Login
| Title | Size | Downloads |
|---|---|---|
| H3C Access Controllers System Log Messages Reference(R14xx_R12xx)-6W101-book.pdf | 4.18 MB |
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| book | 4.18 MB |
|
H3C Access Controllers System Log Messages Reference |
Document version: 6W101-20240923
Copyright © 2024 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice
Contents
Managing and obtaining system log messages
Obtaining log messages from the console terminal
Obtaining log messages from a monitor terminal
Obtaining log messages from the log buffer
Obtaining log messages from the log file
Obtaining log messages from a log host
ACL_ACCELERATE_NONCONTIGUOUSMASK
ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP
ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG
ARP_ACTIVE_ACK_NOREQUESTED_REPLY
ARP_USER_DUPLICATE_IPADDR_DETECT
Application audit and management messages
AUDIT_RULE_MATCH_AS_IPV4_LOG (system log)
AUDIT_RULE_MATCH_FILE_IPV4_LOG (system log)
AUDIT_RULE_MATCH_FORUM_IPV4_LOG (system log)
AUDIT_RULE_MATCH_IM_IPV4_LOG (system log)
AUDIT_RULE_MATCH_MAIL_IPV4_LOG (system log)
AUDIT_RULE_MATCH_OTHER_IPV4_LOG (system log)
AUDIT_RULE_MATCH_SEARCH_IPV4_LOG (system log)
AUDIT_RULE_MATCH_AS_IPV4_LOG (fast log)
AUDIT_RULE_MATCH_FILE_IPV4_LOG (fast log)
AUDIT_RULE_MATCH_FORUM_IPV4_LOG (fast log)
AUDIT_RULE_MATCH_IM_IPV4_LOG (fast log)
AUDIT_RULE_MATCH_MAIL_IPV4_LOG (fast log)
AUDIT_RULE_MATCH_OTHER_IPV4_LOG (fast log)
AUDIT_RULE_MATCH_SEARCH_IPV4_LOG (fast log)
AUDIT_RULE_MATCH_AS_IPV6_LOG (system log) (fast log)
AUDIT_RULE_MATCH_FILE_IPV6_LOG (system log) (fast log)
AUDIT_RULE_MATCH_FORUM_IPV6_LOG (system log) (fast log)
AUDIT_RULE_MATCH_IM_IPV6_LOG (system log) (fast log)
AUDIT_RULE_MATCH_MAIL_IPV6_LOG (system log) (fast log)
AUDIT_RULE_MATCH_OTHER_IPV6_LOG (system log) (fast log)
AUDIT_RULE_MATCH_SEARCH_IPV6_LOG (system log) (fast log)
AVC_THRESHOLDWARNING_FASTLOGGING_FMT
AVC_THRESHOLDWARNING_FASTLOGGING_IPV6FMT
DEV_BOARD_RUNNING_FAULT_REBOOT
DOT1X_CLEAR_MAX_USER_THRESHOLD
DOT1X_LOGIN_SUCC (in open mode)
DOT1X_LOGOFF_ABNORMAL (in open mode)
DOT1X_NOTENOUGH_EADFREEMSEG_RES
DOT1X_NOTENOUGH_EADFREERULE_RES
DOT1X_NOTENOUGH_EADMACREDIR_RES
DOT1X_NOTENOUGH_EADPORTREDIR_RES
DOT1X_NOTENOUGH_ENABLEDOT1X_RES
IDENTITY_IMC_IMPORT_FAILED_NO_MEMORY
IDENTITY_LDAP_IMPORT_FAILED_NO_MEMORY
FLEXE_BANDWIDTH_MISMATCH_RECOVER
FLEXE_BANDWIDTH_REDUCE_RECOVER
FLEXE_CLIENTID_MISMATCH_RECOVER
FLEXE_GROUPMEMBER_FAULT_RECOVER
FLEXE_PHYGROUP_MISMATCH_RECOVER
IF_BUFFER_CONGESTION_OCCURRENCE
IP6ADDR_CREATEADDRESS_CONFLICT
IP6FW_SETTING_FAILED_HOPLIMITEXCEED
IP6FW_SETTING_FAILED_HOPLIMITUNVARIED
IPFW_SETTING_FAILED_TTLUNVARIED
IPSEC_GLOBAL_FLAG_LOGP2MPENABLE
LAGG_INACTIVE_RESOURCE_INSUFICIE
LLDP_NEIGHBOR_PROTECTION_BLOCK
LLDP_NEIGHBOR_PROTECTION_UNBLOCK
LOCALSVR_FAIL_TO_WRITETIME2FILE
MAC_VLAN_LEARNLIMIT_NORESOURCE
MAC_VLAN_LEARNLIMIT_NOTSUPPORT
MACA_LOGIN_SUCC (in open mode)
NAT_SERVICE_CARD_RECOVER_FAILURE
ND_SET_VLAN_REDIRECT_NORESOURCE
ND_SNOOPING_LEARN_ALARM_RECOVER
NQA_TWAMP_LIGHT_PACKET_INVALID
QOS_QMPROFILE_MODIFYQUEUE_FAIL
SSLVPN_HTTP_BIND_ADDRESS_INUSED
SSLVPN_HTTP_BIND_PORT_ALLOCETED
SSLVPN_IPAC_ALLOC_ADDR_SUCCESS
SSLVPN_IPAC_RELEASE_ADDR_SUCCESS
STAMGR_AUTHORUSERPROFILE_FAILURE
STAMGR_STA_ADDMOB_LKUP_ENDOFIOCTL
VLAN_CREATEVLAN_NO_ENOUGH_RESOUR
Introduction
This document includes the following system messages:
· Messages specific to the access controller
· Messages for the Comware 9 software platform. Some platform system messages might not be available on the access controller.
This document is intended only for managing H3C access controllers. Do not use this document for any other device models.
This document assumes that the readers are familiar with data communications technologies and H3C networking products.
System log message format
By default, the system log messages use one of the following formats depending on the output destination:
· Log host:
<PRI>TIMESTAMP Sysname %%vendorMODULE/severity/MNEMONIC: location; CONTENT
· Destinations except for the log host:
Prefix TIMESTAMP Sysname MODULE/severity/MNEMONIC: CONTENT
|
|
NOTE: Log message examples in this document use the format for destinations except the log host. They do not contain elements available only for the log host, including the location element. |
Table 1 System log message elements
|
Element |
Description |
|
<PRI> |
Priority identifier. This element is contained only in messages sent to the log host. It is calculated by using the following formula: Priority identifier=facilityx8+severity Where: · Facility is specified by using the info-center loghost command. A log host uses this parameter to identify log sources and filter log messages. · Severity represents the importance of the message. For more information about severity levels, see Table 2. |
|
Prefix |
Message type identifier. This element is contained in the system log messages sent to non-log-host destinations. The element uses the following symbols to indicate message severity: · Percentage sign (%)—Informational and higher levels. · Asterisk (*)—Debug level. |
|
TIMESTAMP |
Date and time when the event occurred. The following are commands for configuring the timestamp format: · Log host—Use the info-center timestamp loghost command. · Non-log-host destinations—Use the info-center timestamp command. |
|
Sysname |
Name or IP address of the device that generated the message. |
|
%%vendor |
Manufacturer flag. This element is %%10 for H3C. This element is only available in messages sent to the log host. |
|
MODULE |
Name of the module that produced the message. |
|
severity |
Severity level of the message. (For more information about severity levels, see Table 2.) |
|
MNEMONIC |
Text string that uniquely identifies the system message. The maximum length is 32 characters. |
|
location |
Optional. This element identifies where the message occurred. This element is contained only in messages sent to the log host. This element presents location information for the message in the following format: -attribute1=x-attribute2=y…-attributeN=z The following are examples of location attributes: · -MDC=XX, which represents the MDC on which the message occurred. · -DevIp=XXX.XXX.XXX.XXX, which represents the source IP of the message. · -Slot=XX, which represents the slot on which the message occurred. · -Chassis=XX-Slot=XX, which represents the chassis and slot on which the message occurred. This element is separated from the message description by using a semicolon (;). |
|
CONTENT |
Text string that contains detailed information about the event or error. For variable fields in this element, this document uses the representations in Table 3. The CONTENT field in most log messages is represented by one or multiple sentences, for example, VTY logged in from 192.168.1.21. Certain log messages are used only to record parameter values. The CONTENT field for such messages is represented in the format of key info 1;key info 2,..key info n. The key information can be one of the following formats: · Keyword(keyword ID)=Value · Keyword(keyword ID)=(Text ID)Text description The IDs are factory default parameters that enable the log host software (for example, security management system) to parse keyword content: · The keyword ID represents the keyword before the ID. · The text ID represents the text description after the ID. For example, in the key information streamAlarmType(1032)=(42)Too fast speed of TCP session to destination IP, value 1032 represents keyword streamAlarmType, and value 42 represents text description Too fast speed of TCP session to destination IP. |
System log messages are classified into eight severity levels from 0 to 7. The lower the number, the higher the severity, as shown in Table 2.
Table 2 System log message severity levels
|
Level |
Severity |
Description |
|
0 |
Emergency |
The system is unusable. For example, the system authorization has expired. |
|
1 |
Alert |
Action must be taken immediately. For example, traffic on an interface exceeds the upper limit. |
|
2 |
Critical |
Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails. |
|
3 |
Error |
Error condition. For example, the link state changes or a storage card is unplugged. |
|
4 |
Warning |
Warning condition. For example, an interface is disconnected, or the memory resources are used up. |
|
5 |
Notification |
Normal but significant condition. For example, a terminal logs in to the device, or the device reboots. |
|
6 |
Informational |
Informational message. For example, a command or a ping operation is executed. |
|
7 |
Debug |
Debugging message. |
For variable fields in the message text, this document uses the representations in Table 3. The values are case insensitive, even though the representations are uppercase letters.
Table 3 Variable field representations
|
Representation |
Information type |
|
INT16 |
Signed 16-bit decimal number. |
|
UINT16 |
Unsigned 16-bit decimal number. |
|
INT32 |
Signed 32-bit decimal number. |
|
UINT32 |
Unsigned 32-bit decimal number. |
|
INT64 |
Signed 64-bit decimal number. |
|
UINT64 |
Unsigned 64-bit decimal number. |
|
DOUBLE |
Two dot-separated signed 32-bit decimal numbers. The format is [INTEGER].[INTEGER]. |
|
HEX |
Hexadecimal number. |
|
CHAR |
Single character. |
|
STRING |
Character string. |
|
IPADDR |
IP address. |
|
MAC |
MAC address. |
|
DATE |
Date. |
|
TIME |
Time. |
Managing and obtaining system log messages
You can manage system log messages by using the information center.
By default, the information center is enabled. Log messages can be output to the console, monitor terminal, log buffer, log host, and log file.
To filter log messages, use the info-center source command to specify log output rules. A log output rule specifies the source modules and the lowest severity level of log messages that can be output to a destination. A log message is output if its severity level is higher than or equal to the specified level. For example, if you specify a severity level of 6 (informational), log messages that have a severity level from 0 to 6 are output.
For more information about using the information center, see the network management and monitoring configuration guide for the product.
Obtaining log messages from the console terminal
Access the device through the console port. Real-time log messages are displayed on the console terminal.
Obtaining log messages from a monitor terminal
Monitor terminals refer to terminals that access the device through the AUX, VTY, or TTY lines (for example, Telnet). To obtain log messages from a monitor terminal, use the following guidelines:
· To display log messages on the monitor terminal, you must configure the terminal monitor command.
· For monitor terminals, the lowest level of log messages that can be displayed is determined by both the terminal logging level and info-center source commands.
|
|
NOTE: Settings for the terminal monitor and terminal logging level commands take effect only on the current login session. The default settings for the commands restore at a relogin. |
Obtaining log messages from the log buffer
Use the display logbuffer command to display history log messages in the log buffer.
Obtaining log messages from the log file
By default, the log file feature automatically saves logs from the log file buffer to the log file every 24 hours. You can use the info-center logfile frequency command to change the automatic saving internal.
To manually save logs to the log file, use the logfile save command. The log file buffer is cleared each time a save operation is performed.
By default, you can obtain the log file from the flash:/logfile path if the device only supports the fixed storage medium flash.
To view the contents of the log file on the device, use the more command.
Obtaining log messages from a log host
Use the info-center loghost command to specify the service port number and IP address of a log host. To specify multiple log hosts, repeat the command.
For a successful log message transmission, make sure the specified port number is the same as the port number used on the log host. The default service port number is 514.
Software module list
Table 4 lists all software modules that might produce system log messages. This document uses "OPENSRC" to represent all open source modules.
|
Module name representation |
Module name expansion |
|
AAA |
Authentication, Authorization and Accounting |
|
ACL |
Access Control List |
|
APMGR |
Access Point Management |
|
ARP |
Address Resolution Protocol |
|
AUDIT |
Audit |
|
AVC |
Application Visible Control |
|
CFGMAN |
Configuration Management |
|
DEV |
Device Management |
|
DHCPR |
IPv4 DHCP Relay |
|
DHCPS |
DHCP Server |
|
DHCPS6 |
DHCPv6 Server |
|
DHCPSP4 |
DHCP Snooping |
|
DHCPSP6 |
DHCPv6 Snooping |
|
DIAG |
Diagnosis |
|
DIM |
DPI Engine |
|
DOT1X |
802.1X |
|
FNOTIFY |
Fnotify |
|
FS |
File System |
|
HOTPLUG |
Hotplug |
|
HTTPD |
Hypertext Transfer Protocol Daemon |
|
IDENTITY |
Identity |
|
IFMON |
Interface Monitor |
|
IFNET |
Interface Net Management |
|
IP6ADDR |
IPv6 Addressing |
|
IP6FW |
IPv6 Forwarding |
|
IPADDR |
IP Addressing |
|
IPFW |
IP Forwarding |
|
IPS |
Intrusion Prevention System |
|
IPSEC |
IP Security |
|
L2TPV2 |
Layer 2 Tunneling Protocol Version 2 |
|
LAGG |
Link Aggregation |
|
License |
License |
|
LIPC |
Leopard Inter-process Communication |
|
LLDP |
Link Layer Discovery Protocol |
|
LOAD |
Load Management |
|
LOGIN |
Login |
|
LPDT |
Loopback Detection |
|
LS |
Local Server |
|
MAC |
Media Access Control |
|
MACA |
MAC Authentication |
|
MFIB |
Multicast Forwarding Information Base |
|
NAT |
Network Address Translation |
|
ND |
Neighbor Discovery |
|
NETCONF |
Network Configuration Protocol |
|
NQA |
Network Quality Analyzer |
|
NTP |
Network Time Protocol |
|
OPTMOD |
Optical Module |
|
OSPF |
Open Shortest Path First |
|
PBR |
Policy-Based Routing |
|
PFILTER |
Packet Filter |
|
PING |
Packet Internet Groper |
|
PKG |
Package |
|
PKI |
Public Key Infrastructure |
|
PKT2CPU |
Packet to CPU |
|
PORTAL |
Portal |
|
PPP |
Point to Point Protocol |
|
PPPOES |
PPP over Ethernet Server |
|
PWDCTL |
Password Control |
|
QOS |
Quality of Service |
|
RADIUS |
Remote Authentication Dial In User Service |
|
RIP |
Routing Information Protocol |
|
RIPNG |
Routing Information Protocol Next Generation |
|
RM |
Routing Management |
|
RRM |
Radio Resource Management |
|
RTM |
Real-Time Event Manager |
|
SCMD |
Service Control Manager |
|
SECP |
Security Policy |
|
SESSION |
Session |
|
SHELL |
Shell |
|
SNMP |
Simple Network Management Protocol |
|
SSHS |
Secure Shell Server |
|
SSL VPN |
Secure Sockets Layer Virtual Private Network |
|
STAMGR |
Station Management |
|
STP |
Spanning Tree Protocol |
|
SYSLOG |
System Log |
|
TACACS |
Terminal Access Controller Access Control System |
|
VLAN |
Virtual Local Area Network |
|
VRRP |
Virtual Router Redundancy Protocol |
|
VSRP |
Virtual Service Redundancy Protocol |
|
WIPS |
Wireless Intrusion Prevention System |
|
WSA |
Wireless Spectrum Analysis |
Using this document
This document categorizes system log messages by software module. The modules are ordered alphabetically. Except for OPENSRC, the system log messages for each module are listed in alphabetic order of their mnemonic names. The OPENSRC messages are unordered because they use the same mnemonic name (SYSLOG). For each OPENSRC message, the section title uses a short description instead of the mnemonic name.
This document explains messages in tables. Table 5 describes information provided in these tables.
Table 5 Message explanation table contents
|
Item |
Content |
Example |
|
Message text |
Presents the message description. |
ACL [UINT32] [STRING] [UINT64] packet(s). |
|
Variable fields |
Briefly describes the variable fields in the order that they appear in the message text. The variable fields are numbered in the "$Number" form to help you identify their location in the message text. |
$1: ACL number. $2: ID and content of an ACL rule. $3: Number of packets that matched the rule. |
|
Severity level |
Provides the severity level of the message. |
6 |
|
Example |
Provides a real message example. The examples do not include the "<PRI>TIMESTAMP Sysname %%vendor" part or the "Prefix TIMESTAMP Sysname" part, because information in this part varies with system settings. |
ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s). |
|
Explanation |
Explains the message, including the event or error cause. |
Number of packets that matched an ACL rule. This message is sent when the packet counter changes. |
|
Recommended action |
Provides recommended actions. For informational messages, no action is required. |
No action is required. |
AAA messages
This section contains AAA messages.
AAA_FAILURE
|
Message text |
-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA failed. |
|
Variable fields |
$1: AAA type. $2: AAA scheme. $3: Service. $4: Username. |
|
Severity level |
5 (Notification) |
|
Example |
AAA/5/AAA_FAILURE: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA failed. |
|
Impact |
No negative impact on the system. |
|
Cause |
An AAA request was rejected. The following are the common reasons: · No response was received from the server. · The username or password was incorrect. · The service type that the user applied for was incorrect. |
|
Recommended action |
1. Verify that the device is correctly connected to the server. 2. Enter the correct username and password. 3. Verify that the server settings are the same as the settings on the device. 4. If the problem persists, collect the device configuration file, log information, and alarm information, and contact H3C Support. |
AAA_LAUNCH
|
Message text |
-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA launched. |
|
Variable fields |
$1: AAA type. $2: AAA scheme. $3: Service. $4: Username. |
|
Severity level |
6 (Informational) |
|
Example |
AAA/6/AAA_LAUNCH: -AAAType=AUTHEN-AAADomain=domain1-Service=login-UserName=cwf@system; AAA launched. |
|
Impact |
No negative impact on the system. |
|
Cause |
The user attempts to come online through AAA authentication. |
|
Recommended action |
No action is required. |
AAA_SUCCESS
|
Message text |
-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA succeeded. |
|
Variable fields |
$1: AAA type. $2: AAA scheme. $3: Service. $4: Username. |
|
Severity level |
6 (Informational) |
|
Example |
AAA/6/AAA_SUCCESS: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA succeeded. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device accepted an AAA request. |
|
Recommended action |
No action is required. |
ACL messages
This section contains ACL messages.
ACL_ACCELERATE_NO_RES
|
Message text |
Failed to accelerate [STRING] ACL [UINT32]. The resources are insufficient. |
|
Variable fields |
$1: ACL type. $2: ACL number. |
|
Severity level |
4 (Warning) |
|
Example |
ACL/4/ACL_ACCELERATE_NO_RES: Failed to accelerate IPv6 ACL 2001. The resources are insufficient. |
|
Impact |
If the ACL contains a large number of rules, the packet match speed will be affected, and the connection establishment time or packet forwarding efficiency will be affected. |
|
Cause |
Hardware resources were insufficient for accelerating an ACL. |
|
Recommended action |
Delete some rules or disable ACL acceleration for other ACLs to release hardware resources. |
ACL_ACCELERATE_NONCONTIGUOUSMASK
|
Message text |
Failed to accelerate IPv4 ACL [UINT32]. ACL acceleration supports only contiguous wildcard masks. |
|
Variable fields |
$1: ACL number. |
|
Severity level |
4 (Warning) |
|
Example |
ACL/4/ACL_ACCELERATE_NONCONTIGUOUSMASK: Failed to accelerate ACL 2001. ACL acceleration supports only contiguous wildcard masks. |
|
Impact |
If the ACL contains a large number of rules, the packet match speed will be affected, and the connection establishment time or packet forwarding efficiency will be affected. |
|
Cause |
ACL acceleration failed because rules containing noncontiguous wildcard masks exist in the ACL. |
|
Recommended action |
Modify or delete the ACL rules containing noncontiguous wildcard masks. |
ACL_ACCELERATE_NOT_SUPPORT
|
Message text |
Failed to accelerate [STRING] ACL [UINT32]. The operation is not supported. |
|
Variable fields |
$1: ACL type. $2: ACL number. |
|
Severity level |
4 (Warning) |
|
Example |
ACL/4/ACL_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 ACL 2001. The operation is not supported. |
|
Impact |
If the ACL contains a large number of rules, the packet match speed will be affected, and the connection establishment time or packet forwarding efficiency will be affected. |
|
Cause |
ACL acceleration failed because the system does not support ACL acceleration. |
|
Recommended action |
No action is required. |
ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP
|
Message text |
Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support the rules that contain the hop-by-hop keywords. |
|
Variable fields |
$1: ACL number. |
|
Severity level |
4 (Warning) |
|
Example |
ACL/4/ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP: Failed to accelerate IPv6 ACL 3001. ACL acceleration does not support the rules that contain the hop-by-hop keywords. |
|
Impact |
If the ACL contains a large number of rules, the packet match speed will be affected, and the connection establishment time or packet forwarding efficiency will be affected. |
|
Cause |
ACL acceleration failed for the IPv6 ACL because rules containing the hop-by-hop keyword exist in the ACL. |
|
Recommended action |
Delete the ACL rules containing the hop-by-hop keyword. |
ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG
|
Message text |
Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support specifying multiple TCP flags in one rule. |
|
Variable fields |
$1: ACL number. |
|
Severity level |
4 (Warning) |
|
Example |
ACL/4/ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG: Failed to accelerate IPv6 ACL 3001. ACL acceleration does not support specifying multiple TCP flags in one rule. |
|
Impact |
If the ACL contains a large number of rules, the packet match speed will be affected, and the connection establishment time or packet forwarding efficiency will be affected. |
|
Cause |
ACL acceleration failed for the IPv6 ACL because rules containing multiple TCP flags (ACK, FIN, PSH, RST, SYN, and URG) exist in the ACL. |
|
Recommended action |
Retain only one TCP flag in the IPv6 ACL rules or delete the IPv6 ACL rules. |
ACL_ACCELERATE_UNK_ERR
|
Message text |
Failed to accelerate [STRING] ACL [UINT32]. |
|
Variable fields |
$1: ACL type. $2: ACL number. |
|
Severity level |
4 (Warning) |
|
Example |
ACL/4/ACL_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 ACL 2001. |
|
Impact |
If the ACL contains a large number of rules, the packet match speed will be affected, and the connection establishment time or packet forwarding efficiency will be affected. |
|
Cause |
ACL acceleration failed because of an unknown error. |
|
Recommended action |
1. Execute the undo accelerate command and then execute the accelerate command. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
ACL_IPV6_STATIS_INFO
|
Message text |
IPv6 ACL [UINT32] [STRING] [UINT64] packet(s). |
|
Variable fields |
$1: ACL number. $2: ID and content of an IPv6 ACL rule. $3: Number of packets that matched the rule. |
|
Severity level |
6 (Informational) |
|
Example |
ACL/6/ACL_IPV6_STATIS_INFO: IPv6 ACL 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s). |
|
Impact |
No negative impact on the system. |
|
Cause |
The number of packets matching the IPv6 ACL rule changed. |
|
Recommended action |
No action is required. |
ACL_NO_MEM
|
Message text |
Failed to configure [STRING] ACL [UINT32] due to lack of memory. |
|
Variable fields |
$1: ACL type. $2: ACL number. |
|
Severity level |
3 (Error) |
|
Example |
ACL/3/ACL_NO_MEM: Failed to configure IPv4 ACL 2001 due to lack of memory. |
|
Impact |
The ACL cannot take effect. |
|
Cause |
Configuring the ACL failed because memory is insufficient. |
|
Recommended action |
Use the display memory-threshold command to check the memory usage. · If the memory usage is too high, increase memory. · If the memory usage is abnormal, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
ACL_STATIS_INFO
|
Message text |
ACL [UINT32] [STRING] [UINT64] packet(s). |
|
Variable fields |
$1: ACL number. $2: ID and content of an IPv4 ACL rule. $3: Number of packets that matched the rule. |
|
Severity level |
6 (Informational) |
|
Example |
ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s). |
|
Impact |
No negative impact on the system. |
|
Cause |
The number of packets matching the IPv4 ACL rule changed. |
|
Recommended action |
No action is required. |
APMGR
This section contains access point management messages.
AP_CREATE_FAILURE
|
Message text |
Failed to create an AP with entity ID [UINT32] and model [STRING]. Reason: Region code is not available. |
|
Variable fields |
$1: AP ID. $2: AP model. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/AP_CREATE_FAILURE: Failed to create an AP with entity ID 1 and model WA2620i-AGN. Reason: Region code is not available. |
|
Impact |
The AP cannot come online. |
|
Cause |
The region code is unavailable. |
|
Recommended action |
Configure the region code in global configuration view. |
AP_REBOOT_REASON
|
Message text |
AP in Run state is rebooting. Reason: The physical status of the radio is down. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/AP_REBOOT_REASON: AP in Run state is rebooting. Reason: The physical status of the radio is down. |
|
Impact |
No negative impact on the system. |
|
Cause |
The physical state of the radio is down. |
|
Recommended action |
1. Identify whether the radio configuration is correct after the AP restarts. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
APMGR_AP_CFG_FAILED
|
Message text |
Failed to reset AP [STRING]. Reason: The AP is writing an image file into the flash. |
|
Variable fields |
$1: Name of the AP. |
|
Severity level |
4 (Warning) |
|
Example |
APMGR/4/APMGR_CFG_FAILD; Failed to reset AP ap2. Reason: The AP is writing an image file into the flash. |
|
Impact |
No negative impact on the system. |
|
Cause |
Failed to restart an AP from the AC by using the download file command to download a file from the AC. |
|
Recommended action |
Restart the AP after the AP completes downloading files from the AC. |
APMGR_AP_ONLINE
|
Message text |
The AP failed to come online in discovery stage. Reason: AP model [$1] is not supported. |
|
Variable fields |
$1: AP model. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_AP_ONLINE: The AP failed to come online in discovery stage. Reason: AP model wa2620i-AGN is not supported. |
|
Impact |
The AP cannot come online. |
|
Cause |
The AC received an onboarding request from an AP model that the AC does not support. |
|
Recommended action |
Use an AP model that the AC supports. |
APMGR_GET_AP_MODEL_FAILURE
|
Message text |
Failed to get an AP model because no region code is configured globally or for AP group [STRING] . |
|
Variable fields |
$1: AP group name. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_GET_AP_MODEL_FAILURE: Failed to get an AP model because no region code is configured globally or for AP group g2. |
|
Impact |
No negative impact on the system. |
|
Cause |
No region code is configured on the device. |
|
Recommended action |
Configure an available region code in global configuration or AP group view. |
APMGR_LOG_ADD_AP_FAIL
|
Message text |
AP [STRING] failed to come online using serial ID [STRING]: MAC address [STRING] is being used by AP [STRING]. |
|
Variable fields |
$1: Name of the AP. $2: Serial number of the AP. $3: MAC address of the AP. $4: Name of the AP. |
|
Severity level |
4 (Warning) |
|
Example |
APMGR/4/APMGR_LOG_ADD_AP_FAIL: AP ap1 failed to come online using serial ID 01247ef96: MAC address 0023-7961-5201 is being used by AP ap2. |
|
Impact |
The AP cannot come online. |
|
Cause |
During the AP's onboarding process, adding the MAC address fails because it already exists, preventing the AP from coming online. |
|
Recommended action |
Delete either the manual AP that has the MAC address or the serial ID. |
APMGR_LOG_MEMALERT
|
Message text |
The memory usage of the AC has reached the threshold. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
APMGR/4/APMGR_LOG_MEMALERT: The memory usage of the AC has reached the threshold. |
|
Impact |
The AP cannot come online. |
|
Cause |
The memory usage of the AC has reached the threshold when the AP was created. |
|
Recommended action |
Do not create APs, and new APs are not allowed to come online. |
APMGR_LOG_NOLICENSE
|
Message text |
AP failed to come online in [STRING]. Reason: No license for the [STRING]. |
|
Variable fields |
$1: State of the AP · discover: Discovery stage. · join: Join stage. $2: AP type. · common AP: Common fit AP. · WTU AP: WTU. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_LOG_NOLICENSE: AP failed to come online in discover. Reason: No license for the common AP. |
|
Impact |
The AP cannot come online. |
|
Cause |
The number of online common APs or WTUs has reached the maximum allowed by the license. |
|
Recommended action |
Purchase a license to increase the number of APs. |
APMGR_LOG_OFFLINE
|
Message text |
AP [STRING] went offline. State changed to Idle. |
|
Variable fields |
$1: Name of the AP. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_LOG_OFFLINE: AP ap1 went offline. State changed to Idle. |
|
Impact |
No negative impact on the system. |
|
Cause |
Possible causes are: · The AP proactively went offline. · The AP went offline unexpectedly. |
|
Recommended action |
· If the AP proactively went offline, no action is required. · If the AP went offline unexpectedly, use debugging information to locate and resolve the issue. · If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
APMGR_LOG_ONLINE
|
Message text |
AP [STRING] came online. State changed to Run. |
|
Variable fields |
$1: Name of the AP. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/APMGR_LOG_ONLINE: AP ap1 came online. State changed to Run. |
|
Impact |
No negative impact on the system. |
|
Cause |
The AP came online and entered running state. |
|
Recommended action |
No action is required. |
APMGR_LOG_ONLINE_FAILED
|
Message text |
[STRING] ([STRING]) failed to come online in join state. Reason: [STRING] ([STRING]) was offline. |
|
Variable fields |
$1: Type of the managed device. $2: Serial ID of the managed device. $3: Type of the managing device. $4: Serial ID of the managing device. |
|
Severity level |
6 (Informational) |
|
Example |
· APMGR/6/APMGR_AP_ONLINE_FAILED: WTU (219801A0WA916BQ12535) failed to come online in join state. Reason: WT (219801A11UC173000153) was offline. · APMGR/6/APMGR_AP_ONLINE_FAILED: WAP (219801A0VW916AG00254) failed to come online in join state. Reason: SPM (219801A13DB05B0004350) was offline. |
|
Impact |
Both the managing and managed devices are unavailable. |
|
Cause |
Possible causes are: · A WTU cannot come online if the WT that manages the WTU is not online. · When an SPM is operating in centralized management mode, a WAP cannot come online when the SPM is not online. |
|
Recommended action |
· Identify why the WT is not online and onboard it. · Identify why the SPM is not online and onboard it. |
APMGR_REACH_MAX_APNUMBER
|
Message text |
An AP failed to come online: Maximum number of APs already reached. |
|
|
Variable fields |
N/A |
|
|
Severity level |
4 (Warning) |
|
|
Example |
APMGR/4/APMGR_REACH_MAX_APNEMBER: An AP failed to come online: Maximum number of APs already reached. |
|
|
Impact |
The AP cannot come online. |
|
|
Cause |
The number of APs associated with the AC has reached the upper limit. |
|
|
Recommended action |
No action is required. |
|
APMGR_ERROR
|
Message text |
Failed to install WLAN feature package. Reason: Insufficient hardware resources. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/ERROR : Failed to install WLAN feature package. Reason: Insufficient hardware resources. |
|
Impact |
The WLAN feature package is unavailable. |
|
Cause |
The hardware resources are exhausted. |
|
Recommended action |
1. Manually uninstall the WLAN feature package, identify the reason why the hardware resources are exhausted, and then re-install the WLAN feature package. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
CWS_IMG_DOWNLOAD_FAILED
|
Message text |
Failed to download image file[STRING1] for [STRING2] [STRING3]. |
|
Variable fields |
$1: Name of the file to be downloaded. $2: Device category, AP or local AC. $3: Name of the AP or local AC. |
|
Severity level |
6 (Informational) |
|
Example |
CWS/6/CWS_IMG_DOWNLOAD_FAILED: Failed to download image file wa4300.ipe for AP ap1. |
|
Impact |
The AP or local AC cannot obtain the image file. |
|
Cause |
Network flapping occurred. |
|
Recommended action |
· Identify whether the image file on the AC/central AC matches the model of the AP/local AC. · Identify whether the network connection between the AP and the AC is normal. |
_DOWN
|
Message text |
CAPWAP tunnel to AP [STRING] went down. Reason: [STRING]. |
|
|
Variable fields |
$1: AP name configured on the AC. $2: Reason for tunnel disconnection. · Neighbor dead timer expired. · AP was reset by admin. · AP was reset by CloudTunnel. · AP was reset on cloud. · WT was offline. · AP was deleted. · Serial number changed. · Processed join request in Run state. · Failed to retransmit message. · Received WTP tunnel down event from AP. · Backup AC closed the backup tunnel. · Backup AP upgrade failed. · AC is inactive. · Tunnel switched. · N/A. |
|
|
Severity level |
6 (Informational) |
|
|
Example |
CWS/6/CWS_AP_DOWN: CAPWAP tunnel to AP ap1 went down. Reason: AP was reset by admin. |
|
|
Impact |
No negative impact on the system. |
|
|
Cause |
See the output for the tunnel disconnection reason. |
|
|
Recommended action |
1. Examine the network connection between the AP and the AC. 2. Verify that the AP is correctly configured. 3. Verify that the AC is correctly configured. 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
|
CWS_AP_UP
|
Message text |
[STRING] CAPWAP tunnel to AP [STRING] went up. |
|
Variable fields |
$1: Role of the tunnel to the AP. · Master. · Backup. $2: Name or serial number of the AP. |
|
Severity level |
6 (Informational) |
|
Example |
CWS/6/CWS_AP_UP: Backup CAPWAP tunnel to AP ap1 went up. |
|
Impact |
No negative impact on the system. |
|
Cause |
The AP was connected to the AC successfully and entered Run state. |
|
Recommended action |
No action is required. |
CWS_AP_UP
|
Message text |
[STRING] CAPWAP tunnel to AP [STRING] went up. |
|
Variable fields |
$1: Role of the tunnel to the AP. · Master. · Backup. $2: Name or serial number of the AP. |
|
Severity level |
6 (Informational) |
|
Example |
CWS/6/CWS_AP_UP: Backup CAPWAP tunnel to AP ap1 went up. |
|
Impact |
No negative impact on the system. |
|
Cause |
The AP was connected to the AC successfully and entered Run state. |
|
Recommended action |
No action is required. |
CWS_IMG_DOWNLOAD_COMPLETE
|
Message text |
System software image file [STRING] downloading through the CAPWAP tunnel for AP [STRING] completed. |
|
Variable fields |
$1: Image file name. $2: AP name. |
|
Severity level |
6 (Informational) |
|
Example |
CWS/6/CWS_IMG_DOWNLOAD_COMPLETE: System software image file 5800.ipe downloading through the CAPWAP tunnel for AP ap2 completed. |
|
Impact |
No negative impact on the system. |
|
Cause |
The AP downloaded the image file from the AC successfully. |
|
Recommended action |
No action is required. |
CWS_IMG_DOWNLOAD_FAILED
|
Message text |
Failed to download image file [STRING] for the AP. AC memory is not enough. |
|
Variable fields |
$1: Image file name. |
|
Severity level |
6 (Informational) |
|
Example |
CWS/6/CWS_IMG_DOWNLOAD_FAILED: Failed to download image file wa4300anchor.ipe for the AP. AC memory is not enough. |
|
Impact |
The AP cannot obtain the image file. |
|
Cause |
The memory of the AC is insufficient. |
|
Recommended action |
· Release memory resources. For example, you can execute the logfile save command to manually save all information in the log buffer to the log file to release the memory resources used by the log buffer. · Execute the display memory command to display memory usage. ¡ If the memory usage does not drop below the threshold, execute the display process command to display the memory usage of user processes. If a process uses a significant amount of memory, you can enable or disable its corresponding software feature to release memory. ¡ If the memory usage drops below the alarm threshold, the memory alarm is cleared and the TCL monitoring policy remains effective. No action is required. · If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
CWS_IMG_DOWNLOAD_START
|
Message text |
AP [STRING] started to download the system software image file [STRING]. |
|
Variable fields |
$1: AP name configured on the AC. $2: Image file name. |
|
Severity level |
6 (Informational) |
|
Example |
CWS/6/CWS_IMG_DOWNLOAD_START: AP ap1 started to download the system software image file 5800.ipe. |
|
Impact |
No negative impact on the system. |
|
Cause |
The AP started to download the image file from the AC. |
|
Recommended action |
No action is required. |
CWS_IMG_OPENFILE_FAILED
|
Message text |
Failed to open the image file [STRING]. |
|
Variable fields |
$1: Path where the image file for the AP is located on the AC. |
|
Severity level |
3 (Error) |
|
Example |
CWS/3/CWS_IMG_OPENFILE_FAILED: Failed to open the image file slot1#cfa0:/wa5600.ipe. |
|
Impact |
The image file cannot be opened on the AP. |
|
Cause |
The image file is too large, causing image file loading timeout, or the memory resource for the device is insufficient. |
|
Recommended action |
· Use an image file with a small size. · Release memory resources. For example, you can execute the logfile save command to manually save all information in the log buffer to the log file to release the memory resources used by the log buffer. · Execute the display memory command to display memory usage. ¡ If the memory usage does not drop below the threshold, execute the display process command to display the memory usage of user processes. If a process uses a significant amount of memory, you can enable or disable its corresponding software feature to release memory. ¡ If the memory usage drops below the alarm threshold, the memory alarm is cleared and the TCL monitoring policy remains effective. No action is required. · If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
CWS_RUN_DOWNLOAD_COMPLETE
|
Message text |
File [STRING] successfully downloaded through the CAPWAP tunnel for AP [STRING]. |
|
Variable fields |
$1: Image file name. $2: AP name configured on the AC. |
|
Severity level |
6 (Informational) |
|
Example |
CWS/6/CWS_RUN_DOWNLOAD_COMPLETE: File ac.cfg successfully downloaded through the CAPWAP tunnel for AP ap2. |
|
Impact |
No negative impact on the system. |
|
Cause |
The AP has completed downloading the image file. |
|
Recommended action |
No action is required. |
CWS_RUN_DOWNLOAD_START
|
Message text |
AP [STRING] started to download the file [STRING]. |
|
Variable fields |
$1: AP name configured on the AC. $2: Image file name. |
|
Severity level |
6 (Informational) |
|
Example |
CWS/6/CWS_RUN_DOWNLOAD_START: AP ap1 started to download the file ac.cfg. |
|
Impact |
No negative impact on the system. |
|
Cause |
The AP started to download the configuration file. |
|
Recommended action |
No action is required. |
RADIO
|
Message text |
APMGR/6/RADIO: Current channel usage [UINT32] of radio [CHAR] on AP [STRING] exceeded the threshold. |
|
Variable fields |
$1: Current channel usage. $2: Radio ID. $3: AP name. |
|
Severity level |
6 (Informational) |
|
Example |
APMGR/6/RADIO: Current channel usage 63% of radio 2 on AP ap1 exceeded the threshold. |
|
Impact |
No negative impact on the system. |
|
Cause |
The current channel usage is higher than the channel usage threshold. |
|
Recommended action |
Use the channel command to switch the channel to a channel with lower usage. |
ARP
This section contains ARP messages.
ARP_ACTIVE_ACK_NO_REPLY
|
Message text |
No ARP reply from IP [STRING] was received on interface [STRING]. |
|
Variable fields |
$1: IP address. $2: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_ACTIVE_ACK_NO_REPLY: No ARP reply from IP 192.168.10.1 was received on interface Ethernet0/1/0. |
|
Impact |
No negative impact on the system. |
|
Cause |
Possible causes include: · The ARP active acknowledgement feature detects an attack. · The interface sends an ARP request to the sender IP address of the received ARP packet but does not receive an ARP reply. |
|
Recommended action |
1. Verify that the learned ARP entries on the device are consistent with the existing legal devices. When gateways and servers are on the network, check the ARP entries for these devices first. 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_ACTIVE_ACK_NOREQUESTED_REPLY
|
Message text |
Interface [STRING] received from IP [STRING] an ARP reply that was not requested by the device. |
|
Variable fields |
$1: Interface name. $2: IP address. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_ACTIVE_ACK_NOREQUESTED_REPLY: Interface GigabitEthernet1/0/1 received from IP 192.168.10.1 an ARP reply that was not requested by the device. |
|
Impact |
Some normal ARP response packets might be discarded. |
|
Cause |
Possible causes include: · The ARP active acknowledgement feature detects an attack. · The interface receives an ARP reply when it does not send an ARP request to the sender IP address of the ARP packet. |
|
Recommended action |
1. Check for ARP packet attacks in the network by capturing packets to find the source of the attack 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_BINDRULETOHW_FAILED
|
Failed to download binding rule to hardware on the interface [STRING], SrcIP [IPADDR], SrcMAC [MAC], VLAN [UINT16], Gateway MAC [MAC]. |
|
|
Variable fields |
$1: Interface name. $2: Source IP address. $3: Source MAC address. $4: VLAN ID. $5: Gateway MAC address. |
|
Severity level |
5 (Notification) |
|
Example |
ARP/5/ARP_BINDRULETOHW_FAILED: Failed to download binding rule to hardware on the interface Ethernet1/0/1, SrcIP 1.1.1.132, SrcMAC 0015-E944-A947, VLAN 1, Gateway MAC 00A1-B812-1108. |
|
Impact |
No negative impact on the system. |
|
Cause |
Binding rule delivery failed due to insufficient hardware resources, insufficient memory, or other hardware errors. |
|
Recommended action |
1. Execute the display qos-acl resource command to verify whether there are sufficient hardware ACL resources. If there are, go to step 2 If there are not, cancel some ACL configurations or accept the current result. 2. Execute the display memory command to verify whether there are sufficient memory resources. If there are, go to step 3 If there are not, cancel some configurations or accept the current result. 3. Hardware error occurred, cancel the last relevant configuration and try again. 4. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_DETECTION_LOG
|
Message text |
Detected an ARP attack on interface [STRING]: IP [STRING], MAC [STRING], VLAN [STRING]. [UINT32] packet(s) dropped. |
|
Variable fields |
$1: Interface name. $2: IP address. $3: MAC address. $4: VLAN ID $5: Discarded message count |
|
Severity level |
5 (Notification) |
|
Example |
ARP/5/ARP_DETECTION_LOG: Detected an ARP attack on interface GigabitEthernet1/0/1: IP 1.1.1.1, MAC 1-1-1, VLAN 100. 2 packet(s) dropped. |
|
Impact |
No negative impacts on the system. |
|
Cause |
After ARP Detection function is enabled, there may be packet loss on the interface due to ARP Detection function check |
|
Recommended action |
1. Check the legitimacy of the host sending the ARP message. If the host is illegal, the network connection of the host needs to be disconnected 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_DUPLICATE_IPADDR_DETECT
|
Message text |
Detected an IP address conflict. The device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] and the device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] were using the same IP address [IPADDR]. |
|
Variable fields |
$1: MAC address. $2: Interface name. (Including Tunnel interface, Layer 3 interface, and Ethernet service instance, etc.) $3: VSI name. $4: Source MAC address of the conflicting peer $5: Source interface name of the conflicting peer (Including Tunnel interface, Layer 3 interface, and Ethernet service instance, etc.) $6: VSI name of the conflicting peer $7: Conflicting IP address |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ ARP_DUPLICATE_IPADDR_DETECT: Detected an IP address conflict. The device with MAC address 00-00-01 connected to interface Ethernet0/0/1 service-instance 1000 in VSI vpna and the device with MAC address 00-00-02 connected to interface tunnel 10 in VSI vpna were using the same IP address 192.168.1.1. |
|
Impact |
There may be IP address configuration conflicts in the network, which may cause route flapping, disruption of user services or traffic, and other faults |
|
Cause |
The interface receives ARP packets with conflicting IP addresses from the sender compared to the IP addresses learned in the ARP table of this device |
|
Recommended action |
1. Verify whether there are devices with the same IP address configured in the network, and adjust the IP address of the conflicting device 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_DYNAMIC
|
Message text |
The maximum number of dynamic ARP entries for the device reached. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_DYNAMIC: The maximum number of dynamic ARP entries for the device reached. |
|
Impact |
possibly unable to learn new dynamic ARP entries due to insufficient resources, leading to service interruption |
|
Cause |
When the total number of dynamic ARP entries learned on the device reaches the maximum, print this prompt log |
|
Recommended action |
1. Execute the display arp command to view dynamic ARP entries 2. Execute the arp max-learning-number command to increase the maximum number of dynamic ARP entries that the device can learn 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_DYNAMIC_IF
|
Message text |
The maximum number of dynamic ARP entries for interface [STRING] reached. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_DYNAMIC_IF: The maximum number of dynamic ARP entries for interface GigabitEthernet1/0/1 reached. |
|
Impact |
It may not be possible to learn new dynamic ARP entries due to insufficient resources, resulting in service interruption |
|
Cause |
When the total number of dynamic ARP entries learned on the interface reaches the maximum value, print this log prompt |
|
Recommended action |
1. Execute the display arp command to view dynamic ARP entries on the specified interface 2. Based on network planning and business provisioning, Verify whether the dynamic ARP entries learned on the interface are necessary for the user ¡ If the dynamic ARP entries are necessary for the user, go to step 3 ¡ If the dynamic ARP entries are not necessary for the user, and ensure that the service is not affected, execute the undo arp command to delete the specified ARP entry 3. Execute the arp max-learning-num command to increase the maximum number of dynamic ARP entries allowed to be learned on the specified interface 4. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_DYNAMIC_SLOT
|
Message text |
Pattern 1: The maximum number of dynamic ARP entries for slot [INT32] reached. Pattern 2: The maximum number of dynamic ARP entries for chassis [INT32] slot [INT32] reached. |
|
Variable fields |
Pattern 1: $1: Slot number. Pattern 2: $1: Chassis number. $2: Slot number. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_DYNAMIC_SLOT: The maximum number of dynamic ARP entries for slot 2 reached. ARP/6/ARP_DYNAMIC_SLOT: The maximum number of dynamic ARP entries for chassis 1 slot 2 reached. |
|
Impact |
It may be unable to learn new dynamic ARP entries due to insufficient resources, resulting in service interruption |
|
Cause |
Pattern 1: The number of dynamic ARP entries learned on the specified slot reaches the maximum value Pattern 2: The number of dynamic ARP entries learned on the specified slot in the chassis reaches the maximum value |
|
Recommended action |
1. Execute the command 'display arp' to view dynamic ARP entries on the specified board 2. Check whether the learned dynamic ARP entries are necessary according to network planning and business provisioning ¡ If the dynamic ARP entries are necessary, go to step 3 ¡ If the dynamic ARP entries are not necessary, and the service is not affected, execute the command 'undo arp' to delete the specified ARP entry 3. Execute the command 'arp max-learning-number' to increase the maximum number of dynamic ARP entries that can be learned on the specified board 4. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_ENTRY_CONFLICT
|
Message text |
The software entry for [STRING] on [STRING] and the hardware entry did not have the same [STRING]. |
|
Variable fields |
$1: IP address. $2: VPN-instance name. If the ARP belongs to the public network, it will be displayed as the public network $3: Inconsistent entry parameter type · MAC address: MAC address. · output interface: ARP entry's output interface · output port: ARP entry's output port · outermost layer VLAN ID: Layer 1 VLAN tag · second outermost layer VLAN ID: Layer 2 VLAN tag · VSI index: VSI index · link ID: VSI outbound link identifier |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.1 on the VPN a and the hardware entry did not have the same MAC address, output port, VSI index, and link ID. ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.2 on the public network and the hardware entry did not have the same MAC address, output port, VSI index, and link ID. |
|
Impact |
Possible causes for abnormal business traffic interruption or forwarding to the wrong port |
|
Cause |
Due to insufficient resources or software runtime errors, there is a discrepancy between hardware forwarding entry information and the information recorded in memory |
|
Recommended action |
No action is required. ARP will actively refresh the hardware entry |
ARP_ENTRY_ENOUGHRESOURCE
|
Message text |
Issued the software entry to the driver for IPv4 address [STRING] on VPN instance [STRING]. Issued the software entry to the driver for IPv4 address [STRING] on the public network. |
|
Variable fields |
$1: IPv4 address. $2: VPN instance name. If the ARP entry belongs to the public network, the VPN instance-related field is not displayed. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_ENTRY_ENOUGHRESOURCE: Issued the software entry to the driver for IPv4 address 10.1.1.1 on VPN instance vpn_1. ARP/6/ARP_ENTRY_ENOUGHRESOURCE: Issued the software entry to the driver for IPv4 address 10.1.1.2 on the public network. |
|
Impact |
No negative impact on the system. |
|
Cause |
After enabling the ARP consistency check function through the arp consistency-check enable command, if the hardware entries are successfully refreshed based on the software ARP entries, this log will be output. |
|
Recommended action |
No action is required. |
ARP_ENTRY_INCONSISTENT
|
Message text |
Inconsistent software and hardware ARP entries for IPv4 address [STRING] on VPN instance [STRING]. Inconsistent parameters: [STRING]. Inconsistent software and hardware ARP entries for IPv4 address [STRING] on the public network. Inconsistent parameters: [STRING]. |
|
Variable fields |
$1: IPv4 address. $2: VPN instance name. If the ARP entry belongs to the public network, the VPN instance-related field is not displayed. $3: Inconsistent entry parameter types MAC address: MAC address. output interface: Outgoing interface of ARP entry output port: Outgoing port of ARP entry outermost layer VLAN ID: First layer VLAN tag second outermost layer VLAN ID: Second layer VLAN tag VSI index: VSI index. link ID: VSI outgoing link identifier |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_ENTRY_INCONSISTENT: Inconsistent software and hardware ARP entries for IPv4 address 10.1.1.1 on VPN instance vpn_1. Inconsistent parameters: MAC address, output port, VSI index, and link ID. ARP/6/ARP_ENTRY_INCONSISTENT: Inconsistent software and hardware ARP entries for IPv4 address 10.1.1.2 on the public network. Inconsistent parameters: MAC address, output port, VSI index, and link ID. |
|
Impact |
This may cause abnormal business traffic interruption |
|
Cause |
After enabling the ARP consistency check function with the 'arp consistency-check enable' command, if the device detects inconsistencies between ARP software entries and hardware entries (such as the output interface of ARP entry), this log will be output |
|
Recommended action |
No action is required. The ARP module will automatically refresh the hardware entries based on the ARP software entries |
ARP_ENTRY_NORESOURCE
|
Message text |
Not enough hardware resources to issue the software entry to the driver for IPv4 address [STRING] on VPN instance [STRING]. Not enough hardware resources to issue the software entry to the driver for IPv4 address [STRING] on the public network. |
|
Variable fields |
$1: IPv4 address. $2: VPN instance name. If the ARP entry belongs to the public network, the VPN instance-related field is not displayed. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_ENTRY_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IPv4 address 10.1.1.1 on VPN instance vpn_1. ARP/6/ARP_ENTRY_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IPv4 address 10.1.1.2 on the public network. |
|
Impact |
No negative impact on the system. |
|
Cause |
After enabling ARP entry consistency check function through the arp consistency-check enable command, if there are insufficient ARP hardware entry resources when the ARP software entry is issued, this log will be output |
|
Recommended action |
No action is required. The ARP module will proactively refresh the hardware entries based on ARP software entries |
ARP_HOST_IP_CONFLICT
|
Message text |
The host [STRING] connected to interface [STRING] cannot communicate correctly, because it uses the same IP address as the host connected to interface [STRING]. |
|
Variable fields |
$1: IP address. $2: Interface name. $3: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
ARP/4/ARP_HOST_IP_CONFLICT: The host 1.1.1.1 connected to interface GigabitEthernet1/0/1 cannot communicate correctly, because it uses the same IP address as the host connected to interface GigabitEthernet1/0/2. |
|
Impact |
May cause user business or traffic disruption |
|
Cause |
Possible causes include: · Different hosts connected under this device are configured with the same IP address · Possible ARP attack in the network |
|
Recommended action |
1. According to the log information, check the configuration of the conflicting hosts under the corresponding interface and adjust the IP address 2. Check the legitimacy of the host sending the ARP message. If the host is illegitimate, disconnect it from the network 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_LOCALPROXY_ENABLE_FAILED
|
Message text |
Failed to enable local proxy ARP on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
ARP/4/ARP_LOCALPROXY_ENABLE_FAILED: Failed to enable local proxy ARP on interface VSI-interface 1. |
|
Impact |
May cause user service or traffic interruption |
|
Cause |
Possible causes include: · Enabling local proxy ARP function on the interface fails · When the local proxy ARP function is enabled on the MPU but fails on a non-MPU, the corresponding non-MPU prints this prompt log |
|
Recommended action |
1. Verify whether the corresponding board of the device supports configuring the local proxy ARP function 2. Verify whether the hardware resources of the device are sufficient and remove unnecessary configurations 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_RATE_EXCEEDED
|
Message text |
The ARP packet rate ([UINT32] pps) exceeded the rate limit ([UINT32] pps) on interface [STRING] in the last [UINT32] seconds. |
|
Variable fields |
$1: ARP message rate $2: ARP message rate limit $3: Interface name. $4: Interval |
|
Severity level |
4 (Warning) |
|
Example |
ARP/4/ARP_RATE_EXCEEDED: The ARP packet rate (100 pps) exceeded the rate limit (80 pps) on interface Ethernet0/1/0 in the last 10 seconds. |
|
Impact |
ARP message rate on the interface exceeds the ARP rate limit and may affect normal ARP learning and response, causing traffic forwarding failure |
|
Cause |
ARP message rate on the interface exceeds the ARP rate limit |
|
Recommended action |
1. Verify whether the ARP messages received on the interface are normal ¡ If all received ARP messages are reasonable, execute the arp rate-limit command to increase the value of ARP message rate limit on the specified interface ¡ If abnormal ARP messages are detected, go to step 2 2. Use packet capture to check for ARP message attacks in the network and find the source of the attack 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_RATELIMIT_NOTSUPPORT
|
Message text |
Pattern 1: ARP packet rate limit is not support on slot [INT32]. Pattern 2: ARP packet rate limit is not support on chassis [INT32] slot [INT32]. |
|
Variable fields |
Pattern 1: $1: Slot number. Pattern 2: $1: Chassis number. $2: Slot number. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_RATELIMIT_NOTSUPPORT: ARP packet rate limit is not support on slot 2. |
|
Impact |
No negative impact on the system. |
|
Cause |
Pattern 1: Unspecified slot does not support ARP packet rate limiting function Pattern 2: Slot specified within chassis does not support ARP packet rate limiting function |
|
Recommended action |
No action is required. |
ARP_SENDER_IP_INVALID
|
Message text |
Sender IP [STRING] was not on the same network as the receiving interface [STRING]. |
|
Variable fields |
$1: IP address. $2: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_SENDER_IP_INVALID: Sender IP 192.168.10.2 was not on the same network as the receiving interface GigabitEthernet1/0/1. |
|
Impact |
There may be ARP attacks in the network, affecting the normal operation of the device. |
|
Cause |
Possible causes include: · The IP address configuration of the ARP message sender is incorrect and does not belong to the same network segment as the corresponding interface. · The host sending the ARP message is not legitimate, and there may be ARP attacks in the network. |
|
Recommended action |
1. Check the legitimacy of the IP address of the ARP message sender's host. ¡ If the host is illegal, it needs to be disconnected from the network. ¡ If the host is legal, then, while ensuring that the business is not affected, adjust the IP address of the host and the corresponding interface to be in the same network segment. 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_SENDER_MAC_INVALID
|
Message text |
Sender MAC [STRING] was not identical to Ethernet source MAC [STRING] on interface [STRING]. |
|
Variable fields |
$1: MAC address. $2: MAC address. $3: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_SENDER_MAC_INVALID: Sender MAC 0000-5E14-0E00 was not identical to Ethernet source MAC 0000-5C14-0E00 on interface GigabitEthernet1/0/1. |
|
Impact |
There may be ARP attacks in the network, affecting the normal operation of the device |
|
Cause |
The host that sends the ARP message is not legitimate, and there may be ARP attacks in the network |
|
Recommended action |
1. Check the legitimacy of the MAC address of the ARP message sender's host. If the host is illegal, it needs to be disconnected from the network 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_SENDER_SMACCONFLICT
|
Message text |
Packet was discarded because its sender MAC address was the MAC address of the receiving interface. Interface: [STRING], sender IP: [STRING], target IP: [STRING]. |
|
Variable fields |
$1: Interface name. $2: Sender IP. $3: Target IP. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ ARP_SENDER_SMACCONFLICT: Packet was discarded because its sender MAC address was the MAC address of the receiving interface. Interface: GigabitEthernet1/0/1 sender IP: 1.1.2.2 target IP: 1.1.2.1, |
|
Impact |
User services might be interrupted. |
|
Cause |
The sender's MAC address in the ARP packet conflicts with the interface MAC address of the receiving packet, possible reasons include: · There may be a terminal MAC address in the network that is the same as the MAC address of this interface · There may be a loop in the network |
|
Recommended action |
1. Configure STP to check for loops in the network 2. Check for devices with the same MAC address in the network ¡ If the conflicting device with the MAC address is identified, adjust the MAC address of the conflicting device while ensuring that the business is not affected ¡ If the device with the conflicting MAC address cannot be identified, adjust the MAC address of the corresponding interface while ensuring that the business is not affected 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_SENDER_SMACCONFLICT_VSI
|
Message text |
Packet was discarded because its sender MAC address was the MAC address of the receiving interface. Interface: [STRING], sender IP: [STRING], target IP: [STRING],VSI index: [UINT32], link ID: [UINT32]. |
|
Variable fields |
$1: Interface name. $2: Sender IP. $3: Target IP. $4: VSI index. $5: link ID |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ ARP_SENDER_SMACCONFLICT_VSI: Packet was discarded because its sender MAC address was the MAC address of the receiving interface. Interface: VSI3 sender IP: 1.1.2.2 target IP: 1.1.2.1, VSI Index: 2, Link ID: 0 |
|
Impact |
User services might be interrupted. |
|
Cause |
The sender's MAC address in the ARP message conflicts with the MAC address of the VSI interface receiving the message. Possible reasons include: · There may be a terminal with the same MAC address as the interface in the network · There may be a loop in the network |
|
Recommended action |
1. Configure STP to check for loops in the network 2. Check for devices with the same MAC address in the network ¡ If the conflicting device's MAC address can be identified, adjust the MAC address of the conflicting device while ensuring that the business is not affected ¡ If the device causing the MAC address conflict cannot be identified, adjust the MAC address of the corresponding interface while ensuring that the business is not affected 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_SRC_MAC_FOUND_ATTACK
|
Message text |
An attack from MAC [STRING] was detected on interface [STRING]. |
|
Variable fields |
$1: MAC address. $2: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_SRC_MAC_FOUND_ATTACK: An attack from MAC 0000-5E14-0E00 was detected on interface GigabitEthernet1/0/1. |
|
Impact |
Some normal ARP packets may be discarded, affecting normal business |
|
Cause |
The ARP attack detection function with a fixed source MAC address detects an attack. Within 5 seconds, if ARP packets with the same source MAC address (fixed source MAC address) exceed a certain threshold |
|
Recommended action |
1. Check the legitimacy of the host corresponding to this source MAC address ¡ If the host is legitimate, execute the 'arp source-mac exclude-mac' command to configure the MAC address as a protected MAC address ¡ If the host is illegitimate, the host's network needs to be disconnected or the 'arp source-mac filter' command needs to be executed to configure the detection mode of the ARP attack detection function with a fixed source MAC address as filtering mode 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_SUP_ENABLE_FAILED
|
Message text |
Failed to enable ARP flood suppression on VSI [STRING]. |
|
Variable fields |
$1: VSI name. |
|
Severity level |
4 (Warning) |
|
Example |
ARP/4/ARP_SUP_ENABLE_FAILED: Failed to enable ARP flood suppression on VSI vpna. |
|
Impact |
This may cause ARP table overflow, unable to cache normal user ARP entries, thereby affecting normal packet forwarding. |
|
Cause |
Possible causes include: · The device does not support enabling ARP flooding suppression within VSI. · Insufficient hardware resources on the device. |
|
Recommended action |
1. Verify whether the device supports configuring ARP flooding suppression within VSI. 2. Verify whether the device has sufficient hardware resources, and remove unnecessary configurations. 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_TARGET_IP_INVALID
|
Message text |
Target IP [STRING] was not the IP of the receiving interface [STRING]. |
|
Variable fields |
$1: IP address. $2: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_TARGET_IP_INVALID: Target IP 192.168.10.2 was not the IP of the receiving interface GigabitEthernet1/0/1. |
|
Impact |
There may be ARP attacks in the network, affecting the normal operation of devices |
|
Cause |
The host sending the ARP packet is illegal, and there may be ARP attacks in the network |
|
Recommended action |
1. Verify whether the received ARP packet is a broadcast packet ¡ If it is, no action is required. ¡ If it is not, go to step 2 2. Check the legitimacy of the host that sent the ARP packet, if the host is illegal, the network connection should be terminated 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_THRESHOLD_REACHED
|
Message text |
The alarm threshold for dynamic ARP entry learning was reached on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
ARP/4/ARP_THRESHOLD_REACHED: The alarm threshold for dynamic ARP entry learning was reached on interface GigabitEthernet1/0/1 |
|
Impact |
It may be unable to learn new ARP entries due to insufficient resources, resulting in service interruption |
|
Cause |
The number of dynamic ARP entries learned on the current interface has reached the alarm threshold |
|
Recommended action |
1. Execute the 'display arp' command to view the dynamic ARP entries on the specified interface 2. According to network planning and provisioning, Verify whether the dynamic ARP entries learned on the interface are necessary for the user ¡ If the dynamic ARP entries are necessary for the user, go to step 3 ¡ If the dynamic ARP entries are not necessary for the user, and ensure that the service is not affected, execute the 'undo arp' command to delete the specified ARP entries 3. Check for ARP packet attacks in the network by capturing packets and identify the source of the attack 4. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
ARP_USER_DUPLICATE_IPADDR_DETECT
|
Message text |
Detected a user IP address conflict. New user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) connecting on interface [STRING] and old user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) connecting on interface [STRING] were using the same IP address [IPADDR]. |
|
Variable fields |
$1: New user's MAC address $2: Outer VLAN where the new user is located $3: Inner VLAN where the new user is located $4: Interface name connecting the new user $5: Old user's MAC address $6: Outer VLAN where the old user is located $7: Inner VLAN where the old user is located $8: Interface name connecting the old user $9: IP address of the terminal user |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_USER_DUPLICATE_IPADDR_DETECT: Detected a user IP address conflict. New user (MAC 0010-2100-01e1, SVLAN 100, CVLAN 10) connecting on interface GigabitEthernet1/0/1 and old user (MAC 0120-1e00-0102, SVLAN 100, CVLAN 10) connecting on interface GigabitEthernet1/0/1 were using the same IP address 192.168.1.1. |
|
Impact |
Possible conflicting IP addresses in the network, which may cause user service or traffic disruption and other faults |
|
Cause |
New user's IP address is the same as an old user's IP address |
|
Recommended action |
Check all terminal user IP addresses, adjust conflicting user IP addresses, and resolve IP address conflict issues |
ARP_USER_MOVE_DETECT
|
Message text |
Detected a user (IP address [IPADDR], MAC address [STRING]) moved to another interface. Before user move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. After user move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. |
|
Variable fields |
$1: IP address of the user. $2: MAC address of the user. $3: Interface name before migration. $4: Outer VLAN of the user before migration. $5: Inner VLAN of the user before migration. $6: Interface name after migration. $7: Outer VLAN of the user after migration. $8: Inner VLAN of the user after migration. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/ARP_USER_MOVE_DETECT: Detected a user (IP address 192.168.1.1, MAC address 0010-2100-01e1) moved to another interface. Before user move: interface GigabitEthernet1/0/1, SVLAN 100, CVLAN 10. After user move: interface GigabitEthernet1/0/2, SVLAN 100, CVLAN 10. |
|
Impact |
User services might be interrupted. When a large number of user migration operations occur, it may reduce device performance. |
|
Cause |
After you enable recording user port migrations, ARP detects an endpoint user port migration. |
|
Recommended action |
1. Use the display arp user-move record command to view the endpoint user migration information and check whether the migration is reasonable. 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
DUPIFIP
|
Message text |
Duplicate address [STRING] on interface [STRING], sourced from [STRING]. |
|
Variable fields |
$1: IP address. $2: Interface name. $3: MAC address. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/DUPIFIP: Duplicate address 1.1.1.1 on interface GigabitEthernet1/0/1, sourced from 0015-E944-A947. |
|
Impact |
User services might be interrupted. |
|
Cause |
There are other devices in the network configured with the same IP address as the IP address of this interface |
|
Recommended action |
1. Verify whether another device in the network has the same IP address as the interface, and edit the IP addresses to ensure no address conflict exists. 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
DUPIP
|
Message text |
IP address [STRING] conflicted with global or imported IP address, sourced from [STRING]. |
|
Variable fields |
$1: IP address. $2: MAC address. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/DUPIP: IP address 30.1.1.1 conflicted with global or imported IP address, sourced from 0000-0000-0001. |
|
Impact |
User services might be interrupted. |
|
Cause |
There are other devices in the network with the same IP address as the global or imported IP address of this device |
|
Recommended action |
1. Verify whether another device in the network has the same IP address as the device, and edit the IP addresses to ensure no address conflict exists. 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
DUPVRRPIP
|
Message text |
IP address [STRING] conflicted with VRRP virtual IP address on interface [STRING], sourced from [STRING]. |
|
Variable fields |
$1: IP address. $2: Interface name. $3: MAC address. |
|
Severity level |
6 (Informational) |
|
Example |
ARP/6/DUPVRRPIP: IP address 1.1.1.1 conflicted with VRRP virtual IP address on interface GigabitEthernet1/0/1, sourced from 0015-E944-A947. |
|
Impact |
User services might be interrupted. |
|
Cause |
There are other devices in the network configured with the same IP address as the VRRP virtual IP address of this device |
|
Recommended action |
1. Verify whether there are other devices in the network configured with the same IP address as the VRRP virtual IP address of this device, and adjust the IP address of the conflicting device 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
Application audit and management messages
This section contains application audit and management messages.
AUDIT_RULE_MATCH_AS_IPV4_LOG (system log)
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv4 address. $3: Source port. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application protocol name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: Client type. $16: Application software version. $17: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_AS_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=tonghuashun;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for an entertainment or stock application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_FILE_IPV4_LOG (system log)
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],FileName(1097)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv4 address. $3: Source port. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application protocol name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: File name. $15: Client type. $16: Application software version. $17: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_FILE_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=ftp;Behavior(1101)=UploadFile;BehaviorContent(1102)={Account(1103)=ghj123,FileName(1097)=abc.txt};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for a file transfer application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_FORUM_IPV4_LOG (system log)
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv4 address. $3: Source port. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application protocol name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: Client type. $16: Application software version. $17: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_FORUM_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=SinaWeibo;Behavior(1101)=Comment;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for a social networking application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_IM_IPV4_LOG (system log)
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING],FileName(1097)=[STRING],FileSize(1105)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv4 address. $3: Source port. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application protocol name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: File name. $16: File size. $17: Client type. $18: Application software version. $19: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_IM_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=QQ;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=12345678,Content(1104)=test,FileName(1097)=text,FileSize(1105)=152389};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for an IM application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_MAIL_IPV4_LOG (system log)
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Sender_addr(1106)=[STRING],Receiver_addr(1107)=[STRING],Subject(1108)=[STRING],Body(1109)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv4 address. $3: Source port. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application protocol name. $11: Application behavior. $12: Application behavior content. $13: Sender. $14: Receiver. $15: Subject. $16: Body. $17: Client type. $18: Application software version. $19: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_MAIL_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=smtp;Behavior(1101)=SendMail;BehaviorContent(1102)={Sender_addr(1106)="wb"<[email protected]>,Receiver_addr(1107)=<[email protected]>,Subject(1108)=test,Body(1109)=abc};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for an email application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_OTHER_IPV4_LOG (system log)
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Password(1112)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv4 address. $3: Source port. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application protocol name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Password. $15: Content. $16: Client type. $17: Application software version. $18: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_OTHER_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=Telnet;Behavior(1101)=Download;BehaviorContent(1102)={Account(1103)=hjk123456,Password(1112)=hhh123,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for an unclassified application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_SEARCH_IPV4_LOG (system log)
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Keyword(1095)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv4 address. $3: Source port. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application protocol name. $11: Application behavior. $12: Application behavior content. $13: Keyword. $14: Client type. $15: Application software version. $16: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_SEARCH_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=BaiduSearch;Behavior(1101)=Search;BehaviorContent(1102)={Keyword(1095)=12345678};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for a search engine application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_AS_IPV4_LOG (fast log)
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv4 address. $3: Source port. $4: Source IPv4 address after NAT. $5: Source port number after NAT. $6: Destination IPv4 address. $7: Destination port number. $8: Destination IPv4 address after NAT. $9: Destination port number after NAT. $10: Source security zone name. $11: Destination security zone name. $12: Username. $13: Application audit and management policy name. $14: Application protocol name. $15: Application behavior. $16: Application behavior content. $17: Account. $18: Content. $19: Client type. $20: Application software version. $21: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_AS_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;NATSrcIPAddr(1005)=200.20.20.2;NATSrcPort(1006)=50753;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;NATDstIPAddr(1009)=192.168.56.2;NATDstPort(1010)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=tonghuashun;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for an entertainment or stock application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_FILE_IPV4_LOG (fast log)
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],FileName(1097)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv4 address. $3: Source port. $4: Source IPv4 address after NAT. $5: Source port number after NAT. $6: Destination IPv4 address. $7: Destination port number. $8: Destination IPv4 address after NAT. $9: Destination port number after NAT. $10: Source security zone name. $11: Destination security zone name. $12: Username. $13: Application audit and management policy name. $14: Application protocol name. $15: Application behavior. $16: Application behavior content. $17: Account. $18: File name. $19: Client type. $20: Application software version. $21: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_FILE_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;NATSrcIPAddr(1005)=200.20.20.2;NATSrcPort(1006)=50753;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;NATDstIPAddr(1009)=192.168.56.2;NATDstPort(1010)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=ftp;Behavior(1101)=UploadFile;BehaviorContent(1102)={Account(1103)=ghj123,FileName(1097)=abc.txt};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for a file transfer application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_FORUM_IPV4_LOG (fast log)
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv4 address. $3: Source port. $4: Source IPv4 address after NAT. $5: Source port number after NAT. $6: Destination IPv4 address. $7: Destination port number. $8: Destination IPv4 address after NAT. $9: Destination port number after NAT. $10: Source security zone name. $11: Destination security zone name. $12: Username. $13: Application audit and management policy name. $14: Application protocol name. $15: Application behavior. $16: Application behavior content. $17: Account. $18: Content. $19: Client type. $20: Application software version. $21: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_FORUM_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;NATSrcIPAddr(1005)=200.20.20.2;NATSrcPort(1006)=50753;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;NATDstIPAddr(1009)=192.168.56.2;NATDstPort(1010)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=SinaWeibo;Behavior(1101)=Comment;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for a social networking application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_IM_IPV4_LOG (fast log)
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING],FileName(1097)=[STRING],FileSize(1105)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv4 address. $3: Source port. $4: Source IPv4 address after NAT. $5: Source port number after NAT. $6: Destination IPv4 address. $7: Destination port number. $8: Destination IPv4 address after NAT. $9: Destination port number after NAT. $10: Source security zone name. $11: Destination security zone name. $12: Username. $13: Application audit and management policy name. $14: Application protocol name. $15: Application behavior. $16: Application behavior content. $17: Account. $18: Content. $19: File name. $16: File size. $21: Client type. $22: Application software version. $23: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_IM_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;NATSrcIPAddr(1005)=200.20.20.2;NATSrcPort(1006)=50753;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;NATDstIPAddr(1009)=192.168.56.2;NATDstPort(1010)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=QQ;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=12345678,Content(1104)=test,FileName(1097)=text,FileSize(1105)=152389};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for an IM application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_MAIL_IPV4_LOG (fast log)
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Sender_addr(1106)=[STRING],Receiver_addr(1107)=[STRING],Subject(1108)=[STRING],Body(1109)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv4 address. $3: Source port. $4: Source IPv4 address after NAT. $5: Source port number after NAT. $6: Destination IPv4 address. $7: Destination port number. $8: Destination IPv4 address after NAT. $9: Destination port number after NAT. $10: Source security zone name. $11: Destination security zone name. $12: Username. $13: Application audit and management policy name. $14: Application protocol name. $15: Application behavior. $16: Application behavior content. $17: Sender. $18: Receiver. $19: Subject. $20: Body. $21: Client type. $22: Application software version. $23: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_MAIL_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;NATSrcIPAddr(1005)=200.20.20.2;NATSrcPort(1006)=50753;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;NATDstIPAddr(1009)=192.168.56.2;NATDstPort(1010)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=smtp;Behavior(1101)=SendMail;BehaviorContent(1102)={Sender_addr(1106)="wb"<[email protected]>,Receiver_addr(1107)=<[email protected]>,Subject(1108)=test,Body(1109)=abc};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for an email application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_OTHER_IPV4_LOG (fast log)
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Password(1112)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv4 address. $3: Source port. $4: Source IPv4 address after NAT. $5: Source port number after NAT. $6: Destination IPv4 address. $7: Destination port number. $8: Destination IPv4 address after NAT. $9: Destination port number after NAT. $10: Source security zone name. $11: Destination security zone name. $12: Username. $13: Application audit and management policy name. $14: Application protocol name. $15: Application behavior. $16: Application behavior content. $17: Account. $18: Password. $19: Content. $20: Client type. $21: Application software version. $22: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_OTHER_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;NATSrcIPAddr(1005)=200.20.20.2;NATSrcPort(1006)=50753;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;NATDstIPAddr(1009)=192.168.56.2;NATDstPort(1010)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=Telnet;Behavior(1101)=Download;BehaviorContent(1102)={Account(1103)=hjk123456,Password(1112)=hhh123,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for an unclassified application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_SEARCH_IPV4_LOG (fast log)
|
Message text |
Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Keyword(1095)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv4 address. $3: Source port. $4: Source IPv4 address after NAT. $5: Source port number after NAT. $6: Destination IPv4 address. $7: Destination port number. $8: Destination IPv4 address after NAT. $9: Destination port number after NAT. $10: Source security zone name. $11: Destination security zone name. $12: Username. $13: Application audit and management policy name. $14: Application protocol name. $15: Application behavior. $16: Application behavior content. $17: Keyword. $18: Client type. $19: Application software version. $20: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_SEARCH_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;NATSrcIPAddr(1005)=200.20.20.2;NATSrcPort(1006)=50753;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;NATDstIPAddr(1009)=192.168.56.2;NATDstPort(1010)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=BaiduSearch;Behavior(1101)=Search;BehaviorContent(1102)={Keyword(1095)=12345678};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for a search engine application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_AS_IPV6_LOG (system log) (fast log)
|
Message text |
Protocol(1001)=[STRING];SrcSrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv6 address. $3: Source port. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application protocol name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: Client type. $16: Application software version. $17: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_AS_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=tonghuashun;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for an entertainment or stock application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_FILE_IPV6_LOG (system log) (fast log)
|
Message text |
Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],FileName(1097)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv6 address. $3: Source port. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application protocol name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: File name. $15: Client type. $16: Application software version. $17: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_FILE_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=ftp;Behavior(1101)=UploadFile;BehaviorContent(1102)={Account(1103)=ghj123,FileName(1097)=abc.txt};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv4 packet matches an audit rule for a file transfer application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_FORUM_IPV6_LOG (system log) (fast log)
|
Message text |
Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv6 address. $3: Source port. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application protocol name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: Client type. $16: Application software version. $17: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_FORUM_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=SinaWeibo;Behavior(1101)=Comment;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv6 packet matches an audit rule for a social networking application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_IM_IPV6_LOG (system log) (fast log)
|
Message text |
Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING],FileName(1097)=[STRING],FileSize(1105)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)= [STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv6 address. $3: Source port. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application protocol name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: File name. $16: File size. $17: Client type. $18: Application software version. $19: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_IM_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=QQ;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=12345678,Content(1104)=test,FileName(1097)=text,FileSize(1105)=152389};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv6 packet matches an audit rule for an IM application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_MAIL_IPV6_LOG (system log) (fast log)
|
Message text |
Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Sender_addr(1106)=[STRING],Receiver_addr(1107)=[STRING],Subject(1108)=[STRING],Body(1109)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv6 address. $3: Source port. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application protocol name. $11: Application behavior. $12: Application behavior content. $13: Sender. $14: Receiver. $15: Subject. $16: Body. $17: Client type. $18: Application software version. $19: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_MAIL_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=smtp;Behavior(1101)=SendMail;BehaviorContent(1102)={Sender_addr(1106)="wb"<[email protected]>,Receiver_addr(1107)=<[email protected]>,Subject(1108)=test,Body(1109)=abc};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv6 packet matches an audit rule for an email application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_OTHER_IPV6_LOG (system log) (fast log)
|
Message text |
Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Password(1112)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv6 address. $3: Source port. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application protocol name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Password. $15: Content. $16: Client type. $17: Application software version. $18: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_OTHER_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=Telnet;Behavior(1101)=Download;BehaviorContent(1102)={Account(1103)=hjk123456,Password(1112)=hhh123,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv6 packet matches an audit rule for an unclassified application. |
|
Recommended action |
No action is required. |
AUDIT_RULE_MATCH_SEARCH_IPV6_LOG (system log) (fast log)
|
Message text |
Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Keyword(1095)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IPv6 address. $3: Source port. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application protocol name. $11: Application behavior. $12: Application behavior content. $13: Keyword. $14: Client type. $15: Application software version. $16: Action name. Options include: · Permit. · Deny. |
|
Severity level |
6 (Informational) |
|
Example |
AUDIT/6/AUDIT_RULE_MATCH_SEARCH_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=BaiduSearch;Behavior(1101)=Search;BehaviorContent(1102)={Keyword(1095)=12345678};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when an IPv6 packet matches an audit rule for a search engine application. |
|
Recommended action |
No action is required. |
AVC messages
This section contains bandwidth management messages.
AVC_MATCH_IPV4_LOG
|
Message text |
Application(1002)=[STRING];UserName(1113)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[USHORT];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[USHORT];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];PolicyName(1079)=[STRING];HitTime(1114)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Application name. $2: User name. $3: Source IPv4 address. $4: Source port number. $5: Destination IPv4 address. $6: Destination port number. $7: Source security zone. $8: Destination security zone. $9: Policy name. $10: Hit time. $11: Rule action. |
|
Severity level |
6 (Informational) |
|
Example |
AVC/6/AVC_MATCH_IPV4_LOG:Application(1002)=iQiYiPPS;UserName(1113)=User1;SrcIPAddr(1003)=12.2.2.2;SrcPort(1004)=5141;DstIPAddr(1007)=13.1.1.14;DstPort(1008)=5784;SrcZoneName(1025)=whx;DstZoneName(1035)=hea;PolicyName(1079)=aaa;HitTime(1114)=Wed, 22 May 2019 16:43:47;Action(1053)=drop; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated and sent to the log host as a fast output log if both of the following conditions exist: · A packet matches a traffic rule with a deny action. · The last message was generated before more than 10 seconds. |
|
Recommended action |
Identify whether the traffic rule blocks normal traffic. If yes, modify the traffic rule. |
AVC_MATCH_IPV6_LOG
|
Message text |
Application(1002)=[STRING];UserName(1113)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[USHORT];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[USHORT];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];PolicyName(1079)=[STRING];HitTime(1114)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Application name. $2: User name. $3: Source IPv6 address. $4: Source port number. $5: Destination IPv6 address. $6: Destination port number. $7: Source security zone. $8: Destination security zone. $9: Policy name. $10: Hit time. |
|
Severity level |
6 (Informational) |
|
Example |
AVC/6/AVC_MATCH_IPV6_LOG:Application(1002)=iQiYiPPS;UserName(1113)=User1;SrcIPv6Addr(1036)=12::2;SrcPort(1004)=5141;DstIPv6Addr(1037)=13::4;DstPort(1008)=5784;SrcZoneName(1025)=whx;DstZoneName(1035)=hea;PolicyName(1079)=aaa;HitTime(1114)=Wed, 22 May 2019 16:52:08;Action(1053)=drop; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated and sent to the log host as a fast output log if both of the following conditions exist: · A packet matches a traffic rule with a deny action. · The last message was generated before more than 10 seconds. |
|
Recommended action |
Identify whether the traffic rule blocks normal traffic. If yes, modify the traffic rule. |
AVC_THRESHOLDWARNING_FASTLOGGING_FMT
|
Message text |
SrcIPAddr(1003)=[IPADDR];PolicyName(1079)=[STRING];ProfileName(1158)=[STRING];DeviceInfo(1159)=[STRING];BandwidthUpperLimit(1160)=[UINT32];BandwidthLowerLimit(1161)=[UINT32];UpperWarningValue(1162)=[UINT32];LowerWarningValue(1163)=[UINT32];CurRateValue(1164)=[UINT32];WarningTime(1165)=[STRING];WarningDuration(1166)=[UINT32]; |
|
Variable fields |
$1: Source IPv4 address. $2: Traffic policy name. $3: Traffic profile name. $4: Device information. $5: Maximum bandwidth threshold in kbps. $6: Minimum bandwidth threshold in kbps. $7: Actual rate in kbps that exceeds the maximum bandwidth threshold. $8: Actual rate in kbps that falls below the minimum bandwidth threshold. $9: Current traffic rate in kbps. $10: Warning time when the device detected a threshold violation. $11: Warning duration. (length of time the threshold violation lasted). |
|
Severity level |
6 (Informational) |
|
Example |
AVC/6/AVC_THRESHOLDWARNING_FASTLOGGING_FMT:SrcIPAddr(1003)=192.168.1.8;PolicyName(1079)=a;ProfileName(1158)=p;DeviceInfo(1159)=UNISINSIGHTIPC;BandwidthUpperLimit(1160)=8366;BandwidthLowerLimit(1161)=2091;UpperWarningValue(1162)=6;LowerWarningValue(1163)=6;CurRateValue(1164)=6;WarningTime(1165)=Fri, 8 Oct 2019 17:38:32;WarningDuration(1166)=7; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated and sent to the log host as a fast output log if both of the following conditions exist: · Bandwidth detection is enabled. · A bandwidth threshold violation occurs one minute or more after the previous threshold violation. |
|
Recommended action |
Identify whether the bandwidth thresholds are appropriate. If not, modify the bandwidth thresholds. |
AVC_THRESHOLDWARNING_FASTLOGGING_IPV6FMT
|
Message text |
SrcIPv6Addr(1036)=[IPADDR];PolicyName(1079)=[STRING];ProfileName(1158)=[STRING];DeviceInfo(1159)=[STRING];BandwidthUpperLimit(1160)=[UINT32];BandwidthLowerLimit(1161)=[UINT32];UpperWarningValue(1162)=[UINT32];LowerWarningValue(1163)=[UINT32];CurRateValue(1164)=[UINT32];WarningTime(1165)=[STRING];WarningDuration(1166)=[UINT32]; |
|
Variable fields |
$1: Source IPv6 address. $2: Traffic policy name. $3: Traffic profile name. $4: Device information. $5: Maximum bandwidth threshold in kbps. $6: Minimum bandwidth threshold in kbps. $7: Actual rate in kbps that exceeds the maximum bandwidth threshold. $8: Actual rate in kbps that falls below the minimum bandwidth threshold. $9: Current traffic rate in kbps. $10: Warning time (time when the device detected a threshold violation). $11: Warning duration (length of time the threshold violation lasted). |
|
Severity level |
6 (Informational) |
|
Example |
AVC/6/AVC_THRESHOLDWARNING_FASTLOGGING_IPV6FMT:SrcIPv6Addr(1036)=2001::1;PolicyName(1079)=a;ProfileName(1158)=p;DeviceInfo(1159)=UNISINSIGHTIPC;BandwidthUpperLimit(1160)=8366;BandwidthLowerLimit(1161)=2091;UpperWarningValue(1162)=6;LowerWarningValue(1163)=6;CurRateValue(1164)=6;WarningTime(1165)=Fri, 8 Oct 2019 17:38:32;WarningDuration(1166)=7; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated and sent to the log host as a fast output log if both of the following conditions exist: · Bandwidth detection is enabled. · A bandwidth threshold violation occurs one minute or more after the previous threshold violation. |
|
Recommended action |
Identify whether the bandwidth thresholds are appropriate. If not, modify the bandwidth thresholds. |
CFGMAN messages
This section contains configuration management messages.
CFGMAN_ARCHIVE_SCP_FAIL
|
Message text |
Archive configuration to SCP server failed: IP = [STRING], Directory = [STRING], Username = [STRING] |
|
Variable fields |
$1: IP address of the SCP server. $2: Directory that saves the configuration archives on the SCP server. $3: Username for logging in to the SCP server. |
|
Severity level |
5 (Notification) |
|
Example |
CFGMAN/5/CFGMAN_ARCHIVE_SCP_FAIL: Archive configuration to SCP server failed: IP = 192.168.21.21, Directory = /test/, Username = admin |
|
If you perform a configuration rollback through the SCP server, the rollback will fail. |
|
|
Cause |
· The running configuration failed to be saved locally. · The SCP server cannot be logged in. · The SCP server did not have sufficient storage space. |
|
Recommended action |
1. Verify that the running configuration is saved locally. 2. Verify that you can log in to the SCP server. 3. Verify that the SCP server has sufficient storage space. |
CFGMAN_ARCHIVE_FAIL
|
Message text |
Failed to archive the running configuration to a remote server: Location=[STRING] |
|
Variable fields |
$1: URL address of the remote server. For an FTP server, enter the URL in the format of ftp://username@server address[:port number]/file path. To specify an IPv6 address, enclose the IPv6 address in square brackets ([ ]). For an TFTP server, do not include the username in the URL address. |
|
Severity level |
4 (Warning) |
|
Example |
CFGMAN/4/CFGMAN_ARCHIVE_FAIL: Failed to archive the running configuration to a remote server: Location=ftp://[email protected][:21]/test/ |
|
Impact |
If you perform a configuration rollback through the remote server, the rollback will fail. |
|
Cause |
· The running configuration failed to be saved locally. · The remote server cannot be logged in. · The remote server did not have sufficient storage space. |
|
Recommended action |
1. Verify that the running configuration is saved locally. 2. Verify that you can log in to the remote server. 3. Verify that the remote server has sufficient storage space. |
CFGMAN_CFGCHANGED
|
Message text |
-EventIndex=[INT32]-CommandSource=[INT32]-ConfigSource=[INT32]-ConfigDestination=[INT32]; Configuration changed. |
|
Variable fields |
$1: Event index in the range of 1 to 2147483647. $2: Configuration change source: ¡ cli—The configuration change came from the CLI. ¡ snmp—The configuration change came from SNMP or was a configuration database change detected by SNMP. ¡ other—The configuration change came from other sources. $3: Source configuration: ¡ erase—Deleting or renaming a configuration file. ¡ running—Saving the running configuration. ¡ commandSource—Copying a configuration file. ¡ startup—Saving the running configuration to the next-startup configuration file. ¡ local—Saving the running configuration to a local file. ¡ networkFtp—Using FTP to transfer and save a configuration file to the device as the running configuration or next-startup configuration file. ¡ hotPlugging—A card hot swapping caused the configuration to be deleted or become ineffective. $4: Destination configuration: ¡ erase—Deleting or renaming a configuration file. ¡ running—Saving the running configuration. ¡ commandSource—Copying a configuration file. ¡ startup—Saving the running configuration to the next-startup configuration file. ¡ local—Saving the running configuration to a local file. ¡ networkFtp—Using FTP to transfer and save a configuration file to the device as the running configuration or next-startup configuration file. ¡ hotPlugging—A card hot swapping caused the configuration to be deleted or become ineffective. |
|
Severity level |
5 (Notification) |
|
Example |
CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=6-CommandSource=snmp-ConfigSource=startup-ConfigDestination=running; Configuration changed. |
|
If this log is generated after a service module actively accesses DBM, the system might generate this log continuously. |
|
|
Cause |
This log is generated when one of the following conditions exists: · The configuration in DBM changes after the user performs an operation, such as issuing a command or executing an SNMP or NETCONF operation. · The user performs an operation on the current configuration file, such as deleting, renaming, moving, or saving the configuration file. · A configuration file is downloaded via FTP or TFTP, and overwrites the current configuration file. · A service module actively accesses DBM, causing changes to the configuration in DBM. |
|
Recommended action |
· If this log is caused by a user operation, no action is required. · If this log is generated after a service module actively accesses DBM, contact H3C Support for troubleshooting. |
CFGMAN_OPTCOMPLETION
|
Message text |
-OperateType=[INT32]-OperateTime=[INT32]-OperateState=[INT32]-OperateEndTime=[INT32]; Operation completed. |
|
Variable fields |
$1: Operation type: ¡ running2startup—Saves the running configuration to the next-startup configuration file. ¡ startup2running—Loads the configuration in the next-startup configuration file. ¡ running2net—Saves the running configuration to a host on the network. ¡ net2running—Transfers a configuration file from a host on the network and loads the configuration. ¡ net2startup—Transfers a configuration file from a host on the network and specifies the file as the next-startup configuration file. ¡ startup2net—Copies the next-startup configuration file to a host on the network. $2: Operation start time. $3: Operation status: ¡ InProcess—Operation is in progress. ¡ success—Operation succeeded. ¡ InvalidOperation—Invalid operation. ¡ InvalidProtocol—Invalid protocol. ¡ InvalidSource—Invalid source file name. ¡ InvalidDestination—Invalid destination file name. ¡ InvalidServer—Invalid server address. ¡ DeviceBusy—The device is busy. ¡ InvalidDevice—Invalid device address. ¡ DeviceError—An error occurred on the device. ¡ DeviceNotWritable—The storage medium on the device is write protected. ¡ DeviceFull—The device does not have enough free storage space for the file. ¡ FileOpenError—Failed to open the file. ¡ FileTransferError—Failed to transfer the file. ¡ ChecksumError—File checksum error. ¡ LowMemory—The memory space is not sufficient. ¡ AuthFailed—User authentication failed. ¡ TransferTimeout—Transfer timed out. ¡ UnknownError—An unknown error occurred. ¡ invalidConfig—Invalid configuration. $4: Operation end time. |
|
Severity level |
5 (Notification) |
|
Example |
CFGMAN/5/CFGMAN_OPTCOMPLETION: -OperateType=[running2startup]-OperateTime=[248]-OperateState=[success]-OperateEndTime=[959983]; Operation completed. |
|
Impact |
N/A |
|
Cause |
The user has completed an operation. |
|
Recommended action |
If the operation is not successful, locate and resolve the issue. |
CFGMAN_REPLACE_CANCEL
|
Message text |
Configuration rollback from remote server was canceled: Replacement file=[STRING] |
|
Variable fields |
$1: URL address of the replacement file on the remote server. For an FTP server, enter the URL in the format of ftp://username@server address[:port number]/file path. To specify an IPv6 address, enclose the IPv6 address in square brackets ([ ]). For an TFTP server, do not include the username in the URL address. |
|
Severity level |
5 (Notification) |
|
Example |
CFGMAN/5/CFGMAN_REPLACE_CANCEL: Configuration rollback from remote server was canceled: Replacement file=ftp://[email protected][:21]/test/startup.cfg |
|
Impact |
N/A |
|
Cause |
This log is generated to inform the user that the configuration rollback operation has been canceled under the following conditions: · The configuration replace server file command was executed to enable remote configuration rollback at a specific time. · The system time is changed and exceeds the specified time. As a result, the configuration rollback operation is canceled. |
|
Recommended action |
Re-configure remote configuration rollback as needed. |
CFGMAN_REPLACE_FAIL
|
Message text |
Failed to replace running configuration with a remote configuration file: File=[STRING] |
|
Variable fields |
$1: URL address of the replacement file on the remote server. For an FTP server, enter the URL in the format of ftp://username@server address[:port number]/file path. To specify an IPv6 address, enclose the IPv6 address in square brackets ([ ]). For an TFTP server, do not include the username in the URL address. |
|
Severity level |
4 (Warning) |
|
Example |
CFGMAN/4/CFGMAN_REPLACE_FAIL: Failed to replace running configuration with a remote configuration file: File=ftp://[email protected][:21]/test/startup.cfg |
|
The configuration rollback will fail. |
|
|
Cause |
Possible causes include: · The server cannot be logged in. · The specified configuration file did not exist on the server. · The local storage space was insufficient. · The content and format of the configuration file were incorrect. |
|
Recommended action |
1. Verify that you can access the server successfully. 2. Verify that the specified configuration file exists on the server. 3. Verify that the local storage space is sufficient. 4. Verify that the content and format of the configuration file are correct. |
CFGMAN_REPLACE_SOON
|
Message text |
The system will replace running configuration with a remote file in 1 minute: File=[STRING] |
|
Variable fields |
$1: URL address of the replacement file on the remote server. For an FTP server, enter the URL in the format of ftp://username@server address[:port number]/file path. To specify an IPv6 address, enclose the IPv6 address in square brackets ([ ]). For an TFTP server, do not include the username in the URL address. |
|
Severity level |
5 (Notification) |
|
Example |
CFGMAN/5/CFGMAN_REPLACE_SOON: The system will replace running configuration with a remote file in 1 minute: File=ftp://[email protected][:21]/test/startup.cfg |
|
Impact |
N/A |
|
Cause |
The device is scheduled to roll back the running configuration with the specified replacement configuration file on the remote server at a specified time. This log information is printed one minute before the specified time. |
|
Recommended action |
No action is required. |
CONNLMT messages
This section contains connection limit messages.
CONNLMT_IPV4_OVERLOAD
|
Message text |
RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];UpperLimit(1049)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IP address. $4: Destination IP address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper threshold. $10: Rule ID. $11: Event message. $12: Allow/Forbid establishing a new connection. |
|
Severity level |
6 (Informational) |
|
Example |
CONNLMT/6/CONNLMT_IPV4_OVERLOAD: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=10.10.10.1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;UpperLimit(1049)=1000;LimitRuleNum(1051)=1;Event(1048)=Exceeded upper threshold;Action(1053)=Permit new connections; |
|
Impact |
New connections matching the rule cannot be established. |
|
Cause |
The number of concurrent connections exceeded the upper threshold. |
|
Recommended action |
No action is required. |
CONNLMT_IPV4_RECOVER
|
Message text |
RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];DropPktCount(1052)=[UINT32];LowerLimit(1050)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING]; |
|
Variable fields |
$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IP address. $4: Destination IP address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Number of dropped packets. $10: Lower threshold. $11: Rule ID. $12: Event message. |
|
Severity level |
6 (Informational) |
|
Example |
CONNLMT/6/CONNLMT_IPV4_RECOVER: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=10.10.10.1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;DropPktCount(1052)=306004;LowerLimit(1050)=10;LimitRuleNum(1051)=1;Event(1048)=Dropped below lower threshold; |
|
Impact |
No negative impact on the system. |
|
Cause |
The number of concurrent connections dropped to the lower threshold from the upper threshold. |
|
Recommended action |
No action is required. |
CONNLMT_IPV6_OVERLOAD
|
Message text |
RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];UpperLimit(1049)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];Action(1053)=[STRING]; |
|
Variable fields |
$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper threshold. $10: Rule ID. $11: Event message. $12: Allow/Forbid establishing a new connection. |
|
Severity level |
6 (Informational) |
|
Example |
CONNLMT/6/CONNLMT_IPV6_OVERLOAD: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPv6Addr(1036)=2001::1;DstIPv6Addr(1037)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;UpperLimit(1049)=1000;LimitRuleNum(1051)=1;Event(1048)=Exceeded upper threshold;Action(1053)=Permit new connections; |
|
Impact |
New connections matching the rule cannot be established. |
|
Cause |
The number of concurrent connections exceeded the upper threshold. |
|
Recommended action |
No action is required. |
CONNLMT_IPV6_RECOVER
|
Message text |
RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];DropPktCount(1052)=[UINT32];LowerLimit(1050)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING]; |
|
Variable fields |
$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Number of dropped packets. $10: Lower threshold. $11: Rule ID. $12: Event message. |
|
Severity level |
6 (Informational) |
|
Example |
CONNLMT/6/CONNLMT_IPV6_RECOVER: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPv6Addr(1036)=2001::1;DstIPv6Addr(1037)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;DropPktCount(1052)=306004;LowerLimit(1050)=10;LimitRuleNum(1051)=1;Event(1048)=Dropped below lower threshold; |
|
Impact |
No negative impact on the system. |
|
Cause |
The number of concurrent connections dropped to the lower threshold from the upper threshold. |
|
Recommended action |
No action is required. |
DEV
This section contains device management messages.
AUTOSWITCH_FAULT
|
Message text |
[STRING] automatically switches between active and standby, and a fault occurs during the switching. |
|
Variable fields |
$1: Chassis number. |
|
Severity level |
1 (Alert) |
|
Example |
DEV/1/AUTOSWITCH_FAULT: Chassis 1 automatically switches between active and standby, and a fault occurs during the switching. |
|
Impact |
A primary/backup switchover fails. |
|
Cause |
This message is generated when a fault occurs during the primary/backup switchover process. |
|
Recommended action |
· Manually restart the device to resolve the issue. Before restarting the device, execute the javascript:infosearch(3077425) command to collect and save diagnostic information for troubleshooting. · After the device restarts, execute the display device command to view the device state. If the state is not Normal, the issue is not resolved. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
AUTOSWITCH_FAULT_REBOOT
|
Message text |
[STRING] automatically switches between active and standby, and a fault occurs during the switching, the device will immediately restart [STRING] to restore the fault. |
|
Variable fields |
$1: Chassis number. $2: Chassis number and slot number or slot number. |
|
Severity level |
1 (Alert) |
|
Example |
DEV/1/AUTOSWITCH_FAULT_REBOOT: Chassis 1 automatically switches between active and standby, and a fault occurs during the switching, the device will immediately restart chassis 1 slot 0 to restore the fault. |
|
Impact |
The card is about to restart and will be temporarily unavailable. |
|
Cause |
The device will automatically switch over from active to standby. If a fault occurs during the switchover process, the device will immediately restart the faulty card to recover from the fault. This message is generated when the faulty card restarts. |
|
Recommended action |
After the faulty card restarts, you can execute the display device command to check the card status. If the state is not Normal, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
BOARD_ALARM_CLEAR
|
Message text |
Board alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/BOARD_ALARM_CLEAR: Board alarm cleared. (PhysicalIndex=140, PhysicalName=Level 1 Module 9 on Chassis 1, RelativeResource=1, ErrorCode=441002, Reason=FPGA load failed.) |
|
Impact |
No negative impact on the system. |
|
Cause |
A critical alarm is cleared. |
|
Recommended action |
No action is required. |
BOARD_ALARM_OCCUR
|
Message text |
Board alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/BOARD_ALARM_OCCUR: Board alarm occurred. (PhysicalIndex=140, PhysicalName=Level 1 Module 9 on Chassis 1, RelativeResource=1, ErrorCode=441002, Reason=FPGA load failed.) |
|
Impact |
Services on the card might be affected. |
|
Cause |
A critical alarm occurs on the card. |
|
Recommended action |
3. Review the alarm information. 1. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
BOARD_FATALALARM_OCCUR
|
Message text |
Board fatal alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>) |
|
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. |
|
|
Severity level |
1 (Alert) |
|
|
Example |
DEV/1/BOARD_FATALALARM_OCCUR: Board fatal alarm occurred. (PhysicalIndex=180136, PhysicalName=Level 1 Module 5 on Chassis 2, RelativeResource=2/5/0, ErrorCode=000008, Reason=System can't work without SFU board in slot 1.) |
|
|
Impact |
The services on the card might be affected. |
|
|
Cause |
This message is generated when one of the following conditions exist: · The slot is not installed with the corresponding type of card, which results in the system operation failure. · The system is not installed with the corresponding switching fabric module or service module. For more information, see the fault cause description. |
|
|
Recommended action |
1. Execute the display device command to view card status in the chassis to verify that the cards are operating correctly. 2. If the issue persists even when the card is operating correctly in the chassis, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
|
BOARD_REBOOT
|
Message text |
Board is rebooting on [STRING]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. |
|
Severity level |
5 (Notification) |
|
Example |
DEV/5/BOARD_REBOOT: Board is rebooting on slot 1. |
|
Impact |
The card is to stop providing services and restart. |
|
Cause |
A user is restarting the card or the card restarts abnormally. |
|
Recommended action |
1. Identify whether a user is restarting the card. 2. If no user restarts the card, wait for the card to finish the restart, and then execute the display version command to identify the restart reason the Last reboot reason field.. 3. If the card restarts abnormally, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
BOARD_STATE_NORMAL
|
Message text |
Board state changed to Normal on [STRING], type is [STRING]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Card type. |
|
Severity level |
5 (Notification) |
|
Example |
DEV/5/BOARD_STATE_NORMAL: Board state changed to Normal on slot 1, type is LSQ1FV48SA. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when a new LPU or standby MPU finishes initialization. This does not indicate that configuration recovery is completed. You cannot perform a primary/standby switchover when this message is generated. |
|
Recommended action |
No action is required. |
CFCARD_INSERTED
|
Message text |
CF card was inserted in [STRING] [STRING]. |
|
Variable fields |
$1: Device or chassis number + slot number or slot number $2: Slot number where the CF card is located (only supported by products with multiple CF cards) |
|
Severity level |
4 (Warning) |
|
Example |
DEV/4/CFCARD_INSERTED: CF card was inserted in slot 1 CF card slot 1. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when the CF card is installed in the specified slot. |
|
Recommended action |
No action is required. |
CFCARD_REMOVED
|
Message text |
CF card was removed from [STRING] [STRING]. |
|
Variable fields |
$1: Device or chassis number + slot number or slot number $2: Slot number where the CF card is located (only supported by products that support multiple CF cards) |
|
Severity level |
3 (Error) |
|
Example |
DEV/3/CFCARD_REMOVED: CF card was removed from slot 1 CF card slot 1. |
|
Impact |
The CF card is not available |
|
Cause |
This message is generated when the CF card is removed from the device. |
|
Recommended action |
1. If the CF card is removed, no action is needed 2. If the CF card is not removed, identify whether the CF card is installed correctly. If the CF card is not installed correctly, re-install the CF card. 3. Identify whether the CF card is damaged. If the CF card is damaged, replace the CF card 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
CHASSIS_REBOOT
|
Message text |
Chassis [STRING] is rebooting now. |
|
Variable fields |
$1: Chassis number. |
|
Severity level |
5 (Notification) |
|
Example |
DEV/5/CHASSIS_REBOOT: Chassis 1 is rebooting now. |
|
Impact |
The member device is about stop providing services and restart. |
|
Cause |
A user is restarting the member device, or the member device is restarting due to an anomaly. |
|
Recommended action |
1. Identify whether any user is restarting the member device 2. If no user is restarting the member device, wait for the member device to restart, and then use the display version command to check the Last reboot reason field in the card information for the member device to view the restart reason. 3. If the restart reason is abnormal, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
CPU_STATE_NORMAL
|
Message text |
Cpu state changed to Normal on [STRING]. |
|
Variable fields |
$1: Chassis number + slot number + CPU number, or slot number + CPU number. The CPU number is displayed only if multiple CPUs are supported. |
|
Severity level |
5 (Notification) |
|
Example |
DEV/5/CPU_STATE_NORMAL: Cpu state changed to Normal on slot 1 cpu 1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The CPU status changed to normal. |
|
Recommended action |
No action is required. |
DEV_BOARD_RUNNING_FAULT
|
Message text |
[STRING] is detected to be faulty. |
|
Variable fields |
$1: Chassis number and slot number or slot number. |
|
Severity level |
1 (Alert) |
|
Example |
DEV/1/DEV_BOARD_RUNNING_FAULT: Chassis 1 slot 0 is detected to be faulty. |
|
Impact |
Services on the card might be affected. |
|
Cause |
This message is generated when a fault occurs on a card during the device operation. |
|
Recommended action |
· Manually restart the faulty card. Before restarting the card, you can execute the javascript:infosearch(3077425) command to collect and save diagnostic information for fault location. · After restarting the card, you can execute the display device command to check the card status. If the state is not Normal, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
DEV_BOARD_RUNNING_FAULT_REBOOT
|
Message text |
[STRING] is detected to be faulty, the device will immediately restart [STRING] to recover from the fault. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Chassis number and slot number or slot number. |
|
Severity level |
1 (Alert) |
|
Example |
DEV/1/DEV_BOARD_RUNNING_FAULT_REBOOT: Chassis 1 slot 0 is detected to be faulty, the device will immediately restart chassis 1 slot 0 to recover from the fault. |
|
Impact |
The card will restart soon and will be temporarily unavailable. |
|
Cause |
When a fault occurs on the card during the device operation, the device will immediately restart the card to recover from the fault. |
|
Recommended action |
After the card automatically restarts, you can execute the display device command to check the device status. If the card status is not Normal, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
DEV_CLOCK_CHANGE
|
Message text |
-User=[STRING]-IPAddr=[IPADDR]; System clock changed from [STRING] to [STRING]. |
|
Variable fields |
$1: Username of the current logged-in user $2: IP address of the current logged-in user $3: Old time $4: New time |
|
Severity level |
5 (Notification) |
|
Example |
DEV/5/DEV_CLOCK_CHANGE: -User=admin-IPAddr=192.168.1.2; System clock changed from 15:49:52 01/02/2013 to 15:50:00 01/02/2013. |
|
Impact |
The background timing program might fail. |
|
Cause |
This message is generated when the system time changes. Possible reasons include: · The administrator manually changes the system time. · The clock protocol automatically changes the system time. |
|
Recommended action |
1. Check the background timing program configuration. 2. Modify the background timing program that automatically failed. |
DEV_FAULT_TOOLONG
|
Message text |
Card in [STRING] is still in Fault state for [INT32] minutes. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Duration of the status. |
|
Severity level |
4 (Warning) |
|
Example |
DEV/4/DEV_FAULT_TOOLONG: Card in slot 1 is still in Fault state for 60 minutes. |
|
Impact |
The card is not available. |
|
Cause |
This message is generated if the card remains in Fault state for a long time. |
|
Recommended action |
1. Restart the card. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
FAN_ABSENT
|
Message text |
Pattern 1: Fan [INT32] is absent. Pattern 2: Chassis [STRING] fan [INT32] is absent. |
|
Variable fields |
Pattern 1: $1: Fan number Pattern 2: $1: Chassis number. $2: Fan number. |
|
Severity level |
3 (Error) |
|
Example |
DEV/3/FAN_ABSENT: Fan 2 is absent. |
|
Impact |
Heat dissipation in the system might be affected. |
|
Cause |
This message is generated when the fan module is not installed in the specified slot or is removed from the device. |
|
Recommended action |
1. If the fan module is not installed in the specified slot, it might cause poor heat dissipation and lead to an increase in device temperature. As a best practice, install the fan module. 2. If the fan module is removed, no action is required 3. If the fan module is not removed, identify whether the fan module is installed correctly, such as whether the fan module is not inserted tightly and the fan module is damaged. If the fan module is damaged, replace the fan module 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
FAN_ALARM_CLEAR
|
Message text |
Fan alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/FAN_ALARM_CLEAR: Fan alarm cleared. (PhysicalIndex=199, PhysicalName=Fan 2, RelativeResource=0, ErrorCode=300020, Reason=Fan tray is not present.) |
|
Impact |
No negative impact on the system. |
|
Cause |
A critical fan alarm was cleared. |
|
Recommended action |
No action is required. |
FAN_ALARM_OCCUR
|
Message text |
Fan alarm occurred. ( PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/FAN_ALARM_OCCUR: Fan alarm occurred. (PhysicalIndex=199, PhysicalName=Fan 2, RelativeResource=0, ErrorCode=300020, Reason=Fan tray is not present.) |
|
Impact |
Heat dissipation in the system might be affected. |
|
Cause |
This message is generated when a critical fan failure occurs. |
|
Recommended action |
1. Verify that the fan module is installed correctly. If the fan module is not installed correctly, re-install the fan module. 2. If the alarm is not cleared, replace the fan module. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
FAN_DIRECTION_NOT_PREFERRED
|
Message text |
Fan [INT32] airflow direction is not preferred [STRING], please check it. |
|
Variable fields |
$1: Fan number. $2: Chassis number and slot number or slot number. |
|
Severity level |
1 (Alert) |
|
Example |
DEV/1/FAN_DIRECTION_NOT_PREFERRED: Fan 1 airflow direction is not preferred slot 1, please check it. |
|
Impact |
Heat dissipation in the system might be affected. |
|
Cause |
The airflow direction of the fan tray is different from the airflow direction setting. |
|
Recommended action |
1. Choose a fan model with the same airflow direction as the ventilation system in the equipment room. 2. If the fan airflow direction is consistent with the ventilation system in the equipment room, adjust the fan airflow direction configuration. |
FAN_FAILED
|
Message text |
Pattern 1: Fan [INT32] failed. Pattern 2: Chassis [STRING] fan [INT32] failed. |
|
Variable fields |
Pattern 1: $1: Fan number. Pattern 2: $1: Chassis number. $2: Fan number. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/FAN_FAILED: Fan 2 failed. |
|
Impact |
Heat dissipation might be affected. |
|
Cause |
The fan has malfunctioned and stopped working. |
|
Recommended action |
Replace the fan. |
FAN_FATALALARM_CLEAR
|
Message text |
Fan fatal alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. |
|
Severity level |
1 (Alert) |
|
Example |
DEV/1/FAN_FATALALARM_CLEAR: Fan fatal alarm cleared. (PhysicalIndex=199, PhysicalName=Fan 2, RelativeResource=0, ErrorCode=300016, Reason=The fan resumed running.) |
|
Impact |
No negative impact on the system. |
|
Cause |
A critical alarm on the fan was cleared. |
|
Recommended action |
No action is required. |
FAN_FATALALARM_OCCUR
|
Message text |
Fan fatal alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. |
|
Severity level |
1 (Alert) |
|
Example |
DEV/1/FAN_FATALALARM_OCCUR: Fan fatal alarm occurred. (PhysicalIndex=199, PhysicalName=Fan 2, RelativeResource=0, ErrorCode=300016, Reason=The fan stopped running.) |
|
Impact |
Heat dissipation might be affected. |
|
Cause |
A critical alarm occurs on the fan. |
|
Recommended action |
1. Verify that the fan module is installed correctly. If the fan module is not installed correctly, re-install the fan module. 2. If the alarm is not cleared, replace the fan module. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
FAN_RECOVERED
|
Message text |
Pattern 1: Fan [INT32] recovered. Pattern 2: Chassis [INT32] fan [INT32] recovered. |
|
Variable fields |
Pattern 1: $1: Fan number. Pattern 2: $1: Chassis number. $2: Fan number. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/FAN_RECOVERED: Fan 2 recovered. |
|
Impact |
No negative impact on the system. |
|
Cause |
Insert the fan, shortly after, the fan will switch to the normal operating state. |
|
Recommended action |
No action is required. |
POWER_ABSENT
|
Message text |
Pattern 1: Power [INT32] is absent. Pattern 2: Chassis [INT32] power [INT32] is absent. |
|
Variable fields |
Pattern 1: $1: Power module ID. Pattern 2: $1: Chassis number. $2: Power module ID. |
|
Severity level |
3 (Error) |
|
Example |
DEV/3/POWER_ABSENT: Power 1 is absent. |
|
Impact |
System power supply might be affected. |
|
Cause |
The power module was removed from the device, or the power module was damaged. |
|
Recommended action |
1. If the power module was removed, no action is required. 2. If the power module was not removed, check the power module connection for the device, such as whether the cable is loose or whether the power module is damaged. If the power module is damaged, replace it. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
POWER_ALARM_CLEAR
|
Message text |
Power alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/POWER_ALARM_CLEAR: Power alarm cleared. (PhysicalIndex=163, PhysicalName=Unknown Power 2, RelativeResource=0, ErrorCode=233001, Reason=Overtemperature occurred on the power supply.) |
|
Impact |
No negative impact on the system. |
|
Cause |
A critical power alarm was cleared. |
|
Recommended action |
No action is required. |
POWER_ALARM_OCCUR
|
Message text |
Power alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/POWER_ALARM_OCCUR: Power alarm occurred. (PhysicalIndex=163, PhysicalName=Unknown Power 2, RelativeResource=0, ErrorCode=233001, Reason=Overtemperature occurred on the power supply.) |
|
Impact |
System power supply might be affected. |
|
Cause |
A critical power alarm occurs. |
|
Recommended action |
1. Execute the display power command to view the power module status. If the power module is in Absent state, the power module is not installed. Verify that the power module is installed correctly. 2. If the power module is installed correctly, replace the power module. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
POWER_FAILED
|
Message text |
Pattern 1: Power [INT32] failed. Pattern 2: Chassis [INT32] power [INT32] failed. |
|
Variable fields |
Pattern 1: $1: Power module ID. Pattern 2: $1: Chassis number. $2: Power module ID. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/POWER_FAILED: Power 1 failed. |
|
Impact |
The power supply in the system might be affected. |
|
Cause |
This message is generated when the power module fails or is just inserted. |
|
Recommended action |
1. If the power module fails, replace it. 2. If the power module is just inserted, verify that the power module is installed correctly. |
POWER_MONITOR_ABSENT
|
Message text |
Pattern 1: Power monitor unit [INT32] is absent. Pattern 2: Chassis [INT32] power monitor unit [INT32] is absent. |
|
Variable fields |
Pattern 1: $1: Power monitoring module ID. Pattern 2: $1: Chassis number. $2: Power monitoring module ID. |
|
Severity level |
3 (Error) |
|
Example |
DEV/3/POWER_MONITOR_ABSENT: Power monitor unit 1 is absent. |
|
Impact |
System power supply might be affected. |
|
Cause |
The power monitoring module was removed from the device, or the power monitoring module failed. |
|
Recommended action |
1. If the power monitoring module is removed, no action is required. 2. If the power monitoring module is not removed, check the connection of the power monitoring module, such as whether the cable is loose and whether the power monitoring module is damaged. If the power monitoring module is damaged, replace it. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
POWER_MONITOR_FAILED
|
Message text |
Pattern 1: Power monitor unit [INT32] failed. Pattern 2: Chassis [INT32] power monitor unit [INT32] failed. |
|
Variable fields |
Pattern 1: $1: Power monitoring module ID. Pattern 2: $1: Chassis number. $2: Power monitoring module ID. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/POWER_MONITOR_FAILED: Power monitor unit 1 failed. |
|
Impact |
System power supply might be affected. |
|
Cause |
The power monitoring module is faulty. |
|
Recommended action |
1. Identify whether the power monitoring module is damaged. If the power monitoring module is damaged, replace it. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
POWER_MONITOR_RECOVERED
|
Message text |
Pattern 1: Power monitor unit [INT32] recovered. Pattern 2: Chassis [INT32] power monitor unit [INT32] recovered. |
|
Variable fields |
Pattern 1: $1: Power monitoring module ID. Pattern 2: $1: Chassis number. $2: Power monitoring module ID. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/POWER_MONITOR_RECOVERED: Power monitor unit 1 recovered. |
|
Impact |
No negative impact on the system. |
|
Cause |
After the power monitoring module is inserted, its state changes from Failed or Absent to OK. |
|
Recommended action |
No action is required. |
POWER_RECOVERED
|
Message text |
Pattern 1: Power [INT32] recovered. Pattern 2: Chassis [INT32] power [INT32] recovered. |
|
Variable fields |
Pattern 1: $1: Power module ID. Pattern 2: $1: Chassis number. $2: Power module ID. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/POWER_RECOVERED: Power 1 recovered. |
|
Impact |
No negative impact on the system. |
|
Cause |
After the power module is inserted, its state changes from Failed or Absent to OK |
|
Recommended action |
No action is required. |
POWER_WARNING_CLEAR
|
Message text |
Power warning alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. |
|
Severity level |
4 (Warning) |
|
Example |
DEV/4/POWER_WARNING_CLEAR: Power warning alarm cleared. (PhysicalIndex=163, PhysicalName=Unknown Power 2, RelativeResource=0, ErrorCode=200037, Reason=No enough power to power on the board in chassis $1 slot $2. Required power is $3 W, available power is $4 W.) |
|
Impact |
No negative impact on the system. |
|
Cause |
A power alarm was cleared. |
|
Recommended action |
No action is required. |
POWER_WARNING_OCCUR
|
Message text |
Power warning alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. |
|
Severity level |
4 (Warning) |
|
Example |
DEV/4/POWER_WARNING_OCCUR: Power warning alarm occurred. (PhysicalIndex=163, PhysicalName=Unknown Power 2, RelativeResource=0, ErrorCode=200037, Reason=No enough power to power on the board in chassis $1 slot $2. Required power is $3 W, available power is $4 W.) |
|
Impact |
System power supply might be affected. |
|
Cause |
A power alarm occurs. |
|
Recommended action |
1. Execute the display power command to view the power module status. If the power module is in Absent state, the power module is not installed. Verify that the power module is installed correctly. 2. If the power module is installed correctly, replace the power module. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
Table 6 POWER_WARNING_OCCUR fault codes and causes
|
Fault code |
Fault cause |
|
200032 |
The RPS power supply cannot provide sufficient power to meet the maximum PoE power requirements of the device. |
|
200008 |
Only one power switch turned on. |
SUBCARD_FAULT
|
Message text |
Subcard state changed to Fault on [STRING] subslot [INT32], type is [STRING]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Number of the subslot where the subcard resides. $3: Subcard type. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/SUBCARD_FAULT: Subcard state changed to Fault on slot 1 subslot 1, type is MIM-1ATM-OC3SML. |
|
Impact |
The subcard is not available if it is faulty. |
|
Cause |
This message is generated when the subcard is restarted or is faulty. |
|
Recommended action |
1. If the subsequent subcard status can be changed to Normal, no action is needed 2. If the subcard remains in Fault status, replace it. |
SUBCARD_INSERTED
|
Message text |
Subcard was inserted in [STRING] subslot [INT32], type is [STRING]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Number of the subslot where the subcard resides. $3: Subcard type. |
|
Severity level |
4 (Warning) |
|
Example |
DEV/4/SUBCARD_INSERTED: Subcard was inserted in slot 1 subslot 1, type is MIM-1ATM-OC3SML. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when the subcard is inserted into the device. |
|
Recommended action |
No action is required. |
SUBCARD_REBOOT
|
Message text |
Subcard is rebooting on [STRING] subslot [INT32]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Number of the subslot where the subcard resides. |
|
Severity level |
5 (Notification) |
|
Example |
DEV/5/SUBCARD_REBOOT: Subcard is rebooting on slot 1 subslot 1. |
|
Impact |
The subcard is about to stop providing services and restart. |
|
Cause |
A user is restarting the subcard or the subcard restarts automatically due to an anomaly. |
|
Recommended action |
1. If the subcard can run normally after restart, no action is needed. 2. To further understand the reason for the abnormal restart or if the subcard keeps restarting automatically, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
SUBCARD_REMOVED
|
Message text |
Subcard was removed from [STRING] subslot [INT32], type is [STRING]. |
|
Variable fields |
$1: Chassis number and slot number or slot number. $2: Number of the subslot where the subcard resides. $3: Subcard type. |
|
Severity level |
3 (Error) |
|
Example |
DEV/3/SUBCARD_REMOVED: Subcard was removed from slot 1 subslot 1, type is MIM-1ATM-OC3SML. |
|
Impact |
The subcard is not available. |
|
Cause |
This message is generated when a subcard is removed from the device. |
|
Recommended action |
1. If the subcard was removed, no action is required. 2. If the subcard is not removed, identify whether the subcard is installed correctly. If the subcard is not installed correctly, re-install the subcard. 3. Identify whether the subcard is damaged. If the subcard is damaged, replace it. 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
SYSTEM_REBOOT
|
Message text |
System is rebooting now. |
|
Variable fields |
N/A |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/SYSTEM_REBOOT: System is rebooting now. |
|
Impact |
The system is about to stop providing services and restart. |
|
Cause |
Identify whether any user is restarting the system or whether the system is restarting due to an anomaly. |
|
Recommended action |
1. Identify whether any user is restarting the system. If no user is restarting the system, wait for the system to restart. Then, use the display version command to view the Last reboot reason field to check the reason for the restart. 2. If the reason for the restart is abnormal, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TEMPERATURE_ALARM
|
Message text |
Pattern 1: Temperature is greater than the high-temperature alarming threshold on sensor [STRING] [USHOT]. Pattern 2: Temperature is greater than the high-temperature alarming threshold on [STRING] sensor [STRING] [USHOT]. Pattern 3: Temperature is greater than the high-temperature alarming threshold on [STRING] [STRING] sensor [STRING] [USHOT]. |
|
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor ID. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor ID. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor ID. |
|
Severity level |
4 (Warning) |
|
Example |
DEV/4/TEMPERATURE_ALARM: Temperature is greater than the high-temperature alarming threshold on slot 1 sensor inflow 1. |
|
Impact |
High temperature will affect the normal operation of the system. |
|
Cause |
The temperature exceeds the critical (Alarm) high temperature alarm threshold, the ambient temperature is too high, or the fan is abnormal. |
|
Recommended action |
2. Identify whether the temperature in the equipment room is in the acceptable range. Make sure the device is properly ventilated. 3. Execute the display fan command to identify whether the fan was removed or failed, and identify whether the fan was running correctly. If the fan is absent or faulty, install or replace the fan. 4. Use the display environment command to check the current temperature and the effective threshold. If the ambient temperature is too high, adjust the ambient temperature. 5. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TEMPERATURE_ALARM_CLEAR
|
Message text |
Temperature alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. $6: Threshold type. $7: Threshold value. $8: Current value. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/TEMPERATURE_ALARM_CLEAR: Temperature alarm cleared. (PhysicalIndex=4011, PhysicalName=Temperature Sensor 1 on Board 0, RelativeResource=0/0, ErrorCode=433009, Reason=Board temperature restored, ThresholdType=LowAlarm, ThresholdValue=7, CurrentValue=31.) |
|
Impact |
No negative impact on the system. |
|
Cause |
A critical temperature alarm is cleared. |
|
Recommended action |
No action is required. |
TEMPERATURE_ALARM_OCCUR
|
Message text |
Temperature alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. $6: Threshold type. $7: Threshold value. $8: Current value. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/TEMPERATURE_ALARM_OCCUR: Temperature alarm occurred. (PhysicalIndex=4011, PhysicalName=Temperature Sensor 1 on Board 0, RelativeResource=0/0, ErrorCode=433009, Reason=Board temperature out of range, ThresholdType=LowAlarm, ThresholdValue=7, CurrentValue=3.) |
|
Impact |
A high temperature will affect the normal operation of the system |
|
Cause |
This message is generated when the temperature of the entity exceeds the alarm threshold. |
|
Recommended action |
1. Identify whether the temperature in the equipment room is in the acceptable range and make sure the device is properly ventilated. 2. Execute the display fan command to identify whether the fan was removed or failed, and identify whether the fan was running correctly. If the fan is absent or faulty, install or replace the fan. 3. Use the display environment command to check the current temperature and the effective threshold. If the ambient temperature is too high, adjust the ambient temperature. 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TEMPERATURE_LOW
|
Message text |
Pattern 1: Temperature is less than the low-temperature threshold on sensor [STRING] [INT32]. Pattern 2: Temperature is less than the low-temperature threshold on [STRING] sensor [STRING] [INT32]. Pattern 3: Temperature is less than the low-temperature threshold on [STRING] [STRING] sensor [STRING] [INT32]. |
|
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor ID. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor ID. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor ID. |
|
Severity level |
4 (Warning) |
|
Example |
DEV/4/TEMPERATURE_LOW: Temperature is less than the low-temperature threshold on slot 1 sensor inflow 1. |
|
Impact |
Low temperature will affect system operation. |
|
Cause |
This message is generated when the temperature drops below the low temperature alarm threshold. |
|
Recommended action |
1. Identify whether the ambient temperature in the equipment room is too low. If the ambient temperature is too low, improve the ambient temperature. 2. Execute the display fan command to identify whether the fan was removed or failed, and identify whether the fan was running correctly. If the fan is absent or faulty, install or replace the fan. 3. Use the display environment command to check the current temperature and the effective threshold. If the ambient temperature is too high, adjust the ambient temperature. 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TEMPERATURE_NORMAL
|
Message text |
Pattern 1: Temperature changed to normal on sensor [STRING] [INT32]. Pattern 2: Temperature changed to normal on [STRING] sensor [STRING] [INT32]. Pattern 3: Temperature changed to normal on [STRING] [STRING] sensor [STRING] [INT32]. |
|
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor ID. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor ID. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor ID. |
|
Severity level |
4 (Warning) |
|
Example |
DEV/4/TEMPERATURE_NORMAL: Temperature changed to normal on slot 1 sensor inflow 1. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when the entity's temperature returns to normal from an abnormal state. |
|
Recommended action |
No action is required. |
TEMPERATURE_SHUTDOWN
|
Message text |
Pattern 1: Temperature is greater than the high-temperature shutdown threshold on sensor [STRING] [INT32]. The slot will be powered off automatically. Pattern 2: Temperature is greater than the high-temperature shutdown threshold on [STRING] sensor [STRING] [INT32]. The slot will be powered off automatically. Pattern 3: Temperature is greater than the high-temperature shutdown threshold on [STRING] [STRING] sensor [STRING] [INT32]. The slot will be powered off automatically. |
|
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor ID. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor ID. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor ID. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/TEMPERATURE_SHUTDOWN: Temperature is greater than the high-temperature shutdown threshold on slot 1 sensor inflow 1. The slot will be powered off automatically. |
|
Impact |
High temperature will affect system operation. |
|
Cause |
The temperature exceeds the shutdown-level high temperature alarm threshold, the ambient temperature is too high, or the fan is abnormal. |
|
Recommended action |
1. Identify whether the temperature in the equipment room is in the acceptable range and make sure the device is properly ventilated. 5. Execute the display fan command to identify whether the fan was removed or failed, and identify whether the fan was running correctly. If the fan is absent or faulty, install or replace the fan. 6. Use the display environment command to check the current temperature and the effective threshold. If the ambient temperature is too high, adjust the ambient temperature. 7. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TEMPERATURE_WARNING
|
Message text |
Pattern 1: Temperature is greater than the high-temperature warning threshold on sensor [STRING] [INT32]. Pattern 2: Temperature is greater than the high-temperature warning threshold on [STRING] sensor [STRING] [INT32]. Pattern 3: Temperature is greater than the high-temperature warning threshold on [STRING] [STRING] sensor [STRING] [INT32]. |
|
Variable fields |
Pattern 1: $1: Sensor type. $2: Sensor ID. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor ID. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor ID. |
|
Severity level |
4 (Warning) |
|
Example |
DEV/4/TEMPERATURE_WARNING: Temperature is greater than the high-temperature warning threshold on slot 1 sensor inflow 1. |
|
Impact |
High temperature will affect system operation. |
|
Cause |
The temperature exceeds the high temperature alarm threshold, or the ambient temperature is too high, or the fan is abnormal. |
|
Recommended action |
1. Identify whether the temperature in the equipment room is in the acceptable range and make sure the device is properly ventilated. 8. Execute the display fan command to identify whether the fan was removed or failed, and identify whether the fan was running correctly. If the fan is absent or faulty, install or replace the fan. 9. Please use the display environment command to check the current temperature and the effective threshold. If the ambient temperature is too high, adjust the ambient temperature 10. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TIMER_CREATE_FAILED_FIRST
|
Message text |
The process with PID [UINT] failed to create a timer.Reason for the failure:[STRING] |
|
Variable fields |
$1: The PID of the process that creates the timer $2: The reason for the most recent attempt failure to create a timer, with possible impact on the service module functionality of the process. Possible reasons include: · Maximum number of timers already reached. |
|
Severity level |
4 (Warning) |
|
Example |
DEV/4/TIMER_CREATE_FAILED_FIRST: The process with PID 70 failed to creadte a timer.Reason for the failure: Maximum number of timers already reached |
|
Impact |
The functionality of the service module corresponding to the process might be affected. |
|
Cause |
The system outputs this message when a process fails to create a timer for the first time. The system apply the following rules to avoid frequent output of messages that report timer creation failures: · The system outputs a TIMER_CREATE_FAILED_FIRST message when a process fails to create a timer for the first time. · If a timer creation failure occurs again 15 minutes after the first failure, the system outputs a TIMER_CREATE_FAILED_MORE message. · The TIMER_CREATE_FAILED_MORE message records last time when the timer creation failure message was generated, and the number of timer creation failures between the last and current messages that report timer creation failures. The system does not generate log messages about timer creation failures that occurred within the 15 minutes. |
|
Recommended action |
1. Restart the device to recover the service module corresponding to the process. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TIMER_CREATE_FAILED_MORE
|
Message text |
The process with PID [UINT] failed to create a timer:[UINT] consecutive failures since [STRING].Reason for the failure:[STRING] |
|
Variable fields |
$1: PID of the process creating the timer $2: Number of times the timer creation failed since the last log print $3: Time of the last log print $4: Reason for the most recent timer creation failure, possible impact on the business module function of the process · Maximum number of timers already reached. |
|
Severity level |
4 (Warning) |
|
Example |
DEV/4/TIMER_CREATE_FAILED_MORE: The process with PID 70 failed to create a timer:2 consecutive failures since 2019/11/21 16:00:00.Reason for the failure: Maximum number of timers already reached. |
|
Impact |
The functionality of the service module corresponding to the process might be affected. |
|
Cause |
The system outputs this message when a process fails to create a timer for the first time. The system apply the following rules to avoid frequent output of messages that report timer creation failures: · The system outputs a TIMER_CREATE_FAILED_FIRST message when a process fails to create a timer for the first time. · If a timer creation failure occurs again 15 minutes after the first failure, the system outputs a TIMER_CREATE_FAILED_MORE message. · The TIMER_CREATE_FAILED_MORE message records last time when the timer creation failure message was generated, and the number of timer creation failures between the last and current messages that report timer creation failures. The system does not generate log messages about timer creation failures that occurred within the 15 minutes. |
|
Recommended action |
1. Restart the device to recover the service module corresponding to the process. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
VCHK_VERSION_INCOMPATIBLE
|
Message text |
Software version of [STRING] is incompatible with MPU. |
|
Variable fields |
$1: Chassis number + slot number or slot number. |
|
Severity level |
1 (Alert) |
|
Example |
DEV/1/VCHK_VERSION_INCOMPATIBLE: Software version of slot 1 is incompatible with MPU. |
|
Impact |
The card is not available. |
|
Cause |
During startup, PEX detects that its boot software package is incompatible with the software package running on the parent device. In this case, PEX generates this message and restarts. |
|
Recommended action |
1. Set a software package compatible with the current version of the parent device as the next startup software package/load software package for PEX. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
VOLTAGE_ALARM_CLEAR
|
Message text |
Voltage alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. $6: Threshold type. $7: Threshold value. $8: Current value. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/VOLTAGE_ALARM_CLEAR: Voltage alarm cleared. (PhysicalIndex=199, PhysicalName=Voltage 2, RelativeResource=0, ErrorCode=420003, Reason=Voltage fell below the high output voltage warning threshold. ) |
|
Impact |
No negative impact on the system. |
|
Cause |
A critical voltage alarm was cleared. |
|
Recommended action |
No action is required. |
Table 7 VOLTAGE_ALARM_CLEAR fault codes and causes
|
Fault code |
Fault cause |
|
421001 |
PoE turned on. |
|
420005 |
Voltage on voltage chip channel $1 ($2) on the card $3 fell below the high output voltage shutdown threshold. $1: Voltage channel number. $2: Voltage channel description. $3: Slot number. Voltage fell below the high output voltage shutdown threshold. |
|
420003 |
Voltage on voltage chip channel $1 ($2) on the card $3 increased above the low output voltage shutdown threshold. $1: Voltage channel number. $2: Voltage channel description. $3: Slot number. Voltage increased above the low output voltage shutdown threshold. |
VOLTAGE_ALARM_OCCUR
|
Message text |
Voltage alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause description. $6: Threshold type. $7: Threshold value. $8: Current value. |
|
Severity level |
2 (Critical) |
|
Example |
DEV/2/VOLTAGE_ALARM_OCCUR: Voltage alarm occurred. (PhysicalIndex=4043, PhysicalName=Voltage Sensor 0 on Board 0, RelativeResource=0/0, ErrorCode=420005, Reason=Voltage exceeded the high output voltage shutdown threshold, ThresholdType=LowAlarm, ThresholdValue=1031, CurrentValue=0.) |
|
Impact |
Voltage abnormality may affect the normal operation of the system |
|
Cause |
A critical voltage alarm occurs. |
|
Recommended action |
1. Execute the display voltage command to identify whether the power module meets the power supply requirements. If it does not meet the power supply requirements, replace the power module. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
VOLTAGE_FATALALARM_CLEAR
|
Message text |
Voltage fatal alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause. $6: Threshold type. $7: Threshold value with unit. $8: Current value with unit. |
|
Severity level |
1 (Alert) |
|
Example |
DEV/1/VOLTAGE_FATALALARM_CLEAR: Voltage fatal alarm cleared. (PhysicalIndex=5683, PhysicalName=Voltage Sensor 2 on Board 14, RelativeResource=0/14, ErrorCode=420001, Reason= Board powered up, ThresholdType=HighAlarm, ThresholdValue= INVALID, CurrentValue= INVALID) |
|
Impact |
No negative impact on the system. |
|
Cause |
A voltage alert alarm was cleared. |
|
Recommended action |
No action is required. |
VOLTAGE_FATALALARM_OCCUR
|
Message text |
Voltage fatal alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault position. $4: Fault code. $5: Fault cause. $6: Threshold type. $7: Threshold value with unit. $8: Current value with unit. |
|
Severity level |
1 (Alert) |
|
Example |
DEV/1/VOLTAGE_FATALALARM_OCCUR: Voltage fatal alarm occurred. (PhysicalIndex=5683, PhysicalName=Voltage Sensor 2 on Board 14, RelativeResource=0/14, ErrorCode=420001, Reason=Board failed to power up, ThresholdType=HighAlarm, ThresholdValue=INVALID, CurrentValue= INVALID) |
|
Impact |
The abnormal voltage might affect the system operation. |
|
Cause |
An alert voltage alarm occurs. |
|
Recommended action |
1. Execute the display voltage command to identify whether the power module meets the power supply requirements. If it does not meet the power supply requirements, replace the power module. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
DHCP
This section contains DHCP messages.
DHCP_NOTSUPPORTED
|
Message text |
Failed to apply filtering rules for DHCP packets because some rules are not supported. |
|
Variable fields |
N/A |
|
Severity level |
3 (Error) |
|
Example |
DHCP/3/DHCP_NOTSUPPORTED: Failed to apply filtering rules for DHCP packets because some rules are not supported. |
|
Impact |
The system cannot process DHCP packets. |
|
Cause |
The system failed to apply filtering rules for DHCP packets because some rules are not supported on the device. |
|
Recommended action |
Disable unnecessary services to release hardware resources, and then re-configure DHCP. |
DHCP_NORESOURCES
|
Message text |
Failed to apply filtering rules for DHCP packets because hardware resources are insufficient. |
|
Variable fields |
N/A |
|
Severity level |
3 (Error) |
|
Example |
DHCP/3/DHCP_NORESOURCES: Failed to apply filtering rules for DHCP packets because hardware resources are insufficient. |
|
Impact |
The system cannot process DHCP packets. |
|
Cause |
The system failed to apply filtering rules for DHCP packets because the hardware resources are insufficient. |
|
Recommended action |
1. Identify whether the device supports DHCP: ¡ If the device does not support DHCP, no action is required. ¡ If the device supports DHCP, enable DHCP again. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
DHCPR
This section contains DHCP relay agent messages.
DHCPR_SERVERCHANGE
|
Message text |
· Switched to the DHCP server at [IPADDR] because the current DHCP server did not respond. · Switched to the DHCP server at [IPADDR] vpnname [STRING] because the current DHCP server does not respond. |
|
Variable fields |
$1: IP address of the DHCP server. $2: VPN information of the DHCP server. |
|
Severity level |
3 (Error) |
|
Example |
· DHCPR/3/DHCPR_SERVERCHANGE: -MDC=1; Switched to the server at 2.2.2.2 because the current server did not respond. · DHCPR/3/DHCPR_SERVERCHANGE: -MDC=1; Switched to the DHCP server at 2.2.2.2 vpnname 1 because the current DHCP server does not respond. |
|
Impact |
The DHCP relay agent turns to another DHCP server for IP address acquisition. |
|
Cause |
The DHCP relay agent did not receive any responses from the current DHCP server and switched to another DHCP server in the specified VPN or on the public network for IP address acquisition. |
|
Recommended action |
No action is required. |
DHCPR_SWITCHMASTER
|
Message text |
Switched to the master DHCP server at [IPADDR]. |
|
Variable fields |
$1: IP address of the master DHCP server. |
|
Severity level |
3 (Error) |
|
Example |
DHCPR/3/DHCPR_SWITCHMASTER: -MDC=1; Switched to the master DHCP server at 2.2.2.2. |
|
Impact |
The DHCP relay agent turns to the master DHCP server for IP address acquisition. |
|
Cause |
After a switchback delay time, the DHCP relay agent switched from a backup DHCP server back to the master DHCP server for IP address acquisition. |
|
Recommended action |
No action is required. |
DHCPS messages
This section contains DHCP server messages.
DHCPS_ALLOCATE_IP
|
Message text |
DHCP server received a DHCP client's request packet on interface [STRING], and allocated an IP address [IPADDR](lease [UINT32] seconds) for the DHCP client(MAC [MAC]) from [STRING] pool. |
|
Variable fields |
$1: Name of the interface on which DHCP server is configured. $2: IPv4 address assigned to the DHCP client. $3: Lease duration of the assigned IPv4 address. $4: MAC address of the DHCP client. $5: Name of the address pool to which the assigned IPv4 address belongs. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS/5/DHCPS_ALLOCATE_IP: DHCP server received a DHCP client’s request packet on interface GigabitEthernet1/0/2, and allocated an IP address 1.0.0.91(lease 86400 seconds) for the DHCP client(MAC 0000-0000-905a) from p1 pool. |
|
Impact |
No negative impact on the system. |
|
Cause |
The DHCP server assigned an IPv4 address lease to a DHCP client. |
|
Recommended action |
No action is required. |
DHCPS_EXTEND_FAILURE
|
Message text |
Extend request from DHCP client (IP [IPADDR], MAC [MAC]) failed, reply NAK message. |
|
Variable fields |
$1: IPv4 address of the DHCP client requesting lease renewal. $2: MAC address of the DHCP client requesting lease renewal. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS/5/DHCPS_EXTEND_FAILURE: Extend request from DHCP client (IP 1.0.0.91, MAC 0000-0000-905a) failed, reply NAK message. |
|
Impact |
The DHCP client cannot use the IP address after lease expiration. |
|
Cause |
This log is generated when one of the following conditions exist: · The IPv4 address has been assigned to another client. · The related address lease does not exist on the DHCP server. |
|
Recommended action |
The DHCP client needs to request a new IPv4 address. |
DHCPS_CONFLICT_IP
|
Message text |
A conflict IP [IPADDR] from [STRING] pool was detected by DHCP server on interface [STRING]. |
|
Variable fields |
$1: IPv4 address that is in conflict. $2: Name of the address pool to which the conflicting IPv4 address belongs. $3: Name of the interface on which DHCP server is configured. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS/5/DHCPS_CONFLICT_IP: A conflict IP 100.1.1.1 from p1 pool was detected by DHCP server on interface GigabitEthernet1/0/2. |
|
Impact |
The conflicting IPv4 address cannot be assigned. |
|
Cause |
The address pool contains an IPv4 interface address of the DHCP server. |
|
Recommended action |
No action is required. |
DHCPS_EXTEND_IP
|
Message text |
DHCP server received a DHCP client's request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IP [IPADDR], MAC [MAC]). |
|
Variable fields |
$1: Name of the interface on which DHCP server is configured. $2: Name of the address pool to which the client's IPv4 address belongs. $3: IPv4 address of the DHCP client. $4: MAC address of the DHCP client. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS/5/DHCPS_EXTEND_IP: DHCP server received a DHCP client’s request packet on interface GigabitEthernet1/0/2, and extended lease from p1 pool for the DHCP client (IP 1.0.0.91, MAC 0000-0000-905a). |
|
Impact |
No negative impact on the system. |
|
Cause |
The DHCP server extended the lease for a DHCP client. |
|
Recommended action |
No action is required. |
DHCPS_FILE
|
Message text |
Failed to save DHCP client information due to lack of storage resources. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
DHCPS/4/DHCPS_FILE: Failed to save DHCP client information due to lack of storage resources. |
|
Impact |
The DHCP server failed to save DHCP client information, and the related DHCP client cannot come online. |
|
Cause |
A new user attempted to come online when the DHCP server did not have sufficient storage resources. |
|
Recommended action |
Delete unnecessary files to release storage resources. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
DHCPS_RECLAIM_IP
|
Message text |
DHCP server reclaimed a [STRING] pool’s lease(IP [IPADDR], lease [UINT32] seconds), which is allocated for the DHCP client (MAC [MAC]). |
|
Variable fields |
$1: Name of the address pool to which the assigned IPv4 address belongs. $2: IPv4 address assigned to the DHCP client. $3: Lease duration of the assigned IPv4 address. $4: MAC address of the DHCP client. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS/5/DHCPS_RECLAIM_IP: DHCP server reclaimed a p1 pool’s lease(IP 1.0.0.91, lease 86400 seconds), which is allocated for the DHCP client (MAC 0000-0000-905a). |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when one of the following conditions exists: · Lease information is deleted through CLI. · The client sends a DHCP-RELEASE message to the DHCP server. · The address lease expires, because the client does not renew the lease. |
|
Recommended action |
No action is required. |
DHCPS_UNAVAILABLE_POOL
|
Message text |
Available address pool [STRING] cannot be found. |
|
Variable fields |
$1: Name of the address pool. If no authorization-specific or policy-specific address pool exists, this field is not displayed. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS/5/DHCPS_UNAVAILABLE_POOL: Available address pool 1 cannot be found. |
|
Impact |
The DHCP server cannot assign an IP address to the requesting DHCP client. |
|
Cause |
The DHCP server is not configured with the required address pool. |
|
Recommended action |
Configure an address pool on the DHCP server as required. |
DHCPS_VERIFY_CLASS
|
Message text |
Illegal DHCP client-PacketType=[STRING]-ClientAddress=[MAC]; |
|
Variable fields |
$1: Type of the packet. $2: Hardware address of the DHCP client. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
The DHCP server does not process the request from the DHCP client. |
|
Cause |
The DHCP server verified that the DHCP client was not on the user class whitelist. |
|
Recommended action |
1. Check the validity of the DHCP client by using the port mirroring feature. ¡ If the DHCP client is unauthorized, ignore the request. ¡ If the DHCP client is authorized, add the user class of the DHCP client to the DHCP user class allowlist. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
DHCPS6 messages
This section contains DHCPv6 server messages.
DHCPS6_ALLOCATE_ADDRESS
|
Message text |
DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 address [IPADDR] (lease [UINT32] seconds) for the DHCPv6 client(DUID [HEX], IAID [HEX]) from [STRING] pool. |
|
Variable fields |
$1: Name of the interface on which DHCPv6 server is configured. $2: IPv6 address assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 address. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. $6: Name of the address pool to which the assigned IPv6 address belongs. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS6/5/ALLOCATE ADDRESS: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and allocated an IPv6 address 2000::3(lease 60 seconds) for the DHCPv6 client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool. |
|
Impact |
No negative impact on the system. |
|
Cause |
The DHCPv6 server assigned an IPv6 address lease to a DHCPv6 client. |
|
Recommended action |
No action is required. |
DHCPS6_ALLOCATE_PREFIX
|
Message text |
DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 prefix [IPADDR] (lease [UINT32] seconds) for the DHCPv6 client(DUID [HEX], IAID [HEX]) from [STRING] pool. |
|
Variable fields |
$1: Name of the interface on which DHCPv6 server is configured. $2: IPv6 prefix assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 prefix. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. $6: Name of the address pool to which the assigned IPv6 prefix belongs. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS6/5/ALLOCATE PREFIX: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and allocated an IPv6 prefix 2000::(lease 60 seconds) for the DHCPv6 client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool. |
|
Impact |
No negative impact on the system. |
|
Cause |
The DHCPv6 server assigned an IPv6 prefix lease to a DHCPv6 client. |
|
Recommended action |
No action is required. |
DHCPS6_CONFLICT_ADDRESS
|
A conflict IPv6 address [IPADDR] from [STRING] pool was detected by DHCPv6 server on interface [STRING]. |
|
|
Variable fields |
$1: IPv6 address that is in conflict. $2: Name of the address pool to which the conflicting IPv6 address belongs. $3: Name of the interface on which DHCPv6 server is configured. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS6/5/DHCPS6_CONFLICT_ADDRESS: A conflict IPv6 address 33::1 from p1 pool was detected by DHCPv6 server on interface Ethernet0/2. |
|
Impact |
The conflicting IPv6 address cannot be assigned. |
|
Cause |
The address pool contains an IPv6 interface address of the DHCPv6 server. |
|
Recommended action |
No action is required. |
DHCPS6_EXTEND_ADDRESS
|
Message text |
DHCPv6 server received a DHCP client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IPv6 address [IPADDR], DUID [HEX], IAID [HEX]). |
|
Variable fields |
$1: Name of the interface on which DHCPv6 server is configured. $2: Name of the address pool to which the client's IPv6 address belongs. $3: IPv6 address of the DHCPv6 client. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS6/5/EXTEND ADDRESS: DHCPv6 server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IPv6 address 2000::3, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f). |
|
Impact |
No negative impact on the system. |
|
Cause |
The DHCPv6 server extended the address lease for a DHCPv6 client. |
|
Recommended action |
No action is required. |
DHCPS6_EXTEND_ADDRESS_FAILURE
|
Message text |
Extend request for address from DHCPv6 client (IPv6 address [IPADDR], DUID [HEX], IAID [HEX]) failed. |
|
Variable fields |
$1: IPv6 address assigned to the DHCPv6 client requesting lease renewal. $2: DUID of the DHCPv6 client requesting lease renewal. $3: IAID of the DHCPv6 client requesting lease renewal. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS6/5/DHCPS6_EXTEND_ADDRESS_FAILURE: Extend request for address from DHCPv6 client (IPv6 address 2000::3, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) failed. |
|
Impact |
The DHCPv6 client cannot use the IPv6 address after lease expiration. |
|
Cause |
This log is generated when one of the following conditions exist: · The IPv6 address has been assigned to another client. · The related address lease does not exist on the DHCPv6 server. |
|
Recommended action |
The DHCPv6 client needs to request a new IPv6 address. |
DHCPS6_EXTEND_PREFIX
|
Message text |
DHCPv6 server received a DHCP client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IPv6 prefix [IPADDR], DUID [HEX], IAID [HEX]). |
|
Variable fields |
$1: Name of the interface on which DHCPv6 server is configured. $2: Name of the address pool to which the client's IPv6 prefix belongs. $3: IPv6 prefix of the DHCPv6 client. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS6/5/EXTEND PREFIX: DHCPv6 server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IPv6 prefix 2000::, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f). |
|
Impact |
No negative impact on the system. |
|
Cause |
The DHCPv6 server extended the prefix lease for a DHCPv6 client. |
|
Recommended action |
No action is required. |
DHCPS6_EXTEND_PREFIX_FAILURE
|
Message text |
Extend request for prefix from DHCPv6 client (IPv6 prefix [IPADDR], DUID [HEX], IAID [HEX]) failed. |
|
Variable fields |
$1: IPv6 prefix assigned to the DHCPv6 client requesting lease renewal. $2: DUID of the DHCPv6 client requesting lease renewal. $3: IAID of the DHCPv6 client requesting lease renewal. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS6/5/DHCPS6_EXTEND_PREFIX_FAILURE: Extend request for prefix from DHCPv6 client (IPv6 prefix 2000::, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) failed. |
|
Impact |
The DHCPv6 client cannot use the IPv6 prefix after lease expiration. |
|
Cause |
This log is generated when one of the following conditions exist: · The IPv6 prefix has been assigned to another client. · The related prefix lease does not exist on the DHCPv6 server. |
|
Recommended action |
The DHCPv6 client needs to request a new IPv6 prefix. |
DHCPS6_FILE
|
Message text |
Failed to save DHCP client information due to lack of storage resources. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
DHCPS6/4/DHCPS6_FILE: Failed to save DHCP client information due to lack of storage resources. |
|
Impact |
The DHCPv6 server failed to save DHCPv6 client information, and the related DHCPv6 client cannot come online. |
|
Cause |
A new user attempted to come online when the DHCPv6 server did not have sufficient storage resources. |
|
Recommended action |
Delete unnecessary files to release storage resources. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
DHCPS6_RECLAIM_ADDRESS
|
Message text |
DHCPv6 server reclaimed a [STRING] pool's lease(IPv6 address [IPADDR], lease [UINT32] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]). |
|
Variable fields |
$1: Name of the address pool to which the assigned IPv6 address belongs. $2: IPv6 address assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 address. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS6/5/RECLAIM ADDRESS: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 address 2000::3, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f). |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when one of the following conditions exists: · The reset command is used to delete lease information. · The client sends a DHCP-RELEASE message to the DHCPv6 server. · The address lease expires, because the client does not renew the lease. |
|
Recommended action |
If the DHCPv6 client needs to come online, request an address lease again. |
DHCPS6_RECLAIM_PREFIX
|
Message text |
DHCPv6 server reclaimed a [STRING] pool’s lease(IPv6 prefix [IPADDR], lease [INTEGER] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]). |
|
Variable fields |
$1: Name of the address pool to which the assigned IPv6 prefix belongs. $2: IPv6 prefix assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 prefix. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS6/5/RECLAIM PREFIX: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 prefix 2000::, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f). |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when one of the following conditions exists: · The reset command is used to delete lease information. · The client sends a DHCP-RELEASE message to the DHCPv6 server. · The prefix lease expires, because the client does not renew the lease. |
|
Recommended action |
If the DHCPv6 client needs to come online, request a prefix lease again. |
DHCPS6_UNAVAILABLE_POOL
|
Message text |
Available [STRING] pool [STRING] cannot be found. |
|
Variable fields |
$1: Pool type, which can be prefix or address. $2: Name of the prefix or address pool. This field is not displayed if one of the following conditions exists: · No authorization-specific or policy-specific address pool exists. · No prefix pool is applied to the address pool. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPS6/5/DHCPS6_UNAVAILABLE_POOL: Available address pool 1 cannot be found. |
|
Impact |
The DHCPv6 server cannot assign an IPv6 prefix or address to the requesting DHCPv6 client. |
|
Cause |
The DHCPv6 server is not configured with the required prefix or address pool. |
|
Recommended action |
Configure a prefix or address pool on the DHCPv6 server as required. |
DHCPSP4
This section contains DHCP snooping (DHCPSP4) messages.
DHCPSP4_FILE
|
Message text |
Failed to save DHCP client information due to lack of storage resources. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
DHCPSP4/4/DHCPSP4_FILE: Failed to save DHCP client information due to lack of storage resources. |
|
Impact |
The DHCP snooping device failed to save DHCP client information, and the related DHCP client cannot come online. |
|
Cause |
A new user attempted to come online when the DHCP snooping device did not have sufficient storage resources. |
|
Recommended action |
Delete unnecessary files to release storage resources. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
DHCPSP4_UNTRUSTED_SERVER
|
Message text |
Detected reply packet from untrusted server. Server info: IPaddress = [IPADDR], MACaddress = [MAC], Interface = [STRING]. |
|
Variable fields |
$1: IP address of the untrusted DHCP server. $2: MAC address of the untrusted DHCP server. $3: Name of the interface facing the untrusted DHCP server. |
|
Severity level |
4 (Warning) |
|
Example |
DHCPSP4/4/DHCPSP4_UNTRUSTED_SERVER: Detected reply packet from untrusted server. Server Info: IPaddress = 192.168.1.1, MACaddress = 78a0-7aa4-0307, Interface = GigabitEthernet1/0/1. |
|
Impact |
|
|
Cause |
This log message is generated under the following conditions: · DHCP snooping is enabled on an interface of the DHCP snooping device, which connects the device to an untrusted DHCP server. · The above interface is configured as an untrusted port. |
|
Recommended action |
Locate the untrusted DHCP server according to the IP address and MAC address information, and isolate the server if necessary. |
DHCPSP4_DROP_PACKET
|
Message text |
DHCP snooping dropped a packet: Message type = [TYPE] Client hardware address = [MAC] Server ID = [IPADDR] Client address = [IPADDR] Drop reason: [STRING] |
|
Variable fields |
$1: Type of the DHCP packet. $2: MAC address of the DHCP client. $3: IP address of the DHCP server. $4: IP address of the DHCP client. $5: Reason why the DHCP packet was dropped: · The sending and receiving interfaces are not in the same VLAN. · The DHCP packet failed to pass the MAC address check. · The DHCP packet failed to pass the DHCP-REQUEST check. · The DHCP packet failed to pass the giaddr address check. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPSP4/5/DHCPSP4_DROP_PACKET: DHCP snooping dropped a packet: Message type = DHCPDISCOVER Client hardware address = 7ec9-5ce2-1600 Server ID = 0.0.0.0 Client address = 0.0.0.0 Drop reason: The DHCP packet failed to pass the giaddr address check. |
|
Impact |
No negative impact on the system. |
|
Cause |
This log message is generated if the following conditions exist: 1. The packet drop alarm is enabled for DHCP snooping. 2. The number of invalid DHCP packets dropped by DHCP snooping reaches the specified alarm threshold. |
|
Recommended action |
Use the information in this log message to locate the source of the DHCP packet, and then troubleshoot the issue. |
DHCPSP6
This section contains DHCPv6 snooping (DHCPSP6) messages.
DHCPSP6_FILE
|
Message text |
Failed to save DHCP client information due to lack of storage resources. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
DHCPSP6/4/DHCPSP6_FILE: Failed to save DHCP client information due to lack of storage resources. |
|
Impact |
The DHCPv6 snooping device failed to save DHCPv6 client information, and the related DHCPv6 client cannot come online. |
|
Cause |
A new user attempted to come online when the DHCPv6 snooping device did not have sufficient storage resources. |
|
Recommended action |
Delete unnecessary files to release storage resources. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
DHCPSP6_DROP_PACKET
|
Message text |
DHCPv6 snooping dropped a packet: Incoming interface = [STRING] Message type = [TYPE] Client hardware address = [MAC] Drop reason: [STRING] |
|
Variable fields |
$1: Interface that received the DHCPv6 packet. $2: Type of the DHCPv6 packet. $3: MAC address of the DHCPv6 client. $4: Reason why the DHCPv6 packet was dropped: · The DHCPv6 packet failed to pass the source address check. · The DHCPv6 packet failed to pass the DHCPv6-REQUEST check. · The DHCPv6 packet failed to pass the RELAY-FORW check. |
|
Severity level |
5 (Notification) |
|
Example |
DHCPSP6/5/DHCPSP6_DROP_PACKET: DHCPv6 snooping drop a packet: Incoming interface = GigabitEthernet2/0/1 Message type = SOLICIT Client hardware address = 7ec9-5ce2-1600 Drop reason: The DHCPv6 packet failed to pass the RELAY-FORW check. |
|
Impact |
No negative impact on the system. |
|
Cause |
This log message is generated if the following conditions exist: 1. The packet drop alarm is enabled for DHCPv6 snooping. 2. The number of invalid DHCPv6 packets dropped by DHCPv6 snooping reaches the specified alarm threshold. |
|
Recommended action |
Use the information in this log message to locate the source of the DHCPv6 packet, and then troubleshoot the issue. |
DIAG messages
This section contains diagnostic messages.
CORE_EXCEED_THRESHOLD
|
Message text |
Usage of CPU [INT] core [INT] exceeded the threshold ([string]). |
|
Variable fields |
$1: CPU ID. $2: CPU core ID. |
|
Severity level |
3 (Error) |
|
Example |
DIAG/3/CORE_EXCEED_THRESHOLD: Usage of CPU 0 core 2 exceeded the threshold (90%). |
|
Impact |
The device's running speed will slow down, CPU processing capacity will decrease, and available CPU resources will be insufficient. |
|
Cause |
The CPU core usage has exceeded the severe CPU core usage alarm threshold. |
|
Recommended action |
2. Use the display process cpu and monitor thread commands to display CPU usage information for all processes. 1. If the issue persists for more than 10 minutes, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
CORE_MINOR_RECOVERY
|
Message text |
Core usage minor alarm CPU [INT] core [INT] removed. |
|
Variable fields |
$1: CPU ID. $2: CPU core ID. |
|
Severity level |
5 (Notification) |
|
Example |
DIAG/5/CORE_MINOR_RECOVERY: Core usage minor alarm CPU 0 core 1 removed. |
|
Impact |
No negative impact on the system. |
|
Cause |
The CPU core usage has dropped to or below the minor CPU core usage alarm threshold. |
|
Recommended action |
No action is required. |
CORE_MINOR_THRESHOLD
|
Message text |
Usage of CPU [INT] core [INT] exceeded the threshold ([string]). |
|
Variable fields |
$1: CPU ID. $2: CPU core ID. |
|
Severity level |
4 (Warning) |
|
Example |
DIAG/4/CORE_MINOR_THRESHOLD: Usage of CPU 0 core 2 exceeded the threshold (80%). |
|
Impact |
The device's operating speed and the CPU processing capability will improve, and available CPU resources will increase. |
|
Cause |
The CPU core usage has exceeded the minor CPU core usage alarm threshold. |
|
Recommended action |
1. Use the display process cpu and monitor thread commands to display CPU usage information for all processes. 2. If the issue persists for more than 10 minutes, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
CORE_RECOVERY
|
Message text |
Core usage alarm CPU [INT] core [INT] removed. |
|
Variable fields |
$1: CPU ID. $2: CPU core ID. |
|
Severity level |
5 (Notification) |
|
Example |
DIAG/5/CORE_RECOVERY: Core usage alarm CPU 0 core 1 removed. |
|
Impact |
No negative impact on the system. |
|
Cause |
The CPU core usage has dropped to or below the severe CPU core usage alarm threshold. |
|
Recommended action |
No action is required. |
CPU_MINOR_RECOVERY
|
Message text |
CPU usage recovered to normal state. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
DIAG/5/CPU_MINOR_THRESHOLD: CPU usage recovered to normal state. |
|
Impact |
No negative impact on the system. |
|
Cause |
The CPU usage decreased below the recovery threshold. The alarm was removed and the CPU usage status changed to recovered state. |
|
Recommended action |
No action is required. |
CPU_MINOR_THRESHOLD
|
Message text |
CPU usage is in minor alarm state. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
DIAG/4/CPU_MINOR_THRESHOLD: CPU usage is in minor alarm state. |
|
Impact |
The device's operating speed and the CPU processing capability will improve, and available CPU resources will increase. |
|
Cause |
The CPU usage increased above the minor alarm threshold and entered minor alarm state. The device sends this message periodically until the CPU usage increases above the severe threshold or the minor alarm is removed. |
|
Recommended action |
1. Use the display process cpu and monitor thread commands to display the CPU usage for all processes. 2. If the issue persists for more than 10 minutes, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
CPU_SEVERE_RECOVERY
|
Message text |
CPU usage severe alarm removed. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
DIAG/5/CPU_SEVERE_RECOVERY: CPU usage severe alarm removed. |
|
Impact |
No negative impact on the system. |
|
Cause |
The CPU usage decreased to or below the minor alarm threshold and the severe alarm was removed. |
|
Recommended action |
No action is required. |
CPU_SEVERE_THRESHOLD
|
Message text |
CPU usage is in severe alarm state. CPU usage: [string] in last 5 seconds. CPU usage thresholds: Minor: [string] Severe: [string] Process info: JID PID PRI State FDs HH:MM:SS CPU Name [INT] [INT] [INT] [string] [INT] [string] [string] [string] … Core states: ID Idle User Kernel Interrupt Busy [string] [string] [string] [string] [string] [string] |
|
Variable fields |
$1: Average CPU usage in the last five seconds. $2: Minor CPU usage alarm threshold. $3: Severe CPU usage alarm threshold. $4 to $11: Information about the top 5 processes with the highest CPU usage when the most recent CPU usage threshold crossing event occurred: · $4: Job ID, which uniquely identifies a process. This ID can survive a process restart. · $5: Process ID. · $6: Process priority. A process with a higher priority is scheduled the first. · $7: State of the process. Options include: ¡ R—running. ¡ S—Sleeping. ¡ T—Traced or stopped. ¡ D—Uninterruptible sleep. ¡ Z—Zombie. · $8: Number of FDs used by the process. · $9: Uptime of the process since the most recent startup. This field displays the uptime only in hours when the uptime is equal to or longer than 100 hours. · $10: CPU used by the process to the total CPU capacity of the device (containerization not supported). · $10: CPU used by the process to the total CPU capacity of the container (containerization supported). · $11: Name of the process. $12 to $11: Information about the CPU cores when the most recent CPU usage threshold crossing event occurred: · $12: ID of the CPU core. · $13: Total idle rate of the CPU core. · $14: CPU core usage of the user process. · $15: CPU core usage of the kernel. · $16: CPU core usage of interrupts. $17: Total CPU core usage. |
|
Severity level |
3 (Error) |
|
Example |
DIAG/3/CPU_THRESHOLD: CPU usage is in severe alarm state. CPU usage: 100% in last 5 seconds. CPU usage thresholds: Minor: 79% Severe: 99% Process info: JID PID PRI State FDs HH:MM:SS CPU Name 981 981 120 R 2890 803h 92.90% forward 19169 3464131 120 S 234 00:35:4 6.33% bgpd 3526894 3526894 135 R 56 00:00:0 0.21% pkg_update 1555 1555 120 R 1002 00:41:0 0.06% diagd 17161 17161 120 S 180 00:49:2 0.10% isisd Core states: ID Idle User Kernel Interrupt Busy CPU1 0.01% 99.88% 0.10% 0.01% 99.99% CPU2 0.01% 99.89% 0.10% 0.00% 99.99% CPU3 0.01% 99.88% 0.10% 0.01% 99.99% CPU4 0.01% 99.88% 0.10% 0.01% 999.9% CPU5 0.01% 99.88% 0.11% 0.00% 99.99% |
|
Impact |
The device's operating speed will become slow, CPU processing capability will decline, and available CPU resources will become insufficient. |
|
Cause |
The CPU usage increased above the severe alarm threshold and entered severe alarm state. The device sends this message periodically until the severe alarm is removed. |
|
Recommended action |
1. Use the display cpu-usage configuration command to view the alarm thresholds. If the settings are not appropriate, use the monitor cpu-usage command to change the settings. 2. If the issue persists for more than 10 minutes, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
DIAG_FD_UPLIMIT_REACHED
|
Message text |
FD number upper limit already reached: Process name=[STRING], PID=[INTEGER]. |
|
Variable fields |
$1: Name of a process. $2: ID of the process. |
|
Severity level |
4 (Warning) |
|
Example |
DIAG/4/DIAG_FD_UPLIMIT_REACHED: FD number upper limit already reached: Process name=snmpd, PID=244. |
|
Impact |
The process cannot open new files. |
|
Cause |
The maximum number of file descriptors that a process can use has been reached. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
DIAG_FD_UPLIMIT_TO_REACH
|
Message text |
Number of FDs is about to reach the upper limit: Process name=[STRING], PID=[INTEGER]. |
|
Variable fields |
$1: Name of a process. $2: ID of the process. |
|
Severity level |
4 (Warning) |
|
Example |
DIAG/4/DIAG_FD_UPLIMIT_TO_REACH: Number of FDs is about to reach the upper limit. Process name=snmpd, PID=244. |
|
Impact |
No negative impact on the system. Observe whether the number of file descriptors used by the process keeps rising. |
|
Cause |
The maximum number of file descriptors that a process can use was about to be reached. |
|
Recommended action |
No action is required. |
DIAG_STORAGE_BELOW_THRESHOLD
|
Message text |
The usage of [STRING] ([UINT32]%) was below or equal to the threshold of [UINT32]%. |
|
Variable fields |
$1: Name of the storage medium. $2: Disk usage of the storage medium. $3: Disk usage threshold for the storage medium. |
|
Severity level |
4 (Warning) |
|
Example |
DIAG/4/DIAG_STORAGE_BELOW_THRESHOLD: The usage of flash (90%) was below or equal to the threshold of 95%. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message indicates that the storage medium has sufficient space, because the disk usage is not higher than the threshold. |
|
Recommended action |
No action is required. |
DIAG_STORAGE_EXCEED_THRESHOLD
|
Message text |
The usage of [STRING] ([UINT32]%) exceeded the threshold of [UINT32]%. |
|
Variable fields |
$1: Name of the storage medium. $2: Disk usage of the storage medium. $3: Disk usage threshold for the storage medium. |
|
Severity level |
4 (Warning) |
|
Example |
DIAG/4/DIAG_STORAGE_EXCEED_THRESHOLD: The usage of flash (96%) exceeded the threshold of 95%. |
|
Impact |
Services that require disk writing will be affected, and the storage medium will not have sufficient space. |
|
Cause |
This message indicates that the storage medium does not have sufficient space, because the disk usage is higher than the threshold. |
|
Recommended action |
1. For files not in use, for example, log files and history software packages, execute the delete /unreserved command to delete the files or back up the files and then execute the delete /unreserved command to delete the files. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
MEM_ALERT
|
Message text |
system memory info: total used free shared buffers cached Mem: [ULONG] [ULONG] [ULONG] [ULONG] [ULONG] [ULONG] -/+ buffers/cache: [ULONG] [ULONG] Swap: [ULONG] [ULONG] [ULONG] Lowmem: [ULONG] [ULONG] [ULONG] |
|
Variable fields |
· Mem—Memory information of the whole system: ¡ $1: Total size of allocatable physical memory. The system physical memory contains allocatable physical memory and unallocatable physical memory. Unallocatable physical memory is mainly used for kernel code storage, kernel management, and running of basic functions. Allocatable physical memory is used for such tasks as running service modules and storing files. The size of unallocatable physical memory is automatically calculated based on the system operation requirements. The size of allocatable physical memory is the total physical memory size minus the unallocatable physical memory size. ¡ $2: Size of the physical memory used by the system. ¡ $3: Size of free physical memory of the system. ¡ $4: Total size of physical memory shared by processes. ¡ $5: Size of physical memory used for buffers. ¡ $6: Size of physical memory used for caches. · -/+ buffers/cache—Memory usage information of applications: ¡ $7: -/+ Buffers/Cache:used = Mem:Used – Mem:Buffers – Mem:Cached, which indicates the size of physical memory used by applications. ¡ $8: -/+ Buffers/Cache:free = Mem:Free + Mem:Buffers + Mem:Cached, which indicates the size of physical memory available for applications. · Swap—Swap memory usage information: ¡ $9: Total size of swap memory. ¡ $10: Size of used swap memory. ¡ $11: Size of free swap memory. · Lowmem—Low memory usage information: ¡ $12: Total size of low memory. ¡ $13: Size of used low memory. ¡ $14: Size of free low memory. |
|
Severity level |
4 (Warning) |
|
Example |
DIAG/4/MEM_ALERT: system memory info: total used free shared buffers cached Mem: 1784424 920896 863528 0 0 35400 -/+ buffers/cache: 885496 898928 Swap: 0 0 0 Lowmem: 735848 637896 97952 |
|
Impact |
No negative impact on the system. Observe whether the available memory keeps decreasing. |
|
Cause |
A memory alarm was generated, displaying memory usage information. The system generates this message when the used memory is greater than or equal to the minor, severe, or critical threshold of memory usage. |
|
Recommended action |
You can perform the following tasks to help remove the alarm: · Verify that appropriate alarm thresholds are set. To view the alarm thresholds, use the display memory-threshold command. Then you can use the memory-threshold command to modify the alarm thresholds if required. · Verify that the device is not under attack by checking the ARP table and routing table. · Examine and optimize the network, for example, reduce the number of routes, or replace the device with a higher-performance device. |
MEM_BELOW_THRESHOLD
|
Message text |
Memory usage has dropped below [STRING] threshold. |
|
Variable fields |
$1: Memory usage threshold name: minor, severe, critical, or early-warning. |
|
Severity level |
1 (Alert) |
|
Example |
DIAG/1/MEM_BELOW_THRESHOLD: Memory usage has dropped below critical threshold. |
|
Impact |
No negative impact on the system. |
|
Cause |
A memory alarm was removed. The message is sent when the system free memory is greater than a memory alarm recovery threshold. |
|
Recommended action |
No action is required. |
MEM_EXCEED_THRESHOLD
|
Message text |
Memory [STRING] threshold has been exceeded. |
|
Variable fields |
$1: Memory usage threshold name: minor, severe, critical, or early-warning. |
|
Severity level |
1 (Alert) |
|
Example |
DIAG/1/MEM_EXCEED_THRESHOLD: Memory minor threshold has been exceeded. |
|
Impact |
The running speed of the device will become low and the available memory resources will become insufficient. |
|
Cause |
A memory alarm was notified. When the used memory size is greater than or equal to the minor, severe, or critical threshold of memory usage, the system generates this message and notifies services modules to perform auto repair, such as releasing memory and stopping requesting memory. |
|
Recommended action |
You can perform the following tasks to help remove the alarm: · Verify that appropriate alarm thresholds are set. To view the alarm thresholds, use the display memory-threshold command. Then you can use the memory-threshold command to modify the alarm thresholds if required. · Verify that the device is not under attack by checking the ARP table and routing table. · Examine and optimize the network, for example, reduce the number of routes or replace the device with a higher-performance device. |
DIM engine messages
This section contains DPI engine messages.
DIM_SIGNATURE_WARNING
|
Message text |
Failed to write signature file to storage, because there is not enough free space. |
|
Severity level |
4 (Warning) |
|
Example |
DPI/4/DIM_SIGNATURE_WARNING: Failed to write signature file to storage, because there is not enough free space. |
|
Impact |
The signature library update or rollback will fail. |
|
Cause |
This message is generated when a signature library fails to be updated or rolled back due to insufficient storage space in the flash memory. |
|
Recommended action |
Release some storage space (for example, in the flash memory) before updating or rolling back a signature library. |
DIM_ACTIVE_WARNING
|
Message text |
The device fails to activate the DPI engine due to insufficient memory space after the free-memory normal state threshold is reached. DPI services were no longer in effect. |
|
Severity level |
4 (Warning) |
|
Example |
DPI/4/DIM_ACTIVE_WARNING: The device fails to activate the DPI engine due to insufficient memory space after the free-memory normal state threshold is reached. DPI services were no longer in effect. |
|
Impact |
DPI services do not take effect. |
|
Cause |
This message is generated when the device fails to activate the DPI engine due to insufficient memory space. |
|
Recommended action |
Release some storage space and then execute the inspect activate command. |
DOT1X messages
This section contains 802.1X messages.
DOT1X_CLEAR_MAX_USER_THRESHOLD
|
Message text |
The max-user alarm trigger condition cleared when the percentage of online 802.1X users reached or dropped below the max-user alarm clear threshold on interface [STRING]. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
5 (Notification) |
|
Example |
DOT1X/5/DOT1X_CLEAR_MAX_USER_THRESHOLD: The max-user alarm trigger condition cleared when the percentage of online 802.1X users reached or dropped below the max-user alarm clear threshold on interface GigabitEthernet1/0/1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The percentage of current online 802.1X users to the maximum number of concurrent 802.1X users on the interface dropped to the alarm clear threshold from a value above or equal to the alarm threshold. |
|
Recommended action |
No action is required. |
DOT1X_CONFIG_NOTSUPPORT
|
Message text |
802.1X is not supported on interface [STRING]. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 (Error) |
|
Example |
DOT1X/3/DOT1X_CONFIG_NOTSUPPORT: 802.1X is not supported on interface GigabitEthernet1/0/1. |
|
Impact |
The interface cannot use the 802.1X feature. |
|
Cause |
Enable 802.1X on an interface that does not support 802.1X. |
|
Recommended action |
Disable 802.1X on the interface and configure 802.1X on an interface that supports the feature. |
DOT1X_LOGIN_FAILURE
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-ErrCode=[STRING]; User failed 802.1X authentication. Reason: [STRING]. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: Error code. $6: Failure cause: · MAC address authorization failed. · VLAN authorization failed. · VSI authorization failed. · ACL authorization failed. · User profile authorization failed. · URL authorization failed. · Microsegment authorization failed. · VSI authorization failed because of insufficient resources. · ACL authorization failed because of insufficient resources. · MAC address authorization failed after a MAC move. · VLAN authorization failed because of failure in authorization VLAN selection. · VLAN authorization failed because a free VLAN was assigned as the authorization VLAN. · VLAN authorization failed because of failure in authorization VLAN creation. · Tagged VLAN authorization failed in port-based access control. · Untagged VLAN authorization failed in port-based access control. · Tagged VLAN authorization failed in MAC-based access control. · Untagged VLAN authorization failed in MAC-based access control. · VSI authorization failed because the user belongs to a free VLAN. · VSI authorization failed because the user's access interface does not permit the user VLAN. · VSI authorization failed because of failure in AC creation. · ACL authorization failed because the specified ACL does not exist. · ACL authorization failed because of unsupported ACL type. · ACL authorization failed because the specified ACL conflicts with other ACLs on the user's access interface. · ACL authorization failed because no rule was obtained for the specified ACL. · ACL authorization failed because of ACL parameter error. · User profile authorization failed because an invalid user profile was assigned to the user (the authorization-fail offline feature is enabled). · User profile authorization failed because of failure in issuing the specified user profile to driver. · URL authorization failed because of insufficient resources. · URL authorization failed because of invalid parameter in the specified URL. · URL authorization failed because the specified URL was not supported. · URL authorization failed because of deny rule issuing failure. · URL authorization failed because of failure in issuing the specified URL to driver. · URL authorization failed because no servers were reachable and the url-user-logoff parameter was specified. · URL authorization failed because the escape critical VSI feature of port security was configured. |
|
Severity level |
6 (Informational) |
|
Example |
DOT1X/6/DOT1X_LOGIN_FAILURE: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0001-0020-VLANID=2-Username=aaa-ErrCode=5; User failed 802.1X authentication. Reason: ACL authorization failed. |
|
Impact |
The 802.1X user cannot come online. |
|
Cause |
See the failure cause in the log message. |
|
Recommended action |
1. Verify that the 802.1X authentication settings are correct. 2. Locate the issue based on the failure cause in the log message. If the configuration on the device or authentication server is incorrect, edit the configuration immediately. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
DOT1X_LOGIN_SUCC
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-AccessVLANID=[STRING]-AuthorizationVLANID=[STRING]-Username=[STRING]; User passed 802.1X authentication and came online. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: ID of the access VLAN. $4: ID of the authorization VLAN. $5: Username. |
|
Severity level |
6 (Informational) |
|
Example |
DOT1X/6/DOT1X_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-AccessVLANID=444-AuthorizationVLANID=444-Username=aaa; User passed 802.1X authentication and came online. |
|
Impact |
The 802.1X user came online successfully. |
|
Cause |
The user passed 802.1X authentication to come online. |
|
Recommended action |
No action is required. |
DOT1X_LOGIN_SUCC (in open mode)
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; The user that failed 802.1X authentication passed open authentication and came online. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. |
|
Severity level |
6 (Informational) |
|
Example |
DOT1X/6/DOT1X_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9; The user that failed 802.1X authentication passed open authentication and came online. |
|
Impact |
The 802.1X user came online successfully. |
|
Cause |
A user failed 802.1X authentication but passed open authentication to come online. |
|
Recommended action |
No action is required. |
DOT1X_LOGOFF
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; 802.1X user was logged off. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. |
|
Severity level |
6 (Informational) |
|
Example |
DOT1X/6/DOT1X_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa-ErrCode=11; 802.1X user was logged off. |
|
Impact |
The 802.1X user was logged off. |
|
Cause |
The 802.1X user was logged off as requested. |
|
Recommended action |
No action is required. |
DOT1X_LOGOFF (in open mode)
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; 802.1X open user was logged off. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. |
|
Severity level |
6 (Informational) |
|
Example |
DOT1X/6/DOT1X_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa-ErrCode=11; 802.1X open user was logged off. |
|
Impact |
The 802.1X open user was logged off. |
|
Cause |
An 802.1X open user was logged off as requested. |
|
Recommended action |
No action is required. |
DOT1X_LOGOFF_ABNORMAL
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-ErrCode=[STRING]; 802.1X user was logged off abnormally. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: Error code: |
|
Severity level |
6 (Informational) |
|
Example |
DOT1X/6/DOT1X_LOGOFF_ABNORMAL:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa-ErrCode=11; 802.1X user was logged off abnormally. |
|
Impact |
The 802.1X user was logged off abnormally. |
|
Cause |
See the error code in the log message. |
|
Recommended action |
1. Locate the issue based on the error code in the log message. Edit the related settings on the device and server immediately. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
DOT1X_LOGOFF_ABNORMAL (in open mode)
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-ErrCode=[STRING]; 802.1X open user was logged off abnormally. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: Error code. |
|
Severity level |
6 (Informational) |
|
Example |
DOT1X/6/DOT1X_LOGOFF_ABNORMAL:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=aaa-ErrCode=11; 802.1X open user was logged off abnormally. |
|
Impact |
The 802.1X open user was logged off abnormally. |
|
Cause |
See the error code in the log message. |
|
Recommended action |
1. Locate the issue based on the error code in the log message. Edit the related settings on the device and server immediately. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
DOT1X_MACBINDING_EXIST
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]; MAC address was already bound to interface [STRING]. |
|
Variable fields |
$1: Type and number of the access interface. $2: MAC address. $3: VLAN ID. $4: Username. $5: Type and number of the interface to which the MAC address was bound. |
|
Severity level |
6 (Informational) |
|
Example |
DOT1X/6/DOT1X_MACBINDING_EXIST: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0001-0020-VLANID=2-Username=aaa; MAC address was already bound to interface GigabitEthernet1/0/3. |
|
Impact |
The user cannot come online on the interface. |
|
Cause |
The MAC address of the 802.1X user has already been bound to another interface. |
|
Recommended action |
To have the user to come online on a new interface, delete the related 802.1X MAC address binding entry from the bound interface. |
DOT1X_MAX_USER_THRESHOLD
|
Message text |
The percentage of online 802.1X users reached or exceeded the max-user alarm trigger threshold on interface [STRING]. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
4 (Warning) |
|
Example |
DOT1X/4/DOT1X_MAX_USER_THRESHOLD: The percentage of online 802.1X users reached or exceeded the max-user alarm trigger threshold on interface GigabitEthernet1/0/1. |
|
Impact |
New 802.1X users cannot come online when the number of 802.1X users has reached the upper limit. |
|
Cause |
The percentage of current online 802.1X users to the maximum number of concurrent 802.1X users on the interface reached the specified alarm threshold for the first time, or increased to the alarm threshold from a value below or equal to the alarm clear threshold. |
|
Recommended action |
1. Use the display dot1x interface command to view the maximum number of concurrent 802.1X users on the interface. If the maximum number is too small, reconfigure by using the dot1x max-user command. 2. Use the display dot1x command to view the alarm threshold for online 802.1X users. If the alarm threshold is too low, reconfigure by using the dot1x max-user-alarm command. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
DOT1X_NOTENOUGH_EADFREEIP_RES
|
Message text |
Failed to assign a rule for Free IP [IPADDR] on interface [STRING] due to lack of ACL resources. |
|
Variable fields |
$1: Free IP. $2: Interface type and number. |
|
Severity level |
3 (Error) |
|
Example |
DOT1X/3/DOT1X_NOTENOUGH_EADFREEIP_RES: Failed to assign a rule for Free IP 1.1.1.0 on interface Ethernet3/1/2 due to lack of ACL resources. |
|
Impact |
The user cannot access the resources of the free IP. |
|
Cause |
Enabled with EAD assistant, the device failed to assign an ACL rule to permit a free IP on an interface because of ACL resource shortage. |
|
Recommended action |
1. The device might be busy. Disable 802.1X on the interface, and then re-enable 802.1X later. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
DOT1X_NOTENOUGH_EADFREEMSEG_RES
|
Message text |
Failed to assign a rule for free microsegment [STRING] on interface [STRING] due to lack of ACL resources. |
|
Variable fields |
$1: Free microsegment ID. $2: Interface type and number. |
|
Severity level |
3 (Error) |
|
Example |
DOT1X/3/DOT1X_NOTENOUGH_EADFREEMSEG_RES: Failed to assign a rule for free microsegment 1 on interface Ethernet3/1/2 due to lack of ACL resources. |
|
Impact |
The user cannot access the resources of the free microsegment. |
|
Cause |
Enabled with EAD assistant, the device failed to assign an ACL rule to permit a free microsegment on an interface because of ACL resource shortage. |
|
Recommended action |
1. The device might be busy. Disable 802.1X on the interface, and then re-enable 802.1X later. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
DOT1X_NOTENOUGH_EADFREERULE_RES
|
Message text |
Failed to assign a rule for permitting DHCP and DNS packets on interface [STRING] due to lack of ACL resources. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 (Error) |
|
Example |
DOT1X/3/DOT1X_NOTENOUGH_EADFREERULE_RES: Failed to assign a rule for permitting DHCP and DNS packets on interface Ethernet3/1/2 due to lack of ACL resources. |
|
Impact |
The interface cannot filter DHCP and DNS packets. |
|
Cause |
Enabled with EAD assistant, the device failed to assign an ACL rule to permit DHCP and DNS packets on an interface because of ACL resource shortage. |
|
Recommended action |
1. The device might be busy. Disable 802.1X on the interface, and then re-enable 802.1X later. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
DOT1X_NOTENOUGH_EADMACREDIR_RES
|
Message text |
Failed to assign a rule for redirecting HTTP packets with source MAC address [MAC] on interface [STRING]. |
|
Variable fields |
$1: Source MAC address of HTTP packets. $2: Interface type and number. |
|
Severity level |
3 (Error) |
|
Example |
DOT1X/3/DOT1X_NOTENOUGH_EADMACREDIR_RES: Failed to assign a rule for redirecting HTTP packets with source MAC address 00e0-fc00-5915 on interface Ethernet3/1/2. |
|
Impact |
HTTP packets cannot be redirected. |
|
Cause |
Enabled with EAD assistant, the device failed to redirect HTTP packet with the designated source MAC on an interface because of ACL resource shortage. |
|
Recommended action |
1. The device might be busy. Disable 802.1X on the interface, and then re-enable 802.1X later. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
DOT1X_NOTENOUGH_EADPORTREDIR_RES
|
Message text |
Failed to assign a rule for redirecting HTTP packets on interface [STRING] due to lack of ACL resources. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 (Error) |
|
Example |
DOT1X/3/DOT1X_NOTENOUGH_EADPORTREDIR_RES: Failed to assign a rule for redirecting HTTP packets on interface Ethernet3/1/2 due to lack of ACL resources. |
|
Impact |
HTTP packets cannot be redirected. |
|
Cause |
Enabled with EAD assistant, the device failed to assign an ACL rule to redirect HTTP packets on an interface because of ACL resource shortage. |
|
Recommended action |
1. The device might be busy. Disable 802.1X on the interface, and then re-enable 802.1X later. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
DOT1X_NOTENOUGH_ENABLEDOT1X_RES
|
Message text |
Failed to enable 802.1X on interface [STRING] due to lack of ACL resources. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 (Error) |
|
Example |
DOT1X/3/DOT1X_NOTENOUGH_ENABLEDOT1X_RES: Failed to enable 802.1X on interface Ethernet3/1/2 due to lack of ACL resources. |
|
Impact |
You cannot enable 802.1X on the interface. |
|
Cause |
ACL resources are insufficient. |
|
Recommended action |
1. The device might be busy. Disable 802.1X on the interface, and then re-enable 802.1X later. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
DOT1X_PEXAGG_NOMEMBER_RES
|
Message text |
Failed to enable 802.1X on interface [STRING] because the Layer 2 extended-link aggregate interface does not have member ports. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 (Error) |
|
Example |
DOT1X/3/DOT1X_PEXAGG_NOMEMBER_RES: Failed to enable 802.1X on interface Bridge-Aggregation100 because the Layer 2 extended-link aggregate interface does not have member ports. |
|
Impact |
802.1X on the Layer 2 extended-link aggregate interface does not take effect. |
|
Cause |
The Layer 2 extended-link aggregate interface does not have member ports. |
|
Recommended action |
Disable 802.1X on the interface, add a member port to the interface, and then re-enable 802.1X. |
DOT1X_SMARTON_FAILURE
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]; User failed SmartOn authentication because [STRING]. |
|
Variable fields |
$1: Interface type and number. $2: MAC address. $3: Cause of failure: · the password was wrong. · the switch ID was wrong. |
|
Severity level |
6 (Informational) |
|
Example |
DOT1X/6/DOT1X_SMARTON_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; User failed SmartOn authentication because the password was wrong. |
|
Impact |
SmartOn authentication has failed. |
|
Cause |
The SmartOn authentication failure is caused by the following reasons. · Incorrect password. · Incorrect switch ID. |
|
Recommended action |
Make sure the password and switch ID configured on the device and client are the same. |
DOT1X_UNICAST_NOT_EFFECTIVE
|
Message text |
The unicast trigger feature is enabled but is not effective on interface [STRING]. |
|
Variable fields |
$1: Interface type and number. |
|
Severity level |
3 (Error) |
|
Example |
DOT1X/3/DOT1X_UNICAST_NOT_EFFECTIVE: The unicast trigger feature is enabled but is not effective on interface Ethernet3/1/2. |
|
Impact |
The unicast trigger setting does not take effect on the interface. |
|
Cause |
Configure unicast trigger on an interface that does not support unicast trigger. |
|
Recommended action |
Reconnect the 802.1X clients to another interface that supports the unicast trigger feature. |
FIB messages
This section contains FIB messages.
FIB_PREFIX_ENOUGHRESOURCE
|
Message text |
Issued the software entry to the driver for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Issued the software entry to the driver for IP address [STRING] and mask length [UINT32] on the public network. |
|
Variable fields |
$1: IPv4 or IPv6 address. $2: Mask or prefix length. $3: VPN instance name. This field is not available for the public network. |
|
Severity level |
6 (Informational) |
|
Example |
FIB/6/FIB_PREFIX_ENOUGHRESOURCE: Issued the software entry to the driver for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_PREFIX_ENOUGHRESOURCE: Issued the software entry to the driver for IP address 10::2 and mask length 128 on the public network. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message occurs when the system successfully updates the FIB entry in hardware with the FIB entry in software for an IP address for consistency. You can use the following commands to enable FIB entry consistency check and the generation of this log for IPv4 and IPv6: · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). |
|
Recommended action |
No action is required. |
FIB_PREFIX_INCONSISTENT
|
Message text |
Inconsistent software and hardware FIB entries for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Inconsistent parameters: [STRING]. Inconsistent software and hardware FIB entries for IP address [STRING] and mask length [UINT32] on the public network. Inconsistent parameters: [STRING]. |
|
Variable fields |
$1: IPv4 or IPv6 address. $2: Mask or prefix length. $3: VPN instance name. This field is not available for the public network. $4: Inconsistent parameters. Options: ¡ Next hop ¡ MPLS label ¡ Adjacent-table ¡ Micro-segment ID |
|
Severity level |
6 (Informational) |
|
Example |
FIB/6/FIB_PREFIX_INCONSISTENT: Inconsistent software and hardware FIB entries for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. Inconsistent parameters: next hop, mpls label, adjacent-table and micro-segment ID. FIB/6/FIB_PREFIX_INCONSISTENT: Inconsistent software and hardware FIB entries for IP address 10::2 and mask length 128 on the public network. Inconsistent parameters: next hop, mpls label, adjacent-table and micro-segment ID. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message occurs when the system detects an inconsistency between the FIB entry in software and FIB entry in hardware for an IP address. You can use the following commands to enable FIB entry consistency check for IPv4 and IPv6. · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). Once the device detects an inconsistency, it will generate this type of log. |
|
Recommended action |
No action is required. The device will update the FIB entry in hardware with the FIB entry in software automatically. |
FIB_PREFIX_NORESOURCE
|
Message text |
Not enough hardware resources to issue the software entry to the driver for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Not enough hardware resources to issue the software entry to the driver for IP address [STRING] and mask length [UINT32] on the public network. |
|
Variable fields |
$1: IPv4 or IPv6 address. $2: Mask or prefix length. $3: VPN instance name. This field is not available for the public network. |
|
Severity level |
6 (Informational) |
|
Example |
FIB/6/FIB_PREFIX_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_PREFIX_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IP address 10::2 and mask length 128 on the public network. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message occurs when the system fails to update the FIB entry in hardware with the FIB entry in software for an IP address for consistency. You can use the following commands to enable FIB entry consistency check and the generation of this log for IPv4 and IPv6: · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). |
|
Recommended action |
No action is required. The device will attempt to re-issue the FIB entry from software to hardware automatically. |
FIB_VN_ENOUGHRESOURCE
|
Message text |
Issued the following [UINT32] software FIB entries to the driver: Entry for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Issued the following [UINT32] software FIB entries to the driver: Entry for IP address [STRING] and mask length [UINT32] on the public network. |
|
Variable fields |
$1: Number of resynchronized FIB entries. $2: IPv4 or IPv6 address. $3: Mask or prefix length. $4: VPN instance name. This field is not available for the public network. |
|
Severity level |
6 (Informational) |
|
Example |
FIB/6/FIB_VN_ENOUGHRESOURCE: Issued the following 1 software FIB entries to the driver: Entry for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_PREFIX_ENOUGHRESOURCE: Issued the following 1 software FIB entries to the driver: Entry for IP address 10::2 and mask length 128 on the public network. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device attempts to re-issue virtual next hop information to hardware if it has failed to issue this information during synchronization of some FIB entries from software to hardware for consistency. This message occurs after the system successfully re-issues virtual next hop information to hardware. You can use one of the following commands to enable FIB entry consistency check and the generation of this log for IPv4 and IPv6: · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). |
|
Recommended action |
No action is required. |
FIB_VN_INCONSISTENT
|
Message text |
Inconsistent software and hardware entries for the following [UINT32] FIB entries. Inconsistent parameters: [STRING]. Entry for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Inconsistent software and hardware entries for the following [UINT32] FIB entries. Inconsistent parameters: [STRING]. Entry for IP address [STRING] and mask length [UINT32] on the public network. |
|
Variable fields |
$1: Number of inconsistent FIB entries. $2: Inconsistent parameters. ¡ Next hop ¡ MPLS label ¡ Maximum number of ECMP routes ¡ Output tunnel interface $3: IPv4 or IPv6 address. $4: Mask or prefix length. $5: VPN instance name. If the FIB table runs on the public network, this field will not be displayed. |
|
Severity level |
6 (Informational) |
|
Example |
FIB/6/FIB_VN_INCONSISTENT: Inconsistent software and hardware entries for the following 1 FIB entries. Inconsistent parameters: next hop and mpls label. Entry for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_VN_INCONSISTENT: Inconsistent software and hardware entries for the following 1 FIB entries. Inconsistent parameters: next hop and mpls label. Entry for IP address 10::2 and mask length 128 on the public network. |
|
Impact |
No negative impact on the system. |
|
Cause |
You can use one of the following commands to enable FIB entry consistency check · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). Once the device detects an inconsistency between virtual nexthop entries in software and in hardware, it will generate this log to inform the user of the inconsistent FIB entries. |
|
Recommended action |
No action is required. The device will update the inconsistent virtual nexthop entries in hardware with the virtual nexthop entries in software automatically. |
FIB_VN_NORESOURCE
|
Message text |
Not enough hardware resources to issue the following [UINT32] software FIB entries to the driver: Entry for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Not enough hardware resources to issue the following [UINT32] software FIB entries to the driver: Entry for IP address [STRING] and mask length [UINT32] on the public network. |
|
Variable fields |
$1: Number of FIB entries that failed to be issued to the hardware. $2: IPv4 or IPv6 address. $3: Mask or prefix length. $4: VPN instance name. If the FIB table runs on the public network, this field will not be displayed. |
|
Severity level |
6 (Informational) |
|
Example |
FIB/6/FIB_VN_NORESOURCE: Not enough hardware resources to issue the following 1 software FIB entries to the driver: Entry for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_VN_NORESOURCE: Not enough hardware resources to issue the following 1 software FIB entries to the driver: Entry for IP address 10::2 and mask length 128 on the public network. |
|
Impact |
No negative impact on the system. |
|
Cause |
You can use one of the following commands to enable FIB entry consistency check and the generation of this log for IPv4 and IPv6: · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). With FIB entry consistency check enabled, the device will generate this type of log if it fails to issue some software virtual nexthop entries to the hardware due to insufficient hardware resources. This log informs the user of the invalid FIB entries. |
|
Recommended action |
No action is required. The device will re-issue the software virtual nexthop entries to the hardware automatically. |
FNOTIFY messages
This section contains Forward Utility (FNOTIFY) messages.
NOTIFY
|
Message text |
The feature [STRING] has not finished to process the [STRING] event in [UINT32] minutes. |
|
Variable fields |
$1: Feature name. ¡ ARP ¡ ND ¡ FIB ¡ WADJ ¡ L2VFIB ¡ WADJ6 ¡ OVERLAYMAC $2: Phase name. ¡ RESTORE: Data restoration. ¡ CROSSRESTORE: Data restoration between modules. ¡ RESTOREOVER: Restoration complete. ¡ PHASE3: SCM phase 3. $3: Time period, in minutes. |
|
Severity level |
6 (Informational) |
|
Example |
FNOTIFY/6/NOTIFY_EVENT: The feature ARP has not finished to process the PHASE3 event in 20 minutes |
|
Impact |
The feature will be unavailable temporarily. |
|
Cause |
This message is sent when data synchronization between modules fails. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
FS messages
This section contains file system messages.
FS_UNFORMATTED_PARTITION
|
Message text |
Partition [STRING] is not formatted yet. Please format the partition first. |
|
Variable fields |
$1: Partition name. |
|
Severity level |
4 (Warning) |
|
Example |
FS/4/FS_UNFORMATED_PARTITION: Partition usba0: is not formatted yet. Please format the partition first. |
|
Impact |
This issue might lead to storage medium read and write failures. |
|
Cause |
The partition is not formatted. You must format a partition before you can perform other operations on the partition. |
|
Recommended action |
Format the specified partition. |
FTP messages
This section contains File Transfer Protocol messages.
FTP_ACL_DENY
|
Message text |
The FTP Connection [IPADDR]([STRING]) request was denied according to ACL rules. |
|
Variable fields |
$1: IP address of the FTP client. $2: VPN instance to which the IP address of the FTP client belongs. |
|
Severity level |
5 (Notification) |
|
Example |
FTP/5/FTP_ACL_DENY: The FTP Connection 1.2.3.4(vpn1) request was denied according to ACL rules. |
|
Impact |
The system might be attacked. |
|
Cause |
The ACL for controlling FTP access denied the access request of an FTP client. |
|
Recommended action |
Contact Technical Support to verify that the FTP connection matches the related ACL rules. |
FTP_REACH_SESSION_LIMIT
|
Message text |
FTP client [STRING] failed to log in. The current number of FTP sessions is [NUMBER]. The maximum number allowed is ([NUMBER]). |
|
Variable fields |
$1: IP address of the FTP client. $2: Current number of FTP sessions. $3: Maximum number of FTP sessions allowed by the device. |
|
Severity level |
|
|
Example |
|
|
Impact |
The FTP user cannot access the system correctly. |
|
Cause |
The number of FTP client connections reached the limit. |
|
Recommended action |
1. Use the display current-configuration | include session-limit command to view the current limit for FTP connections. If the command does not display the limit, the device is using the default setting. 2. If you want to set a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required. |
HOTPLUG messages
This section contains interface hot swapping messages.
HOTPLUG_PORT_PLUGIN
|
Message text |
A port is hot pluged in: Port:[STRING], PCI:[STRING]. |
|
Variable fields |
$1: Interface name. $2: Port PCI information. |
|
Severity level |
6 (Informational) |
|
Example |
HOTPLUG/6/HOTPLUG_PORT_PLUGIN: A port is hot pluged in: Port:GigabitEthernet1/0/1, PCI:08.00.0. |
|
Impact |
No negative impact on the system. |
|
Cause |
A hot-swapping-in event was detected on a port. |
|
Recommended action |
No action is required. |
HOTPLUG_PORT_PLUGOUT
|
Message text |
A port is hot pluged out: Port:[STRING], PCI:[STRING]. |
|
Variable fields |
$1: Port name. $2: Port PCI information. |
|
Severity level |
6 (Informational) |
|
Example |
HOTPLUG/6//HOTPLUG_PORT_PLUGOUT: A port is hot pluged out: Port:GigabitEthernet1/0/1, PCI:08.00.0. |
|
Impact |
The interface cannot provide the forwarding service. |
|
Cause |
A hot-swapping-out event was detected on a port. |
|
Recommended action |
If the administrator disconnects the network cable, no action is required. In other situations, reconnect the network cable. If the network cable or port is damaged, replace it. |
HTTPD messages
This section contains HTTP daemon messages.
HTTPD_CONNECT
|
Message text |
[STRING] client [STRING] connected to the server successfully. |
|
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
|
Severity level |
6 (Informational) |
|
Example |
HTTPD/6/HTTPD_CONNECT: HTTP client 192.168.30.117 connected to the server successfully. |
|
Impact |
No negative impact on the system. |
|
Cause |
The HTTP or HTTPS server accepted the request from a client. An HTTP or HTTPS connection was set up. |
|
Recommended action |
No action is required. |
HTTPD_CONNECT_TIMEOUT
|
Message text |
[STRING] client [STRING] connection idle timeout. |
|
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
|
Severity level |
6 (Informational) |
|
Example |
HTTPD/6/HTTPD_CONNECT_TIMEOUT: HTTP client 192.168.30.117 connection to server idle timeout. |
|
Impact |
No negative impact on the system. |
|
Cause |
An HTTP or HTTPS connection was disconnected because the idle timeout timer expires. |
|
Recommended action |
No action is required. |
HTTPD_DISCONNECT
|
Message text |
[STRING] client [STRING] disconnected from the server. |
|
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
|
Severity level |
6 (Informational) |
|
Example |
HTTPD/6/HTTPD_DISCONNECT: HTTP client 192.168.30.117 disconnected from the server. |
|
Impact |
No negative impact on the system. |
|
Cause |
An HTTP or HTTPS client was disconnected from the server. |
|
Recommended action |
No action is required. |
HTTPD_FAIL_FOR_ACP
|
Message text |
[STRING] client [STRING] was denied by the certificate access control policy and could not connect to the server. |
|
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
|
Severity level |
6 (Informational) |
|
Example |
HTTPD/6/HTTPD_FAIL_FOR_ACP: HTTP client 192.168.30.117 was denied by the certificate attribute access control policy and could not connect to the server. |
|
Impact |
The system might be subjected to attacks. |
|
Cause |
An HTTP or HTTPS client was denied by the certificate access control policy. |
|
Recommended action |
Contact the technical support to review the certificate attribute access control policy and ensure that the HTTP/HTTPS connection can pass the policy check. |
HTTPD_REACH_CONNECT_LIMIT
|
Message text |
[STRING] client [STRING] failed to connect to the server, because the number of connections reached the upper limit. |
|
Variable fields |
$1: Connection type, HTTP or HTTPS. $2: Client IP address. |
|
Severity level |
6 (Informational) |
|
Example |
HTTPD/6/HTTPD_REACH_CONNECT_LIMIT: HTTP client 192.168.30.117 failed to connect to the server, because the number of connections reached the upper limit. |
|
Impact |
Web users cannot log in. |
|
Cause |
The number of connections reached the limit. |
|
Recommended action |
1. Use the display current-configuration | include session-limit command to view the current limit for connections of the specified type. If the command does not display the limit, the device is using the default setting. 2. If you want to specify a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required. |
Identity messages
This section contains user identification messages.
IDENTITY_AUTO_IMPORT_FINISHED
|
Message text |
Finished importing identity user accounts and groups automatically. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
IDENTITY/5/IDENTITY_AUTO_IMPORT_FINISHED: Finished importing identity user accounts and groups automatically. |
|
Impact |
No negative impact on the system. |
|
Cause |
The system finished importing identity user accounts and groups automatically. |
|
Recommended action |
No action is required. |
IDENTITY_AUTO_IMPORT_START
|
Message text |
Started to import identity user accounts and groups automatically. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
IDENTITY/5/IDENTITY_AUTO_IMPORT_START: Started to import identity user accounts and groups automatically. |
|
Impact |
No negative impact on the system. |
|
Cause |
After automatic import of identity user accounts is enabled for the specified policy, the device periodically imports identity user accounts from the server. |
|
Recommended action |
No action is required. |
IDENTITY_CSV_IMPORT_FAILED
|
Message text |
Failed to import identity user [STRING] to domain [STRING] from the .csv file. |
|
Variable fields |
$1: Identity username. $2: Identity domain name. |
|
Severity level |
5 (Notification) |
|
Example |
IDENTITY/5/IDENTITY_CSV_IMPORT_FAILED: Failed to import identity user network-user1 to domain system-domain from the .csv file. |
|
Impact |
The device failed to import the identity user account and stopped importing remaining identity user accounts. User identification related services cannot be carried out normally. |
|
Cause |
After the user-identity user-account import url command is executed, the device failed to import an identity user account from a .csv file. |
|
Recommended action |
1. Use the user-identity user-account export url command to view the standard template, and then verify that the format of the local CSV file to be imported is correct. 2. Make sure no identity user account with the same name exists on the device. 3. Make sure the identity domain name or identity username in the CSV file does not contain invalid characters. |
IDENTITY_IMC_IMPORT_FAILED_NO_MEMORY
|
Message text |
Failed to obtain data from IMC. Reason: Not enough memory. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
IDENTITY/5/IDENTITY_IMC_IMPORT_FAILED_NO_MEMORY: Failed to obtain data from IMC. Reason: Not enough memory. |
|
Impact |
The import of identity user accounts and online identity information failed. User identification related services cannot be carried out normally. |
|
Cause |
After the user-identity user-account import policy command is executed, the device failed to import identity user accounts and online identity user information from the IMC server because of insufficient memory. |
|
Recommended action |
1. Check if the remaining free memory of the device has reached a memory alarm threshold. Use the display memory-threshold command to view memory alarm threshold information. If the system memory has reached the level-1 (Minor), level-2 (Severe), or level-3 (Critical) alarm threshold, executing the identity user import command is not allowed. 2. In any view, execute the monitor process command to check process statistics. Enter m to sort the statistics by memory usage, identifying the processes that consume excessive memory resources. Release memory as needed. Once the memory alarm is cleared, try executing the import command again. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IDENTITY_LDAP_IMPORT_FAILED_NO_MEMORY
|
Message text |
Failed to obtain data from the LDAP server specified in scheme [STRING]. Reason: Not enough memory. |
|
Variable fields |
$1: LDAP scheme name. |
|
Severity level |
5 (Notification) |
|
Example |
IDENTITY/5/IDENTITY_LDAP_IMPORT_FAILED_NO_MEMORY: Failed to obtain data from the LDAP server specified in scheme test. Reason: Not enough memory. |
|
Impact |
The import of identity user accounts and user groups failed. User identification related services cannot be carried out normally. |
|
Cause |
After the user-identity user-account import policy command is executed, the device failed to import identity user accounts and user groups from the LDAP server because of insufficient memory. |
|
Recommended action |
1. Check if the remaining free memory of the device has reached a memory alarm threshold. Use the display memory-threshold command to view memory alarm threshold information. If the system memory has reached the level-1 (Minor), level-2 (Severe), or level-3 (Critical) alarm threshold, executing the identity user import command is not allowed. 2. In any view, execute the monitor process command to check process statistics. Enter m to sort the statistics by memory usage, identifying the processes that consume excessive memory resources. Release memory as needed. Once the memory alarm is cleared, try executing the import command again. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IFMON
This section contains interface alarm messages.
BGTRAFFIC_SEND_BEGIN
|
Message text |
Interface [STRING] began sending background traffic. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
IFMON/6/BGTRAFFIC_SEND_BEGIN: Interface GigabitEthernet1/0/1 began sending background traffic. |
|
Impact |
No negative impact on services. |
|
Cause |
An interface began sending background traffic when the outgoing traffic of the interface did not reach 100 Mbps. |
|
Recommended action |
No action is required. |
BGTRAFFIC_SEND_END
|
Message text |
Interface [STRING] stopped sending background traffic. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
IFMON/6/BGTRAFFIC_SEND_END: Interface GigabitEthernet1/0/1 stopped sending background traffic. |
|
Impact |
No negative impact on services. |
|
Cause |
An interface stopped sending background traffic when the outgoing traffic of the interface exceeded 300 Mbps. |
|
Recommended action |
No action is required. |
CRC_ERROR_RECOVERY
|
Message text |
Number of CRC error packets recovered to normal. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/CRC_ERROR_RECOVERY: Number of CRC error packets recovered to normal. |
|
Impact |
No negative impact on services. |
|
Cause |
This message was generated when the number of CRC error packets within a statistics collection interval dropped below the lower threshold, and this alarm was cleared. |
|
Recommended action |
No action is required. |
CRC_ERROR_THRESHOLD
|
Message text |
The number of CRC error packets exceeded the upper threshold: Interface Name=[STRING], upper threshold=[UINT32], number of CRC error packets=[UINT64], interval=[UINT32]s. |
|
Variable fields |
$1: Interface name. $2: Upper threshold for the alarm or upper bit error rate threshold. $3: Number of CRC error packets within the latest statistics collection interval. $4: Statistics collection and comparison interval for CRC error packets in seconds. |
|
Severity level |
4 (Warning) |
|
Example |
IFMON/4/CRC_ERROR_THRESHOLD: The number of CRC error packets exceeded the upper threshold: Interface Name=HundredGigE1/0/1, upper threshold=100, number of CRC error packets=200, interval=10s. |
|
Impact |
If the shutdown keyword is configured when you configure the CRC packet error rate on a physical interface, the system shuts down the interface when the number of received CRC error packets on the interface exceeds the upper threshold. Then, the interface stops forwarding all packets. To recover the interface, execute the undo shutdown command on the interface. If you do not specify this keyword, an upper threshold exceeding alarm is generated and the interface enters the alarm state when the number of received CRC error packets exceeds the upper threshold on the interface. |
|
Cause |
This message was generated when the number of CRC error packets within a statistics collection interval exceeded the upper threshold. Typically, the reason is that the upper threshold is set improperly or data is damaged during transmission and the number of error packets increases. |
|
Recommended action |
· Identify whether the upper threshold is set properly. · Identify whether the link environment quality is good. |
IFNET
This section contains interface management messages.
FLEXE_BANDWIDTH_MISMATCH
|
Message text |
The bandwidth of local FlexE logical interface [STRING] did not match the bandwidth of the peer interface with the same client ID. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/FLEXE_BANDWIDTH_MISMATCH: The bandwidth of local FlexE logical interface FlexE2/1/129 did not match the bandwidth of the peer interface with the same client ID. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
FlexE logical interfaces configured with the same client ID on two ends were configured with different available bandwidth. |
|
Recommended action |
Use the client command to modify the available bandwidth of the FlexE logical interface to ensure configuration consistency. |
FLEXE_BANDWIDTH_MISMATCH_RECOVER
|
Message text |
The bandwidth of local FlexE logical interface [STRING] matched the bandwidth of the peer interface with the same client ID. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/FLEXE_BANDWIDTH_MISMATCH_RECOVER: The bandwidth of local FlexE logical interface FlexE2/1/129 matched the bandwidth of the peer interface with the same client ID. |
|
Impact |
No negative impact on the system. |
|
Cause |
FlexE logical interfaces configured with the same client ID on two ends were configured with the same available bandwidth. |
|
Recommended action |
No action is required. |
FLEXE_BANDWIDTH_REDUCE
|
Message text |
The actual bandwidth [INT32] Gbps of FlexE logical interface [STRING] became less than the configured bandwidth. |
|
Variable fields |
$1: Interface bandwidth. $2: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/FLEXE_BANDWIDTH_REDUCE: The actual bandwidth 50 Gbps of FlexE logical interface FlexE2/1/129 became less than the configured bandwidth. |
|
Impact |
The bandwidth of a FlexE logical interface decreases. |
|
Cause |
A FlexE physical interface went down. As a result, the bandwidth of the corresponding FlexE logical interface became less. |
|
Recommended action |
Check the physical connection of the FlexE physical interface and identify whether the link fails. |
FLEXE_BANDWIDTH_REDUCE_RECOVER
|
Message text |
The actual bandwidth [INT32] Gbps of FlexE logical interface [STRING] became equal to the configured bandwidth. |
|
Variable fields |
$1: Interface bandwidth. $2: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/FLEXE_BANDWIDTH_REDUCE_RECOVER: The actual bandwidth 100 Gbps of FlexE logical interface FlexE2/1/129 became equal to the configured bandwidth. |
|
Impact |
No negative impact on the system. |
|
Cause |
A FlexE physical interface came up. As a result, the bandwidth of the corresponding FlexE logical interface recovered. |
|
Recommended action |
No action is required. |
FLEXE_CLIENTID_MISMATCH
|
Message text |
The client ID of local FlexE logical interface [STRING] did not match the client ID of a peer interface. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/FLEXE_CLIENTID_MISMATCH: The client ID of local FlexE logical interface FlexE2/1/129 did not match the client ID of a peer interface. |
|
Impact |
The FlexE physical interface is down. |
|
Cause |
FlexE logical interfaces on two ends were configured with different client IDs. |
|
Recommended action |
Use the client command to modify the client IDs of FlexE logical interfaces to ensure configuration consistency. |
FLEXE_CLIENTID_MISMATCH_RECOVER
|
Message text |
The client ID of local FlexE logical interface [STRING] matched the client ID of a peer interface. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/FLEXE_CLIENTID_MISMATCH_RECOVER: The client ID of local FlexE logical interface FlexE2/1/129 matched the client ID of a peer interface. |
|
Impact |
No negative impact on the system. |
|
Cause |
The FlexE logical interfaces on two ends were configured with the same client ID. |
|
Recommended action |
No action is required. |
FLEXE_GROUP_FAULT
|
Message text |
FlexE interface group [INT32] state changed to fault. |
|
Variable fields |
$1: FlexE-group interface number. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/FLEXE_GROUP_FAULT: FlexE interface group 1 state changed to fault. |
|
Impact |
A FlexE-group interface fails and cannot forward traffic. |
|
Cause |
All FlexE physical interfaces in an FlexE-group interface went down. As a result, the FlexE-group interface failed. |
|
Recommended action |
Check the physical connection of the FlexE physical interface and identify whether the link fails. |
FLEXE_GROUP_FAULT_RECOVER
|
Message text |
FlexE interface group [INT32] state changed to normal |
|
Variable fields |
$1: FlexE-group interface number. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/FLEXE_GROUP_FAULT_RECOVER: FlexE interface group 1 state changed to normal. |
|
Impact |
No negative impact on the system. |
|
Cause |
FlexE physical interfaces in up state existed in the FlexE interface group, and the FlexE-group interface recovered. |
|
Recommended action |
No action is required. |
FLEXE_GROUPMEMBER_FAULT
|
Message text |
FlexE physical interface [STRING] in FlexE interface group [INT32] failed. |
|
Variable fields |
$1: Interface name. $2: FlexE-group interface number. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/FLEXE_GROUPMEMBER_FAULT: FlexE physical interface FlexE-50G2/1/1 in FlexE interface group 1 failed. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
FlexE physical interfaces in the FlexE interface group failed. |
|
Recommended action |
1. Check the physical connection of the FlexE physical interface and identify whether the link fails. 2. Identify whether the peer device fails. |
FLEXE_GROUPMEMBER_FAULT_RECOVER
|
Message text |
FlexE physical interface [STRING] in FlexE interface group [INT32] recovered. |
|
Variable fields |
$1: Interface name. $2: FlexE-group interface number. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/FLEXE_GROUPMEMBER_FAULT_RECOVER: FlexE physical interface FlexE-50G2/1/1 in FlexE interface group 1 recovered. |
|
Impact |
No negative impact on the system. |
|
Cause |
FlexE physical interfaces in the FlexE interface group recover. |
|
Recommended action |
No action is required. |
FLEXE_PHYFCSSD_ALARM
|
Message text |
FCS-SD error occurred on local FlexE physical interface [STRING]. |
|
|
Variable fields |
$1: Interface name. |
|
|
Severity level |
4 (Warning) |
|
|
Example |
IFNET/4/FLEXE_PHYFCSSD_ALARM: FCS-SD error occurred on local FlexE physical interface FlexE-50G2/1/1. |
|
|
Impact |
Packets are dropped because of error packets, and service packet forwarding is affected. |
|
|
Cause |
An FCS-SD error occurs on the overhead section layer of a FlexE physical interface. |
|
|
Recommended action |
Identify whether the physical link of the FlexE physical interface is normal. |
|
FLEXE_PHYFCSSD_ALARM_RECOVER
|
Message text |
FCS-SD error on local FlexE physical interface [STRING] was cleared. |
|
|
Variable fields |
$1: Interface name. |
|
|
Severity level |
5 (Notification) |
|
|
Example |
IFNET/5/FLEXE_PHYFCSSD_ALARM_RECOVER: FCS-SD error on local FlexE physical interface FlexE-50G2/1/1 was cleared. |
|
|
Impact |
No negative impact on the system. |
|
|
Cause |
An FCS-SD error recovers on the overhead section layer of a FlexE physical interface. |
|
|
Recommended action |
Check the FlexE physical interface, and make sure the FlexE physical interface is connected normally. |
|
FLEXE_PHYGROUP_MISMATCH
|
Message text |
FlexE interface group [INT32] of local FlexE physical interface [STRING] did not match the FlexE interface group [INT32] of the peer interface. |
|
Variable fields |
$1: FlexE-group interface number on the local end. $2: Interface name. $3: Remote FlexE-group interface number. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/FLEXE_PHYGROUP_MISMATCH: FlexE interface group 1 of local FlexE physical interface FlexE-50G2/1/1 did not match the FlexE interface group 2 of the peer interface. |
|
Impact |
A FlexE physical interface cannot come up. |
|
Cause |
The two FlexE physical interfaces connected have inconsistent FlexE-group interfaces. |
|
Recommended action |
Use the bind interface command to modify the FlexE physical interface associated with a FlexE-group interface, and add the two interconnected FlexE physical interfaces to the same FlexE-group interface. |
FLEXE_PHYGROUP_MISMATCH_RECOVER
|
Message text |
FlexE interface group [INT32] of local FlexE physical interface [STRING] matched the FlexE interface group [INT32] of the peer interface. |
|
Variable fields |
$1: FlexE-group interface number on the local end. $2: Interface name. $3: Remote FlexE-group interface number. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/FLEXE_PHYGROUP_MISMATCH_RECOVER: FlexE interface group 1 of local FlexE physical interface FlexE-50G2/1/1 matched the FlexE interface group 1 of the peer interface. |
|
Impact |
No negative impact on the system. |
|
Cause |
Two interconnected FlexE physical interfaces were assigned to the same FlexE interface group. |
|
Recommended action |
No action is required. |
FLEXE_PHYLOCAL_FAULT
|
Message text |
Local FlexE physical interface [STRING] failed and a port failure alarm was sent to the peer interface. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/FLEXE_PHYLOCAL_FAULT: Local FlexE physical interface FlexE-50G2/1/1 failed and a port failure alarm was sent to the peer interface. |
|
Impact |
Service switchover or interruption might occur. |
|
Cause |
A failure occurred on a local FlexE physical interface and an alarm was generated to notify the peer FlexE physical interface. |
|
Recommended action |
Identify whether the physical connection of the local FlexE physical interface is normal or whether the local FlexE physical interface is manually shut down. |
FLEXE_PHYLOCAL_FAULT_RECOVER
|
Message text |
Local FlexE physical interface [STRING] recovered. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/FLEXE_PHYLOCAL_FAULT_RECOVER: Local FlexE physical interface FlexE-50G2/1/1 recovered. |
|
Impact |
No negative impact on the system. |
|
Cause |
The local FlexE physical interface recovers. |
|
Recommended action |
No action is required. |
FLEXE_PHYNUM_MISMATCH
|
Message text |
PHY number [INT32] of local FlexE physical interface [STRING] did not match the PHY number [INT32] of the peer interface. |
|
|
Variable fields |
$1: PHY number for the local FlexE physical interface. $2: Interface name. $3: PHY number for the peer FlexE physical interface. |
|
|
Severity level |
4 (Warning) |
|
|
Example |
IFNET/4/FLEXE_PHYNUM_MISMATCH: PHY number 10 of local FlexE physical interface Flex-50GE-2/1/1 did not match the PHY number 20 of the peer interface. |
|
|
Impact |
A FlexE physical interface cannot come up. |
|
|
Cause |
Two interconnected FlexE physical interfaces were configured with different PHY numbers. |
|
|
Recommended action |
Use the bind interface command to modify PHY numbers of FlexE physical interfaces to ensure configuration consistency. |
|
FLEXE_PHYNUM_MISMATCH_RECOVER
|
Message text |
PHY number [INT32] of local FlexE physical interface [STRING] matched the PHY number [INT32] of the peer interface. |
|
Variable fields |
$1: PHY number for the local FlexE physical interface. $2: Interface name. $3: PHY number for the peer FlexE physical interface. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/FLEXE_PHYNUM_MISMATCH_RECOVER: PHY number 10 of local FlexE physical interface FlexE-50G2/1/1 matched the PHY number 10 of the peer interface. |
|
Impact |
No negative impact on the system. |
|
Cause |
Two interconnected FlexE physical interfaces were configured with the same PHY number. |
|
Recommended action |
No action is required. |
FLEXE_PHYREMOTE_FAULT
|
Message text |
The peer interface of local FlexE physical interface [STRING] failed. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/FLEXE_PHYREMOTE_FAULT: The peer interface of local FlexE physical interface FlexE-50G2/1/1 failed. |
|
Impact |
Service switchover or interruption might occur. |
|
Cause |
The peer FlexE physical interface fails |
|
Recommended action |
Identify whether the physical connection of the peer FlexE physical interface is normal or whether the local FlexE physical interface is manually shut down. |
FLEXE_PHYREMOTE_FAULT_RECOVER
|
Message text |
The peer interface of local FlexE physical interface [STRING] recovered. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/FLEXE_PHYREMOTE_FAULT_RECOVER: The peer interface of local FlexE physical interface FlexE-50G2/1/1 recovered. |
|
Impact |
No negative impact on the system. |
|
Cause |
The peer FlexE physical interface recovered. |
|
Recommended action |
No action is required. |
FLEXE_STSG_MISMATCH
|
Message text |
The sub-timeslot granularity [INT32] Gbps of the subcard where local FlexE interface [STRING] resides did not match that of the subcard where the peer interface resides. |
|
|
Variable fields |
$1: Sub-timeslot granularity. $2: Interface name. |
|
|
Severity level |
4 (Warning) |
|
|
Example |
IFNET/4/FLEXE_STSG_MISMATCH: The sub-timeslot granularity 5 Gbps of the subcard where local FlexE interface FlexE-50G2/1/1 resides did not match that of the subcard where the peer interface resides. |
|
|
Impact |
Services on the interfaces are affected. |
|
|
Cause |
The subcards of two interconnected FlexE physical interfaces were configured with different sub-timeslot granularities. |
|
|
Recommended action |
Use the flexe sub-time-slot granula command to modify the sub-timeslot granularities of two interconnected devices to ensure configuration consistency. |
|
FLEXE_STSG_MISMATCH_RECOVER
|
Message text |
The sub-timeslot granularity [INT32] Gbps of the subcard where local FlexE interface [STRING] resides matched that of the subcard where the peer interface resides. |
|
Variable fields |
$1: Sub-timeslot granularity. $2: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/FLEXE_STSG_MISMATCH_RECOVER: The sub-timeslot granularity 5 Gbps of the subcard where local FlexE interface FlexE-50G2/1/1 resides matched that of the subcard where the peer interface resides. |
|
Impact |
No negative impact on the system. |
|
Cause |
The subcards of two interconnected FlexE physical interfaces were configured with the same sub-timeslot granularity. |
|
Recommended action |
No action is required. |
IF_JUMBOFRAME_WARN
|
Message text |
The specified size of jumbo frames on the aggregate interface [STRING] is not supported on the member port [STRING]. |
|
Variable fields |
$1: Aggregate interface name. $2: Member port name. |
|
Severity level |
3 (Error) |
|
Example |
IFNET/3/IF_JUMBOFRAME_WARN: -MDC=1-Slot=3; The specified size of jumbo frames on the aggregate interface Bridge-Aggregation1 is not supported on the member port GigabitEthernet1/0/1. |
|
Impact |
The impact on the system depends on the actual situation. |
|
Cause |
Some member interfaces do not support the jumboframe enable [ size ] configuration when you modify the aggregate interface. |
|
Recommended action |
Identify the value ranges for the jumbo frame size supported on member ports. Specify a jumbo frame size supported by member ports for the aggregate interface. |
IF_BUFFER_CONGESTION_CLEAR
|
Message text |
[STRING] congestion on queue [UINT32] of [STRING] is cleared. [UINT64] packets are discarded. |
|
Variable fields |
$1: Data buffer type: ingress (for receive data buffer) or egress (for transmit data buffer). $2: Queue ID in the range of 0 to 7. $3: Interface name. $4: Number of packets dropped. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/IF_BUFFER_CONGESTION_CLEAR: Ingress congestion on queue 1 of GigabitEthernet1/0/1 is cleared. 1000 packets are discarded. |
|
Impact |
No negative impact on the system. |
|
Cause |
On queue 1 of GigabitEthernet 1/0/1, congestion in the receive data buffer is removed. 1000 packets are dropped. |
|
Recommended action |
No action is required. |
IF_BUFFER_CONGESTION_OCCURRENCE
|
Message text |
[STRING] congestion occurs on queue [INTEGER] of [STRING]. |
|
Variable fields |
$1: Data buffer type: ingress (for receive data buffer) or egress (for transmit data buffer). $2: Queue ID in the range of 0 to 7. $3: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/IF_BUFFER_CONGESTION_OCCURRENCE: Ingress congestion occurs on queue 1 of GigabitEthernet1/0/1. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
On queue 1 of GigabitEthernet 1/0/1, congestion occurs in the receive data buffer. |
|
Recommended action |
Examine the network status. |
IF_LINKFLAP_DETECTED
|
Message text |
Link flapping was detected on [STRING]. |
|
Variable fields |
$1: Interface name |
|
Severity level |
3 (Error) |
|
Example |
IFNET/3/IF_LINKFLAP_DETECTED: Link flapping was detected on GigabitEthernet1/0/1. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The number of detected flaps reached or exceeded the link flapping detection threshold during the link flapping detection interval. |
|
Recommended action |
1. Identify whether the cable is frequently plugged and unplugged for the local or peer interface. 2. Execute the port link-flap protect enable command to adjust the link flapping detection interval and the link flapping detection threshold. |
IFMGR_SPEED_CHANGE
|
Message text |
The speed of interface [STRING] has changed to [STRING]. |
|
Variable fields |
$1: Aggregate interface name. $2: Interface speed after change. |
|
Severity level |
6 (Informational) |
|
Example |
IFNET/6/IFMGR_SPEED_CHANGE: The speed of interface Route-Aggregation6 has changed to 1Gbps. |
|
Impact |
The forwarding rate of service traffic might change. |
|
Cause |
The speed of an aggregate interface changed. |
|
Recommended action |
No action is required. |
INTERFACE_NOTSUPPRESSED
|
Message text |
Interface [STRING] is not suppressed. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
IFNET/6/INTERFACE_NOTSUPPRESSED: Interface Ethernet0/0/0 is not suppressed. |
|
Impact |
No negative impact on the system. |
|
Cause |
The interface changed from suppressed state to unsuppressed state. When the interface is unsuppressed, the upper-layer services can detect the physical state changes of the interface. |
|
Recommended action |
No action is required. |
INTERFACE_SUPPRESSED
|
Message text |
Interface [STRING] was suppressed. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/INTERFACE_SUPPRESSED: Interface Ethernet0/0/0 was suppressed. |
|
Impact |
Service traffic might be dropped. |
|
Cause |
The interface was suppressed because its state frequently changed. When the interface is suppressed, the upper-layer services cannot detect the physical state changes of the interface. |
|
Recommended action |
1. Identify whether the cable is frequently plugged and unplugged for the local or peer interface. 2. Configure physical state change suppression to adjust the suppression parameters. |
LINK_UPDOWN
|
Message text |
Line protocol state on the interface [STRING] changed to [STRING]. |
|
Variable fields |
$1: Interface name. $2: State of link layer protocol, which can be up or down. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/LINK_UPDOWN: Line protocol state on the interface Ethernet0/0 changed to down. |
|
Impact |
If the physical link status of the interface becomes down, it will be unable to forward the traffic. If the physical link status of the interface becomes up, there will be no impact on the system. |
|
Cause |
The link layer protocol state changed on an interface. |
|
Recommended action |
When the link layer protocol state of an interface is down, use the display interface command to display the link layer protocol state and locate the reason for which the link layer protocol state changed to down on the interface. |
PFC_WARNING
|
Message text |
On interface [STRING], the rate of [STRING] PFC packets of 802.1p priority [INTEGER] exceeded the PFC early-warning threshold [INTEGER] pps. The current rate is [INTEGER]. |
|
Variable fields |
$1: Interface name. $2: Alarm direction, which can be input or output. $3: 802.1p priority. $4: Rate threshold at which the interface receives or sends PFC frames, in pps. $5: Rate at which the interface receives or sends PFC frames, in pps. |
|
Severity level |
4 (Warning) |
|
Example |
IFNET/4/PFC_WARNING: On interface GigabitEthernet1/0/1, the rate of input PFC packets of 802.1p priority 1 exceeded the PFC early-warning threshold 50 pps. The current rate is 60. |
|
Impact |
PFC packets might be dropped. |
|
Cause |
The rate at which the interface receives or sends PFC packets reaches the early-warning threshold. |
|
Recommended action |
No action is required. |
PHY_UPDOWN
|
Message text |
Physical state on the interface [STRING] changed to [STRING]. |
|
Variable fields |
$1: Interface name. $2: Link state, which can be up or down. |
|
Severity level |
3 (Error) |
|
Example |
IFNET/3/PHY_UPDOWN: Physical state on the interface Ethernet0/0 changed to down. |
|
Impact |
If the physical status of the interface becomes down, it will be unable to forward the traffic. If the physical status of the interface becomes up, there will be no impact on the system. |
|
Cause |
The physical state changed on an interface. |
|
Recommended action |
When the interface is physically down, check whether a physical link is present or whether the link fails. |
PROTOCOL_UPDOWN
|
Message text |
Protocol [STRING] state on the interface [STRING] changed to [STRING]. |
|
Variable fields |
$1: Protocol name. $2: Interface name. $3: State of link layer protocol, which can be up or down. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/PROTOCOL_UPDOWN: Protocol IPX state on the interface Ethernet6/4/1 changed to up. |
|
Impact |
If the protocol status of the interface becomes down, it will be unable to forward the traffic. If the protocol status of the interface becomes up, there will be no impact on the system. |
|
Cause |
The state of a protocol has been changed on an interface. |
|
Recommended action |
When the state of a network layer protocol is down, check the network layer protocol configuration. |
STORM_CONSTRAIN_BELOW
|
Message text |
[STRING] is in controlled status, [STRING] flux falls below its lower threshold [STRING]. |
|
Variable fields |
$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Lower suppression threshold: · lowerlimit% · lowerlimit pps · lowerlimit kbps |
|
Severity level |
1 (Alert) |
|
Example |
IFNET/1/STORM_CONSTRAIN_BELOW: GigabitEthernet1/0/1 is in controlled status, BC flux falls below its lower threshold 90%. |
|
Impact |
No negative impact on the system. |
|
Cause |
The port is in controlled state. Any type of traffic on the port drops below the lower threshold from above the upper threshold. |
|
Recommended action |
No action is required. |
STORM_CONSTRAIN_CONTROLLED
|
Message text |
[STRING] turned into controlled status, port status is controlled, packet type is [STRING], upper threshold is [STRING]. |
|
Variable fields |
$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Upper suppression threshold: · upperlimit% · upperlimit pps · upperlimit kbps |
|
Severity level |
1 (Alert) |
|
Example |
IFNET/1/STORM_CONSTRAIN_CONTROLLED: GigabitEthernet1/0/1 turned into controlled status, port status is controlled, packet type is BC, upper threshold is 90%. |
|
Impact |
Packets of the specified type might be lost, or the interface might be shut down. |
|
Cause |
The port is in controlled state. Any type of traffic on the port exceeds the upper threshold. |
|
Recommended action |
No action is required. |
STORM_CONSTRAIN_EXCEED
|
Message text |
[STRING] is in controlled status, [STRING] flux exceeds its upper threshold [STRING]. |
|
Variable fields |
$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Upper suppression threshold: · upperlimit% · upperlimit pps · upperlimit kbps |
|
Severity level |
1 (Alert) |
|
Example |
IFNET/1/STORM_CONSTRAIN_EXCEED: GigabitEthernet1/0/1 is in controlled status, BC flux exceeds its upper threshold 90%. |
|
Impact |
Packets of the specified type might be lost, or the interface might be shut down. |
|
Cause |
The port is in controlled state. Any type of traffic on the port exceeds the upper threshold. |
|
Recommended action |
No action is required. |
STORM_CONSTRAIN_NORMAL
|
Message text |
[STRING] returned to normal status, port status is [STRING], packet type is [STRING], lower threshold is [STRING]. |
|
Variable fields |
$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Lower suppression threshold: · lowerlimit% · lowerlimit pps · lowerlimit kbps |
|
Severity level |
1 (Alert) |
|
Example |
IFNET/1/STORM_CONSTRAIN_NORMAL: GigabitEthernet1/0/1 returned to normal status, port status is normal, packet type is BC, lower threshold is 10%. |
|
Impact |
No negative impact on the system. |
|
Cause |
The port is in normal state. Any type of traffic on the port drops below the lower threshold from above the upper threshold. |
|
Recommended action |
No action is required. |
TUNNEL_LINK_UPDOWN
|
Message text |
Line protocol state on the interface [STRING] changed to [STRING]. |
|
Variable fields |
$1: Interface name. $2: Protocol state, which can be up or down. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/TUNNEL_LINK_UPDOWN: Line protocol state on the interface Tunnel1 changed to down. |
|
Impact |
The impact on the system depends on the actual situation. |
|
Cause |
The state of a link layer protocol has been changed on a tunnel interface. |
|
Recommended action |
When the link layer protocol state of a tunnel interface is down, use the display interface command to display the link layer protocol state and locate the reason for which the link layer protocol state changed to down on the tunnel interface. |
TUNNEL_PHY_UPDOWN
|
Message text |
Physical state on the interface [STRING] changed to [STRING]. |
|
Variable fields |
$1: Interface name. $2: Protocol state, which can be up or down. |
|
Severity level |
3 (Error) |
|
Example |
IFNET/3/TUNNEL_PHY_UPDOWN: Physical state on the Tunnel1 changed to down. |
|
Impact |
The impact on the system depends on the actual situation. |
|
Cause |
The state of a link layer protocol has been changed on a tunnel interface. |
|
Recommended action |
When the physical state of a link layer protocol is down, check whether a physical link is present or whether the link fails. |
VLAN_MODE_CHANGE
|
Message text |
Dynamic VLAN [INT32] has changed to a static VLAN. |
|
Variable fields |
$1: VLAN ID. |
|
Severity level |
5 (Notification) |
|
Example |
IFNET/5/VLAN_MODE_CHANGE: Dynamic VLAN 20 has changed to a static VLAN. |
|
Impact |
No negative impact on the system. |
|
Cause |
Creating a VLAN interface changes the corresponding dynamic VLAN to a static VLAN. |
|
Recommended action |
No action is required. |
IP6ADDR
This section contains IPv6 addressing messages.
IP6ADDR_CREATEADDRESS_CONFLICT
|
Message text |
Failed to create an address by the prefix. Reason: [STRING] on [STRING] conflicts with SRv6 locator [STRING]. |
|
Variable fields |
$1: IPv6 address. $2: Interface name. $3: SRv6 locator. |
|
Severity level |
4 (Warning) |
|
Example |
IP6ADDR/4/IP6ADDR_CREATEADDRESS_CONFLICT: Failed to create an address by the prefix. Reason: 2000::1234:0:0:1/80 on GigabitEthernet1/0/1 conflicts with SRv6 locator 2000::1/64. |
|
Impact |
IPv6 address generation failed on the interface, which affects normal service operation. |
|
Cause |
The IPv6 address configured for the interface by using the ipv6 address prefix-number command conflicts with the Locator field configured in SRv6 view. |
|
Recommended action |
Examine the interface IPv6 address configured by using the ipv6 address prefix-number command and the Locator field in SRv6 view, remove the conflicting configuration, and configure a new IPv6 address for the interface. |
IP6ADDR_CREATEADDRESS_ERROR
|
Message text |
Failed to create an address by the prefix. Reason: [STRING] on [STRING] and [STRING] on [STRING] overlap. |
|
Variable fields |
$1: IPv6 prefix. $2: Interface name. $3: IPv6 prefix. $4: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IP6ADDR/4/IP6ADDR_CREATEADDRESS_ERROR: Failed to create an address by the prefix. Reason: 2001::/64 on GigabitEthernet1/0/2 and 2001::/64 on GigabitEthernet1/0/1 overlap. |
|
Impact |
IPv6 interface address generation fails, which causes abnormal service running. |
|
Cause |
The device failed to generate an IPv6 address for an interface by using the prefix specified in the ipv6 address prefix-number command, because the prefixes overlapped on this interface and another interface. |
|
Recommended action |
Check the IPv6 prefixes of the related interfaces, cancel the IPv6 address configuration on the conflicting interface and configure the interface to generate an IPv6 address by using a different prefix. |
IP6ADDR_CREATEADDRESS_INVALID
|
Message text |
Can't configure the unspecified address or loopback address on [STRING] by using a prefix with all zeros. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
IP6ADDR/4/IP6ADDR_CREATEADDRESS_INVALID: Can't configure the unspecified address or loopback address on GigabitEthernet1/0/1 by using a prefix with all zeros. |
|
Impact |
IPv6 interface address generation fails, which causes abnormal service running. |
|
Cause |
This message is sent when you use the ipv6 prefix command to configure an all-zero IPv6 prefix and then specify this prefix in the ipv6 address prefix-number command to configure an unspecified or loopback IPv6 address for an interface. |
|
Recommended action |
Cancel the invalid configuration and reconfigure an IPv6 address for the interface. |
IP6FW
This section contains IPv6 forwarding messages.
IP6FW_ABNORMAL_HEADERS
|
Message text |
Received an IPv6 packet with repeated extension headers. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
IP6FW/6/IP6FW_ABNORMAL_HEADERS: Received an IPv6 packet with repeated extension headers. |
|
Impact |
N/A |
|
Cause |
The IPv6 packet has errors. |
|
Recommended action |
Verify the validity of the packet source. |
IP6FW_SETTING_FAILED_NDFW
|
Message text |
Failed to add rule to forward ND packets with IPv6 address [STRING] in VPN index [STRING] to tunnel index [STRING]. Error code: [STRING]. |
|
Variable fields |
$1: IPv6 address. $2: VPN instance index. $3: Tunnel interface index. $4: Error code. · 0x40010001—Failed to issue configuration to the driver. · 0x40010008—Not supported by the driver. · 0x40010006—Driver configuration already exists. · 0x4001000b—Insufficient driver resource. · 0x20010002—Invalid driver parameters. |
|
Severity level |
6 (Informational) |
|
Example |
IP6FW/6/IP6FW_SETTING_FAILED_NDFW: Failed to add rule to forward ND packets with IPv6 address 100::1 in VPN index 1 to tunnel index 1. Error code: 0x40010001 |
|
Impact |
ND packet forwarding will fail. |
|
Cause |
A hardware fault exists. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
IP6FW_SETTING_FAILED_HOPLIMITEXCEED
|
Message text |
Failed to add rule to forward packets with hop limit of 1: IPv6 address [STRING], VPN index [STRING], Error code: [STRING]. |
|
Variable fields |
$1: IPv6 address. $2: VPN instance index. $3: Error code. · 0x40010001—Failed to issue configuration to the driver. · 0x40010008—Not supported by the driver. · 0x40010006—Driver configuration already exists. · 0x4001000b—Insufficient driver resource. · 0x20010002—Invalid driver parameters. |
|
Severity level |
6 (Informational) |
|
Example |
IP6FW/6/IP6FW_SETTING_FAILED_ HOPLIMITEXCEED: Failed to add rule to forward packets with hop limit of 1: IPv6 address 100::1, VPN index 1, Error code: 0x40010001. |
|
Impact |
The configuration of the forwarding hop-limit-exceeded destination command will be unusable. |
|
Cause |
A hardware fault exists. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
IP6FW_SETTING_FAILED_HOPLIMITUNVARIED
|
Message text |
Failed to add rule to forward packets with the hop limit field unchanged: IPv6 address [STRING], VPN index [STRING], Error code: [STRING]. |
|
Variable fields |
$1: IPv6 address. $2: VPN instance index. $3: Error code. · 0x40010001—Failed to issue configuration to the driver. · 0x40010008—Not supported by the driver. · 0x40010006—Driver configuration already exists. · 0x4001000b—Insufficient driver resource. · 0x20010002—Invalid driver parameters. |
|
Severity level |
6 (Informational) |
|
Example |
IP6FW/6/IP6FW_SETTING_FAILED_HOPLIMITUNVARIED: Failed to add rule to forward packets with the hop limit field unchanged: IPv6 address 100::1, VPN index 1, Error code: 0x40010001. |
|
Impact |
The configuration of the forwarding hop-limit-unvaried destination command will be unusable. |
|
Cause |
A hardware fault exists. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
IPADDR messages
This section contains IP addressing messages.
IPADDR_HA_EVENT_ERROR
|
Message text |
A process failed HA upgrade because [STRING]. |
|
Variable fields |
$1: HA upgrade failure reason: · IPADDR failed the smooth upgrade. · IPADDR failed to reupgrade to the master process. · IPADDR stopped to restart the timer. · IPADDR failed to upgrade to the master process. · IPADDR failed to restart the upgrade. · IPADDR failed to add the unicast object to the master task epoll. · IPADDR failed to create an unicast object. · IPADDR role switchover failed when the standby process switched to the master process. · IPADDR switchover failed when the master process switched to the standby process. · IPADDR HA upgrade failed. · IPADDR failed to set the interface filtering criteria. · IPADDR failed to register interface events. · IPADDR failed to subscribe port events. · IPADDR failed to add a VPN port event to the master epoll. · IRDP failed to open DBM. · IRDP failed to initiate a connection to the device management module. · IRDP failed to add the master task epoll with the handle used to connect to the device management module. · IRDP failed to register device management events. · IRDP failed to subscribe port events. · IRDP failed to add the master task epoll with the handle used to subscribe port events. · IRDP failed to set the interface filtering criteria. · IRDP failed to register interface events. · IRDP failed to register network events. · IRDP failed to create the interface control block storage handle. · IRDP failed to create the timer. · IRDP failed to add the master task epoll with the handle used to create the timer. · IRDP failed to set the schedule time for the timer. · IRDP failed to set the timer to unblocked status. · IRDP failed to create a timer instance. |
|
Severity level |
4 (Warning) |
|
Example |
IPADDR/4/IPADDR_HA_EVENT_ERROR: A process failed HA upgrade because IPADDR failed the smooth upgrade. |
|
Impact |
The primary/secondary switchover service cannot take effect, because the IP address module does not respond to the HA event. |
|
Cause |
A process failed HA upgrade and the message showed the failure reason. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support. |
IPADDR_HA_STOP_EVENT
|
Message text |
The device received an HA stop event. |
|
Variable fields |
None. |
|
Severity level |
4 (Warning) |
|
Example |
IPADDR/4/IPADDR_HA_STOP_EVENT: The device received an HA stop event. |
|
Impact |
The device is downgraded from primary to secondary. |
|
Cause |
This message is sent when the device receives an HA stop event during an active/standby process switchover. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support. |
IPFW messages
This section contains IP Forwarding (IPFW) messages.
IPFW_SETTING_FAILED_ARPFW
|
Message text |
Failed to add rule to forward ARP packets with IP address [STRING] in VPN index [STRING] to tunnel index [STRING]. Error code: [STRING]. |
|
Variable fields |
$1: IP address. $2: VPN instance index. $3: Tunnel interface index. $4: Error code. · 0x40010001—Failed to issue configuration to the driver. · 0x40010008—Not supported by the driver. · 0x40010006—Driver configuration already exists. · 0x4001000b—Insufficient driver resource. · 0x20010002—Invalid driver parameters. |
|
Severity level |
6 (Informational) |
|
Example |
IPFW/6/IPFW_SETTING_FAILED_APPFW: Failed to add rule to forward ARP packets with IP address 10.0.0.1 in VPN index 1 to tunnel index 1. Error code: 0x40010001 |
|
Impact |
ARP packet forwarding will fail. |
|
Cause |
A hardware fault exists. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
IPFW_SETTING_FAILED_TTLEXCEED
|
Message text |
Failed to add rule to forward packets with TTL exceeded: IP address [STRING], VPN index [STRING], Error code: [STRING]. |
|
Variable fields |
$1: IP address. $2: VPN instance index. $3: Error code. · 0x40010001—Failed to issue configuration to the driver. · 0x40010008—Not supported by the driver. · 0x40010006—Driver configuration already exists. · 0x4001000b—Insufficient driver resource. · 0x20010002—Invalid driver parameters. |
|
Severity level |
6 (Informational) |
|
Example |
IPFW/6/IPFW_SETTING_FAILED_TTLEXCEED: Failed to add rule to forward packets with TTL exceeded: IP address 10.0.0.1, VPN index 1, Error code: 0x40010001. |
|
Impact |
The configuration of the forwarding ttl-exceeded-packet destination command will be unusable. |
|
Cause |
A hardware fault exists. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
IPFW_SETTING_FAILED_TTLUNVARIED
|
Message text |
Failed to add rule to forward packets with keeping the value unchanged in the TTL field: IP address [STRING], VPN index [STRING], Error code: [STRING]. |
|
Variable fields |
$1: IP address. $2: VPN instance index. $3: Error code. · 0x40010001—Failed to issue configuration to the driver. · 0x40010008—Not supported by the driver. · 0x40010006—Driver configuration already exists. · 0x4001000b—Insufficient driver resource. · 0x20010002—Invalid driver parameters. |
|
Severity level |
6 (Informational) |
|
Example |
IPFW/6/IPFW_SETTING_FAILED_TTLUNVARIED:Failed to add rule to forward packets with keeping the value unchanged in the TTL field: IP address 10.0.0.1, VPN index 1, Error code: 0x40010001. |
|
Impact |
The configuration of the forwarding ttl-unvaried destination command will be unusable. |
|
Cause |
A hardware fault exists. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
IPS messages
This section contains IPS messages.
IPS_IPV4_INTERZONE
|
Message text |
Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];AttackName(1088)=[STRING];AttackID(1089)=[UINT32];Category(1090)=[STRING];Protection(1091)=[STRING];SubProtection(1092)=[STRING];Severity(1087)=[STRING];Action(1053)=[STRING];CVE(1075)=[STRING];BID(1076)=[STRING];MSB(1077)=[STRING];HitDirection(1115)=[STRING];RealSrcIP(1100)=[STRING];SubCategory(1124)=[STRING];CapturePktName(1116)=[STRING];HttpHost(1117)=[STRING];HttpFirstLine(1118)=[STRING];PayLoad(1135)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Application protocol name. $3: Source IP address. $4: Source port number. $5: Destination IP address. $6: Destination port number. $7: Source VPN instance name. $8: Source security zone name. $9: Destination security zone name. $10: Name of the identity user. $11: Policy name. $12: Attack name. $13: Attack ID. $14: Attack category. $15: Protected object type. $16: Protected object. $17: Severity level. Valid values are: ¡ INVALID: Severity level not specified. ¡ LOW. ¡ MEDIUM. ¡ HIGH. ¡ CRITICAL. $18: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Drop. ¡ Reset. ¡ Permit. ¡ Redirect. ¡ Capture. ¡ Logging. $19: Common Vulnerabilities and Exposures (CVE). $20: Bugtraq ID (BID). $21: Microsoft Security Bulletins (MSB). $22: Packet direction: ¡ original. ¡ reply. $23: Original source IP address of the packet. $24: Attack subcategory. $25: Capture file name. $26: Host field. $27: Packet first line. $28: Event return value. |
|
Severity level |
4 |
|
Example |
IPS/4/IPS_IPV4_INTERZONE:-Context=1;Protocol(1001)=TCP;Application(1002)=http;SrcIPAddr(1003)=100.10.10.40;SrcPort(1004)=2999;DstIPAddr(1007)=200.10.10.40;DstPort(1008)=80;RcvVPNInstance(1042)=;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=abc;PolicyName(1079)=ips;AttackName(1088)=WEB_CLIENT_Windows_Media_ASF_File_Download_SET;AttackID(1089)=5707;Category(1090)=Other;Protection(1091)=Other;SubProtection(1092)=Other;Severity(1087)=CRITICAL;Action(1053)=Reset & Logging;CVE(1075)=CVE-2014-6277 | CVE-2014-6278;BID(1076)=BID-22559;MSB(1077)=MS10-017;HitDirection(1115)=original;RealSrcIP(1100)=10.10.10.10,20.20.20.20;SubCategory(1124)=Other;CapturePktName(1116)=ips_100.10.10.40_20171205_101112_5707.pcap;HttpHost(1117)=www.shr.com;HttpFirstLine(1118)=/file/show.cgi%7cecho%20HSC/http_pic_300k.jpg;PayLoad(1135)=/file/show.cgi; |
|
Explanation |
This message is sent when an IPv4 packet matches a WAF signature. |
|
Recommended action |
No action is required. |
IPS_IPV6_INTERZONE
|
Message text |
Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=-[ STRING];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];AttackName(1088)=[STRING];AttackID(1089)=[UINT32];Category(1090)=[STRING];Protection(1091)=[STRING];SubProtection(1092)=[STRING];Severity(1087)=[STRING];Action(1053)=[STRING];CVE(1075)=[STRING];BID(1076)=[STRING];MSB(1077)=[STRING];HitDirection(1115)=[STRING];RealSrcIP(1100)=[STRING];SubCategory(1124)=[STRING];CapturePktName(1116)=[STRING];HttpHost(1117)=[STRING];HttpFirstLine(1118)=[STRING];PayLoad(1135)=[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Application protocol name. $3: Source IPv6 address. $4: Source port number. $5: Destination IP address. $6: Destination port number. $7: Source VPN instance name. $8: Source security zone name. $9: Destination security zone name. $10: Name of the identity user. $11: Policy name. $12: Attack name. $13: Attack ID. $14: Attack category. $15: Protected object type. $16: Protected object. $17: Severity level. Valid values are: ¡ INVALID: Severity level not specified. ¡ LOW. ¡ MEDIUM. ¡ HIGH. ¡ CRITICAL. $18: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Drop. ¡ Reset. ¡ Permit. ¡ Redirect. ¡ Capture. ¡ Logging. $19: Common Vulnerabilities and Exposures (CVE). $20: Bugtraq ID (BID). $21: Microsoft Security Bulletins (MSB). $22: Packet direction: ¡ original. ¡ reply. $23: Original source IP address of the packet. $24: Attack subcategory. $25: Capture file name. $26: Host field. $27: Packet first line. $28: Event return value. |
|
Severity level |
4 |
|
Example |
IPS/4/IPS_IPV6_INTERZONE:-Context=1;Protocol(1001)=TCP;Application(1002)=http;SrcIPv6Addr(1036)=100::40;SrcPort(1004)=2999;DstIPv6Addr(1037)=200::40;DstPort(1008)=80;RcvVPNInstance(1042)=;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=aaa;PolicyName(1079)=ips;AttackName(1088)=WEB_CLIENT_Windows_Media_ASF_File_Download_SET;AttackID(1089)=5707;Category(1090)=Other;Protection(1091)=Other;SubProtection(1092)=Other;Severity(1087)=CRITICAL;Action(1053)=Reset & Logging;CVE(1075)=CVE-2014-6277 | CVE-2014-6278;BID(1076)=BID-22559;MSB(1077)=MS10-017;HitDirection(1115)=reply;RealSrcIP(1100)=10::1;SubCategory(1124)=Other;CapturePktName(1116)=ips_100::40_20171205_101112_5707.pcap;HttpHost(1117)=www.shr.com;HttpFirstLine(1118)=/file/show.cgi%7cecho%20HSC/http_pic_300k.jpg;PayLoad(1135)=/file/show.cgi; |
|
Explanation |
This message is sent when an IPv6 packet matches an IPS signature. |
|
Recommended action |
No action is required. |
IPS_WARNING
|
Message text |
Updated the IPS signature library successfully. |
|
Variable fields |
None. |
|
Severity level |
4 |
|
Example |
IPS/4/IPS_WARNING: -Context=1; Updated the IPS signature library successfully. |
|
Explanation |
The IPS signature library was updated successfully through a manual offline update or triggered online update. |
|
Recommended action |
No action is required. |
IPS_WARNING
|
Message text |
Rolled back the IPS signature library successfully. |
|
Variable fields |
None. |
|
Severity level |
4 |
|
Example |
IPS/4/IPS_WARNING: -Context=1; Rolled back the IPS signature library successfully. |
|
Explanation |
The IPS signature library was rolled back to the previous or factory default version successfully. |
|
Recommended action |
No action is required. |
IPSEC messages
This section contains IPsec messages.
IPSEC_DEBUG_LOG
|
Message text |
IPsec packet discarded, Src IP:[STRING], Dst IP:[STRING], SPI:[UINT32], SN:[UINT32], Cause:[STRING]. |
|
Variable fields |
$1: Source IP address of the packet. $2: Destination IP address of the packet. $3: Security Parameter Index (SPI). $4: Sequence number of the packet. $5: Reason for dropping the packet: · Anti-replay checking failed · AH authentication failed · ESP authentication failed · Invalid SA · ESP decryption failed · Source address of packet does not match the SA · No ACL rule matched |
|
Severity level |
6 (Informational) |
|
Example |
IPSEC/6/IPSEC_DEBUG_LOG: IPsec packet discarded, Src IP:1.1.1.2, Dst IP:1.1.1.4, SPI:1002, SN:0, Cause:AH authentication failed. |
|
Impact |
No negative impact on the system. |
|
Cause |
An IPsec packet was dropped. |
|
Recommended action |
1. Troubleshoot this issue according to the displayed information and reason. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSEC_FAILED_ADD_FLOW_TABLE
|
Message text |
Failed to add flow-table due to [STRING]. |
|
Variable fields |
$1: Reason for the failure. |
|
Severity level |
4 (Warning) |
|
Example |
IPSEC/4/IPSEC_FAILED_ADD_FLOW_TABLE: Failed to add flow-table due to no enough resource. |
|
Impact |
The current and subsequent IPsec SAs cannot be established. |
|
Cause |
Not enough hardware resources. |
|
Recommended action |
If the failure is caused by not enough hardware resources, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSEC_GLOBAL_FLAG_LOGP2MPENABLE
|
Message text |
IPsec P2MP tunnel table item created/deleted,tunnel index: [UINT32],tunnel sequence num: [UINT32],peer public IP: [STRING],peer tunnel IP: [STRING],interface index: [UINT32],port: [UINT32] |
|
Variable fields |
$1: Tunnel index. $2: Tunnel sequence number. $3: Peer public IP address. $4: Peer tunnel address. $5: Interface index. $6: Peer port. |
|
Severity level |
6 (Informational) |
|
Example |
IPSEC/6/IPSEC_GLOBAL_FLAG_LOGP2MPENABLE: IPsec P2MP tunnel table item created,tunnel index: 0,tunnel sequence num: 1,peer public IP:10.1.1.2,peer tunnel IP:192.168.10.2,interface index: 140,port: 62465 |
|
Impact |
No negative impact on the system. |
|
Cause |
P2MP learned or deleted an entry. |
|
Recommended action |
No action is required. |
IPSEC_KD3P_LOGINFO
|
Message text |
Anti-replay dropped a packet: src=[STRING]; time-sent=[STRING], [UINT32] [STRING] [UINT32] [UINT32]:[UINT32]:[UINT32] [UINT32]us; time-received=[STRING], [UINT32] [STRING] [UINT32] [UINT32]:[UINT32]:[UINT32] [UINT32]us; time-diff=[UINT32]us; window-size= +-[FLOAT]ms. |
|
Variable fields |
$1: Source IP address of the dropped packet. $2-$9: Weekday, day, month, year, hour, minute, second, microsecond when the packet was sent. $10-$17: Weekday, day, month, year, hour, minute, second, microsecond when the packet was received. $18: Time difference between sending and receiving, in microseconds. $19: Half of the time window, in milliseconds. |
|
Severity level |
6 (Informational) |
|
Example |
IPSEC/6/1.4 IPSEC_KD3P_LOGINFO:Anti-replay dropped a packet: src=192.168.58.178;time-sent=Sat, 23 Apr 2016 11:17:29 594565us; time-received =Sat, 23 Apr 2016 11:17:26 707866us; time-diff=2886699us; window-size =+-2500ms. |
|
Impact |
No negative impact on the system. |
|
Cause |
An IPsec packet is dropped. Possible reasons include: · The time difference between packet sending and receiving exceeded the window size. · The receiver has enabled anti-replay but the received packet contains no anti-replay header. · In tunnel mode, anti-replay is not enabled but the received packet contains an anti-replay header. |
|
Recommended action |
Troubleshoot this issue according to the displayed information and the possible reasons described. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSEC_SA_ESTABLISH
|
Message text |
IPsec SA was established. SA information: Role: [STRING] Local address: [STRING] Remote address: [STRING] Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] Inside VPN instance: [STRING] Outside VPN instance: [STRING] Inbound AH SPI: [STRING] Outbound AH SPI: [STRING] Inbound ESP SPI: [STRING] Outbound ESP SPI: [STRING] ACL number: [UINT32] ACL name: [STRING] |
|
Variable fields |
$1: Role that established the IPsec SA, which can be initiator or responder. $2: Local end IP address. $3: Remote end IP address. $4-$9: Data flows. $10: Inside VPN instance. $11: Outside VPN instance. $12: Inbound AH SPI. $13: Outbound AH SPI. $14: Inbound ESP SPI. $15: Outbound ESP SPI. $16: ACL number. The default value is 4294967295. $17: ACL name. Either the ACL number or ACL name will be displayed but not both. |
|
Severity level |
6 (Informational) |
|
Example |
IPSEC/6/IPSEC_SA_ESTABLISH: IPsec SA was established. SA information: Role: Responder Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb Inbound AH SPI: 192365458 Outbound AH SPI: 13654581 Inbound ESP SPI: 292334583 Outbound ESP SPI: 5923654586 ACL number: 3101 ACL name: aaa |
|
Impact |
No negative impact on the system. |
|
Cause |
An IPsec SA is established. |
|
Recommended action |
No action is required. |
IPSEC_SA_ESTABLISH_FAIL
|
Message text |
Failed to establish IPsec SA. Reason: [STRING]. SA information: Role: [STRING] Local address: [STRING] Remote address: [STRING] Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] Inside VPN instance: [STRING] Outside VPN instance: [STRING] Inbound AH SPI: [STRING] Outbound AH SPI: [STRING] Inbound ESP SPI: [STRING] Outbound ESP SPI: [STRING] ACL number: [UINT32] ACL name: [STRING] |
|
Variable fields |
$1: Reason for the IPsec SA establishment failure: · Get SP: Required configuration is missing in the SP. SP ID=%u. · Get SP: The SP's local address doesn't match the local address configured in the IKE profile. SP ID=%u, SP's local address=%s, p2policy's local address=%s. · Get SP: The remote address doesn't exist. SP ID=%u, hostname=%s. · Get SP: The SP's remote address doesn't match the remote address configured in the IKE profile. SP ID=%u, SP's remote address=%s, p2policy's remote address=%s. · The policy contains incorrect ACL or IKE profile configuration. · Get SP: The SP doesn't have an IPsec transform set. · Get SP: Failed to create larval SA. · Create SA: Failed to fill the SA. · Create SA: Failed to create SA. · Create SA: Can't find SP. · Failed to create tunnel because a tunnel with the same index and sequence number already exists. Tunnel index=%d, tunnel seq=%d. · Failed to switch SA because the inbound SA can't be found. SPI=%u. · Failed to switch SA because the SA state is incorrect. · Failed to switch SA because the outbound SA can't be found. · Failed to switch SA because the outbound SA using another security protocol can't be found. · Failed to switch SA in kernel. · Failed to notify kernel of the link state change. · Number of IPsec tunnels reached the crypto capacity of the device. · Maximum number of IPsec tunnels already reached. · Failed to add IPsec tunnel. · Getting SP: IPsec is smoothing. · Getting SP: IPsec is not running. · Getting SP: Failed to find SP by index and sequence number. · Getting SP: Creating SA timed out. · Getting SP by interface: Target node not online. · Getting SP by mGRE: Failed to get interface. · Getting SP: Failed to get SP by mGRE because interface type was invalid. · Getting SP: Failed to get SP by mGRE because of no tunnel protection configuration. · Getting SP: Failed to get SP by mGRE because profile %s was not found. · Getting SP: Failed to get SP by mGRE because of wrong profile type. · Getting SP by mGRE: Failed to find profile SP by profile %s. · Getting SP: Failed to get SP by mgre. · Getting SP: Failed to get SP by SVTI because of invalid interface type. · Getting SP: Failed to get SP by SVTI because of no tunnel protection configuration with interface %s. · Getting SP: Failed to get SP by SVTI because profile %s was not found. · Getting SP: Failed to get SP by SVTI because of wrong type of profile %s. · Getting SP by SVTI: Failed to find profile SP by profile %s. · Getting SP: Failed to get SP by SVTI because SP type was not ISAKMP with profile %s. · Getting SP: Failed to match flow because renegotiation SP's index or Seqnum changed. · Getting SP: Failed to match SVTI flow because IKE profile was not match. · Getting SP: Failed to match SVTI flow because flow was not match with ACL. · Getting SP by SVTI: Failed to create larval SA. · Getting SP: Failed to get SP by SVTI with interface %s. · Getting SP by L3 interface: Failed to get interface data. · Getting SP: Failed to get SP by L3 interface because no SP entry was found by key. · Getting SP: Failed to get SP by L3 interface because no source interface SP entry was found by key. · Getting SP by L3 interface: Failed to match SP because SP's mode not ISAKMP. · Getting SP by L3 interface: Failed to match SP because SP negotiation not complete. · Getting SP: Rejected peer's request of any flow when SP's mode was isakmp template and no ACL was specified. · Getting SP by L3 interface: Failed to match SP because policy cannot be found by SP. · Getting SP by L3 interface: Failed to match SP because IKE profile was %s while IPsec used profile %s. · Getting SP: Failed to match flow because ACL not match. · Getting SP: Failed to match flow because renegotiation SP's index or Seqnum changed. · Getting SP: Flow netmask check failed. · Getting SP: Flow overlap check failed. $2: Role that established the IPsec SA, which can be initiator or responder. $3: Local end IP address. $4: Remote end IP address. $5-$10: Data flows. $11: Inside VPN instance. $12: Outside VPN instance. $13: Inbound AH SPI. $14: Outbound AH SPI. $15: Inbound ESP SPI. $16: Outbound ESP SPI. $17: ACL number. The default value is 4294967295. $18: ACL name. Either the ACL number or ACL name will be displayed but not both. |
|
Severity level |
6 (Informational) |
|
Example |
IPSEC/6/IPSEC_SA_ESTABLISH_FAIL: Failed to establish IPsec SA Reason: Failed to add IPsec tunnel. SA information: Role: Responder Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb Inbound AH SPI: 192365458 Outbound AH SPI: 13654581 Inbound ESP SPI: 292334583 Outbound ESP SPI: 5923654586 ACL number: 3101 ACL name: aaa |
|
Impact |
The IPsec SA failed to be established and therefore the IPsec tunnel cannot be established to protect packets. |
|
Cause |
· The IPsec transform set parameters, IPsec authentication and encryption algorithms, and IPsec encapsulation modes are inconsistent between the two ends. · The IPsec policy settings are inconsistent between the two ends. · The ACLs used by the two ends are not mirror ACLs. · The physical link status is poor or the peer network is unreachable. |
|
Recommended action |
· Verify that the two ends use the same IPsec transform set parameters, IPsec authentication and encryption algorithms, and IPsec encapsulation mode. · Verify that the two ends use the same IPsec policy configuration. · Verify that the ACLs used by the two ends are mirror ACLs. · Troubleshoot network issues to make sure the physical link status is good and the peer network is reachable. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSEC_SA_INITIATION
|
Message text |
Began to establish IPsec SA. Local address: [STRING] Remote address: [STRING] Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] Inside VPN instance: [STRING] Outside VPN instance: [STRING] ACL number: [UINT32] ACL name: [STRING] |
|
Variable fields |
$1: Local address. $2: Remote address. $3-$8: Data flows. $9: Inside VPN instance. $10: Outside VPN instance. $11: ACL number. The default value is 4294967295. $12: ACL name. Either the ACL number or ACL name will be displayed but not both. |
|
Severity level |
6 (Informational) |
|
Example |
IPSEC/6/IPSEC_SA_INITIATION: Began to establish IPsec SA. Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb ACL number: 3101 ACL name: aaa |
|
Impact |
No negative impact on the system. |
|
Cause |
An IPsec SA is to be established. |
|
Recommended action |
No action is required. |
IPSEC_SA_TERMINATE
|
Message text |
The IPsec SA was deleted. Reason: [STRING] SA information: Role: [STRING] Local address: [STRING] Remote address: [STRING] Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] Inside VPN instance: [STRING] Outside VPN instance: [STRING] Inbound AH SPI: [STRING] Outbound AH SPI: [STRING] Inbound ESP SPI: [STRING] Outbound ESP SPI: [STRING] ACL number: [UINT32] ACL name: [STRING] |
|
Variable fields |
$1: Reason for the IPsec SA removal: · SA idle timeout. · The reset command was executed. · Internal event. · Configuration change. · An IKE SA deletion message was received. $2: Role that established the IPsec SA, which can be initiator or responder. $3: Local end IP address. $4: Remote end IP address. $5-$10: Data flows. $11: Inside VPN instance. $12: Outside VPN instance. $13: Inbound AH SPI. $14: Outbound AH SPI. $15: Inbound ESP SPI. $16: Outbound ESP SPI. $17: ACL number. The default value is 4294967295. $18: ACL name. Either the ACL number or ACL name will be displayed but not both. |
|
Severity level |
6 (Informational) |
|
Example |
IPSEC/6/IPSEC_SA_TERMINATE: The IPsec SA was deleted. Reason: SA idle timeout. SA information: Role: initiator Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb Inbound AH SPI: 192365458 Outbound AH SPI: 13654581 Inbound ESP SPI: 292334583 Outbound ESP SPI: 5923654586 ACL number: 3101 ACL name: aaa |
|
Impact |
The IPsec SA was deleted and the IPsec service carried on the SA was interrupted. |
|
Cause |
See the value for the Reason field. |
|
Recommended action |
If the SA is deleted due to a reason described in this message, the SA will be re-established, and no action is required. If the SA is deleted due to other reasons, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG messages
This section contains IPSG messages.
IPSG_ADDENTRY_ERROR
|
Message text |
Failed to add an IP source guard binding on interface [STRING]: IP=[STRING], MAC=[STRING], VLAN=[UINT16]. Reason: [STRING]. |
|
Variable fields |
$1: Interface name. If you do not specify an interface, this field displays N/A. $2: IPv4 address or IPv6 address. If you do not specify an IP address, this field displays N/A. $3: MAC address. If you do not specify a MAC address, this field displays N/A. $4: VLAN ID. If you do not specify a VLAN, this field displays 65535. $5: Failure reasons. Available options include: ¡ Feature not supported. ¡ Resources not sufficient. ¡ Maximum number of IPv4 binding entries already reached. ¡ Maximum number of IPv6 binding entries already reached. ¡ Unknown error. |
|
Severity level |
6 (Informational) |
|
Example |
IPSG/6/IPSG_ADDENTRY_ERROR: Failed to add an IP source guard binding on interface Vlan-interface1: IP=1.1.1.1, MAC=0001-0001-0001, VLAN=1. Reason: Resources not sufficient. |
|
Impact |
The system cannot use the IPSG binding to filter packets. |
|
Cause |
See the failure reason in the log message. |
|
Recommended action |
· Identify whether the device supports the IPSG feature. If IPSG is not supported, output of this message is normal. No action is required. · Disable unnecessary services to release hardware resources when the failure is caused by insufficient hardware resources. · Delete unnecessary IPSG bindings to release ACL resources for IPSG bindings if the failure is caused by maximum number of IPv4SG or IPv6SG bindings being reached. · If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG_ADDEXCLUDEDVLAN_ERROR
|
Message text |
Failed to add excluded VLANs (VLAN [UINT16] to VLAN [UINT16]). Reason: [STRING]. |
|
Variable fields |
$1: Start VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $2: End VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $3: Failure reasons. Available options include: · Feature not supported. · Resources not sufficient. · Unknown error. |
|
Severity level |
6 (Informational) |
|
Example |
IPSG/6/IPSG_ADDEXCLUDEDVLAN_ERROR: -MDC=1-Slot=4; Failed to add excluded VLANs (VLAN 1 to VLAN 5). Reason: Resources not sufficient. |
|
Impact |
The system will not permit the packets that match the VLANs excluded from IPSG filtering. |
|
Cause |
See the failure reason in the log message. |
|
Recommended action |
· Identify whether the device supports the IPSG feature. If IPSG is not supported, output of this message is normal. No action is required. · Disable unnecessary services to release hardware resources when the failure is caused by insufficient hardware resources. · If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG_DELENTRY_ERROR
|
Message text |
Failed to delete an IP source guard binding on interface [STRING]: IP=[STRING], MAC=[STRING], VLAN=[UINT16]. Reason: [STRING]. |
|
Variable fields |
$1: Interface name. If you do not specify an interface, this field displays N/A. $2: IP address. If you do not specify an IP address, this field displays N/A. $3: MAC address. If you do not specify a MAC address, this field displays N/A. $4: VLAN ID. If you do not specify a VLAN, this field displays 65535. $5: Failure reason. Available options include: · Feature not supported. · Unknown error. |
|
Severity level |
6 (Informational) |
|
Example |
IPSG/6/IPSG_DELENTRY_ERROR: Failed to delete an IP source guard binding on interface Vlan-interface1: IP=1.1.1.1, MAC=0001-0001-0001, VLAN=1. Reason: Unknown error. |
|
Impact |
The system can still use this binding to filter packets. |
|
Cause |
See the failure reason in the log message. |
|
Recommended action |
1. Identify whether the device supports the IPSG feature. If IPSG is not supported, output of this message is normal. No action is required. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
IPSG_DELEXCLUDEDVLAN_ERROR
|
Message text |
Failed to delete excluded VLANs (VLAN [UINT16] to VLAN [UINT16]). Reason: [STRING]. |
|
Variable fields |
$1: Start VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $2: End VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $3: Failure reasons. Available options include: · Feature not supported. · Resources not sufficient. · Unknown error. |
|
Severity level |
6 (Informational) |
|
Example |
IPSG/6/IPSG_DELEXCLUDEDVLAN_ERROR: -MDC=1-Slot=4; Failed to delete excluded VLANs (VLAN 1 to VLAN 5). Reason: Resources not sufficient. |
|
Impact |
The system will still permit the packets that match these VLANs. |
|
Cause |
See the failure reason in the log message. |
|
Recommended action |
· Identify whether the device supports the IPSG feature. If IPSG is not supported, output of this message is normal. No action is required. · Disable unnecessary services to release hardware resources when the failure is caused by insufficient hardware resources. · If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
L2TPv2 messages
This section contains L2TPv2 messages.
L2TPV2_SESSION_EXCEED_LIMIT
|
Message text |
Number of L2TP sessions exceeded the limit. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
L2TPV2/4/L2TPV2_SESSION_EXCEED_LIMIT: Number of L2TP sessions exceeded the limit. |
|
Impact |
New L2TP sessions cannot be created. As a result, new L2TP users cannot come online. |
|
Cause |
The number of established L2TP sessions has reached the limit. |
|
Recommended action |
For new L2TP users to come online, perform one of the following tasks: · Wait for the old L2TP users to go offline and release L2TP session resources. · Execute the reset ppp access-user command to forcibly log out some old L2TP users to release L2TP session resources. |
L2TPV2_TUNNEL_EXCEED_LIMIT
|
Message text |
Number of L2TP tunnels exceeded the limit. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
L2TPV2/4/L2TPV2_TUNNEL_EXCEED_LIMIT: Number of L2TP tunnels exceeded the limit. |
|
Impact |
New L2TP tunnels cannot be established. |
|
Cause |
The number of established L2TP tunnels has reached the limit. |
|
Recommended action |
1. Perform one of the following tasks: ¡ Execute the reset l2tp tunnel command to disconnect an idle tunnel. ¡ Wait for the device to automatically disconnect an idle tunnel after the hello interval elapses. 2. If the problem persists, contact H3C Support. |
LAGG messages
This section contains link aggregation messages.
LAGG_ACTIVE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the active state. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 (Informational) |
|
Example |
LAGG/6/LAGG_ACTIVE: Member port GE1/0/1 of aggregation group BAGG1 changed to the active state. |
|
Impact |
No negative impact on the system. |
|
Cause |
A member port in an aggregation group changed to the Selected state. |
|
Recommended action |
No action is required. |
LAGG_AUTO_AGGREGATION
|
Message text |
Failed to assign automatic assignment-enabled interface [STRING] to the aggregation group. Please check the configuration on the interface. |
|
Variable fields |
$1: Port name. |
|
Severity level |
6 (Informational) |
|
Example |
Failed to assign automatic assignment-enabled interface [STRING] to the aggregation group. Please check the configuration on the interface. |
|
Impact |
The interface cannot automatically join an aggregation group. |
|
Cause |
A port failed to join an automatically created aggregation group for one of the following reasons: · The attribute configuration of the port is inconsistent with that of the aggregate interface. · Some settings on the port prevent it from joining the aggregation group. |
|
Recommended action |
To resolve this issue: · Modify the attribute configuration of the port to be consistent with the aggregate interface. · Remove the settings that affect automatic member port assignment from the port. |
LAGG_INACTIVE_AICFG
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the member port and the aggregate interface have different attribute configurations. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 (Informational) |
|
Example |
LAGG/6/LAGG_INACTIVE_AICFG: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the member port and the aggregate interface have different attribute configurations. |
|
Impact |
The member port cannot forward the service traffic. |
|
Cause |
A member port in an aggregation group changed to the Unselected state because the member port and the aggregate interface had different attribute configurations. |
|
Recommended action |
Modify the attribute configuration of the member port to be the same as the attribute configuration of the aggregate interface. |
LAGG_INACTIVE_BFD
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the BFD session state of the port is down. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 (Informational) |
|
Example |
LAGG/6/LAGG_INACTIVE_BFD: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the BFD session state of the port is down. |
|
Impact |
The member port cannot forward the service traffic. |
|
Cause |
A member port in an aggregation group changed to the Unselected state because the BFD session on the port went down. |
|
Recommended action |
To resolve this issue: · Check for a link failure. · Modify the port settings to make sure it has the same operational key and attribute configuration as the reference port. |
LAGG_INACTIVE_CONFIGURATION
|
Message text |
Member port [STRING] of [STRING] changed to the inactive state, because the aggregation configuration of the port is incorrect. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 (Informational) |
|
Example |
LAGG/6/LAGG_INACTIVE_CONFIGURATION: Member port FGE1/0/50 of BAGG1 changed to the inactive state, because the aggregation configuration of the port is incorrect. |
|
Impact |
The member port cannot forward the service traffic. |
|
Cause |
A member port in an aggregation group changed to the Unselected state because some configuration on the member port cannot be issued to the driver. |
|
Recommended action |
Verify that no configuration on this port conflicts with the aggregation feature. |
LAGG_INACTIVE_DUPLEX
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the duplex mode is different between the member port and the reference port. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 (Informational) |
|
Example |
LAGG/6/LAGG_INACTIVE_DUPLEX: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the duplex mode is different between the member port and the reference port. |
|
Impact |
The member port cannot forward the service traffic. |
|
Cause |
A member port in an aggregation group changed to the Unselected state because the duplex mode was different between the member port and the reference port. |
|
Recommended action |
Change the duplex mode of the member port to be the same as the reference port. |
LAGG_INACTIVE_HARDWAREVALUE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because of the port's hardware restriction. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 (Informational) |
|
Example |
LAGG/6/LAGG_INACTIVE_HARDWAREVALUE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because of the port's hardware restriction. |
|
Impact |
The member port cannot forward the service traffic. |
|
Cause |
A member port in an aggregation group changed to the Unselected state because of the port's hardware restriction. |
|
Recommended action |
Verify that no hardware differences exist between member ports. |
LAGG_INACTIVE_LACP_ISOLATE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the link-aggregation lacp isolate setting had been configured. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 (Informational) |
|
Example |
LAGG/6/LAGG_INACTIVE_LACP_ISOLATE: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the link-aggregation lacp isolate setting had been configured. |
|
Impact |
The member port cannot forward the service traffic. |
|
Cause |
A member port in an aggregation group changed to the Unselected state because aggregate interfaces on the device were isolated. |
|
Recommended action |
Remove aggregate interface isolation. |
LAGG_INACTIVE_LOWER_LIMIT
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the number of Selected ports was below the lower limit. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 (Informational) |
|
Example |
LAGG/6/LAGG_INACTIVE_LOWER_LIMIT: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the number of Selected ports was below the lower limit. |
|
Impact |
The member port cannot forward the service traffic. |
|
Cause |
A member port in an aggregation group was placed in Unselected state because the required minimum number of Selected ports was not reached. |
|
Recommended action |
Make sure the minimum number of Selected ports is met. |
LAGG_INACTIVE_PARTNER
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the link aggregation configuration of its peer port was incorrect. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 (Informational) |
|
Example |
LAGG/6/LAGG_INACTIVE_PARTNER: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the link aggregation configuration of its peer port was incorrect. |
|
Impact |
The member port cannot forward the service traffic. |
|
Cause |
A member port in an aggregation group changed to the Unselected state because the port's partner changed to the Unselected state. |
|
Recommended action |
No action is required. |
LAGG_INACTIVE_PHYSTATE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the physical or line protocol state of the port was down. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 (Informational) |
|
Example |
LAGG/6/LAGG_INACTIVE_PHYSTATE: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the physical or line protocol state of the port was down. |
|
Impact |
The member port cannot forward the service traffic. |
|
Cause |
A member port in an aggregation group changed to the Unselected state because the port went down. |
|
Recommended action |
Check the member port for physical or link layer issues. |
LAGG_INACTIVE_RESOURCE_INSUFICIE
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because hardware resources were not enough. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
3 (Error) |
|
Example |
LAGG/3/LAGG_INACTIVE_RESOURCE_INSUFICIE: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because hardware resources were not enough. |
|
Impact |
The member port cannot forward the service traffic. |
|
Cause |
A member port in an aggregation group changed to the Unselected state because the aggregation resources were insufficient. |
|
Recommended action |
No action is required. |
LAGG_INACTIVE_SPEED
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the speed configuration of the port was different from that of the reference portincorrect. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 (Informational) |
|
Example |
LAGG/6/LAGG_INACTIVE_SPEED: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the speed configuration of the port was different from that of the reference portincorrect. |
|
Impact |
The member port cannot forward the service traffic. |
|
Cause |
A member port in an aggregation group changed to the Unselected state because the speed was different between the member port and the reference port. |
|
Recommended action |
Change the speed of the member port to be the same as the reference port. |
LAGG_INACTIVE_UPPER_LIMIT
|
Message text |
Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the number of Selected ports had reached the upper limit. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
3 (Error) |
|
Example |
LAGG/3/LAGG_INACTIVE_UPPER_LIMIT: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the number of Selected ports had reached the upper limit. |
|
Impact |
The member port cannot forward the service traffic. |
|
Cause |
The number of Selected ports reached the upper limit in a dynamic aggregation group. A member port in the aggregation group changed to the Unselected state because a more eligible port joined the aggregation group. |
|
Recommended action |
No action is required. |
LAGG_PORT_DISCARDING_STATE
|
Message text |
Member port [STRING] of [STRING] changed to the discarding state. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 (Informational) |
|
Example |
LAGG/6/LAGG_PORT_DISCARDING_STATE: Member port GE1/0/50 of BAGG1 changed to the discarding state. |
|
Impact |
The member port cannot forward the service traffic. |
|
Cause |
A member port in the aggregation group changed to the discarding state and cannot forward service traffic. |
|
Recommended action |
Execute the display link-aggregation troubleshooting command to view the Selected state and reasons for member ports in the aggregation group. Troubleshoot and resolve issues based on the advice provided in the Advice field of the command output. |
LAGG_PORT_FORWARDING_STATE
|
Message text |
Member port [STRING] of [STRING] changed to the forwarding state. |
|
Variable fields |
$1: Port name. $2: Link aggregation group type and ID. |
|
Severity level |
6 (Informational) |
|
Example |
LAGG/6/LAGG_PORT_FORWARDING_STATE: Member port GE1/0/50 of BAGG1 changed to the forwarding state. |
|
Impact |
No negative impact on the system. |
|
Cause |
A member port in the aggregation group changed to the forwarding state and can forward service traffic. |
|
Recommended action |
No action is required. |
License
This section contains license messages.
LICENSE_FILE_LOST
|
Message text |
License activation file [STRING] was lost. |
|
Variable fields |
$1: Name of the activation file. |
|
Severity level |
4 (Warning) |
|
Example |
LIC/4/LICENSE_FILE_LOST: License activation file 0123456789.ak was lost. |
|
Impact |
The license-based feature is unavailable. |
|
Cause |
A license activation file was lost. |
|
Recommended action |
1. Copy the backup activation file to the license folder on the device. 2. If no backup activation file is available, go to the email box provided when the license is registered and obtain the activation file. Then, copy the activation file to the license folder on the device. 3. If you do not obtain the activation file in the email box provided when the license is registered, contact H3C Support to retrieve the lost activation file and copy the activation file to the license folder on the device. |
LICENSE_FILE_RESTORE
|
Message text |
License activation file [STRING] was successfully restored. |
|
Variable fields |
$1: Name of the activation file. |
|
Severity level |
6 (Informational) |
|
Example |
LIC/6/LICENSE_FILE_RESTORE: License activation file 0123456789.ak was successfully restored. |
|
Impact |
No negative impact on the system. |
|
Cause |
A license activation file was successfully restored. |
|
Recommended action |
No action is required. |
LICENSE_NEAR_EXPIRE
|
Message text |
License [STRING] will expire in [left days] days. |
|
Variable fields |
$1: License key, activation key, or activation file name. $2: Remaining validity days. |
|
Severity level |
4 (Warning) |
|
Example |
LIC/4/LICENSE_NEAR_EXPIRE: License 0123456789.ak will expire in 2 days. |
|
Impact |
The license-based feature will be unavailable. |
|
Cause |
This message is printed once a day, starting from the 10th day before the expiration date. |
|
Recommended action |
Purchase and install a new license as soon as possible. |
LICENSE_EXPIRE
|
Message text |
License [STRING] expired. |
|
Variable fields |
$1: License key, activation key, or activation file name. |
|
Severity level |
4 (Warning) |
|
Example |
LIC/4/LICENSE_EXPIRE: License 0123456789.ak expired. |
|
Impact |
The license-based feature is unavailable. |
|
Cause |
A license expired. |
|
Recommended action |
Purchase and install a new license as soon as possible. |
LICENSE_TAKE_EFFECT
|
Message text |
State of license [STRING] changed to in use. |
|
Variable fields |
$1: License key, activation key, or activation file name. |
|
Severity level |
6 (Informational) |
|
Example |
LIC/6/LICENSE_TAKE_EFFECT: State of license 0123456789.ak changed to in use. |
|
Impact |
No negative impact on the system. |
|
Cause |
The state of a license changed from usable to in use. |
|
Recommended action |
No action is required. |
LICENSE_PRE_NEAR_EXPIRE
|
Message text |
Preinstalled licenses will expire in [STRING] days. |
|
Variable fields |
$1: Remaining validity days. |
|
Severity level |
4 (Warning) |
|
Example |
LIC/4/LICENSE_PRE_NEAR_EXPIRE: Preinstalled licenses will expire in 3 days. |
|
Impact |
The license-based feature will be unavailable. |
|
Cause |
This message is printed once a day, starting from the 10th day before the expiration date. |
|
Recommended action |
Examine whether usable formal licenses are installed. If no usable formal licenses are installed, purchase and install formal licenses. |
LICENSE_PRE_EXPIRE
|
Message text |
Preinstalled licenses expired. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
LIC/4/LICENSE_PRE_EXPIRE: Preinstalled licenses expired. |
|
Impact |
The license-based feature is unavailable. |
|
Cause |
Preinstalled licenses expired. |
|
Recommended action |
Examine whether usable formal licenses are installed. If no usable formal licenses are installed, purchase and install formal licenses. |
CLCP
This section contains CLCP messages.
CLCP_CLIENT_LOGIN_FAIL
|
Message text |
Failed to login. Reason: [STRING]. |
|
Variable fields |
$1: Login failure reason. Supported values: ¡ Network error. ¡ Incorrect username or password. ¡ Error occurred for communication between license client and license server. |
|
Severity level |
4 (Warning) |
|
Example |
CLCP/4/CLCP_CLIENT_LOGIN_FAIL: Failed to login. Reason: Incorrect username or password. |
|
Impact |
Licenses cannot be requested from the license server. |
|
Cause |
The license client failed to log in to the license server. |
|
Recommended action |
Handle the issue according to the failure reason: · If the reason is network error, verify that the server address configuration is correct. · If the reason is incorrect username or password, verify that the username and password configured on the device for accessing the license server are the same as those on the license server. · If communication error occurs, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
CLCP_NEAR_EXPIRE
|
Message text |
License [STRING] will expire in [STRING] days. |
|
Variable fields |
$1: Feature name. $2: Remaining validity days. |
|
Severity level |
4 (Warning) |
|
Example |
CLCP/4/CLCP_NEAR_EXPIRE: License APMGR will expire in 2 days. |
|
Impact |
The license-based feature will be unavailable. |
|
Cause |
This message is printed once a day, starting from the 10th day before the expiration date. |
|
Recommended action |
Purchase and install a new license on the license server. |
CLCP_RECLAIM
|
Message text |
License [STRING] was reclaimed. Reason: [STRING]. |
|
Variable fields |
$1: Feature name. $2: Reclamation reason. Supported values: ¡ The license-based feature was not in use. ¡ The license aged out after the client had been disconnected from the license server for 30 days. ¡ The license was forcibly reclaimed by the license server. ¡ The license expired on the license server. ¡ The license was uninstalled on the license server. ¡ License information is inconsistent between license client and license server. ¡ Unknown. |
|
Severity level |
4 (Warning) |
|
Example |
CLCP/4/CLCP_RECLAIM: License APMGR was reclaimed. Reason: The license expired on the license server. |
|
Impact |
The license-based feature is unavailable. |
|
Cause |
A license was reclaimed by the license server. |
|
Recommended action |
Handle the issue according to the reclamation reason: · If the license-based feature is not in use, no action is required. To use the feature, the license client will automatically request the license again from the license server. · If the license ages out because of long time disconnection, restore the connection between the device and the license server. · If the license is forcibly reclaimed by the license server, no action is required. · If the license expires or is uninstalled on the license server, purchase and install a new license on the license server. · If license information is inconsistent between license client and license server or the reclamation reason is unknown, the license client will automatically request the license again after the license is reclaimed. In this case, no action is required. If exceptions exist, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
CLCP_REQUEST_FAIL
|
Message text |
Failed to request license [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: Feature name. $2: Failure reason. Supported values: ¡ No sufficient license resources on the license server. ¡ Error occurred for communication between license client and license server. ¡ License server system error. |
|
Severity level |
4 (Warning) |
|
Example |
CLCP/4/CLCP_REQUEST_FAIL: Failed to request license APMGR. Reason: No sufficient license resources on the license server. |
|
Impact |
Licenses cannot be requested from the license server. |
|
Cause |
The license client failed to request a license. |
|
Recommended action |
Handle the issue according to the failure reason: · If no sufficient license resources are available on the license server, purchase new licenses and install them on the license server. · If a communication error or system error occurs, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
CLCP_RECLAIM_ALARM
|
Message text |
License [STRING] will be reclaimed in [STRING] days. Reason: [STRING]. |
|
Variable fields |
$1: Feature name. $2: Remaining validity days. $3: Reclamation reason. The value is The license client was disconnected from the license server. |
|
Severity level |
4 (Warning) |
|
Example |
CLCP/4/CLCP_RECLAIM_ALARM: License APMGR will be reclaimed in 2 days. Reason: The license client was disconnected from the license server. |
|
Impact |
The license-based feature will be unavailable. |
|
Cause |
The license client has been disconnected from the license server. |
|
Recommended action |
Restore the network connection between the license client and license server. |
CLCP_CLIENT_OFFLINE
|
Message text |
The license client went offline. Reason: [STRING]. |
|
Variable fields |
$1: Offline reason. Supported values: ¡ The license server forced the license client to go offline. ¡ Client information aged out on the license server. ¡ The license client has been disconnected from the license server for a long time. |
|
Severity level |
4 (Warning) |
|
Example |
CLCP/4/CLCP_CLIENT_OFFLINE: The license client went offline. Reason: The license server forced the license client to go offline. |
|
Impact |
Licenses cannot be requested from the license server. |
|
Cause |
The license client went offline. |
|
Recommended action |
Handle the issue according to the offline reason: · If the license server forces the license client to go offline or client information ages out on the license server, no action is required. The device will be automatically reconnected to the license server after a period of time. · If the license client has been disconnected from the license server for a long time, restore the connection between the device and the license server. |
LIPC messages
This section contains Leopard inter-process communication (LIPC) messages.
LIPC_MTCP_CHECK
|
Message text |
Data stays in the receive buffer for an over long time. Owner=[STRING], VRF=[INTEGER], MDC=[INTEGER], Group=[INTEGER], MID=[INTEGER]. |
|
Variable fields |
$1: Name of the process. $2: Name of the VRF to which the LIPC link belongs to. $3: MDC ID of the LIPC link. $4: Multicast group ID of the LIPC link. $5: Multicast group member ID of the LIPC link. |
|
Severity level |
4 (Warning) |
|
Example |
LIPC/4/LIPC_MTCP_CHECK: Data stays in the receive buffer for an over long time. Owner=fsd, VRF=0, MDC=1, Group=134, MID=10001. |
|
Impact |
Processes might operate incorrectly. |
|
Cause |
Processes will establish an LIPC link during internal communication. LIPC MTCP assigns a receive buffer to the process and checks at intervals whether data in the buffer is retrieved by the process. If the process has not retrieved data from the receive buffer for a long time and a large amount of data accumulates in the buffer, the process might run abnormally. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
LIPC_STCP_CHECK
|
Message text |
Data stays in the receive buffer for an over long time. Process name(thread name)=[STRING]([STRING]), PID(TID)=[INTEGER]([INTEGER]),inode=[INTEGER], port=[INTEGER], VRF=[INTEGER], local address/portid=[INTEGER]/[INTEGER], remote address/portid=[INTEGER]/[INTEGER]. |
|
Variable fields |
$1: Name of the process that established the LIPC link. $2: Name of the thread. $3: ID of the process. $4: ID of the thread. $5: Address of the FD in the kernel. $6: Port number for the LIPC link (the same port number is used for both local and remote ends). $7: Name of the VRF to which the LIPC link belongs. $8: LIP address of the local node. $9: Temporary port number of the local node. It is a number temporarily assigned by the system for the port. $10: LIP address of the remote node. $11: Temporary port number of the remote node. It is a number temporarily assigned by the system for the port. |
|
Severity level |
4 (Warning) |
|
Example |
LIPC/4/LIPC_STCP_CHECK: Data stays in the receive buffer for an over long time. Process name(thread name)=pimd(pimd), PID(TID)=10953(10957),inode=2720150667, port=2149, VRF=0, local address/portid=0/2353866048, remote address/portid=0/1062257808. |
|
Impact |
Processes might operate incorrectly. |
|
Cause |
Processes will establish an LIPC link during internal communication. LIPC STCP assigns a receive buffer to the process and checks at intervals whether data in the buffer is retrieved by the process. If the process has not retrieved data from the receive buffer for a long time and a large amount of data accumulates in the buffer, the process might run abnormally. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
LIPC_STCP_DUPLICATE_SOCKET
|
Message text |
Socket (LIP=[INTEGER], PortID=[INTEGER], Owner=[STRING]) has failed connect to server (LIP=[INTEGER],Port=[INTEGER]) too many times. |
|
Variable fields |
$1: LIP address of the local node. $2: Port number of the local node. $3: Name of the process. $5: LIP address of the remote node. $6: Service port number. |
|
Severity level |
4 (Warning) |
|
Example |
LIPC/4/LIPC_STCP_DUPLICATE_SOCKET: Socket (LIP=8, PortID=123456, Owner=sfs) has failed connect to server (LIP=8, Port=10515) too many times. |
|
Impact |
No negative impact on the system. |
|
Explanation |
Typically, if a service module fails to establish a connection by using a socket, it will close that socket and apply for another socket for reconnection. If the module continues to use the failed socket for connection, LIPC will return a failure. This log records information about reconnection failures of a module by using a failed socket. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
LIPC_SUDP_CHECK
|
Message text |
Data stays in the receive buffer for an over long time. Owner=[STRING], VRF=[INTEGER], MDC=[INTEGER], local address/port=[INTEGER]/[INTEGER], remote address/port=[INTEGER]/[INTEGER]. |
|
Variable fields |
$1: Name of the process that established the LIPC link. $2: Name of the VRF to which the LIPC link belongs. $3: MDC ID of the LIPC link. $4: Port number of the local node. $5: IP address of the local node. $6: LIP address of the remote node. $7: Port number of the remote node. |
|
Severity level |
4 (Warning) |
|
Example |
LIPC/4/LIPC_SUDP_CHECK: Data stays in the receive buffer for an over long time. Owner=snmpd, VRF=0, MDC=1, local address/port=0/10525, remote address/port=32768/0. |
|
Impact |
Processes might operate incorrectly. |
|
Cause |
Processes will establish an LIPC link during internal communication. LIPC SUDP assigns a receive buffer to the process and checks at intervals whether data in the buffer is retrieved by the process. If the process has not retrieved data from the receive buffer for a long time and a large amount of data accumulates in the buffer, the process might run abnormally. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
PORT_CHANGE
|
Message text |
STCP: Node where the listening port number [INT] (MDC: [INT] VRF: [INT]) resides changed from LIP [INT] to LIP [INT]. |
|
Variable fields |
$1: LIPC global port number. $2: Name of the MDC where the LIPC global port resides. $3: Name of the VRF to which the LIPC global port belongs. $4: Name of the old LIPC node where the LIPC global port resides. $5: Name of the new LIPC node where the LIPC global port resides. |
|
Severity level |
5 (Notification) |
|
Example |
LIPC/5/PORT_CHANGE: Node where the listening port number 620 (MDC: 1 VRF: 1) resides changed from LIP 1 to LIP 3. |
|
Impact |
No negative impact on the system. |
|
Cause |
STCP assigns an LIPC global port number as a listening port number to each service module as requested. Typically, a service module listens to the port number only on the LIPC node where the port has been requested. This message is generated if the service module listens to the port number on a different LIPC node. STCP will move the port number from the old LIPC node to the new node. |
|
Recommended action |
No action is required. |
LLDP messages
This section contains LLDP messages.
LLDP_CREATE_NEIGHBOR
|
Message text |
[STRING] agent new neighbor created on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING]. |
|
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID. |
|
Severity level |
6 (Informational) |
|
Example |
LLDP/6/LLDP_CREATE_NEIGHBOR: Nearest bridge agent new neighbor created on port Ten-GigabitEthernet10/0/15 (IfIndex 599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5. |
|
Impact |
No negative impact on the system. |
|
Cause |
The port received an LLDP message from a new neighbor. |
|
Recommended action |
No action is required. |
LLDP_DELETE_NEIGHBOR
|
Message text |
[STRING] agent neighbor deleted on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING]. |
|
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID. |
|
Severity level |
6 (Informational) |
|
Example |
LLDP/6/LLDP_DELETE_NEIGHBOR: Nearest bridge agent neighbor deleted on port Ten-GigabitEthernet10/0/15 (IfIndex 599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5. |
|
Impact |
The LLDP neighbor is disconnected. |
|
Cause |
The port received a deletion message when a neighbor was deleted. |
|
Recommended action |
1. View related settings on the neighboring device to identify whether the neighboring device is disabled with LLDP. ¡ If LLDP is disabled on the neighboring device, execute the lldp enable and lldp global enable commands to enable LLDP. ¡ If LLDP is enabled on the neighboring device, go to step 2. 2. Execute the display interface command to identify whether a link failure occurs between the local device and the neighboring device. ¡ If a link failure occurs, troubleshoot the link failure. If the link failure cannot be cleared, go to step 3. ¡ If no link failure occurs, go to step 3. 4. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
LLDP_LESS_THAN_NEIGHBOR_LIMIT
|
Message text |
The number of [STRING] agent neighbors maintained by port [STRING] (IfIndex [UINT32]) is less than [UINT32], and new neighbors can be added. |
|
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Maximum number of neighbors a port can maintain. |
|
Severity level |
6 (Informational) |
|
Example |
LLDP/6/LLDP_LESS_THAN_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by port Ten-GigabitEthernet10/0/15 (IfIndex 599) is less than 5, and new neighbors can be added. |
|
Impact |
No negative impact on the system. |
|
Cause |
The number of the neighbors for a port changes. |
|
Recommended action |
No action is required. |
LLDP_NEIGHBOR_AGE_OUT
|
Message text |
[STRING] agent neighbor aged out on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING]. |
|
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID. |
|
Severity level |
5 (Notification) |
|
Example |
LLDP/5/LLDP_NEIGHBOR_AGE_OUT: Nearest bridge agent neighbor aged out on port Ten-GigabitEthernet10/0/15 (IfIndex599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5. |
|
Impact |
The LLDP neighbor is disconnected. |
|
Cause |
This message is generated when the port failed to receive LLDPDUs from the neighbor within a certain period of time. |
|
Recommended action |
1. Execute the display interface command to identify whether a link failure occurs between the local device and the neighboring device, which causes LLDP packet loss or congestion. ¡ If a link failure occurs, troubleshoot the link failure. If the link failure cannot be cleared, go to step 2. ¡ If no link failure occurs, go to step 2. 5. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
LLDP_NEIGHBOR_PROTECTION_BLOCK
|
Message text |
The status of port [STRING] changed to blocked ([STRING]) for the [STRING] agent. |
|
Variable fields |
$1: Interface name. $2: Neighbor protection feature that caused the state change: ¡ aging—Neighbor aging-based protection. ¡ validation—Neighbor validation-based protection. ¡ black hole—LLDP black hole detection-based protection. ¡ cross domain—LLDP cross-domain detection-based protection. $3: LLDP agent type. |
|
Severity level |
4 (Warning) |
|
Example |
LLDP/4/LLDP_NEIGHBOR_PROTECTION_BLOCK: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to blocked (aging) for the nearest bridge agent. |
|
Impact |
The port is blocked and cannot process services. |
|
Cause |
Cause 1: A neighbor identification error occurs, leading to neighbor validation-based protection. Cause 2: Neighbor aging occurs due to a period of failure to receive LLDP packets, leading to neighbor aging-based protection. Cause 3: LLDP black hole detection enabled on the interface detects a black hole on LLDP packets. Cause 4: LLDP cross-domain detection enabled on the interface has detected LLDP packets with domain IDs different from the local domain ID. |
|
Recommended action |
Cause 1: 1. Execute the display interface command to identify whether a link failure occurs between the local device and the neighboring device, which causes LLDP packet loss or congestion. ¡ If a link failure occurs, troubleshoot the link failure. If the link failure cannot be cleared, go to step 2. ¡ If no link failure occurs, go to step 2. 2. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. Cause 2: 3. Execute the display lldp neighbor-information command to display the LLDP information received from the neighboring devices and obtain the chassis ID TLV and port ID TLV. 4. Identify whether the chassis ID TLV and port ID TLV from the neighboring device are the same as those of the local device from the lldp neighbor-identity chassis-id and lldp neighbor-identity port-id commands. ¡ If the chassis ID TLV and port ID TLV are the same as those of the local device from the lldp neighbor-identity chassis-id and lldp neighbor-identity port-id commands, go to step 4. ¡ If the chassis ID TLV and port ID TLV are different from those of the local device from the lldp neighbor-identity chassis-id and lldp neighbor-identity port-id commands, go to step 3. 5. Execute the lldp neighbor-identity chassis-id and lldp neighbor-identity port-id commands to configure the local identification information to ensure that the identification information on the local device is the same as that received from the neighboring device. 6. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. Cause 3: No action is required. Alternatively, change the physical topology to clear LLDP packet back holes. Cause 4: Check the planned domain ID configuration for LLDP cross-domain detection at both ends. Identify whether the domain IDs at both ends must be the same. · If the domain IDs at both ends must be the same, execute the lldp cross-domain-detection domain-id command at both ends to ensure that the same domain IDs at both ends are the same. · If the domain IDs at both ends can be different, no action is required. |
LLDP_NEIGHBOR_PROTECTION_DOWN
|
Message text |
The status of port [STRING] changed to down (aging) for the [STRING] agent. |
|
Variable fields |
$1: Interface name. $2: LLDP agent type. |
|
Severity level |
4 (Warning) |
|
Example |
LLDP/4/LLDP_NEIGHBOR_PROTECTION_DOWN: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to down (aging) for the nearest bridge agent. |
|
Impact |
The port is shut down and cannot process services. |
|
Cause |
Neighbor aging occurs due to a period of failure to receive LLDP packets, leading to neighbor aging-based protection. |
|
Recommended action |
1. Execute the display interface command to identify whether a link failure occurs between the local device and the neighboring device, which causes LLDP packet loss or congestion. ¡ If a link failure occurs, troubleshoot the link failure. If the link failure cannot be cleared, go to step 2. ¡ If no link failure occurs, go to step 2. 2. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
LLDP_NEIGHBOR_PROTECTION_UNBLOCK
|
Message text |
The status of port [STRING] changed to unblocked for the [STRING] agent. |
|
Variable fields |
$1: Interface name. $2: LLDP agent type. |
|
Severity level |
4 (Warning) |
|
Example |
LLDP/4/LLDP_NEIGHBOR_PROTECTION_UNBLOCK: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to unblocked for the nearest bridge agent. |
|
Impact |
No negative impact on the system. |
|
Cause |
LLDP packets are received on the port or the neighboring identification information is the same as the local configuration. |
|
Recommended action |
No action is required. |
LLDP_NEIGHBOR_PROTECTION_UP
|
Message text |
The status of port [STRING] changed to up for the [STRING] agent. |
|
Variable fields |
$1: Interface name. $2: LLDP agent type. |
|
Severity level |
4 (Warning) |
|
Example |
LLDP/4/LLDP_NEIGHBOR_PROTECTION_UP: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to up for the nearest bridge agent. |
|
Impact |
No negative impact on the system. |
|
Cause |
Execute the undo lldp neighbor-protection aging or undo shutdown command on the interface disabled with neighbor aging-based protection. |
|
Recommended action |
No action is required. |
LLDP_PVID_INCONSISTENT
|
Message text |
PVID mismatch discovered on [STRING] (PVID [UINT32]), with [STRING] [STRING] (PVID [STRING]). |
|
Variable fields |
|
|
Severity level |
5 (Notification) |
|
Example |
LLDP/5/LLDP_PVID_INCONSISTENT: PVID mismatch discovered on GigabitEthernet1/0/1 (PVID 2), with H3C GigabitEthernet1/0/1 (PVID 1). |
|
Impact |
A PVID mismatch occurs between two ends of the link, which causes the failure of packet forwarding for some protocols. |
|
Cause |
|
|
Recommended action |
LLDP_REACH_NEIGHBOR_LIMIT
|
Message text |
The number of [STRING] agent neighbors maintained by the port [STRING] (IfIndex [UINT32]) has reached [UINT32], and no more neighbors can be added. |
|
Variable fields |
$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Maximum number of neighbors a port can maintain. |
|
Severity level |
5 (Notification) |
|
Example |
LLDP/5/LLDP_REACH_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by the port Ten-GigabitEthernet10/0/15 (IfIndex 599) has reached 5, and no more neighbors can be added. |
|
Impact |
The interface cannot create a new LLDP neighbor entry. |
|
Cause |
This message is generated when the port with its maximum number of neighbors reached received an LLDP packet from a new neighbor. |
|
Recommended action |
To create a new neighbor entry, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
LOAD messages
This section contains load management messages.
BOARD_LOADING
|
Message text |
Mode 1: Board in chassis [INT32] slot [INT32] is loading software images. Mode 2: Board in slot [INT32] is loading software images. |
|
Variable fields |
Mode 1: $1: Chassis ID. $2: Slot ID. Mode 2: $1: Slot ID. |
|
Severity level |
4 (Warning) |
|
Example |
Mode 1: LOAD/4/BOARD_LOADING: Board in chassis 1 slot 5 is loading software images. Mode 2: LOAD/4/BOARD_LOADING: Board in slot 5 is loading software images. |
|
Impact |
No negative impact on the system. |
|
Cause |
The card is loading software images during the boot process. |
|
Recommended action |
No action is required. |
LOAD_FAILED
|
Message text |
Mode 1: Board in chassis [INT32] slot [INT32] failed to load software images. Mode 2: Board in slot [INT32] failed to load software images. |
|
Variable fields |
Mode 1: $1: Chassis ID. $2: Slot ID. Mode 2: $1: Slot ID. |
|
Severity level |
3 (Error) |
|
Example |
Mode 1: LOAD/3/LOAD_FAILED: Board in chassis 1 slot 5 failed to load software images. Mode 2: LOAD/3/LOAD_FAILED: Board in slot 5 failed to load software images. |
|
Impact |
The card will fail to start. |
|
Cause |
The card failed to load software images during the boot process. |
|
Recommended action |
1. Execute the display boot-loader command to identify the startup software images. 2. Execute the dir command to verify that the startup software images exist. If the startup software images do not exist or are damaged, re-upload the software images to the device or set another one as the startup software images. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
LOAD_FINISHED
|
Message text |
Mode 1: Board in chassis [INT32] slot [INT32] has finished loading software images. Mode 2: oard in slot [INT32] has finished loading software images. |
|
Variable fields |
Mode 1: $1: Chassis ID. $2: Slot ID. Mode 2: $1: Slot ID. |
|
Severity level |
5 (Notification) |
|
Example |
Mode 1: LOAD/5/LOAD_FINISHED: Board in chassis 1 slot 5 has finished loading software images. Mode 2: LOAD/5/LOAD_FINISHED: Board in slot 5 has finished loading software images. |
|
Impact |
No negative impact on the system. |
|
Cause |
The card has finished loading software images. |
|
Recommended action |
No action is required. |
LOGIN messages
This section contains login messages.
LOGIN_AUTHENTICATION_FAILED
|
Message text |
Authentication failed for [STRING] from [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: Username. $2: User line name or IP address. $3: Failure cause. For more information, see the user online/offline reason description in AAA commands in Security Command Reference. |
|
Severity level |
5 (Notification) |
|
Example |
LOGIN/5/LOGIN_AUTHENTICATION_FAILED: Authentication failed for Usera from console0. Reason: Invalid username or password. |
|
Impact |
The user failed to log in to the system. |
|
Cause |
Authentication failed upon user login. |
|
Recommended action |
Troubleshoot the issue based on the failure cause. |
LOGIN_FAILED
|
Message text |
[STRING] failed to login from [STRING]. |
|
Variable fields |
$1: Username. $2: Line name or IP address. |
|
Severity level |
5 (Notification) |
|
Example |
LOGIN/5/LOGIN_FAILED: TTY failed to log in from console0. LOGIN/5/LOGIN_FAILED: usera failed to log in from 192.168.11.22. |
|
Impact |
A user fails to log in to the system. |
|
Cause |
A login attempt failed. |
|
Recommended action |
1. Verify the connection between the device and the server. 2. Enter the username and password again. 3. Verify that the server settings are correct, such as the server type. 4. Verify that the number of login users has not reached the upper limit. 5. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
LOGIN_ INVALID_USERNAME_PWD
|
Message text |
Invalid username or password from [STRING]. |
|
Variable fields |
$1: User line name and user IP address. |
|
Severity level |
5 (Notification) |
|
Example |
LOGIN/5/LOGIN_INVALID_USERNAME_PWD: Invalid username or password from console0. LOGIN/5/LOGIN_INVALID_USERNAME_PWD: Invalid username or password from 192.168.11.22. |
|
Impact |
A user fails to log in to the system. |
|
Cause |
A user entered an invalid username or password. |
|
Recommended action |
Verify that the username and password for login are correct. |
LPDT messages
This section contains LPDT messages.
LPDT_LOOPED
|
Message text |
Loopback exists on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
LPDT/4/LPDT_LOOPED: Loopback exists on Ethernet6/4/2. |
|
Impact |
The device processes the port based on the loop protection action configured for the port. |
|
Cause |
The port has received a loop detection packet from this device. |
|
Recommended action |
1. Identify whether the existing Layer 2 loops in the current network are necessary for network deployment: ¡ If yes, proceed to step 2. ¡ If not, redeploy the network to eliminate Layer 2 loops. 2. Identify whether the network topology meets the requirements after the loop detection feature processes the port: ¡ If yes, no action is required. ¡ If not, modify the loop detection configuration for the device to ensure that the network topology after the loop detection feature processes the port meets the requirements. If the issue persists, proceed to step 3. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
LPDT_RECOVERED
|
Message text |
Loopback on [STRING] recovered. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
LPDT/5/LPDT_RECOVERED: Loopback on Ethernet6/4/1 recovered. |
|
Impact |
No negative impact on the system. |
|
Cause |
Reason 1: Within all VLANs, a port does not receive loop detection packets within three times the loop detection interval. Reason 2: The port is shut down to eliminate loops. |
|
Recommended action |
No action is required. |
LPDT_VLAN_LOOPED
|
Message text |
Loopback exists on [STRING] in VLAN [UINT16]. |
|
Variable fields |
$1: Interface name. $2: VLAN ID. |
|
Severity level |
4 (Warning) |
|
Example |
LPDT/4/LPDT_VLAN_LOOPED: Loopback exists on Ethernet6/4/1 in VLAN 1. |
|
Impact |
The device processes the port based on the loop protection action configured for the port. |
|
Cause |
The port received a loop detection packet from this device within the specified VLAN. |
|
Recommended action |
1. Identify whether the existing Layer 2 loops in the current network are necessary for network deployment: ¡ If yes, proceed to step 2. ¡ If not, redeploy the network to eliminate Layer 2 loops. 2. Identify whether the network topology meets the requirements after the loop detection feature processes the port: ¡ If yes, no action is required. ¡ If not, modify the loop detection configuration for the device to ensure that the network topology after the loop detection feature processes the port meets the requirements. If the issue persists, proceed to step 3. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
LPDT_VLAN_RECOVERED
|
Message text |
Loopback on [STRING] in VLAN [UINT16] recovered. |
|
Variable fields |
$1: Interface name. $2: VLAN ID. |
|
Severity level |
5 (Notification) |
|
Example |
LPDT/5/LPDT_VLAN_RECOVERED: A loop was removed on GigabitEthernet1/0/1 in VLAN 1. |
|
Impact |
No negative impact on the system. |
|
Cause |
Reason 1: Within all VLANs, a port does not receive loop detection packets within three times the loop detection interval. Reason 2: The port is shut down to eliminate loops. |
|
Recommended action |
No action is required. |
LS messages
This section contains Local Server messages.
LOCALSVR_FAIL_TO_WRITETIME2FILE
|
Message text |
Failed to write the local user creation or login time records to file. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
LOCALSVR/6/ LOCALSVR_FAIL_TO_WRITETIME2FILE: Failed to write the local user creation or login time records to file. |
|
Impact |
No negative impact on the system. |
|
Cause |
The local file system of the device is running out of memory space. |
|
Recommended action |
Execute the dir command in user view to check the remaining capacity information of local storage media (such as flash). If no enough remaining space is available, delete unnecessary files. |
LOCALSVR_PROMPTED_CHANGE_PWD
|
Message text |
Please change the password of [STRING] [STRING], because [STRING]. |
|
Variable fields |
$1: Password type: ¡ device management user. ¡ user line. ¡ user line class. $2: Username, user line name, or user line class name. $3: Reason for password change: ¡ the current password is a weak-password. ¡ the current password is the default password. ¡ it is the first login of the current user or the password had been reset. ¡ the password had expired. |
|
Severity level |
6 (Informational) |
|
Example |
LOCALSVR/6/LOCALSVR_PROMPTED_CHANGE_PWD: Please change the password of device management user hhh, because the current password is a weak password. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device generated a log message to prompt a user to change the password of the user, user line, or user line class. The device will generate such a log message every 24 hours after the user logs in to the device if the password does not meet the password control requirements. |
|
Recommended action |
Change the user password as required: · If scheme authentication is used, change the local password of the user. · If password authentication is used, change the authentication password of the user line or user line class for the user. |
LS_ADD_USER_TO_GROUP
|
Message text |
Admin [STRING] added user [STRING] to group [STRING]. |
|
Variable fields |
$1: Admin name. $2: Username. $3: User group name. |
|
Severity level |
4 (Warning) |
|
Example |
LS/4/LS_ADD_USER_TO_GROUP: Admin admin added user user1 to group group1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The administrator added a local user into a specific user group. |
|
Recommended action |
No action is required. |
LS_AUTHEN_FAILURE
|
Message text |
User [STRING] from [STRING] failed authentication. [STRING] |
|
Variable fields |
$1: Username. $2: IP address. $3: Failure reason: ¡ "User not found." ¡ "Password verified failed." ¡ "User not active." ¡ "Access type mismatch." ¡ "Binding attribute is failed." ¡ "User in blacklist." |
|
Severity level |
5 (Notification) |
|
Example |
LS/5/LS_AUTHEN_FAILURE: User cwf@system from 192.168.0.22 failed authentication. "User not found." |
|
Impact |
Users cannot come online. |
|
Cause |
The local server rejected a user's authentication request. Possible reasons include: · The user cannot be found. · Password verification failed. · The user is not online. · The access type does not match. · Binding attributes failed. · The user has been blacklisted. |
|
Recommended action |
Troubleshoot according to the reason displayed in the message. |
LS_AUTHEN_SUCCESS
|
Message text |
User [STRING] from [STRING] was authenticated successfully. |
|
Variable fields |
$1: Username. $2: IP address. |
|
Severity level |
6 (Informational) |
|
Example |
LS/6/LS_AUTHEN_SUCCESS: User cwf@system from 192.168.0.22 was authenticated successfully. |
|
Impact |
No negative impact on the system. |
|
Cause |
The local server accepted a user's authentication request. |
|
Recommended action |
No action is required. |
LS_DEL_USER_FROM_GROUP
|
Message text |
Admin [STRING] delete user [STRING] from group [STRING]. |
|
Variable fields |
$1: Admin name. $2: Username. $3: User group name. |
|
Severity level |
4 (Warning) |
|
Example |
LS/4/LS_DEL_USER_FROM_GROUP: Admin admin delete user user1 from group group1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The administrator deleted a local user from a specific user group. |
|
Recommended action |
No action is required. |
LS_PWD_ADD_BLACKLIST
|
Message text |
User [STRING] was added to the blacklist due to multiple login failures, [STRING]. |
|
Variable fields |
$1: Username. $2: Options include: ¡ but could make other attempts. ¡ and is permanently blocked. ¡ and was temporarily blocked for [UINT32] minutes. |
|
Severity level |
4 (Warning) |
|
Example |
LS/4/LS_PWD_ADDBLACKLIST: User aaa at 192.168.0.22 was added to the blacklist due to multiple login failures, but could make other attempts. |
|
Impact |
The impact on the system depends on the actual situation. |
|
Cause |
After a user login authentication fails, the system adds the user to the password management blacklist and restricts subsequent login attempts according to the measures configured in the password-control login-attempt command. When a user login fails more times than the specified limit, the system will prohibit that user from logging in. After a period, the system allows the user to attempt to log in again. |
|
Recommended action |
1. If this message appears occasionally, check the user's password. Incorrect password input might cause login prohibition. As a best practice, try to log in again after waiting for some time. If you encounter the same issue when logging into the device again with the correct username and password, collect log messages and configuration data, and then contact Technical Support for help. 2. If this message appears frequently, the system might be under a login attack. Contact Technical Support for help. |
LS_PWD_CHGPWD
|
Message text |
The password of local [STRING] user [STRING] was modified. |
|
Variable fields |
$1: User access type. ¡ network-access ¡ device-management $2: Username. |
|
Severity level |
5 (Notification) |
|
Example |
LS/5/LS_PWD_CHGPWD: The password of local network-access user abc was modified. |
|
Impact |
No negative impact on the system. |
|
Cause |
The password of a local user was modified. |
|
Recommended action |
Typically, no action is required when this log is generated. The device administrator can determine whether an abnormal password change occurred based on this log. |
LS_PWD_CHGPWD_FOR_AGEDOUT
|
Message text |
User [STRING] changed the password because it was expired. |
|
Variable fields |
$1: Username. |
|
Severity level |
4 (Warning) |
|
Example |
LS/4/LS_PWD_CHGPWD_FOR_AGEDOUT: User aaa changed the password because it was expired. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user changed the password because the old password has expired. |
|
Recommended action |
No action is required. |
LS_PWD_CHGPWD_FOR_AGEOUT
|
Message text |
User [STRING] changed the password because it was about to expire. |
|
Variable fields |
$1: Username. |
|
Severity level |
4 (Warning) |
|
Example |
LS/4/LS_PWD_CHGPWD_FOR_AGEOUT: User aaa changed the password because it was about to expire. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user changed the password because the old password was about to expire. |
|
Recommended action |
No action is required. |
LS_PWD_CHGPWD_FOR_COMPOSITION
|
Message text |
User [STRING] changed the password because it had an invalid composition. |
|
Variable fields |
$1: Username. |
|
Severity level |
4 (Warning) |
|
Example |
LS/4/LS_PWD_CHGPWD_FOR_COMPOSITION: User aaa changed the password because it had an invalid composition. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user reentered the password due to a mistake in the password composition. |
|
Recommended action |
No action is required. |
LS_PWD_CHGPWD_FOR_FIRSTLOGIN
|
Message text |
User [STRING] changed the password at the first login. |
|
Variable fields |
$1: Username. |
|
Severity level |
4 (Warning) |
|
Example |
LS/4/LS_PWD_CHGPWD_FOR_FIRSTLOGIN: User aaa changed the password at the first login. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user changed the password at the first login. |
|
Recommended action |
No action is required. |
LS_PWD_CHGPWD_FOR_LENGTH
|
Message text |
User [STRING] changed the password because it was too short. |
|
Variable fields |
$1: Username. |
|
Severity level |
4 (Warning) |
|
Example |
LS/4/LS_PWD_CHGPWD_FOR_LENGTH: User aaa changed the password because it was too short. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user changed the password because the input password was too short. |
|
Recommended action |
No action is required. |
LS_PWD_FAILED2WRITEPASS2FILE
|
Message text |
Failed to write the password records to file. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
LS/4/LS_PWD_FAILED2WRITEPASS2FILE: Failed to write the password records to file. |
|
Impact |
The local user's password cannot be modified. |
|
Cause |
A user failed to change its own password during login, or an administrator failed to change a local user's password. Possible reasons include: · The local file system of the device is running out of memory space. · An anomaly occurs on the local lauth.dat file. |
|
Recommended action |
1. Execute the dir command in user view to check the remaining capacity information of local storage media (such as flash). If no enough remaining space is available, delete unnecessary files. 2. Execute the dir command in user view to check for the lauth.dat file on local storage media (such as flash). If the file does not exist, has a size of 0, or is very small (likely an anomaly if less than 20B), please contact Technical Support for help. |
LS_PWD_MODIFY_FAIL
|
Message text |
Admin [STRING] from [STRING] could not modify the password for user [STRING], because [STRING]. |
|
Variable fields |
$1: Admin name. $2: IP address. $3: Username. $4: Failure reason: · old password is incorrect. · password is too short. · password has not minimum different chars. · invalid password composition. · password has repeated chars. · password contains username. ¡ new password must be different from any previous password by a minimum of four chars. ¡ new password must be different from old password by a minimum of four chars. · password used already. ¡ password is in update-wait time. ¡ entered passwords did not match · unknown error. |
|
Severity level |
4 (Warning) |
|
Example |
LS/4/LS_PWD_MODIFY_FAIL: Admin admin from 1.1.1.1 could not modify the password for user user1, because old password is incorrect. |
|
Impact |
No negative impact on the system. |
|
Cause |
Possible causes: · The old password is incorrect · The password is too short. · The number of unique characters is fewer than 4. · Invalid password composition. · The password contains three or more consecutive identical characters. · The password contains the username. · The new password does not differ from a previous password by at least four characters. · The new password does not differ from the old password by at least four characters. · The password is identical to the current or a previous password. · The password update interval has not been reached. · The confirmation password entered is incorrect. |
|
Recommended action |
Troubleshoot according to the reason displayed in the message. |
LS_PWD_MODIFY_SUCCESS
|
Message text |
Admin [STRING] from [STRING] modify the password for user [STRING] successfully. |
|
Variable fields |
$1: Admin name. $2: IP address. $3: Username. |
|
Severity level |
6 (Informational) |
|
Example |
LS/6/LS_PWD_MODIFY_SUCCESS: Admin admin from 1.1.1.1 modify the password for user abc successfully. |
|
Impact |
No negative impact on the system. |
|
Cause |
An administrator successfully modified a user's password. |
|
Recommended action |
No action is required. |
LS_REAUTHEN_FAILURE
|
Message text |
User [STRING] from [STRING] failed reauthentication. |
|
Variable fields |
$1: Username. $2: IP address. |
|
Severity level |
5 (Notification) |
|
Example |
LS/5/LS_REAUTHEN_FAILURE: User abcd from 1.1.1.1 failed reauthentication. |
|
Impact |
The user failed to change their password because the old password entered was incorrect. |
|
Cause |
When a user changes their own password during login or after successful login from the CLI, the system requires the user to enter the old password first. If verification of the old password fails, the system will output this log message. |
|
Recommended action |
Check the local user's old password. If it is correct, contact Technical Support for help. |
LS_UPDATE_PASSWORD_FAIL
|
Message text |
Failed to update the password for user [STRING]. |
|
Variable fields |
$1: Username. |
|
Severity level |
4 (Warning) |
|
Example |
LS/4/LS_UPDATE_PASSWORD_FAIL: Failed to update the password for user abc. |
|
Impact |
The local user's password cannot be modified. |
|
Cause |
Adding, changing, or deleting a local user password from CLI failed. Possible reasons include: · The password does not meet security requirements, such as being too short or identical to the current or past passwords. · The local file system of the device is running out of memory space. · An anomaly occurs on the local lauth.dat file. |
|
Recommended action |
1. Reset the password according to the system's prompt to meet security requirements. 2. Execute the dir command in user view to check the remaining capacity information of local storage media (such as flash). If no enough remaining space is available, delete unnecessary files. 3. Execute the dir command in user view to check for the lauth.dat file on local storage media (such as flash). If the file does not exist, has a size of 0, or is very small (likely an anomaly if less than 20B), please contact Technical Support for help. |
LS_USER_CANCEL
|
Message text |
User [STRING] from [STRING] cancelled inputting the password. |
|
Variable fields |
$1: Username. $2: IP address. |
|
Severity level |
5 (Notification) |
|
Example |
LS/5/LS_USER_CANCEL: User 1 from 1.1.1.1 cancelled inputting the password. |
|
Impact |
No negative impact on the system. |
|
Cause |
The user cancelled inputting the password or did not input the password in 90 seconds. |
|
Recommended action |
No action is required. |
LS_USER_PASSWORD_EXPIRE
|
Message text |
User [STRING]'s login idle timer timed out. |
|
Variable fields |
$1: Username. |
|
Severity level |
5 (Notification) |
|
Example |
LS/5/LS_USER_PASSWORD_EXPIRE: User 1's login idle timer timed out. |
|
Impact |
No negative impact on the system. |
|
Cause |
After logging in, the local user was idle for a period that exceeded the idle timeout. |
|
Recommended action |
No action is required. |
LS_USER_ROLE_CHANGE
|
Message text |
Admin [STRING] [STRING] user role [STRING] for [STRING]. |
|
Variable fields |
$1: Admin name. $2: Added/Deleted. $3: User role. $4: Username. |
|
Severity level |
4 (Warning) |
|
Example |
LS/4/LS_USER_ROLE_CHANGE: Admin admin added user role network-admin for abcd. |
|
Impact |
No negative impact on the system. |
|
Cause |
The administrator added a user role for a local user. |
|
Recommended action |
No action is required. |
MAC messages
This section contains MAC messages.
MAC_DRIVER_ADD_ENTRY
|
Message text |
Driver failed to add MAC address entry: MAC address=[STRING], VLAN=[UINT32], State=[UINT32], interface=[STRING]. |
|
Variable fields |
$1: MAC address. $2: VLAN ID. $3: Entry type number. $4: Interface type and interface number. |
|
Severity level |
4 (Warning) |
|
Example |
MAC/4/MAC_DRIVER_ADD_ENTRY: Driver failed to add MAC address entry: MAC address=1-1-1, VLAN=1, State=2, interface=GigabitEthernet1/0/1. |
|
Impact |
The device cannot generate the specified MAC address entry. |
|
Cause |
The MAC address entry failed to be issued to the driver. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
MAC_NOTIFICATION
|
Message text |
Pattern 1: MAC address [STRING] in VLAN [UNIT32] has moved from port [STRING] to port [STRING] for [UNIT32] times. Pattern 2: MAC address [STRING] in VSI [STRING] has moved from [STRING] service-instance [UNIT32] to [STRING] service-instance [UNIT32] for [UNIT32] times. |
|
Variable fields |
Pattern 1: $1: MAC address table $2: VLAN ID. $3: Interface name. $4: Interface name. $5: Number of MAC address moves. Pattern 2: $1: MAC address. $2: VSI instance name. $3: Interface name. $4: Ethernet service instance ID. $5: Interface name. $4: Ethernet service instance ID. $5: Number of MAC address moves. |
|
Severity level |
4 (Warning) |
|
Example |
Pattern 1: MAC/4/MAC_NOTIFICATION: MAC address 0000-0012-0034 in VLAN 500 has moved from port GE1/0/1 to port GE1/0/2 for 1 times Pattern 2: MAC/4/MAC_NOTIFICATION: MAC address 0010-9400-0002 in VSI vpna has moved from Twenty-FiveGigE1/0/1 service-instance 40 to Twenty-FiveGigE1/0/3 service-instance 30 for 152499 times. |
|
Impact |
If MAC address moves occur frequently, Layer 2 loops might occur in the network to cause a broadcast storm. |
|
Cause |
Reason 1: Layer 2 loops exist in the network. Reason 2: Malicious attacks exist in the network. |
|
Recommended action |
Reason 1: Deploy the correct physical network topology to eliminate loops, or deploy loop avoidance protocols (such as spanning tree, loop protection, RRPP, and ERPS). Reason 2: 1. Use the mac-address mac-learning priority command to configure the MAC address learning priority for an interface, or use the mac-address notification mac-move suppression command to configure MAC address move suppression to avoid the impact of malicious attacks. If MAC address moves still occur frequently, proceed to step 2. 2. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
MAC_TABLE_FULL_GLOBAL
|
Message text |
The number of MAC address entries reached the maximum number [UINT32]. |
|
Variable fields |
$1: Maximum number of MAC addresses. |
|
Severity level |
4 (Warning) |
|
Example |
MAC/4/MAC_TABLE_FULL_GLOBAL: The number of MAC address entries reached the maximum number 1024. |
|
Impact |
The device cannot learn new MAC address entries. |
|
Cause |
The number of entries in the global MAC address table reached the maximum number supported by the table. |
|
Recommended action |
1. Execute the display mac-address command to display all current MAC address entries. 2. Execute the undo mac-address command in system view or interface view to delete unnecessary MAC address entries. |
MAC_TABLE_FULL_PORT
|
Message text |
The number of MAC address entries reached the maximum number [UINT32] for interface [STRING]. |
|
Variable fields |
$1: Maximum number of MAC addresses. $2: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
MAC/4/MAC_TABLE_FULL_PORT: The number of MAC address entries reached the maximum number 1024 for interface GigabitEthernet2/0/32. |
|
Impact |
The interface cannot learn new MAC address entries. |
|
Cause |
The number of entries in the MAC address table for an interface reached the maximum number supported by the table. |
|
Recommended action |
Use the display mac-address interface interface-type interface-number command to identify whether the MAC address entries on the interface are the required ones: · If yes, execute the mac-address max-mac-count command on this interface to increase the MAC address learning limit. · If not, execute the undo mac-address command on the interface to delete unnecessary MAC address entries. |
MAC_TABLE_FULL_VLAN
|
Message text |
The number of MAC address entries reached the maximum number [UINT32] in VLAN [UINT32]. |
|
Variable fields |
$1: Maximum number of MAC addresses. $2: VLAN ID. |
|
Severity level |
4 (Warning) |
|
Example |
MAC/4/MAC_TABLE_FULL_VLAN: The number of MAC address entries reached the maximum number 1024 in VLAN 2. |
|
Impact |
The VLAN cannot learn new MAC address entries. |
|
Cause |
The number of entries in the MAC address table for a VLAN reached the maximum number supported by the table. |
|
Recommended action |
Use the display mac-address interface vlan vlan-id command to identify whether the MAC address entries for the VLAN are the required ones: · If yes, execute the mac-address max-mac-count command in the view of this VLAN to increase the MAC address learning limit. · If not, execute the undo mac-address command in the view of this VLAN to delete unnecessary MAC address entries. |
MAC_VLAN_LEARNLIMIT_NORESOURCE
|
Message text |
The card does not have enough hardware resources to set MAC learning limit for VLAN [UINT16]. |
|
Variable fields |
$1: VLAN ID. |
|
Severity level |
5 (Notification) |
|
Example |
MAC/5/MAC_VLAN_LEARNLIMIT_NORESOURCE: The card does not have enough hardware resources to set MAC learning limit for VLAN 100. |
|
Impact |
The MAC learning limit cannot be set for a VLAN. |
|
Cause |
The hardware resources of the card are insufficient. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
MAC_VLAN_LEARNLIMIT_NOTSUPPORT
|
Message text |
The card does not support setting MAC learning limit for VLAN [UINT16]. |
|
Variable fields |
$1: VLAN ID. |
|
Severity level |
5 (Notification) |
|
Example |
MAC/5/ MAC_VLAN_LEARNLIMIT_NOTSUPPORT: The card does not support setting MAC learning limit for VLAN 100. |
|
Impact |
The MAC learning limit cannot be set for a VLAN. |
|
Cause |
The card does not support configuring this feature. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
MACA messages
This section contains MAC authentication messages.
MACA_ENABLE_NOT_EFFECTIVE
|
Message text |
MAC authentication is enabled but is not effective on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
3 (Error) |
|
Example |
MACA/3/MACA_ENABLE_NOT_EFFECTIVE: MAC authentication is enabled but is not effective on interface Ethernet3/1/2. |
|
Impact |
The MAC authentication feature does not take effect on the interface. |
|
Cause |
MAC authentication is configured on an interface does not support MAC authentication. |
|
Recommended action |
1. Disable MAC authentication on the interface. 2. Reconnect the connected devices to another interface that supports MAC authentication. 3. Enable MAC authentication on the new interface. |
MACA_LOGIN_FAILURE
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; User failed MAC authentication. Reason: [STRING]. |
|
Variable fields |
$1: Interface name. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. $6: Failure reason. ¡ MAC address authorization failed. ¡ VLAN authorization failed. ¡ VSI authorization failed. ¡ ACL authorization failed. ¡ User profile authorization failed. ¡ URL authorization failed. ¡ Authentication process failed. |
|
Severity level |
6 (Informational) |
|
Example |
MACA/6/MACA_LOGIN_FAILURE: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0000-0001-VLANID=1-Username=0000-0000-0001-UsernameFormat=MAC address; User failed MAC authentication. Reason: VLAN authorization failed. |
|
Impact |
MAC authentication users cannot come online. |
|
Cause |
See the log message for the failure reason. |
|
Recommended action |
1. Verify that the devices are connected normally. 2. Verify that the MAC authentication settings are correct. 3. Locate the failure reason and resolve the issue according to the failure reason. If the configuration of the device or authentication server is incorrect, promptly modify the configuration of the device or server. 4. If the issue persists, collect alarm information, log information, and configuration data, and then contact Technical Support for help. |
MACA_LOGIN_SUCC
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-AccessVLANID=[STRING]-AuthorizationVLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; User passed MAC authentication and came online. |
|
Variable fields |
$1: Interface name. $2: MAC address. $3: ID of the access VLAN. $4: ID of the authorization VLAN. $5: Username. $5: User account format. |
|
Severity level |
6 (Informational) |
|
Example |
MACA/6/MACA_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-AccessVLANID=444-AuthorizationVLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; User passed MAC authentication and came online. |
|
Impact |
MAC authentication users come online. |
|
Cause |
The user passed MAC authentication. |
|
Recommended action |
No action is required. |
MACA_LOGIN_SUCC (in open mode)
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; The user that failed MAC authentication passed open authentication and came online. |
|
Variable fields |
$1: Interface name. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. |
|
Severity level |
6 (Informational) |
|
Example |
MACA/6/MACA_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; The user that failed MAC authentication passed open authentication and came online. |
|
Impact |
MAC authentication users come online. |
|
Cause |
A user failed MAC authentication but passed open authentication. |
|
Recommended action |
No action is required. |
MACA_LOGOFF
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; MAC authentication user was logged off. |
|
Variable fields |
$1: Interface name. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. |
|
Severity level |
6 (Informational) |
|
Example |
MACA/6/MACA_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; MAC authentication user was logged off. |
|
Impact |
The MAC address authentication user goes offline. |
|
Cause |
Common reasons for an MAC authentication user to go offline include: · The MAC address authentication user actively goes offline. · A user with the same MAC address uses 802.1X authentication to come online again. · The MAC address authentication configuration on the device changes. · Real-time traffic accounting fails for the MAC address authentication user. · The MAC authentication user failed to pass re-authentication. · The server forces the user to go offline. · The user goes offline after offline detection is enabled. · The session of the user times out. |
|
Recommended action |
1. If the user goes offline normally, no action is required. 2. If the user goes offline abnormally, perform the following tasks: a. Make sure the link between the device and the server is normal. If the link is abnormal, restore the link. b. Identify whether the user has passed 802.1X authentication. Use the display dot1x connection command to identify whether the current MAC address has successfully come online through 802.1X authentication. If the user comes online through 802.1X authentication, to maintain the MAC authentication user identity, log off the corresponding 802.1X user and disable 802.1X authentication, and then try MAC authentication again. c. Identify whether the device and server configurations related to MAC authentication have changed, such as both global and interface-level MAC authentication state, consistent authentication method configuration on the server and device, and authentication domain configuration. 3. If the issue cannot be located or resolved, collect alarm information, log information, and configuration data, and then contact Technical Support for help. |
MACA_LOGOFF (in open mode)
|
Message text |
-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; MAC authentication open user was logged off. |
|
Variable fields |
$1: Interface name. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. |
|
Severity level |
6 (Informational) |
|
Example |
MACA/6/MACA_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; MAC authentication open user was logged off. |
|
Impact |
A MAC authentication user in open mode goes offline. |
|
Cause |
Common reasons for MAC authentication users to go offline include: · MAC address authentication users actively go offline. · A user with the same MAC address uses 802.1X authentication to come online again. · The MAC address authentication configuration on the device changes. · Real-time traffic accounting fails for the MAC address authentication user. · The MAC authentication user failed to pass re-authentication. · The server forces the user to go offline · The user goes offline after offline detection is enabled. · The session of the user times out. |
|
Recommended action |
1. If the user goes offline normally, no action is required. 2. If the user goes offline abnormally, perform the following tasks: a. Make sure the link between the device and the server is normal. If the link is abnormal, restore the link. b. Identify whether the user has passed 802.1X authentication. Use the display dot1x connection command to identify whether the current MAC address has successfully come online through 802.1X authentication. If the user comes online through 802.1X authentication, to maintain the MAC authentication user identity, log off the corresponding 802.1X user and disable 802.1X authentication, and then try MAC authentication again. c. Identify whether the device and server configurations related to MAC authentication have changed, such as both global and interface-level MAC authentication state, consistent authentication method configuration on the server and device, and authentication domain configuration. 3. If the issue cannot be located or resolved, collect alarm information, log information, and configuration data, and then contact Technical Support for help. |
MFIB messages
This section contains MFIB messages.
MFIB_MEM_ALERT
|
Message text |
MFIB process received system memory alert [STRING] event. |
|
Variable fields |
$1: Type of the memory alert event. |
|
Severity level |
5 (Notification) |
|
Example |
MFIB/5/MFIB_MEM_ALERT: MFIB process received system memory alert start event. |
|
Impact |
Multicast routing and forwarding functions might not work. |
|
Cause |
Memory resources are insufficient. |
|
Recommended action |
1. Release memory resources. For example, you can use the logfile save command to save logs in the log file buffer to the log file. 2. Execute the display memory command to view memory usage information. ¡ If the memory usage does not fall below the threshold, use the display process command to identify the processes with high memory usage. If the memory usage of a process is high, disable the corresponding software feature. ¡ If the memory usage falls below the threshold, no action is required. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
NAT messages
This section contains NAT messages.
EIM_MODE_PORT_USAGE_ALARM
|
Message text |
[STRING] Port usage reaches [STRING]%; SrcIPAddr=[IPADDR]; VPNInstance=[STRING]; NATIPAddr=[IPADDR]; ConnectCount=[UINT16]. |
|
Variable fields |
$1: Protocol type: ¡ UDP. ¡ TCP. ¡ ICMP. ¡ TOTAL. $2: Percentage. $3: Source IP address. $4: Source VPN instance name. $5: Source IP address after translation. $6: Numbers of ports that are assigned. |
|
Severity level |
6 (Informational) |
|
Example |
NAT/6/EIM_MODE_PORT_USAGE_ALARM: UDP Port usage reaches 40%; SrcIPAddr=1.1.1.211; VPNInstance=-; NATIPAddr=198.1.1.16; ConnectCount=40. |
|
Impact |
When the message is initially generated, it has no negative impact on services. However, if the number of sessions reaches the maximum number of ports that can be used by users, session establishment will fail. |
|
Explanation |
This message is sent in the following conditions: · The resource usage in the port block reaches or exceeds the threshold set by the nat log port-block port-usage threshold command. · The Endpoint-Independent Mapping mode is applied. |
|
Recommended action |
1. Use the nat log port-block port-usage threshold command to set a larger threshold for port usage in port blocks, and then identify whether the log message is still generated. ¡ If the log message is not generated, the processing is completed. ¡ If the log message is still generated, proceed to step 2. 2. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
NAT_ADDR_BIND_CONFLICT
|
Message text |
Failed to activate NAT configuration on interface [STRING], because global IP addresses already bound to another service card. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
NAT/4/NAT_ADDR_BIND_CONFLICT: Failed to activate NAT configuration on interface GigabitEthernet1/0/1, because global IP addresses already bound to another service card. |
|
Impact |
The NAT configuration succeeds but does not take effect. |
|
Cause |
The public IP addresses that the interface references have been bound to another service card. |
|
Recommended action |
1. Execute the display nat all command to identify whether multiple interfaces reference the same address group or public IP addresses. ¡ If multiple interfaces reference the same address group or public IP addresses, you must specify the same service card for the interfaces. On each interface where configuration modification is required, execute the undo nat service command to cancel the specified slot, and then execute the nat service command to re-specify a slot. Make sure the specified slots for the interfaces are the same. ¡ If multiple interfaces do not reference the same address group or public IP addresses, go to step 2. 2. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
NAT_EIM
|
Message text |
Protocol(1001)=[STRING];LocalIPAddr(1003)=[IPADDR];LocalPort(1004)=[UINT16];GlobalIPAddr(1005)=[IPADDR];GlobalPort(1006)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Source DS-Lite tunnel. $9: Time when the EIM entry was created. $10: Time when the EIM entry was removed. $11: Event type. Available values are 1 and 8. $12: NAT EIM entry deleted description: ¡ NAT EIM entry created: A NAT EIM entry was created. The value for the event type field is 8. ¡ NAT EIM entry deleted: A NAT EIM entry was deleted. The value for the event type field is 1. |
|
Severity level |
6 (Informational) |
|
Example |
NAT/6/NAT_EIM: -Protocol(1001)=UDP;LocalIPAddr(1003)=1.1.1.2;LocalPort(1004)=1024;GlobalIPAddr(1005)=30.3.1.231;GlobalPort(1006)=1026;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;BeginTime_e(1013)=10261971001739;EndTime_e(1014)=;Event(1048)=(8)NAT EIM entry created; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is sent when a NAT EIM entry is created or deleted. |
|
Recommended action |
No action is required. |
NAT_FLOW
|
Message text |
Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UINT16])[STRING];VlanID(1175)=[UINT16];VNI(1213)=[UINT32]; |
|
Variable fields |
$1: Protocol type. $2: Application layer protocol. $3: Source IP address. $4: Source port number. $5: Source IP address after translation. $6: Source port number after translation. $7: Destination IP address. $8: Destination port number. $9: Destination IP address after translation. $10: Destination port number after translation. $11: Total number of incoming packets. $12: Total number of incoming bytes. $13: Total number of outgoing packets. $14: Total number of outgoing bytes. $15: Source VPN instance name. $16: Destination VPN instance name. $17: Source DS-Lite tunnel. $18: Destination DS-Lite tunnel. $19: Time when the session is created. $20: Time when the session is deleted. $21: Event type. Available values are 1, 2, 3, 6, 8, and 254. $22: Event description: ¡ Session created: A NAT session was created. The value for the event type field is 8. ¡ Active data flow timeout: The duration of a NAT session exceeded the active data flow time. The value for the event type field is 6. ¡ Normal over: A NAT session ended and was deleted. The value for the event type field is 1. ¡ Aged for timeout: A NAT session was deleted because it aged out. The value for the event type field is 2. ¡ Aged for reset or config-change: A NAT session was deleted by configuration. The value for the event type field is 3. ¡ Other: A NAT session was deleted because of other reasons. For example, it was deleted by another module. The value for the event type field is 254. $23: VLAN ID of the session. $24: VXLAN ID of the session. |
|
Severity level |
6 (Informational) |
|
Example |
NAT/6/NAT_FLOW: Protocol(1001)=UDP;Application(1002)=other;SrcIPAddr(1003)=1.1.1.2;SrcPort(1004)=1024;NatSrcIPAddr(1005)=30.3.1.231;NatSrcPort(1006)=1026;DstIPAddr(1007)=2.1.1.2;DstPort(1008)=1024;NatDstIPAddr(1009)=2.1.1.2;NatDstPort(1010)=1024;InitPktCount(1044)=1;InitByteCount(1046)=110;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=03232019091640;EndTime_e(1014)=;Event(1048)=(8)Session created;VlanID(1175)=--;VNI(1213)=--; |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is sent in one of the following conditions: · A NAT session is created or deleted. · Regularly during a NAT session. · The traffic threshold or aging time of a NAT session is reached. |
|
Recommended action |
No action is required. |
NAT_SERVER_INVALID
|
Message text |
The NAT server with Easy IP is invalid because its global settings conflict with that of another NAT server on this interface. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
NAT/4/NAT_SERVER_INVALID: The NAT server with Easy IP is invalid because its global settings conflict with that of another NAT server on this interface. |
|
Impact |
The NAT Server with Easy IP cannot take effect. |
|
Cause |
The global settings of the NAT Server with Easy IP conflict with those of another NAT Server on the same interface. |
|
Recommended action |
1. Execute the display nat all command to check the NAT Server configuration in the NAT internal server information field. 2. Execute the nat server command to modify the NAT Server configuration. Make sure the combination of protocol type, public IP addresses and public ports is unique for each NAT Server on the same interface. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
NAT_SERVICE_CARD_RECOVER_FAILURE
|
Message text |
Pattern 1: Failed to recover the configuration of binding the service card on slot [UINT16] to interface [STRING], because [STRING]. Pattern 2: Failed to recover the configuration of binding the service card on chassis [UINT16] slot [UINT16] to interface [STRING], because [STRING]. |
|
Variable fields |
Pattern 1: $1: Slot number. $2: Interface name. $3: Reasons why restoring the binding between the service card and the interface fails. Pattern 2: $1: Chassis number. $2: Slot number. $3: Interface name. $4: Reasons why restoring the binding between the service card and the interface fails. |
|
Severity level |
4 (Warning) |
|
Example |
NAT/4/NAT_SERVICE_CARD_RECOVER_FAILURE: Failed to recover the configuration of binding the service card on chassis 2 slot 3 to interface Ethernet0/0/2, because NAT service is not supported on this service card. |
|
Impact |
The service card cannot process NAT services. |
|
Cause |
· The NAT addresses have already been bound to another service card. · The specified service card does not support NAT services. · Hardware resources are insufficient. |
|
Recommended action |
1. Check the value for the because field in the log message. ¡ If the value is NAT addresses already bound to another service card, use the display nat all command to check NAT configuration. Edit the configuration to specify the same service card for the interfaces that reference the same public IP addresses. ¡ If the value is NAT service is not supported on this service card, the hardware resources are not enough, or unknown error, check the service card for hardware problems. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
NAT444_SYSLOG
|
Message text |
Failed to allocate port blocks from address group [UINT16]. |
|
Variable fields |
$1: Address group ID. |
|
Severity level |
6 (Informational) |
|
Example |
NAT/6/NAT444_SYSLOG: Failed to allocate port blocks from address group 3. |
|
Impact |
Subsequent users cannot come online. |
|
Cause |
This message is sent when NAT444 port block allocation failure occurs. |
|
Recommended action |
1. Check the address group ID in the log message, and then use the nat address-group command to enter the view of the address group. 2. Use the port-block or block-size command to adjust the number of port blocks that can be allocated from the address group. Alternatively, specify the extended-block-size keyword when executing the port-block command to enable the address group to allocate extended port blocks. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PORT_USAGE_ALARM
|
Message text |
Port usage reaches [STRING]%; SrcIPAddr=[IPADDR]; VPNInstance=[STRING]; NATIPAddr=[IPADDR]; ConnectCount=[UINT16]. |
|
Variable fields |
$1: Percentage. $2: Source IP address. $3: Source VPN instance name. $4: Source IP address after translation. $5: Number of allocated ports. |
|
Severity level |
6 (Informational) |
|
Example |
NAT/6/PORT_USAGE_ALARM: Port usage reaches 40%; SrcIPAddr=1.1.1.211; VPNInstance=-; NATIPAddr=16.1.1.198; ConnectCount=40. |
|
Impact |
When the message is initially generated, the issue has no negative impact on services. However, if the number of ports allocated to users reaches the upper limit, session establishment will fail. |
|
Cause |
This message is sent in the following conditions: · The resource usage in the port block reaches or exceeds the threshold set by the nat log port-block port-usage threshold command. · The Connection-Dependent Mapping mode is applied. |
|
Recommended action |
1. Use the nat log port-block port-usage threshold command to set a larger threshold for port usage in port blocks, and then identify whether the log message is still generated. ¡ If the log message is not generated, the processing is completed. ¡ If the log message is still generated, proceed to step 2. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PORTBLOCK_ALARM
|
Message text |
Address group [UINT16]; total port blocks [UINT16]; active port blocks [UINT16]; usage over [UINT16]%. |
|
Variable fields |
$1: Address group ID. $2: Total number of port blocks. $3: Number of allocated port blocks. $4: Port block usage. |
|
Severity level |
6 (Informational) |
|
Example |
NAT/6/PORTBLOCK_ALARM: Address group 3; total port blocks 16575; active port blocks 6630; usage over 40%. |
|
Impact |
When the message is initially generated, the issue has no negative impact on services. However, if the number of ports allocated to users reaches the upper limit of the address group, new users will fail to apply for public ports. |
|
Cause |
This message is sent when the port block usage reaches or exceeds the threshold set by the nat log port-block usage threshold command. |
|
Recommended action |
1. Use the display current-configuration command to obtain the threshold for port usage in port blocks set by the nat log port-block usage threshold command. ¡ If the threshold is too small, use the nat log port-block usage threshold command to set a large threshold (not larger than 90%). Then, identify whether the log message is still generated. If the log message is not generated, the processing is completed. If the log message is still generated, proceed to step 2. ¡ If the threshold is appropriate, proceed to step 2. 2. Add port block resources. (Use the port-range command to add port resources or use the address command to add address resources.) Then identify whether the log message is still generated. ¡ If the log message is not generated, the processing is completed. ¡ If the log message is still generated, proceed to step 3. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PORTBLOCKGRP_MEMORY_WARNING
|
Message text |
Insufficient memory caused by excessive public addresses in port block group [UINT16]. Please reconfigure the public address space. |
|
Variable fields |
$1: NAT port block group ID. |
|
Severity level |
4 (Warning) |
|
Example |
NAT/4/PORTBLOCKGRP_MEMORY_WARNING: Insufficient memory caused by excessive public addresses in port block group 1. Please reconfigure the public address space. |
|
Impact |
NAT port block group configuration has failed to be deployed. |
|
Cause |
This message is sent when a public address range in a NAT port block group is too large, which causes insufficient memory. |
|
Recommended action |
1. Obtain the NAT port block group ID from the log message, and then use the nat port-block-group command to enter the view of the NAT port block group. 2. Use the undo global-ip-pool command to remove public IP address ranges from the NAT port block group until this message is no longer generated. |
ND
This section contains ND messages.
ND_CONFLICT
|
Message text |
[STRING] is inconsistent. |
|
Variable fields |
$1: Configuration type. Options include the following: · M_FLAG: Configuration flag for managed address. · O_FLAG: Configuration flag for other information. · CUR_HOP_LIMIT: Hop count limit. · REACHABLE TIME: Time to maintain neighbor reachability. · NS INTERVAL: Neighbor solicitation message interval. · MTU: MTU for the advertised link. · PREFIX VALID TIME: Valid lifetime of the prefix. · PREFIX PREFERRED TIME: Preferred lifetime of the prefix for stateless address configuration. |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_CONFLICT: PREFIX VALID TIME is inconsistent. |
|
Impact |
User service or traffic might be interrupted. |
|
Cause |
The device received a route advertisement message, causing inconsistency with the configuration on the neighboring router. |
|
Recommended action |
Check the device configuration and modify it to match the configuration on the neighboring router. |
ND_DUPADDR
|
Message text |
Duplicate address: [STRING] on the interface [STRING]. |
|
Variable fields |
$1: The IPv6 address to be assigned. $2: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_DUPADDR: Duplicate address: 33::8 on the interface Vlan-interface9. |
|
Impact |
No negative impact on the system. |
|
Cause |
The IPv6 address has been used by other devices in the network. |
|
Recommended action |
Based on network planning and provisioning, assign a new IPv6 address to this interface. |
ND_ENTRY_ENOUGHRESOURCE
|
Message text |
Issued the software entry to the driver for IPv6 address [STRING] on VPN instance [STRING]. Issued the software entry to the driver for IPv6 address [STRING] on the public network. |
|
Variable fields |
$1: IPv6 address. $2: VPN instance name. If the ND entry belongs to the public network, the VPN instance-related field is not displayed. |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_ENTRY_ENOUGHRESOURCE: Issued the software entry to the driver for IPv6 address 10::1 on VPN instance vpn_1. ND/6/ND_ENTRY_ENOUGHRESOURCE: Issued the software entry to the driver for IPv6 address 10::2 on the public network. |
|
Impact |
No negative impact on the system. |
|
Cause |
After enabling the ND entry consistency check function with the ipv6 nd consistency-check enable command, this log will be output if the ND hardware entry is successfully refreshed. |
|
Recommended action |
No action is required. |
ND_ENTRY_INCONSISTENT
|
Message text |
Inconsistent software and hardware ND entries for IPv6 address [STRING] on VPN instance [STRING]. Inconsistent parameters: [STRING]. Inconsistent software and hardware ND entries for IPv6 address [STRING] on the public network. Inconsistent parameters: [STRING]. |
|
Variable fields |
$1: IPv6 address. $2: VPN instance name. If the ND entry belongs to the public network, the VPN instance-related field is not displayed. $3: Inconsistent entry parameter types. ¡ MAC address: MAC address. ¡ output interface: Output interface of ND entry. ¡ output port : Output port of ND entry. ¡ outermost layer VLAN ID: Layer 1 VLAN tag. ¡ second outermost layer VLAN ID: Layer 2 VLAN tag. ¡ VSI index: VSI index. ¡ link ID: VSI output link identifier. |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_ENTRY_INCONSISTENT: Inconsistent software and hardware ND entries for IPv6 address 10::1 on VPN instance vpn_1. Inconsistent parameters: MAC address, output port, VSI index, and link ID. ND/6/ND_ENTRY_INCONSISTENT: Inconsistent software and hardware ND entries for IPv6 address 10::2 on the public network. Inconsistent parameters: MAC address, output port, VSI index, and link ID. |
|
Impact |
Service traffic might be interrupted. |
|
Cause |
After enabling the ND entry consistency check function with the ipv6 nd consistency-check enable command, if the device detects inconsistencies between ND software entries and hardware entries (such as the output interface of ND entry), this log will be output. |
|
Recommended action |
No action is required. The ND module will automatically refresh the hardware entries based on the ND software entries. |
ND_ENTRY_NORESOURCE
|
Message text |
Not enough hardware resources to issue the software entry to the driver for IPv6 address [STRING] on VPN instance [STRING]. Not enough hardware resources to issue the software entry to the driver for IPv6 address [STRING] on the public network. |
|
Variable fields |
$1: IPv6 address. $2: VPN instance name. If the ND entry belongs to the public network, the VPN instance-related field is not displayed. |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_ENTRY_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IPv6 address 10::1 on VPN instance vpn_1. ND/6/ND_ENTRY_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IPv6 address 10::2 on the public network. |
|
Impact |
No negative impact on the system. |
|
Cause |
After enabling the ND entry consistency check function through the ipv6 nd consistency-check enable command, if the driver does not have enough ND hardware entry resources when the ND software entry is issued, this log will be output. |
|
Recommended action |
No action is required. ND module will actively refresh the driver's hardware entries based on the ND software entries. |
ND_LOCALPROXY_ENABLE_FAILED
|
Message text |
Failed to enable local ND proxy on interface [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
ND/4/ND_LOCALPROXY_ENABLE_FAILED: Failed to enable local ND proxy on interface Vlan-interface 1. |
|
Impact |
User service or traffic might be interrupted. |
|
Cause |
Possible causes include: · Failed to enable local ND proxy on an interface. · If local ND proxy is successfully enabled on an MPU interface but fails to be enabled on a non-MPU interface, the log message is generated on the corresponding interface card. |
|
Recommended action |
1. Check if the corresponding card of the device supports local ND proxy. 2. Check if the hardware resources of the device are sufficient, and remove unnecessary configuration. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
ND_MAC_CHECK
|
Message text |
Packet received on interface [STRING] was dropped because source MAC [STRING] was inconsistent with link-layer address [STRING]. |
|
Variable fields |
$1: Name of the interface the received the ND packets. $2: Source MAC address in ND packets. $3: Link layer source MAC address in ND packets. |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_MAC_CHECK: Packet received on interface Ethernet2/0/2 was dropped because source MAC 0002-0002-0001 was inconsistent with link-layer address 0002-0002-0002. |
|
Impact |
No negative impact on the system. |
|
Cause |
Enable ND protocol packet source MAC address consistency check with 'execute ipv6 nd mac-check enable' command, and enable ND log information with 'execute ipv6 nd check log enable' command. If the MAC address in the received ND protocol packet and the MAC address in the source link layer option address do not match, check the legitimacy of the link layer source MAC address corresponding to the host. If the host is illegal, disconnect it from the network. |
|
Recommended action |
1. Check the legality of the link layer source MAC address corresponding to the host. If the host is illegal, it needs to be disconnected from the network. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
ND_RAGUARD_DROP
|
Message text |
Dropped RA messages with the source IPv6 address [STRING] on interface [STRING]. [STRING] messages dropped in total on the interface. |
|
Variable fields |
$1: Source IPv6 address of discarded messages. $2: Port name of discarded messages. $3: Total number of messages discarded by the port. |
|
Severity level |
4 (Warning) |
|
Example |
ND/4/ND_RAGUARD_DROP: Dropped RA messages with the source IPv6 address FE80::20 on interface GigabitEthernet1/0/1. 20 RA messages dropped in total on the interface. |
|
Impact |
The network might have an RA message spoofing attack, affecting normal device operation. |
|
Cause |
RA Guard detected illegal RA messages, indicating possible RA message spoofing attacks in the network. |
|
Recommended action |
1. Check if the device sending the RA message is legitimate. If the device is illegal, disconnect it from the network. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
ND_RATE_EXCEEDED
|
Message text |
The ND packet rate ([UINT32] pps) exceeded the rate limit ([UINT32] pps) on interface [STRING] in most recent [UINT32] seconds. |
|
Variable fields |
$1: ND message rate. $2: ND message rate limit. $3: Interface name. $4: Interval. |
|
Severity level |
4 (Warning) |
|
Example |
ND/4/ND_RATE_EXCEEDED: The ND packet rate (100 pps) exceeded the rate limit (80 pps) on interface GigabitEthernet1/0/1 in most recent 10 seconds. |
|
Impact |
When the rate of receiving ND messages on the interface exceeds the ND rate limit, it will be discarded, which may affect normal ND learning and response, causing traffic forwarding failure. |
|
Cause |
During a certain period of time, the rate of receiving ND messages on the interface exceeded the ND message limit value. |
|
Recommended action |
1. Check if the received ND messages on the interface are normal. ¡ If the received ND messages are all reasonable, execute the ipv6 nd rate-limit command to increase the value of the ND message rate limit on the specified interface. ¡ If abnormal ND messages are detected, please proceed to step 2. 2. Check if there is an ND message attack in the network by capturing packets and find the source of the attack. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
ND_RATELIMIT_NOTSUPPORT
|
Message text |
Pattern 1: ND packet rate limit is not support on slot [INT32]. Pattern 2: ND packet rate limit is not support on chassis [INT32] slot [INT32]. |
|
Variable fields |
Pattern 1: $1: Slot number. Pattern 2: $1: Chassis number. $2: Slot number. |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_RATELIMIT_NOTSUPPORT: ND packet rate limit is not support on slot 2. ND/6/ND_RATELIMIT_NOTSUPPORT: ND packet rate limit is not support on chassis 1 slot 2. |
|
Impact |
No negative impact on the system. |
|
Cause |
Pattern 1: ND packet rate limit is not supported on the specified slot. Pattern 2: ND packet rate limit is not supported on the specified slot of the specified chassis. |
|
Recommended action |
No action is required. |
ND_SET_PORT_TRUST_NORESOURCE
|
Message text |
Not enough resources to complete the operation. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_SET_PORT_TRUST_NORESOURCE: Not enough resources to complete the operation. |
|
Impact |
Driver resources are insufficient, which affects normal service operation. |
|
Cause |
This message is generated when the driver resources are insufficient during port rule deployment. |
|
Recommended action |
1. Release device driver resources and redeploy the port rule. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
ND_SET_VLAN_REDIRECT_NORESOURCE
|
Message text |
Not enough resources to complete the operation. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_SET_VLAN_REDIRECT_NORESOURCE: Not enough resources to complete the operation. |
|
Impact |
Driver resources are insufficient, which affects normal service operation. |
|
Cause |
This message is generated when the driver resources are insufficient during VLAN rule deployment. |
|
Recommended action |
1. Release device driver resources and redeploy the VLAN rule. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
ND_SNOOPING_LEARN_ALARM_REACH
|
Message text |
The alarm threshold for global ND snooping entry learning was reached. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
ND/4/ND_SNOOPING_LEARN_ALARM_REACH : The alarm threshold for global ND snooping entry learning was reached. |
|
Impact |
The device might not learn new ND snooping entries, which affects normal service operation. |
|
Cause |
The number of global ND snooping entries has reached the alarm threshold. The network might have an ND attack. |
|
Recommended action |
1. Check the network for any ND attack by capturing packets and identify the attack source. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
ND_SNOOPING_LEARN_ALARM_RECOVER
|
Message text |
The alarm for global ND snooping entry learning was recovered. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
ND/4/ND_SNOOPING_LEARN_ALARM_RECOVER : The alarm for global ND snooping entry learning was recovered. |
|
Impact |
No negative impact on the system. |
|
Cause |
The number of global ND snooping entries drops below the alarm threshold. |
|
Recommended action |
No action is required. |
ND_USER_DUPLICATE_IPV6ADDR
|
Message text |
Detected a user IPv6 address conflict. New user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) on interface [STRING] and old user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) on interface [STRING] were using the same IPv6 address [IPV6ADDR]. |
|
Variable fields |
$1: New user's MAC address. $2: New user's outer VLAN. $3: New user's inner VLAN. $4: Name of the interface connecting to the new user. $5: Old user's MAC address. $6: Old user's outer VLAN. $7: Old user's inner VLAN. $8: Name of the interface connecting to the old user. $9: Endpoint user's IPv6 address. |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_USER_DUPLICATE_IPV6ADDR: Detected a user IPv6 address conflict. New user (MAC 0010-2100-01e1, SVLAN 100, CVLAN 10) on interface GigabitEthernet1/0/1 and old user (MAC 0120-1e00-0102, SVLAN 100, CVLAN 10) on interface GigabitEthernet1/0/1 were using the same IPv6 address 10::1. |
|
Impact |
The network might have conflicting IPv6 addresses, which might cause user service or traffic interruption. |
|
Cause |
This message is generated when the device detects a user IPv6 address conflict after you enable recording user IPv6 address conflicts by using the ipv6 nd user-ip-conflict record enable command. |
|
Recommended action |
1. Check the IPv6 addresses of all endpoint users and adjust the conflicting IPv6 addresses. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
ND_USER_MOVE
|
Message text |
Detected a user (IPv6 address [IPV6ADDR], MAC address [STRING]) moved to another interface. Before user move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. After user move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. |
|
Variable fields |
$1: IPv6 address of the user. $2: MAC address of the user. $3: Interface name before migration. $4: Outer VLAN of the user before migration. $5: Inner VLAN of the user before migration. $6: Interface name after migration. $7: Outer VLAN of the user after migration. $8: Inner VLAN of the user after migration. |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_USER_MOVE: Detected a user (IPv6 address 10::1, MAC address 0010-2100-01e1) moved to another interface. Before user move: interface GigabitEthernet1/0/1, SVLAN 100, CVLAN 20. After user move: interface GigabitEthernet1/0/2, SVLAN 100, CVLAN 10. |
|
Impact |
This might cause user service interruption. A large number of user migration operations might degrade device performance. |
|
Cause |
After you enable recording user port migrations by using the ipv6 nd user-move record enable command, an endpoint user migrates between ports. |
|
Recommended action |
1. Use the ddisplay ipv6 nd user-move record command to view user port migration entry information and identify whether the migration is reasonable. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
ND_USER_OFFLINE
|
Message text |
Detected a user (IPv6 address [IPV6ADDR], MAC address [STRING]) was offline from interface [STRING]. |
|
Variable fields |
$1: Offline user's IPv6 address. $2: Offline user's MAC address. $3: Name of the interface connecting to the offline user. |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_USER_OFFLINE: Detected a user (IPv6 address 10::1, MAC address 0010-2100-01e1) was offline from interface GigabitEthernet1/0/1. |
|
Impact |
No negative impact on the system. |
|
Cause |
After you enable ND logging for user online and offline events by using the ipv6 nd online-offline-log enable command, the device outputs this log when it detects a user offline event. |
|
Recommended action |
No action is required. |
ND_USER_ONLINE
|
Message text |
Detected a user (IPv6 address [IPV6ADDR], MAC address [STRING]) was online on interface [STRING]. |
|
Variable fields |
$1: IPv6 address of the online user. $2: MAC address of the online user. $3: Name of the interface connecting to the online user. |
|
Severity level |
6 (Informational) |
|
Example |
ND/6/ND_USER_ONLINE: Detected a user (IPv6 address 10::1, MAC address 0010-2100-01e1) was online on interface GigabitEthernet1/0/1. |
|
Impact |
No negative impact on the system. |
|
Cause |
After you enable ND logging for user online and offline events by using the ipv6 nd online-offline-log enable command, the device outputs this log when it detects a user online event. |
|
Recommended action |
1. Based on the log message, check if the online user is legitimate. If the user is illegal, disconnect the network connection with the user. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
NETCONF messages
This section contains NETCONF messages.
CLI
|
Message text |
User ([STRING], [STRING][STRING]) performed an CLI operation: [STRING] operation result=[STRING][STRING] |
|
Variable fields |
$1: Username or user line type. If scheme login authentication was performed for the user, this field displays the username. If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative number. For a Telnet or SSH user, this field displays the IP address of the user. For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as CON0. $3: ID of the NETCONF session. This field is not displayed for Web and RESTful sessions. $4: Message ID of the NETCONF request. This field is not displayed for Web and RESTful sessions. $5: Operation result, Succeeded or Failed. $6: Cause for an operation failure. This field is displayed only if the failure is caused by a known reason. |
|
Severity level |
6 (Informational) |
|
Example |
XMLSOAP/6/CLI: -MDC=1; User (test, 169.254.5.222, session ID=1) performed an CLI operation: message ID=101, operation result=Succeeded. |
|
Impact |
The impact is related to the command line contents in the CLI request. |
|
Cause |
A user performs a CLI operation. |
|
Recommended action |
No action is required. |
EDIT-CONFIG
|
Message text |
User ([STRING], [STRING], session ID [UINT16]) performed an edit-config operation: message ID=[STRING], operation result=Succeeded. Or: User ([STRING], [STRING], session ID [UINT16]) performed an edit-config operation: message ID=[STRING], operation result=Failed. [STRING] Or: User ([STRING], [STRING], session ID [UINT16]) performed an edit-config operation: message ID=[STRING], operation result=Failed, XPath=[STRING], error message=[STRING]. |
|
Variable fields |
$1: Username or user line type. ¡ If scheme login authentication was performed for the user, this field displays the username. ¡ If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address, or user line type and relative number. ¡ For a Telnet or SSH user, this field displays the IP address of the user. ¡ For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as CON0. $3: ID of the NETCONF session. $4: Message ID of the NETCONF request. $5: Error information or XPath expression of the erroneous line. ¡ If the verbose keyword was not specified and the error reason was known, this field displays the detailed error information. ¡ If the verbose keyword was specified, this field displays the XPath expression of the erroneous line. $6: Error information. This field is displayed only when the verbose keyword was specified. |
|
Severity level |
6 (Informational) |
|
Example |
XMLSOAP/6/EDIT-CONFIG: -MDC=1; User (test, 192.168.100.20, session ID 1) performed an edit-config operation: message ID=101, operation result=Succeeded. |
|
Impact |
The impact is related to the entry to be operated in the edit-config request. |
|
Cause |
A NETCONF client deployed settings by using the <edit-config> operation. An <edit-config> operation can contain multiple settings. The device might output multiple log messages at a time. |
|
Recommended action |
· No action is required if the operation succeeded. · If the operation failed, identify whether the edit-config operation conflicts with the current configuration of the device. Alternatively, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
|
Message text |
User ([STRING], [STRING][STRING])[STRING] operation=[STRING] [STRING] [STRING], result=[STRING]. No attributes. Or: User ([STRING], [STRING],[STRING]),[STRING] operation=[STRING] [STRING] [STRING], result=[STRING]. Attributes: [STRING]. |
|
Variable fields |
$1: Username or user line type. ¡ If scheme login authentication was performed for the user, this field displays the username. ¡ If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative number. ¡ For a Telnet or SSH user, this field displays the IP address of the user. ¡ For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as CON0. $3: ID of the NETCONF session. This field is not displayed if the session does not have a session ID. $4: Message ID of the NETCONF request. This field is not displayed if the request does not have a message ID. $5: Name of a NETCONF row operation. $6: Module name and table name. $7: Index information. If there are multiple indexes, this field uses a comma as the delimiter. This field is displayed only when there are indexes. $8: Operation result, Succeeded or Failed. $9: Attribute column information. This field is displayed only when the operation configures an attribute column. |
|
Severity level |
6 (Informational) |
|
Example |
XMLSOAP/6/EDIT-CONFIG: -MDC=1; User (test, 192.168.200.220, session ID 1), message ID=101, operation=merge DHCP/DHCPServerPoolStatic (PoolIndex=1, Ipv4Address=1.1.1.1), result=Failed. Attributes: CID="aaaaa", HType=1. |
|
Impact |
The impact is related to the entry to be operated in the edit-config request. |
|
Cause |
The device outputs this log message for each row operation for an <action> or <edit-config> operation. |
|
Recommended action |
No action is required. |
EDIT_CONFIG_CLI
|
Message text |
User ([STRING], [STRING], session ID [UINT16]), message ID=[UINT16], row index=[UINT16], command=[STRING]. [STRING] |
|
Variable fields |
$1: Username or user line type. ¡ If scheme login authentication was performed for the user, this field displays the username. ¡ If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address, or user line type and relative number. ¡ For a Telnet or SSH user, this field displays the IP address of the user. ¡ For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as CON0. $3: ID of the NETCONF session. This field is not displayed if the session does not have a session ID. $4: Message ID of the NETCONF request. This field is not displayed if the request does not have a message ID. $5: Row index in the NETCONF request. $6: Commands for the operations in the NETCONF request. $7: Error message returned upon failed NETCONF row operations. The error message is Configuration failed. The device does not return this message if all operations in the request are executed successfully. |
|
Severity level |
6 (Informational) |
|
Example |
XMLSOAP/6/EDIT_CONFIG_CLI: User (test, 192.168.100.20, session ID 1), message ID=100, row index=1, command=port trunk pvid vlan 100. |
|
Impact |
No negative impact on the system. |
|
Cause |
If the XML-to-CLI feature for NETCONF logging is enabled, the device converts every <action> and <edit-config> operation from their XML forms to their CLI command forms and logs the CLI commands for the operations. This log also records the operation results. This log is available only for <action> and <edit-config> operations. |
|
Recommended action |
No action is required. |
NETCONF_MSG_DEL
|
Message text |
A NETCONF message was dropped. Reason: Packet size exceeded the upper limit. |
|
Variable fields |
N/A |
|
Severity level |
7 (Debug) |
|
Example |
NETCONF/7/NETCONF_MSG_DEL: A NETCONF message was dropped. Reason: Packet size exceeded the upper limit. |
|
Impact |
No negative impact on the system. |
|
Cause |
The system dropped a NETCONF request message that was received from a NETCONF over SSH client or at the XML view. The reason is that the message size exceeded the upper limit. |
|
Recommended action |
1. Reduce the size of the request message. For example, delete blank spaces, carriage returns, and tab characters. 2. Segment the request message and then re-encapsulate the segments before sending them to the device. As a best practice, collect alarm information, log messages, and configuration data, and contact Technical Support. |
REPLY
|
Message text |
Sent a NETCONF reply to the client: Session ID=[UINT16], Content=[STRING]. Or: Sent a NETCONF reply to the client: Session ID=[UINT16], Content (partial)=[STRING]. |
|
Variable fields |
$1: ID of the NETCONF session. Before a session is established, this field displays a hyphen (-). $2: NETCONF packet sent by the device to the NETCONF client. |
|
Severity level |
7 (Debug) |
|
Example |
XMLSOAP/7/REPLY: -MDC=1; Sent a NETCONF reply to the client: Session ID=2, Content=</env:Body></env:Envelope>. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device sent a NETCONF packet to the NETCONF client to identify the status of NETCONF. If the NETCONF packet contains a lot of contents, the device might output multiple log messages, each with the partial flat. |
|
Recommended action |
No action is required. |
THREAD
|
Message text |
Maximum number of NETCONF threads already reached. |
|
Variable fields |
N/A |
|
Severity level |
3 (Error) |
|
Example |
XMLCFG/3/THREAD: -MDC=1; Maximum number of NETCONF threads already reached. |
|
Impact |
New NETCONF over SSH sessions are not accepted. New NETCONF SOAP and RESTful requests are not accepted. The Web feature is unavailable. |
|
Cause |
The number of NETCONF threads already reached the upper limit. |
|
Recommended action |
Please try again later. |
NQA
This section contains NQA messages.
NQA_ENTRY_PROBE_RESULT
|
Message text |
Reaction entry [STRING] of NQA entry admin-name [STRING] operation-tag [STRING]: [STRING]. |
|
Variable fields |
$1: ID of the NQA reaction entry, in the range of 1 to 10. $2: Admin name of the NQA operation. $3: Operation tag of the NQA operation. $4: Operation result: · Probe-pass: The operation succeeds. · Probe-fail: The operation fails. |
|
Severity level |
6 (Informational) |
|
Example |
NQA/6/NQA_ENTRY_PROBE_RESULT: Reaction entry 1 of NQA entry admin-name 1 operation-tag 1: Probe-pass. |
|
Impact |
No negative impact on the system. |
|
Cause |
The network administrator configured an NQA reaction entry. This log records the operation result of the NQA reaction entry. |
|
Recommended action |
If the operation fails, check the network environment or operation parameter configuration. |
NQA_LOG_UNREACHABLE
|
Message text |
Server [STRING] unreachable. |
|
Variable fields |
$1: IP address of the NQA server. |
|
Severity level |
6 (Informational) |
|
Example |
NQA/6/NQA_LOG_UNREACHABLE: Server 192.168.30.117 unreachable. |
|
Impact |
No negative impacts on the system. |
|
Cause |
An unreachable NQA server was detected. |
|
Recommended action |
1. Identify whether the IP address of the NQA server is correct based on the IP address in the message. If it is configured incorrectly, execute the destination command in NQA operation view to reconfigure the IP address of the NQA server. 2. Execute the display ip routing-table command to identify whether the device has routes to the NQA server. If the device has no routes to the NQA server, execute the ip route-static command to configure a static route, or configure a dynamic routing protocol to generate a route. 3. Execute the display interface command to view the state of the outbound interface to the NQA server. If the interface is in down state, resolve the interface failure. 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
NQA_PACKET_OVERSIZE
|
Message text |
NQA entry ([STRING]-[STRING]): The payload size exceeds 65503 bytes, and all IPv6 UDP probe packets will be dropped by the NQA server. |
|
Variable fields |
$1: Admin name of the NQA operation. $2: Operation tag of the NQA operation. |
|
Severity level |
6 (Informational) |
|
Example |
NQA/6/NQA_PACKET_OVERSIZE: NQA entry (1-1): The payload size exceeds 65503 bytes, and all IPv6 UDP probe packets will be dropped by the NQA server. |
|
Impact |
No negative impact on the system. |
|
Cause |
The NQA client attempted to send UDP probe packets with an IPv6 destination address and the data size exceeding 65503 bytes. The oversized probe packets will be dropped by the NQA server. |
|
Recommended action |
Use the data-size command to edit the payload size in bytes for each probe packet in NQA operation type view or NQA template view. |
NQA_SCHEDULE_FAILURE
|
Message text |
NQA entry ([ STRING ]- [ STRING ]): Failed to start the scheduled NQA operation because port [ STRING] used by the operation is not available. |
|
Variable fields |
$1: Admin name of the NQA entry. $2: Operation tag of the NQA entry. $3: Port number. |
|
Severity level |
4 (Warning) |
|
Example |
NQA/4/NQA_SCHEDULE_FAILURE: NQA entry (admin-tag): Failed to start the scheduled NQA operation because port 10000 used by the operation is not available. |
|
Impact |
No negative impacts on the system. |
|
Cause |
The port is occupied by other services. |
|
Recommended action |
1. By using the display tcp and display udp commands to view the information in the Local Addr:port field, you can see the IPv4 address and port number currently in use by this end; by using the display ipv6 tcp and display ipv6 udp commands to view the information in the LAddr->port field, you can see the IPv6 address and port number currently in use by this end. 2. Executing the source port command to modify the source port of the NQA test to the currently available port number. |
NQA_SERVER_ADDR_UNAVAILABLE
|
Message text |
Failed to enable the NQA server because the listening service's IP address [STRING] is not available. |
|
Variable fields |
$1: IP address. |
|
Severity level |
6 (Informational) |
|
Example |
NQA/6/NQA_SEVER_ADDR_UNAVAILABLE: Failed to enable the NQA server because the listening service's IP address 192.168.10.100 is not available. |
|
Impact |
The device cannot use the IP address to provide NQA server services. |
|
Cause |
The IP address is not configured, or the interface where the IP address is configured goes down. |
|
Recommended action |
Verify that the IP or IPv6 address is configured on the device, or the associated interface is up. Alternatively, use the nqa server tcp-connect or nqa server udp-echo command to edit the listening service's IP address for the NQA server. · For a TCP or DLSw operation, you must configure the nqa server tcp-connect command. For a DLSw operation, make sure the value for the port-number argument is 2065. Without the configuration, the operation will fail. · For a UDP echo, UDP jitter, or voice operation, you must configure the nqa server udp-echo command. Without the configuration, the operation will fail. |
NQA_SERVER_PORT_UNAVAILABLE
|
Message text |
Failed to enable the NQA server because listening port [STRING] is not available. |
|
Variable fields |
$1: Port number. |
|
Severity level |
6 (Informational) |
|
Example |
NQA/6/NQA_SEVER_PORT_UNAVAILABLE: Failed to enable the NQA server because listening port 10000 is not available. |
|
Impact |
The device cannot use the port number to provide NQA server services. |
|
Cause |
The port has been used by another service. |
|
Recommended action |
Use the nqa server tcp-connect or nqa server udp-echo command to edit the listening service's port number for the NQA server. · For a TCP or DLSw operation, you must configure the nqa server tcp-connect command. For a DLSw operation, make sure the value for the port-number argument is 2065. Without the configuration, the operation will fail. · For a UDP echo, UDP jitter, or voice operation, you must configure the nqa server udp-echo command. Without the configuration, the operation will fail. · Make sure the configured port number is not used by any other services on the device. ¡ You can obtain the IPv4 address and port number in use on the local end from the Local Addr:port field in the output from the display tcp and display udp commands. ¡ You can obtain the IPv6 address and port number in use on the local end from the LAddr->port field in the output from the display ipv6 tcp and display ipv6 udp commands. |
NQA_TWAMP_LIGHT_PACKET_INVALID
|
Message text |
NQA TWAMP Light test session [UINT32] index [UINT32]: The number of packets captured for statistics collection is invalid. |
|
Variable fields |
$1: Test session ID. $2: Serial number of the statistics data. |
|
Severity level |
6 (Informational) |
|
Example |
NQA/6/NQA_TWAMP_LIGHT_PACKET_INVALID: NQA TWAMP Light test session 1 index 7: The number of packets captured for statistics collection is invalid. |
|
Impact |
No negative impacts on the system. |
|
Cause |
The statistics collection interval for the TWAMP Light test was shorter than the packet sending interval. Results of the test will not be included in statistics. |
|
Recommended action |
1. Execute the stop command in TWAMP Light sender view to stop the test. 2. Execute the start command in TWAMP Light sender view to start the test, and make sure the following conditions are met: ¡ The packet monitoring time is greater than the statistics collection interval. ¡ The statistics collection interval is greater than the packet sending interval. |
NQA_TWAMP_LIGHT_REACTION
|
Message text |
NQA TWAMP Light test session [UINT32] reaction entry [UINT32]: Detected continual violation of the [STRING] [STRING] threshold for a threshold violation monitor time of [UINT32] ms. |
|
Variable fields |
$1: Test session ID. $2: ID of the NQA reaction entry. $3: Reaction entry type: ¡ Two-way delay. ¡ Two-way loss. ¡ Two-way jitter. $4: Threshold violation value: ¡ upper—Be equal to or greater than the upper threshold limit. ¡ lower—Be equal to or less than the lower threshold limit. $5: Statistics collection interval. |
|
Severity level |
6 (Informational) |
|
Example |
NQA/6/NQA_TWAMP_LIGHT_REACTION: NQA TWAMP Light test session 1 reaction entry 1: Detected continual violation of the two-way loss upper threshold for a threshold violation monitor time of 2000 ms. |
|
Impact |
No negative impacts on the system. |
|
Cause |
In a TWAMP Light test, the device monitors the test result, and starts the monitoring time when either of the following conditions is met: · The monitoring result goes beyond the upper threshold limit. · The monitoring result drops below the lower threshold limit from a monitoring result higher than the lower limit. If either condition is always true during the monitoring time, a threshold violation occurs. |
|
Recommended action |
No action is required. |
NQA_TWAMP_LIGHT_START_FAILURE
|
Message text |
NQA TWAMP Light test session [UINT32]: Failed to start the test session. Please check the parameters. |
|
Variable fields |
$1: Test session ID. |
|
Severity level |
6 (Informational) |
|
Example |
NQAS/6/NQA_TWAMP_LIGHT_START_FAILURE: NQA TWAMP Light test session 1: Failed to start the test session, Please check the parameters. |
|
Impact |
No negative impacts on the system. |
|
Cause |
Driver check failed. Required settings are missing. |
|
Recommended action |
The network configuration requirements for the driver vary by network environment. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
NQA_UPF_UE_PROBE
|
Message text |
Reaction entry [STRING] of NQA operation with administrator name [STRING] and operation tag [STRING] exceeded the threshold. Delay information between UPF and UE: · Round trip time [UINT32] us · UPF network to station two-way delay [UINT32] us · Downlink GTPU delay [UINT32] us · Uplink GTPU delay [UINT32] us · Downlink PDCP delay [UINT32] us · Uplink PDCP delay [UINT32] us · Donwlink RLC delay [UINT32] us · Uplink RLC delay [UINT32] us · Downlink MAC delay [UINT32] us · Uplink MAC delay [UINT32] us |
|
Variable fields |
$1: ID of the NQA reaction entry, in the range of 1 to 10. $2: Admin name of the NQA operation. $3: Operation tag of the NQA operation. $4: Total round trip time for packets between the UPF and UE, in microseconds. $5: Total round trip time for packets between the UPF and base station, in microseconds. $6: Duration for uplink packets to enter and exit the GTP-U layer of the base station, in microseconds. $7: Duration for downlink packets to enter and exit the GTP-U layer of the base station, in microseconds. $8: Duration for uplink packets to enter and exit the PDCP layer of the base station, in microseconds. $9: Duration for downlink packets to enter and exit the PDCP layer of the base station, in microseconds. $10: Duration for uplink packets to enter and exit the RLC layer of the base station, in microseconds. $11: Duration for downlink packets to enter and exit the RLC layer of the base station, in microseconds. $12: Duration for uplink packets to enter and exit the MAC layer of the base station, in microseconds. $13: Duration for downlink packets to enter and exit the MAC layer of the base station, in microseconds. |
|
Severity level |
6 (Informational) |
|
Example |
NQA/6/NQA_UPF_UE_PROBE: Reaction entry 1 of NQA operation with administrator name 1 and operation tag 1 exceeded the threshold. Delay information between UPF and UE: · Round trip time 1500 us · UPF network to station two-way delay 1000 us · Downlink GTPU delay 35 us · Uplink GTPU delay 35 us · Downlink PDCP delay 35 us · Uplink PDCP delay 35 us · Donwlink RLC delay 35 us · Uplink RLC delay 35 us · Downlink MAC delay 35 us · Uplink MAC delay 35 us |
|
Impact |
No negative impacts on the system. |
|
Cause |
After you enable delay measurement between the UPF and UE, a log is generated if the monitored result is greater than or equal to the alarm threshold. |
|
Recommended action |
1. Execute the display nqa statistics command in any view to display the NQA operation statistics. Check the measured round-trip delay between the UPF and UE. If any parameter value exceeds the expected value range, locate and troubleshoot the issue. 2. Execute the display current-configuration | include "upf-ue-rtt threshold-value” command in any view to display the NQA reaction entry configuration for round-trip delay of packets between the UPF and UE. If the threshold configuration is not appropriate, execute the reaction checked-element upf-ue-rtt command in ICMP echo operation view to edit the configuration. 3. If the issue persists, collect alarm information and configuration data, and then contact H3C Support for help. |
NTP
This section contains NTP messages.
NTP_CLOCK_CHANGE
|
Message text |
System clock changed from [STRING] to [STRING], the NTP server's IP address is [STRING]. |
|
Variable fields |
$1: Time before synchronization. $2: Time after synchronization. $3: IP address. |
|
Severity level |
5 (Notification) |
|
Example |
NTP/5/NTP_CLOCK_CHANGE: System clock changed from 02:12:58:345 12/28/2012 to 02:29:12:879 12/28/2012, the NTP server's IP address is 192.168.30.116. |
|
Impact |
No negative impacts on the system. |
|
Cause |
The NTP client has synchronized its time to the NTP server. |
|
Recommended action |
No action is required. |
NTP_LEAP_CHANGE
|
Message text |
System Leap Indicator changed from [UINT32] to [UINT32] after clock update. |
|
Variable fields |
$1: Original system Leap Indicator. Options include the following: ¡ 01: Indicates that the last minute of the day has 61 seconds. ¡ 10: Indicates that the last minute of the day has 59 seconds. $2: Current system Leap Indicator. Options include the following: ¡ 01: Indicates that the last minute of the day has 61 seconds. ¡ 10: Indicates that the last minute of the day has 59 seconds. |
|
Severity level |
5 (Notification) |
|
Example |
NTP/5/NTP_LEAP_CHANGE: System Leap Indicator changed from 00 to 01 after clock update. |
|
Impact |
The device will adjust the time by leaping one second during the last minute of the day on which this log is generated. |
|
Cause |
The system Leap Indicator changed. For example, the NTP status changed from unsynchronized to synchronized. NTP Leap Indicator is a two-bit code warning of an impending leap second to be inserted in the NTP timescale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover interval) in the day of insertion to be increased or decreased by one. |
|
Recommended action |
Determine if a leap second adjustment is necessary today for printing this log, based on the deviation values of TAI and UTC time published regularly by the International Bureau of Weights and Measures (BIPM): If a leap second adjustment is needed and its value is correct, then no action is required. If a leap second adjustment is not needed, then wait for the next time synchronization. If after the next synchronization, the device's system time matches the international standard time, then no action is required. If after the next synchronization, the device's system time does not match the international standard time, continue to check if the time source has also undergone a leap second adjustment. If the time source has an incorrect leap second adjustment, recalibrate the time of the time source. |
NTP_SOURCE_CHANGE
|
Message text |
NTP server's IP address changed from [STRING] to [STRING]. |
|
Variable fields |
$1: IP address of the original time source. $2: IP address of the new time source. |
|
Severity level |
5 (Notification) |
|
Example |
NTP/5/NTP_SOURCE_CHANGE: NTP server's IP address changed from 1.1.1.1 to 1.1.1.2. |
|
Impact |
No negative impacts on the system. |
|
Cause |
The system changed the time source. |
|
Recommended action |
Generally, no action is required. You can also further identify the cause of the clock source switch, for example: · Ping the IP address of the original clock source to see if the original clock source is route reachable. If the route is not reachable, resolve the routing issue first. · Log in to the original clock source and check if the clock on the original clock source is accurate. If it is not accurate, adjust the time on the original clock source. · Log in to the original clock source and check if the NTP configuration on the original clock source is correct. If it is not correct, modify it according to the NTP configuration manual. |
NTP_SOURCE_LOST
|
Message text |
Lost synchronization with NTP server with IP address [STRING]. |
|
Variable fields |
$1: IP address. |
|
Severity level |
4 (Warning) |
|
Example |
NTP/4/NTP_SOURCE_LOST: Lost synchronization with NTP server with IP address 1.1.1.1. |
|
Impact |
The accuracy of the device's clock might be affected. |
|
Cause |
During NTP interactions, if the clock source is unsynchronized or unreachable, and there are no other candidate sources for synchronization, the device generates this log. |
|
Recommended action |
1. Ping the IP address of the original clock source to check if the original clock source is route reachable. If the route is not reachable, resolve the routing issue first. 2. Log in to the original clock source and check if the clock on the original clock source is accurate. If it is not accurate, adjust the time on the original clock source. 3. Log in to the original clock source and check if the NTP configuration on the original clock source is correct. If incorrect, modify it according to the NTP configuration manual. 4. Select the corresponding command-line configuration for the new clock source based on the clock synchronization mode adopted. |
NTP_STRATUM_CHANGE
|
Message text |
System stratum changed from [UINT32] to [UINT32] after clock update. |
|
Variable fields |
$1: Original stratum. $2: Current stratum. |
|
Severity level |
5 (Notification) |
|
Example |
NTP/5/NTP_STRATUM_CHANGE: System stratum changed from 6 to 5 after clock update. |
|
Impact |
Clock synchronization between the device and downstream devices might be affected. |
|
Cause |
Causes for changes in the device's clock stratum might include: · Changes in the hierarchy of the clock source itself, such as when the system initially selects a clock source. · Switching of synchronization clock sources during the synchronization process, with changes in the clock source leading to changes in the clock hierarchy. In actual networks, NTP servers that obtain time synchronization from authoritative clocks (such as atomic clocks) typically have their stratums set to 1 and are used as the primary time servers to synchronize the clocks of other devices in the network. The NTP distance between devices in the network and the primary time server, which is the number of NTP servers in the NTP synchronization chain, determines the stratum of the clock on the device. For example, in a network topology like: Atomic Clock -> Device A -> Device B -> Device C, the clock stratum of Device A would be 1, the clock stratum of Device B would be 2, and the clock stratum of Device C would be 3. |
|
Recommended action |
1. Verify whether the clock source has changed. Execute the display ntp-service status command to check the value of the Reference clock ID field (which represents the clock source address): ¡ If the value of the Reference clock ID field is consistent with the main clock source address in the network plan, proceed to step 2. If the value of the Reference clock ID field is not consistent with the main clock source address in the network plan, this indicates a clock source switch has occurred. The switch in the clock source leads to changes in clock stratums, no action is required. ¡ If the value of Reference clock ID is none, it indicates the loss of the clock source. Replace the clock source or repair the faulty one. 2. Verify whether the change in the clock stratums of this device is caused by the change in the hierarchy of the clock source itself. Log in to the clock source and check its clock stratums. If the clock stratums of the clock source are inconsistent with the network plan, modify the clock stratums of the clock source (if the clock source is an H3C device, execute the display ntp-service sessions command to see the value of the stra field, which represents the clock stratums of the clock source. Under system view, execute the ntp-service refclock-master command to change the clock hierarchy of the clock source). 3. Verify whether the change in the clock stratums of this device is caused by the change in the hierarchy of the clock source itself. Execute the display ntp-service sessions command on the device, where the value of the stra field indicates the clock stratums of the clock source. If the clock stratums of the clock source are inconsistent with the network plan, log in to the clock source and modify its clock stratums (if the clock source is an H3C device, the clock stratums can be modified by executing ntp-service refclock-master command in system view). |
OPTMOD
This section contains OPTMOD messages.
BIAS_HIGH
|
Message text |
[STRING]: Bias current is high. |
|
Variable fields |
$1: Port name. |
|
Severity level |
2 (Critical) |
|
Example |
OPTMOD/2/BIAS_HIGH: GigabitEthernet1/0/1: Bias current is high. |
|
Impact |
The transceiver module cannot run correctly. |
|
Cause |
When the bias current of the optical transceiver module exceeds the high bias current alarm threshold, this log is generated |
|
Recommended action |
1. Use the 'display transceive diagnosis interface' command to Verify whether the current bias current value has exceeded the high bias current alarm threshold 2. Use the 'display transceive alarm interface' command multiple times to confirm the presence of high bias current alarm 3. If there is indeed a high bias current alarm, it indicates an issue with the optical transceiver module. Please replace the transceiver module. |
BIAS_LOW
|
Message text |
[STRING]: Bias current is low. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/BIAS_LOW: GigabitEthernet1/0/1: Bias current is low. |
|
Impact |
The transceiver module cannot run correctly. |
|
Cause |
When the bias current of the optical transceiver module is lower than the bias current low alarm threshold, this log is generated |
|
Recommended action |
1. Verify if the port status is shutdown. If the status is shutdown, recover the port status to up 2. Use the display transceiver diagnosis interface command to Verify whether the current bias current value has exceeded the bias current low alarm threshold 3. Use the display transceiver alarm interface command to check multiple times if there is indeed a bias current low alarm 4. If it is lower than the bias current low alarm threshold, there may be a fault with the optical transceiver module or the board. Collect the configuration file, log file, and alarms, and then contact Technical Support. |
BIAS_NORMAL
|
Message text |
[STRING]: Bias current is normal. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/BIAS_NORMAL: GigabitEthernet1/0/1: Bias current is normal. |
|
Impact |
No negative impacts on the system. |
|
Cause |
This log is generated when the bias current of the optical transceiver module is restored to normal range. |
|
Recommended action |
No action is required. |
CFG_ERR
|
Message text |
[STRING]: Transceiver type and port configuration mismatched. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/CFG_ERR: GigabitEthernet1/0/1: Transceiver type and port configuration mismatched. |
|
Impact |
The transceiver module might fail to run correctly. |
|
Cause |
When the optical transceiver module type does not match the port configuration, this log is generated |
|
Recommended action |
1. Verify whether the optical transceiver module can work properly. If it can, no action is required. 2. If the transceiver module cannot run correctly, collect the configuration file, log file, and alarms, and then contact Technical Support. |
CHKSUM_ERR
|
Message text |
[STRING]: Transceiver information checksum error. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/CHKSUM_ERR: GigabitEthernet1/0/1: Transceiver information checksum error. |
|
Impact |
No negative impacts on the system. |
|
Cause |
When the optical transceiver module register information verification fails, this log is generated |
|
Recommended action |
1. Verify whether the optical transceiver module can work normally, if yes, no action is required. 2. If the optical transceiver module cannot work normally, please re-plug the optical transceiver module 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
FIBER_SFP MODULE_INVALID
|
Message text |
[STRING]: This transceiver module is not compatible with the interface card. HP does not guarantee the correct operation of the transceiver module. The transceiver module will be invalidated in [UINT32] days. Please replace it with a compatible one as soon as possible. |
|
Variable fields |
$1: Port name. $2: Optical Transceiver Module Failure Days |
|
Severity level |
4 (Warning) |
|
Example |
OPTMOD/4/FIBER_SFPMODULE_INVALID: GigabitEthernet1/0/1: This transceiver module is not compatible with the interface card. HP does not guarantee the correct operation of the transceiver module. The transceiver module will be invalidated in 3 days. Please replace it with a compatible one as soon as possible. |
|
Impact |
The transceiver module cannot run correctly. |
|
Cause |
This log is generated when the optical transceiver module does not match the interface card |
|
Recommended action |
Replace the transceiver module. |
FIBER_SFPMODULE_NOWINVALID
|
Message text |
[STRING]: This is not a supported transceiver for this platform. HP does not guarantee the normal operation or maintenance of unsupported transceivers. Please review the platform datasheet on the HP web site or contact your HP sales rep for a list of supported transceivers. |
|
Variable fields |
$1: Port name. |
|
Severity level |
4 (Warning) |
|
Example |
OPTMOD/4/FIBER_SFPMODULE_NOWINVALID: GigabitEthernet1/0/1: This is not a supported transceiver for this platform. HP does not guarantee the normal operation or maintenance of unsupported transceivers. Please review the platform datasheet on the HP web site or contact your HP sales rep for a list of supported transceivers. |
|
Impact |
Unsupportable optical transceiver modules may not work properly on the device |
|
Cause |
When the optical transceiver module is not supported, this log is generated |
|
Recommended action |
Please refer to the platform data on the HP website or contact your HP sales representative for a list of supported optical transceiver modules, Replace the transceiver module. |
IO_ERR
|
Message text |
[STRING]: The transceiver information I/O failed. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/IO_ERR: GigabitEthernet1/0/1: The transceiver information I/O failed. |
|
Impact |
The transceiver module cannot run correctly. |
|
Cause |
When the device fails to read the optical transceiver module register, this log is generated |
|
Recommended action |
1. Verify whether the port is working properly. If the port is not working properly, Verify and resolve the port issue first 2. If the same fault occurs multiple times with other optical modules on the single board, it indicates a component failure on the board. Collect the configuration file, log file, and alarms, and then contact Technical Support. 3. Execute the 'display transceiver diagnosis interface' or 'display transceiver alarm interface' command. If both commands fail, it indicates a fault with the transceiver module. Please replace the transceiver module. |
MOD_ALM_OFF
|
Message text |
[STRING]: [STRING] was removed. |
|
Variable fields |
$1: Port name. $2: Fault type. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/MOD_ALM_OFF: GigabitEthernet1/0/1: Module_not_ready was removed. |
|
Impact |
No negative impacts on the system. |
|
Cause |
This log is generated when the optical transceiver module fault is cleared. |
|
Recommended action |
No action is required. |
MOD_ALM_ON
|
Message text |
[STRING]: [STRING] was detected. |
|
Variable fields |
$1: Port name. $2: Fault type. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/MOD_ALM_ON: GigabitEthernet1/0/1: Module_not_ready was detected. |
|
Impact |
The transceiver module might fail to run correctly. |
|
Cause |
When a fault is detected in the optical transceiver module, this log is generated |
|
Recommended action |
According to different types of faults, the cause of the fault may be the problem with the optical transceiver module itself, or it may be a port or link problem, collect the configuration file, log file, and alarms, and then contact Technical Support. |
MODULE_IN
|
Message text |
[STRING]: The transceiver is [STRING]. |
|
Variable fields |
$1: Port name. $2: Transceiver module type. |
|
Severity level |
4 (Warning) |
|
Example |
OPTMOD/4/MODULE_IN: GigabitEthernet1/0/1: The transceiver is 1000_BASE_T_AN_SFP. |
|
Impact |
No negative impacts on the system. |
|
Cause |
When an optical transceiver module is inserted into a port, this log is generated. |
|
Recommended action |
No action is required. |
MODULE_OUT
|
Message text |
[STRING]: Transceiver absent. |
|
Variable fields |
$1: Port name. |
|
Severity level |
4 (Warning) |
|
Example |
OPTMOD/4/MODULE_OUT: GigabitEthernet1/0/1: Transceiver absent. |
|
Impact |
The transceiver module is not available. |
|
Cause |
This log is generated when the transceiver module is removed. |
|
Recommended action |
No action is required. |
OPTICAL_WARNING_CLEAR
|
Message text |
Transceiver warning alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault location information. $4: Error code. $5: Error reason. |
|
Severity level |
4 (Warning) |
|
Example |
OPTMOD/4/OPTICAL_WARNING_CLEAR: Transceiver warning alarm cleared. (PhysicalIndex=8833, PhysicalName=GE1/0/1, RelativeResource=1/0/1, ErrorCode=600060, Reason=Transceiver RXCDR_unlock detected. Lane = 1.) |
|
Impact |
No negative impact on the system. |
|
Cause |
The transceiver module alarm is cleared. |
|
Recommended action |
No action is required. |
OPTICAL_WARNING_OCCUR
|
Message text |
Transceiver warning alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>) |
|
Variable fields |
$1: Entity index. $2: Entity name. $3: Fault location information. $4: Error code. $5: Error reason. |
|
Severity level |
4 (Warning) |
|
Example |
OPTMOD/4/OPTICAL_WARNING_OCCUR: Transceiver warning alarm occurred. (PhysicalIndex=8833, PhysicalName=GE1/0/1, RelativeResource=1/0/1, ErrorCode=600060, Reason=Transceiver RXCDR_unlock detected. Lane = 1.) |
|
Impact |
The transceiver module cannot operate correctly. |
|
Cause |
The transceiver module alarm is generated. |
|
Recommended action |
1. Verify that the transceiver module and fibers are connected correctly. 3. Remove the transceiver module and insert it again. 4. Verify that all interface modules installed on the device are operating correctly. 5. Take corresponding measures based on the FaultID. 4. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
OPTMOD_COUNTERFEIT_MODULE
|
Message text |
The following transceiver you are using is suspected to be a counterfeit/pirated/unauthorized H3C transceiver, which might cause compatibility problems and expose your device to security threats. Please contact H3C for further detection and verification promptly. [STRING]: Transceiver type [STRING], SN [STRING]. |
|
Variable fields |
$1: Interface type and number. $2: Interface Module Model $3: Serial number of the transceiver module. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/OPTMOD_COUNTERFEIT_MODULE: The following transceiver you are using is suspected to be a counterfeit/pirated/unauthorized H3C transceiver, which might cause compatibility problems and expose your device to security threats. Please contact H3C for further detection and verification promptly. GigabitEthernet1/0/1: Transceiver type 1000_BASE_SX_SFP, SN 2013AYU0711103. GigabitEthernet1/0/2: Transceiver type 1000_BASE_SX_SFP, SN 2013AYU0711103. |
|
Impact |
The transceiver module might fail to run correctly. |
|
Cause |
When counterfeit, pirate, or unauthorized H3C optical transceiver modules are detected on the device, this log is generated. For counterfeit, pirate, or unauthorized H3C optical transceiver modules, data cannot be obtained through the display transceiver diagnosis command. |
|
Recommended action |
Please purchase and use H3C transceiver modules. |
OPTMOD_MODULE_CHECK
|
Message text |
An H3C transceiver is detected. Please go to the website www.h3c.com to verify its authenticity. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
OPTMOD/6/OPTMOD_MODULE_CHECK: An H3C transceiver is detected. Please go to the website www.h3c.com to verify its authenticity. |
|
Impact |
No negative impacts on the system. |
|
Cause |
When no H3C optical transceiver module is detected on the device, this log will be printed. Remind users to visit the H3C official website (www.h3c.com) for bar code anti-counterfeiting verification. |
|
Recommended action |
No action is required. |
PHONY_MODULE
|
Message text |
[STRING]: A non-H3C transceiver is detected. Please confirm the label of the transceiver. If there is an H3C Logo, it is suspected to be a counterfeit H3C transceiver. This transceiver is NOT sold by H3C. H3C therefore shall NOT guarantee the normal function of the device or assume the maintenance responsibility thereof! |
|
Variable fields |
$1: Port name. |
|
Severity level |
4 (Warning) |
|
Example |
OPTMOD/4/PHONY_MODULE: GigabitEthernet1/0/1: A non-H3C transceiver is detected. Please confirm the label of the transceiver. If there is an H3C Logo, it is suspected to be a counterfeit H3C transceiver. This transceiver is NOT sold by H3C. H3C therefore shall NOT guarantee the normal function of the device or assume the maintenance responsibility thereof! |
|
Impact |
The transceiver module might fail to run correctly. |
|
Cause |
This log is generated when a non-H3C transceiver module is detected. |
|
Recommended action |
1. Please purchase and use H3C transceiver modules. 2. If Verify using H3C optical transceiver module, collect the configuration file, log file, and alarms, and then contact Technical Support. |
RX_ALM_OFF
|
Message text |
[STRING]: [STRING] was removed. |
|
Variable fields |
$1: Port name. $2: Rx fault type. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/RX_ALM_OFF: GigabitEthernet1/0/1: RX_not_ready was removed. |
|
Impact |
No negative impacts on the system. |
|
Cause |
This log is generated when the optical transceiver module RX fault is cleared. |
|
Recommended action |
No action is required. |
RX_ALM_ON
|
Message text |
[STRING]: [STRING] was detected. |
|
Variable fields |
$1: Port name. $2: Rx fault type. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/RX_ALM_ON: GigabitEthernet1/0/1: RX_not_ready was detected. |
|
Impact |
The transceiver module might fail to run correctly. |
|
Cause |
When an optical transceiver module RX fault is detected, this log is generated |
|
Recommended action |
The cause of the failure may be the optical transceiver module itself, or it may be a port or link issue, collect the configuration file, log file, and alarms, and then contact Technical Support. |
RX_POW_HIGH
|
Message text |
[STRING]: RX power is high. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/RX_POW_HIGH: GigabitEthernet1/0/1: RX power is high. |
|
Impact |
The transceiver module might fail to run correctly. |
|
Cause |
When the RX power of the optical module exceeds the high alarm threshold of the received optical power, this log is generated. |
|
Recommended action |
1. Adjust the link and increase the optical attenuation to ensure that the optical power of the optical module meets the normal working range of received optical power. 2. Use the display transceiver diagnosis interface command to Verify whether the power has exceeded the high alarm threshold of the received optical power. 3. Use the display transceiver alarm interface command to Verify whether there is currently a high alarm for received optical power. 4. If the high alarm threshold of the received optical power is indeed exceeded, it indicates a problem with the optical module. Please replace the transceiver module. |
RX_POW_LOW
|
Message text |
[STRING]: RX power is low. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/RX_POW_LOW: GigabitEthernet1/0/1: RX power is low. |
|
Impact |
The transceiver module might fail to run correctly. |
|
Cause |
When the optical transceiver module RX power is lower than the receive optical power low alarm threshold, this log is generated |
|
Recommended action |
1. Adjust the link to make the optical transceiver module receive optical power within the normal working range 2. Use the 'display transceive diagnosis interface' command to Verify whether the power has fallen below the receive optical power low alarm threshold 3. Use the 'display transceive alarm interface' command to Verify whether there is indeed a receive optical power low alarm currently 4. If it is indeed below the receive optical power low alarm threshold, it means there is a problem with the optical module. Please replace the transceiver module. |
RX_POW_NORMAL
|
Message text |
[STRING]: RX power is normal. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/RX_POW_NORMAL: GigabitEthernet1/0/1: RX power is normal. |
|
Impact |
No negative impacts on the system. |
|
Cause |
This log is generated when the optical transceiver module RX power is recovered to the normal range |
|
Recommended action |
No action is required. |
TEMP_HIGH
|
Message text |
[STRING]: Temperature is high. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/TEMP_HIGH: GigabitEthernet1/0/1: Temperature is high. |
|
Impact |
High temperature will affect the normal operation of the optical transceiver module |
|
Cause |
When the temperature of the optical transceiver module exceeds the high temperature alarm threshold, this log is generated |
|
Recommended action |
1. Please Verify whether the ambient temperature in the computer room is too high. If the ambient temperature is indeed too high, please improve the room temperature and ensure normal ventilation of the equipment environment 2. Verify whether the device fan is working properly. If the fan is not working properly, install or replace the faulty fan 3. If the device fan is normal and the ambient temperature is normal, it means the optical transceiver module is faulty. Please replace the transceiver module. |
TEMP_LOW
|
Message text |
[STRING]: Temperature is low. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/TEMP_LOW: GigabitEthernet1/0/1: Temperature is low. |
|
Impact |
Low temperature will affect the normal operation of the optical transceiver module. |
|
Cause |
When the temperature of the optical module is lower than the low temperature alarm threshold, this log is generated. |
|
Recommended action |
1. Please Verify whether the ambient temperature in the equipment room is too low. If the ambient temperature is indeed too low, please improve the room temperature. 2. If the ambient temperature is normal, it indicates a fault in the optical module. Please replace the transceiver module. |
TEMP_NORMAL
|
Message text |
[STRING]: Temperature is normal. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/TEMP_NORMAL: GigabitEthernet1/0/1: Temperature is normal. |
|
Impact |
No negative impacts on the system. |
|
Cause |
This log is generated when the optical transceiver module temperature has recovered to the normal range. |
|
Recommended action |
No action is required. |
TX_ALM_OFF
|
Message text |
[STRING]: [STRING] was removed. |
|
Variable fields |
$1: Port name. $2: Tx fault type. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/TX_ALM_OFF: GigabitEthernet1/0/1: TX_fault was removed. |
|
Impact |
No negative impacts on the system. |
|
Cause |
When the optical transceiver module TX fault is cleared, this log is generated |
|
Recommended action |
No action is required. |
TX_ALM_ON
|
Message text |
[STRING]: [STRING] was detected. |
|
Variable fields |
$1: Port name. $2: Tx fault type. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/TX_ALM_ON: GigabitEthernet1/0/1: TX_fault was detected. |
|
Impact |
The transceiver module might fail to run correctly. |
|
Cause |
When an optical transceiver module TX fault is detected, this log is generated |
|
Recommended action |
The cause of the fault may be the optical transceiver module itself, or it may be a port or link issue, collect the configuration file, log file, and alarms, and then contact Technical Support. |
TX_POW_HIGH
|
Message text |
[STRING]: TX power is high. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/TX_POW_HIGH: GigabitEthernet1/0/1: TX power is high. |
|
Impact |
The transceiver module might fail to run correctly. |
|
Cause |
When the optical module TX power exceeds the high alarm threshold of the transmitted optical power, this log is generated |
|
Recommended action |
1. Adjust the link, increase the optical attenuation to ensure that the optical power of the optical module meets the normal working range 2. Use the 'display transceiver diagnosis interface' command to Verify whether the power has exceeded the high alarm threshold of the transmitted optical power 3. Use the 'display transceiver alarm interface' command to Verify whether there is currently a high alarm for the transmitted optical power 4. If the high alarm threshold of the transmitted optical power has indeed been exceeded, it indicates a problem with the optical module. Please replace the transceiver module. |
TX_POW_LOW
|
Message text |
[STRING]: TX power is low. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/TX_POW_LOW: GigabitEthernet1/0/1: TX power is low. |
|
Impact |
The transceiver module cannot run correctly. |
|
Cause |
When the optical module TX power is lower than the low optical power transmission alarm threshold, this log is generated |
|
Recommended action |
1. Verify the port status to see if it is shutdown. If the status is shutdown, restore the port status to up 2. Use the display transceiver diagnosis interface command to Verify whether the power is indeed lower than the low optical power transmission alarm threshold 3. Use the display transceiver alarm interface command to Verify whether there is currently a low optical power transmission alarm 4. If it is indeed lower than the low optical power transmission alarm threshold, it means there is a problem with the optical module. Please replace the transceiver module. 5. If the problem cannot be resolved, it may be a board problem (such as turning off the light, abnormal high-speed signals, etc.), collect the configuration file, log file, and alarms, and then contact Technical Support. |
TX_POW_NORMAL
|
Message text |
[STRING]: TX power is normal. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/TX_POW_NORMAL: GigabitEthernet1/0/1: TX power is normal. |
|
Impact |
No negative impacts on the system. |
|
Cause |
Optical transceiver module TX power recovered to normal range, this log is generated |
|
Recommended action |
No action is required. |
TYPE_ERR
|
Message text |
[STRING]: The transceiver type is not supported by port hardware. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/TYPE_ERR: GigabitEthernet1/0/1: The transceiver type is not supported by port hardware. |
|
Impact |
The transceiver module cannot run correctly. |
|
Cause |
When the port hardware does not support the optical transceiver module type, this log is generated. |
|
Recommended action |
1. Replace the transceiver module. 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
VOLT_HIGH
|
Message text |
[STRING]: Voltage is high. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/VOLT_HIGH: GigabitEthernet1/0/1: Voltage is high. |
|
Impact |
The transceiver module might fail to run correctly. Or the optical transceiver module is damaged. |
|
Cause |
When the voltage of the optical transceiver module exceeds the overvoltage high alarm threshold, this log is generated. |
|
Recommended action |
1. Verify whether the port is working properly. If the port is not working properly, first Verify the port issue and resolve it. 2. Verify if this fault has occurred multiple times on other optical transceiver modules on the board. If so, it indicates a possible component failure on the board, collect the configuration file, log file, and alarms, and then contact Technical Support. 3. Use the display transceiver diagnosis interface command to Verify whether the voltage has exceeded the overvoltage high alarm threshold. 4. Use the display transceiver alarm interface command to Verify whether there is indeed a high voltage alarm currently. 5. If the overvoltage high alarm threshold is indeed exceeded, it means there is a problem with the optical transceiver module. Please replace the transceiver module. |
VOLT_LOW
|
Message text |
[STRING]: Voltage is low. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/VOLT_LOW: GigabitEthernet1/0/1: Voltage is low. |
|
Impact |
The transceiver module might fail to run correctly. |
|
Cause |
When the voltage of the optical transceiver module is lower than the low voltage alarm threshold, this log is generated |
|
Recommended action |
1. Verify whether the port is working properly. If the port is not working properly, Verify the port issue and resolve it first 2. Confirm if other optical transceiver modules on the board have encountered this fault multiple times. If so, it indicates a component failure on the board, collect the configuration file, log file, and alarms, and then contact Technical Support. 3. Use the display transceiver diagnosis interface command to Verify whether the voltage has exceeded the low voltage alarm threshold 4. Use the display transceiver alarm interface command to Verify whether there is currently a low voltage alarm 5. If it is indeed below the low voltage alarm threshold, it indicates a problem with the optical transceiver module. Please replace the transceiver module. |
VOLT_NORMAL
|
Message text |
[STRING]: Voltage is normal. |
|
Variable fields |
$1: Port name. |
|
Severity level |
3 (Error) |
|
Example |
OPTMOD/3/VOLT_NORMAL: GigabitEthernet1/0/1: Voltage is normal! |
|
Impact |
No negative impacts on the system. |
|
Cause |
This log is generated when the optical transceiver module voltage is restored to normal range. |
|
Recommended action |
No action is required. |
OSPF
This section contains OSPF messages.
OSPF_DUP_RTRID_NBR
|
Message text |
OSPF [UINT16] Duplicate router ID [STRING] on interface [STRING], sourced from IP address [IPADDR]. |
|
Variable fields |
$1: OSPF process ID. $2: Router ID. $3: Interface name. $4: IP address. |
|
Severity level |
6 (Informational) |
|
Example |
OSPF/6/OSPF_DUP_RTRID_NBR: OSPF 1 Duplicate router ID 11.11.11.11 on interface GigabitEthernet0/0/3, sourced from IP address 11.2.2.2. |
|
Impact |
Router LSA continues to refresh, causing route flapping. |
|
Cause |
Two directly connected devices have the same router ID configured |
|
Recommended action |
1. Select different handling steps based on the different ways to obtain the Router ID for the OSPF process: ¡ If the OSPF process uses the global router ID, execute the router id command to edit the router ID. ¡ If the OSPF process uses a manually specified router ID, execute the ospf router-id command to edit the router ID. ¡ If the OSPF process uses an automatically obtained router ID, execute the ip address command to edit the IP address of the corresponding interface. 2. Execute the reset ospf process command to enable the new router ID to take effect. |
OSPF_IP_CONFLICT_INTRA
|
Message text |
OSPF [UINT16] Received newer self-originated network-LSAs. Possible conflict of IP address [IPADDR] in area [STRING] on interface [STRING]. |
|
Variable fields |
$1: OSPF process ID. $2: IP address. $3: OSPF area ID. $4: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
OSPF/6/OSPF_IP_CONFLICT_INTRA: OSPF 1 Received newer self-originated network-LSAs. Possible conflict of IP address 11.1.1.1 in area 0.0.0.1 on interface GigabitEthernet1/0/3. |
|
Impact |
· Device CPU usage is high · OSPF frequently ages LSA, regenerating LSA · Device routes are frequently refreshed, route calculation errors occur |
|
Cause |
Two devices in the same OSPF area may have the same main IP address configured on their interfaces, and at least one device is the DR |
|
Recommended action |
1. Check if OSPF_RTRID_CONFLICT_INTRA is generated at the same time, i.e. whether there is a Router ID conflict in the same OSPF area. ¡ If there is a Router ID conflict in the same OSPF area, resolve the Router ID conflict according to the Recommended action in the OSPF_RTRID_CONFLICT_INTRA log. ¡ If there is no Router ID conflict in the same OSPF area, go to step 2. 2. Find the interface information in the log, then modify the main IP address of the interface to ensure that devices in the same area use different main IP addresses for their interfaces. |
OSPF_LAST_NBR_DOWN
|
Message text |
OSPF [UINT32] Last neighbor down event: Router ID: [STRING] Local address: [STRING] Remote address: [STRING] Reason: [STRING] |
|
Variable fields |
$1: OSPF process ID. $2: Router ID. $3: Local IP address. $4: Neighbor IP address. $5: Reasons for the OSPF neighbor state becoming Down include: · Ospf Interface Parameters Changed. · Reset ospf command was performed. · Undo ospf command was performed. · Undo area command was performed. · Undo network: executed the undo network command · Silent Interface: executed the silent interface command · Ospf_iflchange: interface logical attribute change · Ospf_ifachange: interface physical attribute change · Ospf_ifvchange: interface vlink attribute change · Vlink down: virtual link interface down · Shamlink down: sham link interface down · DeadInterval timer expired: Dead interval timer timeout · Configuring stub area: Stub area configuration change · Configuring nssa area: NSSA area configuration change · Opaque-Capability changed: opaque-capability enable configuration change · Out-of-Band Resynchronazition Capability changed: enable out-of-band-resynchronization configuration change · BFD session down: BFD session down · Database-filter or referenced ACL changed: configuration change for filtering LSA sent to a specific neighbor or change of ACL rule referenced by the configuration shutdown: configured the shutdown process command |
|
Severity level |
6 (Informational) |
|
Example |
OSPF/6/OSPF_LAST_NBR_DOWN: OSPF 1 Last neighbor down event: Router ID: 2.2.2.2 Local address: 10.1.1.1 Remote address: 10.1.1.2 Reason: Dead Interval timer expired. |
|
Impact |
Service interruption might occur. |
|
Cause |
· Adjacent timer timeout · Physical interface change · OSPF-linked BFD session Down · OSPF configuration change Neighbor device reasons |
|
Recommended action |
Reason for OSPF neighbor down is adjacent timer timeout, Recommended action as follows: 1. Execute the ping command to check if the device link is faulty (including transmission equipment faults). ¡ If ping fails, check the transmission equipment, link status, interface situation, and adjust hardware equipment to restore service. ¡ If ping is successful, go to step 2. 2. Collect the configuration file, log file, and alarms, and then contact Technical Support. Reason for OSPF neighbor down is physical interface change, Recommended action as follows: 1. Execute the display interface [ interface-type [ interface-number | interface-number.subnumber ] ] command to check the status of the physical interface that establishes the OSPF neighbor relationship. ¡ If the physical status of the interface is DOWN, check if the transmission equipment is normal, and restore the physical interface status to eliminate the fault. ¡ If the physical status of the interface is "Administratively DOWN," it means that the interface has been manually closed with the shutdown command, open the interface by executing the undo shutdown command under the interface. ¡ If the physical status of the interface is "UP," go to step 2. 2. Execute the display ospf interface command to check if the interface is in a normal state under the OSPF protocol. ¡ If the OSPF interface status is Down, check if the interface is configured with an IP address, and eliminate the fault by checking the IP address. ¡ If the OSPF interface status is P-2-P, DR, BDR, or DROther, go to step 3. 3. Collect the configuration file, log file, and alarms, and then contact Technical Support. Reason for OSPF neighbor down is BFD session down, Recommended action as follows: 1. Execute the ping command to check if the device link is faulty (including transmission equipment faults). ¡ If ping fails, check the transmission equipment, link status, interface situation, and adjust hardware equipment to restore service. ¡ If ping is successful, go to step 2. 2. Collect the configuration file, log file, and alarms, and then contact Technical Support. Reason for OSPF neighbor down is configuration change, Recommended action as follows: 1. Use the display ospf interface command to check if the OSPF Area ID configuration at both ends is consistent. ¡ If they are consistent, go to step 2. ¡ If not consistent, modify to be consistent. 2. Use the 'display ospf interface' command to check if the network types of the local and remote interfaces are consistent. ¡ If not consistent, modify to be consistent. ¡ If they are consistent, go to step 3. 3. Use the 'display ospf statistics error' command every 10 seconds to check the OSPF error statistics and continue for 5 minutes. ¡ If the count value corresponding to the 'Bad authentication type' field keeps increasing, it means that the OSPF authentication types configured on the two devices establishing the neighbor are inconsistent, and the same authentication type needs to be configured on both devices. ¡ If the count value corresponding to the 'Hello-time mismatch' field keeps increasing, it means that the values of the Hello timer on the interface are inconsistent, and the Hello timer values on both interfaces need to be set to be consistent. ¡ If the count value corresponding to the 'Dead-time mismatch' field keeps increasing, it means that the values of the Dead timer on the interface are inconsistent, and the Dead timer values on both interfaces need to be set to be consistent. ¡ If the count value corresponding to the 'Ebit option mismatch' field keeps increasing, it means that the area type configuration is inconsistent (one end is configured as a normal area, and the other end is configured as a Stub or NSSA area), and the area types on both ends need to be set to be consistent. 4. Collect the configuration file, log file, and alarms, and then contact Technical Support. |
OSPF_NBR_CHG
|
Message text |
OSPF [UINT32] Neighbor [STRING] ([STRING]) changed from [STRING] to [STRING]. |
|
Variable fields |
$1: OSPF process ID. $2: Neighbor router ID. $3: Interface name. $4: Original neighbor state. $5: New neighbor state. |
|
Severity level |
3 (Error) |
|
Example |
OSPF/3/OSPF_NBR_CHG: OSPF 1 Neighbor 2.2.2.2 (Vlan-interface100) changed from Full to Down. |
|
Impact |
The sequence of OSPF neighbor state changes from low to high is: Down->Init->2-Way->ExStart->Exchange->Loading->Full. If the neighbor state changes from a lower state to a higher state, it is normal operation information and does not need attention. If the neighbor state changes from a higher state to a lower state, service interruption might occur. |
|
Cause |
The following reasons may cause the OSPF neighbor state to change from 2-way or Full state to other states: · Link fault, OSPF packets are discarded · DR priority configuration of the interface is unreasonable · OSPF MTU values configured on both ends are different · Neighbor adjacency timer times out · BFD session status linked to OSPF becomes Down |
|
Recommended action |
1. execute the 'display ospf peer' command to check the "State" field, which indicates the neighbor state. If the neighbor state is Full, it is normal operation information and does not need to be handled. Otherwise, go to step 2. 2. Execute the 'display interface interface-type interface-number' command to check the status of the interface connecting the neighbor. ¡ If the physical interface status is Up, go to step 3. ¡ If the physical interface status is Down, check if the 'shutdown' command is configured on the interface. If the 'shutdown' command is configured, execute the 'undo shutdown' command, then go to step 3. If the 'shutdown' command is not configured, go to step 3. 3. Check if the opposite interface IP address can be pinged. ¡ If it cannot be pinged, go to step 6. ¡ If it can be pinged, go to step 4. 4. Execute the 'display ospf interface' command to check the "State" field, which indicates the OSPF interface status. ¡ If the interface establishing a neighbor relationship with the opposite end is in the Down state, go to step 6. ¡ If the interface establishing a neighbor relationship with the opposite end is in a non-Down state, go to step 5. 5. Execute the 'display ospf interface verbose' command to check if the parameters configured on this device and the opposite device are consistent, including: Hello timer, Dead timer, Poll timer, OSPF network type, authentication. If the parameters configured on both ends are consistent, go to step 6. If the parameters configured on both ends are inconsistent, modify the configuration using the following command to ensure consistency. ¡ ospf timer hello ¡ ospf timer dead ¡ ospf timer poll ¡ ospf network-type ¡ ospf authentication-mode 6. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
OSPF_NBR_CHG_REASON
|
Message text |
OSPF [UINT32] Area [STRING] Router [STRING]([STRING]) CPU usage: [STRING], VPN name: [STRING], IfMTU: [UINT32], Neighbor address: [STRING], NbrID [STRING] changed from [STRING] to [STRING] at [STRING]. Last 4 hello packets received at: [STRING] Last 4 hello packets sent at: [STRING] |
|
Variable fields |
$1: OSPF process ID. $2: Area ID. $3: Router ID. $4: Interface short name $5: CPU usage. $6: VPN name. Only the neighbor status change log information of the OSPF multi-instance process will display the VPN name $7: Interface MTU size $8: Neighbor IP address. $9: Neighbor's router ID $10: Neighbor state before the change $11: Neighbor state after the change and the reason for the state change · to DOWN because OSPF interface parameters changed. · to DOWN because the OSPF process was reset. · to DOWN because the OSPF process was deleted. · to DOWN because the OSPF area was deleted. · to DOWN because OSPF was disabled (Interface: interface, peer address: address). · to DOWN because OSPF packet receiving and sending are disabled (Interface: interface, peer address: address). · to DOWN because the interface address was deleted or OSPF was disabled on interface. · to DOWN because the interface went down or MTU changed. · to DOWN because the virtual link was deleted or the route it relies on was deleted. · to DOWN because to DOWN because the virtual link interface went down or the virtual link settings were deleted. · to DOWN because the sham link was deleted or the route it relies on was deleted. · to DOWN because the dead timer expired. · to DOWN because the stub configuration changed in area area-id. · to DOWN because the NSSA configuration changed in area area-id. · to DOWN because the Opaque LSA capability configuration changed. · to DOWN because the out-of-band resynchronization capability configuration changed. · to DOWN because BFD session went down. · to INIT because a 1-way hello packet was received. · to DOWN because database-filter configuration changed or database-filter ACL configuration changed. · to EXSTART because a BadLSReq event was triggered upon the request for a nonexistent LSA. · to EXSTART because the LSA requested and then learned is the same as that in local. · to EXSTART because the LSA requested and then learned is older than that in local. · to EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a non-retransmitted DD packet from the Loading or Full peer during the DD retransmit interval. · to EXSTART because a SeqNumberMismatch event was triggered by the change of the OSPF peer’s capability to link-local signaling attribute. · to EXSTART because a SeqNumberMismatch event was triggered by the OSPF peer’s multi-topology attribute change. · to EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a retransmitted DD packet from the Loading or Full peer after the DD retransmit interval expired. · to EXSTART because a SeqNumberMismatch event was triggered by the change of the OSPF peer’s capability to receive AS external LSA. · to EXSTART because a SeqNumberMismatch event was triggered by the master-slave relationship change. · to EXSTART because a SeqNumberMismatch event was triggered upon the receipt of an unexpected initial DD packet after DD transmission started. · to EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet with a wrong sequence number from the slave. · to EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet with a wrong sequence number from the master. · to EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet containing local opaque LSA without enabling the opaque capability. · to EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet containing area opaque LSA without enabling the opaque capability. · to EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet containing AS opaque LSA without enabling the opaque capability. · to EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet containing NSSA external LSA in a non-NSSA area. · to EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet containing invalid LSA. · to EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet containing AS external LSA in the stub area or on the virtual link. $12: Time when the neighbor state changed. $13: Time when 4 Hello packets were received before the neighbor state change $14: Time when 4 Hello packets were sent before the neighbor state change |
|
Severity level |
5 (Notification) |
|
Example |
OSPF/5/OSPF_NBR_CHG_REASON: OSPF 1 Area 0.0.0.0 Router 2.2.2.2(GE1/0/1) CPU usage:3.80%, VPN name: a, IfMTU:1500, Neighbor address:10.1.1.2, NbrID:1.1.1.1 changed from Full to Down because OSPF interface parameters changed at 2019-04-01 15:20:57:034. Last 4 hello packets received at: 2019-09-01 15:19:46:225 2019-09-01 15:19:56:224 2019-09-01 15:20:06:225 2019-09-01 15:20:16:225 Last 4 hello packets sent at: 2019-09-01 15:20:22:033 2019-09-01 15:20:32:033 2019-09-01 15:20:42:032 2019-09-01 15:20:52:033 |
|
Impact |
OSPF neighbor state change sequence from low to high: Down->Init->2-Way->ExStart->Exchange->Loading->Full. If the neighbor state changes from a lower state to a higher state, it is normal operation information and does not need attention. If the neighbor state changes from a higher state to a lower state, service interruption might occur. |
|
Cause |
· OSPF adjacency state changes from Attempt to 1-way or Down, or from Down to 2-way or Full. · Configuration parameters of this end or the peer interface (such as Hello timer, Dead timer, interface authentication, etc.) are inconsistent. · Restart the OSPF protocol by executing the reset ospf process command. · Interface adjacency state on NBMA network or broadcast network changes from Full to other states, or from other states to Full. |
|
Recommended action |
1. Execute the display ospf peer command to check the "State" field, which indicates the neighbor state. If the neighbor state is Full, it is normal operation information and does not need to be processed. Otherwise, go to step 2. 2. Execute the display interface interface-type interface-number command to check the status of the interface connecting the neighbor. ¡ If the physical interface status is Up, go to step 3. ¡ If the physical interface status is Down, check if the shutdown command is configured on this interface. If the shutdown command is configured, execute the undo shutdown command, then go to step 3. If the shutdown command is not configured, go to step 3. 3. Check if the peer interface IP address can be pinged. ¡ If the ping is unsuccessful, go to step 6. ¡ If the ping is successful, go to step 4. 4. Execute the display ospf interface command to check the "State" field, which indicates the OSPF interface status. ¡ If the interface establishing neighbor relationship with the peer is in Down state, go to step 6. ¡ If the interface establishing neighbor relationship with the peer is in a non-Down state, go to step 5. 1. Execute the display ospf interface verbose command to check if the configuration parameters of this device and the peer device are consistent. ¡ If they are not consistent, modify them to be consistent. ¡ If they are consistent, go to step 6. 2. Collect the configuration file, log file, and alarms, and then contact Technical Support. |
OSPF_RTRID_CHG
|
Message text |
OSPF [UINT32] New router ID elected, restart OSPF if you want to make the new Router ID take effect. |
|
Variable fields |
$1: OSPF process ID. |
|
Severity level |
5 (Notification) |
|
Example |
OSPF/5/OSPF_RTRID_CHG: OSPF 1 New router ID elected, restart OSPF if you want to make the new Router ID take effect. |
|
Impact |
No negative impact on the system. |
|
Cause |
The user changed the Router ID or the interface IP used, which caused the OSPF router ID to change. Manual restart of OSPF is required to make the new router ID take effect. |
|
Recommended action |
If you want the new Router ID to take effect, ensure that restarting the process will not affect current business, and use the 'reset ospf process' command to make the new router ID take effect. |
OSPF_RTRID_CONFLICT_INTER
|
Message text |
OSPF [UINT16] Received newer self-originated ase-LSAs. Possible conflict of router ID [STRING]. |
|
Variable fields |
$1: OSPF process ID. $2: Router ID. |
|
Severity level |
6 (Informational) |
|
Example |
OSPF/6/OSPF_RTRID_CONFLICT_INTER: OSPF 1 Received newer self-originated ase-LSAs. Possible conflict of router ID 11.11.11.11. |
|
Impact |
AS External LSA continues to refresh, and external routes introduced by ASBR continue to flap |
|
Cause |
Two non-directly connected devices within the same OSPF domain may have the same router ID configured, with one device being the ASBR |
|
Recommended action |
1. Depending on the different ways to obtain the Router ID in the OSPF process, select different handling steps: ¡ If the OSPF process uses the global router ID, execute the router id command to edit the router ID. ¡ If the OSPF process uses a manually specified router ID, execute the ospf router-id command to edit the router ID. ¡ If the OSPF process uses an automatically obtained router ID, execute the ip address command to edit the IP address of the corresponding interface. 2. Execute the reset ospf process command to enable the new router ID to take effect. |
OSPF_RTRID_CONFLICT_INTRA
|
Message text |
OSPF [UINT16] Received newer self-originated router-LSAs. Possible conflict of router ID [STRING] in area [STRING]. |
|
Variable fields |
$1: OSPF process ID. $2: Router ID. $3: OSPF area ID. |
|
Severity level |
4 (Warning) |
|
Example |
OSPF/4/OSPF_RTRID_CONFLICT_INTRA: OSPF 1 Received newer self-originated router-LSAs. Possible conflict of router ID 11.11.11.11 in area 0.0.0.1. |
|
Impact |
Router LSA keeps refreshing, route flapping |
|
Cause |
Two non-directly connected devices in the same OSPF area may have the same router ID configured |
|
Recommended action |
1. Depending on the different ways to obtain the Router ID in the OSPF process, select different processing steps: ¡ If the OSPF process uses the global router ID, execute the router id command to edit the router ID. ¡ If the OSPF process uses a manually specified router ID, execute the ospf router-id command to edit the router ID. ¡ If the OSPF process uses an automatically obtained router ID, execute the ip address command to edit the IP address of the corresponding interface. 3. Execute the reset ospf process command to enable the new router ID to take effect.. |
OSPF_VLINKID_CHG
|
Message text |
OSPF [UINT32] Router ID changed, reconfigure Vlink on peer |
|
Variable fields |
$1: OSPF process ID. |
|
Severity level |
5 (Notification) |
|
Example |
OSPF/5/OSPF_VLINKID_CHG:OSPF 1 Router ID changed, reconfigure Vlink on peer |
|
Impact |
Modification of the remote device's virtual link configuration is required |
|
Cause |
The new Router ID of the local OSPF process takes effect |
|
Recommended action |
1. Execute the display ospf process-id command to obtain the router ID of the OSPF process. The value of the process-id argument is the OSPF process ID in this message. 2. On the remote device, use the undo vlink-peer command to delete the original virtual link configuration. Then, reconfigure the virtual link using the vlink-peer command and specify the Router ID from step 1 as the virtual link neighbor's Router ID. |
PBR messages
This section contains PBR messages.
PBR_HARDWARE_BIND_ERROR
|
Message text |
Failed to apply the policy [STRING] to interface [STRING] because of [STRING].. |
|
Variable fields |
$1: Policy name. $2: Interface name. $3: Hardware processing failure reasons: · insufficient hardware resources. · unsupported operations. · insufficient hardware resources and unsupported operations. |
|
Severity level |
4 (Warning) |
|
Example |
PBR/4/PBR_HARDWARE_BIND_ERROR: Failed to apply the policy abc to interface GigabitEthernet1/0/1 because of unsupported operations. |
|
Impact |
The interface cannot use PBR to forward packets. |
|
Cause |
Unicast PBR policy failed to be configured on the interface. |
|
Recommended action |
Edit the PBR policy configuration according to the failure reason: · If hardware resources are insufficient, check PBR configuration on the device and delete unnecessary settings. · If the system does not support the operation, identify whether the PBR configuration contains the if-match or apply clauses that are not supported by the device. · If hardware resources are insufficient, and the system does not support the operation, check for unnecessary PBR settings on the device, and identify whether the PBR configuration contains unsupported clauses. |
PBR_HARDWARE_ERROR
|
Message text |
Failed to update policy [STRING] because of [STRING]. |
|
Variable fields |
$1: Policy name. $2: Hardware error reasons: · insufficient hardware resources. · unsupported operations. · insufficient hardware resources and unsupported operations. |
|
Severity level |
4 (Warning) |
|
Example |
PBR/4/PBR_HARDWARE_ERROR: Failed to update policy aaa because of insufficient hardware resources and not supported operations. |
|
Impact |
You cannot use the most recent PBR configuration to guide packet forwarding. |
|
Cause |
The device failed to update PBR configuration. |
|
Recommended action |
Modify the PBR policy configuration according to the failure reason: · If hardware resources are insufficient, check PBR configuration on the device and delete unnecessary settings. · If the system does not support the operation, identify whether the PBR configuration contains the if-match or apply clauses that are not supported by the device. · If hardware resources are insufficient, and the system does not support the operation, check for unnecessary PBR settings on the device, and identify whether the PBR configuration contains unsupported clauses. |
PBR_NEXTHOP_CHANGE
|
Message text |
Policy name=[STRING], node ID=[STRING], VPN instance=[STRING], next hop=[STRING], next hop unreachable because of [STRING]. |
|
Variable fields |
$1: Policy name. $2: Node ID. $3: VPN instance name. For the public network, this field displays public. $4: Next hop IP address. $5: Next hop change reason: · FIB information change—The FIB information changed. · track entry status change—The track entry status changed. · configuration change—The PBR configuration on the device was edited. |
|
Severity level |
4 (Warning) |
|
Example |
PBR/4/PBR_NEXTHOP_CHANGE: Policy name=a, node ID=0, VPN instance=public, next hop=1.1.1.2, next hop unreachable because of FIB information change. |
|
Impact |
Packet forwarding might fail. |
|
Cause |
The link to the next hop specified in the PBR policy changed. |
|
Recommended action |
Take the action based on the next hop change reason: · For FIB information change, identify whether the FIB entry associated with the next hop is correct. · For track entry status change, locate the change reason and troubleshoot the associated issue. · For PBR configuration change, identify whether the edited PBR configuration meets forwarding requirements. |
PING messages
This section contains ping messages.
PING_STATISTICS
|
Message text |
[STRING] statistics for [STRING]: [UINT32] packet(s) transmitted, [UINT32] packet(s) received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms. |
|
Variable fields |
$1: Ping or ping6. $2: IP address, IPv6 address, or host name for the destination. $3: Number of sent echo requests. $4: Number of received echo replies. $5: Percentage of the non-replied packets to the total request packets. $6: Minimum round-trip delay. $7: Average round-trip delay. $8: Maximum round-trip delay. $9: Standard deviation round-trip delay. |
|
Severity level |
6 (Informational) |
|
Example |
PING/6/PING_STATISTICS: Ping statistics for 1.1.1.2: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.600/2.000/0.800 ms. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user uses the ping command to identify whether a destination in the public network is reachable. |
|
Recommended action |
· If the packet loss rate in the statistics is 0, it indicates normal communication, and no action is required. · If the packet loss rate is greater than 0 but less than 100%, packet loss has occurred. The reason might be unstable links or sudden traffic congesting the bandwidth. Perform the following tasks: ¡ Execute the display interface command to check the interface status. If the interface status changes frequently between up and down, it might be a cable fault or an issue with interface components. Please further identify and resolve the issue. ¡ Execute the display counter command to display packet rate statistics for interfaces that are up during the last statistics collection period. If there is a significant increase in traffic, burst traffic might exist. You can capture or mirror the traffic for analysis and set ACLs to filter unauthorized traffic. · If the packet loss rate is 100%, perform the following tasks: ¡ Execute the display interface command to identify whether the interface is down. If the interface is down, follow the prompts in the output to troubleshoot the issue. ¡ Execute the display ipv6 routing-table command to check the public network routing table for routes to the destination. If there are no routes, manually add a route or introduce it through a dynamic routing protocol. |
PING_VPN_STATISTICS
|
Message text |
[STRING] statistics for [STRING] in VPN instance [STRING] [UINT32] packet(s) transmitted, [UINT32] packet(s) received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms. |
|
Variable fields |
$1: Ping or ping6. $2: IP address, IPv6 address, or host name for the destination. $3: VPN instance name. $4: Number of sent echo requests. $5: Number of received echo replies. $6: Percentage of the non-replied packets to the total request packets. $7: Minimum round-trip delay. $8: Average round-trip delay. $9: Maximum round-trip delay. $10: Standard deviation round-trip delay. |
|
Severity level |
6 (Informational) |
|
Example |
PING/6/PING_VPN_STATISTICS: Ping statistics for 192.168.0.115 in VPN instance vpn1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user uses the ping command to identify whether a destination in a private network is reachable. |
|
Recommended action |
· If the packet loss rate in the statistics is 0, it indicates normal communication, and no action is required. · If the packet loss rate is greater than 0 but less than 100%, packet loss has occurred. The reason might be unstable links or sudden traffic congesting the bandwidth. Perform the following tasks: ¡ Execute the display interface command to check the interface status. If the interface status changes frequently between up and down, it might be a cable fault or an issue with interface components. Please further identify and resolve the issue. ¡ Execute the display counter command to display packet rate statistics for interfaces that are up during the last statistics collection period. If there is a significant increase in traffic, burst traffic might exist. You can capture or mirror the traffic for analysis and set ACLs to filter unauthorized traffic. · If the packet loss rate is 100%, perform the following tasks: ¡ Execute the display interface command to identify whether the interface is down. If the interface is down, follow the prompts in the output to troubleshoot the issue. ¡ Execute the display ipv6 routing-table command with the vpn keyword specified to check the VPN routing table for routes to the destination. If there are no routes, manually add a route or introduce it through a dynamic routing protocol. |
PKG messages
This section contains package management messages.
PKG_BOOTLOADER_FILE_FAILED
|
Message text |
Failed to execute the boot-loader file command. |
|
Variable fields |
None |
|
Severity level |
5 (Notification) |
|
Example |
PKG/5/PKG_BOOTLOADER_FILE_FAILED: -IPAddr=192.168.79.1-User=**; Failed to execute the boot-loader file command. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user executed the boot-loader file command, but the command failed. |
|
Recommended action |
Take actions as prompted by the command. |
PKG_BOOTLOADER_FILE_SUCCESS
|
Message text |
Executed the boot-loader file command successfully. |
|
Variable fields |
None |
|
Severity level |
5 (Notification) |
|
Example |
PKG/5/PKG_BOOTLOADER_FILE_SUCCESS: -IPAddr=192.168.79.1-User=**; Executed the boot-loader file command successfully. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user executed the boot-loader file command successfully. |
|
Recommended action |
No action is required. |
PKG_INSTALL_ACTIVATE_FAILED
|
Message text |
Failed to execute the install activate command. |
|
Variable fields |
None |
|
Severity level |
5 (Notification) |
|
Example |
PKG/5/PKG_INSTALL_ACTIVATE_FAILED: -IPAddr=192.168.79.1-User=**; Failed to execute the install activate command. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user executed the install activate command, but the command failed. |
|
Recommended action |
Take actions as prompted by the command. |
PKG_INSTALL_ACTIVATE_SUCCESS
|
Message text |
Executed the install activate command successfully. |
|
Variable fields |
None |
|
Severity level |
5 (Notification) |
|
Example |
PKG/5/PKG_INSTALL_ACTIVATE_SUCCESS: -IPAddr=192.168.79.1-User=**; Executed the install activate command successfully. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user executed the install activate command successfully. |
|
Recommended action |
No action is required. |
PKI messages
This section contains PKI messages.
REQUEST_CERT_FAIL
|
Message text |
Failed to request certificate of domain [STRING]. |
|
Variable fields |
$1: PKI domain name |
|
Severity level |
5 (Notification) |
|
Example |
PKI/5/REQUEST_CERT_FAIL: Failed to request certificate of domain abc. |
|
Impact |
· If the system does not have a certificate, the certificate related services will be unavailable. · When the certificate expires, the certificate related services will be unavailable. |
|
Cause |
This message is generated when the system fails to request certificate for a domain. |
|
Recommended action |
1. Execute the display clock command to check whether the system time is correct on the device. ¡ If not, edit the device time by using the clock datetime command. ¡ If yes, go to step 2. 2. Ping the connectivity between the device and CA server. ¡ If ping fails, troubleshoot the routes and physical links to ensure the connectivity between them. ¡ If ping succeeds, go to step 3. 3. Check whether the CA server provides services normally. ¡ If not, make the CA services normal. ¡ If yes, go to step 4. 4. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
REQUEST_CERT_SUCCESS
|
Message text |
Request certificate of domain [STRING] successfully. |
|
Variable fields |
$1: PKI domain name |
|
Severity level |
5 (Notification) |
|
Example |
PKI/5/REQUEST_CERT_SUCCESS: Request certificate of domain abc successfully. |
|
Impact |
No negative impact on the system. |
|
Cause |
The system successfully requested a certificate for a domain. |
|
Recommended action |
No action is required. |
PKT2CPU messages
This section contains PKT2CPU messages.
PKT2CPU_NO_RESOURCE
|
Message text |
-Interface=[STRING]-ProtocolType=[UINT32]-MacAddr=[STRING]; The resources are insufficient. -Interface=[STRING]-ProtocolType=[UINT32]-SrcPort=[UINT32]-DstPort=[UINT32]; The resources are insufficient. |
|
Variable fields |
$1: Interface type and number. $2: Protocol type. $3: MAC address or source port. $4: Destination port. |
|
Severity level |
4 (Warning) |
|
Example |
PKT2CPU/4/PKT2CPU_NO_RESOURCE: -Interface=Ethernet0/0/2-ProtocolType=21-MacAddr=0180-c200-0014; The resources are insufficient. |
|
Impact |
The service processing capability is affected, because the hardware resources are insufficient. |
|
Cause |
This message is generated when the hardware resources were insufficient. |
|
Recommended action |
1. Cancel the configuration that is not needed. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support. |
Portal messages
This section contains portal messages.
PORTAL_USER_LOGOFF
|
Message text |
UserName=[STRING], IPAddr=[STRING], IfName=[STRING], OuterVLAN=[UINT16], InnerVLAN=[UINT16], MACAddr=[STRING], Reason=[STRING], Input Octets=[UINT32], Output Octets=[UINT32], Input Gigawords=[UINT32], Output Gigawords=[UINT32], IPv6Input Octets=[UINT32], IPv6Output Octets=[UINT32], IPv6 Input Gigawords=[UINT32], IPv6Output Gigawords=[UINT32], SessionTime=[UINT32]; User logged off. |
|
Variable fields |
$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Reason for user offline, see Table 8. $8: Statistics of the user's upstream IPv4 traffic, in bytes. $9: Statistics of the user's downstream IPv4 traffic, in bytes. $10: Statistics of the user's upstream IPv4 traffic. The measurement unit is 4G bytes. $11: Statistics of the user's downstream IPv4 traffic. The measurement unit is 4G bytes. $12: Statistics of the user's upstream IPv6 traffic, in bytes. $13: Statistics of the user's downstream IPv6 traffic, in bytes. $14: Statistics of the user's upstream IPv6 traffic. The measurement unit is 4G bytes. $15: Statistics of the user's downstream IPv6 traffic. The measurement unit is 4G bytes. $16: Online duration of the user, in seconds. |
|
Severity level |
6 (Informational) |
|
Example |
PORTAL/6/PORTAL_USER_LOGOFF: UserName=abc, IPAddr=1.1.1.2, IfName=Route-Aggregation1023.4000, OuterVLAN=100, InnerVLAN=4000, MACAddr=0230-0103-5601, Reason=User request, Input Octets=100, Output Octets=200, Input Gigawords=100, Output Gigawords=200, IPv6Input Octets=100, IPv6Output Octets=200, IPv6Input Gigawords=100, IPv6Output Gigawords=200, SessionTime=200; User logged off. |
|
Impact |
No negative impact on the system. |
|
Cause |
A portal user went offline. Whether IPv6-related fields are displayed depends on the configuration of the portal user-log traffic-separate command. For more information, see portal commands in Security Command Reference. |
|
Recommended action |
Choose the recommended action according to the reason (see Table 8). |
Table 8 Reasons that a user goes offline and recommended actions
|
Reason |
Description |
Recommended action |
|
User request. |
The user requested to be offline. |
No action is required. |
|
DHCP entry deleted. |
The DHCP entry was deleted. |
Verify that the DHCP server configuration is correct. |
|
Idle timeout. |
The traffic of the user in the specified period of time does not reach the idle cut traffic threshold. |
No action is required. |
|
Session timeout. |
The user's online time has reached the session timeout time assigned by the server. |
No action is required. |
|
User detection failure. |
The user failed online detection. |
No action is required. |
|
Force logout by RADIUS server. |
The RADIUS server logged out the user. |
No action is required. |
|
Interface down. |
· The state of the access interface became Down or Deactive. · The access interface is a VLAN interface and a Layer 2 port left the VLAN. |
· Verify that a cable is correctly inserted to the user access interface, and the access interface is not shut down by using the shutdown command. · Verify that the user access interface card or subcard operates normally. · Verify that portal roaming is enabled on the user access Layer 2 Ethernet interface. |
|
Failed to assign a user rule. |
N/A. |
Release memory to ensure enough hardware memory space. |
|
Authorization info changed. |
Authorization information changed for the user. For example, the authorization ACL or user profile was deleted. |
No action is required. |
|
Force logout by access device. |
The device logged out the user. |
Make sure portal authentication functions normally on the user access interface. |
|
User info synchronization failure. |
The device failed to synchronize user information with the server. |
· Make sure the user heartbeat interval configured on the portal authentication server is not greater than the user synchronization detection timeout configured on the access device. · Verify that the server is reachable. |
|
User recovery failure. |
User information recovery failed. |
· Verify that the user access interface is up. · Verify that portal authentication is enabled on the user access interface. · Verify that the session timeout timer for the user does not expire. |
|
Authorization ACL for the online user changed. |
N/A |
· Verify that the authorization ACL for the user is correctly assigned. · Verify that strict checking on authorized ACLs is disabled. |
|
Authorization user profile for the online user changed. |
N/A |
· Verify that the authorization user profile for the user is correctly assigned by using the display user profile command. · Verify that strict checking on authorized user profiles is disabled. |
|
Accounting update failure. |
Failed to update accounting for the user. |
· Verify that the device can correctly communicate with the accounting server. · Verify that the status of the accounting server is active. |
|
Failed to start accounting. |
Failed to start accounting for the user. |
· Verify that the device can correctly communicate with the accounting server. · Verify that the status of the accounting server is active. |
|
User traffic reached threshold. |
Traffic of the user reached the traffic threshold set by the server. |
No action is required. |
|
Authorization VPN instance deleted. |
The authorization VPN instance was deleted. |
No action is required. |
|
Authorization ACL does not exist. |
The authorization ACL does not exist. |
Verify that the ACL is correctly configured on the device. |
|
Failed to get physical info. |
Failed to get the physical information. |
No action is required. |
|
Failed to add an ARP or ND entry for the user. |
Failed to add the ARP or ND entry of the user. |
No action is required. |
|
User information does not match user profile. |
The user information and the user profile do not match. |
No action is required. |
|
Authorization user profile does not exist. |
The authorization user profile does not exist. |
Verify that the user profile is correctly configured on the device. |
|
Failed to issue the user rule to the AP. |
Failed to issue the user rule to the AP. |
No action is required. |
|
Deleted the user for SSID switchover. |
The user was logged out after SSID switchover. |
No action is required. |
|
Failed to issue an OpenFlow rule to the AP. |
Failed to issue an OpenFlow rule to the AP. |
No action is required. |
|
Logged out the user after the wireless client disconnected. |
The user was logged out after the wireless client was disconnected. |
No action is required. |
|
Logged out the user when a new user with the same MAC address performed MAC-trigger authentication. |
The user was logged out because a new user with the same MAC address performed MAC-trigger authentication. |
No action is required. |
|
Logged out the user when a new dual-stack user with the same MAC address came online. |
The user was logged out because a new dual-stack user with the same MAC address came online. |
No action is required. |
|
The portal server failed to instruct the device to change the user IP address. |
The portal server failed to instruct the device to change the IP address of the user. |
No action is required. |
|
DHCP received a DHCP release packet. |
The user was logged out because DHCP received a DHCP release message. |
No action is required. |
|
DHCP lease expired. |
The DHCP lease of the user expired. |
No action is required. |
|
DHCP received a DHCP release packet from the WLAN roaming center. |
The WLAN roaming center instructed DHCP to log out the user because of a DHCP release message. |
No action is required. |
|
WLAN roaming center instructed portal to log out the user. |
The WLAN roaming center instructed portal to log out the user. |
No action is required. |
|
Logged out the user after user synchronization through WiFiDog. |
Portal logged out the user after it synchronized user information through WifFiDog. |
No action is required. |
|
The cloud portal server instructed portal to log out the user. |
The cloud portal server instructed portal to log out the user. |
No action is required. |
PORTAL_USER_LOGON_FAIL
|
Message text |
-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[STRING]-Reason=[STRING]; User failed to get online. |
|
Variable fields |
$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Login failure reason, see Table 9. |
|
Severity level |
6 (Informational) |
|
Example |
PORTAL/6/PORTAL_USER_LOGON_FAIL: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000- OuterVLAN=100-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason= Authentication Failed : 4; User failed to get online. |
|
Impact |
The portal user cannot come online or use portal services. |
|
Cause |
A portal user failed to come online. For possible reasons, see Table 9. |
|
Recommended action |
Choose the recommended action according to the reason, see Table 9. |
Table 9 Reasons that a user fails to come online and recommended actions
|
Reason |
Description |
Recommended action |
|
Authorization failure. |
Authorization failed, or authorization attributes deployment failed. |
· Verify that the device can correctly communicate with the authorization server. · Verify that the authorization user attributes exist on the device and are correctly configured. · Verify that the device supports the authorization user attributes. |
|
Received logout request. |
The user received a logout request from the portal server during the login process. |
Verify that the device can correctly communicate with the AAA server. |
|
Authentication failure. |
Authentication failed. |
· Verify that the device can correctly communicate with the authentication server. · Verify that the shared key is the same on the device and the authentication server. · Verify that the username is valid. · Verify that the password for the username is correct. · Verify that the authentication domain on the device is correct. |
|
Other error. |
Unknown error. |
N/A |
PORTAL_USER_LOGON_SUCCESS
|
Message text |
-UserName=[STRING]-IPAddr=[STRING]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[STRING]:User got online successfully. |
|
Variable fields |
$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. |
|
Severity level |
6 (Informational) |
|
Example |
PORTAL/6/PORTAL_USER_LOGON_SUCCESS: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000- OuterVLAN=100-InnerVLAN=4000-MACAddr=0230-0103-5601; User got online successfully. |
|
Impact |
No negative impact on the system. |
|
Cause |
A portal user came online successfully. |
|
Recommended action |
No action is required. |
PPP messages
This section contains PPP messages.
IPPOOL_ADDRESS_EXHAUSTED
|
Message text |
The address pool [STRING] was exhausted. |
|
Variable fields |
$1: Pool name. |
|
Severity level |
5 (Notification) |
|
Example |
PPP/5/IPPOOL_ADDRESS_EXHAUSTED: The address pool aaa was exhausted. |
|
Impact |
The address pool cannot allocate addresses to new online users. |
|
Cause |
This message is generated when the last address is assigned from the pool. |
|
Recommended action |
Add new addresses to the pool. |
PPP_USER_LOGON_SUCCESS
|
Message text |
-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]; The user came online successfully. |
|
Variable fields |
$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. |
|
Severity level |
6 (Informational) |
|
Example |
PPP/6/PPP_USER_LOGON_SUCCESS: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OuterVLAN=1000-InnerVLAN=4000-MACAddr=0230-0103-5601; The user came online successfully. |
|
Impact |
No negative impact on the system. |
|
Cause |
The user has come online successfully. |
|
Recommended action |
No action is required. |
PPP_USER_LOGON_FAILED
|
Message text |
-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; The user failed to come online. |
|
Variable fields |
$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Cause (see Table 10). |
|
Severity level |
6 (Informational) |
|
Example |
PPP/6/PPP_USER_LOGON_FAILED: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OuterVLAN=1000-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason=Authentication failed; The user failed to come online. |
|
Impact |
A user cannot come online. |
|
Cause |
For user online failure causes, see Table 10. |
|
Recommended action |
See Table 10. |
Table 10 Causes and recommended actions
|
Cause |
Description |
Recommended action |
|
Authentication method error |
The authentication method was configured incorrectly, possibly because the authentication method requested by users is inconsistent with the authentication method configured on the interface. |
Verify that the authentication method is configured correctly. |
|
AAA access limit reached |
The upper limit of concurrent logins using the same local user name is reached. |
1. Check the number of concurrent online users using the current local user name. 2. Modify the upper limit of the concurrent logins using the current local user name to a greater value by executing the access-limit command. |
|
The local user does not exist |
The local user was not configured. |
1. Verify that the dial-in user is a legal user. 2. Add the local user if the user is a legal user but the corresponding local user does not exist on the device. |
|
Local authentication failed: wrong password |
The local authentication was rejected because of the incorrect password. |
1. Verify that the username is correct. 2. Verify that the password is correct. |
|
No AAA response during authentication |
The device did not receive an AAA response from the authentication server during the authentication timeout time. |
1. Verify that the device communicates with the authentication server correctly. 2. Verify that the authentication server operates correctly. 3. Verify that the shared key on the device is the same as the shared key on the authentication server. |
|
RADIUS authentication reject |
The RADIUS server returned an access-reject packet. |
1. Verify that the username is correct. 2. Verify that the password is correct. |
|
AAA authorization information error |
Failed to add user authorization information. |
Verify that the authorization attributes deployed by the authorization server exist on the device and are configured correctly. |
|
Authentication request to AAA failed |
The device failed to send the authentication request to the AAA server. |
1. Verify that the device communicates with the authentication server correctly. 2. Verify that the authentication server operates correctly. |
|
Accounting request to AAA failed |
The device failed to send the accounting request to the AAA server. |
1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly. |
|
No authentication ACK from AAA |
The device failed to receive the authentication acknowledgment packet from the AAA server. |
1. Verify that the device communicates with the authentication server correctly. 2. Verify that the authentication server operates correctly. |
|
TACACS authentication reject |
The TACACS server returned an access-reject packet. |
1. Verify that the username is correct. 2. Verify that the password is correct. |
PPP_USER_LOGOFF
|
Message text |
-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; The user logged off. |
|
Variable fields |
$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Cause (see Table 11). |
|
Severity level |
6 (Informational) |
|
Example |
PPP/6/PPP_USER_LOGOFF: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OuterVLAN=1000-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason=Use request; The user logged off. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user went offline correctly. |
|
Recommended action |
No action is required. |
|
Cause |
Description |
|
User request |
The user connection was terminated at the user's request. |
PPP_USER_LOGOFF_ABNORMAL
|
Message text |
-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; The user logged off abnormally. |
|
Variable fields |
$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Cause (see Table 12). |
|
Severity level |
6 (Informational) |
|
Example |
PPP/6/PPP_USER_LOGOFF_ABNORMAL: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OuterVLAN=1000-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason=Lost Carrier; The user logged off abnormally. |
|
Impact |
The user has gone offline abnormally. |
|
Cause |
For the abnormal offline causes, see Table 12. |
|
Recommended action |
See Table 12. |
Table 12 Causes and recommended actions
|
Cause |
Description |
Recommended action |
|
Lost carrier |
The keepalive packets were lost, possibly because the link between the user device and the device connecting to the BAS fails. |
Save the related log information locally and contact the support. |
|
Lost service |
The service server (for example, L2TP) terminated the service. |
No action is required. |
|
Admin reset |
The user session was temporarily terminated by the administrator by executing the shutdown command because of management reasons. |
No action is required. |
|
BAS request |
Unknown reasons. |
Save the related log information locally and contact the support. |
|
Session timeout |
The user session timed out. |
Notify the user that the traffic quota is used up or to renew the user account. |
|
Traffic quota limit reached |
The user traffic limit was reached. |
Notify the user that the traffic is used up or to renew the user account. |
|
Logged off by the RADIUS server |
The AAA server logged off the user. |
No action is required. |
|
Accounting update failure |
The accounting update failed. |
1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly. |
|
No AAA response during realtime accounting |
The user did not receive the response from the accounting server during the timeout time. (In the realtime accounting phase.) |
1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly. |
|
No AAA response for accounting start |
The user did not receive the response from the accounting server during the timeout time. (In the accounting start phase.) |
1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly. |
|
No AAA response for accounting stop |
The user did not receive the response from the accounting server during the timeout time. (In the accounting stop phase.) |
1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly. |
|
PPP negotiation terminated |
The PPP negotiation was terminated. |
Verify that the configuration is correct. |
|
Repeated LCP negotiation packets |
Repeated LCP negotiation packets were received. |
Disconnect the client and initiate a connection again. |
|
The interface that the user accesses goes down |
N/A. |
1. Verify that the network cable of the user access interface is correctly connected. 2. Verify the user access card or subcard has no errors or is in position. |
|
The interface that the user accesses is shut down |
N/A. |
Verify that the shutdown command is not executed on the user access interface. |
|
Session idle cut |
The user traffic did not reach the threshold within the specified period. |
No action is required. |
PWDCTL messages
This section contains password control messages.
PWDCTL_ADD_BLACKLIST
|
Message text |
User [STRING] from [IPADDR] was added to the blacklist for failed login attempts. |
|
Variable fields |
$1: Username. $1: User IP address. |
|
Severity level |
6 (Informational) |
|
Example |
PWDCTL/6/PWDCTL_ADD_BLACKLIST: User hhh from 1.1.1.1 was added to the blacklist for failed login attempts. |
|
Impact |
The user is added to the blacklist without being locked. However, when the maximum login attempts with incorrect passwords are reached, the user account will be locked. |
|
Cause |
· The user entered an incorrect password, · The user service type is not matched. · The user is not activated. |
|
Recommended action |
1. Enter the correct password to log in to the device. If the issue persists, go to step 2. 2. Identify whether the related settings including the password control and user service type are correct on the device. If the related settings are correct, go to step 3. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PWDCTL_CHANGE_PASSWORD
|
Message text |
[STRING] changed the password because [STRING]. |
|
Variable fields |
$1: Username. $2: The reasons for changing the password. ¡ it was the first login of the account. ¡ the password had expired. ¡ the password was too short. ¡ the password was not complex enough. ¡ the password was default password |
|
Severity level |
6 (Informational) |
|
Example |
PWDCTL/6/PWDCTL_CHANGE_PASSWORD: hhh changed the password because It is the first login of the account. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user must change the password in one of the following conditions: · A user logs in to the device for the first time and the password change at first login feature is enabled. · The user password has exceeded the password aging time. · The user password length is less than the minimum password length. · The user password does not match the password complexity checking policy. · Device management users log in to the device with the default password via Telnet, SSH, HTTP, and HTTPS. This message is generated after you change the password. |
|
Recommended action |
After a user changes the password, log in to the device again with the new password. |
PWDCTL_DELETE_BLACKLIST
|
Message text |
User [STRING] was deleted from the blacklist. |
|
Variable fields |
$1: Username. |
|
Severity level |
5 (Notification) |
|
Example |
PWDCTL/5/PWDCTL_DELETE_BLACKLIST: User hhh was deleted from the blacklist. |
|
Impact |
No negative impact on the system. |
|
Cause |
· The user account is removed from the password control blacklist. · The administrator uses the reset password-control blacklist command to remove the user account from the password control blacklist. |
|
Recommended action |
Use the username that is removed from the blacklist to log in to the device again. |
PWDCTL_FAILED_TO_OPENFILE
|
Message text |
Failed to create or open the password file. |
|
Variable fields |
N/A |
|
Severity level |
3 (Error) |
|
Example |
PWDCTL/3/PWDCTL_FAILED_TO_OPENFILE: Failed to open the password file. |
|
Impact |
The password control feature is not available. |
|
Cause |
· The storage space is insufficient in the system. · The running memory is insufficient in the system. |
|
Recommended action |
1. Execute the dir command in user view to view the remaining storage space. If the remaining storage space is insufficient, delete unnecessary files to release the space. If the remaining storage space is sufficient, go to step 2. 2. Release memory resources. For example, execute the logfile save command to save the content from the log file buffer to the log file to release memory resources occupied by the log file buffer. 2. Execute the display memory to display memory usage information. ¡ If the memory usage does not drop below the alarm threshold, execute the display process command to check the memory usage of the user-mode processes. If a process uses a large amount of memory and is not required, you can enable or disable the corresponding software feature for that process to release memory. ¡ If the memory usage drops below the alarm threshold, the memory alarm is cleared and the password control feature will continue to take effect. 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PWDCTL_FAILED_TO_WRITEPWD
|
Message text |
Failed to write the password records to file. |
|
Variable fields |
N/A |
|
Severity level |
3 (Error) |
|
Example |
PWDCTL/3/PWDCTL_FAILED_TO_WRITEPWD: Failed to write the password records to file. |
|
Impact |
A user failed to log in to the device. |
|
Cause |
The storage space is insufficient in the system. |
|
Recommended action |
Execute the dir command in user view to view the remaining storage space: · If the remaining storage space is insufficient, delete unnecessary files to release the space. · If the remaining storage space is sufficient, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PWDCTL_NOENOUGHSPACE
|
Message text |
Not enough free space on the storage media where the file is located. |
|
Variable fields |
N/A |
|
Severity level |
3 (Error) |
|
Example |
PWDCTL/3/PWDCTL_NOENOUGHSPACE: Not enough free space on the storage media where the file is located. |
|
Impact |
The password control feature failed to be configured. |
|
Cause |
The memory space is insufficient on the storage media such as the flash or CF card where the .dat file is located. |
|
Recommended action |
Execute the dir command in user view to view the remaining storage space in the system. · If the remaining storage space is insufficient, delete unnecessary files to release the space. · If the remaining storage space is sufficient, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PWDCTL_NOTFOUNDUSER
|
Message text |
Can't find the username in the file. |
|
Variable fields |
N/A |
|
Severity level |
3 (Error) |
|
Example |
PWDCTL/3/PWDCTL_NOTFOUNDUSER: Can't find the username in the file. |
|
Impact |
The user password failed to be configured. The user cannot log in to the device. |
|
Cause |
· The LAUTHD process is abnormal. · The local user configuration is abnormal. |
|
Recommended action |
1. Disable the password control feature and then enable the password control feature. If the issue persists, go to step 2. 2. Create a local user. If the issue persists, go to step 3. 3. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PWDCTL_UPDATETIME
|
Message text |
Last login time updated after clock update. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
PWDCTL/6/PWDCTL_UPDATETIME: Last login time updated after clock update. |
|
Impact |
No negative impact on the system. |
|
Cause |
This message is generated when the last login time is updated. |
|
Recommended action |
No action is required. |
PWDCTL_USER_LOCK
|
Message text |
User [STRING] from [IPADDR] was [STRING] after making the maximum login attempts. |
|
Variable fields |
$1: Username. $2: User IP address. $3: The locking action to be taken after the user fails the maximum number of consecutive login attempts: ¡ locked in lock-time minutes—Locks the user account for a period of time. When the locking timer expires, users can use this user account to log in. ¡ permanently locked—Locks the user account permanently. |
|
Severity level |
4 (Warning) |
|
Example |
1. PWDCTL/4/PWDCTL_USER_LOCK: User hhh from 1.1.1.1 was locked in 1 minutes after making the maximum login attempts. 2. PWDCTL/4/PWDCTL_LOCKBLACKLIST: User hhh from 1.1.1.1 was permanently locked after making the maximum login attempts. |
|
Impact |
A user cannot log in to the device before the locking period expires. |
|
Cause |
The action to be taken after the user fails the maximum number of consecutive login attempts depends on the password-control login-attempt command. |
|
Recommended action |
Execute the display password-control blacklist command to identify whether the user account is locked because the maximum number of consecutive login attempts was exceeded. · If yes, make login attempts after the locking timer expires or remove the user account from the blacklist by executing reset password-control blacklist. · If no, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
PWDCTL_USER_UNLOCK
|
Message text |
User [STRING] was unlocked when the lock time expired. |
|
Variable fields |
$1: Username. |
|
Severity level |
5 (Notification) |
|
Example |
PWDCTL/5/PWDCTL_USER_UNLOCK: User hhh was unlocked when the lock time expired. |
|
Impact |
No negative impact on the system. |
|
Cause |
The user account is unlocked after the locking timer expires. |
|
Recommended action |
No action is required. |
PWDCTL_USER_INLOCKING
|
Message text |
User [STRING] from [IPADDR] has been locked due to exceeding the maximum number of login attempts. |
|
Variable fields |
$1: Username. $2: User IP address. |
|
Severity level |
5 (Notification) |
|
Example |
PWDCTL/5/PWDCTL_USER_INLOCKING: User hhh from 1.1.1.1 has been locked due to exceeding the maximum number of login attempts. |
|
Impact |
A user cannot log in to the device before the locking period expires. |
|
Cause |
Login attempts were made during the locking period of the user account. |
|
Recommended action |
Execute the display password-control blacklist command to identify whether the user account is locked because the maximum number of consecutive login attempts was exceeded. · If yes, make login attempts after the locking timer expires or remove the user account from the blacklist by executing reset password-control blacklist. · If no, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
QoS
This section contains QoS messages.
MIRROR_SYNC_CFG_FAIL
|
Message text |
Failed to restore configuration for monitoring group [UINT32] in [STRING], because [STRING] |
|
Variable fields |
$1: Monitoring group number $2: Slot number. $3: Detailed reasons for data recovery failure |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/MIRROR_SYNC_CFG_FAIL: Failed to restore configuration for monitoring group 1 in chassis 2 slot 1, because monitoring resources are insufficient. |
|
Impact |
Member ports in the monitoring group are not effective |
|
Cause |
After the business board is inserted into the device, the recovery of the monitoring group's configuration information fails, that is, the configuration of member ports related to the monitoring group does not exist. The reasons for the failure are as follows: · The total number of monitoring ports exceeds the maximum supported by the current monitoring group · The monitoring resources of the current business board are insufficient · The type of ports in the monitoring group is not supported by the current business board |
|
Recommended action |
Please reconfigure the member ports of the monitoring group according to actual needs |
QOS_BANDWIDTH_TOTALCHANNEL
|
Message text |
Failed to set the interface bandwidth for interface [STRING] because the interface bandwidth is less than the total channel bandwidth. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_BANDWIDTH_TOTALCHANNEL: Failed to set the interface bandwidth for interface GigabitEthernet4/0/1 because the interface bandwidth is less than the total channel bandwidth. |
|
Impact |
The interface bandwidth does not take effect. |
|
Cause |
This message is generated when the bandwidth of the main interface is smaller than the total channelized bandwidth of subinterfaces. |
|
Recommended action |
Use the bandwidth command to increase the bandwidth of the main interface or use the mode channel-bandwidth command reduce the channelized bandwidth of a subinterface. |
QOS_CAR_APPLYUSER_FAIL
|
Message text |
[STRING]; Failed to apply the [STRING] CAR in [STRING] profile [STRING] to the user. Reason: [STRING]. |
|
Variable fields |
$1: User ID Information $2: CAR Application Orientation $3: Profile Type $4: Profile Name $5: Failure cause. ¡ The resources are insufficient. The operation is not supported. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_CAR_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to apply the inbound CAR in user profile a to the user. Reason: The resources are insufficient. |
|
Impact |
The traffic policing configured in the user profile, user group profile, or session group profile bound to the online user is invalid. |
|
Cause |
· The CAR configured in the user profile, user group profile, or session group profile delivered during the user online process has failed. · The modification or addition of CAR in the user profile, user group profile, or session group profile bound to the already online user has failed. |
|
Recommended action |
1. Please delete the CAR configuration under this user profile, user group profile, or session group profile. 2. Please execute the 'display resource-monitor' command to check if the remaining resources corresponding to bras_car in the displayed fields are sufficient. If the resources are insufficient, delete some unnecessary traffic policing configurations. 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
QOS_CBQ_REMOVED
|
Message text |
CBQ is removed from [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_CBQ_REMOVED: CBQ is removed from GigabitEthernet4/0/1. |
|
Impact |
For the traffic behavior in the QoS policy applied on the interface, if class-based queuing is configured, packets that comply with the traffic classification in the QoS policy on the interface do not follow the CBQ queue scheduling defined in the traffic behavior |
|
Cause |
When the maximum available bandwidth or interface rate on the interface is changed to be lower than the minimum guaranteed bandwidth required by the original CBQ configuration on the interface, the system removes the CBQ from the interface |
|
Recommended action |
Please execute the 'bandwidth' command to modify the maximum available bandwidth on the interface so that it meets the bandwidth requirement in CBQ, then reapply the QoS policy containing CBQ traffic behavior on the interface |
QOS_CHANNEL_APPLYIF_FAIL
|
Message text |
Failed to set the channel bandwidth on interface [STRING] Reason The total channel bandwidth exceeds the interface bandwidth. |
|
Variable fields |
$1: Subinterface name. |
|
Severity level |
3 (Error) |
|
Example |
QOS/3/QOS_CHANNEL_APPLYIF_FAIL: Failed to set the channel bandwidth on interface GigabitEthernet4/0/1.1 Reason The total channel bandwidth exceeds the interface bandwidth. |
|
Impact |
The channelized bandwidth setting for the subinterface does not take effect. |
|
Cause |
The total channelized bandwidth exceeds the interface bandwidth. |
|
Recommended action |
1. Use the bandwidth command to increase the bandwidth of the main interface or use the mode channel-bandwidth command reduce the channelized bandwidth of a subinterface. 2. If the qos lr command is executed on the interface and the total channelized bandwidth exceeds the rate limit value, use the qos lr command to increase the rate limit value or use the mode channel-bandwidth command reduce the channelized bandwidth of a subinterface. |
QOS_GTS_APPLYUSER_FAIL
|
Message text |
[STRING]; Failed to apply GTS in user profile [STRING] to the user. Reason: [STRING]. |
|
Variable fields |
$1: User ID information $2: User profile name. $3: Failure cause. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_GTS_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply GTS in user profile a to the user. Reason: The resources are insufficient. |
|
Impact |
The traffic shaping in the User Profile of the application is not effective |
|
Cause |
The GTS information issued during user online process failed The user has already gone online, but the modification or addition of GTS information failed |
|
Recommended action |
1. Please delete or modify the GTS configuration under this User Profile 2. Please execute the 'display resource-monitor' command to check if the remaining resources corresponding to the 'queue_shape' in the displayed field are sufficient. If the resources are insufficient, delete some unnecessary traffic shaping configurations 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
QOS_IFA_OUTPUT_IFFAIL
|
Message text |
Failed to find an output interface for destination IP address [STRING]. |
|
Variable fields |
$1: Destination IP address. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_IFA_OUTPUT_IFFAIL: Failed to find an output interface for destination IP address 1.1.1.1. |
|
Impact |
Packets fail to be forwarded. |
|
Cause |
No output interface is found based on the destination IP address. |
|
Recommended action |
Use the display ip routing-table command to identify whether the destination IP address is reachable. If no, use IGP, BGP, or static routing to learn the destination IP address. |
QOS_ITACAR_APPLYUSER_FAIL
|
Message text |
[STRING]; Failed to apply the ITA CAR at level [STRING] to the user. Reason: [STRING]. |
|
Variable fields |
$1: User identity. $2: ITA CAR level. $3: Failure cause: ¡ The ITA CAR is not supported. ¡ The resources are insufficient. ¡ The value is out of range. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_ITACAR_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-SVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply the ITA CAR at level 7 to the user. Reason: The ITA CAR is not supported. |
|
Impact |
The ITA CAR does not take effect. |
|
Cause |
The system failed to apply or modify traffic policing parameters in the ITA CAR policy. |
|
Recommended action |
1. Use the display resource-monitor command to identify whether the available bras_car resources are sufficient. If no, delete unused CAR settings. 2. Cancel the ITA CAR policy or modify the traffic policing parameters. |
QOS_NOT_ENOUGH_BANDWIDTH
|
Message text |
Policy [STRING] request bandwidth [UINT32](kbps). Only [UINT32](kbps) available on [STRING]. |
|
Variable fields |
$1: QoS policy name. $2: Bandwidth required by CBWFQ $3: Available bandwidth on the interface $4: Interface name. |
|
Severity level |
3 (Error) |
|
Example |
QOS/3/QOS_NOT_ENOUGH_BANDWIDTH: Policy d request bandwidth 10000(kbps). Only 80(kbps) available on GigabitEthernet4/0/1. |
|
Impact |
Class-based queuing (CBQ) applied on the interface is not effective |
|
Cause |
CBQ configuration fails because the minimum guaranteed bandwidth required by CBQ is greater than the interface's maximum available bandwidth |
|
Recommended action |
Please adjust the minimum guaranteed bandwidth in the CBQ configuration, then reapply the QoS policy containing CBQ traffic behavior on the interface, or execute the 'bandwidth' command to modify the maximum available bandwidth on the interface to meet the bandwidth requirements in CBQ |
QOS_NOT_ENOUGH_NNIBANDWIDTH
|
Message text |
Pattern 1: The total UNI bandwidth is greater than the NNI bandwidth. Pattern 2: The total UNI bandwidth is greater than the NNI bandwidth. The bandwidth of [STRING] is changed. Pattern 3: The total UNI bandwidth is greater than the NNI bandwidth.[STRING] is created based on [STRING] of the UNI interface. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
Pattern 1: QOS/4/ QOS_NOT_ENOUGH_NNIBANDWIDTH: The total UNI bandwidth is greater than the NNI bandwidth. Pattern 2: QOS/4/ QOS_NOT_ENOUGH_NNIBANDWIDTH: The total UNI bandwidth is greater than the NNI bandwidth. The bandwidth of GigabitEthernet4/0/1 is changed. Pattern 3: QOS/4/ QOS_NOT_ENOUGH_NNIBANDWIDTH: The total UNI bandwidth is greater than the NNI bandwidth. Virtual-Access1 is created based on Virtual-Template1 of the UNI interface. |
|
Impact |
There may be congestion and packet loss in the upstream traffic |
|
Cause |
Pattern 1: · When users increase the bandwidth of the upstream interface or decrease the bandwidth limit of the downstream interface, the total downstream bandwidth still exceeds the threshold of the upstream bandwidth Pattern 2: · Interface bandwidth changes result in the total downstream bandwidth exceeding the total upstream bandwidth Pattern 3: · The creation of a new Virtual-Access interface results in the total downstream bandwidth exceeding the total upstream bandwidth |
|
Recommended action |
Increase the threshold of the upstream bandwidth or reduce the downlink limited bandwidth configuration of the UNI interface |
QOS_POLICY_APPLYCOPP_CBFAIL
|
Message text |
Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING]. |
|
Variable fields |
$1: CB to name $2: QoS policy name. $3: Traffic direction. $4: Slot number. $5: Failure cause. ¡ The behavior is empty. Only one rate-limiting action is supported in one behavior to be applied to the control plane. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_POLICY_APPLYCOPP_CBFAIL: Failed to apply classifier-behavior d in policy b to the inbound direction of control plane slot 3. The behavior is empty. |
|
Impact |
Apply QoS policy on the control plane, and a traffic behavior in the QoS policy does not take effect |
|
Cause |
Add or modify the configuration of a CB pair in a certain orientation on the control plane |
|
Recommended action |
Please modify the configuration of the traffic behavior in the QoS policy according to the failure reason |
QOS_POLICY_APPLYCOPP_FAIL
|
Message text |
Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING]. |
|
Variable fields |
$1: QoS policy name. $2: Traffic direction. $3: Slot number. $4: Failure cause. The operation is not supported. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_POLICY_APPLYCOPP_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of control plane slot 3. The operation is not supported. |
|
Impact |
The QoS policy applied on the control plane is not taking effect |
|
Cause |
Applying or updating the QoS policy in a certain orientation on the control plane has failed |
|
Recommended action |
1. Please modify the QoS policy and reapply it on the control plane 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
QOS_POLICY_APPLYGLOBAL_CBFAIL
|
Message text |
Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction globally. [STRING]. |
|
Variable fields |
$1: CB against name $2: QoS policy name. $3: Traffic direction. $4: Failure cause. The behavior is empty: traffic behavior is empty |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_POLICY_APPLYGLOBAL_CBFAIL: Failed to apply classifier-behavior a in policy b to the outbound direction globally. The behavior is empty. |
|
Impact |
Apply global QoS policy, but a traffic behavior in this policy is not taking effect |
|
Cause |
Add or modify a CB pair configuration in a global direction of the QoS policy |
|
Recommended action |
1. Please modify the CB pair in this QoS policy and reapply it in the control plane 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
QOS_POLICY_APPLYGLOBAL_FAIL
|
Message text |
Failed to apply or refresh QoS policy [STRING] to the [STRING] direction globally. [STRING]. |
|
Variable fields |
$1: QoS policy name. $2: Traffic direction. $3: Failure cause. The operation is not supported. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_POLICY_APPLYGLOBAL_FAIL: Failed to apply or refresh QoS policy b to the inbound direction globally. The operation is not supported. |
|
Impact |
The global QoS policy does not take effect |
|
Cause |
A newly configured or modified QoS policy is applied to a specific orientation globally |
|
Recommended action |
Collect the configuration file, log file, and alarms, and then contact Technical Support. |
QOS_POLICY_APPLYIF_CBFAIL
|
Message text |
Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of interface [STRING]. [STRING]. |
|
Variable fields |
$1: CB pair name. $2: QoS policy name. $3: Traffic direction. $4: Interface name. $5: Failure cause. ¡ The behavior is empty.: Traffic behavior is empty, no action is configured ¡ The card where the interface specified in the class-behavior association resides is not in position. ¡ Only one service class marking action is supported for the same EXP value on the same interface and the service class value can't be modified except that the old value has been deleted. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_POLICY_APPLYIF_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of interface Ethernet3/1/2. The behavior is empty. |
|
Impact |
QoS policy is applied on the interface, and a traffic behavior in this QoS policy does not take effect |
|
Cause |
Add or modify a CB pair configuration in a certain direction of the interface's QoS policy |
|
Recommended action |
1. Please modify the CB pair configuration in the QoS policy according to the failure reason 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
QOS_POLICY_APPLYIF_FAIL
|
Message text |
Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of interface [STRING]. [STRING]. |
|
Variable fields |
$1: QoS policy name. $2: Traffic direction. $3: Interface name. $4: Failure cause. The operation is not supported. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_POLICY_APPLYIF_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of interface Ethernet3/1/2. The operation is not supported. |
|
Impact |
The QoS policy configured under the interface does not take effect |
|
Cause |
Configure or modify the QoS policy on a certain orientation of the interface |
|
Recommended action |
Collect the configuration file, log file, and alarms, and then contact Technical Support. |
QOS_POLICY_APPLYTUN_FAIL
|
Message text |
Failed to apply or refresh QoS policy [STRING] to [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: QoS policy name. $2: Tunnel information. $3: Failure cause: ¡ The filtering action is not supported. ¡ The marking action is not supported. ¡ The mirroring action is not supported. ¡ The redirect action is not supported. ¡ The QoS policy does not exist. ¡ The QoS policy was deleted. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_POLICY_APPLYTUN_FAIL: Failed to apply or refresh QoS policy b to ADVPN session Tunnel1 192.168.0.10. Reason: The marking action is not supported. |
|
Impact |
The QoS policy applied to the tunnel does not take effect |
|
Cause |
An action in the QoS policy is not supported. |
|
Recommended action |
1. Modify the QoS policy according to the failure cause. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
QOS_POLICY_APPLYTUN_SUCCESS
|
Message text |
QoS policy [STRING] was successfully applied or refreshed to [STRING]. |
|
Variable fields |
$1: QoS policy name. $2: Tunnel information. |
|
Severity level |
6 (Informational) |
|
Example |
QOS/6/QOS_POLICY_APPLYTUN_SUCCESS: QoS policy b was successfully applied or refreshed to ADVPN session Tunnel1 192.168.0.10. |
|
Impact |
No negative impact on the system. |
|
Cause |
A QoS policy was applied to a tunnel or modified successfully. |
|
Recommended action |
No action is required. |
QOS_POLICY_APPLYUSER_FAIL
|
Message text |
[STRING]; Failed to apply the [STRING] QoS policy [STRING] in user profile [STRING] to the user. Reason: [STRING]. |
|
Variable fields |
$1: User ID (UID) information $2: Orientation of QoS policy application $3: QoS policy name. $4: User profile name. $5: Failure cause. The QoS policy is not supported.: The QoS policy is not supported under User Profile |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_POLICY_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply the inbound QoS policy p in user profile a to the user. Reason: The QoS policy is not supported. |
|
Impact |
QoS policy for applications under User Profile is not effective |
|
Cause |
· During user login, the QoS policy configured in the User Profile is issued · The user has already logged in, modify the QoS policy information in the User Profile or add a new QoS policy |
|
Recommended action |
1. Please delete or modify the QoS policy configured in the User Profile 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
QOS_POLICY_APPLYVLAN_CBFAIL
|
Message text |
Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING]. |
|
Variable fields |
$1: CB to name $2: QoS policy name. $3: Traffic direction. $4: VLAN ID $5: Failure cause. The behavior is empty. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_POLICY_APPLYVLAN_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of VLAN 2. The behavior is empty. |
|
Impact |
Based on VLAN, apply QoS policy, and a traffic behavior in the QoS policy is not effective |
|
Cause |
Add or modify a CB pair configuration in a certain orientation of VLAN |
|
Recommended action |
1. Please modify the CB pair configuration in the QoS policy based on the failure reason 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
QOS_POLICY_APPLYVLAN_FAIL
|
Message text |
Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING]. |
|
Variable fields |
$1: QoS policy name. $2: Traffic direction. $3: VLAN ID $4: Failure cause. The operation is not supported.: VLAN does not support this QoS policy |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_POLICY_APPLYVLAN_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of VLAN 2. The operation is not supported. |
|
Impact |
QoS policy based on VLAN application does not take effect |
|
Cause |
Add or modify QoS policy on a certain orientation of VLAN |
|
Recommended action |
1. Please delete or modify the QoS policy applied on a certain orientation of VLAN 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
QOS_PRIORITY_APPLYUSER_FAIL
|
Message text |
Failed to identify the [STRING] priority of the user. Reason: [STRING]. |
|
Variable fields |
$1: Traffic direction. $2: Failure cause. ¡ The priority type is not supported. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_PRIORITY_APPLYUSER_FAIL: Failed to identify the inbound priority of the user. Reason: The priority type is not supported. |
|
Impact |
The device cannot obtain the priority of the user and cannot schedule packets for the user based on the user priority. |
|
Cause |
The system failed to modify the priority of incoming packets or enqueue packets according to the RADIUS-assigned user priority. |
|
Recommended action |
On the RADIUS server, disable the RADIUS server from assigning the user priority or modify the user priority to be assigned by the RADIUS server. |
QOS_QMPROFILE_APPLYUSER_FAIL
|
Message text |
[STRING]; Failed to apply queue scheduling profile [STRING] in session group profile [STRING] to the user. Reason: [STRING]. |
|
Variable fields |
$1: User ID information $2: Queue Scheduling Policy Name $3: Session Group Profile Name $4: Failure cause. The QMProfile is not supported. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_QMPROFILE_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-SVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply queue scheduling profile b in session group profile a to the user. Reason: The QMProfile is not supported. |
|
Impact |
The queue scheduling policy configured in the Session Group Profile for authorized online users is not taking effect |
|
Cause |
· During the user's online process, the queue scheduling policy configured in the Session Group Profile is delivered · The user is already online, and the queue scheduling policy configuration in the Session Group Profile is modified or added |
|
Recommended action |
Please remove the queue scheduling policy in the Session Group Profile for authorized online users |
QOS_QMPROFILE_MODIFYQUEUE_FAIL
|
Message text |
Failed to configure queue [UINT32] in queue scheduling profile [STRING]. [STRING]. |
|
Variable fields |
$1: Queue number $2: Name of queue scheduling policy $3: Failure cause. The value is out of range. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/QOS_QMPROFILE_MODIFYQUEUE_FAIL: Failed to configure queue 1 in queue scheduling profile myqueue. The value is out of range. |
|
Impact |
Queue scheduling in the scheduling policy cannot be modified, and still takes effect according to the original queue scheduling method and parameters |
|
Cause |
After applying the queue scheduling policy at the interface, if the configuration of a queue in the queue scheduling policy is modified, and the new configuration parameters exceed the port capacity |
|
Recommended action |
1. Please delete the applied queue scheduling policy at the interface before modifying the queue parameters in the queue scheduling policy 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
QOS_UNI_RESTORE_FAIL
|
Message text |
Failed to restore the UNI configuration of [STRING], because the total UNI bandwidth is greater than the NNI bandwidth. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/ QOS_NNIBANDWIDTH_OVERFLOW: Failed to restore the UNI configuration of the interface GigabitEthernet5/1/5, because the total UNI bandwidth is greater than the NNI bandwidth. |
|
Impact |
Downlink bandwidth limit of UNI interface configuration in bandwidth guarantee group does not take effect |
|
Cause |
When the business card is restarted or reinserted into the chassis, and the UNI interface configuration data is restored, the restoration of UNI interface configuration data fails because the total bandwidth limit on the UNI interface exceeds the uplink interface bandwidth threshold |
|
Recommended action |
Please reconfigure the bandwidth in the bandwidth guarantee group, such as increasing the uplink interface bandwidth threshold or reducing the UNI interface CAR bandwidth limit, and execute the 'qos uni enable' command to re-enable the bandwidth guarantee group function of the UNI interface |
WRED_TABLE_CFG_FAIL
|
Message text |
Failed to dynamically modify the configuration of WRED table [STRING], because [STRING]. |
|
Variable fields |
$1: WRED table name. $2: Configuration failure detailed reasons ECN is not supported. |
|
Severity level |
4 (Warning) |
|
Example |
QOS/4/WRED_TABLE_CFG_FAIL: Failed to dynamically modify the configuration of WRED table a, because ECN is not supported. |
|
Impact |
Modifying the configuration in the WRED table does not take effect |
|
Cause |
Due to the hardware service board not supporting certain features, such as ECN function, the modification of the corresponding function configuration in the WRED table failed |
|
Recommended action |
Do not configure relevant functions that the service board does not support or collect configuration files, log information, and alarm messages, and contact technical support |
RADIUS messages
This section contains RADIUS messages.
RADIUS_ACCT_SERVER_DOWN
|
Message text |
RADIUS accounting server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the accounting server. $2: Port number of the accounting server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
4 (Warning) |
|
Example |
RADIUS/4/RADIUS_ACCT_SERVER_DOWN: RADIUS accounting server was blocked: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
The server cannot be reached and user association fails. |
|
Cause |
The device detected that the status of the RADIUS accounting server changed from active to block. |
|
Recommended action |
1. Execute the display interface command to verify that the accounting server interface has started up. If the server interface is not up, verify that the physical link connection is correct. 2. Execute the ping command to ping the accounting server to verify that the server is reachable. If the server is not reachable, check the network reachability between the device and the RADIUS accounting server, and then examine whether firewalls or similar devices exist in the network. 3. Execute the display current-configuration command to verify that the RADIUS accounting server configuration is correct on the device. For more information, see AAA Command Reference and AAA Configuration Guide. 4. If the issue persists, collect the configuration file, log information, and alarm information, and then contact Technical Support. |
RADIUS_ACCT_SERVER_UP
|
Message text |
RADIUS accounting server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the accounting server. $2: Port number of the accounting server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
6 (Informational) |
|
Example |
RADIUS/6/RADIUS_ACCT_SERVER_UP: RADIUS accounting server became active: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device detected that the status of the RADIUS accounting server changed from block to active. |
|
Recommended action |
No action is required. |
RADIUS_AUTH_FAILURE
|
Message text |
User [STRING] at [STRING] failed authentication. |
|
Variable fields |
$1: Username. $2: IP address. |
|
Severity level |
5 (Notification) |
|
Example |
RADIUS/5/RADIUS_AUTH_FAILURE: User abc@system at 192.168.0.22 failed authentication. |
|
Impact |
User authentication failed. |
|
Cause |
The RADIUS server rejected the authentication request of the user. |
|
Recommended action |
1. Check the RADIUS authentication-related configurations on the device, and contact the server administrator to confirm the reason for rejecting authentication requests, then resolve the issue based on the specific cause. 2. If the issue persists, collect the device configuration file, log information, alarm information, and contact Technical Support. |
RADIUS_AUTH_SERVER_DOWN
|
Message text |
RADIUS authentication server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the authentication server. $2: Port number of the authentication server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
4 (Warning) |
|
Example |
RADIUS/4/RADIUS_AUTH_SERVER_DOWN: RADIUS authentication server was blocked: Server IP= 1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
This will lead to user authentication failure. If no backup authentication server exists, this issue may result in user disconnection. |
|
Cause |
The status of the RADIUS authentication server changed from active to block. |
|
Recommended action |
1. Execute the display interface command to verify that the accounting server interface has started up. If the server interface is not up, verify that the physical link connection is correct. 2. Execute the ping command to ping the accounting server to verify that the server is reachable. If the server is not reachable, check the network reachability between the device and the RADIUS accounting server, and then examine whether firewalls or similar devices exist in the network. 3. Execute the display current-configuration command to verify that the RADIUS accounting server configuration is correct on the device. For more information, see AAA Command Reference and AAA Configuration Guide. 4. If the issue persists, collect the configuration file, log information, and alarm information, and then contact Technical Support. |
RADIUS_AUTH_SERVER_UP
|
Message text |
RADIUS authentication server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the authentication server. $2: Port number of the authentication server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
6 (Informational) |
|
Example |
RADIUS/6/RADIUS_AUTH_SERVER_UP: RADIUS authentication server became active: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device detected that the status of the RADIUS authentication server changed from block to active. |
|
Recommended action |
No action is required. |
RADIUS_AUTH_SUCCESS
|
Message text |
User [STRING] at [STRING] was authenticated successfully. |
|
Variable fields |
$1: Username. $2: IP address. |
|
Severity level |
6 (Informational) |
|
Example |
RADIUS/6/RADIUS_AUTH_SUCCESS: User abc@system at 192.168.0.22 was authenticated successfully. |
|
Impact |
No negative impact on the system. |
|
Cause |
An authentication request was accepted by the RADIUS server. |
|
Recommended action |
No action is required. |
RADIUS_DELETE_HOST_FAIL
|
Message text |
Failed to delete servers in scheme [STRING]. |
|
Variable fields |
$1: Scheme name. |
|
Severity level |
4 (Warning) |
|
Example |
RADIUS/4/RADIUS_DELETE_HOST_FAIL: Failed to delete servers in scheme abc. |
|
Impact |
Depends on the actual situation. |
|
Cause |
Failed to delete servers from a RADIUS scheme through the CLI. |
|
Recommended action |
Collect the device configuration file, log information, and alarm information, and contact Technical Support. |
RESMON
This section contains resource monitoring messages.
RESMON_MINOR
|
Message text |
-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource decreased to or below minor threshold [STRING]. [STRING]. |
|
Variable fields |
$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Minor resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information. |
|
Severity level |
4 (Warning) |
|
Example |
RESMON/4/RESMON_MINOR: -Resource=AA-Total=100%-Used=83%-Free=17%; Free resource decreased to or below minor threshold 20%. |
|
Impact |
No negative impact on the system temporarily. Pay attention to whether the remaining hardware resource amount continues to decrease. |
|
Cause |
When the available hardware resource amount decreases to or below the minor resource depletion threshold, the device enters minor alarm state and generates this log message. |
|
Recommended action |
Configure the device based on the resource type so the device allocates the type of resources reasonably. |
RESMON_MINOR_RECOVERY
|
Message text |
-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource increased above minor threshold [STRING]. [STRING]. |
|
Variable fields |
$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Minor resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information. |
|
Severity level |
5 (Notification) |
|
Example |
RESMON/5/RESMON_MINOR_RECOVER: -Resource=AA-Total=100%-Used=77%-Free=23%; Free resource increased above minor threshold 20%. |
|
Impact |
No negative impact on the system. |
|
Cause |
When the available hardware resource amount increases above the minor resource depletion threshold, the device removes the minor resource depletion alarm and generates this log message. The hardware resource usage recovers to normal. |
|
Recommended action |
No action is required. |
RESMON_SEVERE
|
Message text |
-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource decreased to or below severe threshold [STRING]. [STRING]. |
|
Variable fields |
$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Severe resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information. |
|
Severity level |
3 (Error) |
|
Example |
RESMON/3/RESMON_SEVERE: -Resource=AA-Total=100%-Used=93%-Free=7%; Free resource decreased to or below severe threshold 10%. |
|
Impact |
The services that use this type of hardware resource will be limited or become unavailable. |
|
Cause |
When the available hardware resource amount decreases to or below the severe resource depletion threshold and the hardware resources are not exhausted, the device enters severe alarm state and generates this log message periodically. |
|
Recommended action |
Configure the device based on the resource type so the device allocates the type of resources reasonably. |
RESMON_SEVERE_RECOVERY
|
Message text |
-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource increased above severe threshold [STRING]. [STRING]. |
|
Variable fields |
$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Severe resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information. |
|
Severity level |
5 (Notification) |
|
Example |
RESMON/5/RESMON_SEVERE_RECOVER: -Resource=AA-Total=100%-Used=83%-Free=17%; Free resource increased above severe threshold 10%. |
|
Impact |
No negative impact on the system. |
|
Cause |
When the available resource amount increases above the severe resource depletion threshold, the device removes the severe resource depletion alarm and generates this log message. |
|
Recommended action |
No action is required. |
RESMON_USEDUP
|
Message text |
-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Resources used up. [STRING]. |
|
Variable fields |
$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Resource usage description. Some types of resources do not have description information. |
|
Severity level |
2 (Critical) |
|
Example |
RESMON/2/RESMON_USEDUP: -Resource=vlaninterface-Total=2048-Used=2048-Free=0; Resources used up. |
|
Impact |
The services that use this type of hardware resource will be limited or become unavailable. |
|
Cause |
When the available resource amount decreases to zero, the device outputs this log message. |
|
Recommended action |
To ensure correct operation of the relevant services, immediately clear data or entries of the resource type that are not used. |
RESMON_USEDUP_RECOVERY
|
Message text |
-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; The amount of free resources increased from zero to a non-zero value. [STRING]. |
|
Variable fields |
$1: Resource type. $2: Total amount, which can be 100% or an integer for an absolute value. $3: Used amount, a percentage or an integer for an absolute value. $4: Available amount, a percentage or an integer for an absolute value. $5: Additional resource usage information. This field might be null. |
|
Severity level |
5 (Notification) |
|
Example |
RESMON/5/RESMON_USEDUP_RECOVER: -Resource=vlaninterface-Total=2048-Used=2047-Free=1; The amount of free resources increased from zero to a non-zero value. |
|
Impact |
No negative impact on the system. |
|
Cause |
When the available resource amount increases from zero, the device outputs this log message. |
|
Recommended action |
No action is required. |
RIP messages
This section contains RIP messages.
RIPLOG
|
Message text |
RIP: Interfaces [STRING] [STRING] Multicast group failed, return value [STRING] |
|
Variable fields |
$1: Interface name. $2: Multicast group quitting or joining failure. Options are: · Quitting: Failed to quit the multicast group. · Joining: Failed to join the multicast group. $3: Error code. Options include: · 22: Invalid parameter. · 99: Incorrect multicast source address. · 105: Insufficient device memory. |
|
Severity level |
6 (Informational) |
|
Example |
RIP/6/RIPLOG:RIP: Interfaces GigabitEthernet1/0/1 Joining Multicast group failed, return value 22 |
|
Impact |
No negative impact on the system |
|
Cause |
The interface failed to join or quit the multicast group, and cannot start or stop receiving/sending RIP multicast packets. |
|
Recommended action |
1. Restart the interface or device. 2. If the issue persists, collect log messages, and then contact Technical Support for help. |
RIPNG messages
This section contains RIPng messages.
RIPNGLOG
|
Message text |
RIPng: Interfaces [STRING] [STRING] Multicast group failed, return value [STRING]. |
|
Variable fields |
$1: Interface name. $2: Multicast group quitting or joining failure. Options are: · Quitting: Failed to quit the multicast group. · Joining: Failed to join the multicast group. $3: Error code. Options include: · 22: Invalid parameter. · 99: Incorrect multicast source address. · 105: Insufficient device memory. |
|
Severity level |
6 (Informational) |
|
Example |
RIPng/6/RIPNGLOG:RIPng: Interfaces GigabitEthernet1/0/1 Joining Multicast group failed, return value 22. |
|
Impact |
No negative impact on the system |
|
Cause |
The interface failed to join or quit the multicast group, and cannot start or stop receiving/sending RIPng multicast packets. |
|
Recommended action |
1. Restart the interface or device. 2. If the issue persists, collect log messages, and then contact Technical Support for help. |
|
Message text |
RIPng Socket Set-option failed on [STRING], this packet will be sent next time. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
RIPng/6/RIPNGLOG:RIPng Socket Set-option failed on GigabitEthernet1/0/1, this packet will be sent next time. |
|
Impact |
No negative impact on the system |
|
Cause |
Failed to set the Socket option when the RIPng interface is sending packets. |
|
Recommended action |
No action is required. |
RM messages
This section contains RM messages.
RM_ACRT_REACH_LIMIT
|
Message text |
Max active [STRING] routes [UINT32] reached in URT of [STRING] |
|
Variable fields |
$1: IPv4 or IPv6. $2: Maximum number of active routes. $3: VPN instance name. |
|
Severity level |
4 (Warning) |
|
Example |
RM/4/RM_ACRT_REACH_LIMIT: Max active IPv4 routes 100000 reached in URT of VPN1 |
|
Impact |
Too many active routes occupy resources such as system memory. |
|
Cause |
The number of active routes reached the upper limit in the unicast routing table of a VPN instance. New route prefixes cannot be activated. |
|
Recommended action |
1. Execute relevant command to view unicast route statistics of the specified VPN instance: ¡ For IPv4 routes, execute the display ip routing-table vpn-instance vpn-instance-name statistics command. ¡ For IPv6 routes, execute the display ipv6 routing-table vpn-instance vpn-instance-name statistics command. 2. Analyze the route origin for each protocol, and identify whether the VPN instance contains additional routes: ¡ If additional routes exist, delete unnecessary routes and identify whether the total number of routes is below the upper limit. If the number is below the upper limit, the processing ends. If the number is still above the upper limit, proceed to step 3. ¡ If additional routes do not exist, proceed to step 3. 3. Enter IPv4 address family view/IPv6 address family view of the VPN instance, and execute the display this command to view the maximum number of active route prefixes for the VPN instance. Identify whether the number is appropriate: ¡ If the number is appropriate, collect log messages and configuration data, and then contact Technical Support for help. ¡ If the number is not appropriate, execute the routing-table limit command to configure an appropriate maximum number of active route prefixes. |
RM_ACRT_REACH_THRESVALUE
|
Message text |
Threshold value [UINT32] of max active [STRING]% routes reached in URT of [STRING] |
|
Variable fields |
$1: Threshold of the maximum number of active routes in percentage. $2: IPv4 or IPv6. $3: VPN instance name. |
|
Severity level |
4 (Warning) |
|
Example |
RM/4/RM_ACRT_REACH_THRESVALUE: Threshold value 50% of max active IPv4 routes reached in URT of vpn1 |
|
Impact |
The device still allows new route prefixes to be activated. When the number of active route prefixes reaches the upper limit in the VPN instance, the device no longer activate new route prefixes. |
|
Cause |
The alarm threshold of the maximum number of active routes is reached in the unicast routing table of the VPN instance. |
|
Recommended action |
Identify whether to increase the maximum number of route prefixes or the alarm threshold for the maximum number of active routes for the VPN instance. |
RM_THRESHLD_VALUE_REACH
|
Message text |
Threshold value [UINT32] of active [STRING] routes reached in URT of [STRING] |
|
Variable fields |
$1: Maximum number of active routes. $2: IPv4 or IPv6. $3: VPN instance name. |
|
Severity level |
4 (Warning) |
|
Example |
RM/4/RM_THRESHLD_VALUE_REACH: Threshold value 10000 of active IPv4 routes reached in URT of vpn1 |
|
Impact |
Too many active routes occupy resources such as system memory. |
|
Cause |
The number of active routes reached the upper limit in the unicast routing table of a VPN instance. New route prefixes can be activated. |
|
Recommended action |
1. Execute relevant command to view unicast route statistics of the specified VPN instance: ¡ For IPv4 routes, execute the display ip routing-table vpn-instance vpn-instance-name statistics command. ¡ For IPv6 routes, execute the display ipv6 routing-table vpn-instance vpn-instance-name statistics command. 2. Analyze the route origin for each protocol, and identify whether the VPN instance contains additional routes: ¡ If additional routes exist, delete unnecessary routes and identify whether the total number of routes is below the upper limit. If the number is below the upper limit, the processing ends. If the number is still above the upper limit, proceed to step 3. ¡ If additional routes do not exist, proceed to step 3. 3. Enter IPv4 address family view/IPv6 address family view of the VPN instance, and execute the display this command to view the maximum number of active route prefixes for the VPN instance. Identify whether the number is appropriate: ¡ If the number is appropriate, collect log messages and configuration data, and then contact Technical Support for help. ¡ If the number is not appropriate, execute the routing-table limit command to configure an appropriate maximum number of active route prefixes. |
RRM messages
This section contains RRM messages.
RRM_LOG_ADJUSTCHANNEL
|
Message text |
Channel of radio [UINT32] on AP [STRING] changed from [UINT16] to [UINT16]. |
|
Variable fields |
$1: Radio ID. $2: AP name. $3: Old channel ID. $4: New channel ID. |
|
Severity level |
6 |
|
Example |
RRM/6/RRM_LOG_ADJUSTCHANNEL: Channel of radio 1 on AP ap2 changed from 149 to 52. |
|
Explanation |
The working channel of the radio changed. |
|
Recommended action |
No action is required. |
RTM messages
This section contains RTM messages.
RTM_TCL_LOAD_FAILED
|
Message text |
Failed to load the Tcl script file of policy [STRING]. |
|
Variable fields |
$1: Name of a Tcl-defined policy. |
|
Severity level |
4 (Warning) |
|
Example |
RTM/4/RTM_TCL_LOAD_FAILED: Failed to load the Tcl script file of policy TEST. |
|
Impact |
The Tcl-defined policy does not take effect. |
|
Cause |
The memory resource is insufficient. |
|
Recommended action |
1. Release the memory resources. Fr example, execute the logfile save command to save all the content in the log file buffer to the log file to release the memory resources occupied by the log file buffer. 2. Execute the display memory command to view display memory usage information. ¡ If the memory usage does not drop below the alarm threshold, execute the display process command to view the memory usage of user-mode processes. If a process occupies too much memory, enable or disable the software feature for that process to release the memory resources. ¡ If the memory usage drops below the alarm threshold, the alarm will be cleared. No action is required. 3. If the issue persists, collect alarm information and configuration data, and then contact Technical Support for help. |
RTM_TCL_MODIFY
|
Message text |
Failed to execute Tcl-defined policy [STRING] because the policy's Tcl script file had been modified. |
|
Variable fields |
$1: Name of a Tcl-defined policy. |
|
Severity level |
4 (Warning) |
|
Example |
RTM/4/RTM_TCL_MODIFY: Failed to execute Tcl-defined policy aaa because the policy's Tcl script file had been modified. |
|
Impact |
The Tcl-defined policy failed to be executed. |
|
Cause |
The Tcl script file for the policy was modified. |
|
Recommended action |
Delete the Tcl policy. Then, create a new Tcl policy and bind the edited Tcl script file. |
RTM_TCL_NOT_EXIST
|
Message text |
Failed to execute Tcl-defined policy [STRING] because the policy's Tcl script file was not found. |
|
Variable fields |
$1: Name of a Tcl-defined policy. |
|
Severity level |
4 (Warning) |
|
Example |
RTM/4/RTM_TCL_NOT_EXIST: Failed to execute Tcl-defined policy aaa because the policy's Tcl script file was not found. |
|
Impact |
The Tcl-defined policy failed to be executed. |
|
Cause |
The system did not find the Tcl script file for the policy while executing the policy. |
|
Recommended action |
To delete the Tcl policy if the Tcl policy is not necessary, execute the undo rtm tcl-policy command in system view. If the Tcl policy is necessary, execute the display current-configuration | include "rtm tcl-policy" command to view the name and path of the Tcl script file for the Tcl policy, and then copy the backup Tcl script file to the path specified by the rtm tcl-policy command. The name of the copied Tcl script file must be the same as the name of the Tcl script file specified by the rtm tcl-policy command. If the event specified in the Tcl policy is triggered, the device will automatically execute the Tcl policy. |
SCMD messages
This section contains SCM messages.
PROCESS_ABNORMAL
|
Message text |
The process [STRING] exited abnormally. ServiceName=[STRING], ExitCode=[STRING], KillSignal=[STRING], StartTime=[STRING], StopTime=[STRING]. |
|
Variable fields |
$1: Process name. $2: Service name defined in the script. $3: Process exit code. If the process was closed by a signal, this field displays NA. $4: Signal that closed the process. If the process was not closed by a signal, this field displays NA. $5: Time when the process was created. $6: Time when the process was closed. |
|
Severity level |
4 (Warning) |
|
Example |
SCMD/4/PROCESS_ABNORMAL: The process diagd exited abnormally. ServiceName=DIAG, ExitCode=1, KillSignal=NA, StartTime=2019-03-06 14:18:06, StopTime=2019-03-06 14:35:25. |
|
Impact |
If the process has a standby process, this issue does not have a negative impact on the system. If the process does not have a standby process, the device cannot provide the corresponding service. |
|
Cause |
A service exited abnormally. |
|
Recommended action |
1. Use the display process command to identify whether the process exists. If the process exists, the process is recovered. a. Execute the view /var/log/trace.log > trace.log command in probe view. b. Upload the trace.log file saved in the storage media of the device to the server through FTP or TFTP (in binary mode). c. Contact Technical Support. Do not reboot the device so Technical Support can help you locate the problem. |
PROCESS_ACTIVEFAILED
|
Message text |
The standby process [STRING] failed to switch to the active process due to uncompleted synchronization, and was restarted. |
|
Variable fields |
$1: Process name. |
|
Severity level |
4 (Warning) |
|
Example |
SCMD/4/PROCESS_ACTIVEFAILED: The standby process [STRING] failed to switch to the active process due to uncompleted synchronization, and was restarted. |
|
Impact |
If the active process can continue to work, this issue does not have a negative impact on the system. If the active process cannot continue to work, the device cannot provide the corresponding service. |
|
Cause |
The active process exited abnormally when the standby process has not completed synchronization. |
|
Recommended action |
Collect the device configuration file, log information, and alarm information, and then contact Technical Support. |
PROCESS_CORERECORD
|
Message text |
Exceptions occurred with process [STRING]. A core dump file was generated. |
|
Variable fields |
$1: Process name. |
|
Severity level |
5 (Notification) |
|
Example |
SCMD/5/PROCESS_CORERECORD: Exceptions occurred with process diagd. A core dump file was generated. |
|
Impact |
If the process has a standby process, this issue does not have a negative impact on the system. If the process does not have a standby process, the device cannot provide the corresponding service. |
|
Cause |
A process exited abnormally. |
|
Recommended action |
1. Execute the display exception context command to collect process exception information, and save the information to a file. 2. Execute the display exception filepath command to display the core file. 3. Upload the core file and the file that stores the process exception information to the server through FTP or TFTP (in binary mode). 4. Contact Technical Support. Do not reboot the device so Technical Support can help you locate the problem. |
SCM_ABNORMAL_REBOOT
|
Message text |
Failed to restore process [STRING]. Rebooting [STRING]. |
|
Variable fields |
Pattern 1: $1: Process name. Pattern 2: $1: Process name. $2: Chassis number and slot number, slot number, or the system. |
|
Severity level |
3 (Error) |
|
Example |
SCMD/3/SCM_ABNORMAL_REBOOT: Failed to restore process ipbased. Rebooting slot 1. |
|
Impact |
If the process has a standby process, this issue does not have a negative impact on the system. If the process does not have a standby process, the device cannot provide the corresponding service. |
|
Cause |
The process exited abnormally during the device or slot startup. If the process cannot recover after multiple automatic restart attempts, the slot or device will restart automatically. |
|
Recommended action |
1. Use the display process command to verify that the process has recovered after the card or device restarts. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and then contact Technical Support. |
SCM_ABNORMAL_REBOOTMDC
|
Message text |
Failed to restore process [STRING] on [STRING] [UINT16]. Rebooting [STRING] [UINT16]. |
|
Variable fields |
$1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Object type, MDC or context. $5: ID of the MDC or context. |
|
Severity level |
3 (Error) |
|
Example |
SCMD/3/SCM_ABNORMAL_REBOOTMDC: Failed to restore process ipbased on MDC 2. Rebooting MDC 2. |
|
Impact |
The MDC or context cannot provide services. |
|
Cause |
The process exited abnormally during the startup of the user MDC on the active MPU or the context on the main security engine in the security engine group. If the process cannot recover after multiple automatic restart attempts, the MDC or context will restart automatically. This message will be output in MDC 1 or Context 1. |
|
Recommended action |
1. Use the display process command to verify that the process has recovered after the card restarts. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and then contact Technical Support. |
SCM_ABORT_RESTORE
|
Message text |
|
|
Variable fields |
$1: Process name. |
|
Severity level |
3 (Error) |
|
Example |
SCMD/3/SCM_ABORT_RESTORE: Failed to restore process ipbased. Restoration aborted. |
|
Impact |
The device cannot provide the corresponding service. |
|
Cause |
The process exited abnormally during the system operation. If the process cannot recover after multiple automatic restart attempts, the device will stop restoring the process. |
|
Recommended action |
1. Use the display process log command in any view to display the details about process exit. 2. Restart the card or the MDC where the process is located. 3. If the issue persists, collect the output from the display process log command, and then contact Technical Support. |
SCM_KERNEL_INIT_TOOLONG
|
Message text |
Kernel init in sequence [STRING] function [STRING] is still starting for [UINT32] minutes. |
|
Variable fields |
$1: Kernel event phase. $2: Address of the function corresponding to the kernel event. $3: Time duration. |
|
Severity level |
4 (Warning) |
|
Example |
SCMD/4/SCM_KERNEL_INIT_TOOLONG: Kernel init in sequence 0x25e7 function 0x6645ffe2 is still starting for 15 minutes. |
|
Impact |
The device cannot start up. |
|
Cause |
A function at a phase during kernel initialization ran too long. |
|
Recommended action |
1. Wait for the device to start up. 2. If the device fails to start up within 1 hour, restart the module. 3. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
SCM_PROCESS_STARTING_TOOLONG
|
Message text |
Pattern 1: The process [STRING] has not finished starting in [UINT32] hours. Pattern 2: The process [STRING] on [STRING] [UINT16] has not finished starting in [UINT32] hours. |
|
Variable fields |
Pattern 1: $1: Process name. $2: Time duration. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Time duration. |
|
Severity level |
4 (Warning) |
|
Example |
SCMD/4/ SCM_PROCESS_STARTING_TOOLONG: The process ipbased has not finished starting in 1 hours. |
|
Impact |
The device cannot provide the corresponding service and even cannot operate correctly. |
|
Cause |
The process initialization takes a long time and has not been finished. Too many processes have been configured or the process is abnormal. |
|
Recommended action |
1. Wait 6 hours and then verify that the process has been started. 2. Restart the card/MDC/context, and then use the display process command to verify that the process has recovered. 3. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
SCM_PROCESS_STILL_STARTING
|
Message text |
Pattern 1: The process [STRING] is still starting for [UINT32] minutes. Pattern 2: The process [STRING] on [STRING] [UINT16] is still starting for [UINT32] minutes. |
|
Variable fields |
Pattern 1: $1: Process name. $2: Time duration. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Time duration. |
|
Severity level |
6 (Informational) |
|
Example |
SCMD/6/SCM_PROCESS_STILL_STARTING: The process ipbased is still starting for 20 minutes. |
|
Impact |
No negative impact on the system. |
|
Cause |
A process is always in startup state. |
|
Recommended action |
No action is required. |
SCM_SKIP_PROCESS
|
Message text |
Pattern 1: The process [STRING] was skipped because it failed to start within 6 hours. Pattern 2: The process [STRING] on [STRING] [UINT16] was skipped because it failed to start within 6 hours. |
|
Variable fields |
Pattern 1: $1: Process name. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. |
|
Severity level |
3 (Error) |
|
Example |
SCMD/3/SCM_SKIP_PROCESS: The process ipbased was skipped because it failed to start within 6 hours. |
|
Impact |
The device cannot provide the corresponding service. |
|
Cause |
A process failed to start within 6 hours. The device will skip this process and continue to start. |
|
Recommended action |
1. Restart the card/MDC/context, and then use the display process command to verify that the process has restored. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
ASPF messages
This section contains ASPF messages.
ASPF_IPV4_DNS
|
Message text |
SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];DomainName(1099)=[STRING];Action(1053)=[STRING];Reason(1056)=[STRING]. |
|
Variable fields |
$1: Source IP address. $2: Destination IP address. $3: VPN instance name. $4: Local address of the DS-Lite tunnel. $5: Domain name. $6: Action taken on invalid protocol packets: ¡ drop: Drops the packets. ¡ logging: Generates log information. ¡ none: Permits the packets to pass without processing them. $7: Reason for generating the log message: ¡ Invalid DNS RR. ¡ Failed to check DNS header flag. ¡ Failed to check DNS header ID. |
|
Severity level |
6 (Informational) |
|
Example |
ASPF/6/ASPF_IPV4_DNS:SrcIPAddr(1003)=1.1.1.3;DstIPAddr(1007)=2.1.1.2;RcvVPNInstance(1042)=vpn;RcvDSLiteTunnelPeer(1040)=dstunnel1;DomainName(1099)=www.h3c.com;Action(1053)=drop,logging;Reason(1056)=Check DNS RR invalid. |
|
Impact |
No negative impact on the system. |
|
Cause |
Enable ASPF detection for the DNS. If the DNS packet format is invalid, the system discards the packet and generates a log message. |
|
Recommended action |
No action is required. |
ASPF_IPV6_DNS
|
Message text |
SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];DomainName(1099)=[STRING];Action(1053)=[STRING];Reason(1056)=[STRING]. |
|
Variable fields |
$1: Source IP address. $2: Destination IP address. $3: VPN instance name. $4: Domain name. $5: Action taken on invalid protocol packets: ¡ drop: Drops the packets. ¡ logging: Generates log information. ¡ none: Permits the packets to pass without processing them. $7: Reason for generating the log message: ¡ Invalid DNS RR. ¡ Failed to check DNS header flag. ¡ Failed to check DNS header ID. |
|
Severity level |
6 (Informational) |
|
Example |
ASPF/6/ASPF_IPV6_DNS:SrcIPv6Addr(1036)=2001::1;DstIPv6Addr(1037)=3001::1;RcvVPNInstance(1042)=vpn;DomainName(1099)=www.h3c.com;Action(1053)=drop,logging;Reason(1056)=Check DNS RR invalid. |
|
Impact |
No negative impact on the system. |
|
Cause |
Enable ASPF detection for the DNS. If the DNS packet format is invalid, the system discards the packet and generates a log message. |
|
Recommended action |
No action is required |
SESSION messages
This section contains session messages.
DENY_SESSION_IPV4_FLOW
|
Message text |
Protocol(1001)=[STRING];Application(1002)=[STRING];Category(1174)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UINT16])[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Application name. $3: Service category. $4: Source IPv4 address. $5: Source port number. $6: Source IPv4 address after translation. $7: Source port number after translation.. $8: Destination IPv4 address. $9: Destination port number. $10: Destination IPv4 address after translation. $11: Destination port number after translation. $12: Total number of inbound packets. $13: Total number of inbound bytes. $14: Total number of outbound packets. $15: Total number of outbound bytes. $16: Source VPN instance name. $17: Destination VPN instance name. $18: Source DS-Lite tunnel. $19: Destination DS-Lite tunnel. $20: Time when the session was created. $21: Time when the session was removed. $22: Event type. $23: Event description: ¡ Session created. ¡ Normal over. ¡ Aged for timeout. ¡ Other. |
|
Severity level |
6 (Informational) |
|
Example |
SESSION/6/DENY_SESSION_IPV4_FLOW:Protocol(1001)=UDP;Application(1002)=sip;Category(1174)=aaa;SrcIPAddr(1003)=10.10.10.1;SrcPort(1004)=1024;NATSrcIPAddr(1005)=10.10.10.1;NATSrcPort(1006)=1024;DstIPAddr(1007)=20.20.20.1;DstPort(1008)=21;NATDstIPAddr(1009)=20.20.20.1;NATDstPort(1010)=21;InitPktCount(1044)=1;InitByteCount(1046)=50;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=03182024082546;EndTime_e(1014)=;Event(1048)=(8)Session created; |
|
Impact |
No negative impact on the system. |
|
Explanation |
This message is sent when an IPv4 packet drop session is created or removed. |
|
Recommended action |
No action is required. |
DENY_SESSION_IPV6_FLOW
|
Message text |
Protocol(1001)=[STRING];Application(1002)=[STRING];Category(1174)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UINT16])[STRING]; |
|
Variable fields |
$1: Protocol type. $2: Application name. $3: Service category. $4: Source IPv6 address. $5: Source port number. $6: Destination IPv6 address. $7: Destination port number. $8: Total number of inbound packets. $9: Total number of inbound bytes. $10: Total number of outbound packets. $11: Total number of outbound bytes. $12: Source VPN instance name. $13: Destination VPN instance name. $14: Time when the session was created. $15: Time when the session was removed. $16: Event type. $17: Event description: ¡ Session created. ¡ Normal over. ¡ Aged for timeout. ¡ Other. |
|
Severity level |
6 (Informational) |
|
Example |
SESSION/6/DENY_SESSION_IPV6_FLOW: Protocol(1001)=UDP;Application(1002)=sip;Category(1174)=aaa;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=1024;DstIPv6Addr(1037)=3001::2;DstPort(1008)=53;InitPktCount(1044)=1;InitByteCount(1046)=110;RplyPktCount(1047)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;BeginTime_e(1013)=03182024082901;EndTime_e(1014)=;Event(1048)=(8)Session created; |
|
Impact |
No negative impact on the system. |
|
Explanation |
This message is sent when an IPv6 packet drop session is created or removed. |
|
Recommended action |
No action is required. |
SHELL messages
This section contains shell messages.
SHELL_CMD
|
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command is [STRING]. |
|
Variable fields |
$1: User line type and number. If there is not user line information, this field displays two asterisks (**). $2: IP address. If there is not IP address information, this field displays two asterisks (**). $3: Username. If there is not username information, this field displays two asterisks (**). $4: Command string. |
|
Severity level |
6 (Informational) |
|
Example |
SHELL/6/SHELL_CMD: -Line=aux0-IPAd dr=**-User=**; Command is quit. |
|
Impact |
No negative impact on the system. |
|
Cause |
A command was executed. |
|
Recommended action |
No action is required. |
SHELL_CMD_CONFIRM
|
Message text |
Confirm option of command [STRING] is [STRING]. |
|
Variable fields |
$1: Command string. $2: Confirm option. |
|
Severity level |
6 (Informational) |
|
Example |
SHELL/6/SHELL_CMD_CONFIRM: Confirm option of command save is no. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user selected a confirmation option for a command. |
|
Recommended action |
No action is required. |
SHELL_CMD_EXECUTEFAIL
|
Message text |
-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be executed. |
|
Variable fields |
$1: Username. $2: IP address. $3: Command string. $4: Current command mode. |
|
Severity level |
4 (Warning) |
|
Example |
SHELL/4/SHELL_CMD_EXECUTEFAIL: -User=**-IPAddr=192.168.62.138; Command save in view system failed to be executed. |
|
Impact |
The command failed to be executed. |
|
Cause |
A command that a background program issued failed to be executed. |
|
Recommended action |
1. Execute the command again. 2. Verify that the command view is correct. 3. If the issue persists, collect alarm information, log messages, and configuration file, and then contact Technical Support for help. |
SHELL_CMD_INPUT
|
Message text |
|
|
Variable fields |
$1: Command string. $2: String entered by the user. |
|
Severity level |
6 (Informational) |
|
Example |
SHELL/6/SHELL_CMD_INPUT: Input string for the save command is startup.cfg. SHELL/6/SHELL_CMD_INPUT: Input string for the save command is CTRL_C. SHELL/6/SHELL_CMD_INPUT: Input string for the save command is the Enter key. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user responded to the input requirement of a command. |
|
Recommended action |
No action is required. |
SHELL_CMD_INPUT_TIMEOUT
|
Message text |
Operation timed out: Getting input for the [STRING] command. |
|
Variable fields |
$1: Command string. |
|
Severity level |
6 (Informational) |
|
Example |
SHELL/6/SHELL_CMD_INPUT_TIMEOUT: Operation timed out: Getting input for the fdisk command. |
|
Impact |
The command failed to be executed. |
|
Cause |
The user did not respond to the input requirement of a command before the timeout timer expired. |
|
Recommended action |
Execute the command again and input the required information in time for the next step. |
SHELL_CMD_INVALID_CHARACTER
|
Message text |
Execution failed for the [STRING] command. Reason: The command contains invalid characters (? or \t). |
|
Variable fields |
$1: Command to be executed. |
|
Severity level |
6 (Informational) |
|
Example |
SHELL/6/SHELL_CMD_INVALID_CHARACTER: Execution failed for the sysname abc?? command. Reason: The command contains invalid characters (? or \t). |
|
Impact |
The command failed to be executed. |
|
Cause |
When the device uses a .cfg configuration file to deploy the configuration, such as configuration recovery or rollback, the commands in the configuration contain invalid characters ? or \t. |
|
Recommended action |
Make sure the command is in the correct format and configure the settings manually. |
SHELL_CMD_LOCKEDBYOTHER
|
Message text |
The system has been locked by [STRING]. |
|
Variable fields |
$1: Session type. |
|
Severity level |
6 (Informational) |
|
Example |
SHELL/6/SHELL_CMD_LOCKEDBYOTHER: The system has been locked by NETCONF. |
|
Impact |
The command failed to be executed. |
|
Cause |
Another user locked the configuration. You cannot configure the device. |
|
Recommended action |
Wait for the user to unlock the configuration. |
SHELL_CMD_MATCHFAIL
|
Message text |
-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be matched. |
|
Variable fields |
$1: Username. $2: IP address. $3: Command string. $4: Current command mode. |
|
Severity level |
4 (Warning) |
|
Example |
SHELL/4/SHELL_CMD_MATCHFAIL: -User=**-IPAddr=192.168.62.138; Command description 10 in view system failed to be matched. |
|
Impact |
The command failed to be executed. |
|
Cause |
The command string has errors, or the view does not support the command. |
|
Recommended action |
1. Verify the command is correct. 2. Verify that the command view is correct. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
SHELL_CMDDENY
|
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command [STRING] is permission denied. |
|
Variable fields |
$1: User line type and number. If there is not user line information, this field displays two asterisks (**). $2: IP address. If there is not IP address information, this field displays two asterisks (**). $3: Username. If there is not username information, this field displays two asterisks (**). $4: Command string. |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/SHELL_CMDDENY: -Line=vty0-IPAddr=192.168.62.138-User=**; Command vlan 10 is permission denied. |
|
Impact |
The command failed to be executed. |
|
Cause |
The user did not have the right to execute the command. |
|
Recommended action |
Verify that the user has the permission to execute the command. |
SHELL_CMDFAIL
|
Message text |
The [STRING] command failed to restore the configuration. |
|
Variable fields |
$1: Command string. |
|
Severity level |
6 (Informational) |
|
Example |
SHELL/6/SHELL_CMDFAIL: The “vlan 1024” command failed to restore the configuration. |
|
Impact |
The system failed to run the specified configuration file. |
|
Cause |
The specified command failed to be restored during a configuration restoration from a .cfg file. |
|
Recommended action |
1. Verify that the configuration file is the file saved on the device. 2. Identify whether a card is replaced on the device. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
SHELL_COMMIT
|
Message text |
The configuration has been committed. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/SHELL_COMMIT: The configuration has been committed. |
|
Impact |
No negative impact on the system. |
|
Cause |
The configuration has been committed successfully. |
|
Recommended action |
No action is required. |
SHELL_COMMIT_DELAY
|
Message text |
A configuration rollback will be performed in [INT32] minutes. |
|
Variable fields |
$1: Configuration commit delay timer. |
|
Severity level |
|
|
Example |
SHELL/5/SHELL_COMMIT_DELAY: A configuration rollback will be performed in 3 minutes. |
|
Impact |
When the timer expires, the system will operate according to the configuration set before the commitment. |
|
Cause |
The configuration commit delay timer has been configured successfully. |
|
Recommended action |
Complete and commit the configuration before the timer expires. If you cannot complete the configuration, execute the configuration commit delay command again to delay the expiration. |
SHELL_COMMIT_FAIL
|
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Failed to commit the target configuration. |
|
Variable fields |
$1: User line type and number. If there is not user line information, this field displays two asterisks (**). $2: IP address. If there is not IP address information, this field displays two asterisks (**). $3: Username. If there is not username information, this field displays two asterisks (**). |
|
Severity level |
4 (Warning) |
|
Example |
SHELL/4/SHELL_COMMIT_FAIL: -Line=aux0-IPAddr=**-User=**; Failed to commit the target configuration. |
|
Impact |
The system does not operate with the target configuration. |
|
Cause |
A target configuration commit operation failed in private or exclusive mode. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
SHELL_COMMIT_REDELAY
|
Message text |
The commit delay has been reset, a configuration rollback will be performed in [INT32] minutes. |
|
Variable fields |
$1: Configuration commit delay timer reconfigured. |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/SHELL_COMMIT_REDELAY: The commit delay has been reset, a configuration rollback will be performed in 3 minutes. |
|
Impact |
When the timer expires, the system will operate according to the configuration set before the commitment. |
|
Cause |
The configuration commit delay timer was reconfigured before the timer expires. This message is generated to indicate that the configuration commit delay timer has been configured and displays the timer value. |
|
Recommended action |
Complete and commit the configuration before the timer expires. |
SHELL_COMMIT_ROLLBACK
|
Message text |
The configuration commit delay is overtime, a configuration rollback will be performed. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/SHELL_COMMIT_ROLLBACK: The configuration commit delay is overtime, a configuration rollback will be performed. |
|
Impact |
After the configuration rollback, the system runs the configuration before the commit operation. |
|
Cause |
A timeout rollback timer was specified for deploying the target configuration. When the timeout rollback timer reaches, the device will start configuration rollback. This message is the prompt before the start of configuration rollback. |
|
Recommended action |
Complete and commit the configuration within the configuration commit delay timer. |
SHELL_COMMIT_ROLLBACKDONE
|
Message text |
The configuration rollback has been performed. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/SHELL_COMMIT_ROLLBACKDONE: The configuration rollback has been performed. |
|
Impact |
The system runs the configuration before the commit operation. |
|
Cause |
A timeout rollback timer was specified for deploying the target configuration. When the timeout rollback timer reaches, the device will start configuration rollback. This message is generated when configuration rollback is completed. |
|
Recommended action |
Complete and commit the configuration within the configuration commit delay timer. |
SHELL_COMMIT_ROLLBACKFAIL
|
Message text |
Failed to roll back the configuration from the uncommitted changes. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/ SHELL_COMMIT_ROLLBACKFAIL: Failed to roll back the configuration from the uncommitted changes. |
|
Impact |
Configuration rollback failed. The system fails to run the configuration before the commit operation. |
|
Cause |
A timeout rollback timer was specified for submitting the target configuration. When the timeout rollback timer reaches, the device will start configuration rollback. This message is generated when configuration rollback fails. |
|
Recommended action |
Manually perform the operations as needed. |
SHELL_COMMIT_SUCCESS
|
Message text |
-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Target configuration successfully committed. |
|
Variable fields |
$1: User line type and number. If there is not user line information, this field displays two asterisks (**). $2: IP address. If there is not IP address information, this field displays two asterisks (**). $3: Username. If there is not username information, this field displays two asterisks (**). |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/SHELL_COMMIT_SUCCESS: -Line=aux0-IPAddr=**-User=**; Target configuration successfully committed. |
|
Impact |
The system runs the configuration with the target configuration successfully. |
|
Cause |
A target configuration commit operation succeeded in private or exclusive mode. |
|
Recommended action |
No action is required. |
SHELL_COMMIT_WILLROLLBACK
|
Message text |
A configuration rollback will be performed in 1 minute. To retain the configuration you have made after executing the configuration commit delay command, execute the commit command. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/SHELL_COMMIT_WILLROLLBACK: A configuration rollback will be performed in 1 minute. To retain the configuration you have made after executing the configuration commit delay command, execute the commit command. |
|
Impact |
When the timer expires, the system will operate according to the configuration set before the commitment. |
|
Cause |
A configuration rollback will be performed in 1 minute. |
|
Recommended action |
Complete and commit the configuration within the configuration commit delay timer. If you cannot complete the configuration, execute the configuration commit delay command again to delay the expiration. |
SHELL_CRITICAL_CMDFAIL
|
Message text |
-User=[STRING]-IPAddr=[STRING]; Command is [STRING] . |
|
Variable fields |
$1: Username. $2: IP address. $3: Command string. |
|
Severity level |
6 (Informational) |
|
Example |
SHELL/6/SHELL_CRITICAL_CMDFAIL: -User=admin-IPAddr=169.254.0.7; Command is save. |
|
Impact |
Command execution failed. Only the FIPS mode is supported. |
|
Cause |
A command failed to be executed. |
|
Recommended action |
1. Identify the failure cause and take actions as instructed. 2. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
SHELL_LOGIN
|
Message text |
[STRING] logged in from [STRING]. |
|
Variable fields |
$1: Username. $2: User line type and number. |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/SHELL_LOGIN: Console logged in from console0. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user logged in. If the user logged in to the standby MPU, the user line type and number field displays local. |
|
Recommended action |
No action is required. |
SHELL_LOGOUT
|
Message text |
[STRING] logged out from [STRING], reason: [STRING]. |
|
Variable fields |
$1: Username. $2: User line type and number. $3: Logout cause. This field is available only in FIPS mode. ¡ exit normally ¡ time out |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/SHELL_LOGOUT: Console logged out from console0, reason: exit normally. |
|
Impact |
No negative impact on the system. |
|
Cause |
Possible causes include the following: · A user logged out. · If the user logged in to the standby MPU, the user line type and number field displays local. The logout cause is displayed only in FIPS mode. |
|
Recommended action |
No action is required. |
SHELL_SAVE_FAILED
|
Message text |
Failed to save running configuration to configuration file for configuration rollback. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/SHELL_SAVE_FAILED: Failed to save running configuration to configuration file for configuration rollback. |
|
Impact |
After the target configuration command lines are committed, the system cannot restore the original running configuration before the commit operation. |
|
Cause |
The system failed to save the running configuration to the configuration file and does not support a rollback. The system saves the running configuration to the configuration file in the following situations: · After the commit command is executed, the device fails to commit the target configuration command lines. · The commit command is not executed before the timer set by using the commit confirmed command expires. |
|
Recommended action |
If necessary, roll back the configuration manually. |
SHELL_SAVE_SUCCESS
|
Message text |
Saved running configuration to configuration file for configuration rollback. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/SHELL_SAVE_SUCCESS: Saved running configuration to configuration file for configuration rollback. |
|
Impact |
No negative impact on the system. |
|
Cause |
The system saved the running configuration to the configuration file successfully and supports a rollback. The system saves the running configuration to the configuration file in the following situations: · After the commit command is executed, the device fails to commit the target configuration command lines. · The commit command is not executed before the timer set by using the commit confirmed command expires. |
|
Recommended action |
No action is required. |
SHELL_SAVEPOINT_EXIST
|
Message text |
The running configuration at this rollback point is the same as the configuration at the previous rollback point. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/SHELL_SAVEPOINT_EXIST: The running configuration at this rollback point is the same as the configuration at the previous rollback point. |
|
Impact |
No negative impact on the system. |
|
Cause |
The specified two rollback points have the same configuration. |
|
Recommended action |
No action is required. |
SHELL_SAVEPOINT_FAILED
|
Message text |
Failed to create a new rollback point. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/SHELL_SAVEPOINT_FAILED: Failed to create a new rollback point. |
|
Impact |
The system failed to quickly restore the current configuration to the configuration in the specified configuration file. |
|
Cause |
An attempt to create a new rollback point failed. |
|
Recommended action |
To save the rollback point: 1. Manually roll back to the rollback point. 2. Verify the file system. For example, verify that the remaining space of the file system is sufficient. 3. Execute the commit command again. |
SHELL_SAVEPOINT_SUCCESS
|
Message text |
Created a new rollback point. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
SHELL/5/SHELL_SAVEPOINT_SUCCESS: Created a new rollback point. |
|
Impact |
No negative impact on the system. |
|
Cause |
An attempt to create a new rollback point succeeded. |
|
Recommended action |
No action is required. |
SNMP messages
This section contains SNMP messages.
SNMP_ACL_RESTRICTION
|
Message text |
SNMP [STRING] from [STRING] is rejected due to ACL restriction. |
|
Variable fields |
$1: SNMP community/usm-user/group. $2: IP address of the NMS. |
|
Severity level |
3 (Error) |
|
Example |
SNMP/3/SNMP_ACL_RESTRICTION: SNMP community public from 192.168.1.100 is rejected due to ACL restriction. |
|
Impact |
The NMS cannot access the device. |
|
Cause |
The IP address and other parameters of the NMS did not match the SNMP ACL. |
|
Recommended action |
Identify whether the IP address in the prompt is a valid NMS IP address: · If the IP address is a valid NMS IP address, identify whether the ACL configuration is correct. · Use the display snmp-agent community command to check the ACL number referenced by the SNMP community name in the log message. Execute the display snmp-agent group and display snmp-agent usm-user commands to view the ACL number referenced by the SNMP username/group name in the log message. Then, execute the display acl command to review the configuration of the ACL. If the ACL configuration is incorrect, execute the rule command in ACL view to edit the filter rule in the ACL. · If the IP address is an invalid NMS IP address, no action is required. |
SNMP_AUTHENTICATION_FAILURE
|
Message text |
|
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
SNMP/4/SNMP_AUTHENTICATION_FAILURE: Failed to authenticate SNMP message. |
|
Impact |
The NMS cannot access the device. |
|
Cause |
The NMS initiates an SNMP request to the device, but fails to pass authentication. |
|
Recommended action |
Execute the display snmp-agent sys-info command to check the SNMP version used by the device. Different SNMP versions support different security authentication methods. · For SNMPv1 and SNMPv2c, authentication and encryption are not supported and community names are used for security authentication. The device and NMS must use the same community name. Execute the display snmp-agent community command to view the community name used on the device. To access the device from the NMS, use the same community name, or create a community on the device by using the snmp-agent community command and make sure the community name is the same as that on the NMS. · For SNMPv3, authentication and encryption are supported and the device and NMS must use the same security authentication parameters, including username, whether to authenticate, whether to encrypt, the password for authentication, and the password for encryption. Execute the display snmp-agent group and display snmp-agent usm-user commands to view the device's security authentication parameters. If they differ from those on the NMS, edit the NMS's security authentication parameters, or use the snmp-agent group and snmp-agent usm-user v3 commands to change the authentication parameters. |
SNMP_DISP_NODE
|
Message text |
Access to MIB name: [STRING], Type: [STRING], NMS IP: [STRING], ID: [STRING], Start time: [STRING] may be hunged |
|
Description |
NMS performs SNMP operations on the device, and the device takes too long to process the operations. |
|
Variable fields |
$1: MIB node name. $2: Operation type. Options are Get and Set. $3: IP address of the NMS. $4: SNMP packet ID. $5: Time when the device started to process the SNMP operation. |
|
Severity level |
5 (Notification) |
|
Example |
SNMP/5/SNMP_DISP_NODE: Access to MIBname:ifInDiscards, Type:Get, NMS IP:10.6.41.3, ID:7666285, Start time:01-07 09:48:37:710 may be hunged |
|
Impact |
No negative impact on the system. |
|
Cause |
NMS performs SNMP operations on the device, and the device takes an excessively long time to process the operations (over 60 seconds). · The device is processing other tasks and cannot process SNMP requests in time. · The SNMP process is busy and cannot process SNMP requests in time. |
|
Recommended action |
1. Locate and address device busy issues. a. Execute the display cpu-usage command to identify whether the system CPU usage is temporarily high. The possible cause of increase in CPU usage is that the device is under an attack or the device is processing a task that consumes significant CPU resources. b. If the CPU usage is high, execute the display process command to identify the process that causes the increase in CPU usage and continue locating the service module issue. 2. Troubleshoot SNMP process issues. For devices that support the display system internal snmp-agent operation in-progress command, execute the probe command in system view to enter probe view. Then, repeatedly execute the display system internal snmp-agent operation in-progress command to view information related to the SNMP operations the device is currently processing. ¡ If the Request ID in the output keeps changing, the SNMP process is continuously processing different requests, and the current SNMP process is busy. Please reduce the frequency of SNMP operations on the device by the NMS. ¡ If the Request ID in the output does not change, the SNMP process is continuously processing the same request, and the processing timed out. Perform the following tasks: Execute the undo snmp-agent and snmp-agent commands to restart the SNMP process and try to resolve the issue. Execute the display system internal snmp-agent operation timed-out and display system internal snmp-agent packet timed-out commands to check for time-consuming SNMP operations and the involved MIB nodes. Reduce or avoid similar operations. For devices that do not support the display system internal snmp-agent operation in-progress command, perform the following tasks: a. Execute the debugging snmp agent command to enable SNMP debugging. Then, perform SNMP get or set operations again to reproduce the issue before further locating the issue based on the debugging information. b. If the SNMP process is stuck and SNMP operations can't be continued to reproduce the issue, use the follow command in probe view to view the cause. Then, execute the undo snmp-agent and snmp-agent commands in sequence to restart the SNMP process and try to resolve the issue. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
SNMP_GET
|
Message text |
-seqNO=[UINT32]-srcIP=[STRING]-op=GET-node=[STRING]-value=[STRING]; The agent received a message. |
|
Variable fields |
$1: Sequence number of an SNMP operation log. $2: IP address of the NMS. $3: MIB object name and OID. $4: Value field of the request packet. |
|
Severity level |
6 (Informational) |
|
Example |
SNMP/6/SNMP_GET: -seqNO=1-srcIP=192.168.28.28-op=GET-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=; The agent received a message. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device has SNMP logging enabled and received a get request sent by the NMS. |
|
Recommended action |
No action is required. |
SNMP_NOTIFY
|
Message text |
Notification [STRING][STRING]. |
|
Variable fields |
$1: Notification name and OID. $2: Variable-binding field of notifications. ¡ If no MIB object exists, only notification name and OID are displayed. ¡ If MIB objects are included, " with " are displayed before the MIB object and OID. MIB objects are separated by semicolons (;). |
|
Severity level |
6 (Informational) |
|
Example |
SNMP/6/SNMP_NOTIFY: Notification hh3cLogIn(1.3.6.1.4.1.25506.2.2.1.1.3.0.1) with hh3cTerminalUserName(1.3.6.1.4.1.25506.2.2.1.1.2.1.0)=;hh3cTerminalSource(1.3.6.1.4.1.25506.2.2.1.1.2.2.0)=Console. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device has SNMP notifications feature and the device sent SNMP notifications to the NMS. |
|
Recommended action |
No action is required. |
SNMP_SET
|
Message text |
-seqNO=[UINT32]-srcIP=[STRING]-op=SET-errorIndex=[UINT32]-errorStatus=[STRING]-node=[STRING]-value=[STRING]; The agent received a message. |
|
Variable fields |
$1: Sequence number of an SNMP operation log. $2: IP address of the NMS. $3: Error index of the Set operation. $4: Error status of the Set operation. $5: MIB object name and OID. $6: Value of the MIB object changed by the Set operation. |
|
Severity level |
6 (Informational) |
|
Example |
SNMP/6/SNMP_SET: -seqNO=3-srcIP=192.168.28.28-op=SET-errorIndex=0-errorStatus=noError-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=Hangzhou China; The agent received a message. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device has SNMP logging enabled and received a get request sent by the NMS. |
|
Recommended action |
No action is required. |
SNMP_USM_NOTINTIMEWINDOW
|
Message text |
-User=[STRING]-IPAddr=[STRING]; SNMPv3 message is not in the time window. |
|
Variable fields |
$1: Username. $2: IP address of the NMS. |
|
Severity level |
4 (Warning) |
|
Example |
SNMP/4/SNMP_USM_NOTINTIMEWINDOW: -User=admin-IPAddr=169.254.0.7; SNMPv3 message is not in the time window. |
|
Impact |
No negative impact on the system. |
|
Cause |
When the timeout timer expires, the device still has not received an SNMPv3 response. |
|
Recommended action |
1. Resend SNMPv3 requests. 2. After re-establishing the SNMPv3 connection, retransmit the SNMPv3 request. If a response is received from the peer, no further processing is required. If not, proceed to step 3. 3. Ping the IP address of the NMS. If the ping operation fails, first identify the issue that causes the failure. 4. Identify whether the SNMP server on the NMS is operating correctly. If not, restart the SNMP server on the NMS. 5. If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help. |
SSHC messages
This section contains SSH client messages.
SSHC_CERT_VERIFY_FAIL
|
Message text |
Failed to verify the certificate because [STRING]. |
|
Variable fields |
$1: Failure reason: ¡ null certificate. ¡ null certificate name. ¡ unable to get issuer certificate. ¡ unable to get certificate CRL. ¡ unable to decrypt CRL's signature. ¡ certificate signature failure. ¡ CRL signature failure. ¡ unable to decrypt certificate's signature. ¡ certificate is not yet valid. ¡ certificate has expired. ¡ CRL is not yet valid. ¡ CRL has expired. ¡ format error in certificate's notBefore field. ¡ format error in certificate's notAfter field. ¡ format error in CRL's lastUpdate field. ¡ format error in CRL's nextUpdate field. ¡ out of memory. ¡ self signed certificate. ¡ self signed certificate in certificate chain. ¡ unable to verify the first certificate. ¡ certificate chain too long. ¡ certificate revoked. ¡ invalid CA certificate. ¡ invalid non-CA certificate (has CA markings). ¡ path length constraint exceeded. ¡ proxy path length constraint exceeded. ¡ proxy certificates not allowed, please set the appropriate flag. ¡ unsupported certificate purpose. ¡ certificate not trusted. ¡ certificate rejected. ¡ application verification failure. ¡ subject issuer mismatch. ¡ authority and subject key identifier mismatch. ¡ authority and issuer serial number mismatch. ¡ key usage does not include certificate signing. ¡ unable to get CRL issuer certificate. ¡ unhandled critical extension. ¡ key usage does not include CRL signing. ¡ key usage does not include digital signature. ¡ unhandled critical CRL extension. ¡ invalid or inconsistent certificate extension. ¡ invalid or inconsistent certificate policy extension. ¡ no explicit policy. ¡ Different CRL scope. ¡ CRL path validation error. ¡ unsupported or invalid name syntax. ¡ unsupported or invalid name constraint syntax. ¡ Suite B: certificate version invalid. ¡ Suite B: invalid public key algorithm. ¡ Suite B: invalid ECC curve. ¡ Suite B: invalid signature algorithm. ¡ Suite B: curve not allowed for this LOS. ¡ Suite B: cannot sign P-384 with P-256. ¡ Invalid certificate verification context. ¡ Issuer certificate lookup error. ¡ proxy subject name violation. |
|
Severity level |
5 (Notification) |
|
Example |
SSHC/5/SSHC_CERT_VERIFY_FAIL: Failed to verify the certificate because null certificate. |
|
Impact |
SSH user login fails or online SSH users are kicked offline. |
|
Cause |
SSH client certificate authentication failed. |
|
Recommended action |
Resolve the issue based on the failure reason. |
SSHS
This section contains SSH server messages.
SSHS_ACL_DENY
|
Message text |
The SSH Connection [IPADDR]([STRING]) request was denied according to ACL rules. |
|
Variable fields |
$1: IP address of the SSH client. $2: IP address of the SSH client in the VPN |
|
Severity level |
5 (Notification) |
|
Example |
SSHS/5/SSH_ACL_DENY: The SSH Connection 1.2.3.4(vpn1) request was denied according to ACL rules. |
|
Impact |
SSH client login failed |
|
Cause |
The device has access control configured for the SSH client, and the client's IP address is not within the permit range defined in the ACL |
|
Recommended action |
Confirm if the user corresponding to this IP address is unauthorized: · If yes, no action is required. · If not, modify the ACL configuration to include the client's IP address in the permit rules |
SSHS_ALGORITHM_MISMATCH
|
Message text |
SSH client [STRING] failed to log in because of [STRING] algorithm mismatch. |
|
Variable fields |
$1: IP address of the SSH client. $2: Algorithm type: ¡ encryption. ¡ key exchange. ¡ MAC. public key. |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_ALGORITHM_MISMATCH: SSH client 192.168.30.117 failed to log in because of encryption algorithm mismatch. |
|
Impact |
SSH client login failed |
|
Cause |
SSH client and server-side algorithms do not match |
|
Recommended action |
Modify the algorithm to make the SSH client and server use the same type of algorithm |
SSHS_AUTH_EXCEED_RETRY_TIMES
|
Message text |
SSH user [STRING] (IP: [STRING]) failed to log in, because the number of authentication attempts exceeded the upper limit. |
|
Variable fields |
$1: Username. $2: IP address of the SSH client. |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_AUTH_EXCEED_RETRY_TIMES: SSH user David (IP: 192.168.30.117) failed to log in, because the number of authentication attempts exceeded the upper limit. |
|
Impact |
The system may be under attack by unauthorized users |
|
Cause |
The maximum number of SSH user authentication attempts is reached |
|
Recommended action |
1. Check the log to see if the user is unauthorized: ¡ If so, modify the ACL configuration to exclude the unauthorized client's IP address from the permit rules ¡ If not, contact the administrator for the correct username and password. If the alarm persists, go to step 2 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
SSHS_AUTH_FAIL
|
Message text |
SSH user [STRING] (IP: [STRING]) didn't pass public key authentication for [STRING]. |
|
Variable fields |
$1: Username. $2: IP address of the SSH client. $3: Failure reason: · wrong public key algorithm. · wrong public key. · wrong digital signature. |
|
Severity level |
5 (Notification) |
|
Example |
SSHS/5/SSHS_AUTH_FAIL: SSH user David (IP: 192.168.30.117) didn't pass public key authentication for wrong public key algorithm. |
|
Impact |
SSH client login failed |
|
Cause |
SSH user failed public key authentication |
|
Recommended action |
Reason 1: wrong public key algorithm 1. Check if the SSH client authentication uses the DSA algorithm in FIPS mode: ¡ If so, switch to another supported algorithm. ¡ If not, If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. Reason 2: wrong public key 2. Check if the specified SSH user is configured with a public key using the display ssh user-information command: ¡ If not, configure it using the ssh user command. ¡ If yes, go to step 2. 3. Check if the configured public key matches the one specified on the client using the display public-key peer command: ¡ If not, import the specified public key to the device and configure it to the specified user using the ssh user command. ¡ If it matches, it may be due to mismatched public and private keys on the SSH client, regenerate the key pair on the SSH client. 4. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. Reason 3: wrong digital signature 1. Check the validity of the server's CA certificate and the client's local certificate. 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
SSHS_AUTH_SUCCESS
|
Message text |
SSH user [STRING] from [IPADDR] port [INTEGER] passed [STRING] authentication. |
|
Variable fields |
$1: Username. $2: User IP. $3: TCP source port. $4: Authentication method, with values keyboard-interactive, password, and publickey |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_AUTH_SUCCESS: SSH user ABC from 1.1.1.1 port 55361 passed keyboard-interactive authentication. |
|
Impact |
No negative impacts on the system. |
|
Cause |
SSH user authentication through |
|
Recommended action |
No action is required. |
SSHS_AUTH_TIMEOUT
|
Message text |
Authentication timed out for [IPADDR]. |
|
Variable fields |
$1: User IP. |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_AUTH_TIMEOUT: Authentication timed out for 1.1.1.1. |
|
Impact |
SSH user login authentication failed |
|
Cause |
SSH users did not complete authentication within the set authentication timeout period |
|
Recommended action |
Check if the SSH user authentication timeout is set too short by using the 'display ssh server status' command: · If it is not set too short, enter user information promptly to complete the authentication · If it is set too short, use the 'ssh server authentication-timeout' command to increase the authentication timeout |
SSHS_AUTHOR_FAIL
|
Message text |
Authorization failed for user [STRING] from [STRING] port [INT32]. |
|
Variable fields |
$1: Username. $2: IP address of the SSH client. $3: Port number. |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_AUTHOR_FAIL: Authorization failed for user David from 140.1.2.46 port 15000. |
|
Impact |
SSH user login fail |
|
Cause |
SSH user authorization fail |
|
Recommended action |
Check local user provisioning or authentication server configuration |
SSHS_CERT_VERIFY_FAIL
|
Message text |
Failed to verify the certificate because [STRING]. |
|
Variable fields |
$1: Failure reason: · null certificate. · null certificate name. · unable to get issuer certificate. · unable to get certificate CRL. · unable to decrypt CRL's signature. · certificate signature failure. · CRL signature failure. · unable to decrypt certificate's signature. · certificate is not yet valid. · certificate has expired. · CRL is not yet valid. · CRL has expired. · format error in certificate's notBefore field. · format error in certificate's notAfter field. · format error in CRL's lastUpdate field. · format error in CRL's nextUpdate field. · out of memory. · self signed certificate. · self signed certificate in certificate chain. · unable to verify the first certificate. · certificate chain too long. · certificate revoked. · invalid CA certificate. · invalid non-CA certificate (has CA markings). · path length constraint exceeded. · proxy path length constraint exceeded. · proxy certificates not allowed, set the appropriate flag. · unsupported certificate purpose. · certificate not trusted. · certificate rejected. · application verification failure. · subject issuer mismatch. · authority and subject key identifier mismatch. · authority and issuer serial number mismatch. · key usage does not include certificate signing. · unable to get CRL issuer certificate. · unhandled critical extension. · key usage does not include CRL signing. · key usage does not include digital signature. · unhandled critical CRL extension. · invalid or inconsistent certificate extension. · invalid or inconsistent certificate policy extension. · no explicit policy. · Different CRL scope. · CRL path validation error. · unsupported or invalid name syntax. · unsupported or invalid name constraint syntax. · Suite B: certificate version invalid. · Suite B: invalid public key algorithm. · Suite B: invalid ECC curve. · Suite B: invalid signature algorithm. · Suite B: curve not allowed for this LOS. · Suite B: cannot sign P-384 with P-256. · Invalid certificate verification context. · Issuer certificate lookup error. · proxy subject name violation. · Absence of basic Constraints extension. · failure to establish revocation status. |
|
Severity level |
5 (Notification) |
|
Example |
SSHS/5/SSHS_CERT_VERIFY_FAIL: Failed to verify the certificate because null certificate. |
|
Impact |
SSH user login failed or SSH user disconnected |
|
Cause |
SSH client certificate verification failed, see specific reasons in the variable fields. |
|
Recommended action |
Take corresponding actions based on the specific failure reasons indicated in the logs |
SSHS_CONNECT
|
Message text |
SSH user [STRING] (IP: [STRING]) connected to the server successfully. |
|
Variable fields |
$1: Username. $2: IP address of the SSH client. |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_CONNECT: SSH user David (IP: 192.168.30.117) connected to the server successfully. |
|
Impact |
No negative impacts on the system. |
|
Cause |
SSH user successfully logged in to the server |
|
Recommended action |
No action is required. |
SSHS_DECRYPT_FAIL
|
Message text |
The packet from [STRING] failed to be decrypted with [STRING]. |
|
Variable fields |
$1: IP address of the SSH client. $2: Encryption algorithm (such as aes256-cbc) |
|
Severity level |
5 (Notification) |
|
Example |
SSHS/5/SSHS_DECRYPT_FAIL: The packet from 192.168.30.117 failed to be decrypted with aes256-cbc. |
|
Impact |
SSH user login failure or disconnection |
|
Cause |
Packet decryption failure from SSH client |
|
Recommended action |
Configure the SSH user to try logging in again. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
SSHS_DISCONNECT
|
Message text |
SSH user [STRING] (IP: [STRING]) disconnected from the server. |
|
Variable fields |
$1: Username. $2: IP address of the SSH client. |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_DISCONNECT: SSH user David (IP: 192.168.30.117) disconnected from the server. |
|
Impact |
No negative impacts on the system. |
|
Cause |
SSH user exits the login |
|
Recommended action |
Check if the SSH client is unauthorized: · If yes, modify the ACL configuration to exclude the unauthorized client's IP address from the permit rules in the ACL, and update the user authentication configuration used by the client. · If not, no action is required. |
SSHS_ENCRYPT_FAIL
|
Message text |
The packet to [STRING] failed to be encrypted with [STRING]. |
|
Variable fields |
$1: IP address of the SSH client. $2: Encryption algorithm (such as aes256-cbc) |
|
Severity level |
5 (Notification) |
|
Example |
SSHS/5/SSHS_ENCRYPT_FAIL: The packet to 192.168.30.117 failed to be encrypted with aes256-cbc. |
|
Impact |
SSH user login failure or disconnection |
|
Cause |
Message encryption failed to be sent to the SSH client |
|
Recommended action |
SSH user to re-login and try again, If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
SSHS_LOG
|
Message text |
Authentication failed for user [STRING] from [STRING] port [INT32] because of invalid username or wrong password. Authorization failed for user [STRING] from [STRING] port [INT32]. |
|
Variable fields |
$1: IP address of the SSH client. $2: Username. $3: Port number. |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_LOG: Authentication failed for user David from 140.1.1.46 port 16266 because of invalid username or wrong password. SSHS/6/SSHS_LOG: Authorization failed for user David from 140.1.2.46 port 15000. |
|
Impact |
SSH users cannot log in to the SSH server |
|
Cause |
· Invalid SSH username · Incorrect SSH user login password |
|
Recommended action |
1. Check if the username meets the format requirements: ¡ If not, re-enter a username that meets the format requirements ¡ If it meets the requirements, go to step 2 2. Check if the login password is correct: ¡ If not, re-enter the correct password ¡ If correct, go to step 3 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
SSHS_MAC_ERROR
|
Message text |
SSH server received a packet with wrong message authentication code (MAC) from [STRING]. |
|
Variable fields |
$1: IP address of the SSH client. |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_MAC_ERROR: SSH server received a packet with wrong message authentication code (MAC) from 192.168.30.117. |
|
Impact |
SSH user login to fail or drop |
|
Cause |
SSH server side fails to verify the integrity of SSH client message |
|
Recommended action |
Configure the SSH users to log in again. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
SSHS_REACH_SESSION_LIMIT
|
Message text |
SSH client [STRING] failed to log in. The current number of SSH sessions is [NUMBER]. The maximum number allowed is ([NUMBER]). |
|
Variable fields |
$1: IP address of the SSH client. $2: SSH/Stelnet/SFTP/SCP/NETCONF $3: Total number of SSH sessions or various types of SSH sub-sessions (Stelnet/SFTP/SCP/NETCONF over SSH) $4: Total number of SSH sessions or various types of SSH sub-sessions allowed by the device (Stelnet/SFTP/SCP/NETCONF over SSH) |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_REACH_SESSION_LIMIT: SSH client 192.168.30.117 failed to log in. The current number of SSH sessions is 10. The maximum number allowed is (10). |
|
Impact |
SSH client login to server failed |
|
Cause |
SSH client login failed, maximum number of SSH sessions reached |
|
Recommended action |
1. Increase the upper limit by executing the aaa session-limit ssh command 2. If the maximum user connection limit is already configured to the maximum value, you can take offline idle clients to allow new SSH users to come online 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
SSHS_REACH_USER_LIMIT
|
Message text |
SSH client [STRING] failed to log in, because the number of users reached the upper limit. |
|
Variable fields |
$1: IP address of the SSH client. |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_REACH_USER_LIMIT: SSH client 192.168.30.117 failed to log in, because the number of users reached the upper limit. |
|
Impact |
SSH client login failed |
|
Cause |
Number of VTY users on SSH server has reached the upper limit of allowed users |
|
Recommended action |
Use the display users command to check for idle subscriber lines, then use the free line vty command to release idle VTY subscriber lines, allowing new SSH users to connect |
SSHS_SCP_DISCONNECT
|
Message text |
SCP user [STRING] (IP: [STRING]) disconnected from the server, reason: [STRING]. |
|
Variable fields |
$1: Username. $2: SCP client IP address $3: Disconnect reason: · User logout: User actively exits the login · Forced logout by administrator: Administrator forces user exit |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_SCP_DISCONNECT: SCP user David (IP: 192.168.30.117) disconnected from the server, reason: User logout. |
|
Impact |
No negative impacts on the system. |
|
Cause |
SCP client log out |
|
Recommended action |
Check if the SCP client is an unauthorized client: · If so, modify the ACL configuration to exclude the unauthorized client's IP address from the ACL permit rules, and modify the user authentication configuration used by the client · If not, no action is required. |
SSHS_SCP_OPER
|
Message text |
User [STRING] at [IPADDR] requested operation: [STRING]. |
|
Variable fields |
$1: Username. $2: User IP. $3: User request content, including file operation information · get file "name": Download a file named name · put file "name": Upload a file named name |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_SCP_OPER: -MDC=1; User user1 at 1.1.1.1 requested operation: put file "aa". |
|
Impact |
No negative impacts on the system. |
|
Cause |
SCP server receives SCP user request to execute related operations |
|
Recommended action |
No action is required. |
SSHS_SFTP_DISCONNECT
|
Message text |
SFTP user [STRING] (IP: [STRING]) disconnected from the server, reason: [STRING]. |
|
Variable fields |
$1: Username. $2: IP address of the SFTP client. $3: Disconnection reason: · User logout. · Timeout. · Forced logout by admin: Administrator forced user logout |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_SFTP_DISCONNECT: SFTP user David (IP: 192.168.30.117) disconnected from the server, reason: Timeout. |
|
Impact |
No negative impacts on the system. |
|
Cause |
SFTP client logout |
|
Recommended action |
Check if the SFTP client is an unauthorized client: · If it is, modify the ACL configuration to exclude the unauthorized client's IP address from the ACL permit rule and modify the user authentication configuration used by the client · If not, no action is required. |
SSHS_SFTP_OPER
|
Message text |
User [STRING] at [IPADDR] requested operation: [STRING]. |
|
Variable fields |
$1: Username. $2: User IP. $3: User requests content, including file operations and directory operations · open dir "path": Open directory path · open "file" (attribute code code) in MODE mode: Open file file in MODE mode, with attribute code code · remove file "path": Delete file path · mkdir "path" (attribute code code): Create new directory path with attribute code code · rmdir "path": Delete directory path · rename old "old-name" to new "new-name": Change the name of old file or folder from old-name to new-name |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_SFTP_OPER: User user1 at 1.1.1.1 requested operation: open dir "flash:/". |
|
Impact |
No negative impacts on the system. |
|
Cause |
SFTP server receives SFTP user requests to perform related operations |
|
Recommended action |
No action is required. |
SSHS_SRV_UNAVAILABLE
|
Message text |
The [STRING] server is disabled or the [STRING] service type is not supported. |
|
Variable fields |
$1: Service type. Options include Stelnet, SCP, SFTP, and NETCONF. |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_SRV_UNAVAILABLE: The SCP server is disabled or the SCP service type is not supported. |
|
Impact |
Server is disconnecting, SSH user login to SSH server failed |
|
Cause |
Stelnet/SCP/SFTP/NETCONF over SSH service is unavailable or the class type is not supported |
|
Recommended action |
1. Check if the corresponding SSH class type is enabled: ¡ If not enabled, enable the corresponding service. ¡ If already enabled, go to step 2 2. Execute the ssh user command in the device system view to modify the SSH user's class type to match the client type |
SSHS_VERSION_MISMATCH
|
Message text |
SSH client [STRING] failed to log in because of version mismatch. |
|
Variable fields |
$1: IP address of the SSH client. |
|
Severity level |
6 (Informational) |
|
Example |
SSHS/6/SSHS_VERSION_MISMATCH: SSH client 192.168.30.117 failed to log in because of version mismatch. |
|
Impact |
No negative impacts on the system. |
|
Cause |
SSH client and server SSH version numbers do not match |
|
Recommended action |
1. Execute the 'display ssh server status' command on the device to check the SSH version field for confirmation of SSH version: ¡ If SSH version displays as 1.99, it means the device is compatible with SSH1 client, go to step 2 ¡ If SSH version displays as 2.0, execute the 'ssh server compatible-ssh1x enable' command on the device to enable compatibility with SSH1 client 2. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
SSL VPN messages
This section contains SSL VPN messages.
SSLVPN_HTTP_BIND_ADDRESS_INUSED
|
Message text |
Failed to bind TCP connection [STRING]/[UINT32] to VPN instance [UINT32] because the address was already used. |
|
Variable fields |
$1: IP address to be bound. $2: Port number to be bound. $3: VPN instance index. |
|
Severity level |
3 (Error) |
|
Example |
SSLVPN/3/SSLVPN_HTTP_BIND_ADDRESS_INUSED: Failed to bind TCP connection 192.168.30.117/10000 to VPN instance 0 because the address was already used. |
|
Impact |
The SSL VPN user failed to access the gateway. |
|
Cause |
Failed to bind the VPN instance with the IP address and the port number because the IP address to be bound has been used and cannot be reused. |
|
Recommended action |
Use display tcp-proxy to identify available IP addresses and then use an IP address that is not used or can be reused to perform the binding task again. |
SSLVPN_HTTP_BIND_PORT_ALLOCETED
|
Message text |
Failed to bind TCP connection [STRING]/[UINT32] to VPN instance [UINT32] because the port was already allocated. |
|
Variable fields |
$1: IP address to be bound. $2; Port number to be bound. $3: VPN instance index. |
|
Severity level |
3 (Error) |
|
Example |
SSLVPN/3/ SSLVPN_HTTP_BIND_PORT_ALLOCETED: Failed to bind TCP connection 192.168.30.117/10000 to VPN instance 0 because the port was already allocated. |
|
Impact |
The SSL VPN user failed to access the gateway. |
|
Cause |
Failed to bind the VPN instance with the IP address and the port number because the port number to be bound has been allocated. |
|
Recommended action |
Use display tcp-proxy port-info and display ipv6 tcp-proxy port-info to identify available port numbers, and then perform the binding task again. |
SSLVPN_IP_RESOURCE_DENY
|
Message text |
User [STRING] of gateway [STRING] from [STRING] and virtual address [STRING] denied to access [STRING]:[STRING]. |
|
Variable fields |
$1: Username. $2: SSL VPN gateway name. $3: User IP address. $4: Virtual IP address for user login. $5: IP address of the requested resource. $6: Port number of the requested resource. |
|
Severity level |
6 (Informational) |
|
Example |
SSLVPNK/6/SSLVPN_IP_RESOURCE_DENY: User abc of gateway ctx1 from 192.168.200.130 and virtual address 10.1.1.10 denied to access 10.1.1.255:137. |
|
Impact |
The user failed to access IP resources. |
|
Cause |
A user was denied access to specific IP resources, which is possibly caused by ACL-based access filtering. |
|
Recommended action |
Verify that access to the requested resource is not denied by the ACL rules used for IP access filtering. |
SSLVPN_IP_RESOURCE_FAILED
|
Message text |
User [STRING] of gateway [STRING] from [STRING] and virtual address [STRING] failed to access [STRING]:[STRING]. |
|
Variable fields |
$1: Username. $2: SSL VPN gateway name. $3: User IP address. $4: Virtual IP address for user login. $5: IP address of the requested resource. $6: Port number of the requested resource. |
|
Severity level |
6 (Informational) |
|
Example |
SSLVPNK/6/SSLVPN_IP_RESOURCE_FAILED: User abc of gateway ctx1 from 192.168.200.130 and virtual address 10.1.1.10 failed to access 10.1.1.255:137. |
|
Impact |
The user failed to access IP resources. |
|
Cause |
The user failed to access IP resources, which is caused by network issues. |
|
Recommended action |
Verify that a route is available to reach the requested IP resource. |
SSLVPN_IP_RESOURCE_PERMIT
|
Message text |
User [STRING] of gateway [STRING] from [STRING] and virtual address [STRING] permitted to access [STRING]:[STRING]. |
|
Variable fields |
$1: Username. $2: SSL VPN gateway name. $3: User IP address. $4: Virtual IP address for user login. $5: IP address of the requested resource. $6: Port number of the requested resource. |
|
Severity level |
6 |
|
Example |
SSLVPN/6/SSLVPN_IP_RESOURCE_PERMIT: User abc of gateway gw1 from 192.168.200.130 and virtual address 10.1.1.10 permitted to access 10.1.1.255:137. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user accessed IP resources. |
|
Recommended action |
No action is required. |
SSLVPN_IPAC_ALLOC_ADDR_FAIL
|
Message text |
Failed to allocate [STRING] address to user [STRING] at [STRING] in gateway [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: Route version: · IPv4 · IPv6 $2: Username. $3: User IP address. $4: SSL VPN gateway name. $5: Reason why the SLS VPN gateway failed to allocate an IP address to the user. Options are: · Failed to obtain system resource data. · No address is available in the address pool. · Failed to obtain address pool. · Available addresses in the address pool have been bound to other users. |
|
Severity level |
6 (Informational) |
|
Example |
SSLVPN/6/SSLVPN_IPAC_ALLOC_ADDR_FAIL: Failed to allocate IPv4 address to user user1 at 10.1.1.100 in gateway gw. Reason: No address is available in the address pool. |
|
Impact |
The SSL VPN failed to assign an IP address to the vNIC on the IP access client. |
|
Cause |
The SSL VPN gateway failed to allocate an IP address to the IP access user, which is possibly caused the following: · The device is operating correctly. · The address pool is not configured. · No address available. · The IP address to be assigned has been used. |
|
Recommended action |
Troubleshoot the issue based on the displayed cause. |
SSLVPN_IPAC_ALLOC_ADDR_SUCCESS
|
Message text |
[STRING] address [STRING] successfully allocated to user [STRING] at [STRING] in gateway [STRING]. |
|
Variable fields |
$1: Route version: ¡ IPv4 ¡ IPv6 $2: IP address. $3: Username. $4: User IP address. $5: SSL VPN gateway name. |
|
Severity level |
6 (Informational) |
|
Example |
SSLVPN/6/SSLVPN_IPAC_ALLOC_ADDR_SUCCESS: IPv4 address 10.1.1.1 successfully allocated to user user1 at 10.1.1.100 in gateway gw. |
|
Impact |
No negative impact on the system. |
|
Cause |
When an IP access user successfully connects to the SSL VPN gateway by using the IP address assigned to the vNIC on the SSL VPN client , the device logs the successful IP assignment. |
|
Recommended action |
No action is required. |
SSLVPN_IPAC_CONN_CLOSE
|
Message text |
IP connection was [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: Connection close type. Options are: · closed. · aborted. $2: Reason why the connection was closed. Options are: · User logout. · Failure to find peer. · Handshake failed. · Change of IP address pool. · Failure to receive data. · Local retransmission timeout. · Local keepalive timeout. · Local probe timeout. · Received FIN from peer. · Received RST from peer. · No authorized policy group. · Allocated address was bound to another user. · Failure to update client configuration. · Deleted old peer. · Failure to add peer. · Other. |
|
Severity level |
6 (Informational) |
|
Example |
SSLVPNK/6/SSLVPN_IPAC_CONN_CLOSE: IP connection was closed. Reason: User logout. |
|
Impact |
The connection to the IP access service is terminated. |
|
Cause |
The reason for the close of an IP connection was logged. |
|
Recommended action |
Troubleshoot the issue based on the displayed cause. |
SSLVPN_IPAC_PACKET_DROP
|
Message text |
Dropped [STRING] IP connection [STRING] packets in gateway [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: Number of dropped packets. $2: Connection direction: · request. · reply. $3: SSL VPN gateway name. $4: Reason for the packet drop: · Buffer insufficient. · Gateway rate limit. |
|
Severity level |
6 (Informational) |
|
Example |
SSLVPN/6/SSLVPN_IPAC_PACKET_DROP: Dropped 164 IP connection reply packets in gateway gw. Reason: Gateway rate limit. |
|
Impact |
Packet drops occur on the IP access service. |
|
Cause |
Packet drop information was logged when packet drops occur on the IP access service. |
|
Recommended action |
Identify whether the gateway rate limit is configured or the buffer is insufficient . |
SSLVPN_IPAC_RELEASE_ADDR_SUCCESS
|
Message text |
User [STRING] at [STRING] in gateway [STRING] released [STRING] address [STRING]. |
|
Variable fields |
$1: Username. $2: User IP address. $3: SSL VPN gateway name. $4: Route version: ¡ IPv4 ¡ IPv6 $5: IP address that the SSL VPN gateway allocated to a user. |
|
Severity level |
6 (Informational) |
|
Example |
SSLVPNK/6/SSLVPN_IPAC_RELEASE_ADDR_SUCCESS: User abc at 10.1.1.1 in gateway gw released IPv4 address 10.1.1.100. |
|
Impact |
No negative impact on the system. |
|
Cause |
The SSL VPN gateway successfully released the IP address allocated to the vNIC on the IP access client. |
|
Recommended action |
No action is required. |
SSLVPN_SERVICE_UNAVAILABLE
|
Message text |
SSL VPN service was unavailable. Reason: [STRING]. |
|
Variable fields |
$1: Reason why the SSL VPN service was unavailable. Options include SSL VPN gateway not enabled. |
|
Severity level |
6 (Informational) |
|
Example |
SSLVPNK/6/SSLVPN_SERVICE_UNAVAILABLE: SSL VPN service was unavailable. Reason: SSL VPN gateway not enabled. |
|
Impact |
The SSL VPN service is not available. |
|
Cause |
The reason for the unavailability of an SSL VPN service was logged. |
|
Recommended action |
Enter the SSL VPN gateway view and use the service ipv4 enable command to enable the gateway. |
SSLVPN_USER_LOGIN
|
Message text |
User [STRING] of gateway [STRING] logged in from [STRING]. |
|
Variable fields |
$1: Username. $2: SSL VPN gateway name. $3: User IP address. |
|
Severity level |
5 (Notification) |
|
Example |
SSLVPN/5/SSLVPN_USER_LOGIN: User abc of gateway ctx logged in from 192.168.200.31. |
|
Impact |
No negative impact on the system. |
|
Cause |
A user logged in to an SSL VPN gateway. |
|
Recommended action |
No action is required. |
SSLVPN_USER_LOGINFAILED
|
Message text |
User [STRING] of gateway [STRING] failed to log in from [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: Username. $2: SSL VPN gateway name. $3: User IP address. $4: Reason for the login failure: · Authentication failed. · Authorization failed, reason: the authorizing process has failed. · Accounting failed, reason: the accounting process has failed. · Number of online users exceeded the limit. · Failed to get SMS message code from iMC server. · Maximum number of concurrent online connections for the user already reached. · Login timed out. · The authentication server is not reachable. · The authorization server is not reachable. · The accounting server is not reachable. · Authentication failed, reason: incorrect username or password or an internal error has occurred on the authentication server. · Authentication failed, reason: internal system error. · Authorization failed, reason: internal system error. · Accounting failed, reason: internal system error. · Authentication failed, reason: The account expires · Other. |
|
Severity level |
5 (Notification) |
|
Example |
SSLVPN/5/SSLVPN_USER_LOGINFAILED: User abc of gateway ctx failed to log in from 192.168.200.31. |
|
Impact |
The user failed to log in to the SSL VPN gateway. |
|
Cause |
The user failed to log in to the SSL VPN gateway. |
|
Recommended action |
Troubleshoot the issue based on the displayed failure cause. |
SSLVPN_USER_LOGOUT
|
Message text |
User [STRING] of gateway [STRING] logged out from [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: Username. $2: SSL VPN gateway name. $3: User IP address. $4: Reason for user logout: · Idle timeout. · A logout request was received from the Web browser. · A logout request was received from the client. · Forced logout. · A new login was attempted and logins using the account reach the maximum. · Accounting update failed. · Accounting session timed out. · Interface went down. · ADM request was received. · Idle cut for traffic not reach the minimum required amount. |
|
Severity level |
5 (Notification) |
|
Example |
SSLVPN/5/SSLVPN_USER_LOGOUT: User abc of gateway ctx logged out from 192.168.200.31. Reason: A logout request was received from the Web browser. |
|
Impact |
No negative impact on the system. |
|
Cause |
The user logged out of an SSL VPN gateway. |
|
Recommended action |
Troubleshoot the issue based on the displayed cause. |
SSLVPN_USER_NUMBER
|
Message text |
The number of SSL VPN users reached the upper limit. |
|
Variable fields |
None. |
|
Severity level |
6 (Informational) |
|
Example |
SSLVPN/6/SSLVPN_USER_NUMBER: The number of SSL VPN users reached the upper limit. |
|
Impact |
No negative impact on the system. |
|
Cause |
The number of SSL VPN users reached the upper limit. |
|
Recommended action |
No action is required. |
STAMGR messages
This section contains station management messages.
STAMGR_ADD_FAILVLAN
|
Message text |
|
|
Variable fields |
$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: ID of the Fail VLAN. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
No negative impact on the system. |
|
Cause |
The client failed to pass the authentication and was assigned to the Auth-Fail VLAN. The notification is not available for 802.1X. |
|
Recommended action |
No action is required. |
STAMGR_AUTHORACL_FAILURE
|
Message text |
|
|
Variable fields |
$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: ACL number. $6: Reason: · This type of ACL is not supported. · The memory resource is not enough. · The ACL conflicts with other ACLs. · The ACL doesn't contain any rules. · The OpenFlow tunnel was not established. · The OpenFlow table is full. · Unknown reason. Error code code was returned. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
You cannot authorize the specified ACL rule. |
|
Cause |
See xxx. |
|
Recommended action |
· Modify the ACL configuration based on the failure reason displayed. · If the memory is insufficient, release memory resources. For example, execute the logfile save command to manually save the content in the log file cache to the log file to release the memory resources in the cache, and then execute the display memory command to view the memory usage. ¡ If the memory usage is still above the threshold, execute the display process command to view the memory usage of user-space processes. If a process uses a lot of memory, you can enable or disable the corresponding software feature to free up memory. ¡ If the memory usage drops below the alarm threshold, the alarm is cleared, and the TCL monitor policy continues to take effect. No other action is required. · If the issue persists, collect alarm and configuration information, and contact Technical Support. |
STAMGR_AUTHORUSERPROFILE_FAILURE
|
Message text |
-SSID=[STRING]-UserMAC=[STRING]-APName=[STRING]-RadioID=[STRING]; Failed to assign user profile [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: Name of the authorization user profile. $6: Failure cause: · The user profile doesn’t exist. · No user profiles are created on the device. · The memory resource is not enough. · The OpenFlow tunnel was not established. · Unknown reason. Error code code was returned. |
|
Severity level |
5 (Notification) |
|
Example |
STAMGR/5/STAMGR_AUTHORUSERPROFILE_FAILURE: -SSID=1 -UserMAC=429f-ea7d-ac12-APName=ap1-RadioID=1; Failed to assign a user profile h.Reason: The user profile doesn't exist. |
|
Impact |
You cannot authorize the specified user profile. |
|
Cause |
See xxx. |
|
Recommended action |
· Modify the user profile configuration based on the failure reason displayed. · If the memory is insufficient, release memory resources. For example, execute the logfile save command to manually save the content in the log file cache to the log file to release the memory resources in the cache, and then execute the display memory command to view the memory usage. ¡ If the memory usage is still above the threshold, execute the display process command to view the memory usage of user-space processes. If a process uses a lot of memory, you can enable or disable the corresponding software feature to free up memory. ¡ If the memory usage drops below the alarm threshold, the alarm is cleared, and the TCL monitor policy continues to take effect. No other action is required. · If the issue persists, collect alarm and configuration information, and contact Technical Support. |
STAMGR_BSS_FAILURE
|
Message text |
-APID=[STRING]-RadioID=[STRING]-WLANID=[STRING]-ST Name=[STRING]; The number of BSSs exceeded the upper limit. |
|
Variable fields |
$1: AP ID. $2: Radio ID. $3: WLAN ID. $4: Service template name. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR/6/SERVICE_BSS_FAILURE: -APID=1-RadioID=2-WLANID=3-ST Name=1; The number of BSSs exceeded the upper limit. |
|
Impact |
New BSSs cannot be created. |
|
Cause |
A large number of APs join the group, causing the number of BSSs exceeding the upper limit. |
|
Recommended action |
Delete unnecessary BSSs. |
STAMGR_CLEINT_BSS_MAXCOUNT
|
Message text |
SSID=[STRING]-APName=[STRING]-RadioID=[STRING]; Number of associated clients reached the upper limit allowed by the BSS. |
|
Variable fields |
$1: SSID defined in the service template. $2: Name of the AP associated with the client. $3: ID of the radio associated with the client. |
|
Severity level |
5 (Notification) |
|
Example |
STAMGR/5/STAMGR_CLIENT_BSS_MAXCOUNT: SSID=test-wifi-APName=ap1-RadioID=2; Number of associated clients reached the upper limit allowed by the BSS. |
|
Impact |
New clients cannot access the wireless service. |
|
Cause |
The number of associated clients reached the upper limit allowed by the BSS. |
|
Recommended action |
Create a new BSS. |
STAMGR_CLIENT_FAILURE
|
Message text |
Client [STRING] failed to come online from BSS [STRING] with SSID [STRING] on AP [STRING] Radio ID [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: Reasons for the client's failure to come online. Table 13 describes the possible reasons. |
|
Severity level |
5 (Notification) |
|
Example |
STAMGR/5/STAMGR_CLIENT_FAILURE: Client 3303-c2af-b8d2 failed to come online from BSS 0023-12ef-78dc with SSID 1 on AP ap1 Radio ID 1. Reason: Unknown reason. |
|
Impact |
Clients cannot access or use the wireless network. |
|
Cause |
See Table 13. |
|
Recommended action |
To resolve the issue: 1. Select the processing method based on the failure reason. For more information, see Table 13. 2. If the issue persists, collect alarm, log, and configuration information, and contact Technical Support |
Table 13 Possible failure reasons
|
Possible reasons |
Recommended action |
|
Unknown error. |
No action is required. |
|
Failed to process open authentication packet from the client. |
Examine the open-system authentication configuration. |
|
Failed to send responses when the AC successfully processed open authentication packet from the client. |
Examine the open-system authentication configuration. |
|
Failed to create state timer when the AC received authentication packet in Unauth state. |
No action is required. |
|
Failed to refresh state timer when the AC received authentication packet in Unauth state. |
No action is required. |
|
Received association packet Unauth state. |
No action is required. |
|
Received deauthentication packet with reason code code in Unauth state: · 1: Unknown reason. · 3: Client is removed from BSS and is deauthenticated. · 6: Incorrect frame. · 9: Received association or reassociation request before authentication is complete. · 13: Invalid IE. |
No action is required. |
|
Received dissociation packet with reason code code in Unauth state: · 1: Unknown reason. · 2: Prior authentication is invalid. · 4: Inactivity timer expired. · 5: Insufficient resources. · 7: Incorrect frame. · 8: Client is removed from BSS and is disassociated. · 10: Failed to negotiate the Power Capability IE. · 11: BSS management switchover. |
No action is required. |
|
Received Auth failure packet in Unauth state. |
No action is required. |
|
Received state timer timeout in Unauth state. |
No action is required. |
|
Received deauthentication packet with reason code code in Auth state: · 1: Unknown reason. · 3: Client is removed from BSS and is deauthenticated. · 6: Incorrect frame. · 9: Received association or reassociation request before authentication is complete. · 13: Invalid IE. |
No action is required. |
|
Received authentication packet with inconsistent authentication algorithm or shared key in Auth state. |
No action is required. |
|
Received state timer timeout in Auth state. |
No action is required. |
|
Failed to process Add Mobile message when client association succeeded in Auth state. |
No action is required. |
|
Received inconsistent authentication algorithm or share key in Userauth state. |
No action is required. |
|
Failed to check association request when the AC received association packet in Userauth state. |
No action is required. |
|
Failed to process IE when the AC received association packet in Userauth state. |
No action is required. |
|
Failed to send association responses when the AC received association packet in Userauth state. |
No action is required. |
|
Failed to process Add Mobile message when client association succeeded in Userauth state. |
No action is required. |
|
Received deauthentication packet with reason code code in Userauth state: · 1: Unknown reason. · 3: Client is removed from BSS and is deauthenticated. · 6: Incorrect frame. · 9: Received association or reassociation request before authentication is complete. · 13: Invalid IE. |
No action is required. |
|
Received dissociation packet with reason code code in Userauth state: · 1: Unknown reason. · 2: Prior authentication is invalid. · 4: Inactivity timer expired. · 5: Insufficient resources. · 7: Incorrect frame. · 8: Client is removed from BSS and is disassociated. · 10: Failed to negotiate the Power Capability IE. |
No action is required. |
|
Client authentication failed in Userauth state. |
No action is required. |
|
Failed to get backup client data while using AP private data to upgrade client. |
No action is required. |
|
Failed to set kernel forwarding table while using AP private data to upgrade client. |
No action is required. |
|
Failed to add MAC while using AP private data to upgrade client. |
No action is required. |
|
Failed to create keepalive and idle timeout timers while using AP private data to upgrade client. |
No action is required. |
|
Failed to set kernel forwarding table while upgrading client without using AP private data. |
No action is required. |
|
Failed to add MAC while upgrading client without using AP private data. |
No action is required. |
|
Failed to activate client while upgrading client without using AP private data. |
No action is required. |
|
Failed to synchronize client information to configuration thread while upgrading client without using AP private data. |
No action is required. |
|
Failed to create keepalive and idle timeout timers while upgrading client without using AP private data. |
No action is required. |
|
Failed to add MAC during inter-device client smooth creation. |
No action is required. |
|
Failed to set kernel forwarding table during inter-device client smooth creation. |
No action is required. |
|
Failed to send Add Mobile message during inter-device client smooth creation. |
No action is required. |
|
Failed to get AP type during inter-device client smooth creation. |
No action is required. |
|
Failed to recover service data while recovering running client data from database. |
No action is required. |
|
Failed to synchronize data to service thread while recovering basic client data from database. |
No action is required. |
|
Failed to add MAC when hierarchy device received upstream Add Mobile message. |
No action is required. |
|
Failed to set kernel forwarding table when hierarchy device received upstream Add Mobile message. |
No action is required. |
|
Failed to synchronize upstream message when hierarchy device received upstream Add Mobile message. |
No action is required. |
|
Failed to create client when hierarchy device received upstream Add Mobile message. |
No action is required. |
|
Failed to add MAC when hierarchy device received downstream Add Mobile message. |
No action is required. |
|
Failed to synchronize data to service thread when hierarchy device received downstream Add Mobile message. |
No action is required. |
|
Failed to set kernel forwarding table when hierarchy device received downstream Add Mobile message. |
No action is required. |
|
Failed to send down add pbss to driver when hierarchy device received downstream Add Mobile message. |
No action is required. |
|
Failed to synchronize downstream message when hierarchy device received downstream Add Mobile message. |
No action is required. |
|
Failed to create client when hierarchy device received downstream Add Mobile message. |
No action is required. |
|
Failed to create interval statistics timer when hierarchy device received downstream Add Mobile message. |
No action is required. |
|
Failed to obtain AP private data when hierarchy device received downstream Add Mobile message. |
No action is required. |
|
Failed to advertise Add Mobile message. |
No action is required. |
|
Failed to activate client when hierarchy device received downstream client state synchronization message. |
No action is required. |
|
Failed to get AP type when hierarchy device received downstream client state synchronization message. |
No action is required. |
|
Failed to synchronize downstream message when hierarchy device received downstream client state synchronization message. |
No action is required. |
|
The radio was in down state when hierarchy device received downstream Add Mobile message. |
No action is required. |
|
Hierarchy device failed to process the upstream Add Mobile message. |
No action is required. |
|
Hierarchy device failed to process downstream Add Mobile message. |
No action is required. |
|
Failed to process service thread during inter-device client smooth creation. |
No action is required. |
|
Failed to create client when inter-device smooth. |
No action is required. |
|
Failed to process upstream client state synchronization message in Userauth state. |
No action is required. |
|
Failed to process downstream client state synchronization message in Userauth state. |
No action is required. |
|
Hierarchy device failed to process upstream client state synchronization message. |
No action is required. |
|
Hierarchy device failed to process downstream client state synchronization message. |
No action is required. |
|
AC received message for deleting the client entry. |
No action is required. |
|
Fit AP received message for deleting the client. |
No action is required. |
|
Different old and new region codes. |
Examine the region code configuration. |
|
Failed to update IGTK. |
No action is required. |
|
Failed to update GTK. |
No action is required. |
|
Failed to generate IGTK when the first client came online. |
No action is required. |
|
TKIP is used to authenticate all clients. |
No action is required. |
|
Channel changed. |
No action is required. |
|
BssDelAllSta event logged off client normally. |
No action is required. |
|
AP down. |
Connect the client to an online AP. |
|
Radio down. |
Connect the client to an enabled radio. |
|
Service template disabled. |
Make the client come online from an enabled service template. |
|
Service template unbound. |
Bind the wireless service again. |
|
Created BSS during masterAC switchover process. |
No action is required. |
|
Updated BSS base information when BSS was in deactive state. |
No action is required. |
|
Intrusion protection. |
No action is required. |
|
Local AC or AP deleted BSS |
No action is required. |
|
BssDelAllSta event logged off client abnormally. |
No action is required. |
|
Received VLAN deleted event. |
Connect the client to a VLAN that is in use. |
|
CM received message for logging off client from AM. |
No action is required. |
|
The reset wlan client command was executed to log off the client. |
No action is required. |
|
Deleted private data on AP: DBM database recovered |
No action is required. |
|
Failed to synchronize authentication succeeded message downstream. |
No action is required. |
|
Client RSSI was lower than the threshold and was decreasing. |
No action is required. |
|
Configured whitelist for the first time or executed the reset wlan client all command |
No action is required. |
|
Received client offline websocket message |
No action is required. |
|
WMAC logged off all clients associated with the radio. |
No action is required. |
|
Timer for sending deassociation message timed out. |
No action is required. |
|
The client is in blacklist or deleted from whitelist. |
Examine the allowlist or denylist configuration. |
|
Client was added to the dynamic blacklist. |
Examine the denylist configuration. |
|
Failed to roam out. |
Examine the roaming configuration. |
|
Implemented inter-AC roaming for the first time. |
No action is required. |
|
Successfully roamed to another BSS. |
No action is required. |
|
Failed to roam in. |
Examine the roaming configuration. |
|
Roaming process received a message for logging off the client. |
No action is required. |
|
Roaming process processed Down event and logged off roam-in clients. |
No action is required. |
|
Roaming failure. |
Examine the roaming configuration. |
|
Successfully performed roaming but failed to recover authentication data. |
No action is required. |
|
Roaming timed out. |
Examine the roaming configuration. |
|
Seamless roaming failed. |
Examine the roaming configuration. |
|
Logged off clients that performed inter- or intra-AC roaming. |
No action is required. |
|
Failed to process AccessCtrlChk. Configure permitted AP group or permitted SSID. |
No action is required. |
|
Synchronized client information to process and logged off client. |
No action is required. |
|
Failed to synchronize client state to uplinkdevices. |
No action is required. |
|
Local AC or remote AP received Add Mobile message updated BSS and logged off clients. |
No action is required. |
|
Upgraded HA and logged off all clients. |
No action is required. |
|
Synchronized BSS data during master/backup AC switchover process. |
No action is required. |
|
Failed to synchronize service template data during master/backup AC switchover process. |
No action is required. |
|
BSS aging timer timed out. |
No action is required. |
|
Remote AP deleted non-local forwarding BSS. |
No action is required. |
|
Failed to find configuration data when synchronizing data. |
No action is required. |
|
BSS was deleted: BSS synchronization examination failed or there was no BSS data to be updated. |
No action is required. |
|
Failed to get BSS by using WLAN ID. |
Examine the VLAN configuration for the wireless service. |
|
Unbound inherited service template. |
No action is required. |
|
STAMGR process was down automatically or manually. |
No action is required. |
|
Deleted redundant clients. |
No action is required. |
|
Failed to process authorized doing nodes. |
No action is required. |
|
Authorization failed. |
Examine the authorization configuration. |
|
NSS value in Operating Mode Notification Action packet doesn't support mandatory VHT-MCS. |
No action is required. |
|
Number of sent SA requests exceeded the permitted threshold. |
No action is required. |
|
Number of associated clients exceed the upper limit allowed by the AP. |
No action is required. |
|
Number of associated clients exceed the upper limit allowed by the AC. |
No action is required. |
|
Number of associated clients exceed the upper limit allowed by channel usage. |
No action is required. |
|
Deauthenticated by WIPS countermeasure. |
No action is required. |
|
Local AC came online again and deleted all clients associated with the BSS. |
No action is required. |
|
Failed to upgrade hot-backup. |
No action is required. |
|
The illegally created BSS was deleted. |
No action is required. |
|
Failed to process requests when receiving UserAuth Success message. |
No action is required. |
|
Failed to get AP type when receiving UserAuth Successful message. |
No action is required. |
|
Failed to notify client of the recovery of basic client data from database. |
No action is required. |
|
Failed to recover basic client data from database. |
No action is required. |
|
Client already existed when the AC received Auth packet from the client and checked online clients. |
No action is required. |
|
Client already existed during FT Over-the-DS authentication. |
No action is required. |
|
SKA authentication failed. |
No action is required. |
|
Deadline timer timed out during FT authentication. |
No action is required. |
|
Failed to send the response for the successful shared key authentication to the client. |
No action is required. |
|
Failed to get FT data during FT authentication. |
No action is required. |
|
FT authentication was performed and BSS does not support FT. |
Change the FT authentication method. |
|
Failed to process FT authentication-success result. |
No action is required. |
|
Failed to process FT authentication. |
Examine the FT authentication configuration. |
|
Maximum number of clients already reached when remote request message was received. |
No action is required. |
|
Failed to fill authorization information while processing authorization message. |
No action is required. |
|
Failed to process key negotiation during 802.1X authentication. |
No action is required. |
|
Invalid session key length during 802.1X authentication. |
No action is required. |
|
802.1X authentication failed. |
Examine the 802.1X authentication configuration. |
|
802.1X server was unreachable. |
Verify that the device and the 802.1X authentication server can reach each other. |
|
User timer timed out during 802.1X authentication. |
No action is required. |
|
Server timer timed out during 802.1X authentication. |
Verify that the device and the 802.1X authentication server can reach each other. |
|
802.1X authentication configuration error. |
Examine the device and 802.1X authentication configuration. |
|
Received nonexistent authorization VLAN group during 802.1X authentication. |
Examine the authorization VLAN group configuration. |
|
MAC authentication failed. |
Examine the MAC authentication configuration. |
|
MAC server was unreachable. |
Verify that the device and the MAC authentication server can reach each other. |
|
Session time is zero during MAC authentication. |
No action is required. |
|
Server timer timed out during MAC authentication. |
Verify that the device and the MAC authentication server can reach each other. |
|
802.1X authentication failed and the return code is code. |
Examine the 802.1X authentication configuration. |
|
MAC authentication failed and the return code is code. |
Examine the MAC authentication configuration. |
|
Authorization failed for 802.1X authentication and the return code is code. |
Examine the authorization configuration for 802.1X authentication. |
|
Authorization failed for MAC authentication and the return code is code. |
Examine the authorization configuration for MAC authentication. |
|
Accounting start failed for 802.1X authentication and the return code is code. |
Examine the accounting configuration for 802.1X authentication. |
|
Accounting start failed for MAC authentication and the return code is code. |
Examine the accounting configuration for MAC authentication. |
|
Accounting update failed for 802.1X authentication and the return code is code. |
Examine the accounting configuration for 802.1X authentication. |
|
Accounting update failed for MAC authentication and the return code is code. |
Examine the accounting configuration for MAC authentication. |
|
Failed to receive client EAP request for 802.1X authentication. |
No action is required. |
|
Failed to receive server response for 802.1X authentication. |
No action is required. |
|
Failed to receive server response for MAC authentication. |
No action is required. |
|
Received client log-off packet during 802.1X authentication. |
No action is required. |
|
802.1X client handshake failed. |
No action is required. |
|
Incorrect 802.1X authentication method. |
Reconfigure the 802.1X authentication method. |
|
WLAN roaming center notified IP conflict detected by address security check. |
Examine and delete the conflicting client. |
|
WLAN roaming center notified MAC conflict detected by address security check. |
Examine and delete the conflicting client. |
|
Roaming failed because the user is in the local address security denylist. |
No action is required. |
|
Failed to notify the uplink device of user authentication failure. |
No action is required. |
|
Failed to advertise Add Mobile message: CAPWAP translation failure. |
No action is required. |
|
Failed to advertise Add Mobile message: Invalid length. |
No action is required. |
|
Failed to advertise Add Mobile message: Radio down. |
No action is required. |
|
Failed to advertise Add Mobile message: Insufficient memory on the downlink device. |
No action is required. |
|
Failed to advertise Add Mobile message: MAC adding failure. |
No action is required. |
|
Failed to advertise Add Mobile message: AVL adding failure. |
No action is required. |
|
Failed to advertise Add Mobile message: PBSS adding failure. |
No action is required. |
|
Failed to advertise Add Mobile message: Downlink synchronization failure. |
No action is required. |
|
Failed to advertise Add Mobile message: Statistics report timer creation failure. |
No action is required. |
|
Failed to advertise Add Mobile message: AP private data obtaining failure. |
No action is required. |
|
Failed to advertise Add Mobile message: Client not found for Add Mobile response. |
No action is required. |
|
Failed to advertise Add Mobile message: Client was being deleted for Add Mobile response. |
No action is required. |
|
Failed to advertise Add Mobile message: Insufficient memory in kernel. |
No action is required. |
|
Failed to advertise Add Mobile message: Forward entry adding failure. |
No action is required. |
|
Failed to advertise Add Mobile message: PHY obtaining failure. |
No action is required. |
|
Failed to advertise Add Mobile message: Invalid length in kernel. |
No action is required. |
|
Failed to advertise Add Mobile message: Client adding failure in driver. |
No action is required. |
|
Failed to advertise Add Mobile message: Preamble type setting failure in driver. |
No action is required. |
|
Failed to advertise Add Mobile message: Dot11g protection setting failure in driver. |
No action is required. |
|
Failed to advertise Add Mobile message: PTK setting failure in driver. |
No action is required. |
|
Failed to advertise Add Mobile message: PTK flag update failure. |
No action is required. |
|
The client does not match a permit ACL rule. |
No action is required. |
|
The client is in the dynamic blacklist. |
No action is required. |
|
The client is in the static blacklist. |
No action is required. |
|
The client is not in the whitelist. |
No action is required. |
|
The number of clients exceed the maximum allowed value of radio |
Connect the client to another radio. |
|
The number of clients exceed the maximum allowed value of BSS |
Connect the client to another wireless service. |
STAMGR_CLIENT_OFFLINE
|
Message text |
Client [STRING] went offline from BSS [STRING] with SSID [STRING] on AP [STRING] Radio ID [STRING]. State changed to Unauth. Reason [STRING] |
|
Variable fields |
$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: Reason why the client goes offline. Table 14 describes the possible reasons. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR/6/STAMGR_CLIENT_OFFLINE: Client 0023-8933-2147 went offline from BSS 0023-12ef-78dc with SSID abc on AP ap1 Radio ID 2. State changed to Unauth. Reason: Radio down. |
|
Impact |
No negative impact on the system. |
|
Cause |
The client went offline from the BSS for a specific reason. The state of the client changed to Unauth. |
|
Recommended action |
To resolve the issue: 1. Examine whether the AP and its radios operate correctly if the client went offline abnormally. If the logoff was requested by the client, no action is required. 2. If they do not operate correctly, check the debugging information to locate the issue and resolve it. 3. If the issue persists, contact H3C Support. |
Table 14 Possible logoff reasons
|
Possible reasons |
Recommended action |
|
Received disassociation frame in Run state: reason code=String. |
No action is required. |
|
Unknown reason. |
No action is required. |
|
AC received message for deleting the client entry. |
No action is required. |
|
Different old and new region codes. |
Examine the region code configuration. |
|
Failed to update IGTK. |
No action is required. |
|
Failed to update GTK. |
No action is required. |
|
Failed to generate IGTK when the first client came online. |
No action is required. |
|
TKIP is used to authenticate all clients. |
No action is required. |
|
Channel changed. |
No action is required. |
|
BssDelAllSta event logged off client normally. |
No action is required. |
|
Radio down. |
Connect the client to an enabled radio. |
|
Service template disabled. |
Make the client come online from an enabled service template. |
|
Service template unbound. |
Rebind the service template. |
|
Created BSS during master/backup AC switchover process. |
No action is required. |
|
Updated BSS base information when BSS was in deactive state. |
No action is required. |
|
Intrusion protection. |
Verify if illegal clients that have not been authenticated exist. |
|
Local AC or AP deleted BSS. |
No action is required. |
|
BssDelAllSta event logged off client abnormally. |
No action is required. |
|
Received VLAN deleted event. |
No action is required. |
|
CM received message for logging off client from AM. |
No action is required. |
|
The reset wlan client command was executed to log off the client. |
No action is required. |
|
DBM database failed to recover client operation data. |
No action is required. |
|
Deleted private data on AP: DBM database recovered. |
No action is required. |
|
Received deauthentication frame in Run state: reason code=String. |
No action is required. |
|
Failed to process (re)association request in Run state. |
No action is required. |
|
Unmatched authentication algorithm in received authentication message. |
No action is required. |
|
Idle timer timeout. |
No action is required. |
|
Keepalive timer timeout. |
No action is required. |
|
Received authentication failure message. |
No action is required. |
|
Deauthenticated by WIPS countermeasure in Run state. |
No action is required. |
|
Failed to synchronize authentication succeeded message downstream. |
No action is required. |
|
Client RSSI was lower than the threshold and was marked as decreasing. |
No action is required. |
|
Configured whitelist for the first time or executed the reset wlan client all command. |
No action is required. |
|
Received client offline websocket message. |
No action is required. |
|
WMAC logged off all clients associated with the radio. |
No action is required. |
|
Timer for sending disassociation message timed out. |
No action is required. |
|
The client is in blacklist or deleted from whitelist. |
Examine the allowlist or denylist configuration. |
|
Client was added to the dynamic blacklist. |
Examine the denylist configuration. |
|
Failed to roam out. |
Examine the roaming configuration. |
|
Implemented inter-AC roaming for the first time. |
No action is required. |
|
Successfully roamed to another BSS. |
No action is required. |
|
Failed to roam in. |
No action is required. |
|
Roaming process received a message for logging off the client. |
No action is required. |
|
Roaming process processed Down event and logged off roam-in clients. |
No action is required. |
|
Roaming failure. |
No action is required. |
|
Successfully performed roaming but failed to recover authentication data. |
No action is required. |
|
Roaming timed out. |
No action is required. |
|
Seamless roaming failed. |
No action is required. |
|
Logged off clients that performed inter- or intra-AC roaming. |
No action is required. |
|
Failed to process AccessCtrlChk when configured permitted AP group or permitted SSID. |
No action is required. |
|
Synchronized client information to process and logged off client in Run state. |
No action is required. |
|
Failed to synchronize client state to uplink/downlink devices. |
No action is required. |
|
Local AC or remote AP received add mobile message, updated BSS, and logged off clients in Run state. |
No action is required. |
|
Upgraded HA and logged off all clients. |
No action is required. |
|
Synchronized BSS data during master/backup AC switchover process. |
No action is required. |
|
Failed to synchronize service template data during master/backup AC switchover process. |
No action is required. |
|
BSS aging timer timed out. |
No action is required. |
|
Remote AP deleted non-local forwarding BSS. |
No action is required. |
|
Failed to find configuration data when synchronizing data. |
No action is required. |
|
BSS was deleted: BSS synchronization examination failed or there was no BSS data to be updated. |
No action is required. |
|
Failed to get BSS by using WLAN ID. |
No action is required. |
|
Unbound inherited service template. |
No action is required. |
|
STAMGR process was down automatically or manually. |
No action is required. |
|
Deleted redundant clients. |
No action is required. |
|
Failed to process authorized doing nodes. |
No action is required. |
|
Authorization failed. |
Examine the authorization configuration. |
|
NSS value in Operating Mode Notification Action packet doesn't support mandatory VHT-MCS. |
No action is required. |
|
Number of sent SA requests exceeded the permitted threshold. |
No action is required. |
|
Fit AP received message for deleting the client. |
No action is required. |
|
Local AC came online again and deleted all clients associated with the BSS. |
No action is required. |
|
Failed to upgrade hot backup. |
No action is required. |
|
The illegally created BSS was deleted. |
No action is required. |
|
Failed to process requests when receiving UserAuth Success message. |
No action is required. |
|
Failed to get AP type when receiving UserAuth Success message. |
No action is required. |
|
The client doesn't support mandatory rate. |
Change the radio type or connect the client to another radio. |
|
Disabled access services for 802.11b clients. |
Enable access services for 802.11b clients. |
|
The client doesn't support mandatory VHT-MCS. |
Change the radio type. |
|
Enabled the client dot11ac-only feature. |
Disable the client dot11ac-only feature. |
|
Disabled MUTxBF. |
Enable MU-TxBF. |
|
Disabled SUTxBF. |
Enable SU-TxBF. |
|
The client doesn't support mandatory MCS. |
No action is required. |
|
Channel bandwidth changed. |
No action is required. |
|
Enabled the client dot11n-only feature. |
Disable the client dot11n-only feature. |
|
Disabled short GI. |
Enable Short-GI. |
|
Disabled the A-MPDU aggregation method. |
Enable A-MPDU. |
|
Disabled the A-MSDU aggregation method. |
Enable A-MSDU. |
|
Disabled STBC. |
Enable STBC. |
|
Disabled LDPC. |
Enable LDPC. |
|
The MIMO capacity decreased, and the MCS supported by the AP can't satisfy the client's negotiated MCS. |
Change the MIMO mode to allow more spatial streams. |
|
The MIMO capacity decreased, and the VHT-MCS supported by the AP can't satisfy the client's negotiated VHT-MCS. |
Change the MIMO mode to allow more spatial streams. |
|
Hybrid capacity increased, which kicked off clients associated with other radios with lower Hybrid capacity. |
No action is required. |
|
Failed to add MAC address. |
No action is required. |
|
The roaming entry doesn't exist while the AC was processing the roaming request during client smooth reconnection. |
No action is required. |
|
Home AC processed the move out response message to update the roaming entry and notified the foreign AC to force the client offline during an inter-AC roaming. |
No action is required. |
|
The associated AC left from the mobility group and deleted roam-in entries and roaming entries of the client. |
No action is required. |
|
Executed the reset wlan mobility roaming command. |
No action is required. |
|
Kicked client because of roaming to another bssid. |
No action is required. |
|
The roaming entry doesn't exist while the AC was processing the Add Preroam message during client smooth reconnection. |
No action is required. |
|
Deleted roaming entries of clients in the fail VLAN while processing a fail VLAN delete event. |
No action is required. |
|
Deleted the roaming entry of the client while processing a client delete event. |
No action is required. |
|
Moving to another SSID on the same radio. |
No action is required. |
|
Fail-permit activated and clients are logged off. |
No action is required. |
|
Fail-permit deactivated and clients are logged off. |
No action is required. |
|
AP triggered (idle timeout). |
No action is required. |
|
AP triggered (channel change). |
No action is required. |
|
AP triggered (bandwidth change). |
No action is required. |
|
Received log-off packet from 802.1X authentication client. |
No action is required. |
|
802.1X client handshake failed. |
No action is required. |
|
Accounting update timed out for the 802.1X authentication client. |
Examine the accounting configuration for 802.1X authentication. |
|
Accounting update timed out for the MAC authentication client. |
Examine the accounting configuration for MAC authentication. |
|
802.1X authentication client idle cut on AP. |
No action is required. |
|
MAC authentication client idle cut on AP. |
No action is required. |
|
Session timeout timer expired for the 802.1X authentication client. |
No action is required. |
|
Session timeout timer expired for the MAC authentication client. |
No action is required. |
|
Received client disassociation message from server for the 802.1X authentication client. |
No action is required. |
|
Received client disassociation message from server for the MAC authentication client. |
No action is required. |
|
Received nonexistent authorization VLAN group for the 802.1X authentication client. |
Examine the authorization VLAN group configuration for 802.1X authentication. |
|
Received nonexistent authorization VLAN group for the MAC authentication client. |
Examine the authorization VLAN group configuration for MAC authentication. |
|
Total client traffic failed to reach the minimum traffic threshold. |
No action is required. |
|
Failed to obtain the client IP address before the accounting delay timer expired. |
No action is required. |
|
Forced client disassociation because of rate limit issued by DingTalk app. |
No action is required. |
|
Logged off client because the EoGRE tunnel went down. |
Examine the EoGRE tunnel configuration. |
|
IP conflict detected by address security check. |
Examine the EoGRE tunnel configuration. |
|
MAC conflict detected by address security check. |
Examine and delete the conflicting client. |
|
WLAN roaming center notified IP conflict detected by address security check. |
Examine and delete the conflicting client. |
|
WLAN roaming center notified MAC conflict detected by address security check. |
Examine and delete the conflicting client. |
|
Roaming failed because the user is in the local address security denylist. |
No action is required. |
|
Failed to notify the uplink device of user authentication failure. |
No action is required. |
|
The client does not match a permit ACL rule. |
No action is required. |
|
The client is in the dynamic blacklist. |
No action is required. |
|
The client is in the static blacklist. |
No action is required. |
|
The client is not in the whitelist. |
No action is required. |
|
Client supporting BTM roamed to another BSS (Count: Count) successfully. |
No action is required. |
|
Client not supporting BTM roamed to another BSS (Count: Count) successfully. |
No action is required. |
|
Client supporting BTM was navigated to 5GHz radio from 2.4GHz radio on the same AP (BTM requests: Count). |
No action is required. |
|
Portal logged off the client after the client passed authentication. |
No action is required. |
|
AP triggered client disassociation. |
No action is required. |
|
Client connected to another BSSID. |
No action is required. |
|
Received disconnecion-request frame from server for the 802.1X or MAC authentication client. |
No action is required. |
|
IP address conflict detected by AC. |
No action is required. |
|
Received eapol-logoff frame. |
No action is required. |
|
Received eapol-logoff frame during 802.1X authentication. |
No action is required. |
|
Previous online user entry removed by clear-previous-connection. |
No action is required. |
|
Client IP change triggered accounting restart. |
No action is required. |
|
Session timed out for the 802.1X or MAC authentication client. |
No action is required. |
|
Fast keepalive failed. |
No action is required. |
STAMGR_CLIENT_ONLINE
|
Message text |
Client [STRING] went online from BSS [STRING] vlan [STRING] with SSID [STRING] on AP [STRING] Radio ID [STRING]. State changed to Run. |
|
Variable fields |
$1: MAC address of the client. $2: BSSID. $3: ID of the VLAN in which the client came online. $4: SSID defined in the service template. $5: Name of the AP associated with the client. $6: ID of the radio associated with the client. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR/6/STAMGR_CLIENT_ONLINE: Client 0023-8933-2147 went online from BSS 0023-12ef-78dc vlan 1 with SSID abc on AP ap1 Radio ID 2. State changed to Run. |
|
Impact |
No negative impact on the system. |
|
Cause |
The client came online from the BSS. The state of the client changed to Run. |
|
Recommended action |
No action is required. |
STAMGR_CLEINT_RADIO_MAXCOUNT
|
Message text |
APName=[STRING]-RadioID=[STRING]; Number of associated clients reached the upper limit allowed by the radio. |
|
Variable fields |
$1: Name of the AP associated with the client. $2: ID of the radio associated with the client. |
|
Severity level |
5 (Notification) |
|
Example |
STAMGR/5/STAMGR_CLIENT_RADIO_MAXCOUNT: APName=ap1-RadioID=2; Number of associated clients reached the upper limit allowed by the radio. |
|
Impact |
New clients cannot connect to the radio. |
|
Cause |
The number of associated clients reached the upper limit allowed by the radio. |
|
Recommended action |
Enable more radios for clients to come online from other radios. |
STAMGR_CLIENT_SNOOPING
|
Message text |
Detected client IP change: Client MAC: [SRTING], IP: [STRING], [STRING], [STRING], Username: [STRING], AP name: [STRING], Radio ID [UCHAR], Channel number: [UINT32], SSID: [STRING], BSSID: [STRING]. |
|
Variable fields |
$1: MAC address of the client. $2: Current IP address of the client. $3: Used IP address of the client. $4: Used IP address of the client. $5: Username of the client. $6: Name of the AP associated with the client. $7: ID of the radio associated with the client. $8: ID of the channel used by the client. $9: SSID of the service template associated with the client. $10: BSSID of the service template associated with the client. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR_CLIENT_SNOOPING: Detected client IP change: Client MAC: 31ac-11ea-17ff,IP: 4.4.4.4, IP: 1.1.1.1, IP: 2.2.2.2, IP: -NA-, User name: test, AP name: ap1, Radio ID: 1, Channel number: 161,SSID: 123, BSSID: 25c8-3dd5-261a. |
|
Impact |
No negative impact on the system. |
|
Cause |
IP change was detected for a specific client. |
|
Recommended action |
No action is required. |
STAMGR_ESCAPE_ACTIVE
|
Message text |
The fail-permit mode was activated on radio [STRING] bound with service template [STRING] and SSID [STRING] in BSS [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: Radio ID. $2: Service template name. $3: SSID. $4: BSSID. $5: Reason why the fail-permit mode was activated. Options include: ¡ Unreachable domain—The RADIUS server cannot be reached. ¡ AP disconnected from the AC. |
|
Severity level |
4 (Warning) |
|
Example |
STAMGR/4/STAMGR_ESCAPE_ACTIVE: The fail-permit mode was activated on radio 1 bound with service template st1 and SSID st1ssid in BSS 0023-12ef-78dc. Reason: AP disconnected from AC. |
|
Impact |
The AC disconnects from the RADIUS server or disconnects from APs. |
|
Cause |
The configured fail-prmit mode was activated because the RADIUS server cannot be reached or the AP is disconnected from the AC. |
|
Recommended action |
To resolve the issue: 1. Verify that the RADIUS server can be reached and the AP is connected to the AC correctly. 2. If the issue persists, contact H3C Support. |
STAMGR_ESCAPE_DEACTIVE
|
Message text |
The fail-permit mode was deactivated on radio [STRING] bound with service template [STRING] and SSID [STRING] in BSS [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: Radio ID. $2: Service template name. $3: SSID. $4: BSSID. $5: Reason why the fail-permit mode was deactivated. Options include: ¡ Domain is reachable—Connection to the RADIUS server was restored. ¡ AP and AC connection restored. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR/6/STAMGR_ESCAPE_DEACTIVE: The fail-permit mode was deactivated on radio 1 bound with service template st1 and SSID st1ssid in BSS 0023-12ef-78dc. Reason: AP and AC connection restored. |
|
Impact |
No negative impact on the system. |
|
Cause |
The configured fail-prmit mode was deactivated because connection to the RADIUS server or the AP and AC connection was restored. |
|
Recommended action |
No action is required. |
STAMGR_DOMAIN_UNREACHABLE
|
Message text |
Domain [STRING] configured in service template [STRING] with SSID [STRING] is unreachable. |
|
Variable fields |
$1: Domain name. $2: Service template name. $3: SSID. |
|
Severity level |
4 (Warning) |
|
Example |
STAMGR/4/STAMGR_DOMAIN_UNREACHABLE: Domain mydomain configured in service template st1 with SSID ssidst1 is unreachable. |
|
Impact |
The authentication service is unavailable. |
|
Cause |
The device disconnects from the RADIUS authentication server. |
|
Recommended action |
To resolve the issue: 1. Verify that the RADIUS server can be reached. 2. If the issue persists, contact H3C Support. |
STAMGR_DOMAIN_REACHABLE
|
Message text |
Domain [STRING] configured in service template [STRING] with SSID [STRING] is reachable. |
|
Variable fields |
$1: Domain name. $2: Service template name. $3: SSID. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR/6/STAMGR_DOMAIN_REACHABLE: Domain mydomain configured in service template st1 with SSID ssidst1 is reachable. |
|
Impact |
No negative impact on the system. |
|
Cause |
Connection to the authentication domain configured in the service template restored. |
|
Recommended action |
No action is required. |
STAMGR_MACA_LOGIN_FAILURE
|
Message text |
|
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: VLAN ID. $7: Username format: · fixed. · MAC address. $8: Reason for the authentication failure: · AAA processed authentication request and returned error code code. ¡ 4—Represents one of the following errors: nonexistent authentication domain, service type error, or incorrect username or password. ¡ 8—Represents one of the following errors: no IP addresses are added to the authentication server, preshared keys configured on the authentication server are different from preshared keys configured on the device, or the authentication server and the device cannot reach each other. ¡ 26—Configuration error exists in the authentication domain. · AAA processed authorization request and returned error code code. ¡ 8—The authentication server and the device cannot reach each other. · Client timeout timer expired. · Received user security information and kicked off the client. · Accounting-update timer expired, and no responses were received from the server. · Kicked off the client when the idle timeout timer expired. · Authentication method error. · Kicked off the client because the server-assigned session timeout timer is 0. · Received session disconnection event. · Unknown reason. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
No negative impact on the system. |
|
Cause |
The client failed to pass MAC authentication for a specific reason. |
|
Recommended action |
To resolve the issue: 1. Examine the network connection between the device and the AAA server. 2. Verify that the AAA server works correctly. 3. Verify that the AAA server is configured with the correct username and password. 4. Troubleshoot errors one by one according to the returned error code during authentication. 5. If the issue persists, contact H3C Support. |
STAMGR_MACA_LOGIN_SUCC
|
Message text |
|
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: VLAN ID. $7: Username format: · fixed. · MAC address. |
|
Severity level |
6 (Informational) |
|
Example |
|
|
Impact |
No negative impact on the system. |
|
Cause |
The client came online after passing MAC authentication. |
|
Recommended action |
No action is required. |
STAMGR_MACA_LOGOFF
|
Message text |
|
|
Variable fields |
$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: VLAN ID. $7: Username format: · fixed. · MAC address. $8: Reason why the client is logged off. · AAA processed authentication request and returned error code code. Server reason: reason. The reason field represents the reason returned from the server and is available only when the server returned a reason. Available error codes include: ¡ 4—Represents one of the following errors: nonexistent authentication domain, service type error, or incorrect username or password. ¡ 8—Represents one of the following errors: no IP addresses are added to the authentication server, preshared keys configured on the authentication server are different from preshared keys configured on the device, or the authentication server and the device cannot reach each other. ¡ 26—Configuration error exists in the authentication domain. · AAA processed authorization request and returned error code code. Server reason: reason. The reason field represents the reason returned from the server and is available only when the server returned a reason. Available error codes include: ¡ 8—The authentication server and the device cannot reach each other. · AAA processed accounting-start request and returned error code code. Server reason: reason. The reason field represents the reason returned from the server and is available only when the server returned a reason. Available error codes include: ¡ 8—The authentication server and the device cannot reach each other. · AAA processed accounting-update request and returned error code code. Server reason: reason. The reason field represents the reason returned from the server and is available only when the server returned a reason. Available error codes include: ¡ 8—The authentication server and the device cannot reach each other. · Client timeout timer expired. · Received user security information and kicked off the client. · Lost in shaking hands. · Accounting-update timer expired, and no responses were received from the server. · Kicked off the client when the idle timeout timer expired. · Authentication method error. · Kicked off the client because the server-assigned session timeout timer is 0. · Received session disconnection event. · Received disassociation frame in Run state: reason code=code. · Received deauthentication frame in Run state: reason code=code. · Received disassociation packet in Userauth state. · Received deauthentication packet in Userauth state. · Received client failure message with reason code=code. · Received client offline message with reason code=code. · Unknown reason. |
|
Severity level |
6 (Informational) |
|
Example |
|
|
Impact |
No negative impact on the system. |
|
Cause |
The MAC authenticated client was logged off for a specific reason. |
|
Recommended action |
To resolve the issue: 1. Check the debugging information to locate the logoff cause and remove the issue. If the logoff was requested by the client, no action is required. 2. If the issue persists, contact H3C Support. |
STAMGR_ROAM_FAILED
|
Message text |
Client [MAC] on AP [STRING] Radio ID [STRING] failed to roam with reason code [UINT32]. |
|
Variable fields |
$1: MAC address of the client. $2: Name of the AP associated with the client. $3: ID of the radio associated with the client. $4: Reason code for the roaming failure: · 1—Failed to select a roaming policy. · 2—Insufficient memory resources. · 3—Network communication failures. · 4—Lack of local roaming entries. · 5—Failed to add a VLAN. |
|
Severity level |
4 (Warning) |
|
Example |
STAMGR/4/STAMGR_ROAM_FAILED: Client 001f-3ca8-1092 on AP ap1 Radio ID 2 failed to roam with reason code 1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The client failed to roam for a specific reason. |
|
Recommended action |
To resolve the issue, depending on the reason code: · 1—Use the display wlan client verbose command to verify that the authentication method has changed. · 2—Use the display process memory command to check memory resource usage for each module. · 3—Use the display wlan mobility group command to check the IACTP tunnel state. · 4—Use the display wlan mobility group command to check the IACTP tunnel state. · 5—Re-add the VLAN or replace the added VLAN. |
STAMGR_ROAM_SUCCESS
|
Message text |
Client [MAC] roamed from BSSID [MAC] on AP [STRING] Radio ID [STRING] of AC IP [IPADDR] to BSSID [MAC] on AP [STRING] Radio ID [STRING] of AC IP [IPADDR] successfully. |
|
Variable fields |
$1: MAC address of the client. $2: BSSID of the AP associated with the client before roaming. $3: Name of the AP associated with the client before roaming. $4: ID of the radio associated with the client before roaming. $5: IP address of the AC associated with the client before roaming. $6: BSSID of the AP associated with the client after roaming. $7: Name of the AP associated with the client after roaming. $8: ID of the radio associated with the client after roaming. $9: IP address of the AC associated with the client after roaming. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR/6/STAMGR_ROAM_SUCCESS: Client 0021-005f-dffd roamed from BSSID 000f-e289-6ad0 on AP ap1 Radio ID 2 of AC IP 172.25.0.81 to BSSID 000f-e2ab-baf0 on AP ap2 Radio ID 2 of AC IP 172.25.0.82 successfully. |
|
Impact |
No negative impact on the system. |
|
Cause |
The client roamed successfully. |
|
Recommended action |
No action is required. |
STAMGR_SAVI_BIND
|
Message text |
Bound IP address [STRING] to client [STRING] associated with radio [STRING] of AP [STRING] in BSS [STRING] with SSID [STRING]. Binding type: [STRING]. |
|
Variable fields |
$1: IP address of the client. $2: MAC address of the client. $3: ID of the radio associated with the client. $4: Name of the AP associated with the client. $5: BSSID. $6: SSID of the service template. $7: IP address binding type: · DHCP. · DHCPv6. · ND. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR/6/STAMGR_SAVI_BIND: Bound IP address 192.168.1.1 to client b0f9-6393-72e0 associated with radio 2 of AP ap1 in BSS b0f9-6393-72f0 with SSID abc. Binding type: DHCP. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device created an SAVI binding entry. |
|
Recommended action |
No action is required. |
STAMGR_SAVI_UNBIND
|
Message text |
Unbound IP address [STRING] from client [STRING] associated with radio [STRING] of AP [STRING] in BSS [STRING] with SSID [STRING]. |
|
Variable fields |
$1: IP address of the client. $2: MAC address of the client. $3: ID of the radio associated with the client. $4: Name of the AP associated with the client. $5: BSSID. $6: SSID of the service template. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR/6/STAMGR_SAVI_UNBIND: Unbound IP address 192.168.1.1 from client b0f9-6393-72e0 associated with radio 2 of AP ap1 in BSS b0f9-6393-72f0 with SSID abc. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device deleted an SAVI binding entry. |
|
Recommended action |
No action is required. |
STAMGR_SAVI_UNKNOWN_SOURCE_IP
|
Message text |
Received a data packet with unknown source IP [STRING] destined to IP [STRING] from client [STRING] associated with radio [STRING] of AP [STRING] in BSS [STRING] with SSID [STRING]. IP protocol: [STRING]. |
|
Variable fields |
$1: Source IP address. $2: Destination IP address. $3: MAC address of the client. $4: ID of the radio associated with the client. $5: Name of the AP associated with the client. $6: BSSID. $7: SSID of the service template. $8: IP protocol version. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR/6/STAMGR_SAVI_UNKNOWN_SOURCE_IP: Received a data packet with unknown source IP 192.168.1.1 destined to IP 192.168.1.2 from client 0023-8933-2147 associated with radio 2 of AP ap1 in BSS 0023-12ef-78dc with SSID abc. IP protocol: 17. |
|
Impact |
The system might be under client spoofing attacks. |
|
Cause |
The device received a data packet with an unknown IP address that does not match any SAVI binding entry from a client. |
|
Recommended action |
Verify if the client is a legal client based on the output information. If the client is illegal, forbid the client from access. |
STAMGR_SERVICE_FAILURE
|
Message text |
Service failure occurred on BSS [STRING] after service template [STRING] with SSID [STRING] was bound to radio [STRING] on AP [STRING] with AP ID [STRING]. Reason: [STRING], code=0x[STRING]. |
|
Variable fields |
$1: BSSID. $2: Name of the service template. $3: SSID defined in the service template. $4: Radio ID. $5: AP name. $6: AP ID. $7: Reason for the service failure, as described in Table 15. $8: Error code. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR/6/SERVICE_FAILURE: Service failure occurred on BSS 0023-12ef-78dc after service template st1 with SSID st1ssid was bound to radio 1 on AP ap1 with AP ID 1. Reason: Failed to activate BSS when AP came online, code=0x61140001. |
|
Impact |
The wireless service cannot be used. |
|
Cause |
After the AP came online, BSS activation failed for a specific reason with error code 0x61140001. |
|
Recommended action |
To resolve the issue: 1. Check the debugging information to locate the failure cause and remove the issue. 2. If the issue persists, contact H3C Support. |
Table 15 Possible service failure reasons
|
Possible reasons |
|
Failed to create a BSS interface during smooth BSS interface creation. |
|
Replied with failure to transmit interface creation node during smooth BSS interface creation. |
|
Failed to set forwarding location during smooth recovery of AP data. |
|
Failed to initiate a series of locations during smooth recovery of AP data. |
|
Failed to send message of creating BSS interface to worker thread during smooth recovery of AP data. |
|
Failed to create handle during smooth recovery of AP data. |
|
Failed to activate BSS during smooth recovery of AP data. |
|
Failed to set kernel forwarding table during smooth recovery of AP data. |
|
Failed to create BSS node when AP came online. |
|
Failed to create BSS handle when AP came online. |
|
Insufficient memory for creating BSS node when AP came online. |
|
Failed to get radio private data while creating BSS node in general process. |
|
Failed to initiate a series of locations while creating BSS node in general process. |
|
Failed to set kernel forwarding table while creating BSS node in general process. |
|
Failed to create BSS node during smooth recovery of BSS data. |
|
Failed to get AP location while recovering BSS running data from DBM. |
|
Failed to get radio private data while recovering BSS running data from DBM. |
|
Failed to add BSS index to interface index while recovering BSS running data from DBM. |
|
Failed to create BSS handle when hierarchy device received Add WLAN message. |
|
Failed to initiate a series of locations when hierarchy device received Add WLAN message. |
|
Failed to set forwarding location when hierarchy device received Add WLAN message. |
|
Failed to send message to worker thread when hierarchy device received Add WLAN message. |
|
Failed to set kernel forwarding table when hierarchy device received Add WLAN message. |
|
Failed to activate BSS when hierarchy device received Add WLAN message. |
|
Failed to issue Add WLAN message when hierarchy device received Add WLAN message. |
|
Failed to activate BSS when service template was bound. |
|
Failed to create BSS node when service template was bound. |
|
Failed to create BSS handle when service template was bound. |
|
Failed to add bind node to mapped radio list of the service template while recovering service template binding information for service thread from pending database. |
|
Failed to create BSS node while recovering service template binding information for service thread from pending database. |
|
Failed to add bind node to mapped radio list of the service template while creating BSS from Merger. |
|
Failed to create BSS node while creating BSS from Merger. |
|
Failed to apply for memory while creating BSS node. |
|
Failed to calculate BSSID while creating BSS node. |
|
Service thread received interface creation failure while creating BSS interface during smooth recovery of AP data. |
|
Failed to add BSS index to interface index while creating BSS interface during smooth recovery of AP data. |
|
Failed to add VLAN on the interface while creating BSS interface during smooth recovery of AP data. |
|
Failed to set the source MAC address of the interface while creating BSS interface during smooth recovery of AP data. |
|
Failed to set kernel forwarding table while creating BSS interface during smooth recovery of AP data. |
|
Failed to activate BSS while creating BSS interface during smooth recovery of AP data. |
|
Replied with failure to transmit interface creation node when hierarchy device created an interface accordingly. |
|
Failed to create BSS interface when BSS created an interface accordingly. |
|
Failed to add BSS index to interface index when BSS created an interface accordingly. |
|
Failed to add VLAN on the interface when BSS created an interface accordingly. |
|
Failed to set source MAC address of the interface when BSS created an interface accordingly. |
|
Failed to set kernel forwarding table when BSS created an interface accordingly. |
|
Failed to issue ADD BSS message when BSS created an interface accordingly. |
|
Replied with failure to transmit interface creation node when hierarchy device created an interface accordingly for an invalid interface. |
|
Created BSS rollback for failed resources while issuing ADD BSS message callback. |
|
Failed to enable packet socket while recovering BSS running data from DBM. |
|
Failed to create BSS node while recovering BSS running data from DBM. |
|
Failed to initiate BSS while creating BSS node. |
|
Failed to activate BSS when service template was enabled. |
|
Invalid BSS interface index while upgrading BSS with AP private data. |
|
Failed to upgrade backup BSS to real BSS while upgrading BSS with AP private data. |
|
Failed to set kernel forwarding table while upgrading BSS with AP private data. |
|
Failed to activate BSS while upgrading BSS with AP private data. |
|
Invalid BSS interface index while upgrading BSS without AP private data. |
|
Failed to set kernel forwarding table while upgrading BSS without AP private data. |
|
Failed to activate BSS while upgrading BSS without AP private data. |
|
Failed to create BSS interface while creating general BSS process. |
|
Failed to activate BSS during smooth recovery of BSS data. |
|
Failed to activate BSS while recovering service template binding information for service thread from pending database. |
|
Failed to activate BSS while creating BSS from Merger. |
|
Failed to activate BSS when AP came online. |
|
Failed to activate BSS when other module sent activation request. |
|
Failed to activate BSS when other module received activation request. |
|
Failed to send response node of creating interface while creating interface during smooth recovery of AP data. |
|
Failed to add BSS index to interface index when hierarchy device created an interface accordingly. |
|
Failed to add VLAN on the interface when hierarchy device created an interface accordingly. |
|
Failed to set source MAC address of the interface when hierarchy device created an interface accordingly. |
|
Failed to set kernel forwarding table when hierarchy device created an interface accordingly. |
|
Failed to activate BSS when hierarchy device created an interface accordingly. |
|
Failed to issue Add BSS message when hierarchy device created an interface accordingly. |
|
Insufficient memory when hierarchy device received BSS creation message. |
|
Failed to fill BSS basic data when hierarchy device received BSS creation message. |
|
Failed to initiate BSS service phase when hierarchy device received BSS creation message. |
|
Failed to receive Add WLAN message when hierarchy device received BSS creation message. |
|
Failed to get radio private data because of invalid AP ID when hierarchy device received BSS creation message. |
|
Failed to get radio private data because of invalid radio ID when hierarchy device received BSS creation message. |
|
Failed to get radio private data when hierarchy device received Add WLAN message. |
|
Failed to issue message when hierarchy device received Add WLAN message. |
|
Failed to get BSS data through WLAN ID during smooth recovery of BSS data. |
|
Failed to issue Add WLAN message while creating BSS node in general process. |
|
Failed to create BSS interface when hierarchy device created an interface accordingly. |
|
Failed to create BSS interface when hierarchy device created an interface accordingly for an invalid interface. |
|
Failed to set forwarding location while creating BSS node in general process. |
|
Replied with failure to transmit interface creation node when BSS created an interface accordingly. |
|
Failed to update BSS key data when hierarchy device received Add WLAN message. |
|
Replied with failure to transmit interface creation node when BSS created an interface accordingly for an existing BSS. |
STAMGR_SERVICE_OFF
|
Message text |
BSS [STRING] was deleted after service template [STRING] with SSID [STRING] was unbound from radio [STRING] on AP [STRING]. Reason: [STRING]. |
|
Variable fields |
$1: BSSID. $2: Name of the service template. $3: SSID defined in the service template. $4: Radio ID. $5: AP name. $6: Reason for the BSS deletion. · Unknown reason. · AP down. · Deleted BSS with the Delete mark when inter-AC BSS smooth ended. · Hierarchy device received BSS delete message. · Deleted AP private data from APMGR when AP smooth ended. · WLAS was triggered, and service was shut down temporarily. · Intrusion protection was triggered, and service was shut down permanently. · Service module received Update WLAN message when BSS was inactive. · Disabled service template. · Unbound service template. · Deleted BSS with the Delete mark when inter-AC AP smooth ended. · BSS aging timer timed out. · Deleted non-local forwarding BSS when AP enabled with remote AP went offline. · Failed to find configuration data while synchronizing data. · AP did not come online or service template was disabled. · Failed to find the WLAN ID from APMGR while BSS was smoothing WLAN ID. · Unbound inherited service template. · The stamgr process became down automatically or was shut down manually. · Failed to use AP private data to upgrade backup BSS. · Failed to upgrade backup BSS. · Failed to synchronize service template data to the Merger bind list while upgrading backup data. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR/6/SERVICE_OFF: BSS 0023-12ef-78dc was deleted after service template st1 with SSID st1ssid was unbound from radio 1 on AP ap1. Reason: Failed to find configuration data while synchronizing data. |
|
Impact |
The BSS is unavailable. |
|
Cause |
The BSS was deleted for a specific reason. |
|
Recommended action |
To resolve the issue: 1. Verify that the BSS is deleted as requested. If the BSS is deleted as requested, no action is required. 2. Locate the deletion cause and remove the issue if the BSS is deleted abnormally, 3. If the issue persists, contact H3C Support. |
STAMGR_STA_ADDMOB_LKUP_ENDOFIOCTL
|
Message text |
APID=[UINT32]-MAC=[STRING]-BSSID=[STRING]; AC doesn't need to send client information to uplink device: Client information already arrived at the end of the IOCTL tunnel. |
|
Variable fields |
$1: ID of the AP associated with the client. $2: MAC address of the client. $3: BSSID of the service template associated with the client. |
|
Severity level |
7 (Debug) |
|
Example |
STAMGR/7/STAMGR_STA_ADDMOB_LKUP_ENDOFIOCTL: APID=667-MAC=d4f4-6f69-d7a1-BSSID=600b-0301-d5a0; The AC doesn't need to send client information to uplink device: Client information already arrived at the end of the IOCTL tunnel. |
|
Impact |
No negative impact on the system. |
|
Cause |
Client information already arrived at the end of the IOCTL tunnel. |
|
Recommended action |
To resolve the issue depending on the network infrastructure: · Fit AP+AC network—No action is required if this message is output. If no message is output, locate the issue according to the debugging information and resolve the issue. · AC hierarchical network—No action is required if this message is output by the central AC. If this message is output by a local AC, locate the issue according to the debugging information and resolve the issue. |
STAMGR_SERVICE_ON
|
Message text |
BSS [STRING] was created after service template [STRING] with SSID [STRING] was bound to radio [STRING] on AP [STRING]. |
|
Variable fields |
$1: BSSID. $2: Name of the service template. $3: SSID defined in the service template. $4: Radio ID. $5: AP name. |
|
Severity level |
6 (Informational) |
|
Example |
STAMGR/6/SERVICE_ON: BSS 0023-12ef-78dc was created after service template st1 with SSID 1 was bound to radio 1 on AP ap1. |
|
Impact |
No negative impact on the system. |
|
Cause |
The BSS was created. |
|
Recommended action |
No action is required. |
STAMGR_TRIGGER_IP
|
Message text |
|
|
Variable fields |
$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: ID of the access VLAN. $6: Action: · Added the user to the blocked MAC address list. · Closed the user's BSS temporarily. · Closed the user's BSS permanently. |
|
Severity level |
5 (Notification) |
|
Example |
|
|
Impact |
No negative impact on the system. |
|
Cause |
The device detected that an unauthenticated client is attempting to access the network. |
|
Recommended action |
No action is required. |
STP
This section contains STP messages.
STP_BPDU_PROTECTION
|
Message text |
BPDU-Protection port [STRING] received BPDUs. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
STP/4/STP_BPDU_PROTECTION: BPDU-Protection port GigabitEthernet1/0/1 received BPDUs. |
|
Impact |
The port is closed by the device |
|
Cause |
The interface with BPDU protection function enabled receives BPDU |
|
Recommended action |
The closed port will be re-activated after a certain time interval. If the interface with BPDU protection function enabled is frequently closed due to receiving BPDU, check if the BPDU message on this port is from a malicious attack: · If so, collect the configuration file, log file, and alarms, and then contact Technical Support. · If not, disable the BPDU protection function on this port by executing the command 'stp port bpdu-protection disable' on this port |
STP_BPDU_RECEIVE_EXPIRY
|
Message text |
[STRING] [UINT32]'s port [STRING] received no BPDU within the rcvdInfoWhile interval. Information of the port aged out. |
|
Variable fields |
$1: STP instance or VLAN. $2: STP instance number or VLAN ID. $3: Interface name. |
|
Severity level |
5 (Notification) |
|
Example |
STP/5/STP_BPDU_RECEIVE_EXPIRY: Instance 0's port GigabitEthernet1/0/1 received no BPDU within the rcvdInfoWhile interval. Information of the port aged out. |
|
Impact |
Topology changes in the spanning tree network |
|
Cause |
The corresponding device on the port has not enabled the spanning tree function or there is a link fault with the device on the other end |
|
Recommended action |
1. On the device connected through this port, execute the command 'display stp' to check if the spanning tree function is enabled: ¡ If yes, go to step 2 ¡ If no, enable the global and port spanning tree function on the device on the other end using the 'stp global enable' and 'stp enable' commands. If the device on the other end still cannot receive BPDU after enabling the spanning tree function, go to step 2 2. Check if there is a link fault between this device and the device on the other end: ¡ If yes, repair the link fault between the devices. If unable to locate the fault or repair the link fault, go to step 3 ¡ If no, go to step 3 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
STP_CONSISTENCY_CHECK
|
Message text |
M-LAG role assignment finished. verify that the local device and the peer device have consistent global and mlag-interface-specific STP settings. |
|
Variable fields |
N/A |
|
Severity level |
5 (Notification) |
|
Example |
STP/5/STP_CONSISTENCY_CHECK: M-LAG role assignment finished. verify that the local device and the peer device have consistent global and mlag-interface-specific STP settings. |
|
Impact |
If the spanning tree configuration on two M-LAG devices in the M-LAG system is inconsistent, it may cause the M-LAG system to malfunction. |
|
Cause |
If both devices are configured with M-LAG and spanning tree function. |
|
Recommended action |
Execute the 'display current-configuration' command on both devices in the M-LAG system to check if the global and M-LAG interface spanning tree configurations are consistent: · If they are consistent, no action is required. · If they are inconsistent, modify the spanning tree configuration to be consistent on both M-LAG devices. |
STP_CONSISTENCY_RESTORATION
|
Message text |
Consistency restored on VLAN [UINT32]'s port [STRING]. |
|
Variable fields |
$1: VLAN ID $2: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
STP/6/STP_CONSISTENCY_RESTORATION: Consistency restored on VLAN 10's port GigabitEthernet1/0/1. |
|
Impact |
No negative impacts on the system. |
|
Cause |
The PVID or port type at both ends of the link port becomes consistent |
|
Recommended action |
No action is required. |
STP_DETECTED_TC
|
Message text |
[STRING] [UINT32]'s port [STRING] detected a topology change. |
|
Variable fields |
$1: STP instance or VLAN. $2: STP instance number or VLAN ID. $3: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
STP/6/STP_DETECTED_TC: Instance 0's port GigabitEthernet1/0/1 detected a topology change. |
|
Impact |
Spanning Tree Topology changes, triggering a recalculation of the Spanning Tree Protocol |
|
Cause |
Port status changes on the device |
|
Recommended action |
Check if the topology change is normal: · If yes, no action is required. · If no, troubleshoot the related issues, recover the Spanning Tree Topology. If unable to troubleshoot, collect the configuration file, log file, and alarms, and then contact Technical Support. |
STP_DISABLE
|
Message text |
STP is now disabled on the device. |
|
Variable fields |
N/A |
|
Severity level |
6 (Informational) |
|
Example |
STP/6/STP_DISABLE: STP is now disabled on the device. |
|
Impact |
Devices are unable to use the Spanning Tree Protocol (STP) function and cannot process or send BPDUs. |
|
Cause |
Users execute the 'undo stp global enable' command to globally disable the Spanning Tree Protocol. |
|
Recommended action |
No action is required. |
STP_DISCARDING
|
Message text |
[STRING] [UINT32]'s port [STRING] has been set to discarding state. |
|
Variable fields |
$1: STP instance or VLAN. $2: STP instance number or VLAN ID. $3: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
STP/6/STP_DISCARDING: Instance 0's port GigabitEthernet1/0/1 has been set to discarding state. |
|
Impact |
This port cannot forward user traffic |
|
Cause |
The spanning tree topology of the port in the MSTP instance has changed |
|
Recommended action |
1. Check if there have been changes in the devices or links in the network topology: ¡ If yes, go to step 2 ¡ If no, go to step 3 2. Check if the changes in the devices or links in the network topology are in line with the requirements: ¡ If yes, go to step 3 ¡ If no, proceed to step 4 3. Execute the command 'display stp' to check if the current status calculation results of each port are in line with the requirements: ¡ If yes, no action is required. ¡ If no, go to step 4 4. Deploy the network topology correctly. If the problem is still not resolved after deploying the network topology correctly, go to step 5 5. Collect the configuration file, log file, and alarms, and then contact Technical Support. |
STP_DISPUTE
|
Message text |
[STRING] [UINT32]'s port [STRING] received an inferior BPDU from a designated port which is in forwarding or learning state. |
|
Variable fields |
$1: STP instance or VLAN. $2: STP instance number or VLAN ID. $3: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
STP/4/STP_DISPUTE: Instance 0's port GigabitEthernet1/0/2 received an inferior BPDU from a designated port which is in forwarding or learning state. |
|
Impact |
Ports triggering Dispute protection will be blocked |
|
Cause |
In the spanning tree instance or VLAN, the port receives a low priority BPDU message sent by the designated port, and the sending port is in the Forwarding or Learning state |
|
Recommended action |
The following methods can be used to handle this: · Execute the 'display stp abnormal-port' command to view information about the port in Dispute protection. Check if there is a one-way fault on the link where the remote end cannot receive messages from the local end. After ensuring that the VLAN configurations on both ends of the port are consistent, you can try to down/up the link for recovery or replace the cable · Based on the designated bridge ID and designated port ID carried by the received low priority message, troubleshoot the link between the device and the device to which the BPDU in the spanning tree topology belongs · If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
STP_ENABLE
|
Message text |
STP is now enabled on the device. |
|
Variable fields |
No |
|
Severity level |
6 (Informational) |
|
Example |
STP/6/STP_ENABLE: STP is now enabled on the device. |
|
Impact |
Some ports may be blocked due to the calculation results of the Spanning Tree Protocol (STP) |
|
Cause |
On the device, the global enable command for STP has been executed to enable the global Spanning Tree Protocol |
|
Recommended action |
No action is required. |
STP_FORWARDING
|
Message text |
[STRING] [UINT32]'s port [STRING] has been set to forwarding state. |
|
Variable fields |
$1: STP instance or VLAN. $2: STP instance number or VLAN ID. $3: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
STP/6/STP_FORWARDING: Instance 0's port GigabitEthernet1/0/1 has been set to forwarding state. |
|
Impact |
No negative impacts on the system. |
|
Cause |
The network topology changes |
|
Recommended action |
1. Execute the display stp command to check if the current status calculation results of each port meet the requirements: ¡ If yes, then no action is required. ¡ If no, go to step 2. 2. Correctly deploy the network topology. If the issue persists after correct deployment, go to step 3. 3. Collect the configuration file, log file, and alarms, and then contact Technical Support. |
STP_LOOP_PROTECTION
|
Message text |
[STRING] [UINT32]'s LOOP-Protection port [STRING] failed to receive configuration BPDUs. |
|
Variable fields |
$1: STP instance or VLAN. $2: STP instance number or VLAN ID. $3: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
STP/4/STP_LOOP_PROTECTION: Instance 0's LOOP-Protection port GigabitEthernet1/0/1 failed to receive configuration BPDUs. |
|
Impact |
Ports with loop protection enabled will remain in Discarding state until receiving BPDU |
|
Cause |
Reason 1: Spanning tree function is not enabled on the opposite device of the port with loop protection enabled Reason 2: Link fault occurred on the port with loop protection enabled |
|
Recommended action |
1. Execute the display stp command on the opposite device connected to this port to check if the spanning tree function is enabled on that device: ¡ If yes, go to step 2 ¡ If not, enable the global and port spanning tree functions on the opposite device with the stp global enable and stp enable commands. If the opposite device enables the spanning tree function and this end still cannot receive BPDU, go to step 2 2. Check if there is a link fault between this device and the opposite device: ¡ If yes, repair the link fault between the devices. If the cause of the fault cannot be located or the link fault cannot be repaired, go to step 3 ¡ If not, execute step 3 3. If the issue persists, collect the configuration file, log file, and alarms, and then contact Technical Support. |
STP_LOOPBACK_PROTECTION
|
Message text |
[STRING] [UINT32]'s port [STRING] received its own BPDU. |
|
Variable fields |
$1: STP instance or VLAN. $2: STP instance number or VLAN ID. $3: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
STP/4/STP_LOOPBACK_PROTECTION: Instance 0's port GigabitEthernet1/0/2 received its own BPDU. |
|
Impact |
There may be a loop in the network, which could cause a broadcast storm |
|
Cause |
Ports receive their own BPDU messages in the spanning tree instance or VLAN |
|
Recommended action |
1. Check for malicious users forging BPDU to attack the network: ¡ If yes, go to step 3 ¡ If no, go to step 2 2. Check if there is a physical loop in the network, if so, manually break the loop. If the problem is not resolved, go to step 3 3. Collect the configuration file, log file, and alarms, and then contact Technical Support. |
STP_NOT_ROOT
|
Message text |
The current switch is no longer the root of instance [UINT32]. |
|
Variable fields |
$1: STP instance number. |
|
Severity level |
5 (Notification) |
|
Example |
STP/5/STP_NOT_ROOT: The current switch is no longer the root of instance 0. |
|
Impact |
Device roles are recalculated, which may cause a brief disruption to the business. |
|
Cause |
Possible reasons include: · A device with a smaller root bridge ID has been added to the spanning tree network topology · A device's priority in the original spanning tree network topology has been modified |
|
Recommended action |
For a device with a smaller root bridge ID added to the spanning tree network topology: 1. On the newly added device, execute the 'display stp root' command to check if the device's root bridge ID is the smallest: ¡ If yes, go to step 2 ¡ If no, go to step 4 2. confirm whether the root bridge ID of the newly added device should be planned as the smallest root bridge ID: ¡ If yes, then no action is required. ¡ If no, go to step 3 3. modify the priority and other configurations of the newly added device to change the root bridge role to the device planned by the user. If the problem is still not resolved, go to step 4 4. Collect the configuration file, log file, and alarms, and then contact Technical Support. For devices with modified priorities in the original spanning tree network topology: 5. Execute the 'display stp' command to check if the device priority modification configuration in the spanning tree network topology is normal: ¡ If yes, then no action is required. ¡ If no, go to step 2 6. Execute the 'stp priority' command to modify the priority of each device to the value planned by the user. If the problem is still not resolved, go to step 3 7. Collect the configuration file, log file, and alarms, and then contact Technical Support. |
STP_NOTIFIED_TC
|
Message text |
[STRING] [UINT32]'s port [STRING] was notified a topology change. |
|
Variable fields |
$1: STP instance or VLAN. $2: STP instance number or VLAN ID. $3: Interface name. |
|
Severity level |
6 (Informational) |
|
Example |
STP/6/STP_NOTIFIED_TC: Instance 0's port GigabitEthernet1/0/1 was notified a topology change. |
|
Impact |
Spanning Tree topology changes, triggering re-calculation of the Spanning Tree Protocol |
|
Cause |
Device receives a BPDU with the TC flag set |
|
Recommended action |
Check if the topology change is normal: · If yes, no action is required. · If no, troubleshoot the related faults and recover the Spanning Tree topology. If unable to troubleshoot, collect the configuration file, log file, and alarms, and then contact Technical Support. |
STP_PORT_TYPE_INCONSISTENCY
|
Message text |
Access port [STRING] in VLAN [UINT32] received PVST BPDUs from a trunk or hybrid port. |
|
Variable fields |
$1: Interface name. $2: VLAN ID |
|
Severity level |
4 (Warning) |
|
Example |
STP/4/STP_PORT_TYPE_INCONSISTENCY: Access port GigabitEthernet1/0/1 in VLAN 10 received PVST BPDUs from a trunk or hybrid port. |
|
Impact |
Due to the difference in BPDU format sent by Access ports and Trunk as well as Hybrid ports, it may cause errors in the Spanning Tree Protocol calculation |
|
Cause |
Access ports received PVST format BPDUs sent by Trunk or Hybrid ports |
|
Recommended action |
1. Check if the type of the port specified in the log is consistent with its peer port: ¡ If yes, go to step 2 ¡ If no, change the port types on both ends to the same type. If the problem is still not resolved, go to step 2 2. Collect the configuration file, log file, and alarms, and then contact Technical Support. |
STP_PVID_INCONSISTENCY
|
Message text |
Port [STRING] with PVID [UINT32] received PVST BPDUs from a port with PVID [UINT32]. |
|
Variable fields |
$1: Interface name. $2: VLAN ID $3: VLAN ID |
|
Severity level |
4 (Warning) |
|
Example |
STP/4/STP_PVID_INCONSISTENCY: Port GigabitEthernet1/0/1 with PVID 10 received PVST BPDUs from a port with PVID 20. |
|
Impact |
PVST calculation may have errors |
|
Cause |
This end port does not match the remote port's PVID |
|
Recommended action |
determine if the inconsistency of PVIDs on both ends of the port complies with the network planning requirements: · If yes, execute the 'stp ignore-pvid-inconsistency' command to disable PVST's PVID inconsistency protection function · If no, modify the PVIDs on both ends of the port to match |
STP_PVST_BPDU_PROTECTION
|
Message text |
PVST BPDUs were received on port [STRING], which is enabled with PVST BPDU protection. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
STP/4/STP_PVST_BPDU_PROTECTION: PVST BPDUs were received on port GigabitEthernet1/0/1, which is enabled with PVST BPDU protection. |
|
Impact |
The port receiving the PVST message was closed. |
|
Cause |
In MSTP mode, the port with PVST message protection function enabled received a PVST message. |
|
Recommended action |
1. Determine if the device publishing the PVST message needs to do so: ¡ If yes, No action is required. ¡ If no, modify the configuration on the device to stop publishing PVST messages. If the issue is not resolved, go to step 2 2. Collect the configuration file, log file, and alarms, and then contact Technical Support. |
STP_ROOT_PROTECTION
|
Message text |
[STRING] [UINT32]'s ROOT-Protection port [STRING] received superior BPDUs. |
|
Variable fields |
$1: STP instance or VLAN. $2: STP instance number or VLAN ID. $3: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
STP/4/STP_ROOT_PROTECTION: Instance 0's ROOT-Protection port GigabitEthernet1/0/1 received superior BPDUs. |
|
Impact |
The port that receives a BPDU with a higher precedence will transition to the listening state and stop forwarding user messages. If no better BPDU is received within twice the Forward Delay time, the port will recover to its original normal state. |
|
Cause |
A new device has been added to the spanning tree network topology, or an existing device has undergone a precedence change. |
|
Recommended action |
1. Execute the 'display stp' command on other devices in the spanning tree network to check the current root bridge calculation results and port calculation results to see if they comply with the network plan: ¡ If yes, go to step 2 ¡ If no, go to step 3 2. Execute the 'undo stp root-protection' command on the port with root protection enabled to disable the root protection function on that port. If the issue is not resolved, go to step 4 3. Reconfigure the precedence of devices in the network as needed to make the device with root protection enabled the root bridge device. If the issue is not resolved, go to step 4 4. Collect the configuration file, log file, and alarms, and then contact Technical Support. |
STP_STG_NUM_DETECTION
|
Message text |
STG count [UINT32] is smaller than the MPU's STG count [UINT32]. |
|
Variable fields |
$1: Number of specified board STG $2: Number of MPU STG |
|
Severity level |
4 (Warning) |
|
Example |
STP/4/STP_STG_NUM_DETECTION: STG count 64 is smaller than the MPU's STG count 65. |
|
Impact |
Spanning Tree Protocol cannot run normally |
|
Cause |
Detected that the number of STG on the specified board is less than the number of STG on the MPU |
|
Recommended action |
The number of STP instances configured on the MPU cannot exceed the minimum number of STG on all boards. For example: If the number of STP instances configured is m, and the minimum number of STG on any board is n, then m cannot be greater than n |
SYSLOG messages
This section contains syslog (information center) messages.
SYSLOG_LOGBUFFER_FAILURE
|
Message text |
Log cannot be sent to the logbuffer because of communication timeout between syslog and DBM processes. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
SYSLOG/4/SYSLOG_LOGBUFFER_FAILURE: Log cannot be sent to the logbuffer because of communication timeout between syslog and DBM processes. |
|
Impact |
The log buffer is unable to store logs. |
|
Cause |
The communication timed out between syslog and DBM processes. |
|
Recommended action |
Collect the device configuration file, log information, and alarm information, and contact Technical Support. |
SYSLOG_LOGFILE_FULL
|
Message text |
Log file space is full. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
SYSLOG/4/SYSLOG_LOGFILE_FULL: Log file space is full. |
|
Impact |
New logs cannot be stored to the log file. |
|
Cause |
The log file is full. |
|
Recommended action |
To resolve the issue: 1. Back up the log file, and delete the log file. 2. Execute the undo info-center logfile overwrite-protection command to disable the log file overwrite protection feature. With this feature disabled, when the log file is full, new logs can overwrite existing logs and be saved to the log file. 3. Execute the info-center logfile size-quota command to modify the maximum storage space that a single log file can occupy. |
SYSLOG_NO_SPACE
|
Message text |
Failed to save log file due to lack of space resources. |
|
Variable fields |
N/A |
|
Severity level |
4 (Warning) |
|
Example |
SYSLOG/4/SYSLOG_NO_SPACE: -MDC=1; Failed to save log file due to lack of space resources. |
|
Impact |
Newly generated logs cannot be saved into the log file. |
|
Cause |
The storage space is insufficient. |
|
Recommended action |
To resolve the issue: 1. Back up the log file to a remote server. 2. Use the delete /unreserved file command to temporarily delete unused files. 3. Use the reset recycle-bin command to clear the files in the recycle bin to free up storage space on the storage medium. |
SYSLOG_RESTART
|
Message text |
System restarted -- [STRING] [STRING] Software. |
|
Variable fields |
$1: Company name. $2: Software name. |
|
Severity level |
6 (Informational) |
|
Example |
SYSLOG/6/SYSLOG_RESTART: System restarted -- H3C Comware Software |
|
Impact |
The system restarts and the device cannot operate correctly. |
|
Cause |
The device is restarted. |
|
Recommended action |
No action is required. |
SYSLOG_RTM_EVENT_BUFFER_FULL
|
Message text |
In the last minute, [String] syslog logs were not monitored because the buffer was full. |
|
Variable fields |
$1: Number of system logs that were not sent to the EAA module in the last minute. |
|
Severity level |
5 (Notification) |
|
Example |
SYSLOG/5/SYSLOG_RTM_EVENT_BUFFER_FULL: In the last minute, 100 syslog logs were not monitored because the buffer was full. |
|
Impact |
This issue might affect the execution of EAA monitoring policies. |
|
Cause |
This message records the number of system logs that are not processed by EAA because the log buffer monitored by EAA is full. The log buffer can be filled up if the device generates large numbers of system logs in a short period of time. |
|
Recommended action |
To resolve the issue: 1. Execute the display logbuffer command to locate a large number of logs generated in a short time, identify the service module generating the logs, and determine based on the log information whether the service module's function is abnormal or under attack. First address the issues with the service module's abnormalities or attacks to reduce the generation of logs. 2. Use the rtm event syslog buffer-size command to increase the log buffer size. |
TACACS messages
This section contains TACACS messages.
TACACS_ACCT_SERVER_DOWN
|
Message text |
TACACS accounting server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the accounting server. $2: Port number of the accounting server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
4 (Warning) |
|
Example |
TACACS/4/TACACS_ACCT_SERVER_DOWN: TACACS accounting server was blocked: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
A server becomes unreachable, which causes the user to fail to come online. |
|
Cause |
An accounting server became blocked from active. |
|
Recommended action |
1. Use the display interface command to identify whether the interface connected to the TACACS accounting server is up: ¡ If no, troubleshoot the physical links. ¡ If yes, go to step 2. 2. Use the ping command to identify whether the TACACS accounting server is reachable: ¡ If no, first check the network reachability between the device and the TACACS accounting server, and then identify whether firewalls exist in the network. Make sure the TACACS accounting server is reachable. ¡ If yes, go to step 3. 3. Use the display current-configuration command to identify whether the TACACS accounting server is configured correctly: ¡ If no, modify the TACACS accounting server settings. For more information about TACACS server configuration, see AAA commands in Security Command Reference and AAA configuration in Security Configuration Guide of the device. ¡ If yes, go to step 4. 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TACACS_ACCT_SERVER_UP
|
Message text |
TACACS accounting server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the accounting server. $2: Port number of the accounting server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
6 (Informational) |
|
Example |
TACACS/6/TACACS_ACCT_SERVER_UP: TACACS accounting server became active: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device detected that a TACACS accounting server became active from blocked. |
|
Recommended action |
No action is required. |
TACACS_AUTH_FAILURE
|
Message text |
User [STRING] at [STRING] failed authentication. |
|
Variable fields |
$1: Username. $2: IP address. |
|
Severity level |
5 (Notification) |
|
Example |
TACACS/5/TACACS_AUTH_FAILURE: User cwf@system at 192.168.0.22 failed authentication. |
|
Impact |
A user fails authentication. |
|
Cause |
An authentication request was rejected by the TACACS server. |
|
Recommended action |
1. Verify that the TACACS authentication-related configurations are correct on the device. 2. If the issue persists, contact the server administrator to confirm the reason for rejecting the authentication request, and resolve the issue based on the reason. 3. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TACACS_AUTH_SERVER_DOWN
|
Message text |
TACACS authentication server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the authentication server. $2: Port number of the authentication server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
4 (Warning) |
|
Example |
TACACS/4/TACACS_AUTH_SERVER_DOWN: TACACS authentication server was blocked: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
This issue will result in user authentication failures during login. If no secondary authentication servers are available, users might be disconnected. |
|
Cause |
The device detected that a TACACS authentication server became blocked from active. |
|
Recommended action |
1. Use the display interface command to identify whether the interface connected to the TACACS accounting server is up: ¡ If no, troubleshoot the physical links. ¡ If yes, go to step 2. 2. Use the ping command to identify whether the TACACS accounting server is reachable: ¡ If no, first check the network reachability between the device and the TACACS accounting server, and then identify whether firewalls exist in the network. Make sure the TACACS accounting server is reachable. ¡ If yes, go to step 3. 3. Use the display current-configuration command to identify whether the TACACS accounting server is configured correctly: ¡ If no, modify the TACACS accounting server settings. For more information about TACACS server configuration, see AAA commands in Security Command Reference and AAA configuration in Security Configuration Guide of the device. ¡ If yes, go to step 4. 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TACACS_AUTH_SERVER_UP
|
Message text |
TACACS authentication server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the authentication server. $2: Port number of the authentication server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
6 (Informational) |
|
Example |
TACACS/6/TACACS_AUTH_SERVER_UP: TACACS authentication server became active: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device detected that a TACACS authentication server became active from blocked. |
|
Recommended action |
No action is required. |
TACACS_AUTH_SUCCESS
|
Message text |
User [STRING] at [STRING] was authenticated successfully. |
|
Variable fields |
$1: Username. $2: IP address. |
|
Severity level |
6 (Informational) |
|
Example |
TACACS/6/TACACS_AUTH_SUCCESS: User cwf@system at 192.168.0.22 was authenticated successfully. |
|
Impact |
No negative impact on the system. |
|
Cause |
An authentication request was accepted by the TACACS server. |
|
Recommended action |
No action is required. |
TACACS_AUTHOR_SERVER_DOWN
|
Message text |
TACACS authorization server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the authorization server. $2: Port number of the authorization server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
4 (Warning) |
|
Example |
TACACS/4/TACACS_AUTHOR_SERVER_DOWN: TACACS authorization server was blocked: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
This issue will result in user authentication failures during login. If no secondary authentication servers are available, users might be disconnected. |
|
Cause |
The device detected that a TACACS authorization server became blocked from active. |
|
Recommended action |
1. Use the display interface command to identify whether the interface connected to the TACACS accounting server is up: ¡ If no, troubleshoot the physical links. ¡ If yes, go to step 2. 2. Use the ping command to identify whether the TACACS accounting server is reachable: ¡ If no, first check the network reachability between the device and the TACACS accounting server, and then identify whether firewalls exist in the network. Make sure the TACACS accounting server is reachable. ¡ If yes, go to step 3. 3. Use the display current-configuration command to identify whether the TACACS accounting server is configured correctly: ¡ If no, modify the TACACS accounting server settings. For more information about TACACS server configuration, see AAA commands in Security Command Reference and AAA configuration in Security Configuration Guide of the device. ¡ If yes, go to step 4. 4. If the issue persists, collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TACACS_AUTHOR_SERVER_UP
|
Message text |
TACACS authorization server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING]. |
|
Variable fields |
$1: IP address of the authorization server. $2: Port number of the authorization server. $3: VPN instance name. This field displays public if the server belongs to the public network. |
|
Severity level |
6 (Informational) |
|
Example |
TACACS/6/TACACS_AUTHOR_SERVER_UP: TACACS authorization server became active: Server IP=1.1.1.1, port=1812, VPN instance=public. |
|
Impact |
No negative impact on the system. |
|
Cause |
The device detected that a TACACS authorization server became active from blocked. |
|
Recommended action |
No action is required. |
TACACS_DELETE_HOST_FAIL
|
Message text |
Failed to delete servers in scheme [STRING]. |
|
Variable fields |
$1: Scheme name. |
|
Severity level |
4 (Warning) |
|
Example |
TACACS/4/TACACS_DELETE_HOST_FAIL: Failed to delete servers in scheme abc. |
|
Impact |
The impact on the system is determined based on the actual situation. |
|
Cause |
Failed to use a command line to delete servers from a TACACS scheme. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
TELNETD messages
This section contains Telnet daemon messages.
TELNETD_REACH_SESSION_LIMIT
|
Message text |
Telnet client [STRING] failed to log in. The current number of Telnet sessions is [NUMBER]. The maximum number allowed is ([NUMBER]). |
|
Variable fields |
$1: IP address of the Telnet client. $2: Current number of Telnet sessions. $3: Maximum number of Telnet sessions allowed by the device. |
|
Severity level |
|
|
Example |
|
|
Impact |
The Telnet user cannot access the system. |
|
Cause |
The number of Telnet connections reached the limit. |
|
Recommended action |
1. Use the display current-configuration | include session-limit command to view the current limit for Telnet connections. If the command does not display the limit, it indicates that the device is using the default setting. 2. To set a greater limit, execute the aaa session-limit command. |
VLAN messages
This section contains VLAN messages.
VLAN_CREATEVLAN_NO_ENOUGH_RESOUR
|
Message text |
Failed to create VLAN [STRING]. The maximum number of VLANs has been reached. |
|
Variable fields |
$1: VLAN ID. |
|
Severity level |
4 (Warning) |
|
Example |
VLAN/4/ VLAN_CREATEVLAN_NO_ENOUGH_RESOUR: Failed to create VLAN 1025-4094. The maximum number of VLANs has been reached. |
|
Impact |
Failed to create the specified VLANs. |
|
Cause |
Insufficient hardware resources for VLANs. |
|
Recommended action |
1. Execute the display vlan brief command to view the VLANs that have been created. 2. Execute the undo vlan command to delete unnecessary VLANs. |
VLAN_FAILED
|
Message text |
Failed to add interface [STRING] to the default VLAN. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
VLAN/4/VLAN_FAILED: Failed to add interface GigabitEthernet1/0/1 to the default VLAN. |
|
Impact |
The port specified in this log message cannot receive packets carrying the default VLAN tag. |
|
Cause |
An interface was created when hardware resources were insufficient. |
|
Recommended action |
Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
VLAN_VLANMAPPING_FAILED
|
Message text |
The configuration failed because of resource insufficiency or conflicts on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
VLAN/4/VLAN_VLANMAPPING_FAILED: The configuration failed because of resource insufficiency or conflicts on Ethernet0/0. |
|
Impact |
The VLAN mapping feature on this port cannot run properly. |
|
Cause |
Hardware resources are insufficient or the port joins or leaves a Layer 2 aggregation group. |
|
Recommended action |
1. Reconfigure VLAN mapping on the port. If the issue persists, proceed to step 2. 2. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
VLAN_VLANTRANSPARENT_FAILED
|
Message text |
The configuration failed because of resource insufficiency or conflicts on [STRING]. |
|
Variable fields |
$1: Interface name. |
|
Severity level |
4 (Warning) |
|
Example |
VLAN/4/VLAN_VLANTRANSPARENT_FAILED: The configuration failed because of resource insufficiency or conflicts on GigabitEthernet1/0/1. |
|
Impact |
The VLAN transparent transmission feature on this port cannot run properly. |
|
Cause |
Hardware resources are insufficient or the port joins or leaves a Layer 2 aggregation group. |
|
Recommended action |
1. Reconfigure VLAN transparent transmission on the port. If the issue persists, proceed to step 2. 2. Collect alarm information, log messages, and configuration data, and then contact Technical Support for help. |
VRRP4
This section contains IPv4 VRRP messages.
VRRP_STATUS_CHANGE
|
Message text |
The status of [STRING] virtual router [UINT32] (configured on [STRING]) changed from [STRING] to [STRING]: [STRING]. |
|
Variable fields |
$1: Network protocol type. Options include IPv4 and IPv6. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Original status. $5: Current status. $6: Reason for status change: ¡ Interface event received—An interface event was received. ¡ IP address deleted—The IP address of the interface configured with the VRRP group is deleted. ¡ The status of the tracked object changed—The status of the associated track entry changed. ¡ VRRP packet received—A VRRP advertisement was received. ¡ Current device has changed to IP address owner—The current device has become the IP address owner. ¡ Zero priority packet received—A VRRP packet containing priority 0 was received. ¡ Preempt—Preemption occurred. ¡ Master group drove—The state of the master group changed. |
|
Severity level |
6 (Informational) |
|
Example |
VRRP4/6/VRRP_STATUS_CHANGE: The status of IPv4 virtual router 10 (configured on Ethernet0/0) changed from Backup to Master: Master-down-timer expired. |
|
Impact |
No negative impacts on the system. |
|
Cause |
The VRRP group status changed because of the following reasons: 1. An interface event was received. 2. The virtual IP address has been deleted. 3. The status of the associated track entry changed. 4. A VRRP advertisement was received. 5. The current device has become the IP address owner. 6. The master down timer (3 × VRRP advertisement interval + Skew_Time) expired. 7. A VRRP packet containing priority 0 was received. 8. Preemption occurred. 9. The state of the master group changed. |
|
Recommended action |
Take an action according to the reason for the change in VRRP status carried in the log: · For reason 1, identify whether the interface where the VRRP group is located has failed Execute the display interface command on both local and remote ends to check the status of the interface connected to the VRRP group. If the interface state is down, locate and handle the interface fault according to the output information. · For reason 2, identify whether the interface IP address is deleted. Execute the display interface brief command on the local end to view the device interface IP address. If the interface IP address is deleted, execute the ip address or ipv6 address command in interface view to configure an IP address again. · For reason 3, first execute the display vrrp command to obtain the associated track entry ID, and then use the display track command to locate and resolve the track entry fault. · For reason 4, no action is required · For reason 5, the recommended action is as follows: Identify whether it is necessary to configure the local device as the IP address owner of the VRRP group: Execute the display vrrp command without parameters on the local device to view the virtual IP address of the VRRP group. Execute the display interface brief command on the local device to view the IP address of the device interface, and locate the interface with the same IP address as the VRRP group. A device with an interface IP address the same as the virtual IP address is called the IP address owner. An IP address owner in the VRRP group is the master as long as it is working correctly. ¡ If the device needs to be configured as the IP address owner, no action is required ¡ If the device does not need to be configured as the IP address owner, use the vrrp vrid command in interface view to edit the virtual IP address of the VRRP group · For reason 6, the recommended action is as follows: ¡ Identify whether the remote device is faulty. Execute the display vrrp command on the remote device. If the State field value is Initialize, the device is faulty. Locate the cause and recover the remote device. ¡ Identify whether the interface connected to the VRRP group is faulty. Execute the display interface command on both the local and remote ends to check the state of the interface connected to the VRRP group. If the interface state is down, locate and resolve the interface fault according to the output information. ¡ Identify whether a VRRP configuration error exists. Execute the display current-configuration | inculde vrrp command on both the local and remote ends to filter VRRP configuration. The VRRP configuration on both the local and remote ends has the following requirements: The VRRP group number and the virtual IP address must be the same on both the local and remote ends. If they are different, use the vrrp vrid command to configure the settings again. For VRRPv4, the version number must be consistent. If it is not consistent, use the vrrp version command in interface view to edit the version. IPv6 VRRP supports only VRRPv3 version that cannot be edited. For VRRPv4, the authentication mode must be consistent. If an authentication key is configured, the authentication key must also be consistent. If it is not consistent, use the vrrp vrid authentication-mode command in interface view to edit the setting. VRRPv6 does not support authentication · For reason 7, the recommended action is as follows: ¡ Execute the display vrrp verbose command on both the local and remote ends to view the configured VRRP priority (Config pri field): If the configuration is correct, no action is required. If the configuration is incorrect, use the vrrp vrid priority command in interface view to edit the configuration. ¡ Execute the display vrrp verbose command on both the local and remote ends to view the configured VRRP priority (Config pri field) and the actual effective VRRP priority (Running pri field). If the two values are different, further check the associated track entry ID, and use the display track command to locate and resolve the track entry fault · For reason 8, if the preemption is manually triggered by the administrator, no action is required. For automatic preemption, the monitored object is faulty, and further confirmation of the cause of automatic preemption is needed. · For reason 9, execute the display vrrp verbose command on the local device, locate the associated management VRRP group name according to the value of the Follow Name field, and then take further actions according to the value of the reason in the management VRRP group trap. · If the issue persists, collect the configuration data, log messages, and alarm information, and then contact Technical Support for help. |
VRRP_VF_STATUS_CHANGE
|
Message text |
The [STRING] virtual router [UINT32] (configured on [STRING]) virtual forwarder [UINT32] detected status change (from [STRING] to [STRING]): [STRING]. |
|
Variable fields |
$1: Network protocol type. Options include IPv4 and IPv6. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: VF ID. $5: Original status of VF. Options include: · Active—The VF is forwarding data. · Listening—The VF is in backup state. · Initialize—The VF is in initialization state. $6: Current status of VF. Options include: · Active—The VF is forwarding data. · Listening—The VF is in backup state. · Initialize—The VF is in initialization state. $7: Reason for the status change. Options include: · Weight changed · Adding virtual MAC address failed · Conceded—Received a message with VF priority 0, and actively removed the forwarding permissions · Learnt from Advertisement · Reply received—Received a reply message. · Release received—Received release message. · Active timer expired · Time-out timer expired · Self-allocated—The master allocated a virtual MAC address to itself. · VRRP down—The VRRP group went down. · Take over—Took over as the AVF. · The status of the tracked object changed |
|
Severity level |
6 (Informational) |
|
Example |
VRRP4/6/VRRP_VF_STATUS_CHANGE: The IPv4 virtual router 10 (configured on GigabitEthernet5/1) virtual forwarder 2 detected status change (from Active to Initialize): Weight changed. |
|
Impact |
No negative impact on the system for normal switchover. If the VF status is abnormal after the switchover, services might be interrupted. |
|
Cause |
Possible reasons include: 1. Weight change. 2. Failed to add virtual MAC address. 3. Received a message with VF priority 0, and actively removed the forwarding permissions 4. Learned from an advertisement message 5. Received a reply message 6. Received a release message 7. Active timer timed out 8. Timeout timer timed out 9. The master allocated a virtual MAC address to itself. 10. The VRRP group went down 11. Took over as the AVF. 12. The status of the tracked object changed |
|
Recommended action |
Take an action based on the VRRP status change reason in the log message: · For reason 1, check the configured VRRP priority (Config pri field) and the actual effective VRRP priority (Running pri field). If the two values are different, further check the associated track entry number. Use the display track command to locate and resolve the track entry fault. · For reason 2, locate the root cause of the MAC operation failure and resolve it · For reason 3, identify whether a VRRP group with a priority higher than the local priority exists in the network: ¡ If the configuration is correct, no action is needed ¡ If the configuration is incorrect, edit the configuration by using the vrrp vrid priority command in interface view · For reason 4, no action is required. · For reason 5, no action is required. · For reason 6, no action is required. · For reason 7, no action is required. · For reason 8, no action is required. · For reason 9, no action is required. · For reason 10, identify whether the interface configured with the VRRP group has failed: Use the display interface command to check the state of the interface connected to the VRRP group. If the interface state is down, locate and resolve the interface fault according to the output information. · For reason 11, the original highest-priority AVF's weight has failed. Check the reason for the change in the original AVF priority. · For reason 12, check the track entry state. You can use the display track command to locate and resolve the track entry fault. |
VRRP_VMAC_INEFFECTIVE
|
Message text |
The [STRING] virtual router [UINT32] (configured on [STRING]) failed to add virtual MAC: [STRING]. |
|
Variable fields |
$1: Network protocol type. Options include IPv4 and IPv6. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: The reason for the error is Insufficient hardware resources, indicating a lack of hardware resources |
|
Severity level |
3 (Error) |
|
Example |
VRRP4/3/VRRP_VMAC_INEFFECTIVE: The IPv4 virtual router 10 (configured on Ethernet0/0) failed to add virtual MAC: Insufficient hardware resources. |
|
Impact |
The VRRP group of this device cannot work correctly. |
|
Cause |
Failed to add the virtual MAC address. |
|
Recommended action |
1. In probe view, execute the display system internal vrrp kernel virtual-route command to view the virtual router information of the VRRP kernel and collect output information. 2. If the issue persists, collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
VRRP4_MANUAL_PREEMPT_FAILED
|
Message text |
IPv4 virtual router [UINT32] (configured on interface [STRING]) failed to execute manual preemption because the received packet has higher priority. |
|
Variable fields |
$1: VRRP group number. $2: Name of the interface where the VRRP group is configured. |
|
Severity level |
6 (Informational) |
|
Example |
VRRP4/6/VRRP4_MANUAL_PREEMPT_FAILED: IPv4 virtual router 1 (configured on interface GigabitEthernet1/0/1) failed to execute manual preemption because the received packet has higher priority. |
|
Impact |
No negative impact on the system. |
|
Cause |
Manual switchover failed, because a VRRP advertisement packet with higher priority is received. |
|
Recommended action |
Check the router priority and router state in the VRRP group. |
VRRP6
This section contains IPv6 VRRP messages.
VRRP_STATUS_CHANGE
|
Message text |
The status of [STRING] virtual router [UINT32] (configured on [STRING]) changed from [STRING] to [STRING]: [STRING]. |
|
Variable fields |
$1: Network protocol type. Options include IPv4 and IPv6. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Original status. $5: Current status. $6: Reason for status change: ¡ Interface event received—An interface event was received. ¡ IP address deleted—The IP address of the interface configured with the VRRP group is deleted. ¡ The status of the tracked object changed—The status of the associated track entry changed. ¡ VRRP packet received—A VRRP advertisement was received. ¡ Current device has changed to IP address owner—The current device has become the IP address owner. ¡ Master-down-timer expired—The master down timer (3 × VRRP advertisement interval + Skew_Time) expired. ¡ Zero priority packet received—A VRRP packet containing priority 0 was received. ¡ Preempt—Preemption occurred. ¡ Master group drove—The state of the master group changed. |
|
Severity level |
6 (Informational) |
|
Example |
VRRP6/6/VRRP_STATUS_CHANGE: The status of IPv4 virtual router 10 (configured on Ethernet0/0) changed from Backup to Master: Master-down-timer expired. |
|
Impact |
No negative impacts on the system. |
|
Cause |
The VRRP group status changed because of the following reasons: 1. An interface event was received. 2. The virtual IP address has been deleted. 3. The status of the associated track entry changed. 4. A VRRP advertisement was received. 5. The current device has become the IP address owner. 6. The master down timer (3 × VRRP advertisement interval + Skew_Time) expired. 7. A VRRP packet containing priority 0 was received. 8. Preemption occurred. 9. The state of the master group changed. |
|
Recommended action |
Take an action according to the reason for the change in VRRP status carried in the log: · For reason 1, identify whether the interface where the VRRP group is located has failed Execute the display interface command on both local and remote ends to check the status of the interface connected to the VRRP group. If the interface state is down, locate and handle the interface fault according to the output information. · For reason 2, identify whether the interface IP address is deleted. Execute the display interface brief command on the local end to view the device interface IP address. If the interface IP address is deleted, execute the ip address or ipv6 address command in interface view to configure an IP address again. · For reason 3, first execute the display vrrp command to obtain the associated track entry ID, and then use the display track command to locate and resolve the track entry fault. · For reason 4, no action is required · For reason 5, the recommended action is as follows: Identify whether it is necessary to configure the local device as the IP address owner of the VRRP group: Execute the display vrrp command without parameters on the local device to view the virtual IP address of the VRRP group. Execute the display interface brief command on the local device to view the IP address of the device interface, and locate the interface with the same IP address as the VRRP group. A device with an interface IP address the same as the virtual IP address is called the IP address owner. An IP address owner in the VRRP group is the master as long as it is working correctly. ¡ If the device needs to be configured as the IP address owner, no action is required ¡ If the device does not need to be configured as the IP address owner, use the vrrp vrid command in interface view to edit the virtual IP address of the VRRP group · For reason 6, the recommended action is as follows: ¡ Identify whether the remote device is faulty. Execute the display vrrp command on the remote device. If the State field value is Initialize, the device is faulty. Locate the cause and recover the remote device. ¡ Identify whether the interface connected to the VRRP group is faulty. Execute the display interface command on both the local and remote ends to check the state of the interface connected to the VRRP group. If the interface state is down, locate and resolve the interface fault according to the output information. ¡ Identify whether a VRRP configuration error exists. Execute the display current-configuration | inculde vrrp command on both the local and remote ends to filter VRRP configuration. The VRRP configuration on both the local and remote ends has the following requirements: The VRRP group number and the virtual IP address must be the same on both the local and remote ends. If they are different, use the vrrp ipv6 vrid command to configure the settings again. · For reason 7, the recommended action is as follows: ¡ Execute the display vrrp verbose command on both the local and remote ends to view the configured VRRP priority (Config pri field): If the configuration is correct, no action is required. If the configuration is incorrect, use the vrrp vrid priority command in interface view to edit the configuration. ¡ Execute the display vrrp verbose command on both the local and remote ends to view the configured VRRP priority (Config pri field) and the actual effective VRRP priority (Running pri field). If the two values are different, further check the associated track entry ID, and use the display track command to locate and resolve the track entry fault · For reason 8, if the preemption is manually triggered by the administrator, no action is required. For automatic preemption, the monitored object is faulty, and further confirmation of the cause of automatic preemption is needed. · For reason 9, execute the display vrrp verbose command on the local device, locate the associated management VRRP group name according to the value of the Follow Name field, and then take further actions according to the value of the reason in the management VRRP group trap. · If the issue persists, collect the configuration data, log messages, and alarm information, and then contact Technical Support for help. |
VRRP_VF_STATUS_CHANGE
|
Message text |
The [STRING] virtual router [UINT32] (configured on [STRING]) virtual forwarder [UINT32] detected status change (from [STRING] to [STRING]): [STRING]. |
|
Variable fields |
$1: Network protocol type. Options include IPv4 and IPv6. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: VF ID. $5: Original status of VF. Options include: · Active—The VF is forwarding data. · Listening—The VF is in backup state. · Initialize—The VF is in initialization state. $6: Current status of VF. Options include: · Active—The VF is forwarding data. · Listening—The VF is in backup state. · Initialize—The VF is in initialization state. $7: Reason for the status change. Options include: · Weight changed · Adding virtual MAC address failed · Conceded—Received a message with VF priority 0, and actively removed the forwarding permissions · Learnt from Advertisement · Reply received—Received a reply message. · Release received—Received release message. · Active timer expired · Time-out timer expired · Self-allocated—The master allocated a virtual MAC address to itself. · VRRP down—The VRRP group went down. · Take over—Took over as the AVF. · The status of the tracked object changed |
|
Severity level |
6 (Informational) |
|
Example |
VRRP6/6/VRRP_VF_STATUS_CHANGE: The IPv4 virtual router 10 (configured on GigabitEthernet5/1) virtual forwarder 2 detected status change (from Active to Initialize): Weight changed. |
|
Impact |
No negative impact on the system for normal switchover. If the VF status is abnormal after the switchover, services might be interrupted. |
|
Cause |
Possible reasons include: 1. Weight change. 2. Failed to add virtual MAC address. 3. Received a message with VF priority 0, and actively removed the forwarding permissions 4. Learned from an advertisement message 5. Received a reply message 6. Received a release message 7. Active timer timed out 8. Timeout timer timed out 9. The master allocated a virtual MAC address to itself. 10. The VRRP group went down 11. Took over as the AVF. 12. The status of the tracked object changed |
|
Recommended action |
Take an action based on the VRRP status change reason in the log message: · For reason 1, check the configured VRRP priority (Config pri field) and the actual effective VRRP priority (Running pri field). If the two values are different, further check the associated track entry number. Use the display track command to locate and resolve the track entry fault. · For reason 2, locate the root cause of the MAC operation failure and resolve it · For reason 3, identify whether a VRRP group with a priority higher than the local priority exists in the network: ¡ If the configuration is correct, no action is needed ¡ If the configuration is incorrect, edit the configuration by using the vrrp vrid priority command in interface view · For reason 4, no action is required. · For reason 5, no action is required. · For reason 6, no action is required. · For reason 7, no action is required. · For reason 8, no action is required. · For reason 9, no action is required. · For reason 10, identify whether the interface configured with the VRRP group has failed: Use the display interface command to check the state of the interface connected to the VRRP group. If the interface state is down, locate and resolve the interface fault according to the output information. · For reason 11, the original highest-priority AVF's weight has failed. Check the reason for the change in the original AVF priority. · For reason 12, check the track entry state. You can use the display track command to locate and resolve the track entry fault. |
VRRP_VMAC_INEFFECTIVE
|
Message text |
The [STRING] virtual router [UINT32] (configured on [STRING]) failed to add virtual MAC: [STRING]. |
|
Variable fields |
$1: Network protocol type. Options include IPv4 and IPv6. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: The reason for the error is Insufficient hardware resources, indicating a lack of hardware resources |
|
Severity level |
3 (Error) |
|
Example |
VRRP6/3/VRRP_VMAC_INEFFECTIVE: The IPv4 virtual router 10 (configured on Ethernet0/0) failed to add virtual MAC: Insufficient hardware resources. |
|
Impact |
The VRRP group of this device cannot work correctly. |
|
Cause |
Failed to add the virtual MAC address. |
|
Recommended action |
1. In probe view, execute the display system internal vrrp ipv6 kernel virtual-route command to view the virtual router information of the VRRP kernel and collect output information. 2. If the issue persists, collect configuration data, log messages, and alarm information, and then contact Technical Support for help. |
VRRP6_MANUAL_PREEMPT_FAILED
|
Message text |
IPv6 virtual router [UINT32] (configured on interface [STRING]) failed to execute manual preemption because the received packet has higher priority. |
|
Variable fields |
$1: VRRP group number. $2: Name of the interface where the VRRP group is configured. |
|
Severity level |
6 (Informational) |
|
Example |
VRRP6/6/VRRP6_MANUAL_PREEMPT_FAILED: IPv6 virtual router 1 (configured on interface GigabitEthernet1/0/1) failed to execute manual preemption because the received packet has higher priority. |
|
Impact |
No negative impact on the system. |
|
Cause |
Manual switchover failed, because a VRRP advertisement packet with higher priority is received. |
|
Recommended action |
Check the router priority and router state in the VRRP group. |
VSRP messages
This section contains VSRP messages.
VSRP_BIND_FAILED
|
Message text |
Failed to bind the IP addresses and the port on VSRP peer [STRING]. |
|
Variable fields |
$1: VSRP peer name. |
|
Severity level |
6 (Informational) |
|
Example |
VSRP/6/VSRP_BIND_FAILED: Failed to bind the IP addresses and the port on VSRP peer aaa. |
|
Impact |
The control channel for the VSRP instance might fail to be established. When the VSRP-associated service module cannot determine the master and backup devices, VSRP might not determine the master and backup devices either, affecting correct operation of VSRP. |
|
Cause |
The system memory resources are insufficient. |
|
Recommended action |
4. Release the memory. For example, execute the logfile save command to manually save all content in the log file buffer to log files, releasing memory resources occupied by the log file buffer. 1. Execute the display memory command to view process memory usage: ¡ If the memory usage drops below the alarm threshold, the memory alarm is cleared, and no further action is required. ¡ If the memory usage does not drop below the alarm threshold, execute the display process command to view memory usage of user processes. If a specific process occupies too much memory, you can enable or disable the process-associated software feature to release the memory. 2. If the issue persists, collect alarm information and configuration data, and then contact Technical Support for help. |
WIPS messages
This section contains WIPS messages.
APFLOOD
|
Message text |
-VSD=[STRING]; AP flood detected. |
|
Variable fields |
$1: VSD name. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/APFLOOD: -VSD=home; AP flood detected. |
|
Impact |
Attacks are present in the current environment, which might affect wireless performance. |
|
Cause |
The number of APs detected in the specified VSD reached the threshold. |
|
Recommended action |
1. Configure countermeasures against the attacking device. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
AP_CHANNEL_CHANGE
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; Channel change detected. |
|
Variable fields |
$1: VSD name. $2: MAC address of the AP. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/AP_CHANNEL_CHANGE: -VSD=home-SrcMAC=1122-3344-5566; Channel change detected. |
|
Impact |
The AP channel has changed, which might affect the channels of other APs in operation. |
|
Cause |
The channel of the specified AP changed. |
|
Recommended action |
Determine whether the channel change is valid. |
ASSOCIATEOVERFLOW
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; Association/Reassociation DoS attack detected. |
|
Variable fields |
$1: VSD name. $2: MAC address of the AP. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/ASSOCIATEOVERFLOW: -VSD=home-SrcMAC=1122-3344-5566; Association/Reassociation DoS attack detected. |
|
Impact |
Attacks are present in the current environment, which might affect wireless performance. |
|
Cause |
The specified AP sent an association response with the status code 17. |
|
Recommended action |
1. Configure countermeasures against the attacking device. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
HONEYPOT
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; Honeypot AP detected. |
|
Variable fields |
$1: VSD name. $2: MAC address of the AP. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/HONEYPOT: -VSD=home-SrcMAC=1122-3344-5566; Honeypot AP detected. |
|
Impact |
Attacks are present in the current environment, which might affect wireless performance. |
|
Cause |
The specified AP was detected as a honeypot AP. |
|
Recommended action |
1. Configure countermeasures against the attacking device. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
HTGREENMODE
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; HT-Greenfield AP detected. |
|
Variable fields |
$1: VSD name. $2: MAC address of the AP. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/HTGREENMODE: -VSD=home-SrcMAC=1122-3344-5566; HT-Greenfield AP detected. |
|
Impact |
Attacks are present in the current environment, which might affect wireless performance. |
|
Cause |
The specified AP was detected as an HT-greenfield AP. |
|
Recommended action |
1. Configure countermeasures against the attacking device. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
MAN_IN_MIDDLE
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; Man-in-the-middle attack detected. |
|
Variable fields |
$1: VSD name. $2: MAC address of the client. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/MAN_IN_MIDDLE: -VSD=home-SrcMAC=1122-3344-5566; Man-in-the-middle attack detected. |
|
Impact |
Attacks are present in the current environment, which might affect wireless performance. |
|
Cause |
The specified client suffered a man-in-the-middle attack. |
|
Recommended action |
1. Configure countermeasures against the attacking device. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
WIPS_DOS
|
Message text |
-VSD=[STRING]; [STRING] rate attack detected. |
|
Variable fields |
$1: VSD name. $2: Device type: AP or client. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIPS_DOS: -VSD=home; AP rate attack detected. |
|
Impact |
Attacks are present in the current environment, which might affect wireless performance. |
|
Cause |
The number of device entries learned within the specified interval reached the threshold. |
|
Recommended action |
1. Configure countermeasures against the attacking device. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
WIPS_FLOOD
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; [STRING] flood detected. |
|
Variable fields |
$1: VSD name. $2: Attacker's MAC address. $3: Flood attack type. Options include the following: · Association request · Authentication · Disassociation · Reassociation request · Deauthentication · Null data · Beacon · Probe request · BlockAck · CTS · RTS · EAPOL start |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIPS_FLOOD: -VSD=home-SrcMAC=1122-3344-5566; Association request flood detected. |
|
Impact |
Attacks are present in the current environment, which might affect wireless performance. |
|
Cause |
The number of a specific type of packets detected within the specified interval reached the threshold. |
|
Recommended action |
1. Configure countermeasures against the attacking device. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
WIPS_MALF
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; Error detected: [STRING]. |
|
Variable fields |
$1: VSD name. $2: Sender's MAC address. $3: Malformed packet type. Options include the following: · invalid ie length—Invalid IE length. · duplicated ie—Duplicate IE. · redundant ie—Redundant IE. · invalid pkt length—Invalid packet length. · illegal ibss ess—Abnormal IBSS and ESS setting. · invalid source addr—Invalid source MAC address. · overflow eapol key—Oversized EAPOL key. · malf auth—Malformed authentication request frame. · malf assoc req—Malformed association request frame. · malf ht ie—Malformed HT IE. · large duration—Oversized duration. · null probe resp—Malformed probe response frame. · invalid deauth code—Invalid deauthentication code. · invalid disassoc code—Invalid disassociation code. · over flow ssid—Oversized SSID. · fata jack—FATA-Jack. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIPS_MALF: -VSD=home-SrcMAC=1122-3344-5566; Error detected: fata jack. |
|
Impact |
Attacks are present in the current environment, which might affect wireless performance. |
|
Cause |
A malformed packet was detected. |
|
Recommended action |
1. Configure countermeasures against the attacking device. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
WIPS_ROGUE
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; Rogue AP detected by radio [UINT32] of sensor [STRING] on channel [UINT32] (RSSI=[UINT32]). |
|
Variable fields |
$1: VSD name. $2: MAC address of the rogue AP. $3: Radio ID of the sensor. $4: Sensor name. $5: Channel number of the sensor. $6: Signal strength of the sensor. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIPS_ROGUE: -VSD=home-SrcMAC=1122-3344-5566; Rogue AP detected by radio 1 of sensor ap1 on channel 149 (RSSI=84). |
|
Impact |
Rogue APs exist in the wireless network, which might affect the wireless performance. |
|
Cause |
Rogue APs are detected in the specified VSD. |
|
Recommended action |
1. Use the display wips virtual-security-domain device ap rogue command to display information about the rogue APs detected in the specified VSD. ¡ If only a few rogue APs exist and wireless services are not affected, no action is required. ¡ If wireless services are affected, proceed to the next step. 2. Configure countermeasures against rogue APs. 3. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
WIPS_SIGNATURE
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]-RuleID=[UINT16]; Signature rule matched. |
|
Variable fields |
$1: VSD name. $2: MAC address of the sender. $3: ID of the matching Signature rule. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIPS_SIGNATURE: -VSD=home-SrcMAC=1122-3344-5566-RuleID=10; Signature rule matched. |
|
Impact |
Attacks exist in the wireless network, which might affect the wireless performance. |
|
Cause |
The system detected a packet matching a Signature rule in the specified VSD. |
|
Recommended action |
1. Verify if the device is under attacks. 2. Take countermeasures against the attacker device. 3. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
WIPS_SPOOF
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; [STRING] detected. |
|
Variable fields |
$1: VSD name. $2: MAC address of the device being spoofed. $3: Spoofing attack type. Options include the following: · AP spoofing AP—A fake AP spoofs an authorized AP. · AP spoofing client—A fake AP spoofs an authorized client. · AP spoofing ad-hoc—A fake AP spoofs an Ad hoc device. · Ad-hoc spoofing AP—An Ad hoc device spoofs an authorized AP. · Client spoofing AP—A client spoofs an authorized AP. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIPS_SPOOF: -VSD=home-SrcMAC=1122-3344-5566; AP spoofing AP detected. |
|
Impact |
Attacks are present in the current environment, which might affect wireless performance. |
|
Cause |
A spoofing attack was detected. |
|
Recommended action |
1. Configure countermeasures against the attacking device. 2. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
WIPS_UNAUTH
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC];Unauthorized client detected by radio [UINT32] of sensor [STRING] on channel [UINT32] (RSSI=[UINT32]). |
|
Variable fields |
$1: VSD name. $2: MAC address of the Unauth client. $3: Radio ID of the sensor. $4: Sensor name. $5: Channel number of the sensor. $6: Signal strength of the sensor. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIPS_UNAUTH: -VSD=home-SrcMAC=1122-3344-5566; Unauthorized client detected by radio 1 of sensor ap1 on channel 149 (RSSI=84). |
|
Impact |
Unauthorized clients exist in the wireless network, which might affect the wireless performance. |
|
Cause |
Unauth clients are detected in the specified VSD. |
|
Recommended action |
1. Use the display wips virtual-security-domain device client unauthorized command to display information about unauthorized clients in the specified VSD. ¡ If only a few unauthorized clients exist and wireless services are not affected, no action is required. ¡ If wireless services are affected, proceed to the next step. 2. Configure countermeasures against unauthorized clients. 3. If the issue persists, collect the device configuration file, log information, and alarm information, and contact Technical Support. |
WIPS_WEAKIV
|
Message text |
-VSD=[STRING]-SrcMAC=[MAC]; Weak IV detected. |
|
Variable fields |
$1: VSD name. $2: Sender's MAC address. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIPS_WEAKIV: -VSD=home-SrcMAC=1122-3344-5566; Weak IV detected. |
|
Impact |
Using Weak IV encryption increases the risk of the key being cracked, affecting wireless security. |
|
Cause |
A Weak IV was detected. |
|
Recommended action |
Use a more secure encryption method to encrypt packets. |
WIRELESSBRIDGE
|
Message text |
-VSD=[STRING]-AP1=[MAC]-AP2=[MAC]]; Wireless bridge detected. |
|
Variable fields |
$1: VSD name. $2: MAC address of AP 1. $3: MAC address of AP 2. |
|
Severity level |
5 (Notification) |
|
Example |
WIPS/5/WIRELESSBRIDGE: -VSD=home-AP1=1122-3344-5566-AP2=7788-9966-5544; Wireless bridge detected. |
|
Impact |
Detecting a wireless bridge indicates the presence of a security risk in the current wireless network. |
|
Cause |
The specified APs set up a wireless bridge. |
|
Recommended action |
Determine whether the wireless bridge is valid. |
WSA messages
This section contains Wireless Spectrum Analysis (WSA) messages.
WSA_DEVICE
|
Message text |
|
|
Variable fields |
$1: AP ID. $2: Radio ID. $3: Interference devices. Options include the following: ¡ Bluetooth devices. ¡ Other fixed frequency devices. ¡ Cordless phones using fixed frequency. ¡ Video devices using fixed frequency. ¡ Audio devices using fixed frequency. ¡ Other hopper frequency devices. ¡ Frequency-hopping cordless phone bases. ¡ Frequency-hopping cordless networks (2.4 GHz). ¡ Microsoft Xboxes. ¡ Other devices. ¡ Frequency-hopping cordless networks (5 GHz). |
|
Severity level |
5 |
|
Example |
WSA/5/WSA_DEVICE: [APID: 1, RADIODID: 2]; Bluetooth devices detected. |
|
Explanation |
The radio interface of an AP detected an interference device. |
|
Recommended action |
Determine whether the device has suffered an attack. |
