADDR], lease [UINT32] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the address pool to which the assigned IPv6 address belongs. $2: IPv6 address assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 address. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_RECLAIM_ADDRESS: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 address 2000::3, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server reclaimed the IPv6 address assigned to a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_RECLAIM_PREFIX

Message text	DHCPv6 server reclaimed a [STRING] pool’s lease(IPv6 prefix [IPADDR], lease [INTEGER] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the address pool to which the assigned IPv6 prefix belongs. $2: IPv6 prefix assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 prefix. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_RECLAIM_PREFIX: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 prefix 2000::, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server reclaimed the IPv6 prefix assigned to a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_UNAVAILABLE_POOL

Message text	Available [STRING] pool [STRING] cannot be found.
Variable fields	$1: Address pool or prefix pool. $2: Name of the address pool or prefix pool. This field is displayed in one of the following conditions: ¡ The address pool is an authorized pool or a DHCP policy-assigned pool. ¡ The prefix pool is specified in an address pool.
Severity level	5
Example	DHCPS6/5/DHCPS6_UNAVAILABLE_POOL: Available address pool 1 cannot be found.
Explanation	The DHCPv6 server cannot find an available IPv6 address or prefix pool.
Recommended action	Configure an IPv6 address pool or prefix pool available for address assignment.

DHCPSP4

This section contains DHCP snooping messages.

DHCPSP4_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPSP4/4/DHCPSP4_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCP snooping device failed to back up DHCP snooping entries to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DHCPSP4_UNTRUSTED_SERVER

Message text	Detected reply packet from untrusted server. Server info: IPaddress = [IPADDR], MACaddress = [MAC], Interface = [STRING].
Variable fields	$1: IP address of the untrusted DHCP server. $2: MAC address of the untrusted DHCP server. $3: Name of the interface that connects to the untrusted DHCP server.
Severity level	4
Example	DHCPSP4/4/DHCPSP4_UNTRUSTED_SERVER: Detected reply packet from untrusted server. Server Info: IPaddress = 192.168.1.1, MACaddress = 78a0-7aa4-0307, Interface = GigabitEthernet1/0/1.
Explanation	This message is sent when the DHCP snooping device detects and drops a DHCP reply from an untrsusted DHCP server.
Recommended action	Locate the untrusted DHCP server according to the IP address and MAC address information, and isolate the server if necessary.

DHCPSP4_DROP_PACKET

Message text	DHCP snooping dropped a packet: Message type = [TYPE] Client hardware address = [MAC] Server ID = [IPADDR] Client address = [IPADDR] Drop reason: [STRING]
Variable fields	$1: DHCP packet type. $2: MAC address of the DHCP client. $3: IP address of the DHCP server. $4: IP address of the DHCP client. $5: Reason why the DHCP packet is dropped. ¡ The sending and receiving interfaces are not in the same VLAN. ¡ The DHCP packet failed to pass the MAC address check. ¡ The DHCP packet failed to pass the DHCP-REQUEST check. ¡ The DHCP packet failed to pass the giaddr address check.
Severity level	5
Example	DHCPSP4/5/DHCPSP4_DROP_PACKET: DHCP snooping dropped a packet: Message type = DHCPDISCOVER Client hardware address = 7ec9-5ce2-1600 Server ID = 0.0.0.0 Client address = 0.0.0.0 Drop reason: The DHCP packet failed to pass the giaddr address check.
Explanation	This message is sent when the number of invalid DHCP packets received by the DHCP snooping device reaches or exceeds the alarm threshold.
Recommended action	Figure out the reason why the client failed to obtain an IP address through DHCP and address the issue according to the IP address and MAC address information on the log.

DHCPSP6

This section contains DHCPv6 snooping messages.

DHCPSP6_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPSP6/4/DHCPSP6_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCPv6 snooping device failed to back up DHCPv6 snooping entries to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DHCPSP6_DROP_PACKET

Message text	DHCPv6 snooping dropped a packet: Incoming interface = [STRING] Message type = [TYPE] Client hardware address = [MAC] Drop reason: [STRING]
Variable fields	$1: Interface that received the DHCPv6 packet. $2: DHCPv6 packet type. $3: MAC address of the DHCPv6 client. $4: Reason why the DHCPv6 packet is dropped. ¡ The DHCPv6 packet failed to pass the source address check. ¡ The DHCPv6 packet failed to pass the DHCPv6-REQUEST check. ¡ The DHCPv6 packet failed to pass the RELAY-FORW check.
Severity level	5
Example	DHCPSP6/5/DHCPSP6_DROP_PACKET: DHCPv6 snooping drop a packet: Incoming interface = GigabitEthernet2/0/1 Message type = SOLICIT Client hardware address = 7ec9-5ce2-1600 Drop reason: The DHCPv6 packet failed to pass the RELAY-FORW check.
Explanation	This message is sent when the number of invalid DHCPv6 packets received by the DHCPv6 snooping device reaches or exceeds the alarm threshold.
Recommended action	Figure out the reason why the client failed to obtain an IPv6 address through DHCP and address the issue according to the interface and MAC address information on the log.

DIAG messages

This section contains diagnostic messages.

CORE_EXCEED_THRESHOLD

Message text	Usage of CPU [INT] core [INT] exceeded the threshold ([string]).
Variable fields	$1: CPU number. $2: CPU core number. $3: Severe usage alarm threshold.
Severity level	3
Example	DIAG/3/CORE_EXCEED_THRESHOLD: Usage of CPU 0 core 2 exceeded the threshold (90%).
Explanation	The usage of the specified CPU core exceeded the severe usage alarm threshold. The CPU core usage was in severe alarm state.
Recommended action	1. Execute the display process cpu and monitor thread commands to display CPU usage information about all processes. 2. Contact the technical support.

CORE_MINOR_RECOVERY

Message text	Core usage minor alarm CPU [INT] core [INT] removed.
Variable fields	$1: CPU number. $2: CPU core number.
Severity level	5
Example	DIAG/5/CORE_MINOR_RECOVERY: Core usage alarm CPU 0 core 1 removed.
Explanation	The usage of the specified CPU core dropped to or below the minor usage alarm threshold. The minor alarm was removed.
Recommended action	No action is required.

CORE_MINOR_THRESHOLD

Message text	Usage of CPU [INT] core [INT] exceeded the threshold ([string]).
Variable fields	$1: CPU number. $2: CPU core number. $3: Minor usage alarm threshold.
Severity level	4
Example	DIAG/4/CORE_MINOR_THRESHOLD: Usage of CPU 0 core 2 exceeded the threshold (80%).
Explanation	The usage of the specified CPU core was greater than the minor usage alarm threshold. The CPU core usage was in minor alarm state.
Recommended action	1. Execute the display process cpu and monitor thread commands to display CPU usage information about all processes. 2. Contact the technical support.

CORE_RECOVERY

Message text	Core usage alarm CPU [INT] core [INT] removed.
Variable fields	$1: CPU number. $2: CPU core number.
Severity level	3
Example	DIAG/3/CORE_RECOVERY: Core usage alarm CPU 0 core 1 removed.
Explanation	The usage of the specified CPU core dropped to or below the severe usage alarm threshold. The severe alarm was removed.
Recommended action	No action is required.

CPU_MINOR_RECOVERY

Message text	CPU usage recovered to normal state.
Variable fields	N/A
Severity level	5
Example	DIAG/5/CPU_MINOR_THRESHOLD: CPU usage recovered to normal state.
Explanation	The CPU usage decreased below the recovery threshold. The minor alarm was removed and the CPU usage status changed from minor alarm state to recovered state.
Recommended action	No action is required.

CPU_MINOR_THRESHOLD

Message text	CPU usage is in minor alarm state.
Variable fields	N/A
Severity level	4
Example	DIAG/4/CPU_MINOR_THRESHOLD: CPU usage is in minor alarm state.
Explanation	The CPU usage increased above the minor alarm threshold and entered minor alarm state. The device sends this message periodically until the CPU usage increases above the severe threshold or the minor alarm is removed.
Recommended action	Operate according to prompt information and use CPU resource reasonably.

CPU_SEVERE_RECOVERY

Message text	CPU usage severe alarm removed.
Variable fields	N/A
Severity level	5
Example	DIAG/5/CPU_RECOVERY: CPU usage severe alarm removed.
Explanation	The CPU usage decreased to or below the minor alarm threshold and the severe alarm was removed.
Recommended action	No action is required.

CPU_SEVERE_THRESHOLD

Message text	CPU usage severe alarm removed.
Variable fields	N/A
Severity level	3
Example	DIAG/3/CPU_THRESHOLD: CPU usage is in severe alarm state.
Explanation	The CPU usage increased above the severe alarm threshold and entered severe alarm state. The device sends this message periodically until the severe alarm is removed.
Recommended action	Use the display current-configuration \| include "monitor cpu-usage" command to view the alarm thresholds. Use the monitor cpu-usage command to adjust the alarm thresholds as required.

DIAG_FD_UPLIMIT_REACHED

Message text	FD number upper limit already reached: Process name=[STRING], PID=[INTEGER].
Variable fields	$1: Name of a process. $2: ID of the process.
Severity level	4
Example	DIAG/4/DIAG_FD_UPLIMIT_REACHED: FD number upper limit already reached: Process name=snmpd, PID=244.
Explanation	The maximum number of file descriptors that a process can use has been reached.
Recommended action	No action is required.

DIAG_FD_UPLIMIT_TO_REACH

Message text	Number of FDs is about to reach the upper limit: Process name=[STRING], PID=[INTEGER].
Variable fields	$1: Name of a process. $2: ID of the process.
Severity level	4
Example	DIAG/4/DIAG_FD_UPLIMIT_TO_REACH: Number of FDs is about to reach the upper limit. Process name=snmpd, PID=244.
Explanation	The maximum number of file descriptors that a process can use was about to be reached.
Recommended action	No action is required.

DIAG_STORAGE_BELOW_THRESHOLD

Message text	The usage of [STRING] ([UINT32]%) was below or equal to the threshold of [UINT32]%.
Variable fields	$1: Name of the storage medium. $2: Disk usage of the storage medium. $3: Disk usage threshold for the storage medium.
Severity level	1
Example	DIAG/1/DIAG_STORAGE_BELOW_THRESHOLD: The usage of flash (90%) was below or equal to the threshold of 95%.
Explanation	This message indicates that the storage medium has sufficient space, because the disk usage is not higher than the threshold.
Recommended action	No action is required.

DIAG_STORAGE_EXCEED_THRESHOLD

Message text	The usage of [STRING] ([UINT32]%) exceeded the threshold of [UINT32]%.
Variable fields	$1: Name of the storage medium. $2: Disk usage of the storage medium. $3: Disk usage threshold for the storage medium.
Severity level	1
Example	DIAG/1/DIAG_STORAGE_EXCEED_THRESHOLD: The usage of flash (96%) exceeded the threshold of 95%.
Explanation	This message indicates that the storage medium does not have sufficient space, because the disk usage is higher than the threshold.
Recommended action	For files not in use, for example, log files and history software packages, execute the delete /unreserved command to delete the files or back up the files and then execute the delete /unreserved command to delete the files.

MEM_ALERT

Message text	system memory info: total used free shared buffers cached Mem: [ULONG] [ULONG] [ULONG] [ULONG] [ULONG] [ULONG] -/+ buffers/cache: [ULONG] [ULONG] Swap: [ULONG] [ULONG] [ULONG] Lowmem: [ULONG] [ULONG] [ULONG]
Variable fields	· Mem—Memory information of the whole system: ¡ $1: Total size of allocatable physical memory. The system physical memory contains allocatable physical memory and unallocatable physical memory. Unallocatable physical memory is mainly used for kernel code storage, kernel management, and running of basic functions. Allocatable physical memory is used for such tasks as running service modules and storing files. The size of unallocatable physical memory is automatically calculated based on the system operation requirements. The size of allocatable physical memory is the total physical memory size minus the unallocatable physical memory size. ¡ $2: Size of the physical memory used by the system. ¡ $3: Size of free physical memory of the system. ¡ $4: Total size of physical memory shared by processes. ¡ $5: Size of physical memory used for buffers. ¡ $6: Size of physical memory used for caches. · -/+ buffers/cache—Memory usage information of applications: ¡ $7: -/+ Buffers/Cache:used = Mem:Used – Mem:Buffers – Mem:Cached, which indicates the size of physical memory used by applications. ¡ $8: -/+ Buffers/Cache:free = Mem:Free + Mem:Buffers + Mem:Cached, which indicates the size of physical memory available for applications. · Swap—Swap memory usage information: ¡ $9: Total size of swap memory. ¡ $10: Size of used swap memory. ¡ $11: Size of free swap memory. · Lowmem—Low memory usage information: ¡ $12: Total size of low memory. ¡ $13: Size of used low memory. ¡ $14: Size of free low memory.
Severity level	4
Example	DIAG/4/MEM_ALERT: system memory info: total used free shared buffers cached Mem: 1784424 920896 863528 0 0 35400 -/+ buffers/cache: 885496 898928 Swap: 0 0 0 Lowmem: 735848 637896 97952
Explanation	A memory alarm was generated, displaying memory usage information. The system generates this message when the used memory is greater than or equal to the minor, severe, or critical threshold of memory usage.
Recommended action	You can perform the following tasks to help remove the alarm: · Verify that appropriate alarm thresholds are set. To view the alarm thresholds, use the display memory-threshold command. Then you can use the memory-threshold command to modify the alarm thresholds if required. · Verify that the device is not under attack by checking the ARP table and routing table. · Examine and optimize the network, for example, reduce the number of routes, or replace the device with a higher-performance device.

MEM_BELOW_THRESHOLD

Message text	Memory usage has dropped below [STRING] threshold.
Variable fields	$1: Memory usage threshold name: minor, severe, or critical.
Severity level	1
Example	DIAG/1/MEM_BELOW_THRESHOLD: Memory usage has dropped below critical threshold.
Explanation	A memory alarm was removed. The message is sent when the system free memory is greater than a memory alarm recovery threshold.
Recommended action	No action is required.

MEM_EXCEED_THRESHOLD

Message text	Memory [STRING] threshold has been exceeded.
Variable fields	$1: Memory usage threshold name: minor, severe, or critical.
Severity level	1
Example	DIAG/1/MEM_EXCEED_THRESHOLD: Memory minor threshold has been exceeded.
Explanation	A memory alarm was notified. When the used memory size is greater than or equal to the minor, severe, or critical threshold of memory usage, the system generates this message and notifies services modules to perform auto repair, such as releasing memory and stopping requesting memory.
Recommended action	You can perform the following tasks to help remove the alarm: · Verify that appropriate alarm thresholds are set. To view the alarm thresholds, use the display memory-threshold command. Then you can use the memory-threshold command to modify the alarm thresholds if required. · Verify that the device is not under attack by checking the ARP table and routing table. · Examine and optimize the network, for example, reduce the number of routes or replace the device with a higher-performance device.

DIM engine messages

This section contains DPI engine messages.

DIM_SIGNATURE_WARNING

Message text	Failed to write signature file to storage, there is not enough frees space.
Severity level	4
Example	DPI/4/DIM_SIGNATURE_WARNING: Failed to write signature file to storage, there is not enough frees space.
Explanation	This message is generated when a signature library fails to be updated or rolled back due to insufficient storage space in the flash memory.
Recommended action	Release some storage space in the flash memory before updating or rolling back a signature library.

DIM_ACTIVE_WARNING

Message text	DIM active failed while memory recover from alert status. please try to reduce memory use and then active again.
Severity level	4
Example	DPI/4/DIM_ACTIVE_WARNING: DIM active failed while memory recover from alert status. please try to reduce memory use and then active again.
Explanation	This message is generated when the device fails to activate the DPI engine due to insufficient memory space.
Recommended action	Release some storage space and then execute the inspect activate command.

DOT1X messages

This section contains 802.1X messages.

DOT1X_CONFIG_NOTSUPPORT

Message text	802.1X is not supported on interface [STRING].
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_CONFIG_NOTSUPPORT: 802.1X is not supported on interface GigabitEthernet1/0/1.
Explanation	The interface does not support 802.1X configuration.
Recommended action	No action is required.

DOT1X_LOGIN_FAILURE

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-ErrCode=[STRING]; User failed 802.1X authentication. Reason: [STRING].
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: Error code. $6: Failure cause: · MAC address authorization failed. · VLAN authorization failed. · VSI authorization failed. · ACL authorization failed. · User profile authorization failed. · URL authorization failed. · Microsegment authorization failed.
Severity level	6
Example	DOT1X/6/DOT1X_LOGIN_FAILURE: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0001-0020-VLANID=2-Username=aaa-ErrCode=5; User failed 802.1X authentication. Reason: ACL authorization failed.
Explanation	The user failed 802.1X authentication for a specific reason.
Recommended action	Locate the failure cause and handle the issue according to the failure cause.

DOT1X_LOGIN_SUCC

Message text	-IfName=[STRING]-MACAddr=[STRING]-AccessVLANID=[STRING]-AuthorizationVLANID=[STRING]-Username=[STRING]; User passed 802.1X authentication and came online.
Variable fields	$1: Interface type and number. $2: MAC address. $3: ID of the access VLAN. $4: ID of the authorization VLAN. $5: Username.
Severity level	6
Example	DOT1X/6/DOT1X_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-AccessVLANID=444-AuthorizationVLANID=444-Username=aaa; User passed 802.1X authentication and came online.
Explanation	The user passed 802.1X authentication.
Recommended action	No action is required.

DOT1X_LOGIN_SUCC (in open mode)

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; The user that failed 802.1X authentication passed open authentication and came online.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username.
Severity level	6
Example	DOT1X/6/DOT1X_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9; The user that failed 802.1X authentication passed open authentication and came online.
Explanation	A user failed 802.1X authentication but passed open authentication.
Recommended action	No action is required.

DOT1X_LOGOFF

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; 802.1X user was logged off.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username.
Severity level	6
Example	DOT1X/6/DOT1X_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa; 802.1X user was logged off.
Explanation	The 802.1X user was logged off as requested.
Recommended action	No action is required.

DOT1X_LOGOFF (in open mode)

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; 802.1X open user was logged off.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username.
Severity level	6
Example	DOT1X/6/DOT1X_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa; 802.1X open user was logged off.
Explanation	An 802.1X open user was logged off as requested.
Recommended action	No action is required.

DOT1X_LOGOFF_ABNORMAL

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-ErrCode=[STRING]; 802.1X user was logged off abnormally.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: Error code.
Severity level	6
Example	DOT1X/6/DOT1X_LOGOFF_ABNORMAL:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa-ErrCode=11; 802.1X user was logged off abnormally.
Explanation	The 802.1X user was logged off abnormally.
Recommended action	Locate the logoff cause and remove the issue.

DOT1X_LOGOFF_ABNORMAL (in open mode)

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-ErrCode=[STRING]; 802.1X open user was logged off abnormally.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: Error code.
Severity level	6
Example	DOT1X/6/DOT1X_LOGOFF_ABNORMAL:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa-ErrCode=11; 802.1X open user was logged off abnormally.
Explanation	An 802.1X open user was logged off abnormally.
Recommended action	Locate the logoff cause and remove the issue.

DOT1X_MACBINDING_EXIST

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; MAC address was already bound to interface [STRING].
Variable fields	$1: Type and number of the access interface. $2: MAC address. $3: VLAN ID. $4: Username. $5: Type and number of the interface to which the MAC address was bound.
Severity level	6
Example	DOT1X/6/DOT1X_MACBINDING_EXIST: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0001-0020-VLANID=2-Username=aaa; MAC address was already bound to interface GigabitEthernet1/0/3.
Explanation	The user failed to come online on an interface because its MAC address was already bound to another interface.
Recommended action	Delete the related 802.1X MAC address binding entry from the bound interface.

DOT1X_NOTENOUGH_EADFREEIP_RES

Message text	Failed to assign a rule for free IP [IPADDR] on interface [STRING] due to lack of ACL resources.
Variable fields	$1: Free IP. $2: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_EADFREEIP_RES: Failed to assign a rule for free IP 1.1.1.0 on interface Ethernet3/1/2 due to lack of ACL resources.
Explanation	The device failed to assign an ACL rule to permit a free IP on an interface because of ACL resource shortage.
Recommended action	No action is required.

DOT1X_NOTENOUGH_EADFREEMSEG_RES

Message text	Failed to assign a rule for free microsegment [microsegment-id] on interface [STRING] due to lack of ACL resources.
Variable fields	$1: Free microsegment ID. $2: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_EADFREEMSEG_RES: Failed to assign a rule for free microsegment 1 on interface Ethernet3/1/2 due to lack of ACL resources.
Explanation	The device failed to assign an ACL rule to permit a free microsegment on an interface because of ACL resource shortage.
Recommended action	Disable 802.1X on the interface, and then re-enable 802.1X.

DOT1X_NOTENOUGH_EADFREERULE_RES

Message text	Failed to assign a rule for permitting DHCP and DNS packets on interface [STRING] due to lack of ACL resources.
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_EADFREERULE_RES: Failed to assign a rule for permitting DHCP and DNS packets on interface Ethernet3/1/2 due to lack of ACL resources.
Explanation	The device failed to assign an ACL rule to permit DHCP and DNS packets on an interface because of ACL resource shortage.
Recommended action	No action is required.

DOT1X_NOTENOUGH_EADMACREDIR_RES

Message text	Failed to assign a rule for redirecting HTTP packets with source MAC address [MAC] on interface [STRING].
Variable fields	$1: Source MAC address of HTTP packets. $2: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_EADMACREDIR_RES: Failed to assign a rule for redirecting HTTP packets with source MAC address 00e0-fc00-5915 on interface Ethernet3/1/2.
Explanation	The device failed to redirect HTTP packet with the designated source MAC on an interface because of ACL resource shortage.
Recommended action	No action is required.

DOT1X_NOTENOUGH_EADPORTREDIR_RES

Message text	Failed to assign a rule for redirecting HTTP packets on interface [STRING] due to lack of ACL resources.
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_EADPORTREDIR_RES: Failed to assign a rule for redirecting HTTP packets on interface Ethernet3/1/2 due to lack of ACL resources.
Explanation	The device failed to assign an ACL rule to redirect HTTP packets on an interface because of ACL resource shortage.
Recommended action	No action is required.

DOT1X_NOTENOUGH_ENABLEDOT1X_RES

Message text	Failed to enable 802.1X on interface [STRING] due to lack of ACL resources.
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_ENABLEDOT1X_RES: Failed to enable 802.1X on interface Ethernet3/1/2 due to lack of ACL resources.
Explanation	Failed to enable 802.1X on an interface because of ACL resource shortage.
Recommended action	Disable 802.1X on the interface, and then re-enable 802.1X.

DOT1X_PEXAGG_NOMEMBER_RES

Message text	Failed to enable 802.1X on interface [STRING] because the Layer 2 extended-link aggregate interface does not have member ports.
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_PEXAGG_NOMEMBER_RES: Failed to enable 802.1X on interface Bridge-Aggregation100 because the Layer 2 extended-link aggregate interface does not have member ports.
Explanation	Failed to enable 802.1X on a Layer 2 extended-link aggregate interface because the interface does not have member ports.
Recommended action	Disable 802.1X on the interface, add a member port to the interface, and then re-enable 802.1X.

DOT1X_SMARTON_FAILURE

Message text	-IfName=[STRING]-MACAddr=[STRING]; User failed SmartOn authentication because [STRING].
Variable fields	$1: Interface type and number. $2: MAC address. $3: Cause of failure: · the password was wrong. · the switch ID was wrong.
Severity level	6
Example	DOT1X/6/DOT1X_SMARTON_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; User failed SmartOn authentication because the password was wrong.
Explanation	SmartOn authentication failed for a specific reason.
Recommended action	Handle the issue according to the failure cause.

DOT1X_UNICAST_NOT_EFFECTIVE

Message text	The unicast trigger feature is enabled but is not effective on interface [STRING].
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_UNICAST_NOT_EFFECTIVE: The unicast trigger feature is enabled but is not effective on interface Ethernet3/1/2.
Explanation	The unicast trigger setting does not take effect on an interface, because the interface does not support unicast trigger.
Recommended action	1. Reconnect the 802.1X clients to another interface that supports the unicast trigger feature. 2. Enable the unicast trigger feature on the new interface.

FNOTIFY messages

This section contains Forward Utility (FNOTIFY) messages.

NOTIFY

Message text	The feature [STRING] has not finished to process the [STRING] event in [UINT32] minutes.
Variable fields	$1: Feature name. ¡ ARP ¡ ND ¡ FIB ¡ WADJ ¡ L2VFIB ¡ WADJ6 ¡ OVERLAYMAC $2: Phase name. ¡ RESTORE: Data restoration. ¡ CROSSRESTORE: Data restoration between modules. ¡ RESTOREOVER: Restoration complete. ¡ PHASE3: SCM phase 3. $3: Time period, in minutes.
Severity level	6
Example	FNOTIFY/6/NOTIFY_EVENT: The feature ARP has not finished to process the PHASE3 event in 20 minutes
Explanation	This message is sent when a feature does not finish the event processing in a phase.
Recommended action	Locate which modules are encounting such problem.

FS messages

This section contains file system messages.

FS_UNFORMATTED_PARTITION

Message text	Partition [%s] is not formatted yet. Please format the partition first.
Variable fields	$1: Partition name.
Severity level	4
Example	FS/4/FS_UNFORMATED_PARTITION: Partition usba0: is not formatted yet. Please format the partition first.
Explanation	The partition is not formatted. You must format a partition before you can perform other operations on the partition.
Recommended action	Format the specified partition.

FTP messages

This section contains File Transfer Protocol messages.

FTP_REACH_SESSION_LIMIT

Message text	FTP client [STRING] failed to log in. The current number of FTP sessions is [NUMBER]. The maximum number allowed is ([NUMBER]).
Variable fields	$1: IP address of the FTP client. $2: Current number of FTP sessions. $3: Maximum number of FTP sessions allowed by the device.
Severity level	6
Example	FTP/6/FTP_REACH_SESSION_LIMIT: FTP client 1.1.1.1 failed to log in. The current number of FTP sessions is 10. The maximum number allowed (10).
Explanation	The number of FTP connections reached the limit.
Recommended action	1. Use the display current-configuration \| include session-limit command to view the current limit for FTP connections. If the command does not display the limit, the device is using the default setting. 2. If you want to set a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required.

HOTPLUG messages

This section contains interface hot swapping messages.

HOTPLUG_PORT_PLUGIN

Message text	A port is hot pluged in: Port:[STRING], PCI:[STRING].
Variable fields	$1: Interface name. $2: Port PCI information.
Severity level	6
Example	HOTPLUG/6/HOTPLUG_PORT_PLUGIN: A port is hot pluged in: Port:GigabitEthernet1/0/1, PCI:08.00.0.
Explanation	A hot-swapping-in event was detected on a port.
Recommended action	No action is required.

HOTPLUG_PORT_PLUGOUT

Message text	A port is hot pluged out: Port:[STRING], PCI:[STRING].
Variable fields	$1: Port name. $2: Port PCI information.
Severity level	6
Example	HOTPLUG/6//HOTPLUG_PORT_PLUGOUT: A port is hot pluged out: Port:GigabitEthernet1/0/1, PCI:08.00.0.
Explanation	A hot-swapping-out event was detected on a port.
Recommended action	Verify that the hot-swapping operation was performed by an administrator.

HTTPD messages

This section contains HTTP daemon messages.

HTTPD_CONNECT

Message text	[STRING] client [STRING] connected to the server successfully.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_CONNECT: HTTP client 192.168.30.117 connected to the server successfully.
Explanation	The HTTP or HTTPS server accepted the request from a client. An HTTP or HTTPS connection was set up.
Recommended action	No action is required.

HTTPD_CONNECT_TIMEOUT

Message text	[STRING] client [STRING] connection idle timeout.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_CONNECT_TIMEOUT: HTTP client 192.168.30.117 connection to server idle timeout.
Explanation	An HTTP or HTTPS connection was disconnected because the idle timeout timer expires.
Recommended action	No action is required.

HTTPD_DISCONNECT

Message text	[STRING] client [STRING] disconnected from the server.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_DISCONNECT: HTTP client 192.168.30.117 disconnected from the server.
Explanation	An HTTP or HTTPS client was disconnected from the server.
Recommended action	No action is required.

HTTPD_FAIL_FOR_ACP

Message text	[STRING] client [STRING] was denied by the certificate access control policy and could not connect to the server.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_FAIL_FOR_ACP: HTTP client 192.168.30.117 was denied by the certificate attribute access control policy and could not connect to the server.
Explanation	An HTTP or HTTPS client was denied by the certificate access control policy.
Recommended action	No action is required.

HTTPD_REACH_CONNECT_LIMIT

Message text	[STRING] client [STRING] failed to connect to the server, because the number of connections reached the upper limit.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_REACH_CONNECT_LIMIT: HTTP client 192.168.30.117 failed to connect to the server, because the number of connections reached the upper limit.
Explanation	The number of connections reached the limit.
Recommended action	1. Use the display current-configuration \| include session-limit command to view the current limit for connections of the specified type. If the command does not display the limit, the device is using the default setting. 2. If you want to specify a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required.

Identity messages

This section contains user identification messages.

IDENTITY_AUTO_IMPORT_FINISHED

Message text	Finished importing identity user accounts and groups automatically.
Variable fields	N/A
Severity level	5
Example	IDENTITY/5/IDENTITY_AUTO_IMPORT_FINISHED: Finished importing identity user accounts and groups automatically.
Explanation	The system finished importing identity user accounts and groups automatically.
Recommended action	No action is required.

IDENTITY_AUTO_IMPORT_START

Message text	Started to import identity user accounts and groups automatically.
Variable fields	N/A
Severity level	5
Example	IDENTITY/5/IDENTITY_AUTO_IMPORT_START: Started to import identity user accounts and groups automatically.
Explanation	The system automatically started to import identity user accounts and groups.
Recommended action	No action is required.

IDENTITY_CSV_IMPORT_FAILED

Message text	Failed to import identity user [STRING] to domain [STRING] from the .csv file.
Variable fields	$1: Identity username. $2: Identity domain name.
Severity level	5
Example	IDENTITY/5/IDENTITY_CSV_IMPORT_FAILED: Failed to import identity user network-us?er1 to domain system-domain from the .csv file.
Explanation	Failed to import an identity user account from a .csv file and stopped importing remaining identity user accounts.
Recommended action	1. Make sure no identity user account with the same name exists on the device. 2. Make sure the identity domain name or the identity username does not contain invalid characters.

IDENTITY_IMC_IMPORT_FAILED_NO_MEMORY

Message text	Failed to obtain data from IMC. Reason: Not enough memory.
Variable fields	N/A
Severity level	5
Example	IDENTITY/5/IDENTITY_IMC_IMPORT_FAILED_NO_MEMORY: Failed to obtain data from IMC. Reason: Not enough memory.
Explanation	Failed to import identity user accounts and online identity user information from the IMC server because of insufficient memory.
Recommended action	No action is required.

IDENTITY_LDAP_IMPORT_FAILED_NO_MEMORY

Message text	Failed to obtain data from the LDAP server specified in scheme [STRING]. Reason: Not enough memory.
Variable fields	$1: LADP scheme name.
Severity level	5
Example	IDENTITY/5/IDENTITY_LDAP_IMPORT_FAILED_NO_MEMORY: Failed to obtain data from the LDAP server specified in scheme test. Reason: Not enough memory.
Explanation	Failed to import identity users and identity groups from an LDAP server because of insufficient memory.
Recommended action	No action is required.

IDENTITY_LDAP_IMPORT_GROUP_FAILED

Message text	Failed to import identity group [STRING] to domain [STRING] from the LDAP server specified in scheme [STRING].
Variable fields	$1: Identity group name. $2: Identity domain name. $3: LADP scheme name.
Severity level	5
Example	IDENTITY/5/IDENTITY_LDAP_IMPORT_GROUP_FAILED: Failed to import identity group group-na?me1 to domain system-domain from the LDAP server specified in scheme ldap-scheme1.
Explanation	Failed to import an identity group from the LDAP server specified in an LDAP scheme.
Recommended action	1. Make sure no identity group with the same group name exists on the device. 2. Make sure the identity domain name or the identity group name does not contain invalid characters.

IDENTITY_LDAP_IMPORT_USER_FAILED

Message text	Failed to import identity user [STRING] to domain [STRING] from the LDAP server specified in scheme [STRING].
Variable fields	$1: Identity username. $2: Identity domain name. $3: LADP scheme name.
Severity level	5
Example	IDENTITY/5/IDENTITY_LDAP_IMPORT_USER_FAILED: Failed to import identity user user-na?me1 to domain system-domain from the LDAP server specified in scheme ldap-scheme1.
Explanation	Failed to import an identity user from the LDAP server specified in an LDAP scheme.
Recommended action	1. Make sure no identity user with the same name exists on the device. 2. Make sure the identity domain name or the identity username does not contain invalid characters.

IFMON

This section contains interface monitoring messages.

BGTRAFFIC_SEND_BEGIN

Message text	Interface [STRING] began sending background traffic.
Variable fields	$1: Interface name.
Severity level	6
Example	IFMON/6/BGTRAFFIC_SEND_BEGIN: Interface GigabitEthernet1/0/1 began sending background traffic.
Explanation	When the outgoing traffic rate of an interface drops below 100 Mbps, the interface starts sending background traffic.
Recommended action	No action is required.

BGTRAFFIC_SEND_END

Message text	Interface [STRING] stopped sending background traffic.
Variable fields	$1: Interface name.
Severity level	6
Example	IFMON/6/BGTRAFFIC_SEND_END: Interface GigabitEthernet1/0/1 stopped sending background traffic.
Explanation	When the outgoing traffic rate of an interface exceeds 300 Mbps, the interface stops sending background traffic.
Recommended action	No action is required.

IFNET messages

This section contains interface management messages.

IF_BUFFER_CONGESTION_OCCURRENCE

Message text	[STRING] congestion occurs on queue [INTEGER] of [STRING].
Variable fields	$1: Data buffer type: ingress (for receive data buffer) or egress (for transmit data buffer). $2: Queue ID in the range of 0 to 7. $3: Interface name.
Severity level	4
Example	IFNET/4/IF_BUFFER_CONGESTION_OCCURRENCE: Ingress congestion occurs on queue 1 of GigabitEthernet1/0/1.
Explanation	On queue 1 of GigabitEthernet 1/0/1, congestion occurs in the receive data buffer.
Recommended action	Examine the network status.

‌

IF_BUFFER_CONGESTION_CLEAR

Message text	[STRING] congestion on queue [UINT32] of [STRING] is cleared. [UINT64] packets are discarded.
Variable fields	$1: Data buffer type: ingress (for receive data buffer) or egress (for transmit data buffer). $2: Queue ID in the range of 0 to 7. $3: Interface name. $4: Number of packets dropped.
Severity level	5
Example	IFNET/5/IF_BUFFER_CONGESTION_CLEAR: Ingress congestion on queue 1 of GigabitEthernet1/0/1 is cleared. 1000 packets are discarded.
Explanation	On queue 1 of GigabitEthernet 1/0/1, congestion in the receive data buffer is removed. 1000 packets are dropped.
Recommended action	No action is required.

‌

IF_JUMBOFRAME_WARN

Message text	The specified size of jumbo frames on the aggregate interface [STRING] is not supported on the member port [STRING].
Variable fields	$1: Aggregate interface name. $2: Member port name.
Severity level	3
Example	IFNET/3/IF_JUMBOFRAME_WARN: -MDC=1-Slot=3; The specified size of jumbo frames on the aggregate interface Bridge-Aggregation1 is not supported on the member port GigabitEthernet1/0/1.
Explanation	Some member ports do not support the jumbo frame size configured on the aggregate interface.
Recommended action	1. Identify the value ranges for the jumbo frame size supported on member ports. 2. Specify a jumbo frame size supported by member ports for the aggregate interface.

‌

INTERFACE_NOTSUPPRESSED

Message text	Interface [STRING] is not suppressed.
Variable fields	$1: Interface name.
Severity level	6
Example	IFNET/6/INTERFACE_NOTSUPPRESSED: Interface Ethernet0/0/0 is not suppressed.
Explanation	The interface changed from suppressed state to unsuppressed state. When the interface is unsuppressed, the upper-layer services can detect the physical state changes of the interface.
Recommended action	No action is required.

‌

INTERFACE_SUPPRESSED

Message text	Interface [STRING] was suppressed.
Variable fields	$1: Interface name.
Severity level	5
Example	IFNET/5/INTERFACE_SUPPRESSED: Interface Ethernet0/0/0 was suppressed.
Explanation	The interface was suppressed because its state frequently changed. When the interface is suppressed, the upper-layer services cannot detect the physical state changes of the interface.
Recommended action	1. Check whether the network cable of the interface or peer interface is frequently plugged and unplugged. 2. Configure physical state change suppression to adjust the suppression parameters.

‌

LINK_UPDOWN

Message text	Line protocol state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: State of link layer protocol, which can be up or down.
Severity level	5
Example	IFNET/5/LINK_UPDOWN: Line protocol state on the interface Ethernet0/0 changed to down.
Explanation	The link layer protocol state changed on an interface.
Recommended action	When the link layer protocol state of an interface is down, use the display interface command to display the link layer protocol state and locate the reason for which the link layer protocol state changed to down on the interface.

‌

PFC_WARNING

Message text	On interface [STRING], the rate of [STRING] PFC packets of 802.1p priority [INTEGER] exceeded the PFC early-warning threshold [INTEGER] pps. The current rate is [INTEGER].
Variable fields	$1: Interface name. $2: Alarm direction, which can be input or output. $3: 802.1p priority. $4: Rate threshold at which the interface receives or sends PFC frames, in pps. $5: Rate at which the interface receives or sends PFC frames, in pps.
Severity level	4
Example	IFNET/4/PFC_WARNING: On interface GigabitEthernet1/0/1, the rate of input PFC packets of 802.1p priority 1 exceeded the PFC early-warning threshold 50 pps. The current rate is 60.
Explanation	The rate at which the interface receives or sends PFC frames reaches the early-warning threshold.
Recommended action	No action is required.

PHY_UPDOWN

Message text	Physical state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: Link state, which can be up or down.
Severity level	3
Example	IFNET/3/PHY_UPDOWN: Physical state on the Ethernet0/0 changed to down.
Explanation	The physical state changed on an interface.
Recommended action	When the interface is physically down, check whether a physical link is present or whether the link fails.

‌

PROTOCOL_UPDOWN

Message text	Protocol [STRING] state on the interface [STRING] changed to [STRING].
Variable fields	$1: Protocol name. $2: Interface name. $3: Protocol state, which can be up or down.
Severity level	5
Example	IFNET/5/PROTOCOL_UPDOWN: Protocol IPX state on the interface Ethernet6/4/1 changed to up.
Explanation	The state of a protocol has been changed on an interface.
Recommended action	When the state of a network layer protocol is down, check the network layer protocol configuration.

‌

STORM_CONSTRAIN_BELOW

Message text	[STRING] is in controlled status, [STRING] flux falls below its lower threshold [STRING].
Variable fields	$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Lower suppression threshold: · lowerlimit% · lowerlimit pps · lowerlimit kbps
Severity level	1
Example	IFNET/1/STORM_CONSTRAIN_BELOW: GigabitEthernet1/0/1 is in controlled status, BC flux falls below its lower threshold 90%.
Explanation	The port is in controlled state. Any type of traffic on the port drops below the lower threshold from above the upper threshold.
Recommended action	No action is required.

STORM_CONSTRAIN_CONTROLLED

Message text	[STRING] turned into controlled status, port status is controlled, packet type is [STRING], upper threshold is [STRING].
Variable fields	$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Upper suppression threshold: · upperlimit% · upperlimit pps · upperlimit kbps
Severity level	1
Example	IFNET/1/STORM_CONSTRAIN_CONTROLLED: GigabitEthernet1/0/1 turned into controlled status, port status is controlled, packet type is BC, upper threshold is 90%.
Explanation	The port is in controlled state. Any type of traffic on the port exceeds the upper threshold.
Recommended action	No action is required.

STORM_CONSTRAIN_EXCEED

Message text	[STRING] is in controlled status, [STRING] flux exceeds its upper threshold [STRING].
Variable fields	$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Upper suppression threshold: · upperlimit% · upperlimit pps · upperlimit kbps
Severity level	1
Example	IFNET/1/STORM_CONSTRAIN_EXCEED: GigabitEthernet1/0/1 is in controlled status, BC flux exceeds its upper threshold 90%.
Explanation	The port is in controlled state. Any type of traffic on the port drops below the lower threshold from above the upper threshold.
Recommended action	No action is required.

STORM_CONSTRAIN_NORMAL

Message text	[STRING] returned to normal status, port status is [STRING], packet type is [STRING], lower threshold is [STRING].
Variable fields	$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Lower suppression threshold: · lowerlimit% · lowerlimit pps · lowerlimit kbps
Severity level	1
Example	IFNET/1/STORM_CONSTRAIN_NORMAL: GigabitEthernet1/0/1 returned to normal status, port status is normal, packet type is BC, lower threshold is 10%.
Explanation	The port is in normal state. Any type of traffic on the port drops below the lower threshold from above the upper threshold.
Recommended action	No action is required.

TUNNEL_LINK_UPDOWN

Message text	Line protocol state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: Protocol state, which can be up or down.
Severity level	5
Example	IFNET/5/TUNNEL_LINK_UPDOWN: Line protocol state on the interface Tunnel1 changed to down.
Explanation	The state of a link layer protocol has been changed on a tunnel interface.
Recommended action	When the link layer protocol state of a tunnel interface is down, use the display interface command to display the link layer protocol state and locate the reason for which the link layer protocol state changed to down on the tunnel interface.

‌

TUNNEL_PHY_UPDOWN

Message text	Physical state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: Protocol state, which can be up or down.
Severity level	3
Example	IFNET/3/TUNNEL_PHY_UPDOWN: Physical state on the Tunnel1 changed to down.
Explanation	The state of a link layer protocol has been changed on a tunnel interface.
Recommended action	When the physical state of a link layer protocol is down, check whether a physical link is present or whether the link fails.

‌

VLAN_MODE_CHANGE

Message text	Dynamic VLAN [INT32] has changed to a static VLAN.
Variable fields	$1: VLAN ID.
Severity level	5
Example	IFNET/5/VLAN_MODE_CHANGE: Dynamic VLAN 20 has changed to a static VLAN.
Explanation	Creating a VLAN interface for a VLAN cause the dynamic VLAN to become a static VLAN.
Recommended action	No action is required.

‌

IP6ADDR

This section contains IPv6 addressing messages.

IP6ADDR_CREATEADDRESS_CONFLICT

Message text	Failed to create an address by the prefix. Reason: [STRING] on [STRING] conflicts with SRv6 locator [STRING].
Variable fields	$1: IPv6 address. $2: Interface name. $3: IPv6 prefix of the locator.
Severity level	4
Example	IP6ADDR/4/IP6ADDR_CREATEADDRESS_CONFLICT: Failed to create an address by the prefix. Reason: 2000::1234:0:0:1/80 on GigabitEthernet1/0/1 conflicts with SRv6 locator 2000::1/64.
Explanation	This message is sent when the configuration of the ipv6 address prefix-number command conflicts with the SRv6 locator configuration in SRv6 view.
Recommended action	Remove the conflicting configuration and reconfigure the ipv6 address prefix-number command.

‌

IP6ADDR_CREATEADDRESS_ERROR

Message text	Failed to create an address by the prefix. Reason: [STRING] on [STRING] and [STRING] on [STRING] overlap.
Variable fields	$1: IPv6 prefix. $2: Interface name. $3: IPv6 prefix. $4: Interface name.
Severity level	4
Example	IP6ADDR/4/IP6ADDR_CREATEADDRESS_ERROR: Failed to create an address by the prefix. Reason: 2001::/ 64 on GigabitEthernet1/0/2 and 2001::/64 on GigabitEthernet1/0/1 overlap.
Explanation	The device failed to use a prefix to generate an IPv6 address for an interface because the prefixes overlapped on this interface and another interface.
Recommended action	Cancel the IPv6 address configuration on the conflicting interface and configure the interface to generate an IPv6 address by using a different prefix.

IP6ADDR_CREATEADDRESS_INVALID

Message text	Can't configure the unspecified address or loopback address on [STRING] by using a prefix with all zeros.
Variable fields	$1: Interface name.
Severity level	4
Example	IP6ADDR/4/IP6ADDR_CREATEADDRESS_INVALID: Can't configure the unspecified address or loopback address on GigabitEthernet1/0/1 by using a prefix with all zeros.
Explanation	This message is sent when you use the ipv6 prefix command to configure an all-zero IPv6 prefix and then specify this prefix in the ipv6 address prefix-number command to configure an unspecified or loopback IPv6 address for an interface. Interfaces do not support the unspecified or loopback IPv6 address.
Recommended action	Cancel the configuration and reconfigure an IPv6 address for the interface.

IP6FW messages

This section contains IPv6 Forwarding (IP6FW) messages.

IP6FW_ABNORMAL_HEADERS

Message text	Received an IPv6 packet with repeated extension headers.
Variable fields	None.
Severity level	6
Example	IP6FW/6/IP6FW_ABNORMAL_HEADERS: Received an IPv6 packet with repeated extension headers.
Explanation	This message is sent when the device received an IPv6 packet with repeated extension headers.
Recommended action	Verify the packet source.

‌

IP6FW_SETTING_FAILED_NDFW

Message text	Failed to add rule to forward ND packets with IPv6 address [STRING] in VPN index [STRING] to tunnel index [STRING]. Error code: [STRING].
Variable fields	$1: IPv6 address. $2: VPN instance index. $3: Tunnel interface index. $4: Error code. · 0x40010001—Failed to issue configuration to the driver. · 0x40010008—Not supported by the driver. · 0x40010006—Driver configuration already exists. · 0x4001000b—Insufficient driver resource. · 0x20010002—Invalid driver parameters.
Severity level	6
Example	IP6FW/6/IP6FW_SETTING_FAILED_NDFW: Failed to add rule to forward ND packets with IPv6 address 100::1 in VPN index 1 to tunnel index 1. Error code: 0x40010001
Explanation	Failed to forward ND packets destined to a specific destination to the tunnel interface.
Recommended action	Contact Technical Support.

‌

IP6FW_SETTING_FAILED_HOPLIMITEXCEED

Message text	Failed to add rule to forward packets with hop limit of 1: IPv6 address [STRING], VPN index [STRING], Error code: [STRING].
Variable fields	$1: IPv6 address. $2: VPN instance index. $3: Error code. · 0x40010001—Failed to issue configuration to the driver. · 0x40010008—Not supported by the driver. · 0x40010006—Driver configuration already exists. · 0x4001000b—Insufficient driver resource. · 0x20010002—Invalid driver parameters.
Severity level	6
Example	IP6FW/6/IP6FW_SETTING_FAILED_ HOPLIMITEXCEED: Failed to add rule to forward packets with hop limit of 1: IPv6 address 100::1, VPN index 1, Error code: 0x40010001.
Explanation	Failed to issue configuration of the forwarding hop-limit-exceeded destination command to the driver.
Recommended action	Check whether driver resources are sufficient.

‌

IP6FW_SETTING_FAILED_HOPLIMITUNVARIED

Message text	Failed to add rule to forward packets with the hop limit field unchanged: IPv6 address [STRING], VPN index [STRING], Error code: [STRING].
Variable fields	$1: IPv6 address. $2: VPN instance index. $3: Error code. · 0x40010001—Failed to issue configuration to the driver. · 0x40010008—Not supported by the driver. · 0x40010006—Driver configuration already exists. · 0x4001000b—Insufficient driver resource. · 0x20010002—Invalid driver parameters.
Severity level	6
Example	IP6FW/6/IP6FW_SETTING_FAILED_HOPLIMITUNVARIED: Failed to add rule to forward packets with the hop limit field unchanged: IPv6 address 100::1, VPN index 1, Error code: 0x40010001.
Explanation	Failed to issue configuration of the forwarding hop-limit-unvaried destination command to the driver.
Recommended action	Check whether driver resources are sufficient.

‌

IPADDR messages

This section contains IP addressing messages.

IPADDR_HA_EVENT_ERROR

Message text	A process failed HA upgrade because [STRING].
Variable fields	$1: HA upgrade failure reason: ¡ IPADDR failed the smooth upgrade. ¡ IPADDR failed to reupgrade to the master process. ¡ IPADDR stopped to restart the timer. ¡ IPADDR failed to upgrade to the master process. ¡ IPADDR failed to restart the upgrade. ¡ IPADDR failed to add the unicast object to the master task epoll. ¡ IPADDR failed to create an unicast object. ¡ IPADDR role switchover failed when the standby process switched to the master process. ¡ IPADDR switchover failed when the master process switched to the standby process. ¡ IPADDR HA upgrade failed. ¡ IPADDR failed to set the interface filtering criteria. ¡ IPADDR failed to register interface events. ¡ IPADDR failed to subscribe port events. ¡ IPADDR failed to add a VPN port event to the master epoll. ¡ IRDP failed to open DBM. ¡ IRDP failed to initiate a connection to the device management module. ¡ IRDP failed to add the master task epoll with the handle used to connect to the device management module. ¡ IRDP failed to register device management events. ¡ IRDP failed to subscribe port events. ¡ IRDP failed to add the master task epoll with the handle used to subscribe port events. ¡ IRDP failed to set the interface filtering criteria. ¡ IRDP failed to register interface events. ¡ IRDP failed to register network events. ¡ IRDP failed to create the interface control block storage handle. ¡ IRDP failed to create the timer. ¡ IRDP failed to add the master task epoll with the handle used to create the timer. ¡ IRDP failed to set the schedule time for the timer. ¡ IRDP failed to set the timer to unblocked status. ¡ IRDP failed to create a timer instance.
Severity level	4
Example	IPADDR/4/IPADDR_HA_EVENT_ERROR: A process failed HA upgrade because IPADDR failed the smooth upgrade.
Explanation	A process failed HA upgrade and the message showed the failure reason.
Recommended action	Please contact H3C Support.

IPADDR_HA_STOP_EVENT

Message text	The device received an HA stop event.
Variable fields	None.
Severity level	4
Example	IPADDR/4/IPADDR_HA_STOP_EVENT: The device received an HA stop event.
Explanation	This message is sent when the device receives an HA stop event.
Recommended action	Please contact H3C Support.

IPFW messages

This section contains IP Forwarding (IPFW) messages.

IPFW_SETTING_FAILED_ARPFW

Message text	Failed to add rule to forward ARP packets with IP address [STRING] in VPN index [STRING] to tunnel index [STRING]. Error code: [STRING].
Variable fields	$1: IP address. $2: VPN instance index. $3: Tunnel interface index. $4: Error code. · 0x40010001—Failed to issue configuration to the driver. · 0x40010008—Not supported by the driver. · 0x40010006—Driver configuration already exists. · 0x4001000b—Insufficient driver resource. · 0x20010002—Invalid driver parameters.
Severity level	6
Example	IPFW/6/IPFW_SETTING_FAILED_APPFW: Failed to add rule to forward ARP packets with IP address 10.0.0.1 in VPN index 1 to tunnel index 1. Error code: 0x40010001
Explanation	Failed to forward ARP packets destined to a specific destination to the tunnel interface.
Recommended action	Contact Technical Support.

‌

IPFW_SETTING_FAILED_TTLEXCEED

Message text	Failed to add rule to forward packets with TTL exceeded: IP address [STRING], VPN index [STRING], Error code: [STRING].
Variable fields	$1: IP address. $2: VPN instance index. $3: Error code. · 0x40010001—Failed to issue configuration to the driver. · 0x40010008—Not supported by the driver. · 0x40010006—Driver configuration already exists. · 0x4001000b—Insufficient driver resource. · 0x20010002—Invalid driver parameters.
Severity level	6
Example	IPFW/6/IPFW_SETTING_FAILED_TTLEXCEED: Failed to add rule to forward packets with TTL exceeded: IP address 10.0.0.1, VPN index 1, Error code: 0x40010001.
Explanation	Failed to issue configuration of the forwarding ttl-exceeded-packet destination command to the driver.
Recommended action	Check whether driver resources are sufficient.

‌

IPFW_SETTING_FAILED_TTLUNVARIED

Message text	Failed to add rule to forward packets with keeping the value unchanged in the TTL field: IP address [STRING], VPN index [STRING], Error code: [STRING].
Variable fields	$1: IP address. $2: VPN instance index. $3: Error code. · 0x40010001—Failed to issue configuration to the driver. · 0x40010008—Not supported by the driver. · 0x40010006—Driver configuration already exists. · 0x4001000b—Insufficient driver resource. · 0x20010002—Invalid driver parameters.
Severity level	6
Example	IPFW/6/IPFW_SETTING_FAILED_TTLUNVARIED:Failed to add rule to forward packets with the TTL field unchanged: IP address 10.0.0.1, VPN index 1, Error code: 0x40010001.
Explanation	Failed to issue configuration of the forwarding ttl-unvaried destination command to the driver.
Recommended action	Check whether driver resources are sufficient.

‌

IPS messages

This section contains IPS messages.

IPS_IPV4_INTERZONE

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];AttackName(1088)=[STRING];AttackID(1089)=[UINT32];Category(1090)=[STRING];Protection(1091)=[STRING];SubProtection(1092)=[STRING];Severity(1087)=[STRING];Action(1053)=[STRING];CVE(1075)=[STRING];BID(1076)=[STRING];MSB(1077)=[STRING];HitDirection(1115)=[STRING];RealSrcIP(1100)=[STRING];SubCategory(1124)=[STRING];CapturePktName(1116)=[STRING];HttpHost(1117)=[STRING];HttpFirstLine(1118)=[STRING];PayLoad(1135)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Source IP address. $4: Source port number. $5: Destination IP address. $6: Destination port number. $7: Source VPN instance name. $8: Source security zone name. $9: Destination security zone name. $10: Name of the identity user. $11: Policy name. $12: Attack name. $13: Attack ID. $14: Attack category. $15: Protected object type. $16: Protected object. $17: Severity level. Valid values are: ¡ INVALID: Severity level not specified. ¡ LOW. ¡ MEDIUM. ¡ HIGH. ¡ CRITICAL. $18: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Drop. ¡ Reset. ¡ Permit. ¡ Redirect. ¡ Capture. ¡ Logging. $19: Common Vulnerabilities and Exposures (CVE). $20: Bugtraq ID (BID). $21: Microsoft Security Bulletins (MSB). $22: Packet direction: ¡ original. ¡ reply. $23: Original source IP address of the packet. $24: Attack subcategory. $25: Capture file name. $26: Host field. $27: Packet first line. $28: Event return value.
Severity level	4
Example	IPS/4/IPS_IPV4_INTERZONE:-Context=1;Protocol(1001)=TCP;Application(1002)=http;SrcIPAddr(1003)=100.10.10.40;SrcPort(1004)=2999;DstIPAddr(1007)=200.10.10.40;DstPort(1008)=80;RcvVPNInstance(1042)=;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=abc;PolicyName(1079)=ips;AttackName(1088)=WEB_CLIENT_Windows_Media_ASF_File_Download_SET;AttackID(1089)=5707;Category(1090)=Other;Protection(1091)=Other;SubProtection(1092)=Other;Severity(1087)=CRITICAL;Action(1053)=Reset & Logging;CVE(1075)=CVE-2014-6277 \| CVE-2014-6278;BID(1076)=BID-22559;MSB(1077)=MS10-017;HitDirection(1115)=original;RealSrcIP(1100)=10.10.10.10,20.20.20.20;SubCategory(1124)=Other;CapturePktName(1116)=ips_100.10.10.40_20171205_101112_5707.pcap;HttpHost(1117)=www.shr.com;HttpFirstLine(1118)=/file/show.cgi%7cecho%20HSC/http_pic_300k.jpg;PayLoad(1135)=/file/show.cgi;
Explanation	This message is sent when an IPv4 packet matches a WAF signature.
Recommended action	No action is required.

IPS_IPV6_INTERZONE

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=-[ STRING];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];AttackName(1088)=[STRING];AttackID(1089)=[UINT32];Category(1090)=[STRING];Protection(1091)=[STRING];SubProtection(1092)=[STRING];Severity(1087)=[STRING];Action(1053)=[STRING];CVE(1075)=[STRING];BID(1076)=[STRING];MSB(1077)=[STRING];HitDirection(1115)=[STRING];RealSrcIP(1100)=[STRING];SubCategory(1124)=[STRING];CapturePktName(1116)=[STRING];HttpHost(1117)=[STRING];HttpFirstLine(1118)=[STRING];PayLoad(1135)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Source IPv6 address. $4: Source port number. $5: Destination IP address. $6: Destination port number. $7: Source VPN instance name. $8: Source security zone name. $9: Destination security zone name. $10: Name of the identity user. $11: Policy name. $12: Attack name. $13: Attack ID. $14: Attack category. $15: Protected object type. $16: Protected object. $17: Severity level. Valid values are: ¡ INVALID: Severity level not specified. ¡ LOW. ¡ MEDIUM. ¡ HIGH. ¡ CRITICAL. $18: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Drop. ¡ Reset. ¡ Permit. ¡ Redirect. ¡ Capture. ¡ Logging. $19: Common Vulnerabilities and Exposures (CVE). $20: Bugtraq ID (BID). $21: Microsoft Security Bulletins (MSB). $22: Packet direction: ¡ original. ¡ reply. $23: Original source IP address of the packet. $24: Attack subcategory. $25: Capture file name. $26: Host field. $27: Packet first line. $28: Event return value.
Severity level	4
Example	IPS/4/IPS_IPV6_INTERZONE:-Context=1;Protocol(1001)=TCP;Application(1002)=http;SrcIPv6Addr(1036)=100::40;SrcPort(1004)=2999;DstIPv6Addr(1037)=200::40;DstPort(1008)=80;RcvVPNInstance(1042)=;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=aaa;PolicyName(1079)=ips;AttackName(1088)=WEB_CLIENT_Windows_Media_ASF_File_Download_SET;AttackID(1089)=5707;Category(1090)=Other;Protection(1091)=Other;SubProtection(1092)=Other;Severity(1087)=CRITICAL;Action(1053)=Reset & Logging;CVE(1075)=CVE-2014-6277 \| CVE-2014-6278;BID(1076)=BID-22559;MSB(1077)=MS10-017;HitDirection(1115)=reply;RealSrcIP(1100)=10::1;SubCategory(1124)=Other;CapturePktName(1116)=ips_100::40_20171205_101112_5707.pcap;HttpHost(1117)=www.shr.com;HttpFirstLine(1118)=/file/show.cgi%7cecho%20HSC/http_pic_300k.jpg;PayLoad(1135)=/file/show.cgi;
Explanation	This message is sent when an IPv6 packet matches an IPS signature.
Recommended action	No action is required.

IPS_WARNING

Message text	Updated the IPS signature library successfully.
Variable fields	None.
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; Updated the IPS signature library successfully.
Explanation	The IPS signature library was updated successfully through a manual offline update or triggered online update.
Recommended action	No action is required.

IPS_WARNING

Message text	Rolled back the IPS signature library successfully.
Variable fields	None.
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; Rolled back the IPS signature library successfully.
Explanation	The IPS signature library was rolled back to the previous or factory default version successfully.
Recommended action	No action is required.

IPSEC messages

This section contains IPsec messages.

IPSEC_ANTI-REPLAY_WINDOWS_ERROR

Message text	Anti-replay dropped a packet: src=[STRING]; time-sent=[STRING], [UINT32] [STRING] [UINT32] [UINT32]:[UINT32]:[UINT32] [UINT32]us; time-received=[STRING], [UINT32] [STRING] [UINT32] [UINT32]:[UINT32]:[UINT32] [UINT32]us; time-diff=[UINT32]us; window-size= +-[FLOAT]ms.
Variable fields	$1: Source IP address of the packet. $2: Day of the week on which the packet was sent. $3: Day of the month on which the packet was sent. $4: Month in which the packet was sent. $5: Year in which the packet was sent. $6: Hour at which the packet was sent. $7: Minute at which the packet was sent. $8: Second at which the packet was sent. $9: Microsecond at which the packet was sent. $10: Day of the week on which the packet was received. $11: Day of the month on which the packet was received. $12: Month in which the packet was received. $13: Year in which the packet was received. $14: Hour at which the packet was received. $15: Minute at which the packet was received. $16: Second at which the packet was received. $17: Microsecond at which the packet was received. $18: Interval between the time the packet was sent and the time it was received, in microseconds. $19: Half the anti-replay window size, in milliseconds.
Severity level	6
Example	IPSEC/6/IPSEC_ANTI-REPLAY_WINDOWS_ERROR:Anti-replay dropped a packet: src=192.168.58.178;time-sent=Sat, 23 Apr 2016 11:17:29 594565us; time-received =Sat, 23 Apr 2016 11:17:26 707866us; time-diff=2886699us; window-size =+-2500ms.
Explanation	A packet was dropped. Possible reasons include: · The interval between the time the packet was sent and the time it was received exceeds the anti-replay window size. · Anti-replay is enabled on the receiving IPsec tunnel end but the received packet does not have an anti-replay header. · In tunnel mode, anti-replay is not enabled but the received packet has an anti-replay header.
Recommended action	No action is required.

‌

IPSEC_FAILED_ADD_FLOW_TABLE

Message text	Failed to add flow-table due to [STRING].
Variable fields	$1: Reason for the failure.
Severity level	4
Example	IPSEC/4/IPSEC_FAILED_ADD_FLOW_TABLE: Failed to add flow-table due to no enough resource.
Explanation	Failed to add the flow table.
Recommended action	If the failure is caused by not enough hardware resources, contact H3C Support.

‌

IPSEC_PACKET_DISCARDED

Message text	IPsec packet discarded, Src IP:[STRING], Dst IP:[STRING], SPI:[UINT32], SN:[UINT32], Cause:[STRING].
Variable fields	$1: Source IP address. $2: Destination IP address. $3: Security parameter index (SPI). $4: Sequence number of the packet. $5: Reason for dropping this packet: · Anti-replay checking failed. · AH authentication failed. · ESP authentication failed. · Invalid SA. · ESP decryption failed. · Source address of packet does not match the SA. · No ACL rule matched.
Severity level	6
Example	IPSEC/6/IPSEC_PACKET_DISCARDED: IPsec packet discarded, Src IP:1.1.1.2, Dest IP:1.1.1.4, SPI:1002, SN:0, Cause:ah authentication failed.
Explanation	An IPsec packet was dropped.
Recommended action	No action is required.

‌

IPSEC_SA_ESTABLISH

Message text	IPsec SA was established. Role: [STRING] Local address: [STRING] Remote address: [STRING] Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] Inside VPN instance: [STRING] Outside VPN instance: [STRING] Inbound AH SPI: [STRING] Outbound AH SPI: [STRING] Inbound ESP SPI: [STRING] Outbound ESP SPI: [STRING] ACL number: [UINT32] ACL name: [STRING]
Variable fields	$1: Role, initiator or responder. $2: Local IP address. $3: Remote IP address. $4-$9: Data flow related parameters. $10: Inside VPN instance. $11: Outside VPN instance. $12: Inbound AH SPI. $13: Outbound AH SPI. $14: Inbound ESP SPI. $15: Outbound ESP SPI. $16: ACL number. The default is 4294967295. This field is not displayed if the ACL name is displayed. $17: ACL name. This field is not displayed if the ACL number is displayed.
Severity level	6
Example	IPSEC/6/IPSEC_SA_ESTABLISH: IPsec SA was established. Role: Responder Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb Inbound AH SPI: 192365458 Outbound AH SPI: 13654581 Inbound ESP SPI: 292334583 Outbound ESP SPI: 5923654586 ACL number: 3101
Explanation	An IPsec SA was established.
Recommended action	No action is required.

‌

IPSEC_SA_ESTABLISH_FAIL

Message text	Failed to establish IPsec SA. Reason: [STRING]. SA information: Role: [STRING] Local address: [STRING] Remote address: [STRING] Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] Inside VPN instance: [STRING] Outside VPN instance: [STRING] Inbound AH SPI: [STRING] Outbound AH SPI: [STRING] Inbound ESP SPI: [STRING] Outbound ESP SPI: [STRING] ACL number: [UINT32] ACL name: [STRING]
Variable fields	$1: Failure reason: · Get SP: Required configuration is missing in the SP. SP ID=%u. · Get SP: The SP's local address doesn't match the local address configured in the IKE profile. SP ID=%u, SP's local address=%s, p2policy's local address=%s. · Get SP: The remote address doesn't exist. SP ID=%u, hostname=%s. · Get SP: The SP's remote address doesn't match the remote address configured in the IKE profile. SP ID=%u, SP's remote address=%s, p2policy's remote address=%s. · Get SP: SP's mode [%d] is not IPSEC_PLCMODE_ISAKMP/ISAKMPTEMPLATE. · Get SP: The SP contains incomplete flow matching configuration. · Get SP: Failed to get the SP. · The policy contains incorrect ACL or IKE profile configuration. PolicyName=%s, Seqnum=%d. · Get SP: The SP doesn't have an IPsec transform set. · Get SP: Failed to create larval SA. · Create SA: Failed to fill the SA. · Create SA: Failed to create SA. · Create SA: Can't find SP. · Failed to create tunnel because a tunnel with the same index and sequence number already exists. Tunnel index=%d, tunnel seq=%d. · Failed to switch SA because the inbound SA can't be found. SPI=%u. · Failed to switch SA because the SA state is incorrect. · Failed to switch SA because the outbound SA can't be found. · Failed to switch SA because the outbound SA using another security protocol can't be found. · Failed to switch SA in kernel. · Failed to notify kernel of the link state change. · Number of IPsec tunnels reached the crypto capacity of the device. · Maximum number of IPsec tunnels already reached. · Failed to add IPsec tunnel. · Failed to add IPsec tunnel to kernel. · Getting SP: IPsec is smoothing. · Getting SP: IPsec is not running. · Getting SP: Failed to find SP by index and sequence number. · Getting SP: Creating SA timed out. · Getting SP by interface: Target node not online. · Getting SP by mGRE: Failed to get interface. · Getting SP: Failed to get SP by mGRE because interface type was invalid. · Getting SP: Failed to get SP by mGRE because profile %s was not found. · Getting SP: Failed to get SP by mGRE because of wrong profile type. · Getting SP by mGRE: Failed to find profile SP by profile %s. · Getting SP: Failed to get SP by mGRE. · Getting SP: Failed to get SP by SVTI because of invalid interface type. · Getting SP: Failed to get SP by SVTI because of no tunnel protection configuration. · Getting SP: Failed to get SP by SVTI because profile %s was not found. · Getting SP: Failed to get SP by SVTI because of wrong type of profile %s. · Getting SP by SVTI: Failed to find profile SP by profile %s. · Getting SP: Failed to get SP by SVTI because SP type was not ISAKMP. · Getting SP: Failed to match SVTI flow because IKE profile was not match. · Getting SP: Failed to match SVTI flow because flow was not match with ACL. · Getting SP by L3 interface: Failed to get interface data. · Getting SP: Failed to get SP by L3 interface because no SP entry was found by key. · Getting SP: Failed to get SP by L3 interface because no source interface SP entry was found by key. · Getting SP: Rejected peer's request of any flow when SP's mode was isakmp template and no ACL was specified. · Getting SP by L3 interface: Failed to match SP because policy cannot be found by SP. · Getting SP: Failed to match flow because renegotiation SP's index or Seqnum changed. · Getting SP by L3 interface: Failed to match SP because of no transform-set in SP. · Getting SP by L3 interface: Failed to create larval SA. · Getting SP: Failed to get SP matching ACL. $2: Role, initiator or responder. $3: Local IP address. $4: Remote IP address. $5-$10: Data flow related parameters. $11: Inside VPN instance. $12: Outside VPN instance. $13: Inbound AH SPI. $14: Outbound AH SPI. $15: Inbound ESP SPI. $16: Outbound ESP SPI. $17: ACL number. The default is 4294967295. This field is not displayed if the ACL name is displayed. $18: ACL name. This field is not displayed if the ACL number is displayed.
Severity level	6
Example	IPSEC/6/IPSEC_SA_ESTABLISH_FAIL: Failed to establish IPsec SA Reason: Failed to add IPsec tunnel. SA information: Role: Responder Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb Inbound AH SPI: 192365458 Outbound AH SPI: 13654581 Inbound ESP SPI: 292334583 Outbound ESP SPI: 5923654586 ACL number: 3101
Explanation	Failed to establish an IPsec SA.
Recommended action	Verify the IPsec configurations on the local and peer devices.

‌

IPSEC_SA_INITIATION

Message text	Began to establish IPsec SA. Local address: [STRING] Remote address: [STRING] Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] Inside VPN instance: [STRING] Outside VPN instance: [STRING] ACL number: [UINT32] ACL name: [STRING]
Variable fields	$1: Local IP address. $2: Remote IP address. $3-$8: Data flow related parameters. $9: Inside VPN instance. $10: Outside VPN instance. $11: ACL number. The default is 4294967295. This field is not displayed if the ACL name is displayed. $12: ACL name. This field is not displayed if the ACL number is displayed.
Severity level	6
Example	IPSEC/6/IPSEC_SA_INITIATION: Began to establish IPsec SA. Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb ACL number: 3101
Explanation	An IPsec SA was to be established.
Recommended action	No action is required.

‌

IPSEC_SA_TERMINATE

Message text	The IPsec SA was deleted. Reason: [STRING] SA information: · Role: [STRING] · Local address: [STRING] · Remote address: [STRING] · Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] · Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] · Inside VPN instance: [STRING] · Outside VPN instance: [STRING] · Inbound AH SPI: [STRING] · Outbound AH SPI: [STRING] · Inbound ESP SPI: [STRING] · Outbound ESP SPI: [STRING] · ACL number: [UINT32] · ACL name: [STRING]
Variable fields	$1: Reason for the deletion: · SA idle timeout · The reset command was executed · Internal event · Configuration change · An IKE SA deletion message was received $2: Role, initiator or responder. $3: Local IP address. $4: Remote IP address. $5-$10: Data flow related parameters. $11: Inside VPN instance. $12: Outside VPN instance. $13: Inbound AH SPI $14: Outbound AH SPI $15: Inbound ESP SPI $16: Outbound ESP SPI $17: ACL number. The default is 4294967295. This field is not displayed if the ACL name is displayed. $18: ACL name. This field is not displayed if the ACL number is displayed.
Severity level	6
Example	IPSEC/6/IPSEC_SA_TERMINATE: The IPsec SA was deleted. Reason: SA idle timeout. SA information: Role: initiator Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb Inbound AH SPI: 192365458 Outbound AH SPI: 13654581 Inbound ESP SPI: 292334583 Outbound ESP SPI: 5923654586 ACL number: 3101
Explanation	An IPsec SA was deleted.
Recommended action	No action is required.

‌

IPSG messages

This section contains IPSG messages.

IPSG_ADDENTRY_ERROR

Message text	Failed to add an IP source guard binding (IP [STRING], MAC [STRING], and VLAN [UINT16]) on interface [STRING]. [STRING].
Variable fields	$1: IPv4 address or IPv6 address. If you do not specify an IP address, this field displays N/A. $2: MAC address. If you do not specify a MAC address, this field displays N/A. $3: VLAN ID. If you do not specify a VLAN, this field displays 65535. $4: Interface name. If you do not specify an interface, this field displays N/A. $5: Failure reasons. Available options include: ¡ Feature not supported. ¡ Resources not sufficient. ¡ Maximum number of IPv4 binding entries already reached. ¡ Maximum number of IPv6 binding entries already reached. ¡ Unknown error.
Severity level	6
Example	IPSG/6/IPSG_ADDENTRY_ERROR: Failed to add an IP source guard binding (IP 1.1.1.1, MAC 0001-0001-0001, and VLAN 1) on interface Vlan-interface1. Resources not sufficient.
Explanation	IPSG failed to issue a static or dynamic IPSG binding. The message is sent in any of the following situations: · The IPSG feature is not supported. · The hardware resources are not sufficient for the operation. · The maximum number of IPv4SG or IPv6SG bindings is already reached. · An unknown error occurs.
Recommended action	To resolve the problem, you can perform the following tasks: · Clear the memory to release hardware resources when the failure is caused by insufficient hardware resources. · Add the IPSG binding again if you are adding a static binding. · Contact H3C Support if the failure is caused by an unknown error.

IPSG_DELENTRY_ERROR

Message text	Failed to delete an IP source guard binding (IP [STRING], MAC [STRING], and VLAN [UINT16]) on interface [STRING]. [STRING].
Variable fields	$1: IP address. If you do not specify an IP address, this field displays N/A. $2: MAC address. If you do not specify a MAC address, this field displays N/A. $3: VLAN ID. If you do not specify a VLAN, this field displays 65535. $4: Interface name. If you do not specify an interface, this field displays N/A. $5: Failure reason. Available options include: · Feature not supported. · Unknown error.
Severity level	6
Example	IPSG/6/IPSG_DELENTRY_ERROR: Failed to delete an IP source guard binding (IP 1.1.1.1, MAC 0001-0001-0001, and VLAN 1) on interface Vlan-interface1. Unknown error.
Explanation	IPSG failed to delete a global static IPSG binding. The message is sent in any of the following situations: · The IPSG feature is not supported. · An unknown error occurs.
Recommended action	To resolve the problem, you can perform the following tasks: · Delete the global static IPSG binding again. · Contact H3C Support if the failure is caused by an unknown error.

IPSG_ADDEXCLUDEDVLAN_ERROR

Message text	Failed to add excluded VLANs (start VLAN [UINT16] to end VLAN [UINT16]). [STRING].
Variable fields	$1: Start VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $2: End VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $3: Failure reasons. Available options include: · Feature not supported. · Resources not sufficient. · Unknown error.
Severity level	6
Example	IPSG/6/IPSG_ADDEXCLUDEDVLAN_ERROR: -MDC=1-Slot=4; Failed to add excluded VLANs (start VLAN 1 to end VLAN 5). Resources not sufficient.
Explanation	IPSG failed to issue the specified excluded VLANs. The message is sent in any of the following situations: · Excluded VLANs are not supported. · The hardware resources are not sufficient for the operation. · An unknown error occurs.
Recommended action	To resolve the problem, you can perform the following tasks: · Clear the memory to release hardware resources when the failure is caused by insufficient hardware resources. Then configure the excluded VLANs again. · Contact H3C Support if the failure is caused by an unknown error.

IPSG_DELEXCLUDEDVLAN_ERROR

Message text	Failed to delete excluded VLANs (start VLAN [UINT16] to end VLAN [UINT16]). [STRING].
Variable fields	$1: Start VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $2: End VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $3: Failure reasons. Available options include: · Feature not supported. · Resources not sufficient. · Unknown error.
Severity level	6
Example	IPSG/6/IPSG_DELEXCLUDEDVLAN_ERROR: -MDC=1-Slot=4; Failed to delete excluded VLANs (start VLAN 1 to end VLAN 5). Resources not sufficient.
Explanation	IPSG failed to delete the specified excluded VLANs. The message is sent in any of the following situations: · Excluded VLANs are not supported. · The hardware resources are not sufficient for the operation. · An unknown error occurs.
Recommended action	To resolve the problem, you can perform the following tasks: · Clear the memory to release hardware resources when the failure is caused by insufficient hardware resources. Then delete the excluded VLANs again. · Contact H3C Support if the failure is caused by an unknown error.

L2TPv2 messages

This section contains L2TPv2 messages.

L2TPV2_TUNNEL_EXCEED_LIMIT

Message text	Number of L2TP tunnels exceeded the limit.
Variable fields	N/A
Severity level	4
Example	L2TPV2/4/L2TPV2_TUNNEL_EXCEED_LIMIT: Number of L2TP tunnels exceeded the limit.
Explanation	The number of established L2TP tunnels has reached the limit.
Recommended action	1. Perform one of the following tasks: ¡ Execute the reset l2tp tunnel command to disconnect an idle tunnel. ¡ Wait for the device to automatically disconnect an idle tunnel after the hello interval elapses. 2. If the problem persists, contact H3C for support.

L2TPV2_SESSION_EXCEED_LIMIT

Message text	Number of L2TP sessions exceeded the limit.
Variable fields	N/A
Severity level	4
Example	L2TPV2/4/L2TPV2_SESSION_EXCEED_LIMIT: Number of L2TP sessions exceeded the limit.
Explanation	The number of established L2TP sessions has reached the limit.
Recommended action	No action is required.

LAGG messages

This section contains link aggregation messages.

LAGG_ACTIVE

Message text	Member port [STRING] of aggregation group [STRING] changed to the active state.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_ACTIVE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the active state.
Explanation	A member port in an aggregation group changed to the Selected state.
Recommended action	No action is required.

LAGG_AUTO_AGGREGATION

Message text	Failed to assign automatic assignment-enabled interface [STRING] to an aggregation group. Please check the configuration on the interface.
Variable fields	$1: Port name.
Severity level	6
Example	LAGG/6/LAGG_AUTO_AGGREGATON: Failed to assign automatic assignment-enabled interface FGE1/0/1 to an aggregation group. Please check the configuration on the interface.
Explanation	A port failed to join an automatically created aggregation group for one of the following reasons: · The attribute configuration of the port is inconsistent with that of the aggregate interface. · Some settings on the port prevent it from joining the aggregation group.
Recommended action	To resolve this issue: · Modify the attribute configuration of the port to be consistent with the aggregate interface. · Remove the settings that affect automatic member port assignment from the port.

LAGG_INACTIVE_AICFG

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the member port and the aggregate interface have different attribute configurations.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_AICFG: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the member port and the aggregate interface have different attribute configurations.
Explanation	A member port in an aggregation group changed to the Unselected state because the member port and the aggregate interface had different attribute configurations.
Recommended action	Modify the attribute configurations of the member port to be consistent with the aggregate interface.

LAGG_INACTIVE_BFD

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the BFD session state of the port was down.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_BFD: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the BFD session state of the port is down.
Explanation	A member port in an aggregation group changed to the Unselected state because the BFD session on the port went down.
Recommended action	To resolve this issue: · Check for a link failure. · Modify the port settings to make sure it has the same operational key and attribute configuration as the reference port.

LAGG_INACTIVE_CONFIGURATION

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the aggregation configuration of the port is incorrect.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_CONFIGURATION: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the aggregation configuration of the port is incorrect.
Explanation	A member port in an aggregation group changed to the Unselected state because the member port and the aggregate interface had different aggregation configuration.
Recommended action	No action is required.

LAGG_INACTIVE_DUPLEX

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the duplex mode is different between the member port and the reference port.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_DUPLEX: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the duplex mode is different between the member port and the reference port.
Explanation	A member port in an aggregation group changed to the Unselected state because the duplex mode was different between the member port and the reference port.
Recommended action	Change the duplex mode of the member port to be the same as the reference port.

LAGG_INACTIVE_HARDWAREVALUE

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because of the port's hardware restriction.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_HARDWAREVALUE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because of the port's hardware restriction.
Explanation	A member port in an aggregation group changed to the Unselected state because of the port's hardware restriction.
Recommended action	No action is required.

LAGG_INACTIVE_LACP_ISOLATE

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the link-aggregation lacp isolate setting had been configured.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_LACP_ISOLATE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the link-aggregation lacp isolate setting had been configured.
Explanation	A member port in an aggregation group changed to the Unselected state because the aggregate interface was isolated.
Recommended action	Remove aggregate interface isolation.

LAGG_INACTIVE_LOWER_LIMIT

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the number of active ports is below the lower limit.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_LOWER_LIMIT: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the number of active ports is below the lower limit.
Explanation	A member port in an aggregation group was placed in Unselected state because the required minimum number of Selected ports was not reached.
Recommended action	Make sure the minimum number of Selected ports is met.

LAGG_INACTIVE_PARTNER

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the aggregation configuration of its peer port is incorrect.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_PARTNER: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the aggregation configuration of its peer port is incorrect.
Explanation	A member port in an aggregation group changed to the Unselected state because the port's partner changed to the Unselected state.
Recommended action	No action is required.

LAGG_INACTIVE_PHYSTATE

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the physical state of the port is down.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_PHYSTATE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the physical state of the port is down.
Explanation	A member port in an aggregation group changed to the Unselected state because the port went down.
Recommended action	Bring up the member port.

LAGG_INACTIVE_RESOURCE_INSUFICIE

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because all aggregate resources are occupied.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_RESOURCE_INSUFICIE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because all aggregate resources are occupied.
Explanation	A member port in an aggregation group changed to the Unselected state because all aggregation resources were used.
Recommended action	No action is required.

LAGG_INACTIVE_SPEED

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the speed configuration of the port is incorrect.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_SPEED: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the speed configuration of the port is incorrect.
Explanation	A member port in an aggregation group changed to the Unselected state because the speed was different between the member port and the reference port.
Recommended action	Change the speed of the member port to be the same as the reference port.

LAGG_INACTIVE_UPPER_LIMIT

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the number of active ports has reached the upper limit.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_UPPER_LIMIT: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the number of active ports has reached the upper limit.
Explanation	The number of Selected ports reached the upper limit in a dynamic aggregation group. A member port in the aggregation group changed to the Unselected state because a more eligible port joined the aggregation group.
Recommended action	No action is required.

License

This section contains license messages.

LICENSE_FILE_LOST

Message text	License activation file [STRING] was lost.
Variable fields	$1: Name of the activation file.
Severity level	4
Example	LIC/4/LICENSE_FILE_LOST: License activation file 0123456789.ak was lost.
Explanation	A license activation file was lost.
Recommended action	1. Copy the backup activation file to the license folder on the device. 2. If no backup activation file is available, go to the email box provided when the license is registered and obtain the activation file. Then, copy the activation file to the license folder on the device. 3. If you do not obtain the activation file in the email box provided when the license is registered, contact H3C Support to retrieve the lost activation file and copy the activation file to the license folder on the device.

LICENSE_FILE_RESTORE

Message text	License activation file [STRING] was successfully restored.
Variable fields	$1: Name of the activation file.
Severity level	6
Example	LIC/6/LICENSE_FILE_RESTORE: License activation file 0123456789.ak was successfully restored.
Explanation	A license activation file was successfully restored.
Recommended action	No action is required.

LICENSE_NEAR_EXPIRE

Message text	License [STRING] will expire in [left days] days.
Variable fields	$1: License key, activation key, or activation file name. $2: Remaining validity days.
Severity level	4
Example	LIC/4/LICENSE_NEAR_EXPIRE: License 0123456789.ak will expire in 2 days.
Explanation	A license will expire in n days.
Recommended action	Purchase and install a new license as soon as possible.

LICENSE_EXPIRE

Message text	License [STRING] expired.
Variable fields	$1: License key, activation key, or activation file name.
Severity level	4
Example	LIC/4/LICENSE_EXPIRE: License 0123456789.ak expired.
Explanation	A license expired.
Recommended action	Purchase and install a new license as soon as possible.

LICENSE_TAKE_EFFECT

Message text	State of license [STRING] changed to in use.
Variable fields	$1: License key, activation key, or activation file name.
Severity level	6
Example	LIC/6/LICENSE_TAKE_EFFECT: State of license 0123456789.ak changed to in use.
Explanation	The state of a license changed from usable to in use.
Recommended action	No action is required.

LICENSE_PRE_NEAR_EXPIRE

Message text	Preinstalled licenses will expire in [STRING] days.
Variable fields	$1: Remaining validity days.
Severity level	4
Example	LIC/4/LICENSE_PRE_NEAR_EXPIRE: Preinstalled licenses will expire in 3 days.
Explanation	Preinstalled licenses will expire in n days. If no formal licenses are installed, license-based features will become inaccessible after the preinstalled licenses expire. To use the features, you must install formal licenses.
Recommended action	Examine whether usable formal licenses are installed. If no usable formal licenses are installed, purchase and install formal licenses.

LICENSE_PRE_EXPIRE

Message text	Preinstalled licenses expired.
Variable fields	N/A
Severity level	4
Example	LIC/4/LICENSE_PRE_EXPIRE: Preinstalled licenses expired.
Explanation	Preinstalled licenses expired.
Recommended action	Examine whether usable formal licenses are installed. If no usable formal licenses are installed, purchase and install formal licenses.

LIPC messages

This section contains Leopard inter-process communication (LIPC) messages.

LIPC_MTCP_CHECK

Message text	Data stays in the receive buffer for an over long time. Owner=[STRING], VRF=[INTEGER], Group=[INTEGER], MID=[INTEGER].
Variable fields	$1: Name of the process. $2: Name of the VRF to which the LIPC link belongs to. $3: Multicast group ID of the LIPC link. $4: Multicast group member ID of the LIPC link.
Severity level	4
Example	LIPC/4/LIPC_MTCP_CHECK: Data stays in the receive buffer for an over long time. Owner=fsd, VRF=0, Group=134, MID=10001.
Explanation	Processes will establish an LIPC link during internal communication. LIPC MTCP assigns a receive buffer to the process and checks at intervals whether data in the buffer is retrieved by the process. If the process has not retrieved data from the receive buffer for a long time and a large amount of data accumulates in the buffer, the process might run abnormally.
Recommended action	No action is required.

LIPC_STCP_CHECK

Message text	Data stays in the receive buffer for an over long time. Owner=[STRING], VRF=[INTEGER], local address/port=[INTEGER]/[INTEGER], remote address/port=[INTEGER]/[INTEGER].
Variable fields	$1: Name of the process that established the LIPC link. $2: Name of the VRF to which the LIPC link belongs. $3: LIP address of the local node. $4: Port number of the local node. $5: LIP address of the remote node. $6: Port number of the remote node.
Severity level	4
Example	LIPC/4/LIPC_STCP_CHECK: Data stays in the receive buffer for an over long time. Owner=fsd, VRF=0, local address/port=8/10515, remote address/port=0/20415.
Explanation	Processes will establish an LIPC link during internal communication. LIPC STCP assigns a receive buffer to the process and checks at intervals whether data in the buffer is retrieved by the process. If the process has not retrieved data from the receive buffer for a long time and a large amount of data accumulates in the buffer, the process might run abnormally.
Recommended action	No action is required.

LIPC_STCP_DUPLICATE_SOCKET

Message text	Socket (LIP=[INTEGER], PortID=[INTEGER], Owner=[STRING]) has failed connect to server (LIP=[INTEGER],Port=[INTEGER]) too many times.
Variable fields	$1: LIP address of the local node. $2: Port number of the local node. $3: Name of the process. $5: LIP address of the remote node. $6: Service port number.
Severity level	4
Example	LIPC/4/LIPC_STCP_DUPLICATE_SOCKET: Socket (LIP=8, PortID=123456, Owner=sfs) has failed connect to server (LIP=8, Port=10515) too many times.
Explanation	Typically, if a service module fails to establish a connection by using a socket, it will close that socket and apply for another socket for reconnection. If the module continues to use the failed socket for connection, LIPC will return a failure. This log records information about reconnection failures of a module by using a failed socket.
Recommended action	N/A

LIPC_SUDP_CHECK

Message text	Data stays in the receive buffer for an over long time. Owner=[STRING], VRF=[INTEGER], local address/port=[INTEGER]/[INTEGER], remote address/port=[INTEGER]/[INTEGER].
Variable fields	$1: Name of the process that established the LIPC link. $2: Name of the VRF to which the LIPC link belongs. $3: LIP address of the local node. $4: Port number of the local node. $5: LIP address of the remote node. $6: Port number of the remote node.
Severity level	4
Example	LIPC/4/LIPC_SUDP_CHECK: Data stays in the receive buffer for an over long time. Owner=snmpd, VRF=0, local address/port=0/10525, remote address/port=32768/0.
Explanation	Processes will establish an LIPC link during internal communication. LIPC SUDP assigns a receive buffer to the process and checks at intervals whether data in the buffer is retrieved by the process. If the process has not retrieved data from the receive buffer for a long time and a large amount of data accumulates in the buffer, the process might run abnormally.
Recommended action	No action is required.

PORT_CHANGE

Message text	STCP: Node where the listening port number [INTGER] (MDC: [INTGER] VRF: [INTGER]) resides changed from LIP [INTGER] to LIP [INTGER].
Variable fields	$1: LIPC global port number. $2: Name of the MDC where the LIPC global port resides. $3: Name of the VRF to which the LIPC global port belongs. $4: Name of the old LIPC node where the LIPC global port resides. $5: Name of the new LIPC node where the LIPC global port resides.
Severity level	5
Example	LIPC/5/PORT_CHANGE: STCP: Node where the listening port number 620 (MDC: 1 VRF: 1) resides changed from LIP 1 to LIP 3.
Explanation	STCP assigns an LIPC global port number as a listening port number to each service module as requested. Typically, a service module listens to the port number only on the LIPC node where the port has been requested. This message is generated if the service module listens to the port number on a different LIPC node. STCP will move the port number from the old LIPC node to the new node.
Recommended action	No action is required.

LLDP messages

This section contains LLDP messages.

LLDP_CREATE_NEIGHBOR

Message text	[STRING] agent new neighbor created on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING].
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID.
Severity level	6
Example	LLDP/6/LLDP_CREATE_NEIGHBOR: Nearest bridge agent new neighbor created on port Ten-GigabitEthernet10/0/15 (IfIndex 599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5.
Explanation	The port received an LLDP message from a new neighbor.
Recommended action	No action is required.

LLDP_DELETE_NEIGHBOR

Message text	[STRING] agent neighbor deleted on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING].
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID.
Severity level	6
Example	LLDP/6/LLDP_DELETE_NEIGHBOR: Nearest bridge agent neighbor deleted on port Ten-GigabitEthernet10/0/15 (IfIndex 599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5.
Explanation	The port received a deletion message when a neighbor was deleted.
Recommended action	No action is required.

LLDP_LESS_THAN_NEIGHBOR_LIMIT

Message text	The number of [STRING] agent neighbors maintained by port [STRING] (IfIndex [UINT32]) is less than [UINT32], and new neighbors can be added.
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Maximum number of neighbors a port can maintain.
Severity level	6
Example	LLDP/6/LLDP_LESS_THAN_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by port Ten-GigabitEthernet10/0/15 (IfIndex 599) is less than 5, and new neighbors can be added.
Explanation	New neighbors can be added for the port because the limit has not been reached.
Recommended action	No action is required.

LLDP_NEIGHBOR_AGE_OUT

Message text	[STRING] agent neighbor aged out on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING].
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID.
Severity level	5
Example	LLDP/5/LLDP_NEIGHBOR_AGE_OUT: Nearest bridge agent neighbor aged out on port Ten-GigabitEthernet10/0/15 (IfIndex599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5.
Explanation	This message is generated when the port failed to receive LLDPDUs from the neighbor within a certain period of time.
Recommended action	Verify the link status or the receive/transmit status of LLDP on the peer.

LLDP_NEIGHBOR_PROTECTION_BLOCK

Message text	The status of port [STRING] changed to blocked ([STRING]) for the [STRING] agent.
Variable fields	$1: Interface name. $2: Neighbor protection feature that caused the state change: aging or validation. $3: LLDP agent type.
Severity level	4
Example	LLDP/4/LLDP_NEIGHBOR_PROTECTION_BLOCK: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to blocked (aging) for the nearest bridge agent.
Explanation	The port was blocked because of neighbor aging or neighbor validation failure.
Recommended action	· If the port is blocked because of neighbor aging, verify the link status or the receive/transmit status of LLDP on both ends. · If the port is blocked because of neighbor validation failure, verify that the following attribute values in the received LLDP packet match those configured on the port: ¡ Chassis ID subtype. ¡ Chassis ID. ¡ Port ID subtype. ¡ Port ID.

LLDP_NEIGHBOR_PROTECTION_DOWN

Message text	The status of port [STRING] changed to down (aging) for the [STRING] agent.
Variable fields	$1: Interface name. $2: LLDP agent type.
Severity level	4
Example	LLDP/4/LLDP_NEIGHBOR_PROTECTION_DOWN: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to down (aging) for the nearest bridge agent.
Explanation	The port was shut down because of neighbor aging.
Recommended action	Verify the link status or the receive/transmit status of LLDP on both ends.

LLDP_NEIGHBOR_PROTECTION_UNBLOCK

Message text	The status of port [STRING] changed to unblocked for the [STRING] agent.
Variable fields	$1: Interface name. $2: LLDP agent type.
Severity level	4
Example	LLDP/4/LLDP_NEIGHBOR_PROTECTION_UNBLOCK: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to unblocked for the nearest bridge agent.
Explanation	The port state changed from blocked to unblocked.
Recommended action	No action is required.

LLDP_NEIGHBOR_PROTECTION_UP

Message text	The status of port [STRING] changed to up for the [STRING] agent.
Variable fields	$1: Interface name. $2: LLDP agent type.
Severity level	4
Example	LLDP/4/LLDP_NEIGHBOR_PROTECTION_UP: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to up for the nearest bridge agent.
Explanation	The port state changed from DOWN to UP.
Recommended action	No action is required.

LLDP_PVID_INCONSISTENT

Message text	PVID mismatch discovered on [STRING] (PVID [UINT32]), with [STRING] [STRING] (PVID [STRING]).
Variable fields	$1: Port name. $2: VLAN ID. $3: System name. $4: Port name. $5: VLAN ID.
Severity level	5
Example	LLDP/5/LLDP_PVID_INCONSISTENT: MDC=1; PVID mismatch discovered on Ten-GigabitEthernet0/2/6 (PVID 1), with Ten-GigabitEthernet0/2/7 (PVID 500).
Explanation	This message is generated when the PVID on the peer is different from the PVID of the local interface.
Recommended action	Configure the same PVID for the local and peer interfaces.

LLDP_REACH_NEIGHBOR_LIMIT

Message text	The number of [STRING] agent neighbors maintained by the port [STRING] (IfIndex [UINT32]) has reached [UINT32], and no more neighbors can be added.
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Maximum number of neighbors a port can maintain.
Severity level	5
Example	LLDP/5/LLDP_REACH_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by the port Ten-GigabitEthernet10/0/15 (IfIndex 599) has reached 5, and no more neighbors can be added.
Explanation	This message is generated when the port with its maximum number of neighbors reached received an LLDP packet.
Recommended action	No action is required.

LOAD messages

This section contains load management messages.

BOARD_LOADING

Message text	Board in chassis [INT32] slot [INT32] is loading software images.
Variable fields	$1: Chassis ID. $2: Slot ID.
Severity level	4
Example	LOAD/4/BOARD_LOADING: Board in chassis 1 slot 5 is loading software images.
Explanation	The card is loading software images during the boot process.
Recommended action	No action is required.

LOAD_FAILED

Message text	Board in chassis [INT32] slot [INT32] failed to load software images.
Variable fields	$1: Chassis ID. $2: Slot ID.
Severity level	3
Example	LOAD/3/LOAD_FAILED: Board in chassis 1 slot 5 failed to load software images.
Explanation	The card failed to load software images during the boot process.
Recommended action	1. Execute the display boot-loader command to identify the startup software images. 2. Execute the dir command to verify that the startup software images exist. If the startup software images do not exist or are damaged, re-upload the software images to the device or set another one as the startup software images. 3. If the problem persists, contract H3C/H3C Support.

LOAD_FINISHED

Message text	Board in chassis [INT32] slot [INT32] has finished loading software images.
Variable fields	$1: Chassis ID. $2: Slot ID.
Severity level	5
Example	LOAD/5/LOAD_FINISHED: Board in chassis 1 slot 5 has finished loading software images.
Explanation	The card has finished loading software images.
Recommended action	No action is required.

LOGIN messages

This section contains login messages.

LOGIN_AUTHENTICATION_FAILED

Message text	Authentication failed for [STRING] from [STRING] because of [STRING].
Variable fields	$1: Username. $2: Line name or IP address. $3: Failure reason: ¡ no AAA response from any server during the authentication. ¡ invalid username or password or service type mismatch. ¡ configuration error or other errors.
Severity level	5
Example	LOGIN/5/LOGIN_AUTHENTICATION_FAILED: Authentication failed for Usera from console0 because of no AAA response from any server during the authentication.
Explanation	A user failed the login authentication.
Recommended action	Read the failure reason and take actions accordingly.

LOGIN_FAILED

Message text	[STRING] failed to login from [STRING].
Variable fields	$1: Username. $2: Line name or IP address.
Severity level	5
Example	LOGIN/5/LOGIN_FAILED: TTY failed to log in from console0. LOGIN/5/LOGIN_FAILED: usera failed to log in from 192.168.11.22.
Explanation	A login attempt failed.
Recommended action	No action is required.

LOGIN_ INVALID_USERNAME_PWD

Message text	Invalid username or password from [STRING].
Variable fields	$1: User line name and user IP address.
Severity level	5
Example	LOGIN/5/LOGIN_INVALID_USERNAME_PWD: Invalid username or password from console0. LOGIN/5/LOGIN_INVALID_USERNAME_PWD: Invalid username or password from 192.168.11.22.
Explanation	A user entered an invalid username or password.
Recommended action	No action is required.

LPDT messages

This section contains loop detection messages.

LPDT_LOOPED

Message text	A loop was detected on [STRING].
Variable fields	$1: Port name.
Severity level	4
Example	LPDT/4/LPDT_LOOPED: A loop was detected on GigabitEthernet1/0/1.
Explanation	The first intra-VLAN loop was detected on a port.
Recommended action	Check the links and configuration on the device for the loop, and remove the loop.

LPDT_RECOVERED

Message text	All loops were removed on [STRING].
Variable fields	$1: Port name.
Severity level	5
Example	LPDT/5/LPDT_RECOVERED: All loops were removed on GigabitEthernet1/0/1.
Explanation	All intra-VLAN loops on a port were removed.
Recommended action	No action is required.

LPDT_VLAN_LOOPED

Message text	A loop was detected on [STRING] in VLAN [UINT16].
Variable fields	$1: Port name. $2: VLAN ID.
Severity level	4
Example	LPDT/4/LPDT_VLAN_LOOPED: A loop was detected on GigabitEthernet1/0/1 in VLAN 1.
Explanation	A loop in a VLAN was detected on a port.
Recommended action	Check the links and configurations in the VLAN for the loop, and remove the loop.

LPDT_VLAN_RECOVERED

Message text	A loop was removed on [STRING] in VLAN [UINT16].
Variable fields	$1: Port name. $2: VLAN ID.
Severity level	5
Example	LPDT/5/LPDT_VLAN_RECOVERED: A loop was removed on GigabitEthernet1/0/1 in VLAN 1.
Explanation	A loop in a VLAN was removed on a port.
Recommended action	No action is required.

LS messages

This section contains Local Server messages.

LOCALSVR_PROMPTED_CHANGE_PWD

Message text	Please change the password of [STRING] [STRING], because [STRING].
Variable fields	$1: Password type: ¡ device management user. ¡ user line. ¡ user line class. $2: Username, user line number, or user line class number. $3: Reason for password change: ¡ the current password is a weak-password. ¡ the current password is the default password. ¡ it is the first login of the current user or the password had been reset. ¡ the password had expired.
Severity level	6
Example	LOCALSVR/6/LOCALSVR_PROMPTED_CHANGE_PWD: Please change the password of device management user hhh, because the current password is a weak password.
Explanation	The device generated a log message to prompt a user to change the password of the user, user line, or user line class. The device will generate such a log message every 24 hours after the user logs in to the device if the password does not meet the password control requirements.
Recommended action	Change the user password as required: · If scheme authentication is used, change the local password of the user. · If password authentication is used, change the authentication password of the user line or user line class for the user.

LS_ADD_USER_TO_GROUP

Message text	Admin [STRING] added user [STRING] to group [STRING].
Variable fields	$1: Admin name. $2: Username. $3: User group name.
Severity level	4
Example	LS/4/LS_ADD_USER_TO_GROUP: Admin admin added user user1 to group group1.
Explanation	The administrator added a user into a user group.
Recommended action	No action is required.

LS_AUTHEN_FAILURE

Message text	User [STRING] from [STRING] failed authentication. [STRING]
Variable fields	$1: Username. $2: IP address. $3: Failure reason: ¡ "User not found." ¡ "Password verified failed." ¡ "User not active." ¡ "Access type mismatch." ¡ "Binding attribute is failed." ¡ "User in blacklist."
Severity level	5
Example	LS/5/LS_AUTHEN_FAILURE: User cwf@system from 192.168.0.22 failed authentication. "User not found."
Explanation	The local server rejected a user's authentication request.
Recommended action	No action is required.

LS_AUTHEN_SUCCESS

Message text	User [STRING] from [STRING] was authenticated successfully.
Variable fields	$1: Username. $2: IP address.
Severity level	6
Example	LS/6/LS_AUTHEN_SUCCESS: User cwf@system from 192.168.0.22 was authenticated successfully.
Explanation	The local server accepted a user's authentication request.
Recommended action	No action is required.

LS_DEL_USER_FROM_GROUP

Message text	Admin [STRING] delete user [STRING] from group [STRING].
Variable fields	$1: Admin name. $2: Username. $3: User group name.
Severity level	4
Example	LS/4/LS_DEL_USER_FROM_GROUP: Admin admin delete user user1 from group group1.
Explanation	The administrator deleted a user from a user group.
Recommended action	No action is required.

LS_DELETE_PASSWORD_FAIL

Message text	Failed to delete the password for user [STRING].
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_DELETE_PASSWORD_FAIL: Failed to delete the password for user abcd.
Explanation	Failed to delete the password for a user.
Recommended action	Check the file system for errors.

LS_PWD_ADDBLACKLIST

Message text	User [STRING] was added to the blacklist due to multiple login failures, [STRING].
Variable fields	$1: Username. $2: Options include: ¡ but could make other attempts. ¡ and is permanently blocked. ¡ and was temporarily blocked for [UINT32] minutes.
Severity level	4
Example	LS/4/LS_PWD_ADDBLACKLIST: User user1 was added to the blacklist due to multiple login failures, but could make other attempts.
Explanation	A user was added to the blacklist because of multiple login failures.
Recommended action	Check the user's password.

LS_PWD_CHGPWD_FOR_AGEDOUT

Message text	User [STRING] changed the password because it was expired.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_AGEDOUT: User aaa changed the password because it was expired.
Explanation	A user changed the password because the old password has expired.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_AGEOUT

Message text	User [STRING] changed the password because it was about to expire.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_AGEOUT: User aaa changed the password because it was about to expire.
Explanation	A user changed the password because the old password was about to expire.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_COMPOSITION

Message text	User [STRING] changed the password because it had an invalid composition.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_COMPOSITION: User aaa changed the password because it had an invalid composition.
Explanation	A user changed the password because it had an invalid composition.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_FIRSTLOGIN

Message text	User [STRING] changed the password at the first login.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_FIRSTLOGIN: User aaa changed the password at the first login.
Explanation	A user changed the password at the first login.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_LENGTH

Message text	User [STRING] changed the password because it was too short.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_LENGTH: User aaa changed the password because it was too short.
Explanation	A user changed the password because it was too short.
Recommended action	No action is required.

LS_PWD_FAILED2WRITEPASS2FILE

Message text	Failed to write the password records to file.
Variable fields	N/A
Severity level	4
Example	LS/4/LS_PWD_FAILED2WRITEPASS2FILE: Failed to write the password records to file.
Explanation	Failed to write the password records to file.
Recommended action	No action is required.

LS_PWD_MODIFY_FAIL

Message text	Admin [STRING] from [STRING] could not modify the password for user [STRING], because [STRING].
Variable fields	$1: Admin name. $2: IP address. $3: Username. $4: Failure reason: ¡ old password is incorrect. ¡ password is too short. ¡ password has not minimum different chars. ¡ invalid password composition. ¡ password has repeated chars. ¡ password contains username. ¡ password used already. ¡ password is in update-wait time.
Severity level	4
Example	LS/4/LS_PWD_MODIFY_FAIL: Admin admin from 1.1.1.1 could not modify the password for user user1, because old password is incorrect.
Explanation	An administrator failed to modify a user's password.
Recommended action	No action is required.

LS_PWD_MODIFY_SUCCESS

Message text	Admin [STRING] from [STRING] modify the password for user [STRING] successfully.
Variable fields	$1: Admin name. $2: IP address. $3: Username.
Severity level	6
Example	LS/6/LS_PWD_MODIFY_SUCCESS: Admin admin from 1.1.1.1 modify the password for user abc successfully.
Explanation	An administrator successfully modified a user's password.
Recommended action	No action is required.

LS_REAUTHEN_FAILURE

Message text	User [STRING] from [STRING] failed reauthentication.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	LS/5/LS_REAUTHEN_FAILURE: User abcd from 1.1.1.1 failed reauthentication.
Explanation	A user failed reauthentication.
Recommended action	Check the old password.

LS_UPDATE_PASSWORD_FAIL

Message text	Failed to update the password for user [STRING].
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_UPDATE_PASSWORD_FAIL: Failed to update the password for user abc.
Explanation	Failed to update the password for a user.
Recommended action	Check the file system for errors.

LS_USER_CANCEL

Message text	User [STRING] from [STRING] cancelled inputting the password.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	LS/5/LS_USER_CANCEL: User 1 from 1.1.1.1 cancelled inputting the password.
Explanation	The user cancelled inputting the password or did not input the password in 90 seconds.
Recommended action	No action is required.

LS_USER_PASSWORD_EXPIRE

Message text	User [STRING]'s login idle timer timed out.
Variable fields	$1: Username.
Severity level	5
Example	LS/5/LS_USER_PASSWORD_EXPIRE: User 1's login idle timer timed out.
Explanation	The login idle time for a user expired.
Recommended action	No action is required.

LS_USER_ROLE_CHANGE

Message text	Admin [STRING] [STRING] the user role [STRING] for [STRING].
Variable fields	$1: Admin name. $2: Added/Deleted. $3: User role. $4: Username.
Severity level	4
Example	LS/4/LS_USER_ROLE_CHANGE: Admin admin add the user role network-admin for abcd.
Explanation	The administrator added a user role for a user.
Recommended action	No action is required.

MAC messages

This section contains MAC messages.

MAC_DRIVER_ADD_ENTRY

Message text	Driver failed to add MAC address entry: MAC address=[STRING], VLAN=[UINT32], State=[UINT32], interface=[STRING].
Variable fields	$1: MAC address. $2: VLAN ID. $3: Entry type number. $4: Interface type and interface number.
Severity level	4
Example	MAC/4/MAC_DRIVER_ADD_ENTRY: Driver failed to add MAC address entry: MAC address=1-1-1, VLAN=1, State=2, interface=GigabitEthernet1/0/1.
Explanation	Failed to add a MAC address entry on an interface.
Recommended action	No action is required.

MAC_NOTIFICATION

Message text	Message format 1: MAC address [STRING] in VLAN [UNIT32] has moved from port [STRING] to port [STRING] for [UNIT32] times. Message format 2: MAC address [STRING] in VSI [STRING] has moved from [STRING] service-instance [UNIT32] to [STRING] service-instance [UNIT32] for [UNIT32] times.
Variable fields	Message format 1: $1: MAC address. $2: VLAN ID. $3: Interface name. $4: Interface name. $5: Number of MAC address moves. Message format 2: $1: MAC address. $2: VSI name. $3: Interface name. $4: Ethernet service instance ID. $5: Interface name. $6: Ethernet service instance ID. $7: Number of MAC address moves.
Severity level	4
Example	Message format 1: MAC/4/MAC_NOTIFICATION: MAC address 0000-0012-0034 in VLAN 500 has moved from port GE1/0/1 to port GE1/0/2 for 1 times Message format 2: MAC/4/MAC_NOTIFICATION: MAC address 0010-9400-0002 in VSI vpna has moved from Twenty-FiveGigE1/0/1 service-instance 40 to Twenty-FiveGigE1/0/3 service-instance 30 for 152499 times.
Explanation	A MAC address moved between two interfaces or Ethernet service instances.
Recommended action	No action is required.

MAC_TABLE_FULL_GLOBAL

Message text	The number of MAC address entries reached the maximum number [UINT32].
Variable fields	$1: Maximum number of MAC addresses.
Severity level	4
Example	MAC/4/MAC_TABLE_FULL_GLOBAL: The number of MAC address entries reached the maximum number 1024.
Explanation	The number of entries in the global MAC address table reached the maximum number supported by the table.
Recommended action	No action is required.

MAC_TABLE_FULL_PORT

Message text	The number of MAC address entries reached the maximum number [UINT32] for interface [STRING].
Variable fields	$1: Maximum number of MAC addresses. $2: Interface name.
Severity level	4
Example	MAC/4/MAC_TABLE_FULL_PORT: The number of MAC address entries reached the maximum number 1024 for interface GigabitEthernet2/0/32.
Explanation	The number of entries in the MAC address table for an interface reached the maximum number supported by the table.
Recommended action	No action is required.

MAC_TABLE_FULL_VLAN

Message text	The number of MAC address entries reached the maximum number [UINT32] in VLAN [UINT32].
Variable fields	$1: Maximum number of MAC addresses. $2: VLAN ID.
Severity level	4
Example	MAC/4/MAC_TABLE_FULL_VLAN: The number of MAC address entries reached the maximum number 1024 in VLAN 2.
Explanation	The number of entries in the MAC address table for a VLAN reached the maximum number supported by the table.
Recommended action	No action is required.

MAC_VLAN_LEARNLIMIT_NORESOURCE

Message text	The card does not have enough hardware resources to set MAC learning limit for VLAN [UINT16].
Variable fields	$1: VLAN ID.
Severity level	5
Example	MAC/5/MAC_VLAN_LEARNLIMIT_NORESOURCE: The card does not have enough hardware resources to set MAC learning limit for VLAN 100.
Explanation	Failed to set the MAC learning limit for a VLAN because the card does not have enough hardware resources.
Recommended action	No action is required.

MAC_VLAN_LEARNLIMIT_NOTSUPPORT

Message text	The card does not support setting MAC learning limit for VLAN [UINT16].
Variable fields	$1: VLAN ID.
Severity level	5
Example	MAC/5/ MAC_VLAN_LEARNLIMIT_NOTSUPPORT: The card does not support setting MAC learning limit for VLAN 100.
Explanation	MAC learning limit setting for a VLAN is not supported on the card.
Recommended action	No action is required.

MACA messages

This section contains MAC authentication messages.

MACA_ENABLE_NOT_EFFECTIVE

Message text	MAC authentication is enabled but is not effective on interface [STRING].
Variable fields	$1: Interface type and number.
Severity level	3
Example	MACA/3/MACA_ENABLE_NOT_EFFECTIVE: MAC authentication is enabled but is not effective on interface Ethernet3/1/2.
Explanation	MAC authentication configuration does not take effect on an interface, because the interface does not support MAC authentication.
Recommended action	1. Disable MAC authentication on the interface. 2. Reconnect the connected devices to another interface that supports MAC authentication. 3. Enable MAC authentication on the new interface.

MACA_LOGIN_FAILURE

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; User failed MAC authentication. Reason: [STRING].
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. $6: Failure cause: · MAC address authorization failed. · VLAN authorization failed. · VSI authorization failed. · ACL authorization failed. · User profile authorization failed. · URL authorization failed. · Microsegment authorization failed. · Authentication process failed.
Severity level	6
Example	MACA/6/MACA_LOGIN_FAILURE: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0000-0001-VLANID=1-Username=0000-0000-0001-UsernameFormat=MAC address; User failed MAC authentication. Reason: VLAN authorization failed.
Explanation	The user failed MAC authentication for a specific reason.
Recommended action	Locate the failure cause and handle the issue according to the failure cause.

MACA_LOGIN_SUCC

Message text	-IfName=[STRING]-MACAddr=[STRING]-AccessVLANID=[STRING]-AuthorizationVLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; User passed MAC authentication and came online.
Variable fields	$1: Interface type and number. $2: MAC address. $3: ID of the access VLAN. $4: ID of the authorization VLAN. $5: Username. $6: User account format.
Severity level	6
Example	MACA/6/MACA_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-AccessVLANID=444-AuthorizationVLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; User passed MAC authentication and came online.
Explanation	The user passed MAC authentication.
Recommended action	No action is required.

MACA_LOGIN_SUCC (in open mode)

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; The user that failed MAC authentication passed open authentication and came online.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format.
Severity level	6
Example	MACA/6/MACA_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; The user that failed MAC authentication passed open authentication and came online.
Explanation	A user failed MAC authentication but passed open authentication.
Recommended action	No action is required.

MACA_LOGOFF

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; MAC authentication user was logged off.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format.
Severity level	6
Example	MACA/6/MACA_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; MAC authentication user was logged off.
Explanation	The MAC authentication user was logged off.
Recommended action	Locate the logoff cause and remove the issue. If the logoff was requested by the user, no action is required.

MACA_LOGOFF (in open mode)

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; MAC authentication open user was logged off.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format.
Severity level	6
Example	MACA/6/MACA_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; MAC authentication open user was logged off.
Explanation	A MAC authentication open user was logged off.
Recommended action	Locate the logoff cause and remove the issue. If the logoff was requested by the user, no action is required.

MFIB messages

This section contains MFIB messages.

MFIB_MEM_ALERT

Message text	MFIB process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alert event.
Severity level	5
Example	MFIB/5/MFIB_MEM_ALERT: MFIB process receive system memory alert start event.
Explanation	The MFIB module received a memory alert event from the system.
Recommended action	1. Check the system memory to make sure the memory usage does not exceed the thresholds. 2. Release memory from memory-intensive modules.

NAT messages

This section contains NAT messages.

EIM_MODE_PORT_USAGE_ALARM

Message text	[STRING] Port usage reaches [STRING]%; SrcIPAddr=[IPADDR]; VPNInstance=[STRING]; NATIPAddr=[IPADDR]; ConnectCount=[UINT16].
Variable fields	$1: Protocol type. $2: Percentage. $3: Source IP address. $4: Source VPN instance name. $5: Source IP address after translation. $6: Numbers of ports that are assigned.
Severity level	6
Example	NAT/6/EIM_MODE_PORT_USAGE_ALARM: UDP Port usage reaches 40%; SrcIPAddr=1.1.1.211; VPNInstance=-; NATIPAddr=198.1.1.16; ConnectCount=40.
Explanation	This message is sent in the following conditions: · The port usage in a port block equals or exceeds the threshold set by the nat log port-block port-usage threshold command. · The Endpoint-Independent Mapping mode is applied.
Recommended action	No action is required.

NAT_ADDR_BIND_CONFLICT

Message text	Failed to activate NAT configuration on interface [STRING], because global IP addresses already bound to another service card.
Variable fields	$1: Interface name.
Severity level	4
Example	NAT/4/NAT_ADDR_BIND_CONFLICT: Failed to activate NAT configuration on interface GigabitEthernet1/0/1, because global IP addresses already bound to another service card.
Explanation	The NAT configuration did not take effect, because the global IP addresses that the interface references have been bound to another service card.
Recommended action	If multiple interfaces reference the same global IP addresses, you must specify the same service card to process NAT traffic passing through these interfaces. To resolve the problem: 1. Use the display nat all command to check the current configuration. 2. Remove the service card configuration on the interface. 3. Specify the same service card for interfaces referencing the same global IP addresses.

NAT_EIM

Message text	Protocol(1001)=[STRING];LocalIPAddr(1003)=[IPADDR];LocalPort(1004)=[UINT16];GlobalIPAddr(1005)=[IPADDR];GlobalPort(1006)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=[STRING];
Variable fields	$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Source DS-Lite tunnel. $9: Time when the EIM entry was created. $10: Time when the EIM entry was removed. $11: Event description: ¡ NAT EIM entry created. ¡ NAT EIM entry deleted.
Severity level	6
Example	NAT/6/NAT_EIM: -Protocol(1001)=UDP;LocalIPAddr(1003)=1.1.1.2;LocalPort(1004)=1024;GlobalIPAddr(1005)=30.3.1.231;GlobalPort(1006)=1026;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;BeginTime_e(1013)=10261971001739;EndTime_e(1014)=;Event(1048)=Nat eim created;
Explanation	This message is sent when a NAT EIM entry is created or removed.
Recommended action	No action is required.

NAT_FLOW

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING];
Variable fields	$1: Protocol type. $2: Application layer protocol. $3: Source IP address. $4: Source port number. $5: Source IP address after translation. $6: Source port number after translation. $7: Destination IP address. $8: Destination port number. $9: Destination IP address after translation. $10: Destination port number after translation. $11: Total number of incoming packets. $12: Total number of incoming bytes. $13: Total number of outgoing packets. $14: Total number of outgoing bytes. $15: Source VPN instance name. $16: Destination VPN instance name. $17: Source DS-Lite tunnel. $18: Destination DS-Lite tunnel. $19: Time when the session is created. $20: Time when the session is removed. $21: Event time. $22: Event description: ¡ Session created. ¡ Active data flow timeout ¡ Normal over. ¡ Aged for timeout. ¡ Aged for reset or config-change. ¡ Other.
Severity level	6
Example	NAT/6/NAT_FLOW: Protocol(1001)=UDP;Application(1002)=other;SrcIPAddr(1003)=1.1.1.2;SrcPort(1004)=1024;NatSrcIPAddr(1005)=30.3.1.231;NatSrcPort(1006)=1026;DstIPAddr(1007)=2.1.1.2;DstPort(1008)=1024;NatDstIPAddr(1009)=2.1.1.2;NatDstPort(1010)=1024;InitPktCount(1044)=1;InitByteCount(1046)=110;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=03232019091640;EndTime_e(1014)=;Event(1048)=(8)Session created;
Explanation	This message is sent in one of the following conditions: · A NAT session is created or removed. · Regularly during a NAT session. · The traffic threshold or aging time of a NAT session is reached.
Recommended action	No action is required.

NAT_SERVER_INVALID

Message text	The NAT server with Easy IP is invalid because its global settings conflict with that of another NAT server on this interface.
Variable fields	N/A
Severity level	4
Example	NAT/4/NAT_SERVER_INVALID: The NAT server with Easy IP is invalid because its global settings conflict with that of another NAT server on this interface.
Explanation	The NAT Server with Easy IP did not take effect because its global settings conflict with that the global settings of another NAT Server on the same interface.
Recommended action	Modify the NAT Server configuration on the interface. The combination of protocol type, global IP addresses and global ports must be unique for each NAT Server on the same interface.

NAT_SERVICE_CARD_RECOVER_FAILURE

Message text	Pattern 1: Failed to recover the configuration of binding the service card on slot [UINT16] to interface [STRING], because [STRING]. Pattern 2: Failed to recover the configuration of binding the service card on chassis [UINT16] slot [UINT16] to interface [STRING], because [STRING].
Variable fields	Pattern 1: $1: Slot number. $2: Interface name. $3: Reasons why restoring the binding between the service card and the interface fails. Pattern 2: $1: Chassis number. $2: Slot number. $3: Interface name. $4: Reasons why restoring the binding between the service card and the interface fails.
Severity level	4
Example	NAT/4/NAT_SERVICE_CARD_RECOVER_FAILURE: Failed to recover the configuration of binding the service card on chassis 2 slot 3 to interface Ethernet0/0/2, because NAT service is not supported on this service card.
Explanation	Restoring the binding between the service card and the interface failed.
Recommended action	· If the operation fails because the NAT addresses have already been bound to another service card: ¡ Use the display nat all command to check the current configuration. ¡ Specify the same service card for interfaces referencing the same NAT addresses. · Check the service card for hardware problems if the failure is caused by one of the following reasons: ¡ NAT service is not supported on this service card. ¡ The hardware resources are not enough. ¡ Unknown error.

NAT444_SYSLOG

Message text	Failed to allocate port blocks from address group [UINT16].
Variable fields	$1: Address group.
Severity level	6
Example	NAT/6/NAT444_SYSLOG: Failed to allocate port blocks from address group 3.
Explanation	This message is sent when NAT444 port block assignment fails.
Recommended action	No action is required.

PORT_USAGE_ALARM

Message text	Port usage reaches [STRING]%; SrcIPAddr=[IPADDR]; VPNInstance=[STRING]; NATIPAddr=[IPADDR]; ConnectCount=[UINT16].
Variable fields	$1: Percentage. $2: Source IP address. $3: Source VPN instance name. $4: Source IP address after translation. $5: Numbers of ports that are assigned.
Severity level	6
Example	NAT/6/PORT_USAGE_ALARM: Port usage reaches 40%; SrcIPAddr=1.1.1.211; VPNInstance=-; NATIPAddr=16.1.1.198; ConnectCount=40.
Explanation	This message is sent in the following conditions: · The port usage in a port block equals or exceeds the threshold set by the nat log port-block port-usage threshold command. · The Connection-Dependent Mapping mode is applied.
Recommended action	No action is required.

PORTBLOCK_ALARM

Message text	Address group [UINT16]; total port blocks [UINT16]; active port blocks [UINT16]; usage over [UINT16]%.
Variable fields	$1: Address group. $2: Total number of port blocks. $3: Numbers of port blocks that are allocated. $4: Port block usage.
Severity level	6
Example	NAT/6/PORTBLOCK_ALARM: Address group 3; total port blocks 16575; active port blocks 6630; usage over 40%.
Explanation	This message is sent when the port block usage equals or exceeds the threshold set by the nat log port-block usage threshold command.
Recommended action	No action is required.

PORTBLOCKGRP_MEMORY_WARNING

Message text	Insufficient memory caused by excessive public addresses in port block group [UINT16]. Please reconfigure the public address space.
Variable fields	$1: NAT port block group ID.
Severity level	4
Example	NAT/4/PORTBLOCKGRP_MEMORY_WARNING: Insufficient memory caused by excessive public addresses in port block group 1. Please reconfigure the public address space.
Explanation	This message is sent when a public address range in a NAT port block group is too large and causes insufficient memory.
Recommended action	Reconfigure the public address range.

ND messages

This section contains ND messages.

ND_CONFLICT

Message text	[STRING] is inconsistent.
Variable fields	$1: Configuration type: ¡ M_FLAG. ¡ O_FLAG. ¡ CUR_HOP_LIMIT. ¡ REACHABLE TIME. ¡ NS INTERVAL. ¡ MTU. ¡ PREFIX VALID TIME. ¡ PREFIX PREFERRED TIME.
Severity level	6
Example	ND/6/ND_CONFLICT: PREFIX VALID TIME is inconsistent
Explanation	The configuration information in the received router advertisement was not consistent with the configuration on the device. A message is sent if an inconsistency is detected.
Recommended action	Verify that the configurations on the device and the neighboring router are consistent.

ND_DUPADDR

Message text	Duplicate address: [STRING] on the interface [STRING].
Variable fields	$1: IPv6 address that is to be assigned to the interface. $2: Name of the interface.
Severity level	6
Example	ND/6/ND_DUPADDR: Duplicate address: 33::8 on the interface Vlan-interface9.
Explanation	The IPv6 address that was to be assigned to the interface is being used by another device.
Recommended action	Assign another IPv6 address to the interface.

ND_LOCALPROXY_ENABLE_FAILED

Message text	Failed to enable local ND proxy on interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	ND/4/ND_LOCALPROXY_ENABLE_FAILED: -MDC=1-Slot=2; Failed to enable local ND proxy on interface Vlan-interface 1.
Explanation	Failed to enable local ND proxy on an interface on the card.
Recommended action	· Verify that the card supports local ND proxy. · Make sure the device has sufficient hardware resources.

ND_MAC_CHECK

Message text	Packet received on interface [STRING] was dropped because source MAC [STRING] was inconsistent with link-layer address [STRING].
Variable fields	$1: Receiving interface of the ND packet. $2: Source MAC address in the Ethernet frame header of the ND packet. $3: Source link-layer address in the ND packet.
Severity level	6
Example	ND/6/ND_MAC_CHECK: Packet received on interface Ethernet2/0/2 was dropped because source MAC 0002-0002-0001 was inconsistent with link-layer address 0002-0002-0002.
Explanation	The device dropped an ND packet because source MAC consistency check detected that the source MAC address and the source link-layer address in the packet are inconsistent.
Recommended action	Verify the validity of the ND packet originator.

ND_RAGUARD_DROP

Message text	Dropped RA messages with the source IPv6 address [STRING] on interface [STRING]. [STRING] messages dropped in total on the interface.
Variable fields	$1: IPv6 source IP address of the dropped RA messages. $2: Interface name on which the RA messages are dropped. $3: Total number of dropped RA messages on the interface.
Severity level	4
Example	ND/4/ND_RAGUARD_DROP: Dropped RA messages with the source IPv6 address FE80::20 on interface GigabitEthernet1/0/1. 20 RA messages dropped in total on the interface.
Explanation	RA guard dropped RA messages and displayed the information when RA guard detected an attack.
Recommended action	Verify the validity of the RA message originator.

ND_RATE_EXCEEDED

Message text	The ND packet rate ([UINT32] pps) exceeded the rate limit ([UINT32] pps) on interface [STRING] in most recent [UINT32] seconds.
Variable fields	$1: ND packet rate. $2: ND limit rate. $3: Interface name. $4: Interval time.
Severity level	4
Example	ND/4/ND_RATE_EXCEEDED: The ND packet rate (100 pps) exceeded the rate limit (80 pps) on interface GigabitEthernet1/0/1 in most recent 10 seconds.
Explanation	An interface received ND messages at a rate higher than the rate limit.
Recommended action	Verify that the hosts at the sender IP addresses are legitimate.

ND_RATELIMIT_NOTSUPPORT

Message text	Pattern 1: ND packet rate limit is not support on slot [INT32]. Pattern 2: ND packet rate limit is not support on chassis [INT32] slot [INT32].
Variable fields	Pattern 1: $1: Slot number. Pattern 2: $1: Chassis number. $2: Slot number.
Severity level	6
Example	ND/6/ND_RATELIMIT_NOTSUPPORT: ND packet rate limit is not support on slot 2.
Explanation	ND packet rate limit is not supported on the slot.
Recommended action	No action is required.

ND_SET_PORT_TRUST_NORESOURCE

Message text	Not enough resources to complete the operation.
Variable fields	N/A
Severity level	6
Example	ND/6/ND_SET_PORT_TRUST_NORESOURCE: Not enough resources to complete the operation.
Explanation	Failed to execute the command because driver resources were not enough.
Recommended action	Release the driver resources and execute the command again.

ND_SET_VLAN_REDIRECT_NORESOURCE

Message text	Not enough resources to complete the operation.
Variable fields	N/A
Severity level	6
Example	ND/6/ND_VLAN_REDIRECT_NORESOURCE: Not enough resources to complete the operation.
Explanation	Failed to execute the command because driver resources were not enough.
Recommended action	Release the driver resources and execute the command again.

ND_USER_DUPLICATE_IPV6ADDR

Message text	Detected a user IPv6 address conflict. New user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) on interface [STRING] and old user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) on interface [STRING] were using the same IPv6 address [IPV6ADDR].
Variable fields	$1: MAC address of the new user. $2: SVLAN of the new user. $3: CVLAN of the new user. $4: Name of the interface connected to the new user. $5: MAC address of the old user. $6: SVLAN of the old user. $7: CVLAN of the old user. $8: Name of the interface connected to the old user. $9: IPv6 address of the user.
Severity level	6
Example	ND/6/ND_USER_DUPLICATE_IPV6ADDR: Detected a user IPv6 address conflict. New user (MAC 0010-2100-01e1, SVLAN 100, CVLAN 10) on interface GigabitEthernet1/0/1 and old user (MAC 0120-1e00-0102, SVLAN 100, CVLAN 10) on interface GigabitEthernet1/0/1 were using the same IPv6 address 10::1.
Explanation	This message is sent when ND detects an IPv6 address conflict.
Recommended action	Examine IPv6 addresses of all endpoint users, locate the address conflict reason, and take actions to remove the conflict.

ND_USER_MOVE

Message text	Detected a user (IPv6 address [IPV6ADDR], MAC address [STRING]) moved to another interface. Before user move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. After user move: interface [STRING], SVLAN [STRING], CVLAN [STRING].
Variable fields	$1: IPv6 address of the user. $2: MAC address of the user. $3: Interface name before the migration. $4: Old SVLAN of the user. $5: Old CVLAN of the user. $6: Interface name after the migration. $7: New SVLAN of the user. $8: New CVLAN of the user.
Severity level	6
Example	ND/6/ND_USER_MOVE: Detected a user (IPv6 address 10::1, MAC address 0010-2100-01e1) moved to another interface. Before user move: interface GigabitEthernet1/0/1, SVLAN 100, CVLAN 20. After user move: interface GigabitEthernet1/0/2, SVLAN 100, CVLAN 10.
Explanation	This message is sent when ND detects that a user accesses the network through another port.
Recommended action	Execute the display ipv6 nd user-move record command to verify that the migration is valid.

ND_USER_OFFLINE

Message text	Detected a user (IPv6 address [IPV6ADDR], MAC address [STRING]) was offline from interface [STRING].
Variable fields	$1: IPv6 address of the offline user. $2: MAC address of the offline user. $3: Name of the interface connected to the offline user.
Severity level	6
Example	ND/6/ND_USER_OFFLINE: Detected a user (IPv6 address 10::1, MAC address 0010-2100-01e1) was offline from interface GigabitEthernet1/0/1.
Explanation	This message is sent when ND detects a user offline event.
Recommended action	No action is required.

ND_USER_ONLINE

Message text	Detected a user (IPv6 address [IPV6ADDR], MAC address [STRING]) was online on interface [STRING].
Variable fields	$1: IPv6 address of the online user. $2: MAC address of the online user. $3: Name of the interface connected to the online user.
Severity level	6
Example	ND/6/ND_USER_ONLINE: Detected a user (IPv6 address 10::1, MAC address 0010-2100-01e1) was online on interface GigabitEthernet1/0/1.
Explanation	This message is sent when ND detects a user online event.
Recommended action	Verify the validity of the online user.

‌

NETCONF messages

This section contains NETCONF messages.

CLI

Message text	User ([STRING], [STRING][STRING]) performed an CLI operation: [STRING] operation result=[STRING][STRING]
Variable fields	$1: Username or user line type. · If scheme login authentication was performed for the user, this field displays the username. · If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative number. · For a Telnet or SSH user, this field displays the IP address of the user. · For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as CON0. $3: ID of the NETCONF session. This field is not displayed for Web and RESTful sessions. $4: Message ID of the NETCONF request. This field is not displayed for Web and RESTful sessions. $5: Operation result, Succeeded or Failed. $6: Cause for an operation failure. This field is displayed only if the failure is caused by a known reason.
Severity level	6
Example	XMLSOAP/6/CLI: -MDC=1; User (test, 169.254.5.222, session ID=1) performed an CLI operation: message ID=101, operation result=Succeeded.
Explanation	After a CLI command is executed by using NETCONF, the device outputs this message to show the operation result.
Recommended action	No action is required.

EDIT-CONFIG

Message text	User ([STRING], [STRING], session ID [UINT16]) performed an edit-config operation: message ID=[STRING], operation result=Succeeded. Or: User ([STRING], [STRING], session ID [UINT16]) performed an edit-config operation: message ID=[STRING], operation result=Failed. [STRING] Or: User ([STRING], [STRING], session ID [UINT16]) performed an edit-config operation: message ID=[STRING], operation result=Failed, XPath=[STRING], error message=[STRING].
Variable fields	$1: Username or user line type. ¡ If scheme login authentication was performed for the user, this field displays the username. ¡ If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative number. ¡ For a Telnet or SSH user, this field displays the IP address of the user. ¡ For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as CON0. $3: ID of the NETCONF session. $4: Message ID of the NETCONF request. This field is not displayed if the request does not have a message ID. $5: Error information or XPath expression of the erroneous line. ¡ If the verbose keyword was not specified and the error reason was known, this field displays the detailed error information. ¡ If the verbose keyword was specified, this field displays the XPath expression of the erroneous line. $6: Error information. This field is displayed only when the verbose keyword was specified.
Severity level	6
Example	XMLSOAP/6/EDIT-CONFIG: -MDC=1; User (test, 192.168.100.20, session ID 1) performed an edit-config operation: message ID=101, operation result=Succeeded.
Explanation	A NETCONF client deployed settings by using the <edit-config> operation. An <edit-config> operation can contain multiple settings. The device might output multiple log messages at a time.
Recommended action	No action is required.

REPLY

Message text	Sent a NETCONF reply to the client: Session ID=[UINT16], Content=[STRING]. Or: Sent a NETCONF reply to the client: Session ID=[UINT16], Content (partial)=[STRING].
Variable fields	$1: ID of the NETCONF session. Before a session is established, this field displays a hyphen (-). $2: NETCONF packet sent by the device to the NETCONF client.
Severity level	7
Example	XMLSOAP/7/REPLY: -MDC=1; Sent a NETCONF reply to the client: Session ID=2, Content=</env:Body></env:Envelope>.
Explanation	The device sent a NETCONF packet to the NETCONF client to identify the status of NETCONF. If the NETCONF packet contains a lot of contents, the device might output multiple log messages, each with the partial flat.
Recommended action	No action is required.

NETCONF_MSG_DEL

Message text	A NETCONF message was dropped. Reason: Packet size exceeded the upper limit.
Variable fields	None
Severity level	7
Example	NETCONF/7/NETCONF_MSG_DEL: A NETCONF message was dropped. Reason: Packet size exceeded the upper limit.
Explanation	The system dropped a NETCONF request message that was received from a NETCONF over SSH client or at the XML view. The reason is that the message size exceeded the upper limit.
Recommended action	1. Reduce the size of the request message. For example, delete blank spaces, carriage returns, and tab characters. 2. Contact H3C Support to segment the request message and then re-encapsulate the segments before sending them to the device.

ROW-OPERATION

Message text	User ([STRING], [STRING][STRING])[STRING] operation=[STRING] [STRING] [STRING], result=[STRING]. No attributes. Or: User ([STRING], [STRING],[STRING]),[STRING] operation=[STRING] [STRING] [STRING], result=[STRING]. Attributes: [STRING].
Variable fields	$1: Username or user line type. ¡ If scheme login authentication was performed for the user, this field displays the username. ¡ If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative number. ¡ For a Telnet or SSH user, this field displays the IP address of the user. ¡ For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as CON0. $3: ID of the NETCONF session. This field is not displayed if the session does not have a session ID. $4: Message ID of the NETCONF request. This field is not displayed if the request does not have a message ID. $5: Name of a NETCONF row operation. $6: Module name and table name. $7: Index information. If there are multiple indexes, this field uses a comma as the delimiter. This field is displayed only when there are indexes. $8: Operation result, Succeeded or Failed. $9: Attribute column information. This field is displayed only when the operation configures an attribute column.
Severity level	6
Example	XMLSOAP/6/EDIT-CONFIG: User (test, 192.168.100.20, session ID 1), message ID=1, operation=create Ifmgr/Interfaces (IfIndex="GigabitEthernet1/0/1"), result=Succeeded. Attributes: Description="This is Desc1", AdminDown=1, Speed=1.
Explanation	The device outputs this log message for each row operation for an <action> or <edit-config> operation.
Recommended action	No action is required.

THREAD

Message text	Maximum number of NETCONF threads already reached.
Variable fields	N/A
Severity level	3
Example	XMLCFG/3/THREAD: -MDC=1; Maximum number of NETCONF threads already reached.
Explanation	The number of NETCONF threads already reached the upper limit.
Recommended action	Please try again later.

NQA messages

This section contains NQA messages.

NQA_ENTRY_PROBE_RESULT

Message text	Reaction entry [STRING] of NQA entry admin-name [STRING] operation-tag [STRING]: [STRING].
Variable fields	$1: ID of the NQA reaction entry. The value range is 1 to 10. $2: Admin name of the NQA entry. $3: Operation tag of the NQA entry. $4: Test result. The value can be: ¡ Probe-pass: Succeeded. ¡ Probe-fail: Failed.
Severity level	6
Example	NQA/6/NQA_ENTRY_PROBE_RESULT Reaction entry 1 of NQA entry admin-name 1 operation-tag 1: Probe-pass.
Explanation	A change in the monitoring result of an NQA reaction entry was detected.
Recommended action	If the test result is Probe-fail, check the network environment.

NQA_LOG_UNREACHABLE

Message text	Server [STRING] unreachable.
Variable fields	$1: IP address of the NQA server.
Severity level	6
Example	NQA/6/NQA_LOG_UNREACHABLE: Server 192.168.30.117 unreachable.
Explanation	An unreachable server was detected.
Recommended action	Check the network environment.

NQA_PACKET_OVERSIZE

Message text	NQA entry ([STRING]-[STRING]): The payload size exceeds 65503 bytes, and all IPv6 UDP probe packets will be dropped by the NQA server.
Variable fields	$1: Admin name of the NQA operation. $2: Operation tag of the NQA operation.
Severity level	6
Example	NQA/6/NQA_PACKET_OVERSIZE: NQA entry (1-1): The payload size exceeds 65503 bytes, and all IPv6 UDP probe packets will be dropped by the NQA server.
Explanation	A packet oversize warning message was sent when the NQA client attempted to send to an IPv6 NQA server UDP probe packets with the data size exceeding 65503 bytes. The message indicates that the oversized probe packets will be dropped by the NQA server.
Recommended action	Modify the probe packet data size for the NQA operation.

NQA_SCHEDULE_FAILURE

Message text	NQA entry ([ STRING ]- [ STRING ]): Failed to start the scheduled NQA operation because port [ STRING] used by the operation is not available.
Variable fields	$1: Admin name of the NQA operation. $2: Operation tag of the NQA operation. $3: Port number.
Severity level	6
Example	NQA/6/NQA_SCHEDULE_FAILURE: NQA entry (admin-tag): Failed to start the scheduled NQA operation because port 10000 used by the operation is not available.
Explanation	Failed to start a scheduled NQA operation because the port number used by the operation is not available.
Recommended action	Change the port number of the NQA operation or disable the service that uses the port number.

NQA_SERVER_PORT_UNAVAILABLE

Message text	Failed to enable the NQA server because listening port [STRING] is not available.
Variable fields	$1: Port number.
Severity level	6
Example	NQA/6/NQA_SEVER_PORT_UNAVAILABLE: Failed to enable the NQA server because listening port 10000 is not available.
Explanation	Failed to enable the NQA server because the port number specified for the listening service is not available.
Recommended action	Change the port number of the listening service or disable the service that uses the port number.

NQA_SERVER_ADDR_UNAVAILABLE

Message text	Failed to enable the NQA server because the listening service's IP address [STRING] is not available.
Variable fields	$1: IP address of the listening service.
Severity level	6
Example	NQA/6/NQA_SEVER_ADDR_UNAVAILABLE: Failed to enable the NQA server because the listening service's IP address 192.168.10.100 is not available.
Explanation	Failed to enable the NQA server because the listening service's IP address is not specified or the server port that uses the specified IP address is down.
Recommended action	Verify that the IP address specified for the listening service is the IP address of a local interface on the NQA server and that the local interface in up.

NQA_TWAMP_LIGHT_PACKET_INVALID

Message text	NQA TWAMP Light test session [UINT32] index [UINT32]: The number of packets captured for statistics collection is invalid.
Variable fields	$1: Test session ID. $2: Serial number of the statistics data.
Severity level	6
Example	NQA/6/ NQA_TWAMP_LIGHT_PACKET_INVALID: NQA TWAMP Light test session 1 index 7: The number of packets captured for statistics collection is invalid.
Explanation	The number of probe packets was invalid in the TWAMP Light test because the test collection interval was shorter than the packet sending interval.
Recommended action	Verify that the test collection interval is no less than the packet sending interval.

NQA_TWAMP_LIGHT_REACTION

Message text	NQA TWAMP Light test session [UINT32] reaction entry [UINT32]: Detected continual violation of the [STRING] [STRING] threshold for a threshold violation monitor time of [UINT32] ms.
Variable fields	$1: Test session ID. $2: Reaction entry ID. $3: Reaction entry type: · Two-way delay. · Two-way loss. · Two-way jitter. $4: Threshold violation value: · upper—Be equal to or greater than the upper threshold limit. · lower—Be equal to or less than the lower threshold limit. $5: Statistics collection interval.
Severity level	6
Example	NQA/6/NQA_TWAMP_LIGHT_REACTION: NQA TWAMP Light test session 1 reaction entry 1: Detected continual violation of the two-way loss upper threshold for a threshold violation monitor time of 2000 ms.
Explanation	In a TWAMP test, the device monitors the test result, and starts the monitoring time when either of the following conditions is met: · The monitoring result goes beyond the upper threshold limit. · The monitoring result drops below the lower threshold limit from a monitoring result higher than the lower limit. If either condition is always true during the monitoring time, a threshold violation occurs.
Recommended action	No action is required.

NQA_TWAMP_LIGHT_START_FAILURE

Message text	NQA TWAMP Light test session [UINT32]: Failed to start the test session. Please check the parameters.
Variable fields	$1: Test session ID.
Severity level	6
Example	NQAS/6/NQA_TWAMP_LIGHT_START_FAILURE: NQA TWAMP Light test session 1: Failed to start the test session, Please check the parameters.
Explanation	This message is sent when the TWAMP Light responder failed to start the test session. The message asks you to examine the parameter settings.
Recommended action	1. Execete the display this command to examine the parameter settings of the test-session command. 2. Re-execute the test-session command with the required parameters according to your network requirements.

NTP messages

This section contains NTP messages.

NTP_CLOCK_CHANGE

Message text	System clock changed from [STRING] to [STRING], the NTP server's IP address is [STRING].
Variable fields	$1: Time before synchronization. $2: Time after synchronization. $3: IP address.
Severity level	5
Example	NTP/5/NTP_CLOCK_CHANGE: System clock changed from 02:12:58 12/28/2019 to 02:29:12 12/28/2019, the NTP server's IP address is 192.168.30.116.
Explanation	The NTP client has synchronized its time to the NTP server.
Recommended action	No action is required.

NTP_LEAP_CHANGE

Message text	System Leap Indicator changed from [UINT32] to [UINT32] after clock update.
Variable fields	$1: Original Leap Indicator. $2: Current Leap Indicator.
Severity level	5
Example	NTP/5/NTP_LEAP_CHANGE: System Leap Indicator changed from 00 to 01 after clock update.
Explanation	The system Leap Indicator changed. For example, the NTP status changed from unsynchronized to synchronized. NTP Leap Indicator is a two-bit code warning of an impending leap second to be inserted in the NTP timescale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rolloverinterval) in the day of insertion to be increased or decreased by one.
Recommended action	No action is required.

NTP_SOURCE_CHANGE

Message text	NTP server's IP address changed from [STRING] to [STRING].
Variable fields	$1: IP address of the original time source. $2: IP address of the new time source.
Severity level	5
Example	NTP/5/NTP_SOURCE_CHANGE: NTP server's IP address changed from 1.1.1.1 to 1.1.1.2.
Explanation	The system changed the time source.
Recommended action	No action is required.

NTP_SOURCE_LOST

Message text	Lost synchronization with NTP server with IP address [STRING].
Variable fields	$1: IP address.
Severity level	5
Example	NTP/5/NTP_SOURCE_LOST: Lost synchronization with NTP server with IP address 1.1.1.1.
Explanation	The clock source of the NTP association is in unsynchronized state or it is unreachable.
Recommended action	1. Verify the NTP server and network connection. 2. For NTP server failures: ¡ Use the ntp-service unicast-server command to specify a new NTP server. ¡ Use the ntp-service multicast-client command to configure the device to operate in NTP multicast client mode and receive NTP multicast packets from a new NTP server. 3. If the problem persists, contract H3C Support.

NTP_STRATUM_CHANGE

Message text	System stratum changed from [UINT32] to [UINT32] after clock update.
Variable fields	$1: Original stratum. $2: Current stratum.
Severity level	5
Example	NTP/5/NTP_STRATUM_CHANGE: System stratum changed from 6 to 5 after clock update.
Explanation	System stratum has changed.
Recommended action	No action is required.

OPTMOD messages

This section contains transceiver module messages.

BIAS_HIGH

Message text	[STRING]: Bias current is high.
Variable fields	$1: Interface type and number.
Severity level	2
Example	OPTMOD/2/BIAS_HIGH: GigabitEthernet1/0/1: Bias current is high.
Explanation	The bias current of the transceiver module exceeded the high threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the bias current of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high bias current alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

BIAS_LOW

Message text	[STRING]: Bias current is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/BIAS_LOW: GigabitEthernet1/0/1: Bias current is low.
Explanation	The bias current of the transceiver module went below the low threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the bias current of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low bias current alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

BIAS_NORMAL

Message text	[STRING]: Bias current is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/BIAS_NORMAL: GigabitEthernet1/0/1: Bias current is normal.
Explanation	The bias current of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

CFG_ERR

Message text	[STRING]: Transceiver type and port configuration mismatched.
Variable fields	$1: Interface type and number.
Severity level	3
Example	OPTMOD/3/CFG_ERR: GigabitEthernet1/0/1: Transceiver type and port configuration mismatched.
Explanation	The transceiver module type does not match the port configurations.
Recommended action	Check for the transceiver module type and the current port configurations. If they mismatch, replace the transceiver module or update the port configurations.

CHKSUM_ERR

Message text	[STRING]: Transceiver information checksum error.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/CHKSUM_ERR: GigabitEthernet1/0/1: Transceiver information checksum error .
Explanation	Checksum verification on the register information on the transceiver module failed.
Recommended action	Replace the transceiver module, or contact H3C Support.

FIBER_SFP MODULE_INVALID

Message text	[STRING]: This transceiver module is not compatible with the interface card. HP does not guarantee the correct operation of the transceiver module. The transceiver module will be invalidated in [UINT32] days. Please replace it with a compatible one as soon as possible.
Variable fields	$1: Interface type and number. $2: Number of days that the transceiver module will be invalid.
Severity level	4
Example	OPTMOD/4/FIBER_SFPMODULE_INVALID: GigabitEthernet1/0/1: This transceiver module is not compatible with the interface card. HP does not guarantee the correct operation of the transceiver module. The transceiver module will be invalidated in 3 days. Please replace it with a compatible one as soon as possible.
Explanation	The transceiver module is not compatible with the interface card.
Recommended action	Replace the transceiver module.

FIBER_SFPMODULE_NOWINVALID

Message text	[STRING]: This is not a supported transceiver for this platform. HP does not guarantee the normal operation or maintenance of unsupported transceivers. Please review the platform datasheet on the HP web site or contact your HP sales rep for a list of supported transceivers.
Variable fields	$1: Interface type and number.
Severity level	4
Example	OPTMOD/4/FIBER_SFPMODULE_NOWINVALID: GigabitEthernet1/0/1: This is not a supported transceiver for this platform. HP does not guarantee the normal operation or maintenance of unsupported transceivers. Please review the platform datasheet on the HP web site or contact your HP sales rep for a list of supported transceivers.
Explanation	The system does not support the transceiver module.
Recommended action	Replace the transceiver module.

IO_ERR

Message text	[STRING]: The transceiver information I/O failed.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/IO_ERR: GigabitEthernet1/0/1: The transceiver information I/O failed.
Explanation	The device failed to access the register information of the transceiver module.
Recommended action	Execute the display transceiver diagnosis interface and display transceiver alarm interface commands. If both commands fail to be executed, the transceiver module is faulty. Replace the transceiver module.

MOD_ALM_OFF

Message text	[STRING]: [STRING] was removed.
Variable fields	$1: Interface type and number. $2: Fault type.
Severity level	5
Example	OPTMOD/5/MOD_ALM_OFF: GigabitEthernet1/0/1: Module_not_ready was removed..
Explanation	A fault was removed from the transceiver module.
Recommended action	No action is required.

MOD_ALM_ON

Message text	[STRING]: [STRING] was detected.
Variable fields	$1: Interface type and number. $2: Fault type.
Severity level	5
Example	OPTMOD/5/MOD_ALM_ON: GigabitEthernet1/0/1: Module_not_ready wasdetected.
Explanation	A fault was detected on the transceiver module.
Recommended action	1. Execute the display transceive alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module.

MODULE_IN

Message text	[STRING]: The transceiver is [STRING].
Variable fields	$1: Interface type and number. $2: Type of the transceiver module.
Severity level	4
Example	OPTMOD/4/MODULE_IN: GigabitEthernet1/0/1: The transceiver is 1000_BASE_T_AN_SFP.
Explanation	When a transceiver module is inserted, the OPTMOD module generates the message to display the transceiver module type.
Recommended action	No action is required.

MODULE_OUT

Message text	[STRING]: Transceiver absent.
Variable fields	$1: Interface type and number.
Severity level	4
Example	OPTMOD/4/MODULE_OUT: GigabitEthernet1/0/1: The transceiver is absent.
Explanation	The transceiver module was removed.
Recommended action	No action is required.

OPTICAL_WARNING_CLEAR

Message text	Transceiver warning alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location. $4: Error code. $5: Reason for the fault.
Severity level	4
Example	OPTMOD/4/OPTICAL_WARNING_CLEAR: Transceiver warning alarm cleared. (PhysicalIndex=8833, PhysicalName=HGE1/3/0/7, RelativeResource=1/3/0, ErrorCode=600060, Reason=Transceiver RXCDR_unlock detected. Lane = 1.)
Explanation	A warning alarm for the specified transceiver module was cleared.
Recommended action	No action is required.

OPTICAL_WARNING_OCCUR

Message text	Transceiver warning alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location. $4: Error code. $5: Reason for the fault.
Severity level	4
Example	OPTMOD/4/OPTICAL_WARNING_OCCUR: Transceiver warning alarm occurred. (PhysicalIndex=8833, PhysicalName=HGE1/3/0/7, RelativeResource=1/3/0, ErrorCode=600060, Reason=Transceiver RXCDR_unlock detected. Lane = 1.)
Explanation	A warning alarm occurred for the specified transceiver module.
Recommended action	1. Ensure secure connection between the transceiver module and optical fiber. 2. Remove and reinstalled transceiver into the port. 3. Make sure the card is operating correctly. 4. Resolve the issue based on the error code. 5. If the issue persists, contact the technical support.

OPTMOD_COUNTERFEIT_MOUDULE

Message text	The following might be counterfeited H3C transceivers. Please contact the supplier to verify their authenticity. H3C reserves the right to pursue legal actions. [STRING]: Transceiver type [STRING], SN [STRING].
Variable fields	$1: Interface type and number. $2: Transceiver type. $3: Transceiver sequence number.
Severity level	3
Example	OPTMOD/3/OPTMOD_COUNTERFEIT_MODULE: The following might be counterfeited H3C transceivers. Please contact the supplier to verify their authenticity. H3C reserves the right to pursue legal actions. GigabitEthernet1/0/1: Transceiver type 1000_BASE_SX_SFP, SN 2013AYU0711103. GigabitEthernet1/0/2: Transceiver type 1000_BASE_SX_SFP, SN 2013AYU0711103.
Explanation	This log is generated when a probably counterfeited H3C transceiver module is detected. For a counterfeit H3C transceiver module, you cannot obtain any data from the display transceiver diagnosis command.
Recommended action	Contact Technical Support.

OPTMOD_MODULE_CHECK

Message text	An H3C transceiver is detected. Please go to the website www.h3c.com to verify its authenticity.
Variable fields	N/A
Severity level	6
Example	OPTMOD/6/OPTMOD_MODULE_CHECK: An H3C transceiver is detected. Please go to the website www.h3c.com to verify its authenticity.
Explanation	The log is generated when an H3C transceiver module is detected. It reminds the user to verify the authenticity of the transceiver module from the H3C website (www.h3c.com).
Recommended action	No action is required.

PHONY_MODULE

Message text	[STRING]: A non-H3C transceiver is detected. Please confirm the label of the transceiver. If there is an H3C Logo, it is suspected to be a counterfeit H3C transceiver. This transceiver is NOT sold by H3C.H3C therefore shall NOT guarantee the normal function of the device or assume the maintenance responsibility thereof!
Variable fields	$1: Interface type and number.
Severity level	4
Example	OPTMOD/4/PHONY_MODULE: GigabitEthernet1/0/1: A non-H3C transceiver is detected. Please confirm the label of the transceiver. If there is an H3C Logo, it is suspected to be a counterfeit H3C transceiver. This transceiver is NOT sold by H3C.H3C therefore shall NOT guarantee the normal function of the device or assume the maintenance responsibility thereof!
Explanation	This log is generated when a non-H3C transceiver module is detected.
Recommended action	Purchase and use genuine H3C transceiver modules for the device.

RX_ALM_OFF

Message text	STRING]: [STRING] was removed.
Variable fields	$1: Interface type and number. $2: RX fault type.
Severity level	5
Example	OPTMOD/5/RX_ALM_OFF: GigabitEthernet1/0/1: RX_not_ready was removed.
Explanation	An RX fault was removed from the transceiver module.
Recommended action	No action is required.

RX_ALM_ON

Message text	[STRING]: [STRING] was detected.
Variable fields	$1: Interface type and number. $2: RX fault type.
Severity level	5
Example	OPTMOD/5/RX_ALM_ON: GigabitEthernet1/0/1: RX_not_ready was detected.
Explanation	An RX fault was detected on the transceiver module.
Recommended action	1. Execute the display transceiver alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module.

RX_POW_HIGH

Message text	[STRING]: RX power is high.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/RX_POW_HIGH: GigabitEthernet1/0/1: RX power is high.
Explanation	The RX power of the transceiver module exceeded the high threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the RX power of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high RX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

RX_POW_LOW

Message text	[STRING]: RX power is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/RX_POW_LOW: GigabitEthernet1/0/1: RX power is low.
Explanation	The RX power of the transceiver module went below the low threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the RX power of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low RX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

RX_POW_NORMAL

Message text	[STRING]: RX power is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/RX_POW_NORMAL: GigabitEthernet1/0/1: RX power is normal.
Explanation	The RX power of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

TEMP_HIGH

Message text	[STRING]: Temperature is high.
Variable fields	$1: Interface type and number
Severity level	5
Example	OPTMOD/5/TEMP_HIGH: GigabitEthernet1/0/1: Temperature is high.
Explanation	The temperature of the transceiver module exceeded the high threshold.
Recommended action	1. Verify that the fan trays are operating correctly. ¡ If there are no fan trays, install fan trays. ¡ If the fan trays fail, replace the fan trays. 2. Verify that the ambient temperature is in the acceptable range. If it is out of the acceptable range, take measures to lower the temperature. 3. Replace the transceiver module.

TEMP_LOW

Message text	[STRING]: Temperature is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TEMP_LOW: GigabitEthernet1/0/1: Temperature is low.
Explanation	The temperature of the transceiver module went below the low threshold.
Recommended action	1. Verify that the ambient temperature is in the acceptable range. If it is out of the acceptable range, take measures to raise the temperature. 2. Replace the transceiver module.

TEMP_NORMAL

Message text	[STRING]: Temperature is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TEMP_NORMAL: GigabitEthernet1/0/1: Temperature is normal.
Explanation	The temperature of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

TX_ALM_OFF

Message text	[STRING]: [STRING] was removed.
Variable fields	$1: Interface type and number. $2: TX fault type.
Severity level	5
Example	OPTMOD/5/TX_ALM_OFF: GigabitEthernet1/0/1: TX_fault was removed.
Explanation	A TX fault was removed from the transceiver module.
Recommended action	No action is required.

TX_ALM_ON

Message text	[STRING]: [STRING] was detected.
Variable fields	$1: Interface type and number. $2: TX fault type.
Severity level	5
Example	OPTMOD/5/TX_ALM_ON: GigabitEthernet1/0/1: TX_fault was detected.
Explanation	A TX fault was detected on the transceiver module.
Recommended action	1. Execute the display transceiver alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module.

TX_POW_HIGH

Message text	[STRING]: TX power is high.
Variable fields	$1: Interface type and number.
Severity level	2
Example	OPTMOD/2/TX_POW_HIGH: GigabitEthernet1/0/1: TX power is high.
Explanation	The TX power of the transceiver module exceeded the high threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the TX power of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high TX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

TX_POW_LOW

Message text	[STRING]: TX power is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TX_POW_LOW: GigabitEthernet1/0/1: TX power is low.
Explanation	The TX power of the transceiver module went below the low threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the TX power of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low TX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

TX_POW_NORMAL

Message text	[STRING]: TX power is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TX_POW_NORMAL: GigabitEthernet1/0/1: TX power is normal.
Explanation	The TX power of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

TYPE_ERR

Message text	[STRING]: The transceiver type is not supported by port hardware.
Variable fields	$1: Interface type and number.
Severity level	3
Example	OPTMOD/3/TYPE_ERR: GigabitEthernet1/0/1: The transceiver type is not supported by port hardware.
Explanation	The transceiver module is not supported by the port.
Recommended action	Replace the transceiver module.

VOLT_HIGH

Message text	[STRING]: Voltage is high.
Variable fields	$1: Interface type and number
Severity level	5
Example	OPTMOD/5/VOLT_HIGH: GigabitEthernet1/0/1: Voltage is high.
Explanation	The voltage of the transceiver module exceeded the high threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the voltage of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high voltage alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

VOLT_LOW

Message text	[STRING]: Voltage is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/VOLT_LOW: GigabitEthernet1/0/1: Voltage is low.
Explanation	The voltage of the transceiver module went below the low threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the voltage of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low voltage alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

VOLT_NORMAL

Message text	[STRING]: Voltage is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/VOLT_NORMAL: GigabitEthernet1/0/1: Voltage is normal.
Explanation	The voltage of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

OSPF messages

This section contains OSPF messages.

OSPF_DUP_RTRID_NBR

Message text	OSPF [UINT16] Duplicate router ID [STRING] on interface [STRING], sourced from IP address [IPADDR].
Variable fields	$1: OSPF process ID. $2: Router ID. $3: Interface name. $4: IP address.
Severity level	6
Example	OSPF/6/OSPF_DUP_RTRID_NBR: OSPF 1 Duplicate router ID 11.11.11.11 on interface GigabitEthernet0/0/3, sourced from IP address 11.2.2.2.
Explanation	Two directly connected devices were configured with the same router ID.
Recommended action	Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

OSPF_IP_CONFLICT_INTRA

Message text	OSPF [UINT16] Received newer self-originated network-LSAs. Possible conflict of IP address [IPADDR] in area [STRING] on interface [STRING].
Variable fields	$1: OSPF process ID. $2: IP address. $3: OSPF area ID. $4: Interface name.
Severity level	6
Example	OSPF/6/OSPF_IP_CONFLICT_INTRA: OSPF 1 Received newer self-originated network-LSAs. Possible conflict of IP address 11.1.1.1 in area 0.0.0.1 on interface GigabitEthernet0/0/3.
Explanation	The interfaces on two devices in the same OSPF area might have the same primary IP address. At least one of the devices is a DR.
Recommended action	Modify IP address configuration after you make sure no router ID conflict occurs in the same OSPF area.

OSPF_LAST_NBR_DOWN

Message text	OSPF [UINT32] Last neighbor down event: Router ID: [STRING] Local address: [STRING] Remote address: [STRING] Reason: [STRING]
Variable fields	$1: OSPF process ID. $2: Router ID. $3: Local IP address. $4: Neighbor IP address. $5: Reason.
Severity level	6
Example	OSPF/6/OSPF_LAST_NBR_DOWN: OSPF 1 Last neighbor down event: Router ID: 2.2.2.2 Local address: 10.1.1.1 Remote address: 10.1.1.2 Reason: Dead Interval timer expired.
Explanation	The device records the OSPF neighbor down event caused by a specific reason.
Recommended action	· When a down event occurred because of configuration changes (for example, interface parameter changes), check for the configuration errors. · When a down event occurred because of dead interval expiration, check for the dead interval configuration error and loss of network connectivity. · When a down event occurred because of BFD session down, check for the BFD detection time configuration error and loss of network connectivity. · When a down event occurred because of interface status changes, check for loss of network connectivity.

OSPF_MEM_ALERT

Message text	OSPF Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	OSPF/5/OSPF_MEM_ALERT: OSPF Process received system memory alert start event.
Explanation	OSPF received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

OSPF_NBR_CHG

Message text	OSPF [UINT32] Neighbor [STRING] ([STRING]) changed from [STRING] to [STRING]
Variable fields	$1: OSPF process ID. $2: Neighbor router ID. $3: Interface name. $4: Old adjacency state. $5: New adjacency state.
Severity level	5
Example	OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 2.2.2.2 (Vlan-interface100) changed from Full to Down.
Explanation	The OSPF adjacency state changed on an interface.
Recommended action	When the adjacency with a neighbor changes from Full to another state on an interface, check for OSPF configuration errors and loss of network connectivity.

OSPF_RT_LMT

Message text	OSPF [UINT32] route limit reached.
Variable fields	$1: OSPF process ID.
Severity level	4
Example	OSPF/4/OSPF_RT_LMT: OSPF 1 route limit reached.
Explanation	The number of routes of an OSPF process reached the upper limit.
Recommended action	1. Check for network attacks. 2. Reduce the number of routes.

OSPF_RTRID_CHG

Message text	OSPF [UINT32] New router ID elected, please restart OSPF if you want to make the new router ID take effect.
Variable fields	$1: OSPF process ID.
Severity level	5
Example	OSPF/5/OSPF_RTRID_CHG: OSPF 1 New router ID elected, please restart OSPF if you want to make the new router ID take effect.
Explanation	The OSPF router ID was changed because the user had changed the router ID or the interface IP address used as the router ID had changed.
Recommended action	Use the reset ospf process command to make the new router ID take effect.

OSPF_RTRID_CONFLICT_INTER

Message text	OSPF [UINT16] Received newer self-originated ase-LSAs. Possible conflict of router ID [STRING].
Variable fields	$1: OSPF process ID. $2: Router ID.
Severity level	6
Example	OSPF/6/OSPF_RTRID_CONFILICT_INTER: OSPF 1 Received newer self-originated ase-LSAs. Possible conflict of router ID 11.11.11.11.
Explanation	Two indirectly connected devices in the same OSPF area might have the same router ID. One of the devices is an ASBR.
Recommended action	Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

OSPF_RTRID_CONFLICT_INTRA

Message text	OSPF [UINT16] Received newer self-originated router-LSAs. Possible conflict of router ID [STRING] in area [STRING].
Variable fields	$1: OSPF process ID. $2: Router ID. $3: OSPF area ID.
Severity level	6
Example	OSPF/6/OSPF_RTRID_CONFLICT_INTRA: OSPF 1 Received newer self-originated router-LSAs. Possible conflict of router ID 11.11.11.11 in area 0.0.0.1.
Explanation	Two indirectly connected devices in the same OSPF area might have the same router ID.
Recommended action	Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

OSPF_VLINKID_CHG

Message text	OSPF [UINT32] Router ID changed, reconfigure Vlink on peer
Variable fields	$1: OSPF process ID.
Severity level	5
Example	OSPF/5/OSPF_VLINKID_CHG:OSPF 1 Router ID changed, reconfigure Vlink on peer
Explanation	A new OSPF router ID takes effect.
Recommended action	Check and modify the virtual link configuration on the peer router to match the new router ID.

PBR messages

This section contains PBR messages.

PBR_HARDWARE_ERROR

Message text	Failed to update policy [STRING] due to [STRING].
Variable fields	$1: Policy name. $2: Hardware error reasons: · insufficient hardware resources. · unsupported operations. · insufficient hardware resources and unsupported operations.
Severity level	4
Example	PBR/4/PBR_HARDWARE_ERROR: Failed to update policy aaa due to insufficient hardware resources and not supported operations.
Explanation	The device failed to update PBR configuration.
Recommended action	Modify the PBR policy configuration according to the failure reason.

PFILTER messages

This section contains PFILTER messages.

PFILTER_APPLY_REPEAT

Message text	[STRING] ACL [STRING] applied to the [STRING] direction of [STRING] is deleted, because the same ACL has been applied.
Variable fields	$1: ACL type. $2: ACL number or name. $3: Traffic direction. $4: Destination to which packet filter applies.
Severity level	5
Example	PFILTER/5/PFILTER_APPLY_REPEAT: IPv4 ACL aa applied to the inbound direction of interface GigabitEthernet 0/0/1 is deleted, because the same ACL has been applied.
Explanation	On the same direction of a destination, you can configure two ACL-based packet filters. One references the ACL number of an nonexisting ACL, and the other references the ACL name of an nonexisting ACL. This message is sent when you create one ACL by using the ACL number and ACL name of the ACLs used in the packet filters. The packet filter configured later is deleted.
Recommended action	On the same direction of a destination, you can configure two ACL-based packet filters. One references the ACL number of an nonexisting ACL, and the other references the ACL name of an nonexisting ACL. In this case, do not used the ACL number and ACL name of the ACLs used in the packet filters to create one ACL.

PFILTER_GLB_RES_CONFLICT

Message text	Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction globally. [STRING] ACL [UINT] has already been applied globally.
Variable fields	$1: ACL type. $2: ACL number. $3: Traffic direction. $4: ACL type. $5: ACL number.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction globally. IPv6 ACL 3000 has already been applied globally.
Explanation	The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction globally. · Updating the ACL applied to a specific direction globally.
Recommended action	Remove the ACL of the same type.

PFILTER_GLB_IPV4_DACT_NO_RES

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction globally. · Updating the IPv4 default action applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_IPV4_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction globally.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv4 default action to a specific direction globally. · Updating the IPv4 default action applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_GLB_IPV6_DACT_NO_RES

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction globally. · Updating the IPv6 default action applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_IPV6_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction globally.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction globally. · Updating the IPv6 default action applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_GLB_MAC_DACT_NO_RES

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction globally. · Updating the MAC default action applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_MAC_DACT_UNK_ERR

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction globally.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction globally. · Updating the MAC default action applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_GLB_NO_RES

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_NOT_SUPPORT

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. The ACL is not supported.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_NOT_SUPPORT: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. The ACL is not supported.
Explanation	The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally.
Recommended action	Verify the ACL configuration and remove the settings that are not supported.

PFILTER_GLB_UNK_ERR

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_UNK_ERR: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_IF_IPV4_DACT_NO_RES

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction of an interface. · Updating the IPv4 default action applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_IPV4_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of interface [STRING].
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions because an unknown error: · Applying the IPv4 default action to a specific direction of an interface. · Updating the IPv4 default action applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IF_IPV6_DACT_NO_RES

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction of an interface. · Updating the IPv6 default action applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_IPV6_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of interface [STRING].
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction of an interface. · Updating the IPv6 default action applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IF_MAC_DACT_NO_RES

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction of an interface. · Updating the MAC default action applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_MAC_DACT_UNK_ERR

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of interface [STRING].
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction of an interface. · Updating the MAC default action applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IF_NO_RES

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_NOT_SUPPORT

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. The ACL is not supported.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_NOT_SUPPORT: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2. The ACL is not supported.
Explanation	The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface.
Recommended action	Verify the ACL configuration and remove the settings that are not supported.

PFILTER_IF_RES_CONFLICT

Message text	Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction of interface [STRING]. [STRING] ACL [UINT] has already been applied to the interface.
Variable fields	$1: ACL type. $2: ACL number. $3: Traffic direction. $4: Interface name. $5: ACL type. $6: ACL number.
Severity level	3
Example	PFILTER/3/PFILTER_IF_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction of interface Ethernet 3/1/2. IPv6 ACL 3000 has already been applied to the interface.
Explanation	The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction of an interface. · Updating the ACL applied to a specific direction of an interface.
Recommended action	Remove the ACL of the same type.

PFILTER_IF_UNK_ERR

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING].
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_UNK_ERR: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IPV4_FLOW_INFO

Message text	ACL [STRING] [STRING] [STRING] rule [STRING] [STRING]
Variable fields	$1: ACL number or name. $2: Traffic direction. $3: Destination to which packet filter applies. $4: ID and content of an ACL rule. $5: Information about the first packet of a flow that matches the rule.
Severity level	6
Example	PFILTER/6/PFILTER_IPV4_FLOW_INFO: ACL 3000 inbound Ethernet 3/1/2 rule 0 permit tcp 192.168.1.1(1024) -> 192.168.5.1(1024).
Explanation	This message is sent when the first packet of a flow matches an IPv4 advanced ACL rule for packet filtering. The rule has been configured with the flow-logging keyword.
Recommended action	No action is required.

PFILTER_IPV4_FLOW_STATIS

Message text	ACL [STRING] [STRING] rule [STRING] [STRING], [UINT64] packet(s).
Variable fields	$1: ACL number or name. $2: Traffic direction. $3: ID and content of an ACL rule. $4: Information about the first packet of a flow that matched the rule. $5: Number of packets that match the rule.
Severity level	6
Example	PFILTER/6/PFILTER_IPV4_FLOWLOG_STATIS: ACL 3000 inbound rule 0 permit icmp 192.168.1.1(1024) -> 192.168.5.1(1024), 1000 packets.
Explanation	This message is sent at the logging interval. The rule has been configured with the flow-logging keyword.
Recommended action	No action is required.

PFILTER_IPV6_FLOW_INFO

Message text	IPv6 ACL [STRING] [STRING] [STRING] rule [STRING] [STRING]
Variable fields	$1: ACL number or name. $2: Traffic direction. $3: Destination to which packet filter applies. $4: ID and content of an ACL rule. $5: Information about the first packet of a flow that matches the rule.
Severity level	6
Example	PFILTER/6/PFILTER_IPV6_FLOW_INFO: IPv6 ACL 3000 inbound Ethernet 3/1/2 rule 0 permit tcp 0:1020::200:0(0)->0:720::200:0(0).
Explanation	This message is sent when the first packet of a flow matches an IPv6 advanced ACL rule applied for packet filtering. The rule has been configured with the flow-logging keyword.
Recommended action	No action is required.

PFILTER_IPV6_FLOW_STATIS

Message text	IPv6 ACL [STRING] [STRING] rule [STRING] [STRING], [UINT64] packet(s).
Variable fields	$1: ACL number or name. $2: Traffic direction. $3: ID and content of an ACL rule. $4: Information about the first packet of a flow that matched the rule. $5: Number of packets that match the rule.
Severity level	6
Example	PFILTER/6/PFILTER_IPV6_FLOWLOG_STATIS: IPv6 ACL 3000 rule 0 permit icmpv6 0:1020::200:0(0)->0:720::200:0(0), 1000 packets.
Explanation	This message is sent at the logging interval. The rule has been configured with the flow-logging keyword.
Recommended action	No action is required.

PFILTER_IPV6_STATIS_INFO

Message text	[STRING] ([STRING]): Packet-filter IPv6 [UINT32] [STRING] [STRING] [UINT64] packet(s).
Variable fields	$1: Destination to which packet filter applies. $2: Traffic direction. $3: ACL number. $4: ID and content of an ACL rule. $5: Number of packets that matched the rule.
Severity level	6
Example	PFILTER/6/PFILTER_IPV6_STATIS_INFO: Ethernet0/4/0 (inbound): Packet-filter IPv6 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s).
Explanation	The number of packets matching the packet-filter IPv6 ACL rule changed.
Recommended action	No action is required.

PFILTER_MAC_FLOW_INFO

Message text	MAC ACL [STRING] [STRING] [STRING] rule [STRING] [STRING]
Variable fields	$1: ACL number or name. $2: Traffic direction. $3: Destination to which packet filter applies. $4: ID and content of an ACL rule. $5: Information about the first packet that matches the rule.
Severity level	6
Example	PFILTER/6/PFILTER_MAC_FLOW_INFO: MAC ACL 4000 inbound Ethernet 3/1/2 rule 0 permit 0800-2700-9000 -> 0CDA-411D-0676.
Explanation	This message is sent when the first packet matches an Layer 2 ACL rule for packet filtering.
Recommended action	No action is required.

PFILTER_STATIS_INFO

Message text	[STRING] ([STRING]): Packet-filter [UINT32] [STRING] [UINT64] packet(s).
Variable fields	$1: Destination to which packet filter applies. $2: Traffic direction. $3: ACL number. $4: ID and content of an ACL rule. $5: Number of packets that matched the rule.
Severity level	6
Example	PFILTER/6/PFILTER_STATIS_INFO: Ethernet0/4/0 (inbound): Packet-filter 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).
Explanation	The number of packets matching the packet-filter IPv4 ACL rule changed.
Recommended action	No action is required.

PFILTER_VLAN_IPV4_DACT_NO_RES

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction of a VLAN. · Updating the IPv4 default action applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_IPV4_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv4 default action to a specific direction of a VLAN. · Updating the IPv4 default action applied to a specific direction of a VLAN.
Recommended action	No action is required.

PFILTER_VLAN_IPV6_DACT_NO_RES

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction of a VLAN. · Updating the IPv6 default action applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_IPV6_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction of a VLAN. · Updating the IPv6 default action applied to a specific direction of a VLAN.
Recommended action	No action is required.

PFILTER_VLAN_MAC_DACT_NO_RES

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction of a VLAN. · Updating the MAC default action applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_MAC_DACT_UNK_ERR

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction of a VLAN. · Updating the MAC default action applied to a specific direction of a VLAN.
Recommended action	No action is required.

PFILTER_VLAN_NO_RES

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_NOT_SUPPORT

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. The ACL is not supported.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_NOT_SUPPORT: Failed to apply or refresh ACL 2000 rule 1 to the inbound direction of VLAN 1. The ACL is not supported.
Explanation	The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN.
Recommended action	Verify the ACL configuration and remove the settings that are not supported.

PFILTER_VLAN_RES_CONFLICT

Message text	Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction of VLAN [UINT16]. [STRING] ACL [UINT] has already been applied to the VLAN.
Variable fields	$1: ACL type. $2: ACL number. $3: Traffic direction. $4: VLAN ID. $5: ACL type. $6: ACL number.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction of VLAN 1. IPv6 ACL 3000 has already been applied to the VLAN.
Explanation	The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction of a VLAN. · Updating the ACL applied to a specific direction of a VLAN.
Recommended action	Remove the ACL of the same type.

PFILTER_VLAN_UNK_ERR

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_UNK_ERR: Failed to apply or refresh ACL 2000 rule 1 to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN.
Recommended action	No action is required.

PING messages

This section contains ping messages.

PING_STATISTICS

Message text	[STRING] statistics for [STRING]: [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms.
Variable fields	$1: Ping or ping6. $2: IP address, IPv6 address, or host name for the destination. $3: Number of sent echo requests. $4: Number of received echo replies. $5: Percentage of the non-replied packets to the total request packets. $6: Minimum round-trip delay. $7: Average round-trip delay. $8: Maximum round-trip delay. $9: Standard deviation round-trip delay.
Severity level	6
Example	PING/6/PING_STATISTICS: Ping statistics for 192.168.0.115: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms.
Explanation	A user uses the ping command to identify whether a destination in the public network is reachable.
Recommended action	If there is no packet received, identify whether the interface is down.

PING_VPN_STATISTICS

Message text	[STRING] statistics for [STRING] in VPN instance [STRING] : [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms.
Variable fields	$1: Ping or ping6. $2: IP address, IPv6 address, or host name for the destination. $3: VPN instance name. $4: Number of sent echo requests. $5: Number of received echo replies. $6: Percentage of the non-replied packets to the total request packets. $7: Minimum round-trip delay. $8: Average round-trip delay. $9: Maximum round-trip delay. $10: Standard deviation round-trip delay.
Severity level	6
Example	PING/6/PING_VPN_STATISTICS: Ping statistics for 192.168.0.115 in VPN instance vpn1: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms.
Explanation	A user uses the ping command to identify whether a destination in a private network is reachable.
Recommended action	If there is no packet received, identify whether the interface is down and identify whether a valid route exists in the routing table.

PKG messages

This section contains package management messages.

PKG_BOOTLOADER_FILE_FAILED

Message text	Failed to execute the boot-loader file command.
Variable fields	None
Severity level	5
Example	PKG/5/PKG_BOOTLOADER_FILE_FAILED: -IPAddr=192.168.79.1-User=**; Failed to execute the boot-loader file command.
Explanation	A user executed the boot-loader file command, but the command failed.
Recommended action	Take actions as prompted by the command.

PKG_BOOTLOADER_FILE_SUCCESS

Message text	Executed the boot-loader file command successfully.
Variable fields	· None
Severity level	5
Example	PKG/5/PKG_BOOTLOADER_FILE_SUCCESS: -IPAddr=192.168.79.1-User=**; Executed the boot-loader file command successfully.
Explanation	A user executed the boot-loader file command successfully.
Recommended action	No action is required.

PKG_INSTALL_ACTIVATE_FAILED

Message text	Failed to execute the install activate command.
Variable fields	None
Severity level	5
Example	PKG/5/PKG_INSTALL_ACTIVATE_FAILED: -IPAddr=192.168.79.1-User=**; Failed to execute the install activate command.
Explanation	A user executed the install activate command, but the command failed.
Recommended action	Take actions as prompted by the command.

PKG_INSTALL_ACTIVATE_SUCCESS

Message text	Executed the install activate command successfully.
Variable fields	· None
Severity level	5
Example	PKG/5/PKG_INSTALL_ACTIVATE_SUCCESS: -IPAddr=192.168.79.1-User=**; Executed the install activate command successfully.
Explanation	A user executed the install activate command successfully.
Recommended action	No action is required.

PKI messages

This section contains PKI messages.

REQUEST_CERT_FAIL

Message text	Failed to request [STRING] certificate of domain [STRING].
Variable fields	$1: Certificate usage. $2: PKI domain name.
Severity level	5
Example	PKI/5/REQUEST_CERT_FAIL: Failed to request general certificate of domain abc.
Explanation	Failed to request a certificate for a PKI domain.
Recommended action	Check the configuration of the device and CA server, and the network between them.

‌

REQUEST_CERT_SUCCESS

Message text	Request [STRING] certificate of domain [STRING] successfully.
Variable fields	$1: Certificate usage. $2: PKI domain name.
Severity level	5
Example	PKI/5/REQUEST_CERT_SUCCESS: Request general certificate of domain abc successfully.
Explanation	A certificate was successfully requested for a PKI domain.
Recommended action	No action is required.

‌

PKT2CPU messages

This section contains PKT2CPU messages.

PKT2CPU_NO_RESOURCE

Message text	-Interface=[STRING]-ProtocolType=[UINT32]-MacAddr=[STRING]; The resources are insufficient. -Interface=[STRING]-ProtocolType=[UINT32]-SrcPort=[UINT32]-DstPort=[UINT32]; The resources are insufficient.
Variable fields	$1: Interface type and number. $2: Protocol type. $3: MAC address or source port. $4: Destination port.
Severity level	4
Example	PKT2CPU/4/PKT2CPU_NO_RESOURCE: -Interface=Ethernet0/0/2-ProtocolType=21-MacAddr=0180-c200-0014; The resources are insufficient.
Explanation	Hardware resources were insufficient.
Recommended action	Cancel the configuration.

Portal messages

This section contains portal messages.

PORTAL_USER_LOGOFF

Message text	UserName=[STRING], IPAddr=[IPADDR], IfName=[STRING], OuterVLAN=[UINT16], InnerVLAN=[UINT16], MACAddr=[MAC], Reason=[STRING], Input Octets=[UINT32], Output Octets=[UINT32], Input Gigawords=[UINT32], Output Gigawords=[UINT32], IPv6Input Octets=[UINT32], IPv6Output Octets=[UINT32], IPv6 Input Gigawords=[UINT32], IPv6Output Gigawords=[UINT32], SessionTime=[UINT32]; User logged off.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Reason for user offline, see Table 6. $8: Statistics of the user's upstream IPv4 traffic, in bytes. $9: Statistics of the user's downstream IPv4 traffic, in bytes. $10: Statistics of the user's upstream IPv4 traffic. The measurement unit is 4G bytes. $11: Statistics of the user's downstream IPv4 traffic. The measurement unit is 4G bytes. $12: Statistics of the user's upstream IPv6 traffic, in bytes. $13: Statistics of the user's downstream IPv6 traffic, in bytes. $14: Statistics of the user's upstream IPv6 traffic. The measurement unit is 4G bytes. $15: Statistics of the user's downstream IPv6 traffic. The measurement unit is 4G bytes. $16: Online duration of the user, in seconds.
Severity level	6
Example	PORTAL/6/PORTAL_USER_LOGOFF: -MDC=1; UserName=abc, IPAddr=1.1.1.2, IfName=Route-Aggregation1023.4000, OuterVLAN=N/A, InnerVLAN=4000, MACAddr=0230-0103-5601, Reason=User request, Input Octets=100, Output Octets=200, Input Gigawords=100, Output Gigawords=200, IPv6Input Octets=100, IPv6Output Octets=200, IPv6Input Gigawords=100, IPv6Output Gigawords=200, SessionTime=200; User logged off.
Explanation	A portal user went offline. Whether IPv6-related fields are displayed depends on the configuration of the portal user-log traffic-separate command. For more information, see portal commands in Security Command Reference.
Recommended action	Choose the recommended action according to the reason (see Table 6).

‌

Table 6 Reasons that a user goes offline and recommended actions

Reason	Description	Recommended action
User request.	The user requested to be offline.	No action is required.
DHCP entry deleted.	The DHCP entry was deleted.	Verify that the DHCP server configuration is correct.
Idle timeout.	The traffic of the user in the specified period of time does not reach the idle cut traffic threshold.	No action is required.
Session timeout.	The user's online time has reached the session timeout time assigned by the server.	No action is required.
User detection failure.	The user failed online detection.	No action is required.
Force logout by RADIUS server.	The RADIUS server logged out the user.	No action is required.
Interface down.	· The state of the access interface became Down or Deactive. · The access interface is a VLAN interface and a Layer 2 port left the VLAN.	· Verify that a cable is correctly inserted to the user access interface, and the access interface is not shut down by using the shutdown command. · Verify that the user access interface card or subcard operates normally. · Verify that portal roaming is enabled on the user access Layer 2 Ethernet interface.
Failed to assign a user rule.	N/A.	Release memory to ensure enough hardware memory space.
Authorization info changed.	Authorization information changed for the user. For example, the authorization ACL or user profile was deleted.	No action is required.
Force logout by access device.	The device logged out the user.	Make sure portal authentication functions normally on the user access interface.
User info synchronization failure.	The device failed to synchronize user information with the server.	· Make sure the user heartbeat interval configured on the portal authentication server is not greater than the user synchronization detection timeout configured on the access device. · Verify that the server is reachable.
User recovery failure.	User information recovery failed.	· Verify that the user access interface is up. · Verify that portal authentication is enabled on the user access interface. · Verify that the session timeout timer for the user does not expire.
Authorization ACL for the online user changed.	N/A	· Verify that the authorization ACL for the user is correctly assigned. · Verify that strict checking on authorized ACLs is disabled.
Authorization user profile for the online user changed.	N/A	· Verify that the authorization user profile for the user is correctly assigned by using the display user profile command. · Verify that strict checking on authorized user profiles is disabled.
Accounting update failure.	Failed to update accounting for the user.	· Verify that the device can correctly communicate with the accounting server. · Verify that the status of the accounting server is active.
Failed to start accounting.	Failed to start accounting for the user.	· Verify that the device can correctly communicate with the accounting server. · Verify that the status of the accounting server is active.
User traffic reached threshold.	Traffic of the user reached the traffic threshold set by the server.	No action is required.
Authorization VPN instance deleted.	The authorization VPN instance was deleted.	No action is required.
Authorization ACL does not exist.	The authorization ACL does not exist.	Verify that the ACL is correctly configured on the device.
Failed to get physical info.	Failed to get the physical information.	No action is required.
Failed to add an ARP or ND entry for the user.	Failed to add the ARP or ND entry of the user.	No action is required.
User information does not match user profile.	The user information and the user profile do not match.	No action is required.
Authorization user profile does not exist.	The authorization user profile does not exist.	Verify that the user profile is correctly configured on the device.
Failed to issue the user rule to the AP.	Failed to issue the user rule to the AP.	No action is required.
Deleted the user for SSID switchover.	The user was logged out after SSID switchover.	No action is required.
Failed to issue an OpenFlow rule to the AP.	Failed to issue an OpenFlow rule to the AP.	No action is required.
Logged out the user after the wireless client disconnected.	The user was logged out after the wireless client was disconnected.	No action is required.
Logged out the user when a new user with the same MAC address performed MAC-trigger authentication.	The user was logged out because a new user with the same MAC address performed MAC-trigger authentication.	No action is required.
Logged out the user when a new dual-stack user with the same MAC address came online.	The user was logged out because a new dual-stack user with the same MAC address came online.	No action is required.
The portal server failed to instruct the device to change the user IP address.	The portal server failed to instruct the device to change the IP address of the user.	No action is required.
DHCP received a DHCP release packet.	The user was logged out because DHCP received a DHCP release message.	No action is required.
DHCP lease expired.	The DHCP lease of the user expired.	No action is required.
DHCP received a DHCP release packet from the WLAN roaming center.	The WLAN roaming center instructed DHCP to log out the user because of a DHCP release message.	No action is required.
WLAN roaming center instructed portal to log out the user.	The WLAN roaming center instructed portal to log out the user.	No action is required.
Logged out the user after user synchronization through WiFiDog.	Portal logged out the user after it synchronized user information through WifFiDog.	No action is required.
The cloud portal server instructed portal to log out the user.	The cloud portal server instructed portal to log out the user.	No action is required.

‌

PORTAL_USER_LOGON_FAIL

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; User failed to get online.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Login failure reason, see Table 7.
Severity level	6
Example	PORTAL/6/PORTAL_USER_LOGON_FAIL: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000- OuterVLAN=100-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason= Authentication Failed : 4; User failed to get online.
Explanation	A portal user failed to come online.
Recommended action	Choose the recommended action according to the reason, see Table 7.

‌

Table 7 Reasons that a user fails to come online and recommended actions

Reason	Description	Recommended action
Authorization failure.	Authorization failed, or authorization attributes deployment failed.	· Verify that the device can correctly communicate with the authorization server. · Verify that the authorization user attributes exist on the device and are correctly configured. · Verify that the device supports the authorization user attributes.
Received logout request.	The user received a logout request from the portal server during the login process.	Verify that the device can correctly communicate with the AAA server.
Authentication failure.	Authentication failed.	· Verify that the device can correctly communicate with the authentication server. · Verify that the shared key is the same on the device and the authentication server. · Verify that the username is valid. · Verify that the password for the username is correct. · Verify that the authentication domain on the device is correct.
Other error.	Unknown error.	N/A

‌

PORTAL_USER_LOGON_SUCCESS

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]:User got online successfully.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address.
Severity level	6
Example	PORTAL/6/PORTAL_USER_LOGON_SUCCESS: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000- OuterVLAN=100-InnerVLAN=4000-MACAddr=0230-0103-5601; User got online successfully.
Explanation	A portal user came online successfully.
Recommended action	No action is required.

‌

PPP messages

This section contains PPP messages.

IPPOOL_ADDRESS_EXHAUSTED

Message text	The address pool [STRING] was exhausted.
Variable fields	$1: Pool name.
Severity level	5
Example	PPP/5/IPPOOL_ADDRESS_EXHAUSTED: The address pool aaa was exhausted.
Explanation	This message is generated when the last address is assigned from the pool.

PPP_USER_LOGON_SUCCESS

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]; The user came online successfully.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address.
Severity level	6
Example	PPP/6/PPP_USER_LOGON_SUCCESS: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OuterVLAN=1000-InnerVLAN=4000-MACAddr=0230-0103-5601; The user came online successfully.
Explanation	The user has come online successfully.
Recommended action	No action is required.

PPP_USER_LOGON_FAILED

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; The user failed to come online.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Cause (see Table 8).
Severity level	5
Example	PPP/5/PPP_USER_LOGON_FAILED: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OuterVLAN=1000-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason=Authentication failed; The user failed to come online.
Explanation	The user failed to come online.
Recommended action	See Table 8.

Table 8 Causes and recommended actions

Cause	Description	Recommended action
Authentication method error	The authentication method was configured incorrectly, possibly because the authentication method requested by users is inconsistent with the authentication method configured on the interface.	Verify that the authentication method is configured correctly.
AAA access limit reached	The upper limit of concurrent logins using the same local user name is reached.	1. Check the number of concurrent online users using the current local user name. 2. Modify the upper limit of the concurrent logins using the current local user name to a greater value by executing the access-limit command.
The local user does not exist	The local user was not configured.	1. Verify that the dial-in user is a legal user. 2. Add the local user if the user is a legal user but the corresponding local user does not exist on the device.
Local authentication failed: wrong password	The local authentication was rejected because of the incorrect password.	1. Verify that the username is correct. 2. Verify that the password is correct.
No AAA response during authentication	The device did not receive an AAA response from the authentication server during the authentication timeout time.	1. Verify that the device communicates with the authentication server correctly. 2. Verify that the authentication server operates correctly. 3. Verify that the shared key on the device is the same as the shared key on the authentication server.
RADIUS authentication reject	The RADIUS server returned an access-reject packet.	1. Verify that the username is correct. 2. Verify that the password is correct.
AAA authorization information error	Failed to add user authorization information.	1. Verify that the authorization attributes deployed by the authorization server exist on the device and are configured correctly.
Authentication request to AAA failed	The device failed to send the authentication request to the AAA server.	1. Verify that the device communicates with the authentication server correctly. 2. Verify that the authentication server operates correctly.
Accounting request to AAA failed	The device failed to send the accounting request to the AAA server.	1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly.
No authentication ACK from AAA	The device failed to receive the authentication acknowledgment packet from the AAA server.	1. Verify that the device communicates with the authentication server correctly. 2. Verify that the authentication server operates correctly.
TACACS authentication reject	The TACACS server returned an access-reject packet.	1. Verify that the username is correct. 2. Verify that the password is correct.

PPP_USER_LOGOFF

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; The user logged off.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Cause (see Table 9).
Severity level	6
Example	PPP/6/PPP_USER_LOGOFF: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OuterVLAN=1000-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason=Use request; The user logged off.
Explanation	The user has gone offline normally.
Recommended action	No action is required.

Table 9 Causes

Cause	Description
User request	The user connection was terminated at the user's request.

PPP_USER_LOGOFF_ABNORMAL

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; The user logged off abnormally.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Cause (see Table 10).
Severity level	6
Example	PPP/6/PPP_USER_LOGOFF_ABNORMAL: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OuterVLAN=1000-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason=Lost Carrier; The user logged off abnormally.
Explanation	The user has gone offline abnormally.
Recommended action	See Table 10.

Table 10 Causes and recommended actions

Cause	Description	Recommended action
Lost carrier	The keepalive packets were lost, possibly because the link between the user device and the device connecting to the BAS fails.	Save the related log information locally and contact the support.
Lost service	The service server (for example, L2TP) terminated the service.	No action is required.
Admin reset	The user session was temporarily terminated by the administrator by executing the shutdown command because of management reasons.	No action is required.
BAS request	Unknown reasons.	Save the related log information locally and contact the support.
Session timeout	The user session timed out.	Notify the user that the traffic quota is used up or to renew the user account.
Traffic quota limit reached	The user traffic limit was reached.	Notify the user that the traffic is used up or to renew the user account.
Logged off by the RADIUS server	The AAA server logged off the user.	No action is required.
Accounting update failure	The accounting update failed.	1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly.
No AAA response during realtime accounting	The user did not receive the response from the accounting server during the timeout time. (In the realtime accounting phase.)	1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly.
No AAA response for accounting start	The user did not receive the response from the accounting server during the timeout time. (In the accounting start phase.)	1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly.
No AAA response for accounting stop	The user did not receive the response from the accounting server during the timeout time. (In the accounting stop phase.)	1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly.
PPP negotiation terminated	The PPP negotiation was terminated.	1. Verify that the configuration is correct.
Repeated LCP negotiation packets	Repeated LCP negotiation packets were received.	2. Disconnect the client and initiate a connection again.
The interface that the user accesses goes down	N/A.	1. Verify that the network cable of the user access interface is correctly connected. 2. Verify the user access card or subcard has no errors or is in position.
The interface that the user accesses is shut down	N/A.	Verify that the shutdown command is not executed on the user access interface.
Session idle cut	The user traffic did not reach the threshold within the specified period.	No action is required.

PPPOES messages

This section contains PPPOES messages.

PPPOES_MAC_THROTTLE

Message text	The MAC [STRING] triggered MAC throttle on interface [STRING].
Variable fields	$1: MAC address. $2: Interface name.
Severity level	5
Example	PPPOES/5/PPPOES_MAC_THROTTLE: -MDC=1; The MAC 001b-21a8-0949 triggered MAC throttle on interface GigabitEthernet1/0/1.
Explanation	The maximum number of PPPoE session requests from a user within the monitoring time reached the PPPoE access limit on the access interface. The access interface discarded the excessive requests.
Recommended action	1. Check the PPPoE access limit on the access interface that is configured by using the pppoe-server throttle per-mac command. 2. View the time left for the blocking user on the access interface by executing the display pppoe-server throttled-mac command. 3. If the problem persists, contact the support.

PWDCTL messages

This section contains password control messages.

PWDCTL_ADD_BLACKLIST

Message text	[STRING] was added to the blacklist for failed login attempts.
Variable fields	$1: Username.
Severity level	6
Example	PWDCTL/6/PWDCTL_ADD_BLACKLIST: hhh was added to the blacklist for failed login attempts.
Explanation	The user entered an incorrect password. It failed to log in to the device and was added to the password control blacklist.
Recommended action	No action is required.

PWDCTL_CHANGE_PASSWORD

Message text	[STRING] changed the password because [STRING].
Variable fields	$1: Username. $2: The reasons for changing the password. ¡ it was the first login of the account. ¡ the password had expired. ¡ the password was too short. ¡ the password was not complex enough. ¡ the password was default password.
Severity level	6
Example	PWDCTL/6/PWDCTL_CHANGE_PASSWORD: hhh changed the password because it was the first login of the account.
Explanation	The user changed the password for some reason. For example, the user changed the password because it is the first login of the user's account.
Recommended action	No action is required.

PWDCTL_FAILED_TO_WRITEPWD

Message text	Failed to write the password records to file.
Variable fields	N/A
Severity level	6
Example	PWDCTL/6/PWDCTL_FAILED_TO_WRITEPWD: Failed to write the password records to file.
Explanation	The device failed to write a password to a file.
Recommended action	Check the file system of the device for memory space insufficiency.

PWDCTL_UPDATETIME

Message text	Last login time updated after clock update.
Variable fields	N/A
Severity level	6
Example	PWDCTL/6/PWDCTL_UPDATETIME: Last login time updated after clock update.
Explanation	This message is sent when the last login time is updated.
Recommended action	No action is required.

QOS messages

This section contains QoS messages.

MIRROR_SYNC_CFG_FAIL

Message text	Failed to restore configuration for monitoring group [UINT32] in [STRING], because [STRING]
Variable fields	$1: Monitoring group. $2: Chassis number plus slot number or slot number. $3: Failure cause.
Severity level	4
Example	QOS/4/MIRROR_SYNC_CFG_FAIL: Failed to restore configuration for monitoring group 1 in chassis 2 slot 1, because monitoring resources are insufficient.
Explanation	After a card was installed, the system failed to restore the configuration for a monitoring group on the card for the following possible reasons: · The number of member ports in the monitoring group exceeds the limit. · The monitoring resources are insufficient on the card. · Member ports in the monitoring group are not supported by the card.
Recommended action	Delete or modify unsupported settings.

QOS_BANDWIDTH_TOTALCHANNEL

Message text	Failed to set the interface bandwidth for interface [STRING] because the interface bandwidth is less than the total channel bandwidth.
Variable fields	$1: Interface name.
Severity level	4
Example	QOS/4/QOS_BANDWIDTH_TOTALCHANNEL: Failed to set the interface bandwidth for interface GigabitEthernet4/0/1 because the interface bandwidth is less than the total channel bandwidth.
Explanation	This message is generated when the bandwidth of the main interface is smaller than the total channelized bandwidth of subinterfaces.
Recommended action	Increase the bandwidth of the main interface or reduce the total channelized bandwidth of subinterfaces.

QOS_CAR_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply the [STRING] CAR in [STRING] profile [STRING] to the user. Reason: [STRING].
Variable fields	$1: User identity. $2: Application direction. $3: Profile type. $4: Profile name. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_CAR_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to apply the inbound CAR in user profile a to the user. Reason: The resources are insufficient.
Explanation	The system failed to perform one of the following actions: · Apply a CAR policy when a user went online. · Modify a configured CAR policy or configure a new CAR policy when a user is online.
Recommended action	Delete the CAR policy from the profile or modify the parameters of the CAR policy.

QOS_CBWFQ_REMOVED

Message text	CBWFQ is removed from [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	QOS/3/QOS_CBWFQ_REMOVED: CBWFQ is removed from GigabitEthernet4/0/1.
Explanation	CBWFQ was removed from an interface because the maximum bandwidth or speed configured on the interface was below the bandwidth or speed required for CBWFQ.
Recommended action	Increase the bandwidth or speed and apply the removed CBWFQ again.

QOS_CHANNEL_APPLYIF_FAIL

Message text	Failed to set the channel bandwidth on interface [STRING] because the total channel bandwidth exceeds the interface bandwidth.
Variable fields	$1: Interface name.
Severity level	3
Example	QOS/3/QOS_CHANNEL_APPLYIF_FAIL: Failed to set the channel bandwidth on interface GigabitEthernet4/0/1 because the total channel bandwidth exceeds the interface bandwidth.
Explanation	This message is generated when the total channelized bandwidth exceeds the interface bandwidth.
Recommended action	Increase the bandwidth of the main interface or reduce the total channelized bandwidth of subinterfaces.

QOS_GTS_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply GTS in user profile [STRING] to the user. Reason: [STRING].
Variable fields	$1: User identity. $2: User profile name. $3: Failure cause.
Severity level	4
Example	QOS/4/QOS_GTS_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply GTS in user profile a to the user. Reason: The resources are insufficient.
Explanation	The system failed to perform one of the following actions: · Apply a GTS action when a user went online. · Modify a configured GTS action or configure a new GTS action when a user is online.
Recommended action	Delete the GTS action from the user profile or modify the parameters of the GTS action.

QOS_IFA_OUTPUT_IFFAIL

Message text	Failed to find an output interface for destination IP address [STRING].
Variable fields	$1: IP address.
Severity level	4
Example	QOS/4/QOS_IFA_OUTPUT_IFFAIL: Failed to find an output interface for destination IP address 1.1.1.1.
Explanation	The system failed to find an output interface for a destination IP address.
Recommended action	Check whether the route is available.

QOS_NOT_ENOUGH_BANDWIDTH

Message text	Policy [STRING] requested bandwidth [UINT32](kbps). Only [UINT32](kbps) is available on [STRING].
Variable fields	$1: Policy name. $2: Required bandwidth for CBWFQ. $3: Available bandwidth on an interface. $4: Interface name.
Severity level	3
Example	QOS/3/QOS_NOT_ENOUGH_BANDWIDTH: Policy d requested bandwidth 10000(kbps). Only 80(kbps) is available on GigabitEthernet4/0/1.
Explanation	Configuring CBWFQ on an interface failed because the maximum bandwidth on the interface was less than the bandwidth required for CBWFQ.
Recommended action	Increase the maximum bandwidth configured for the interface or set lower bandwidth required for CBWFQ.

QOS_NOT_ENOUGH_NNIBANDWIDTH

Message text	The total UNI bandwidth is greater than the NNI bandwidth. The total UNI bandwidth is greater than the NNI bandwidth. The bandwidth of [STRING] is changed. The total UNI bandwidth is greater than the NNI bandwidth. [STRING] is created based on [STRING] of the UNI interface
Variable fields	$1: Interface name.
Severity level	4
Example	QOS/4/ QOS_NOT_ENOUGH_NNIBANDWIDTH: The total UNI bandwidth is greater than the NNI bandwidth. QOS/4/ QOS_NOT_ENOUGH_NNIBANDWIDTH: The total UNI bandwidth is greater than the NNI bandwidth. The bandwidth of GigabitEthernet4/0/1 is changed. QOS/4/ QOS_NOT_ENOUGH_NNIBANDWIDTH: The total UNI bandwidth is greater than the NNI bandwidth. Virtual-Access1 is created based on Virtual-Template1 of the UNI interface.
Explanation	This message is generated when the total UNI bandwidth is still greater than the NNI bandwidth after the NNI bandwidth is increased or the total UNI bandwidth is reduced. This message is generated when the total UNI bandwidth is greater than the NNI bandwidth because the interface bandwidth is changed. This message is generated when the total UNI bandwidth is greater than the NNI bandwidth because a virtual access interface is created based on a virtual template of the UNI interface.
Recommended action	Increase the NNI bandwidth or reduce the total UNI bandwidth.

QOS_POLICY_APPLYCOPP_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Application direction. $4: Slot number. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYCOPP_CBFAIL: Failed to apply classifier-behavior d in policy b to the inbound direction of control plane slot 3. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of a control plane. · Update a classifier-behavior association applied to a specific direction of a control plane.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYCOPP_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING].
Variable fields	$1: Policy name. $2: Traffic direction. $3: Slot number. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYCOPP_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of control plane slot 3. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of a control plane. · Update a QoS policy applied to a specific direction of a control plane.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYGLOBAL_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction globally. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Traffic direction. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYGLOBAL_CBFAIL: Failed to apply classifier-behavior a in policy b to the outbound direction globally. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction globally. · Update a classifier-behavior association applied to a specific direction globally.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYGLOBAL_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction globally. [STRING].
Variable fields	$1: Policy name. $2: Traffic direction. $3: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYGLOBAL_FAIL: Failed to apply or refresh QoS policy b to the inbound direction globally. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction globally. · Update a QoS policy applied to a specific direction globally.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYIF_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of interface [STRING]. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Traffic direction. $4: Interface name. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYIF_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of interface Ethernet3/1/2. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of an interface. · Update a classifier-behavior association applied to a specific direction of an interface.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYIF_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of interface [STRING]. [STRING].
Variable fields	$1: Policy name. $2: Traffic direction. $3: Interface name. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYIF_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of interface Ethernet3/1/2. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of an interface. · Update a QoS policy applied to a specific direction of an interface.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYTUN_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to [STRING]. Reason: [STRING].
Variable fields	$1: Policy name. $2: Tunnel information. $3: Failure cause: ¡ The filtering action is not supported. ¡ The marking action is not supported. ¡ The mirroring action is not supported. ¡ The redirect action is not supported. ¡ The QoS policy does not exist. ¡ The QoS policy was deleted.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYTUN_FAIL: Failed to apply or refresh QoS policy b to ADVPN session Tunnel1 192.168.0.10. Reason: The marking action is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to an ADVPN tunnel. · Update a QoS policy applied to an ADVPN tunnel.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYTUN_SUCCESS

Message text	QoS policy [STRING] was successfully applied or refreshed to [STRING].
Variable fields	$1: Policy name. $2: Tunnel information.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYTUN_SUCCESS: QoS policy b was successfully applied or refreshed to ADVPN session Tunnel1 192.168.0.10.
Explanation	The system successfully applied or refreshed a QoS policy for an ADVPN tunnel.
Recommended action	No action is required.

QOS_POLICY_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply the [STRING] QoS policy [STRING] in user profile [STRING] to the user.Reason: [STRING].
Variable fields	$1: User identity. $2: Application direction. $3: QoS policy name. $4: User profile name. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply the inbound QoS policy p in user profile a to the user.Reason: The QoS policy is not supported.
Explanation	The system failed to perform one of the following actions: · Issue the settings of a QoS policy when a user went online. · Modify an applied QoS policy or apply a new QoS policy when a user is online.
Recommended action	Remove the QoS policy from the user profile or modify the parameters of the QoS policy.

QOS_POLICY_APPLYVLAN_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Application direction. $4: VLAN ID. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYVLAN_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of VLAN 2. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of a VLAN. · Update a classifier-behavior association applied to a specific direction of a VLAN.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYVLAN_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING].
Variable fields	$1: Policy name. $2: Application direction. $3: VLAN ID. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYVLAN_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of VLAN 2. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of a VLAN. · Update a QoS policy applied to a specific direction of a VLAN.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_QMPROFILE_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply queue management profile [STRING] in session group profile [STRING] to the user. Reason: [STRING].
Variable fields	$1: User identity. $2: Queue scheduling profile name. $3: Session group profile name. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_QMPROFILE_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-SVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply queue management profile b in session group profile a to the user. Reason: The QMProfile is not supported.
Explanation	The system failed to perform one of the following actions: · Issue the settings of a queue scheduling profile when a user went online. · Modify an applied queue scheduling profile or apply a new queue scheduling profile when a user is online.
Recommended action	Remove the queue scheduling profile from the session group profile or modify the parameters of the queue scheduling profile.

QOS_QMPROFILE_MODIFYQUEUE_FAIL

Message text	Failed to configure queue [UINT32] in queue scheduling profile [STRING]. [STRING].
Variable fields	$1: Queue ID. $2: Profile name. $3: Failure cause.
Severity level	4
Example	QOS/4/QOS_QMPROFILE_MODIFYQUEUE_FAIL: Failed to configure queue 1 in queue scheduling profile myqueue. The value is out of range.
Explanation	The system failed to modify a queue in a queue scheduling profile successfully applied to an interface because the new parameter was beyond port capabilities.
Recommended action	Remove the queue scheduling profile from the interface, and then modify the parameters for the queue.

QOS_UNI_RESTORE_FAIL

Message text	Failed to restore the UNI configuration of [STRING], because the total UNI bandwidth is greater than the NNI bandwidth.
Variable fields	$1: Interface name.
Severity level	4
Example	QOS/4/ QOS_NNIBANDWIDTH_OVERFLOW: Failed to restore the UNI configuration of the interface GigabitEthernet5/1/5, because the total UNI bandwidth is greater than the NNI bandwidth.
Explanation	The system failed to restore the UNI configuration of an interface, because the total UNI bandwidth is greater than the NNI bandwidth.
Recommended action	Increase the NNI bandwidth or reduce the total UNI bandwidth, and then reconfigure the downlink ports as UNI ports.

WRED_TABLE_CFG_FAIL

Message text	Failed to dynamically modify the configuration of WRED table [STRING], because [STRING].
Variable fields	$1: WRED table name. $2: Failure cause.
Severity level	4
Example	QOS/4/WRED_TABLE_CFG_FAIL: Failed to dynamically modify the configuration of WRED table a, because ECN is not supported.
Explanation	Failed to dynamically modify the configuration of a WRED table, because some settings are not supported.
Recommended action	No action is required.

RADIUS messages

This section contains RADIUS messages.

RADIUS_AUTH_FAILURE

Message text	User [STRING] from [STRING] failed authentication.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	RADIUS/5/RADIUS_AUTH_FAILURE: User abc@system from 192.168.0.22 failed authentication.
Explanation	An authentication request was rejected by the RADIUS server.
Recommended action	No action is required.

RADIUS_AUTH_SUCCESS

Message text	User [STRING] from [STRING] was authenticated successfully.
Variable fields	$1: Username. $2: IP address.
Severity level	6
Example	RADIUS/6/RADIUS_AUTH_SUCCESS: User abc@system from 192.168.0.22 was authenticated successfully.
Explanation	An authentication request was accepted by the RADIUS server.
Recommended action	No action is required.

RADIUS_DELETE_HOST_FAIL

Message text	Failed to delete servers in scheme [STRING].
Variable fields	$1: Scheme name.
Severity level	4
Example	RADIUS/4/RADIUS_DELETE_HOST_FAIL: Failed to delete servers in scheme abc.
Explanation	Failed to delete servers from a RADIUS scheme.
Recommended action	No action is required.

RIP messages

This section contains RIP messages.

RIP_MEM_ALERT

Message text	RIP Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	RIP/5/RIP_MEM_ALERT: RIP Process received system memory alert start event.
Explanation	RIP received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

RIP_RT_LMT

Message text	RIP [UINT32] Route limit reached
Variable fields	$1: Process ID.
Severity level	6
Example	RIP/6/RIP_RT_LMT: RIP 1 Route limit reached.
Explanation	The number of routes of a RIP process reached the upper limit.
Recommended action	1. Check for network attacks. 2. Reduce the number of routes.

RIPNG messages

This section contains RIPng messages.

RIPNG_MEM_ALERT

Message text	RIPng Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	RIPNG/5/RIPNG_MEM_ALERT: RIPNG Process received system memory alert start event.
Explanation	RIPng received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

RIPNG_RT_LMT

Message text	RIPng [UINT32] Route limit reached
Variable fields	$1: Process ID
Severity level	6
Example	RIPNG/6/RIPNG_RT_LMT: RIPng 1 Route limit reached.
Explanation	The number of routes of a RIPng process reached the upper limit.
Recommended action	1. Check for network attacks. 2. Reduce the number of routes.

RM messages

This section contains RM messages.

RM_ACRT_REACH_LIMIT

Message text	Max active [STRING] routes [UINT32] reached in URT of [STRING]
Variable fields	$1: IPv4 or IPv6. $2: Maximum number of active routes. $3: VPN instance name.
Severity level	4
Example	RM/4/RM_ACRT_REACH_LIMIT: Max active IPv4 routes 100000 reached in URT of VPN1
Explanation	The number of active routes reached the upper limit in the unicast routing table of a VPN instance.
Recommended action	Remove unused active routes.

RM_ACRT_REACH_THRESVALUE

Message text	Threshold value [UINT32] of max active [STRING] routes reached in URT of [STRING]
Variable fields	$1: Threshold of the maximum number of active routes in percentage. $2: IPv4 or IPv6. $3: VPN instance name.
Severity level	4
Example	RM/4/RM_ACRT_REACH_THRESVALUE: Threshold value 50% of max active IPv4 routes reached in URT of vpn1
Explanation	The percentage of the maximum number of active routes was reached in the unicast routing table of a VPN instance.
Recommended action	Modify the threshold value or the route limit configuration.

RM_THRESHLD_VALUE_REACH

Message text	Threshold value [UINT32] of active [STRING] routes reached in URT of [STRING]
Variable fields	$1: Maximum number of active routes. $2: IPv4 or IPv6. $3: VPN instance name.
Severity level	4
Example	RM/4/RM_THRESHLD_VALUE_REACH: Threshold value 10000 of active IPv4 routes reached in URT of vpn1
Explanation	The number of active routes reached the threshold in the unicast routing table of a VPN instance.
Recommended action	Modify the route limit configuration.

RRM messages

This section contains RRM messages.

RRM_LOG_ADJUSTCHANNEL

Message text	Channel of radio [UINT32] on AP [STRING] changed from [UINT16] to [UINT16].
Variable fields	$1: Radio ID. $2: AP name. $3: Old channel ID. $4: New channel ID.
Severity level	6
Example	RRM/6/RRM_LOG_ADJUSTCHANNEL: Channel of radio 1 on AP ap2 changed from 149 to 52.
Explanation	The working channel of the radio changed.
Recommended action	No action is required.

RTM messages

This section contains RTM messages.

RTM_TCL_NOT_EXIST

Message text	Failed to execute Tcl-defined policy [STRING] because the policy's Tcl script file was not found.
Variable fields	$1: Name of a Tcl-defined policy.
Severity level	4
Example	RTM/4/RTM_TCL_NOT_EXIST: Failed to execute Tcl-defined policy aaa because the policy's Tcl script file was not found.
Explanation	The system did not find the Tcl script file for the policy while executing the policy.
Recommended action	1. Check that the Tcl script file exists. 2. Reconfigure the policy.

RTM_TCL_MODIFY

Message text	Failed to execute Tcl-defined policy [STRING] because the policy's Tcl script file had been modified.
Variable fields	$1: Name of a Tcl-defined policy.
Severity level	4
Example	RTM/4/RTM_TCL_MODIFY: Failed to execute Tcl-defined policy aaa because the policy's Tcl script file had been modified.
Explanation	The Tcl script file for the policy was modified.
Recommended action	Reconfigure the policy, or modify the Tcl script to be the same as it was when it was bound with the policy.

RTM_TCL_LOAD_FAILED

Message text	Failed to load the Tcl script file of policy [STRING].
Variable fields	$1: Name of a Tcl-defined policy.
Severity level	4
Example	RTM/4/RTM_TCL_LOAD_FAILED: Failed to load the Tcl script file of policy [STRING].
Explanation	The system failed to load the Tcl script file for the policy to memory.
Recommended action	No action is required.

SCMD messages

This section contains SCMD messages.

PROCESS_ABNORMAL

Message text	The process [STRING] exited abnormally. ServiceName=[STRING], ExitCode=[STRING], KillSignal=[STRING], StartTime=[STRING], StopTime=[STRING].
Variable fields	$1: Process name. $2: Service name defined in the script. $3: Process exit code. If the process was closed by a signal, this field displays NA. $4: Signal that closed the process. If the process was not closed by a signal, this field displays NA. $5: Time when the process was created. $6: Time when the process was closed.
Severity level	4
Example	SCMD/4/PROCESS_ABNORMAL: The process diagd exited abnormally. ServiceName=DIAG, ExitCode=1, KillSignal=NA, StartTime=2019-03-06 14:18:06, StopTime=2019-03-06 14:35:25.
Explanation	A process exited abnormally. You can use the process parameters for troubleshooting.
Recommended action	1. Use the display process command to identify whether the process exists. If the process exists, the process is recovered. 2. If the process is not recovered, collect the following information: 3. Execute the view /var/log/trace.log > trace.log command in probe view, and transfer the trace.log file saved in the storage media of the device to the server through FTP or TFTP. To use FTP, set the transfer mode to binary. 4. To quickly troubleshoot the issue, leave the device as is and contact H3C Support. 5. If the process has been recovered, but reasons need to be located, go to step 2.

PROCESS_ACTIVEFAILED

Message text	The standby process [STRING] failed to switch to the active process due to uncompleted synchronization, and was restarted.
Variable fields	$1: Process name.
Severity level	4
Example	SCMD/4/PROCESS_ACTIVEFAILED: The standby process diagd failed to switch to the active process due to uncompleted synchronization, and was restarted.
Explanation	The standby process failed to switch to the active process because the active process exited abnormally when the standby process has not completed synchronization. The standby process was restarted.
Recommended action	No action is required.

PROCESS_CORERECORD

Message text	Exceptions occurred with process [STRING]. A core dump file was generated.
Variable fields	$1: Process name.
Severity level	4
Example	SCMD/4/PROCESS_CORERECORD: Exceptions occurred with process diagd. A core dump file was generated.
Explanation	A process had exceptions and a core dump file was generated.
Recommended action	1. Use the display exception context command to collect and save process exception information to a file. 2. Use the display exception filepath command to display the core dump file directory. 3. Use FTP to TFTP to transfer the core dump file and the file that stores the process exception information to a file server. To use FTP, set the transfer mode to binary. 4. To quickly troubleshoot the issue, leave the device as is and contact H3C Support.

SCM_ABNORMAL_REBOOT

Message text	Failed to restore process [STRING]. Rebooting [STRING].
Variable fields	$1: Process name. $2: Chassis number and slot number, slot number, or string the system.
Severity level	3
Example	SCMD/3/SCM_ABNORMAL_REBOOT: Failed to restore process ipbased. Rebooting slot 1.
Explanation	The process exited abnormally during the device startup. If the process cannot recover after multiple automatic restart attempts, the slot or device will restart automatically.
Recommended action	1. Use the display process command to verify that the process has recovered after the card or device restarts. 2. If the problem persists, contact H3C Support.

SCM_ABNORMAL_REBOOTMDC

Message text	Failed to restore process [STRING] on [STRING] [UINT16]. Rebooting [STRING] [UINT16].
Variable fields	$1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Object type, MDC or context. $5: ID of the MDC or context.
Severity level	3
Example	SCMD/3/SCM_ABNORMAL_REBOOTMDC: Failed to restore process ipbased on MDC 2. Rebooting MDC 2.
Explanation	The process exited abnormally during the startup of the MDC on the active MPU or the context on the main security engine in the security engine group. If the process cannot recover after multiple automatic restart attempts, the MDC or context will restart automatically. This message will be output in MDC 1 or Context 1.
Recommended action	1. Use the display process command to verify that the process has recovered after the card restarts. 2. If the problem persists, contact H3C Support.

SCM_ABORT_RESTORE

Message text	Failed to restore process [STRING]. Restoration aborted.
Variable fields	$1: Process name.
Severity level	3
Example	SCMD/3/SCM_ABORT_RESTORE: Failed to restore process ipbased. Restoration aborted.
Explanation	The process exited abnormally during the system operation. If the process cannot recover after multiple automatic restart attempts, the device will not restore the process.
Recommended action	1. Use the display process log command in any view to display the details about process exit. 2. Restart the card or the MDC where the process is located. 3. Provide the output from the display process log command to H3C Support.

SCM_INSMOD_ADDON_TOOLONG

Message text	Failed to finish loading [STRING] in [UINT32] minutes.
Variable fields	$1: Kernel file name. $2: File loading duration.
Severity level	4
Example	SCMD/4/SCM_INSMOD_ADDON_TOOLONG: Failed to finish loading addon.ko in 30 minutes.
Explanation	Kernel file loading timed out during device startup.
Recommended action	1. Restart the card. 2. Contact H3C Support.

SCM_KERNEL_INIT_TOOLONG

Message text	Kernel init in sequence [STRING] function [STRING] is still starting for [UINT32] minutes.
Variable fields	$1: Kernel event phase. $2: Address of the function corresponding to the kernel event. $3: Time duration.
Severity level	4
Example	SCMD/4/SCM_KERNEL_INIT_TOOLONG: Kernel init in sequence 0x25e7 function 0x6645ffe2 is still starting for 15 minutes.
Explanation	A function at a phase during kernel initialization ran too long.
Recommended action	1. Restart the card. 2. Contact H3C Support.

SCM_PROCESS_STARTING_TOOLONG

Message text	Pattern 1: The process [STRING] has not finished starting in [UINT32] hours. Pattern 2: The process [STRING] on [STRING] [UINT16] has not finished starting in [STRING] hours.
Variable fields	Pattern 1: $1: Process name. $2: Time duration. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Time duration.
Severity level	4
Example	SCMD/4/SCM_PROCESS_STARTING_TOOLONG: The process ipbased has not finished starting in 1 hours.
Explanation	The process initialization takes a long time and has not been finished. Too many processes have been configured or the process is abnormal.
Recommended action	1. Wait 6 hours and then verify that the process has been started. 2. Restart the card/MDC/context, and then use the display process command to verify that the process has recovered. 3. Contact H3C Support.

SCM_SKIP_PROCESS

Message text	Pattern 1: The process [STRING] was skipped because it failed to start within 6 hours. Pattern 2: The process [STRING] on [STRING] [UINT16] was skipped because it failed to start within 6 hours.
Variable fields	Pattern 1: $1: Process name. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context.
Severity level	3
Example	SCMD/3/SCM_SKIP_PROCESS: The process ipbased was skipped because it failed to start within 6 hours.
Explanation	A process failed to start within 6 hours. The device will skip this process and continue to start.
Recommended action	1. Restart the card/MDC/context, and then use the display process command to verify that the process has restored. 2. Contact H3C Support.

SECP messages

This section contains security policy messages.

SECP_ACCELERATE_NO_RES

Message text	Failed to accelerate [STRING] security-policy. The resources are insufficient.
Variable fields	$1: Security policy version.
Severity level	4
Example	SECP/4/SECP_ACCELERATE_NO_RES: Failed to accelerate IPv6 security-policy. The resources are insufficient.
Explanation	Security policy rule matching acceleration failed because of insufficient hardware resources.
Recommended action	Delete unnecessary rules or disable acceleration for the security policy of the other version to release hardware resources.

SECP_ACCELERATE_NOT_SUPPORT

Message text	Failed to accelerate [STRING] security-policy. The operation is not supported.
Variable fields	$1: Security policy version.
Severity level	4
Example	SECP/4/SECP_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 security-policy. The operation is not supported.
Explanation	Security policy rule matching acceleration failed because the system does not support acceleration.
Recommended action	No action is required.

SECP_ACCELERATE_UNK_ERR

Message text	Failed to accelerate [STRING] security-policy.
Variable fields	$1: Security policy version.
Severity level	4
Example	SECP/4/SECP_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 security-policy.
Explanation	Security policy rule matching acceleration failed because of a system failure.
Recommended action	No action is required.

SESSION messages

This section contains session messages.

SESSION_IPV4_FLOW

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING];
Variable fields	$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation.. $6: Destination IP address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Total number of inbound packets. $11: Total number of inbound bytes. $12: Total number of outbound packets. $13: Total number of outbound bytes. $14: Source VPN instance name. $15: Destination VPN instance name. $16: Source DS-Lite tunnel. This field is not supported in the current software version. $17: Destination DS-Lite tunnel. This field is not supported in the current software version. $18: Time when the session is created. $19: Time when the session is removed. $20: Event type. $20: Event description: ¡ Session created. ¡ Active flow threshold. ¡ Normal over. ¡ Aged for timeout. ¡ Aged for reset or config-change. ¡ Other.
Severity level	6
Example	SESSION/6/SESSION_IPV4_FLOW: Protocol(1001)=UDP;SrcIPAddr(1003)=10.10.10.1;SrcPort(1004)=1024;NATSrcIPAddr(1005)=10.10.10.1;NATSrcPort(1006)=1024;DstIPAddr(1007)=20.20.20.1;DstPort(1008)=21;NATDstIPAddr(1009)=20.20.20.1;NATDstPort(1010)=21;InitPktCount(1044)=1;InitByteCount(1046)=50;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=03182024082546;EndTime_e(1014)=;Event(1048)=(8)Session created;
Explanation	This message is sent in one of the following conditions: · An IPv4 session is created or removed. · Periodically during an IPv4 session. · The traffic-based or time-based threshold of an IPv4 session is reached.
Recommended action	No action is required.

SESSION_IPV6_FLOW

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IP address. $5: Destination port number. $6: Total number of inbound packets. $7: Total number of inbound bytes. $8: Total number of outbound packets. $9: Total number of outbound bytes. $10: Source VPN instance name. $11: Destination VPN instance name. $12: Time when the session is created. $13: Time when the session is removed. $14: Event type. $15: Event description: ¡ Session created. ¡ Active flow threshold. ¡ Normal over. ¡ Aged for timeout. ¡ Aged for reset or config-change. ¡ Other.
Severity level	6
Example	SESSION/6/SESSION_IPV6_FLOW: Protocol(1001)=UDP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=1024;DstIPv6Addr(1037)=3001::2;DstPort(1008)=53;InitPktCount(1044)=1;InitByteCount(1046)=110;RplyPktCount(1047)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;BeginTime_e(1013)=03182024082901;EndTime_e(1014)=;Event(1048)=(8)Session created;
Explanation	This message is sent in one of the following conditions: · An IPv6 session is created or removed. · Periodically during an IPv6 session. · The traffic-based or time-based threshold of an IPv6 session is reached.
Recommended action	No action is required.

SHELL messages

This section contains shell messages.

SHELL_CMD

Message text	-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command is [STRING].
Variable fields	$1: User line type and number. If there is not user line information, this field displays . $2: IP address. If there is not IP address information, this field displays two asterisks (). $3: Username. If there is not username information, this field displays two asterisks (**). $4: Command string.
Severity level	6
Example	SHELL/6/SHELL_CMD: -Line=aux0-IPAddr=-User=; Command is quit.
Explanation	A command was executed.
Recommended action	No action is required.

SHELL_CMD_CONFIRM

Message text	Confirm option of command [STRING] is [STRING].
Variable fields	$1: Command string. $2: Confirm option.
Severity level	6
Example	SHELL/6/SHELL_CMD_CONFIRM: Confirm option of command save is no.
Explanation	A user selected a confirmation option for a command.
Recommended action	No action is required.

SHELL_CMD_EXECUTEFAIL

Message text	-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be executed.
Variable fields	$1: Username. $2: IP address. $3: Command string. $4: Command view.
Severity level	4
Example	SHELL/4/SHELL_CMD_EXECUTEFAIL: -User=**-IPAddr=192.168.62.138; Command save in view system failed to be executed.
Explanation	A command that a background program issued failed to be executed.
Recommended action	No action is required.

SHELL_CMD_INPUT

Message text	Input string for the [STRING] command is [STRING].
Variable fields	$1: Command string. $2: String entered by the user.
Severity level	6
Example	SHELL/6/SHELL_CMD_INPUT: Input string for the save command is startup.cfg. SHELL/6/SHELL_CMD_INPUT: Input string for the save command is CTRL_C. SHELL/6/SHELL_CMD_INPUT: Input string for the save command is the Enter key.
Explanation	A user responded to the input requirement of a command.
Recommended action	No action is required.

SHELL_CMD_INPUT_TIMEOUT

Message text	Operation timed out: Getting input for the [STRING] command.
Variable fields	$1: Command string.
Severity level	6
Example	SHELL/6/SHELL_CMD_INPUT_TIMEOUT: Operation timed out: Getting input for the fdisk command.
Explanation	The user did not respond to the input requirement of a command before the timeout timer expired.
Recommended action	No action is required.

SHELL_CMD_INVALID_CHARACTER

Message text	Execution failed for the [STRING] command. Reason: The command contains invalid characters (? or \t).
Variable fields	$1: Command string.
Severity level	6
Example	SHELL/6/SHELL_CMD_INVALID_CHARACTER: Execution failed for the sysname abc?? command. Reason: The command contains invalid characters (? or \t).
Explanation	The device detected invalid characters in a command line of a text-type configuration file during a configuration recovery or rollback.
Recommended action	Correct the mistakes in the command line and execute the command.

SHELL_CMD_MATCHFAIL

Message text	-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be matched.
Variable fields	$1: Username. $2: IP address. $3: Command string. $4: Command view.
Severity level	4
Example	SHELL/4/SHELL_CMD_MATCHFAIL: -User=**-IPAddr=192.168.62.138; Command description 10 in view system failed to be matched.
Explanation	The command string has errors, or the view does not support the command.
Recommended action	Enter the correct command string. Make sure the command is supported in the view.

SHELL_CMDDENY

Message text	-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command=[STRING] is denied.
Variable fields	$1: User line type and number. If there is not user line information, this field displays . $2: IP address. If there is not IP address information, this field displays . $3: Username. If there is not username information, this field displays **. $4: Command string.
Severity level	5
Example	SHELL/5/SHELL_CMDDENY: -Line=vty0-IPAddr=192.168.62.138-User=**; Command vlan 10 is permission denied.
Explanation	The user did not have the right to execute the command.
Recommended action	No action is required.

SHELL_CMDFAIL

Message text	The [STRING] command failed to restore the configuration.
Variable fields	$1: Command string.
Severity level	6
Example	SHELL/6/SHELL_CMDFAIL: The “vlan 1024” command failed to restore the configuration.
Explanation	The specified command failed to be restored during a configuration restoration from a .cfg file.
Recommended action	No action is required.

SHELL_CRITICAL_CMDFAIL

Message text	-User=[STRING]-IPAddr=[STRING]; Command=[STRING] .
Variable fields	$1: Username. $2: IP address. $3: Command string.
Severity level	6
Example	SHELL/6/SHELL_CRITICAL_CMDFAIL: -User=admin-IPAddr=169.254.0.7; Command is save.
Explanation	A command failed to be executed.
Recommended action	No action is required.

SHELL_LOGIN

Message text	[STRING] logged in from [STRING].
Variable fields	$1: Username. $2: User line type and number.
Severity level	5
Example	SHELL/5/SHELL_LOGIN: Console logged in from console0.
Explanation	A user logged in. If the user logged in to the standby MPU, the user line type and number field displays local.
Recommended action	No action is required.

SHELL_LOGOUT

Message text	[STRING] logged out from [STRING].
Variable fields	$1: Username. $2: User line type and number.
Severity level	5
Example	SHELL/5/SHELL_LOGOUT: Console logged out from console0.
Explanation	A user logged out. If the user logged out from the standby MPU, the user line type and number field displays local.
Recommended action	No action is required.

SNMP messages

This section contains SNMP messages.

SNMP_ACL_RESTRICTION

Message text	SNMP [STRING] from [STRING] is rejected due to ACL restriction.
Variable fields	$1: SNMP community/usm-user/group name. $2: IP address of the NMS.
Severity level	3
Example	SNMP/3/SNMP_ACL_RESTRICTION: SNMP community public from 192.168.1.100 is rejected due to ACL restrictions.
Explanation	SNMP packets are denied because of ACL restrictions.
Recommended action	Check the ACL configuration on the SNMP agent, and identify whether the agent was attacked.

SNMP_AUTHENTICATION_FAILURE

Message text	Failed to authenticate SNMP message.
Variable fields	N/A
Severity level	4
Example	SNMP/4/SNMP_AUTHENTICATION_FAILURE: Failed to authenticate SNMP message.
Explanation	An NMS failed to be authenticated by the agent.
Recommended action	No action is required.

SNMP_GET

Message text	-seqNO=[UINT32]-srcIP=[STRING]-op=GET-node=[STRING]-value=[STRING]; The agent received a message.
Variable fields	$1: Sequence number of an SNMP operation log. $2: IP address of the NMS. $3: MIB object name and OID. $4: Value field of the request packet.
Severity level	6
Example	SNMP/6/SNMP_GET: -seqNO=1-srcIP=192.168.28.28-op=GET-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=; The agent received a message.
Explanation	SNMP received a Get request from an NMS. The system logs SNMP operations only when SNMP logging is enabled.
Recommended action	No action is required.

SNMP_NOTIFY

Message text	Notification [STRING][STRING].
Variable fields	$1: Notification name and OID. $2: Variable-binding field of notifications. ¡ If no MIB object exists, only notification name and OID are displayed. ¡ If MIB objects are included, " with " are displayed before the MIB object and OID. MIB objects are separated by semicolons (;).
Severity level	6
Example	SNMP/6/SNMP_NOTIFY: Notification hh3cLogIn(1.3.6.1.4.1.25506.2.2.1.1.3.0.1) with hh3cTerminalUserName(1.3.6.1.4.1.25506.2.2.1.1.2.1.0)=;hh3cTerminalSource(1.3.6.1.4.1.25506.2.2.1.1.2.2.0)=Console.
Explanation	The SNMP agent sent a notification. This message displays the notification content.
Recommended action	No action is required.

SNMP_SET

Message text	-seqNO=[UINT32]-srcIP=[STRING]-op=SET-errorIndex=[UINT32]-errorStatus=[STRING]-node=[STRING]-value=[STRING]; The agent received a message.
Variable fields	$1: Sequence number of an SNMP operation log. $2: IP address of the NMS. $3: Error index of the Set operation. $4: Error status of the Set operation. $5: MIB object name and OID. $6: Value of the MIB object changed by the Set operation.
Severity level	6
Example	SNMP/6/SNMP_SET: -seqNO=3-srcIP=192.168.28.28-op=SET-errorIndex=0-errorStatus=noError-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=Hangzhou China; The agent received a message.
Explanation	SNMP received a Set request from an NMS. The system logs SNMP operations only when SNMP logging is enabled.
Recommended action	No action is required.

SNMP_USM_NOTINTIMEWINDOW

Message text	-User=[STRING]-IPAddr=[STRING]; SNMPv3 message is not in the time window.
Variable fields	$1: Username. $2: IP address of the NMS.
Severity level	4
Example	SNMP/4/SNMP_USM_NOTINTIMEWINDOW: -User=admin-IPAddr=169.254.0.7; SNMPv3 message is not in the time window.
Explanation	The SNMPv3 message is not in the time window.
Recommended action	No action is required.

SSHS messages

This section contains SSH server messages.

SSHS_ACL_DENY

Message text	The SSH Connection [IPADDR]([STRING]) request was denied according to ACL rules.
Variable fields	$1: IP address of the SSH client. $2: VPN instance to which the IP address of the SSH client belongs.
Severity level	5
Example	SSHS/5/SSH_ACL_DENY: The SSH Connection 1.2.3.4(vpn1) request was denied according to ACL rules.
Explanation	The SSH server detected a login attempt from the invalid SSH client and denied the connection request of the client by using the ACL rules.
Recommended action	No action is required.

‌

SSHS_ALGORITHM_MISMATCH

Message text	SSH client [STRING] failed to log in because of [STRING] algorithm mismatch.
Variable fields	$1: IP address of the SSH client. $2: Type of the algorithm, including encryption, key exchange, MAC, and public key.
Severity level	6
Example	SSHS/6/SSHS_ALGORITHM_MISMATCH: SSH client 192.168.30.117 failed to log in because of encryption algorithm mismatch.
Explanation	The SSH client and the SSH server used different algorithms.
Recommended action	Verify that the SSH client and the SSH server use the same algorithm.

‌

SSHS_AUTH_EXCEED_RETRY_TIMES

Message text	SSH user [STRING] (IP: [STRING]) failed to log in, because the number of authentication attempts exceeded the upper limit.
Variable fields	$1: User name. $2: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_AUTH_EXCEED_RETRY_TIMES: SSH user David (IP: 192.168.30.117) failed to log in, because the number of authentication attempts exceeded the upper limit.
Explanation	The number of authentication attempts by an SSH user reached the upper limit.
Recommended action	Prompt the SSH user to use the correct login data to try again.

‌

SSHS_AUTH_FAIL

Message text	SSH user [STRING] (IP: [STRING]) didn't pass public key authentication for [STRING].
Variable fields	$1: Username. $2: IP address of the SSH client. $3: Failure reasons: ¡ Wrong public key algorithm. ¡ Wrong public key. ¡ Wrong digital signature.
Severity level	6
Example	SSHS/6/SSHS_AUTH_FAIL: SSH user David (IP: 192.168.30.117) didn't pass public key authentication for wrong public key algorithm.
Explanation	An SSH user failed the publickey authentication.
Recommended action	Tell the SSH user to try to log in again.

‌

SSHS_AUTH_SUCCESS

Message text	SSH user [STRING] from [IPADDR] port [INTEGER] passed [STRING] authentication.
Variable fields	$1: Username. $2: IP address of the SSH client. $3: Source TCP port. $4: Authentication method. Supported values are keyboard-interactive, password, and publickey.
Severity level	6
Example	SSHS/6/SSHS_AUTH_SUCCESS: SSH user ABC from 1.1.1.1 port 55361 passed keyboard-interactive authentication.
Explanation	An SSH user passed authentication.
Recommended action	No action is required.

‌

SSHS_AUTH_TIMEOUT

Message text	Authentication timed out for [IPADDR].
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_AUTH_TIMEOUT: Authentication timed out for 1.1.1.1.
Explanation	The authentication timeout timer expired, and the SSH user failed the authentication.
Recommended action	Make sure the SSH user enters correct authentication information before the authentication timeout timer expires.

‌

SSHS_CONNECT

Message text	SSH user [STRING] (IP: [STRING]) connected to the server successfully.
Variable fields	$1: Username. $2: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_CONNECT: SSH user David (IP: 192.168.30.117) connected to the server successfully.
Explanation	An SSH user logged in to the server successfully.
Recommended action	No action is required.

‌

SSHS_DECRYPT_FAIL

Message text	The packet from [STRING] failed to be decrypted with [STRING].
Variable fields	$1: IP address of the SSH client. $2: Encryption algorithm, such as AES256-CBC.
Severity level	5
Example	SSHS/5/SSHS_DECRYPT_FAIL: The packet from 192.168.30.117 failed to be decrypted with aes256-cbc.
Explanation	A packet from an SSH client failed to be decrypted.
Recommended action	No action is required.

‌

SSHS_DISCONNECT

Message text	SSH user [STRING] (IP: [STRING]) disconnected from the server.
Variable fields	$1: Username. $2: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_DISCONNECT: SSH user David (IP: 192.168.30.117) disconnected from the server.
Explanation	An SSH user logged out.
Recommended action	No action is required.

‌

SSHS_ENCRYPT_FAIL

Message text	The packet to [STRING] failed to be encrypted with [STRING].
Variable fields	$1: IP address of the SSH client. $2: Encryption algorithm, such as aes256-cbc.
Severity level	5
Example	SSHS/5/SSHS_ENCRYPT_FAIL: The packet to 192.168.30.117 failed to be encrypted with aes256-cbc.
Explanation	A packet to an SSH client failed to be encrypted.
Recommended action	No action is required.

‌

SSHS_LOG

Message text	Authentication failed for user [STRING] from [STRING] port [INT32] because of invalid username or wrong password. Authorization failed for user [STRING] from [STRING] port [INT32].
Variable fields	$1: Username. $2: IP address of the SSH client. $3: Port number.
Severity level	6
Example	SSHS/6/SSHS_LOG: Authentication failed for user David from 140.1.1.46 port 16266 because of invalid username or wrong password. SSHS/6/SSHS_LOG: Authorization failed for user David from 140.1.2.46 port 15000.
Explanation	An SSH user failed authentication because the username or password was wrong. An SSH user failed authorization.
Recommended action	No action is required.

‌

SSHS_MAC_ERROR

Message text	SSH server received a packet with wrong message authentication code (MAC) from [STRING].
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_MAC_ERROR: SSH server received a packet with wrong message authentication code (MAC) from 192.168.30.117.
Explanation	The SSH server received a packet with a wrong MAC from a client.
Recommended action	No action is required.

‌

SSHS_REACH_SESSION_LIMIT

Message text	SSH client [STRING] failed to log in. The current number of SSH sessions is [NUMBER]. The maximum number allowed is [NUMBER].
Variable fields	$1: IP address of the SSH client. $2: Current number of SSH sessions. $3: Maximum number of SSH sessions allowed on the device.
Severity level	6
Example	SSHS/6/SSHS_REACH_SESSION_LIMIT: SSH client 192.168.30.117 failed to log in. The current number of SSH sessions is 10. The maximum number allowed is 10.
Explanation	The number of SSH sessions reached the upper limit.
Recommended action	No action is required.

‌

SSHS_REACH_USER_LIMIT

Message text	SSH client [STRING] failed to log in, because the number of users reached the upper limit.
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_REACH_USER_LIMIT: SSH client 192.168.30.117 failed to log in, because the number of users reached the upper limit.
Explanation	The number of SSH users reached the upper limit.
Recommended action	No action is required.

‌

SSHS_SCP_OPER

Message text	User [STRING] at [IPADDR] requested operation: [STRING].
Variable fields	$1: Username. $2: IP address of the SCP client. $3: Requested file operations: ¡ get file "name"'—Downloads the file name from the SCP server. ¡ put file "name"—Uploads the file name to the SCP server.
Severity level	6
Example	SSHS/6/SSHS_SCP_OPER: -MDC=1; User user1 at 1.1.1.1 requested operation: put file "aa".
Explanation	The SCP sever received an operation request from an SCP client.
Recommended action	No action is required.

‌

SSHS_SFTP_OPER

Message text	User [STRING] at [IPADDR] requested operation: [STRING].
Variable fields	$1: Username. $2: IP address of the SFTP client. $3: Requested operations on a file or directory: ¡ open dir "path"—Opens the directory path. ¡ open "file" (attribute code code) in MODE mode—Opens the file file with the attribute code code in mode MODE. ¡ remove file "path"—Deletes the file path. ¡ mkdir "path" (attribute code code)—Creates a new directory path with the attribute code code. ¡ rmdir "path"—Deletes the directory path. ¡ rename old "old-name" to new "new-name"—Changes the name of a file or folder from old-name to new-name.
Severity level	6
Example	SSHS/6/SSHS_SFTP_OPER: User user1 at 1.1.1.1 requested operation: open dir "flash:/".
Explanation	The SFTP sever received an operation request from an SFTP client.
Recommended action	No action is required.

‌

SSHS_SRV_UNAVAILABLE

Message text	The [STRING] server is disabled or the [STRING] service type is not supported.
Variable fields	$1: Service type, which can be Stelnet, SCP, SFTP, or NETCONF.
Severity level	6
Example	SSHS/6/SSHS_SRV_UNAVAILABLE: The SCP server is disabled or the SCP service type is not supported.
Explanation	The server was disconnecting the connection because of unavailable Stelnet/SCP/SFTP service.
Recommended action	Verify that the Stelnet/SCP/SFTP service is available and the user configuration is correct.

‌

SSHS_VERSION_MISMATCH

Message text	SSH client [STRING] failed to log in because of version mismatch.
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_VERSION_MISMATCH: SSH client 192.168.30.117 failed to log in because of version mismatch.
Explanation	The SSH client and the SSH server used different SSH versions.
Recommended action	Verify that the SSH client and the SSH server use the same SSH version.

‌

SSL VPN messages

This section contains SSL VPN messages.

SSLVPN_HTTP_BIND_ADDRESS_INUSED

Message text	Failed to bind TCP connection [STRING]/[UINT32] to VPN instance [UINT32] because the address was already used.
Variable fields	$1: IP address to be bound. $2: Port number to be bound. $3: VPN instance index.
Severity level	3
Example	SSLVPN/3/SSLVPN_HTTP_BIND_ADDRESS_INUSED: Failed to bind TCP connection 192.168.30.117/10000 to VPN instance 0 because the address was already used.
Explanation	Failed to bind the VPN instance with the IP address and the port number because the IP address to be bound has been used and cannot be reused.
Recommended action	Use display tcp-proxy to identify available IP addresses and then use an IP address that is not used or can be reused to perform the binding task again.

SSLVPN_HTTP_BIND_PORT_ALLOCETED

Message text	Failed to bind TCP connection [STRING]/[UINT32] to VPN instance [UINT32] because the port was already allocated.
Variable fields	$1: IP address to be bound. $2; Port number to be bound. $3: VPN instance index.
Severity level	3
Example	SSLVPN/3/ SSLVPN_HTTP_BIND_PORT_ALLOCETED: Failed to bind TCP connection 192.168.30.117/10000 to VPN instance 0 because the port was already allocated.
Explanation	Failed to bind the VPN instance with the IP address and the port number because the port number to be bound has been allocated.
Recommended action	Use display tcp-proxy port-info and display ipv6 tcp-proxy port-info to identify available port numbers, and then perform the binding task again.

SSLVPN_IP_RESOURCE_DENY

Message text	User [STRING] of gateway [STRING] from [STRING] denied to access [STRING]:[STRING].
Variable fields	$1: Username. $2: SSL VPN gateway name. $3: User IP address. $4: IP address of the requested resource. $5: Port number of the requested resource.
Severity level	6
Example	SSLVPNK/6/SSLVPN_IP_RESOURCE_DENY: User abc of gateway ctx1 from 192.168.200.130 denied to access 10.1.1.255:137.
Explanation	A user was denied access to specific IP resources, which is possibly caused by ACL-based access filtering.
Recommended action	Verify that access to the requested resource is not denied by the ACL rules used for IP access filtering.

SSLVPN_IP_RESOURCE_FAILED

Message text	User [STRING] of gateway [STRING] from [STRING] failed to access [STRING]:[STRING].
Variable fields	$1: Username. $2: SSL VPN gateway name. $3: User IP address. $4: IP address of the requested resource. $5: Port number of the requested resource.
Severity level	6
Example	SSLVPNK/6/SSLVPN_IP_RESOURCE_FAILED: User abc of gateway ctx1 from 192.168.200.130 failed to access 10.1.1.255:137.
Explanation	A user failed to access IP resources, which is possibly caused by network issues.
Recommended action	Verify that a route is available to reach the requested IP resource.

SSLVPN_IP_RESOURCE_PERMIT

Message text	User [STRING] of gateway [STRING] from [STRING] permitted to access [STRING]:[STRING].
Variable fields	$1: Username. $2: SSL VPN gateway name. $3: User IP address. $4: IP address of the requested resource. $5: Port number of the requested resource.
Severity level	6
Example	SSLVPN/6/SSLVPN_IP_RESOURCE_PERMIT: User abc of gateway gw1 from 192.168.200.130 permitted to access 10.1.1.255:137.
Explanation	A user accessed IP resources.
Recommended action	No action is required.

SSLVPN_IPAC_ALLOC_ADDR_FAIL

Message text	Failed to allocate [STRING] address to user [STRING] at [STRING] in gateway [STRING]. Reason: [STRING].
Variable fields	$1: Route version: · IPv4 · IPv6 $2: Username. $3: User IP address. $4: SSL VPN gateway name. $5: Reason why the SLS VPN gateway failed to allocate an IP address to the user. Options are: · Failed to obtain system resource data. · No address is available in the address pool. · Failed to obtain address pool. · Available addresses in the address pool have been bound to other users.
Severity level	6
Example	SSLVPN/6/SSLVPN_IPAC_ALLOC_ADDR_FAIL: Failed to allocate IPv4 address to user user1 at 10.1.1.100 in gateway gw. Reason: No address is available in the address pool.
Explanation	The SSL VPN gateway failed to allocate an IP address to the user, which is possibly caused by an IP access attempt.
Recommended action	1. Verify that the device is operating correctly. 2. Verify that the address pool is configured. 3. Verify that the address pool has available addresses. 4. Verify that the available addresses are not bound to other users.

SSLVPN_IPAC_ALLOC_ADDR_SUCCESS

Message text	[STRING] address [STRING] successfully allocated to user [STRING] at [STRING] in gateway [STRING].
Variable fields	$1: Route version: · IPv4 · IPv6 $2: IP address. $3: Username. $4: User IP address. $5: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_IPAC_ALLOC_ADDR_SUCCESS: IPv4 address 10.1.1.1 successfully allocated to user user1 at 10.1.1.100 in gateway gw.
Explanation	The SSL VPN gateway allocated IP addresses to IP access clients successfully, and users accessed the gateway in IP access mode.
Recommended action	No action is required.

SSLVPN_IPAC_CONN_CLOSE

Message text	IP connection was [STRING]. Reason: [STRING].
Variable fields	$1: Connection close type. Options are: · closed. · aborted. $2: Reason why the connection was closed. Options are: · User logout. · Failure to find peer. · Handshake failed. · Change of IP address pool. · Failure to receive data. · Local retransmission timeout. · Local keepalive timeout. · Local probe timeout. · Received FIN from peer. · Received RST from peer. · No authorized policy group. · Allocated address was bound to another user. · Failure to update client configuration. · Deleted old peer. · Other.
Severity level	6
Example	SSLVPNK/6/SSLVPN_IPAC_CONN_CLOSE: IP connection was closed. Reason: User logout.
Explanation	The reason for the close of an IP connection was logged.
Recommended action	No action is required.

SSLVPN_IPAC_PACKET_DROP

Message text	Dropped [STRING] IP connection [STRING] packets in gateway [STRING]. Reason: [STRING].
Variable fields	$1: Format of dropped packets. $2: Connection direction: · request. · reply. $3: SSL VPN gateway name. $4: Reason for the packet drop: · Buffer insufficient. · Gateway rate limit.
Severity level	6
Example	SSLVPN/6/SSLVPN_IPAC_PACKET_DROP: Dropped 164 IP connection reply packets in gateway gw. Reason: Gateway rate limit.
Explanation	Packet drop information was logged, including number of dropped packets, packet drop direction, gateway name, and packet drop reason.
Recommended action	Verify that the gateway rate limit is configured or the buffer is insufficient .

SSLVPN_IPAC_RELEASE_ADD_SUCCESS

Message text	User [STRING] at [STRING] in gateway [STRING] released [STRING] address [STRING].
Variable fields	$1: Username. $2: User IP address. $3: SSL VPN gateway name. $4: Route version: · IPv4 · IPv6 $5: IP address that the SSL VPN gateway allocated to a user.
Severity level	6
Example	SSLVPNK/6/SSLVPN_IPAC_RELEASE_ADDR_SUCCESS: User abc at 10.1.1.1 in gateway gw released IPv4 address 10.1.1.100.
Explanation	The IP address allocated to the user was released successfully.
Recommended action	No action is required.

SSLVPN_SERVICE_UNAVAILABLE

Message text	SSL VPN service was unavailable. Reason: [STRING].
Variable fields	$1: Reason why the SSL VPN service was unavailable. Options incldue SSL VPN gateway not enabled.
Severity level	6
Example	SSLVPNK/6/SSLVPN_SERVICE_UNAVAILABLE: SSL VPN service was unavailable. Reason: SSL VPN gateway not enabled.
Explanation	The reason for the unavailability of an SSL VPN service was logged.
Recommended action	If the reason is SSL VPN gateway not enabled, enter SSL VPN gateway view and use the service ipv4 enable command to enable the gateway.

SSLVPN_USER_LOGIN

Message text	User [STRING] of gateway [STRING] logged in from [STRING].
Variable fields	$1: Username. $2: SSL VPN gateway name. $3: User IP address.
Severity level	5
Example	SSLVPN/5/SSLVPN_USER_LOGIN: User abc of gateway ctx logged in from 192.168.200.31.
Explanation	A user logged in to an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_USER_LOGINFAILED

Message text	User [STRING] of gateway [STRING] failed to log in from [STRING]. Reason: [STRING].
Variable fields	$1: Username. $2: SSL VPN gateway name. $3: User IP address. $4: Reason for the login failure: · Authentication failed. · Authorization failed, reason: the authorizing process has failed. · Accounting failed. · Number of online users exceeded the limit. · Failed to get SMS message code from iMC server. · Maximum number of concurrent online connections for the user already reached. · Login timed out. · The authentication server is not reachable. · The authorization server is not reachable. · The accounting server is not reachable. · Authentication failed, reason: incorrect username or password or an internal error has occurred on the authentication server. · Authentication failed, reason: internal system error. · Authorization failed, reason: internal system error. · Accounting failed, reason: internal system error. · Other.
Severity level	5
Example	SSLVPN/5/SSLVPN_USER_LOGINFAILED: User abc of gateway ctx failed to log in from 192.168.200.31.
Explanation	A user failed to log in to an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_USER_LOGOUT

Message text	User [STRING] of gateway [STRING] logged out from [STRING]. Reason: [STRING].
Variable fields	$1: Username. $2: SSL VPN gateway name. $3: User IP address. $4: Reason for user logout: · Idle timeout. · A logout request was received from the Web browser. · A logout request was received from the client. · Forced logout. · A new login was attempted and logins using the account reach the maximum. · Accounting update failed. · Accounting session timed out. · Interface went down. · ADM request was received. · Idle cut for traffic not reach the minimum required amount.
Severity level	5
Example	SSLVPN/5/SSLVPN_USER_LOGOUT: User abc of gateway ctx logged out from 192.168.200.31. Reason: A logout request was received from the Web browser.
Explanation	A user logged out of an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_USER_NUMBER

Message text	The number of SSL VPN users reached the upper limit.
Variable fields	None.
Severity level	6
Example	SSLVPN/6/SSLVPN_USER_NUMBER: The number of SSL VPN users reached the upper limit.
Explanation	The number of SSL VPN users reached the upper limit.
Recommended action	No action is required.

STAMGR messages

This section contains station management messages.

STAMGR_ADD_FAILVLAN

Message text	-SSID=[STRING]-UserMAC=[STRING]-APName=[STRING]-RadioID=[STRING]; Added a user to the Fail VLAN [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: ID of the Fail VLAN.
Severity level	5
Example	STAMGR/5/STAMGR_ADD_FAILVLAN:-SSID=text-wifi-UserMAC=3ce5-a616-28cd-APName=ap1-RadioID=2; Added a user to the Fail VLAN 5.
Explanation	The client failed to pass the authentication and was assigned to the Auth-Fail VLAN.
Recommended action	No action is required.

STAMGR_ADDBAC_INFO

Message text	Add BAS AC [STRING].
Variable fields	$1: MAC address of the BAS AC.
Severity level	6
Example	STAMGR/6/STAMGR_ADDBAC_INFO: Add BAS AC 3ce5-a616-28cd.
Explanation	The BAS AC was connected to the master AC.
Recommended action	No action is required.

STAMGR_ADDSTA_INFO

Message text	Add client [STRING].
Variable fields	$1: MAC address of the client.
Severity level	6
Example	STAMGR/6/STAMGR_ADDSTA_INFO: Add client 3ce5-a616-28cd.
Explanation	The client was connected to the BAS AC.
Recommended action	No action is required.

STAMGR_AUTHORACL_FAILURE

Message text	-SSID=[STRING]-UserMAC=[STRING]-APName=[STRING]-RadioID=[STRING]; Failed to assign an ACL [STRING]. Reason: [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: ACL number. $6: Reason: · The ACL doesn't exist. · This type of ACL is not supported. · The memory resource is not enough. · The ACL conflicts with other ACLs. · The ACL doesn't contain any rules. · The OpenFlow tunnel was not established. · The OpenFlow table is full. · Unknown reason. Error code code was returned.
Severity level	5
Example	STAMGR/5/STAMGR_AUTHORACL_FAILURE:-SSID=text-wifi-UserMAC=3ce5-a616-28cd-APName=ap1-RadioID=2; Failed to assign an ACL 2000. Reason: The ACL doesn’t exist.
Explanation	The authentication server failed to assign an ACL to the client.
Recommended action	No action is required.

STAMGR_AUTHORUSERPROFILE_FAILURE

Message text	-SSID=[STRING]-UserMAC=[STRING]-APName=[STRING]-RadioID=[STRING]; Failed to assign user profile [STRING]. Reason: [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: Name of the authorization user profile. $6: Failure cause: · The user profile doesn’t exist. · No user profiles are created on the device. · The memory resource is not enough. · The OpenFlow tunnel was not established. · Unknown reason. Error code code was returned.
Severity level	5
Example	STAMGR/5/STAMGR_AUTHORUSERPROFILE_FAILURE:-SSID=text-wifi-UserMAC=3ce5-a616-28cd-APName=ap1-RadioID=2; Failed to assign user profile aaa. Reason: No user profiles are created on the device.
Explanation	The authentication server failed to assign a user profile to the client.
Recommended action	No action is required.

STAMGR_BSS_FAILURE

Message text	-APID=[STRING]-RadioID=[STRING]-WLANID=[STRING]-ST Name=[STRING]; The number of BSSs exceeded the upper limit.
Variable fields	$1: AP ID. $2: Radio ID. $3: WLAN ID. $4: Service template name.
Severity level	6
Example	STAMGR/6/SERVICE_BSS_FAILURE: -APID=1-RadioID=2-WLANID=3-ST Name=1; The number of BSSs exceeded the upper limit.
Explanation	The number of AP radios using this service template has exceeded the upper limit.
Recommended action	No action is required.

STAMGR_CLEINT_BSS_MAXCOUNT

Message text	SSID=[STRING]-APName=[STRING]-RadioID=[STRING]; Number of associated clients reached the upper limit allowed by the BSS.
Variable fields	$1: SSID defined in the service template. $2: Name of the AP associated with the client. $3: ID of the radio associated with the client.
Severity level	5
Example	STAMGR/5/STAMGR_CLIENT_BSS_MAXCOUNT: SSID=test-wifi-APName=ap1-RadioID=2; Number of associated clients reached the upper limit allowed by the BSS.
Explanation	The number of associated clients reached the upper limit allowed by the BSS.
Recommended action	No action is required.

STAMGR_CLIENT_FAILURE

Message text	Client [STRING] failed to come online from BSS [STRING] with SSID [STRING] on AP [STRING] Radio ID [STRING]. Reason: [STRING].
Variable fields	$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: Reasons for the client's failure to come online. Table 11 describes the possible reasons.
Severity level	5
Example	STAMGR/5/STAMGR_CLIENT_FAILURE: Client 3303-c2af-b8d2 failed to come online from BSS 0023-12ef-78dc with SSID 1 on AP ap1 Radio ID 1. Reason: Unknown reason.
Explanation	The client failed to come online from the BSS for a specific reason.
Recommended action	To resolve the issue: 1. Check the debugging information to locate the issue and resolve it. 2. If the issue persists, contact H3C Support.

Table 11 Possible failure reasons

Possible reasons
Unknown error.
Failed to process open authentication packet from the client.
Failed to send responses when the AC successfully processed open authentication packet from the client.
Failed to create state timer when the AC received authentication packet in Unauth state.
Failed to refresh state timer when the AC received authentication packet in Unauth state.
Received association packet Unauth state.
Received deauthentication packet with reason code code in Unauth state: · 1—Unknown reason. · 3—Client is removed from BSS and is deauthenticated. · 6—Incorrect frame. · 9—Received association or reassociation request before authentication is complete. · 13—Invalid IE.
Received dissociation packet with reason code code in Unauth state: · 1—Unknown reason. · 2—Prior authentication is invalid. · 4—Inactivity timer expired. · 5—Insufficient resources. · 7—Incorrect frame. · 8—Client is removed from BSS and is disassociated. · 10—Failed to negotiate the Power Capability IE. · 11—BSS management switchover.
Received Auth failure packet in Unauth state.
Received state timer timeout in Unauth state.
Received deauthentication packet with reason code code in Auth state: · 1—Unknown reason. · 3—Client is removed from BSS and is deauthenticated. · 6—Incorrect frame. · 9—Received association or reassociation request before authentication is complete. · 13—Invalid IE.
Received authentication packet with inconsistent authentication algorithm or shared key in Auth state.
Received state timer timeout in Auth state.
Failed to process Add Mobile message when client association succeeded in Auth state.
Received inconsistent authentication algorithm or share key in Userauth state.
Failed to check association request when the AC received association packet in Userauth state.
Failed to process IE when the AC received association packet in Userauth state.
Failed to send association responses when the AC received association packet in Userauth state.
Failed to process Add Mobile message when client association succeeded in Userauth state.
Received deauthentication packet with reason code code in Userauth state: · 1—Unknown reason. · 3—Client is removed from BSS and is deauthenticated. · 6—Incorrect frame. · 9—Received association or reassociation request before authentication is complete. · 13—Invalid IE.
Received dissociation packet with reason code code in Userauth state: · 1—Unknown reason. · 2—Prior authentication is invalid. · 4—Inactivity timer expired. · 5—Insufficient resources. · 7—Incorrect frame. · 8—Client is removed from BSS and is disassociated. · 10—Failed to negotiate the Power Capability IE. · 11—BSS management switchover.
Client authentication failed in Userauth state.
Failed to get backup client data while using AP private data to upgrade client.
Failed to set kernel forwarding table while using AP private data to upgrade client.
Failed to add MAC while using AP private data to upgrade client.
Failed to create keepalive and idle timeout timers while using AP private data to upgrade client.
Failed to set kernel forwarding table while upgrading client without using AP private data.
Failed to add MAC while upgrading client without using AP private data.
Failed to activate client while upgrading client without using AP private data.
Failed to synchronize client information to configuration thread while upgrading client without using AP private data.
Failed to create keepalive and idle timeout timers while upgrading client without using AP private data.
Failed to add MAC during inter-device client smooth creation.
Failed to set kernel forwarding table during inter-device client smooth creation.
Failed to send Add Mobile message during inter-device client smooth creation.
Failed to get AP type during inter-device client smooth creation.
Failed to recover service data while recovering running client data from database.
Failed to synchronize data to service thread while recovering basic client data from database.
Failed to add MAC when hierarchy device received upstream Add Mobile message.
Failed to set kernel forwarding table when hierarchy device received upstream Add Mobile message.
Failed to synchronize upstream message when hierarchy device received upstream Add Mobile message.
Failed to create client when hierarchy device received upstream Add Mobile message.
Failed to add MAC when hierarchy device received downstream Add Mobile message.
Failed to synchronize data to service thread when hierarchy device received downstream Add Mobile message.
Failed to set kernel forwarding table when hierarchy device received downstream Add Mobile message.
Failed to send down add pbss to driver when hierarchy device received downstream Add Mobile message.
Failed to synchronize downstream message when hierarchy device received downstream Add Mobile message.
Failed to create client when hierarchy device received downstream Add Mobile message.
Failed to create interval statistics timer when hierarchy device received downstream Add Mobile message.
Failed to obtain AP private data when hierarchy device received downstream Add Mobile message.
Failed to advertise Add Mobile message.
Failed to activate client when hierarchy device received downstream client state synchronization message.
Failed to get AP type when hierarchy device received downstream client state synchronization message.
Failed to synchronize downstream message when hierarchy device received downstream client state synchronization message.
The radio was in down state when hierarchy device received downstream Add Mobile message.
Hierarchy device failed to process the upstream Add Mobile message.
Hierarchy device failed to process downstream Add Mobile message.
Failed to process service thread during inter-device client smooth creation.
Failed to create client during inter-device smooth.
Failed to process upstream client state synchronization message in Userauth state.
Failed to process downstream client state synchronization message in Userauth state.
Hierarchy device failed to process upstream client state synchronization message.
Hierarchy device failed to process downstream client state synchronization message.
AC received message for deleting the client entry.
Fit AP received message for deleting the client.
Different old and new region codes.
Failed to update IGTK.
Failed to update GTK.
Failed to generate IGTK when the first client came online.
TKIP is used to authenticate all clients.
Channel changed.
BssDelAllSta event logged off client normally.
AP down.
Radio down.
Service template disabled.
Service template unbound.
Created BSS during master AC switchover process.
Updated BSS base information when BSS was in deactive state.
Intrusion protection.
Local AC or AP deleted BSS.
BssDelAllSta event logged off client abnormally.
Received VLAN deleted event.
CM received message for logging off client from AM.
The reset wlan client command was executed to log off the client.
Deleted private data on AP: DBM database recovered.
Failed to synchronize authentication succeeded message downstream.
Client RSSI was lower than the threshold and was decreasing.
Configured whitelist for the first time or executed the reset wlan client all command.
Received client offline websocket message.
WMAC logged off all clients associated with the radio.
Timer for sending deassociation message timed out.
The client is in blacklist or deleted from whitelist.
Client was added to the dynamic blacklist.
Failed to roam out.
Implemented inter-AC roaming for the first time.
Successfully roamed to another BSS.
Failed to roam in.
Roaming process received a message for logging off the client.
Roaming process processed Down event and logged off roam-in clients.
Roaming failure.
Successfully performed roaming but failed to recover authentication data.
Roaming timed out.
Seamless roaming failed.
Logged off clients that performed inter- or intra-AC roaming.
Failed to process AccessCtrlChk. Configure permitted AP group or permitted SSID.
Synchronized client information to process and logged off client.
Failed to synchronize client state to uplink devices.
Local AC or remote AP received Add Mobile message updated BSS and logged off clients.
Upgraded HA and logged off all clients.
Synchronized BSS data during master/backup AC switchover process.
Failed to synchronize service template data during master/backup AC switchover process.
BSS aging timer timed out.
Remote AP deleted non-local forwarding BSS.
Failed to find configuration data when synchronizing data.
BSS was deleted: BSS synchronization examination failed or there was no BSS data to be updated.
Failed to get BSS by using WLAN ID.
Unbound inherited service template.
STAMGR process was down automatically or manually.
Deleted redundant clients.
Failed to process authorized doing nodes.
Authorization failed.
NSS value in Operating Mode Notification Action packet doesn't support mandatory VHT-MCS.
Number of sent SA requests exceeded the permitted threshold.
Local AC came online again and deleted all clients associated with the BSS.
Failed to upgrade hot-backup.
The illegally created BSS was deleted.
Failed to process requests when receiving UserAuth Success message.
Failed to get AP type when receiving UserAuth Successful message.
Failed to notify client of the recovery of basic client data from database.
Failed to recover basic client data from database.
Client already existed when the AC received Auth packet from the client and checked online clients.
Client already existed during FT Over-the-DS authentication.
SKA authentication failed.
Deadline timer timed out during FT authentication.
Failed to send the response for the successful shared key authentication to the client.
Failed to get FT data during FT authentication.
FT authentication was performed and BSS does not support FT.
Failed to process FT authentication-success result.
Failed to process FT authentication.
Maximum number of clients already reached when remote request message was received.
Failed to fill authorization information while processing authorization message.
Failed to process key negotiation during 802.1X authentication.
Invalid session key length during 802.1X authentication.
802.1X authentication failed.
802.1X server was unreachable.
User timer timed out during 802.1X authentication.
Server timer timed out during 802.1X authentication.
802.1X authentication configuration error.
Received nonexistent authorization VLAN group during 802.1X authentication.
MAC authentication failed.
MAC server was unreachable.
Session time is zero during MAC authentication.
Server timer timed out during MAC authentication.
802.1X authentication failed and the return code is code.
MAC authentication failed and the return code is code.
Authorization failed for 802.1X authentication and the return code is code.
Authorization failed for MAC authentication and the return code is code.
Accounting start failed for 802.1X authentication and the return code is code.
Accounting start failed for MAC authentication and the return code is code.
Accounting update failed for 802.1X authentication and the return code is code.
Accounting update failed for MAC authentication and the return code is code.
Failed to receive client EAP request for 802.1X authentication.
Failed to receive server response for 802.1X authentication.
Failed to receive server response for MAC authentication.
Received client log-off packet during 802.1X authentication.
802.1X client handshake failed.
Incorrect 802.1X authentication method.
WLAN roaming center notified IP conflict detected by address security check.
WLAN roaming center notified MAC conflict detected by address security check.
Roaming failed because the user is in the local address security denylist.
Failed to notify the uplink device of user authentication failure.
Failed to advertise Add Mobile message: CAPWAP translation failure.
Failed to advertise Add Mobile message: Invalid length.
Failed to advertise Add Mobile message: Radio down.
Failed to advertise Add Mobile message: Insufficient memory on the downlink device.
Failed to advertise Add Mobile message: MAC adding failure.
Failed to advertise Add Mobile message: AVL adding failure.
Failed to advertise Add Mobile message: PBSS adding failure.
Failed to advertise Add Mobile message: Downlink synchronization failure.
Failed to advertise Add Mobile message: Statistics report timer creation failure.
Failed to advertise Add Mobile message: AP private data obtaining failure.
Failed to advertise Add Mobile message: Client not found for Add Mobile response.
Failed to advertise Add Mobile message: Client was being deleted for Add Mobile response.
Failed to advertise Add Mobile message: Insufficient memory in kernel.
Failed to advertise Add Mobile message: Forward entry adding failure.
Failed to advertise Add Mobile message: PHY obtaining failure.
Failed to advertise Add Mobile message: Invalid length in kernel.
Failed to advertise Add Mobile message: Client adding failure in driver.
Failed to advertise Add Mobile message: Preamble type setting failure in driver.
Failed to advertise Add Mobile message: Dot11g protection setting failure in driver.
Failed to advertise Add Mobile message: PTK setting failure in driver.
Failed to advertise Add Mobile message: PTK flag update failure.
The client does not match a permit ACL rule.
The client is in the dynamic blacklist.
The client is in the static blacklist.
The client is not in the whitelist.
The number of clients exceed the maximum allowed value of radio.
The number of clients exceed the maximum allowed value of BSS.

STAMGR_CLIENT_OFFLINE

Message text	Client [STRING] went offline from BSS [STRING] with SSID [STRING] on AP [STRING] Radio ID [STRING]. State changed to Unauth. Reason [STRING]
Variable fields	$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: Reason why the client goes offline. Table 12 describes the possible reasons.
Severity level	6
Example	STAMGR/6/STAMGR_CLIENT_OFFLINE: Client 0023-8933-2147 went offline from BSS 0023-12ef-78dc with SSID abc on AP ap1 Radio ID 2. State changed to Unauth. Reason: Radio down.
Explanation	The client went offline from the BSS for a specific reason. The state of the client changed to Unauth.
Recommended action	To resolve the issue: 1. Examine whether the AP and its radios operate correctly if the client went offline abnormally. If the logoff was requested by the client, no action is required. 2. If they do not operate correctly, check the debugging information to locate the issue and resolve it. 3. If the issue persists, contact H3C Support.

Table 12 Possible logoff reasons

Possible reasons
Received disassociation frame in Run state: reason code=String.
Unknown reason.
AC received message for deleting the client entry.
Different old and new region codes.
Failed to update IGTK.
Failed to update GTK.
Failed to generate IGTK when the first client came online.
TKIP is used to authenticate all clients.
Channel changed.
BssDelAllSta event logged off client normally.
Radio down.
Service template disabled.
Service template unbound.
Created BSS during master/backup AC switchover process.
Updated BSS base information when BSS was in deactive state.
Intrusion protection.
Local AC or AP deleted BSS.
BssDelAllSta event logged off client abnormally.
Received VLAN deleted event.
CM received message for logging off client from AM.
The reset wlan client command was executed to log off the client.
DBM database failed to recover client operation data.
Deleted private data on AP: DBM database recovered.
Received deauthentication frame in Run state: reason code=String.
Failed to process (re)association request in Run state.
Unmatched authentication algorithm in received authentication message.
Idle timer timeout.
Keepalive timer timeout.
Received authentication failure message.
Failed to synchronize authentication succeeded message downstream.
Client RSSI was lower than the threshold and was marked as decreasing.
Configured whitelist for the first time or executed the reset wlan client all command.
Received client offline websocket message.
WMAC logged off all clients associated with the radio.
Timer for sending disassociation message timed out.
The client is in blacklist or deleted from whitelist.
Client was added to the dynamic blacklist.
Failed to roam out.
Implemented inter-AC roaming for the first time.
Successfully roamed to another BSS.
Failed to roam in.
Roaming process received a message for logging off the client.
Roaming process processed Down event and logged off roam-in clients.
Roaming failure.
Successfully performed roaming but failed to recover authentication data.
Roaming timed out.
Seamless roaming failed.
Logged off clients that performed inter- or intra-AC roaming.
Failed to process AccessCtrlChk when configured permitted AP group or permitted SSID.
Synchronized client information to process and logged off client in Run state.
Failed to synchronize client state to uplink/downlink devices.
Local AC or remote AP received add mobile message, updated BSS, and logged off clients in Run state.
Upgraded HA and logged off all clients.
Synchronized BSS data during master/backup AC switchover process.
Failed to synchronize service template data during master/backup AC switchover process.
BSS aging timer timed out.
Remote AP deleted non-local forwarding BSS.
Failed to find configuration data when synchronizing data.
BSS was deleted: BSS synchronization examination failed or there was no BSS data to be updated.
Failed to get BSS by using WLAN ID.
Unbound inherited service template.
STAMGR process was down automatically or manually.
Deleted redundant clients.
Failed to process authorized doing nodes.
Authorization failed.
NSS value in Operating Mode Notification Action packet doesn't support mandatory VHT-MCS.
Number of sent SA requests exceeded the permitted threshold.
Fit AP received message for deleting the client.
Local AC came online again and deleted all clients associated with the BSS.
Failed to upgrade hot backup.
The illegally created BSS was deleted.
Failed to process requests when receiving UserAuth Success message.
Failed to get AP type when receiving UserAuth Success message.
The client doesn't support mandatory rate.
Disabled access services for 802.11b clients.
The client doesn't support mandatory VHT-MCS.
Enabled the client dot11ac-only feature.
Disabled MUTxBF.
Disabled SUTxBF.
The client doesn't support mandatory MCS.
Channel bandwidth changed.
Enabled the client dot11n-only feature.
Disabled short GI.
Disabled the A-MPDU aggregation method.
Disabled the A-MSDU aggregation method.
Disabled STBC.
Disabled LDPC.
The MIMO capacity decreased, and the MCS supported by the AP can't satisfy the client's negotiated MCS.
The MIMO capacity decreased, and the VHT-MCS supported by the AP can't satisfy the client's negotiated VHT-MCS.
Hybrid capacity increased, which kicked off clients associated with other radios with lower Hybrid capacity.
Failed to add MAC address.
The roaming entry doesn't exist while the AC was processing the roaming request during client smooth reconnection.
Home AC processed the move out response message to update the roaming entry and notified the foreign AC to force the client offline during an inter-AC roaming.
The associated AC left from the mobility group and deleted roam-in entries and roaming entries of the client.
Executed the reset wlan mobility roaming command.
Kicked client because of roaming to another BSSID.
The roaming entry doesn't exist while the AC was processing the Add Preroam message during client smooth reconnection.
Deleted roaming entries of clients in the fail VLAN while processing a fail VLAN delete event.
Deleted the roaming entry of the client while processing a client delete event.
Moving to another SSID on the same radio.
Fail-permit activated and clients were logged off.
Fail-permit deactivated and clients were logged off.
AP triggered (idle timeout).
AP triggered (channel change).
AP triggered (bandwidth change).
Received log-off packet from 802.1X authentication client.
802.1X client handshake failed.
Accounting update timed out for the 802.1X authentication client.
Accounting update timed out for the MAC authentication client.
802.1X authentication client idle cut on AP.
MAC authentication client idle cut on AP.
Session timeout timer expired for the 802.1X authentication client.
Session timeout timer expired for the MAC authentication client.
Received client disassociation message from server for the 802.1X authentication client.
Received client disassociation message from server for the MAC authentication client.
Received nonexistent authorization VLAN group for the 802.1X authentication client.
Received nonexistent authorization VLAN group for the MAC authentication client.
Total client traffic failed to reach the minimum traffic threshold.
Failed to obtain the client IP address before the accounting delay timer expired.
Forced client disassociation because of rate limit issued by DingTalk app.
Logged off client because the EoGRE tunnel went down.
IP conflict detected by address security check.
MAC conflict detected by address security check.
WLAN roaming center notified IP conflict detected by address security check.
WLAN roaming center notified MAC conflict detected by address security check.
Roaming failed because the user is in the local address security denylist.
Failed to notify the uplink device of user authentication failure.
The client does not match a permit ACL rule.
The client is in the dynamic blacklist.
The client is in the static blacklist.
The client is not in the whitelist.
Client supporting BTM roamed to another BSS (Count: Count) successfully.
Client not supporting BTM roamed to another BSS (Count: Count) successfully.

STAMGR_CLIENT_ONLINE

Message text	Client [STRING] went online from BSS [STRING] vlan [STRING] with SSID [STRING] on AP [STRING] Radio ID [STRING]. State changed to Run.
Variable fields	$1: MAC address of the client. $2: BSSID. $3: ID of the VLAN in which the client came online. $4: SSID defined in the service template. $5: Name of the AP associated with the client. $6: ID of the radio associated with the client.
Severity level	6
Example	STAMGR/6/STAMGR_CLIENT_ONLINE: Client 0023-8933-2147 went online from BSS 0023-12ef-78dc vlan 1 with SSID abc on AP ap1 Radio ID 2. State changed to Run.
Explanation	The client came online from the BSS. The state of the client changed to Run.
Recommended action	No action is required.

STAMGR_CLEINT_RADIO_MAXCOUNT

Message text	APName=[STRING]-RadioID=[STRING]; Number of associated clients reached the upper limit allowed by the radio.
Variable fields	$1: Name of the AP associated with the client. $2: ID of the radio associated with the client.
Severity level	5
Example	STAMGR/5/STAMGR_CLIENT_RADIO_MAXCOUNT: APName=ap1-RadioID=2; Number of associated clients reached the upper limit allowed by the radio.
Explanation	The number of associated clients reached the upper limit allowed by the radio.
Recommended action	No action is required.

STAMGR_CLIENT_SNOOPING

Message text	Detected client IP change: Client MAC: [SRTING], IP: [STRING], [STRING], [STRING], Username: [STRING], AP name: [STRING], Radio ID [UCHAR], Channel number: [UINT32], SSID: [STRING], BSSID: [STRING].
Variable fields	$1: MAC address of the client. $2: Current IP address of the client. $3: Used IP address of the client. $4: Used IP address of the client. $5: Username of the client. $6: Name of the AP associated with the client. $7: ID of the radio associated with the client. $8: ID of the channel used by the client. $9: SSID of the service template associated with the client. $10: BSSID of the service template associated with the client.
Severity level	6
Example	STAMGR_CLIENT_SNOOPING: Detected client IP change: Client MAC: 31ac-11ea-17ff,IP: 4.4.4.4, IP: 1.1.1.1, IP: 2.2.2.2, IP: -NA-, User name: test, AP name: ap1, Radio ID: 1, Channel number: 161,SSID: 123, BSSID: 25c8-3dd5-261a.
Explanation	IP change was detected for a specific client.
Recommended action	No action is required.

STAMGR_DELBAC_INFO

Message text	Delete BAS AC [STRING].
Variable fields	$1: MAC address of the BAS AC.
Severity level	6
Example	STAMGR/6/STAMGR_DELBAC_INFO: Delete BAS AC 3ce5-a616-28cd.
Explanation	The BAS AC was disconnected from the master AC.
Recommended action	No action is required.

STAMGR_DELSTA_INFO

Message text	Delete client [STRING].
Variable fields	$1: MAC address of the client.
Severity level	6
Example	STAMGR/6/STAMGR_DELSTA_INFO: Delete client 3ce5-a616-28cd.
Explanation	The client was disconnected from the BAS AC.
Recommended action	No action is required.

STAMGR_ESCAPE_ACTIVE

Message text	The fail-permit mode was activated on radio [STRING] bound with service template [STRING] and SSID [STRING] in BSS [STRING]. Reason: [STRING].
Variable fields	$1: Radio ID. $2: Service template name. $3: SSID. $4: BSSID. $5: Reason why the fail-permit mode was activated. Options include: ¡ Unreachable domain—The RADIUS server cannot be reached. ¡ AP disconnected from the AC.
Severity level	4
Example	STAMGR/4/STAMGR_ESCAPE_ACTIVE: The fail-permit mode was activated on radio 1 bound with service template st1 and SSID st1ssid in BSS 0023-12ef-78dc. Reason: AP disconnected from AC.
Explanation	The configured fail-prmit mode was activated because the RADIUS server cannot be reached or the AP is disconnected from the AC.
Recommended action	To resolve the issue: 1. Verify that the RADIUS server can be reached and the AP is connected to the AC correctly. 2. If the issue persists, contact H3C Support.

STAMGR_ESCAPE_DEACTIVE

Message text	The fail-permit mode was deactivated on radio [STRING] bound with service template [STRING] and SSID [STRING] in BSS [STRING]. Reason: [STRING].
Variable fields	$1: Radio ID. $2: Service template name. $3: SSID. $4: BSSID. $5: Reason why the fail-permit mode was deactivated. Options include: ¡ Domain is reachable—Connection to the RADIUS server was restored. ¡ AP and AC connection restored.
Severity level	6
Example	STAMGR/6/STAMGR_ESCAPE_DEACTIVE: The fail-permit mode was deactivated on radio 1 bound with service template st1 and SSID st1ssid in BSS 0023-12ef-78dc. Reason: AP and AC connection restored.
Explanation	The configured fail-prmit mode was deactivated because connection to the RADIUS server or the AP and AC connection was restored.
Recommended action	No action is required.

STAMGR_DOMAIN_UNREACHABLE

Message text	Domain [STRING] configured in service template [STRING] with SSID [STRING] is unreachable.
Variable fields	$1: Domain name. $2: Service template name. $3: SSID.
Severity level	4
Example	STAMGR/4/STAMGR_DOMAIN_UNREACHABLE: Domain mydomain configured in service template st1 with SSID ssidst1 is unreachable.
Explanation	The authentication domain configured in the service template cannot be reached.
Recommended action	To resolve the issue: 1. Verify that the RADIUS server can be reached. 2. If the issue persists, contact H3C Support.

STAMGR_DOMAIN_REACHABLE

Message text	Domain [STRING] configured in service template [STRING] with SSID [STRING] is reachable.
Variable fields	$1: Domain name. $2: Service template name. $3: SSID.
Severity level	6
Example	STAMGR/6/STAMGR_DOMAIN_REACHABLE: Domain mydomain configured in service template st1 with SSID ssidst1 is reachable.
Explanation	Connection to the authentication domain configured in the service template restored.
Recommended action	No action is required.

STAMGR_MACA_LOGIN_FAILURE

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]-UsernameFormat=[STRING]; A user failed MAC authentication. Reason: [STRING].
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: VLAN ID. $7: Username format: · fixed. · MAC address. $8: Reason for the authentication failure: · AAA processed authentication request and returned error code code. ¡ 4—Represents one of the following errors: nonexistent authentication domain, service type error, or incorrect username or password. ¡ 8—Represents one of the following errors: no IP addresses are added to the authentication server, preshared keys configured on the authentication server are different from preshared keys configured on the device, or the authentication server and the device cannot reach each other. ¡ 26—Configuration error exists in the authentication domain. · AAA processed authorization request and returned error code code. ¡ 8—The authentication server and the device cannot reach each other. · Client timeout timer expired. · Received user security information and kicked off the client. · Accounting-update timer expired, and no responses were received from the server. · Kicked off the client when the idle timeout timer expired. · Authentication method error. · Kicked off the client because the server-assigned session timeout timer is 0. · Received session disconnection event. · Unknown reason.
Severity level	5
Example	STAMGR/5/STAMGR_MACA_LOGIN_FAILURE:-Username=MAC-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11-UsernameFormat=fixed; A user failed MAC authentication. Reason: AAA processed authentication request and returned error code 8.
Explanation	The client failed to pass MAC authentication for a specific reason.
Recommended action	To resolve the issue: 1. Examine the network connection between the device and the AAA server. 2. Verify that the AAA server works correctly. 3. Verify that the AAA server is configured with the correct username and password. 4. Troubleshoot errors one by one according to the returned error code during authentication. 5. If the issue persists, contact H3C Support.

STAMGR_MACA_LOGIN_SUCC

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]-UsernameFormat=[STRING]; A user passed MAC authentication and came online.
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: VLAN ID. $7: Username format: · fixed. · MAC address.
Severity level	6
Example	STAMGR/6/STAMGR_MACA_LOGIN_SUCC:-Username=MAC-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11-UsernameFormat=fixed; A user passed MAC authentication and came online.
Explanation	The client came online after passing MAC authentication.
Recommended action	No action is required.

STAMGR_MACA_LOGOFF

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]-UsernameFormat=[STRING]; Session for a MAC authentication user was terminated. Reason: [STRING].
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: VLAN ID. $7: Username format: · fixed. · MAC address. $8: Reason why the client is logged off. · AAA processed authentication request and returned error code code. Server reason: reason. · The reason field represents the reason returned from the server and is available only when the server returned a reason. Available error codes include: ¡ 4—Represents one of the following errors: nonexistent authentication domain, service type error, or incorrect username or password. ¡ 8—Represents one of the following errors: no IP addresses are added to the authentication server, preshared keys configured on the authentication server are different from preshared keys configured on the device, or the authentication server and the device cannot reach each other. ¡ 26—Configuration error exists in the authentication domain. · AAA processed authorization request and returned error code code. Server reason: reason. · The reason field represents the reason returned from the server and is available only when the server returned a reason. Available error codes include: ¡ 8—The authentication server and the device cannot reach each other. · AAA processed accounting-start request and returned error code code. Server reason: reason. · The reason field represents the reason returned from the server and is available only when the server returned a reason. Available error codes include: ¡ 8—The authentication server and the device cannot reach each other. · AAA processed accounting-update request and returned error code code. Server reason: reason. · The reason field represents the reason returned from the server and is available only when the server returned a reason. Available error codes include: ¡ 8—The authentication server and the device cannot reach each other. · Client timeout timer expired. · Received user security information and kicked off the client. · Lost in shaking hands. · Accounting-update timer expired, and no responses were received from the server. · Kicked off the client when the idle timeout timer expired. · Authentication method error. · Kicked off the client because the server-assigned session timeout timer is 0. · Received session disconnection event. · Received disassociation frame in Run state: reason code=code. · Received deauthentication frame in Run state: reason code=code. · Received disassociation packet in Userauth state. · Received deauthentication packet in Userauth state. · Received client failure message with reason code=code. · Received client offline message with reason code=code. · Unknown reason.
Severity level	6
Example	STAMGR/6/STAMGR_MACA_LOGOFF:-Username=MAC-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11-UsernameFormat=fixed; Session for a MAC authentication user was terminated. Reason: Received user security information and kicked off the client.
Explanation	The MAC authenticated client was logged off for a specific reason.
Recommended action	To resolve the issue: 1. Check the debugging information to locate the logoff cause and remove the issue. If the logoff was requested by the client, no action is required. 2. If the issue persists, contact H3C Support.

STAMGR_ROAM_FAILED

Message text	Client [MAC] on AP [STRING] Radio ID [STRING] failed to roam with reason code [UINT32].
Variable fields	$1: MAC address of the client. $2: Name of the AP associated with the client. $3: ID of the radio associated with the client. $4: Reason code for the roaming failure: · 1—Failed to select a roaming policy. · 2—Insufficient memory resources. · 3—Network communication failures. · 4—Lack of local roaming entries. · 5—Failed to add a VLAN.
Severity level	4
Example	STAMGR/4/STAMGR_ROAM_FAILED: Client 001f-3ca8-1092 on AP ap1 Radio ID 2 failed to roam with reason code 1.
Explanation	The client failed to roam for a specific reason.
Recommended action	To resolve the issue, depending on the reason code: · 1—Use the display wlan client verbose command to verify that the authentication method has changed. · 2—Use the display process memory command to check memory resource usage for each module. · 3—Use the display wlan mobility group command to check the IACTP tunnel state. · 4—Use the display wlan mobility group command to check the IACTP tunnel state. · 5—Check the trace.log file for VLAN adding failure reason.

STAMGR_ROAM_SUCCESS

Message text	Client [MAC] roamed from BSSID [MAC] on AP [STRING] Radio ID [STRING] of AC IP [IPADDR] to BSSID [MAC] on AP [STRING] Radio ID [STRING] of AC IP [IPADDR] successfully.
Variable fields	$1: MAC address of the client. $2: BSSID of the AP associated with the client before roaming. $3: Name of the AP associated with the client before roaming. $4: ID of the radio associated with the client before roaming. $5: IP address of the AC associated with the client before roaming. $6: BSSID of the AP associated with the client after roaming. $7: Name of the AP associated with the client after roaming. $8: ID of the radio associated with the client after roaming. $9: IP address of the AC associated with the client after roaming.
Severity level	6
Example	STAMGR/6/STAMGR_ROAM_SUCCESS: Client 0021-005f-dffd roamed from BSSID 000f-e289-6ad0 on AP ap1 Radio ID 2 of AC IP 172.25.0.81 to BSSID 000f-e2ab-baf0 on AP ap2 Radio ID 2 of AC IP 172.25.0.82 successfully.
Explanation	The client roamed successfully.
Recommended action	No action is required.

STAMGR_SAVI_BIND

Message text	Bound IP address [STRING] to client [STRING] associated with radio [STRING] of AP [STRING] in BSS [STRING] with SSID [STRING]. Binding type: [STRING].
Variable fields	$1: IP address of the client. $2: MAC address of the client. $3: ID of the radio associated with the client. $4: Name of the AP associated with the client. $5: BSSID. $6: SSID of the service template. $7: IP address binding type: · DHCP. · DHCPv6. · ND.
Severity level	6
Example	STAMGR/6/STAMGR_SAVI_BIND: Bound IP address 192.168.1.1 to client b0f9-6393-72e0 associated with radio 2 of AP ap1 in BSS b0f9-6393-72f0 with SSID abc. Binding type: DHCP.
Explanation	The device created an SAVI binding entry.
Recommended action	No action is required.

STAMGR_SAVI_UNBIND

Message text	Unbound IP address [STRING] from client [STRING] associated with radio [STRING] of AP [STRING] in BSS [STRING] with SSID [STRING].
Variable fields	$1: IP address of the client. $2: MAC address of the client. $3: ID of the radio associated with the client. $4: Name of the AP associated with the client. $5: BSSID. $6: SSID of the service template.
Severity level	6
Example	STAMGR/6/STAMGR_SAVI_UNBIND: Unbound IP address 192.168.1.1 from client b0f9-6393-72e0 associated with radio 2 of AP ap1 in BSS b0f9-6393-72f0 with SSID abc.
Explanation	The device deleted an SAVI binding entry.
Recommended action	No action is required.

STAMGR_SAVI_UNKNOWN_SOURCE_IP

Message text	Received a data packet with unknown source IP [STRING] destined to IP [STRING] from client [STRING] associated with radio [STRING] of AP [STRING] in BSS [STRING] with SSID [STRING]. IP protocol: [STRING].
Variable fields	$1: Source IP address. $2: Destination IP address. $3: MAC address of the client. $4: ID of the radio associated with the client. $5: Name of the AP associated with the client. $6: BSSID. $7: SSID of the service template. $8: IP protocol version.
Severity level	6
Example	STAMGR/6/STAMGR_SAVI_UNKNOWN_SOURCE_IP: Received a data packet with unknown source IP 192.168.1.1 destined to IP 192.168.1.2 from client 0023-8933-2147 associated with radio 2 of AP ap1 in BSS 0023-12ef-78dc with SSID abc. IP protocol: 17.
Explanation	The device received a data packet with a source IP address that does not match any SAVI binding entries.
Recommended action	No action is required.

STAMGR_SERVICE_FAILURE

Message text	Service failure occurred on BSS [STRING] after service template [STRING] with SSID [STRING] was bound to radio [STRING] on AP [STRING] with AP ID [STRING]. Reason: [STRING], code=0x[STRING].
Variable fields	$1: BSSID. $2: Name of the service template. $3: SSID defined in the service template. $4: Radio ID. $5: AP name. $6: AP ID. $7: Reason for the service failure, as described in Table 13. $8: Error code.
Severity level	6
Example	STAMGR/6/SERVICE_FAILURE: Service failure occurred on BSS 0023-12ef-78dc after service template st1 with SSID st1ssid was bound to radio 1 on AP ap1 with AP ID 1. Reason: Failed to activate BSS when AP came online, code=0x61140001.
Explanation	After the AP came online, BSS activation failed for a specific reason with error code 0x61140001.
Recommended action	To resolve the issue: 1. Check the debugging information to locate the failure cause and remove the issue. 2. If the issue persists, contact H3C Support.

Table 13 Possible service failure reasons

Possible reasons
Failed to create a BSS interface during smooth BSS interface creation.
Replied with failure to transmit interface creation node during smooth BSS interface creation.
Failed to set forwarding location during smooth recovery of AP data.
Failed to initiate a series of locations during smooth recovery of AP data.
Failed to send message of creating BSS interface to worker thread during smooth recovery of AP data.
Failed to create handle during smooth recovery of AP data.
Failed to activate BSS during smooth recovery of AP data.
Failed to set kernel forwarding table during smooth recovery of AP data.
Failed to create BSS node when AP came online.
Failed to create BSS handle when AP came online.
Insufficient memory for creating BSS node when AP came online.
Failed to get radio private data while creating BSS node in general process.
Failed to initiate a series of locations while creating BSS node in general process.
Failed to set kernel forwarding table while creating BSS node in general process.
Failed to create BSS node during smooth recovery of BSS data.
Failed to get AP location while recovering BSS running data from DBM.
Failed to get radio private data while recovering BSS running data from DBM.
Failed to add BSS index to interface index while recovering BSS running data from DBM.
Failed to create BSS handle when hierarchy device received Add WLAN message.
Failed to initiate a series of locations when hierarchy device received Add WLAN message.
Failed to set forwarding location when hierarchy device received Add WLAN message.
Failed to send message to worker thread when hierarchy device received Add WLAN message.
Failed to set kernel forwarding table when hierarchy device received Add WLAN message.
Failed to activate BSS when hierarchy device received Add WLAN message.
Failed to issue Add WLAN message when hierarchy device received Add WLAN message.
Failed to activate BSS when service template was bound.
Failed to create BSS node when service template was bound.
Failed to create BSS handle when service template was bound.
Failed to add bind node to mapped radio list of the service template while recovering service template binding information for service thread from pending database.
Failed to create BSS node while recovering service template binding information for service thread from pending database.
Failed to add bind node to mapped radio list of the service template while creating BSS from Merger.
Failed to create BSS node while creating BSS from Merger.
Failed to apply for memory while creating BSS node.
Failed to calculate BSSID while creating BSS node.
Service thread received interface creation failure while creating BSS interface during smooth recovery of AP data.
Failed to add BSS index to interface index while creating BSS interface during smooth recovery of AP data.
Failed to add VLAN on the interface while creating BSS interface during smooth recovery of AP data.
Failed to set the source MAC address of the interface while creating BSS interface during smooth recovery of AP data.
Failed to set kernel forwarding table while creating BSS interface during smooth recovery of AP data.
Failed to activate BSS while creating BSS interface during smooth recovery of AP data.
Replied with failure to transmit interface creation node when hierarchy device created an interface accordingly.
Failed to create BSS interface when BSS created an interface accordingly.
Failed to add BSS index to interface index when BSS created an interface accordingly.
Failed to add VLAN on the interface when BSS created an interface accordingly.
Failed to set source MAC address of the interface when BSS created an interface accordingly.
Failed to set kernel forwarding table when BSS created an interface accordingly.
Failed to issue ADD BSS message when BSS created an interface accordingly.
Replied with failure to transmit interface creation node when hierarchy device created an interface accordingly for an invalid interface.
Created BSS rollback for failed resources while issuing ADD BSS message callback.
Failed to enable packet socket while recovering BSS running data from DBM.
Failed to create BSS node while recovering BSS running data from DBM.
Failed to initiate BSS while creating BSS node.
Failed to activate BSS when service template was enabled.
Invalid BSS interface index while upgrading BSS with AP private data.
Failed to upgrade backup BSS to real BSS while upgrading BSS with AP private data.
Failed to set kernel forwarding table while upgrading BSS with AP private data.
Failed to activate BSS while upgrading BSS with AP private data.
Invalid BSS interface index while upgrading BSS without AP private data.
Failed to set kernel forwarding table while upgrading BSS without AP private data.
Failed to activate BSS while upgrading BSS without AP private data.
Failed to create BSS interface while creating general BSS process.
Failed to activate BSS during smooth recovery of BSS data.
Failed to activate BSS while recovering service template binding information for service thread from pending database.
Failed to activate BSS while creating BSS from Merger.
Failed to activate BSS when AP came online.
Failed to activate BSS when other module sent activation request.
Failed to activate BSS when other module received activation request.
Failed to send response node of creating interface while creating interface during smooth recovery of AP data.
Failed to add BSS index to interface index when hierarchy device created an interface accordingly.
Failed to add VLAN on the interface when hierarchy device created an interface accordingly.
Failed to set source MAC address of the interface when hierarchy device created an interface accordingly.
Failed to set kernel forwarding table when hierarchy device created an interface accordingly.
Failed to activate BSS when hierarchy device created an interface accordingly.
Failed to issue Add BSS message when hierarchy device created an interface accordingly.
Insufficient memory when hierarchy device received BSS creation message.
Failed to fill BSS basic data when hierarchy device received BSS creation message.
Failed to initiate BSS service phase when hierarchy device received BSS creation message.
Failed to receive Add WLAN message when hierarchy device received BSS creation message.
Failed to get radio private data because of invalid AP ID when hierarchy device received BSS creation message.
Failed to get radio private data because of invalid radio ID when hierarchy device received BSS creation message.
Failed to get radio private data when hierarchy device received Add WLAN message.
Failed to issue message when hierarchy device received Add WLAN message.
Failed to get BSS data through WLAN ID during smooth recovery of BSS data.
Failed to issue Add WLAN message while creating BSS node in general process.
Failed to create BSS interface when hierarchy device created an interface accordingly.
Failed to create BSS interface when hierarchy device created an interface accordingly for an invalid interface.
Failed to set forwarding location while creating BSS node in general process.
Replied with failure to transmit interface creation node when BSS created an interface accordingly.
Failed to update BSS key data when hierarchy device received Add WLAN message.
Replied with failure to transmit interface creation node when BSS created an interface accordingly for an existing BSS.

STAMGR_SERVICE_OFF

Message text	BSS [STRING] was deleted after service template [STRING] with SSID [STRING] was unbound from radio [STRING] on AP [STRING]. Reason: [STRING].
Variable fields	$1: BSSID. $2: Name of the service template. $3: SSID defined in the service template. $4: Radio ID. $5: AP name. $6: Reason for the BSS deletion. · Unknown reason. · AP down. · Deleted BSS with the Delete mark when inter-AC BSS smooth ended. · Hierarchy device received BSS delete message. · Deleted AP private data from APMGR when AP smooth ended. · WLAS was triggered, and service was shut down temporarily. · Intrusion protection was triggered, and service was shut down permanently. · Service module received Update WLAN message when BSS was inactive. · Disabled service template. · Unbound service template. · Deleted BSS with the Delete mark when inter-AC AP smooth ended. · BSS aging timer timed out. · Deleted non-local forwarding BSS when AP enabled with remote AP went offline. · Failed to find configuration data while synchronizing data. · AP did not come online or service template was disabled. · Failed to find the WLAN ID from APMGR while BSS was smoothing WLAN ID. · Unbound inherited service template. · The stamgr process became down automatically or was shut down manually. · Failed to use AP private data to upgrade backup BSS. · Failed to upgrade backup BSS. · Failed to synchronize service template data to the Merger bind list while upgrading backup data.
Severity level	6
Example	STAMGR/6/SERVICE_OFF: BSS 0023-12ef-78dc was deleted after service template st1 with SSID st1ssid was unbound from radio 1 on AP ap1. Reason: Failed to find configuration data while synchronizing data.
Explanation	The BSS was deleted for a specific reason.
Recommended action	To resolve the issue: 1. Verify that the BSS is deleted as requested. If the BSS is deleted as requested, no action is required. 2. Locate the deletion cause and remove the issue if the BSS is deleted abnormally, 3. If the issue persists, contact H3C Support.

STAMGR_SERVICE_ON

Message text	BSS [STRING] was created after service template [STRING] with SSID [STRING] was bound to radio [STRING] on AP [STRING].
Variable fields	$1: BSSID. $2: Name of the service template. $3: SSID defined in the service template. $4: Radio ID. $5: AP name.
Severity level	6
Example	STAMGR/6/SERVICE_ON: BSS 0023-12ef-78dc was created after service template st1 with SSID 1 was bound to radio 1 on AP ap1.
Explanation	The BSS was created.
Recommended action	No action is required.

STAMGR_STA_ADDMOB_LKUP_ENDOFIOCTL

Message text	APID=[UINT32]-MAC=[STRING]-BSSID=[STRING]; AC doesn't need to send client information to uplink device: Client information already arrived at the end of the IOCTL tunnel.
Variable fields	$1: ID of the AP associated with the client. $2: MAC address of the client. $3: BSSID of the service template associated with the client.
Severity level	7
Example	STAMGR/7/STAMGR_STA_ADDMOB_LKUP_ENDOFIOCTL: APID=667-MAC=d4f4-6f69-d7a1-BSSID=600b-0301-d5a0; The AC doesn't need to send client information to uplink device: Client information already arrived at the end of the IOCTL tunnel.
Explanation	The AC does not need to send client information to the uplink device because client information already arrived at the end of the IOCTL tunnel.
Recommended action	To resolve the issue depending on the network infrastructure: · Fit AP+AC network—No action is required if this message is output. If no message is output, locate the issue according to the debugging information and resolve the issue. · AC hierarchical network—No action is required if this message is output by the central AC. If this message is output by a local AC, locate the issue according to the debugging information and resolve the issue.

STAMGR_STAIPCHANGE_INFO

Message text	IP address of client [STRING] changed to [STRING].
Variable fields	$1: MAC address of the client. $2: New IP address of the client.
Severity level	6
Example	STAMGR/6/STAMGR_STAIPCHANGE_INFO: IP address of client 3ce5-a616-28cd changed to 4.4.4.4.
Explanation	The IP address of the client was updated.
Recommended action	No action is required.

STAMGR_TRIGGER_IP

Message text	-SSID=[STRING]-UserMAC=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]; Intrusion protection triggered. Action: [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: ID of the access VLAN. $6: Action: · Added the user to the blocked MAC address list. · Closed the user's BSS temporarily. · Closed the user's BSS permanently.
Severity level	5
Example	STAMGR/5/STAMGR_TRIGGER_IP:-SSID=text-wifi-UserMAC=3ce5-a616-28cd-APName=ap1-RadioID=2-VLANID=11; Intrusion protection triggered, the intrusion protection action: added a user to the list of Block-MAC.
Explanation	Intrusion protection was triggered and the action was displayed.
Recommended action	No action is required.

STP messages

This section contains STP messages.

STP_BPDU_PROTECTION

Message text	BPDU-Protection port [STRING] received BPDUs.
Variable fields	$1: Interface name.
Severity level	4
Example	STP/4/STP_BPDU_PROTECTION: BPDU-Protection port GigabitEthernet1/0/1 received BPDUs.
Explanation	A BPDU-guard-enabled port received BPDUs.
Recommended action	Check whether the downstream device is a terminal and check for possible attacks from the downstream device or other devices.

STP_BPDU_RECEIVE_EXPIRY

Message text	Instance [UINT32]'s port [STRING] received no BPDU within the rcvdInfoWhile interval. Information of the port aged out.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	5
Example	STP/5/STP_BPDU_RECEIVE_EXPIRY: Instance 0's port GigabitEthernet1/0/1 received no BPDU within the rcvdInfoWhile interval. Information of the port aged out.
Explanation	The state of a non-designated port changed because the port did not receive a BPDU within the max age.
Recommended action	Check the STP status of the upstream device and possible attacks from other devices.

STP_CONSISTENCY_CHECK

Message text	DR role assignment finished. Please verify that the local device and the peer device have consistent global and DR-interface-specific STP settings.
Variable fields	N/A
Severity level	5
Example	STP/5/STP_CONSISTENCY_CHECK: DR role assignment finished. Please verify that the local device and the peer device have consistent global and DR-interface-specific STP settings.
Explanation	The DR member devices in a DR system must have the same global and DR-interface-specific STP settings.
Recommended action	Check the global and DR-interface-specific STP settings on the local and peer DR member devices.

STP_CONSISTENCY_RESTORATION

Message text	Consistency restored on VLAN [UINT32]'s port [STRING].
Variable fields	$1: VLAN ID. $2: Interface name.
Severity level	6
Example	STP/6/STP_CONSISTENCY_RESTORATION: Consistency restored on VLAN 10's port GigabitEthernet1/0/1.
Explanation	Port link type or PVID inconsistency was removed on a port.
Recommended action	No action is required.

STP_DETECTED_TC

Message text	[STRING] [UINT32]'s port [STRING] detected a topology change.
Variable fields	$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name.
Severity level	6
Example	STP/6/STP_DETECTED_TC: Instance 0's port GigabitEthernet1/0/1 detected a topology change.
Explanation	The MSTP instance or VLAN to which a port belongs had a topology change, and the local end detected the change.
Recommended action	Identify the topology change cause and handle the issue. For example, if the change is caused by a link down event, recover the link.

STP_DISABLE

Message text	STP is now disabled on the device.
Variable fields	N/A
Severity level	6
Example	STP/6/STP_DISABLE: STP is now disabled on the device.
Explanation	STP was globally disabled on the device.
Recommended action	No action is required.

STP_DISCARDING

Message text	Instance [UINT32]'s port [STRING] has been set to discarding state.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	6
Example	STP/6/STP_DISCARDING: Instance 0's port GigabitEthernet1/0/1 has been set to discarding state.
Explanation	MSTP calculated the state of ports within an instance, and a port was set to the discarding state.
Recommended action	No action is required.

STP_DISPUTE

Message text	[STRING] [UINT32]'s port [STRING] received an inferior BPDU from a designated port which is in forwarding or learning state.
Variable fields	$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name.
Severity level	4
Example	STP/4/STP_DISPUTE: Instance 0's port GigabitEthernet1/0/2 received an inferior BPDU from a designated port which is in forwarding or learning state.
Explanation	A port in the MSTI or VLAN received a low-priority BPDU from a designated port in forwarding or learning state.
Recommended action	Verify that the peer port can receive packets from the local port: 1. Use the display stp abnormal-port command to display information about ports that are blocked by dispute protection. 2. Verify that the VLAN configurations on the local and peer ports are consistent. 3. Shut down the link between the two ports and then bring up the link, or connect the local port to another port.

STP_ENABLE

Message text	STP is now enabled on the device.
Variable fields	N/A
Severity level	6
Example	STP/6/STP_ENABLE: STP is now enabled on the device.
Explanation	STP was globally enabled on the device.
Recommended action	No action is required.

STP_FORWARDING

Message text	Instance [UINT32]'s port [STRING] has been set to forwarding state.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	6
Example	STP/6/STP_FORWARDING: Instance 0's port GigabitEthernet1/0/1 has been set to forwarding state.
Explanation	MSTP calculated the state of ports within an instance, and a port was set to the forwarding state.
Recommended action	No action is required.

STP_LOOP_PROTECTION

Message text	Instance [UINT32]'s LOOP-Protection port [STRING] failed to receive configuration BPDUs.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	4
Example	STP/4/STP_LOOP_PROTECTION: Instance 0's LOOP-Protection port GigabitEthernet1/0/1 failed to receive configuration BPDUs.
Explanation	A loop-guard-enabled port failed to receive configuration BPDUs.
Recommended action	Check the STP status of the upstream device and possible attacks from other devices.

STP_LOOPBACK_PROTECTION

Message text	[STRING] [UINT32]'s port [STRING] received its own BPDU.
Variable fields	$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name.
Severity level	4
Example	STP/4/STP_LOOPBACK_PROTECTION: Instance 0's port GigabitEthernet1/0/2 received its own BPDU.
Explanation	A port in the MSTI or VLAN received a BPDU sent by itself.
Recommended action	Check for forged BPDUs from attackers or loops in the network.

STP_NOT_ROOT

Message text	The current switch is no longer the root of instance [UINT32].
Variable fields	$1: Instance ID.
Severity level	5
Example	STP/5/STP_NOT_ROOT: The current switch is no longer the root of instance 0.
Explanation	The current switch is no longer the root bridge of an instance. It received a superior BPDU after it was configured as the root bridge.
Recommended action	Check the bridge priority configuration and possible attacks from other devices.

STP_NOTIFIED_TC

Message text	[STRING] [UINT32]'s port [STRING] was notified of a topology change.
Variable fields	$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name.
Severity level	6
Example	STP/6/STP_NOTIFIED_TC: Instance 0's port GigabitEthernet1/0/1 was notified of a topology change.
Explanation	The neighboring device on a port notified the current device that a topology change occurred in the instance or VLAN to which the port belongs.
Recommended action	Identify the topology change cause and handle the issue. For example, if the change is caused by a link down event, recover the link.

STP_PORT_TYPE_INCONSISTENCY

Message text	Access port [STRING] in VLAN [UINT32] received PVST BPDUs from a trunk or hybrid port.
Variable fields	$1: Interface name. $2: VLAN ID.
Severity level	4
Example	STP/4/STP_PORT_TYPE_INCONSISTENCY: Access port GigabitEthernet1/0/1 in VLAN 10 received PVST BPDUs from a trunk or hybrid port.
Explanation	An access port received PVST BPDUs from a trunk or hybrid port.
Recommended action	Check the port link type setting on the ports.

STP_PVID_INCONSISTENCY

Message text	Port [STRING] with PVID [UINT32] received PVST BPDUs from a port with PVID [UINT32].
Variable fields	$1: Interface name. $2: VLAN ID. $3: VLAN ID.
Severity level	4
Example	STP/4/STP_PVID_INCONSISTENCY: Port GigabitEthernet1/0/1 with PVID 10 received PVST BPDUs from a port with PVID 20.
Explanation	A port received PVST BPDUs from a remote port with a different PVID.
Recommended action	Verify that the PVID is consistent on both ports.

STP_PVST_BPDU_PROTECTION

Message text	PVST BPDUs were received on port [STRING], which is enabled with PVST BPDU protection.
Variable fields	$1: Interface name.
Severity level	4
Example	STP/4/STP_PVST_BPDU_PROTECTION: PVST BPDUs were received on port GigabitEthernet1/0/1, which is enabled with PVST BPDU protection.
Explanation	In MSTP mode, a port enabled with PVST BPDU guard received PVST BPDUs.
Recommended action	Identify the device that sends the PVST BPDUs.

STP_ROOT_PROTECTION

Message text	Instance [UINT32]'s ROOT-Protection port [STRING] received superior BPDUs.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	4
Example	STP/4/STP_ROOT_PROTECTION: Instance 0's ROOT-Protection port GigabitEthernet1/0/1 received superior BPDUs.
Explanation	A root-guard-enabled port received BPDUs that are superior to the BPDUs generated by itself.
Recommended action	Check the bridge priority configuration and possible attacks from other devices.

STP_STG_NUM_DETECTION

Message text	STG count [UINT32] is smaller than the MPU's STG count [UINT32].
Variable fields	$1: Number of STGs on a card. $2: Number of STGs on the MPU.
Severity level	4
Example	STP/4/STP_STG_NUM_DETECTION: STG count 64 is smaller than the MPU's STG count 65.
Explanation	The system detected that the STG count on a card was smaller than that on the MPU.
Recommended action	Make sure the number of spanning tree instances is not larger than the smallest card-specific STG count. For example, if the number of spanning tree instances is m and the smallest STG count among cards is n, m cannot be larger than n.

SYSLOG messages

This section contains syslog (information center) messages.

SYSLOG_LOGBUFFER_FAILURE

Message text	Log cannot be sent to the logbuffer because of communication timeout between syslog and DBM processes.
Variable fields	N/A
Severity level	4
Example	SYSLOG/4/SYSLOG_LOGBUFFER_FAILURE: Log cannot be sent to the logbuffer because of communication timeout between syslog and DBM processes.
Explanation	Failed to output logs to the logbuffer because of the communication timeout between syslog and DBM processes.
Recommended action	Reboot the device or contact H3C Support.

‌

SYSLOG_LOGFILE_FULL

Message text	Log file space is full.
Variable fields	N/A
Severity level	4
Example	SYSLOG/4/SYSLOG_LOGFILE_FULL: Log file space is full.
Explanation	The log file is full.
Recommended action	Back up the log file, remove the original file, and then bring up interfaces as needed.

‌

SYSLOG_NO_SPACE

Message text	Failed to save log file due to lack of space resources.
Variable fields	N/A
Severity level	4
Example	SYSLOG/4/SYSLOG_NO_SPACE: -MDC=1; Failed to save log file due to lack of space resources.
Explanation	Failed to save logs to the log file due to lack of storage space.
Recommended action	Clean up the storage space of the device regularly to ensure sufficient storage space for saving logs to the log file.

‌

SYSLOG_RESTART

Message text	System restarted -- [STRING] [STRING] Software.
Variable fields	$1: Company name. $2: Software name.
Severity level	6
Example	SYSLOG/6/SYSLOG_RESTART: System restarted -- H3C Comware Software
Explanation	A system restart log was generated.
Recommended action	No action is required.

‌

SYSLOG_RTM_EVENT_BUFFER_FULL

Message text	In the last minute, [STRING] syslog logs were not monitored because the buffer was full.
Variable fields	$1: Number of system logs that were not sent to the EAA module in the last minute.
Severity level	5
Example	SYSLOG/5/SYSLOG_RTM_EVENT_BUFFER_FULL: In the last minute, 100 syslog logs were not monitored because the buffer was full.
Explanation	This message records the number of system logs that are not processed by EAA because the log buffer monitored by EAA is full. The log buffer can be filled up if the device generates large numbers of system logs in a short period of time.
Recommended action	· Identify log sources and take actions to reduce system logs. · Use the rtm event syslog buffer-size command to increase the log buffer size.

‌

TACACS messages

This section contains TACACS messages.

TACACS_AUTH_FAILURE

Message text	User [STRING] from [STRING] failed authentication.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	TACACS/5/TACACS_AUTH_FAILURE: User cwf@system from 192.168.0.22 failed authentication.
Explanation	An authentication request was rejected by the TACACS server.
Recommended action	No action is required.

TACACS_AUTH_SUCCESS

Message text	User [STRING] from [STRING] was authenticated successfully.
Variable fields	$1: Username. $2: IP address.
Severity level	6
Example	TACACS/6/TACACS_AUTH_SUCCESS: User cwf@system from 192.168.0.22 was authenticated successfully.
Explanation	An authentication request was accepted by the TACACS server.
Recommended action	No action is required.

TACACS_DELETE_HOST_FAIL

Message text	Failed to delete servers in scheme [STRING].
Variable fields	$1: Scheme name.
Severity level	4
Example	TACACS/4/TACACS_DELETE_HOST_FAIL: Failed to delete servers in scheme abc.
Explanation	Failed to delete servers from a TACACS scheme.
Recommended action	No action is required.

TELNETD messages

This section contains Telnet daemon messages.

TELNETD_REACH_SESSION_LIMIT

Message text	Telnet client [STRING] failed to log in. The current number of Telnet sessions is [NUMBER]. The maximum number allowed is ([NUMBER]).
Variable fields	$1: IP address of the Telnet client. $2: Current number of Telnet sessions. $3: Maximum number of Telnet sessions allowed by the device.
Severity level	6
Example	TELNETD/6/TELNETD_REACH_SESSION_LIMIT: Telnet client 1.1.1.1 failed to log in. The current number of Telnet sessions is 10. The maximum number allowed is (10).
Explanation	The number of Telnet connections reached the limit.
Recommended action	1. Use the display current-configuration \| include session-limit command to view the current limit for Telnet connections. If the command does not display the limit, the device is using the default setting. 2. If you want to set a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required.

VLAN messages

This section contains VLAN messages.

VLAN_CREATEVLAN_NO_ENOUGH_RESOUR

Message text	Failed to create VLAN [STRING]. The maximum number of VLANs has been reached.
Variable fields	$1: VLAN ID.
Severity level	4
Example	VLAN/4/ VLAN_CREATEVLAN_NO_ENOUGH_RESOUR: Failed to create VLAN 1025-4094. The maximum number of VLANs has been reached.
Explanation	A VLAN failed to be created because hardware resources were insufficient.
Recommended action	No action is required.

VLAN_FAILED

Message text	Failed to add interface [STRING] to the default VLAN.
Variable fields	$1: Interface name.
Severity level	4
Example	VLAN/4/VLAN_FAILED: Failed to add interface S-Channel4/2/0/19:100 to the default VLAN.
Explanation	An S-channel interface was created when hardware resources were insufficient. The S-channel interface failed to be assigned to the default VLAN.
Recommended action	No action is required.

VLAN_VLANMAPPING_FAILED

Message text	The configuration failed because of resource insufficiency or conflicts on [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	VLAN/4/VLAN_VLANMAPPING_FAILED: The configuration failed because of resource insufficiency or conflicts on Ethernet0/0.
Explanation	Part of or all VLAN mapping configurations on the interface were lost because of one of the following occurrences: · Hardware resources were insufficient for the interface. · The interface joined or left a Layer 2 aggregation group.
Recommended action	No action is required.

VLAN_VLANTRANSPARENT_FAILED

Message text	The configuration failed because of resource insufficiency or conflicts on [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	VLAN/4/VLAN_VLANTRANSPARENT_FAILED: The configuration failed because of resource insufficiency or conflicts on Ethernet0/0.
Explanation	Part of or all VLAN transparent transmission configurations on the interface were lost because of one of the following occurrences: · Hardware resources were insufficient for the interface. · The interface joined or left a Layer 2 aggregation group.
Recommended action	No action is required.

VRRP messages

This section contains VRRP messages.

VRRP_STATUS_CHANGE

Message text	The status of [STRING] virtual router [UINT32] (configured on [STRING]) changed from [STRING] to [STRING]: [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Original status. $5: Current status. $6: Reason for status change: · Interface event received—An interface event was received. · IP address deleted—The virtual IP address has been deleted. · The status of the tracked object changed—The status of the associated track entry changed. · VRRP packet received—A VRRP advertisement was received. · Current device has changed to IP address owner—The current device has become the IP address owner. · Master-down-timer expired—The master down timer (3 × VRRP advertisement interval + Skew_Time) expired. · Zero priority packet received—A VRRP packet containing priority 0 was received. · Preempt—Preemption occurred. · Master group drove—The state of the master group changed. · Controlled by RBM—The state of the VRRP group (master or backup) was controlled by the HA group associated with it.
Severity level	6
Example	VRRP/6/VRRP_STATUS_CHANGE: The status of IPv4 virtual router 10 (configured on Ethernet0/0) changed (from Backup to Master): Master-down-timer expired.
Explanation	The VRRP group status changed because of the following reasons: · An interface event was received. · The virtual IP address has been deleted. · The status of the associated track entry changed. · A VRRP advertisement was received. · The current device has become the IP address owner. · The master down timer (3 × VRRP advertisement interval + Skew_Time) expired. · A VRRP packet containing priority 0 was received. · Preemption occurred. · The state of the master group changed.
Recommended action	Check the VRRP group status to make sure it is operating correctly.

VRRP_VF_STATUS_CHANGE

Message text	The [STRING] virtual router [UINT32] (configured on [STRING]) virtual forwarder [UINT32] detected status change (from [STRING] to [STRING]): [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: VF ID. $5: Original status of VF. $6: Current status of VF. $7: Reason for the status change.
Severity level	6
Example	VRRP/6/VRRP_VF_STATUS_CHANGE: The IPv4 virtual router 10 (configured on GigabitEthernet5/1) virtual forwarder 2 detected status change (from Active to Initialize): Weight changed.
Explanation	The status of the virtual forwarder has changed because the weight changed, the timeout timer expired, or VRRP went down.
Recommended action	Check the status of the track entry.

VRRP_VMAC_INEFFECTIVE

Message text	The [STRING] virtual router [UINT32] (configured on [STRING]) failed to add virtual MAC: [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Reason for the error.
Severity level	3
Example	VRRP/3/VRRP_VMAC_INEFFECTIVE: The IPv4 virtual router 10 (configured on Ethernet0/0) failed to add virtual MAC: Insufficient hardware resources.
Explanation	The virtual router failed to add a virtual MAC address.
Recommended action	Find out the root cause for the operation failure and fix the problem.

VSRP messages

This section contains VSRP messages.

VSRP_BIND_FAILED

Message text	Failed to bind the IP addresses and the port on VSRP peer [STRING].
Variable fields	$1: VSRP peer name.
Severity level	6
Example	VSRP/6/VSRP_BIND_FAILED: Failed to bind the IP addresses and the port on VSRP peer aaa.
Explanation	Failed to bind the IP addresses and the port when creating a TCP connection to the VSRP peer because the TCP port is in use.
Recommended action	No action is required.

WIPS messages

This section contains WIPS messages.

AP_CHANNEL_CHANGE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Channel change detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/AP_CHANNEL_CHANGE: -VSD=home-SrcMAC=1122-3344-5566; Channel change detected.
Explanation	The channel of the specified AP changed.
Recommended action	Determine whether the channel change is valid.

APFLOOD

Message text	-VSD=[STRING]; AP flood detected.
Variable fields	$1: VSD name.
Severity level	5
Example	WIPS/5/APFLOOD: -VSD=home; AP flood detected.
Explanation	The number of APs detected in the specified VSD reached the threshold.
Recommended action	Determine whether the device has suffered an attack.

ASSOCIATEOVERFLOW

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Association/Reassociation DoS attack detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/ASSOCIATEOVERFLOW: -VSD=home-SrcMAC=1122-3344-5566; Association/Reassociation DoS attack detected.
Explanation	The specified AP sent an association response with the status code 17.
Recommended action	Determine whether the AP has suffered an attack.

HONEYPOT

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Honeypot AP detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/HONEYPOT: -VSD=home-SrcMAC=1122-3344-5566; Honeypot AP detected.
Explanation	The specified AP was detected as a honeypot AP.
Recommended action	Determine whether the device has suffered an attack.

HTGREENMODE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; HT-Greenfield AP detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/HTGREENMODE: -VSD=home-SrcMAC=1122-3344-5566; HT-Greenfield AP detected.
Explanation	The specified AP was detected as an HT-greenfield AP.
Recommended action	Determine whether the device has suffered an attack.

MAN_IN_MIDDLE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Man-in-the-middle attack detected.
Variable fields	$1: VSD name. $2: MAC address of the client.
Severity level	5
Example	WIPS/5/MAN_IN_MIDDLE: -VSD=home-SrcMAC=1122-3344-5566; Man-in-the-middle attack detected.
Explanation	The specified client suffered a man-in-the-middle attack.
Recommended action	Determine whether the client has suffered a man-in-the-middle attack.

WIPS_DOS

Message text	-VSD=[STRING]; [STRING] rate attack detected.
Variable fields	$1: VSD name. $2: Device type: AP or client.
Severity level	5
Example	WIPS/5/WIPS_DOS: -VSD=home; AP rate attack detected.
Explanation	The number of device entries learned within the specified interval reached the threshold.
Recommended action	Determine whether the device suffers an attack.

WIPS_FLOOD

Message text	-VSD=[STRING]; [STRING] flood detected.
Variable fields	$1: VSD name. $2: Flood attack type. Options include the following: · Association request · Authentication · Disassociation · Reassociation request · Deauthentication · Null data · Beacon · Probe request · BlockAck · CTS · RTS · EAPOL start
Severity level	5
Example	WIPS/5/WIPS_FLOOD: -VSD=home; Association request flood detected.
Explanation	The number of a specific type of packets detected within the specified interval reached the threshold.
Recommended action	No action is required.

WIPS_MALF

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Error detected: [STRING].
Variable fields	$1: VSD name. $2: Sender's MAC address. $3: Malformed packet type. Options include the following: · invalid ie length—Invalid IE length. · duplicated ie—Duplicate IE. · redundant ie—Redundant IE. · invalid pkt length—Invalid packet length. · illegal ibss ess—Abnormal IBSS and ESS setting. · invalid source addr—Invalid source MAC address. · overflow eapol key—Oversized EAPOL key. · malf auth—Malformed authentication request frame. · malf assoc req—Malformed association request frame. · malf ht ie—Malformed HT IE. · large duration—Oversized duration. · null probe resp—Malformed probe response frame. · invalid deauth code—Invalid deauthentication code. · invalid disassoc code—Invalid disassociation code. · over flow ssid—Oversized SSID. · fata jack—FATA-Jack.
Severity level	5
Example	WIPS/5/WIPS_MALF: -VSD=home-SrcMAC=1122-3344-5566; Error detected: fata jack.
Explanation	A malformed packet was detected.
Recommended action	Determine whether the packet sender is an authorized device.

WIPS_ROGUE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Rogue AP detected by radio 1 of sensor [STRING] on channel 149 (RSSI=84).
Variable fields	$1: VSD name. $2: MAC address of the rogue AP.
Severity level	5
Example	WIPS/5/WIPS_ROGUE: -VSD=home-SrcMAC=1122-3344-5566; Rogue AP detected by radio 1 of sensor ap1 on channel 149 (RSSI=84).
Explanation	A rogue AP was detected.
Recommended action	Enable WIPS to take countermeasures against rogue APs.

WIPS_SIGNATURE

Message text	-VSD=[STRING]-SrcMAC=[MAC]-RuleID=[UINT16]; Signature rule matched.
Variable fields	$1: VSD name. $2: Sender's MAC address. $3: Signature Rule ID.
Severity level	5
Example	WIPS/5/WIPS_SIGNATURE: -VSD=home-SrcMAC=1122-3344-5566-RuleID=10; Signature rule matched.
Explanation	In the specified VSD, the packets matching the signature rule are detected.
Recommended action	Check whether the device is attacked.

WIPS_SPOOF

Message text	-VSD=[STRING]-SrcMAC=[MAC]; [STRING] detected.
Variable fields	$1: VSD name. $2: MAC address of the device being spoofed. $3: Spoofing attack type. Options include the following: · AP spoofing AP—A fake AP spoofs an authorized AP. · AP spoofing client—A fake AP spoofs an authorized client. · AP spoofing ad-hoc—A fake AP spoofs an Ad hoc device. · Ad-hoc spoofing AP—An Ad hoc device spoofs an authorized AP. · Client spoofing AP—A client spoofs an authorized AP.
Severity level	5
Example	WIPS/5/WIPS_SPOOF: -VSD=home-SrcMAC=1122-3344-5566; AP spoofing AP detected.
Explanation	A spoofing attack was detected.
Recommended action	Determine whether the packet sender is an authorized device.

WIPS_UNAUTH

Message text	-VSD=[STRING]-SrcMAC=[MAC];Unauthorized client detected by radio 1 of sensor [STRING] on channel 149 (RSSI=84).
Variable fields	$1: VSD name. $2: MAC address of the unauthorized client.
Severity level	5
Example	WIPS/5/WIPS_UNAUTH: -VSD=home-SrcMAC=1122-3344-5566; Unauthorized client detected by radio 1 of sensor ap1 on channel 149 (RSSI=84).
Explanation	An unauthorized client was detected.
Recommended action	Determine whether unauthorized clients exist.

WIPS_WEAKIV

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Weak IV detected.
Variable fields	$1: VSD name. $2: Sender's MAC address.
Severity level	5
Example	WIPS/5/WIPS_WEAKIV: -VSD=home-SrcMAC=1122-3344-5566; Weak IV detected.
Explanation	A weak IV was detected.
Recommended action	Use a more secure encryption method to encrypt packets.

WIRELESSBRIDGE

Message text	-VSD=[STRING]-AP1=[MAC]-AP2=[MAC]]; Wireless bridge detected.
Variable fields	$1: VSD name. $2: MAC address of AP 1. $3: MAC address of AP 2.
Severity level	5
Example	WIPS/5/WIRELESSBRIDGE: -VSD=home-AP1=1122-3344-5566-AP2=7788-9966-5544; Wireless bridge detected.
Explanation	The specified APs set up a wireless bridge.
Recommended action	Determine whether the wireless bridge is valid.

WSA messages

This section contains Wireless Spectrum Analysis (WSA) messages.

WSA_DEVICE

Message text	[APID: UINT32, RADIOID: UCHAR]; [STRING] detected.
Variable fields	$1: AP ID. $2: Radio ID. $3: Interference devices. Options include the following: ¡ Microwave ovens. ¡ Microwave oven inverters. ¡ Bluetooth devices. ¡ Other fixed frequency devices. ¡ Cordless phones using fixed frequency. ¡ Video devices using fixed frequency. ¡ Audio devices using fixed frequency. ¡ Other hopper frequency devices. ¡ Frequency-hopping cordless phone bases. ¡ Frequency-hopping cordless networks (2.4 GHz). ¡ Microsoft Xboxes. ¡ Other devices. ¡ Frequency-hopping cordless networks (5 GHz).
Severity level	5
Example	WSA/5/WSA_DEVICE: [APID: 1, RADIODID: 2]; Bluetooth devices detected.
Explanation	The radio interface of an AP detected an interference device.
Recommended action	Determine whether the device has suffered an attack.