Login
- Table of Contents
-
- 06-Layer 3 - IP Services
- 01-HH3C-ARP-RATELIMIT-MIB
- 02-HH3C-ARP-TRAP-MIB
- 03-HH3C-DHCP-SNOOP2-MIB
- 04-HH3C-DHCP4-CLIENT-MIB
- 05-HH3C-DHCP4-MIB
- 06-HH3C-DHCP6-MIB
- 07-HH3C-FIB-MIB
- 08-HH3C-IP-ADDRESS-MIB
- 09-HH3C-IPFW-MIB
- 10-HH3C-IPV6-ADDRESS-MIB
- 11-HH3C-NAT-MIB
- 12-HH3C-ND-TRAP-MIB
- 13-HH3C-SESSION-MIB
- 14-HH3C-TCP-MIB
- 15-HH3C-TUNNEL-TRAP-MIB
- 16-IPV6-MIB
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-HH3C-DHCP-SNOOP2-MIB | 77.76 KB |
HH3C-DHCP-SNOOP2-MIB
About this MIB
Use HH3C-DHCP-SNOOP2-MIB to configure DHCP snooping, retrieve DHCP snooping entries, and control DHCP snooping alarms.
MIB file name
hh3c-dhcp-snoop2.mib
Notifications
hh3cDhcpSnoop2BindTblExh
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.124.3.0.1 |
DHCP snooping entry resources are exhausted. |
Error |
Warning |
1.3.6.1.4.1.25506.2.124.3.0.2 (hh3cDhcpSnoop2BindTblExhRecov) |
OFF |
Notification triggers
This notification is generated when DHCP snooping entry resources are exhausted.
System impact
The system will not generate new DHCP snooping entries until DHCP snooping entry resources become available. DHCP snooping security features might not be available for new users.
Status control
ON
CLI: Use the snmp-agent trap enable dhcp snooping binding-exhaust command.
OFF
CLI: Use the undo snmp-agent trap enable dhcp snooping binding-exhaust command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (IfIndex) |
Interface index. |
ifindex |
Unsigned32 |
Standard MIB values. |
Recommended action
To resolve this issue:
1.Use the display this command in interface view to view the maximum number of dynamic DHCP snooping entries that the current interface can learn:
- If the value is too small, use the dhcp snooping max-learning-num command in interface view to increase the maximum number of dynamic DHCP snooping entries that the current interface can learn. If the notification recurs, proceed to the next step.
- If the value is appropriate, proceed to the next step.
2.If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help.
hh3cDhcpSnoop2BindTblExhRecov
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.124.3.0.2 |
DHCP snooping entry resources recover from the exhaustion condition. |
Recovery |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when DHCP snooping entry resources recover from the exhaustion condition.
System impact
No negative impact on the system.
Status control
ON
CLI: Use the snmp-agent trap enable dhcp snooping binding-exhaust command.
OFF
CLI: Use the undo snmp-agent trap enable dhcp snooping binding-exhaust command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (IfIndex) |
Interface index. |
ifindex |
Unsigned32 |
Standard MIB values. |
Recommended action
No action is required.
hh3cDhcpSnoop2BindTblThresh
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.124.3.0.3 |
The usage of DHCP snooping entry resources reaches or exceeds the alarm threshold. |
Error |
Warning |
1.3.6.1.4.1.25506.2.124.3.0.4 (hh3cDhcpSnoop2BindTblThreshRecov) |
OFF |
Notification triggers
This notification is generated when the usage of DHCP snooping entry resources reaches or exceeds the alarm threshold.
System impact
DHCP snooping entry resources will be exhausted if the system continues to generate DHCP snooping entries. After DHCP snooping entry resources are exhausted, DHCP snooping security features might not be available for new users.
Status control
ON
CLI: Use the snmp-agent trap enable dhcp snooping binding-threshold command.
OFF
CLI: Use the undo snmp-agent trap enable dhcp snooping binding-threshold command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (IfIndex) |
Interface index. |
ifindex |
Unsigned32 |
Standard MIB values. |
Recommended action
To resolve this issue:
1.Use the dhcp snooping learning-num-threshold command to increase the alarm threshold on the number of dynamic DHCP snooping entries learned by the current interface.
Alternatively, use the dhcp snooping max-learning-num command to increase the maximum number of dynamic DHCP snooping entries that the current interface can learn.
2.If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help.
hh3cDhcpSnoop2BindTblThreshRecov
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.124.3.0.4 |
The usage of DHCP snooping entry resources drops below the alarm threshold. |
Recovery |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when the usage of DHCP snooping entry resources drops below the alarm threshold.
System impact
No negative impact on the system.
Status control
ON
CLI: Use the snmp-agent trap enable dhcp snooping binding-threshold command.
OFF
CLI: Use the undo snmp-agent trap enable dhcp snooping binding-threshold command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (IfIndex) |
Interface index. |
ifindex |
Unsigned32 |
Standard MIB values. |
Recommended action
No action is required.
hh3cDhcpSnoop2NomatchBindAlm
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.124.3.0.5 |
The number of DHCP requests dropped due to DHCP snooping entry mismatch reaches the alarm threshold. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when the number of DHCP requests dropped due to DHCP snooping entry mismatch reaches the alarm threshold.
System impact
No negative impact on the system.
Status control
ON
CLI: Use the snmp-agent trap enable dhcp snooping binding-mismatch command.
OFF
CLI: Use the undo snmp-agent trap enable dhcp snooping binding-mismatch command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (IfIndex) |
Interface index. |
ifindex |
Unsigned32 |
Standard MIB values. |
Recommended action
To resolve this issue:
1.Use the display dhcp snooping binding command in any view to view DHCP snooping entries, and then use port mirroring to obtain replicas of the DHCP requests received on the current interface or VLAN.
- If a large number of these DHCP requests have a DHCP snooping entry mismatch, the interface is under attack and you need to locate the source of this attack.
- If DHCP snooping entry mismatch occurs but only to a few of these DHCP requests, the interface is not under attack. In this situation, use the dhcp snooping trap binding-mismatch threshold command to set a higher alarm threshold.
2.If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help.
hh3cDhcpSnoop2ChaddrAlm
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.124.3.0.6 |
The number of DHCP packets dropped due to MAC address mismatch reaches the alarm threshold. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when the number of DHCP packets dropped due to MAC address mismatch reaches the alarm threshold. A MAC address mismatch occurs when the chaddr field of a received DHCP packet is different from the source MAC address field in the frame header.
System impact
The system is probably being attacked by DHCP packets whose chaddr field was tampered with. However, this event does not interrupt other services, because DHCP snooping drops those DHCP packets.
Status control
ON
CLI: Use the snmp-agent trap enable dhcp snooping chaddr-mismatch command.
OFF
CLI: Use the undo snmp-agent trap enable dhcp snooping chaddr-mismatch command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (IfIndex) |
Interface index. |
ifindex |
Unsigned32 |
Standard MIB values. |
Recommended action
To resolve this issue:
1.Locate the interface for which this notification is generated, and then use port mirroring to obtain replicas of the DHCP packets received on the interface.
- If a large number of these DHCP packets have a MAC address mismatch, the interface is under attack and you need to locate the source of this attack.
- If MAC address mismatch occurs but only to a few of these DHCP packets, the interface is not attacked. In this situation, use the dhcp snooping trap chaddr-mismatch threshold command to set a higher alarm threshold.
2.If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help.
hh3cDhcpSnoop2UntrustRelpyAlm
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.124.3.0.7 |
The number of DHCP server replies dropped on an untrusted interface reaches the alarm threshold. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when the number of DHCP server replies dropped on an untrusted interface reaches the alarm threshold.
System impact
DHCP snooping drops illegal DHCP packets.
Status control
ON
CLI: Use the snmp-agent trap enable dhcp snooping untrust-reply command.
OFF
CLI: Use the undo snmp-agent trap enable dhcp snooping untrust-reply command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.31.1.1.1.1 (ifName) |
Interface name. |
ifindex |
DisplayString |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.124.1.2.4 (hh3cDhcpSnoop2TrapDropNum) |
Number of DHCP server replies dropped by DHCP snooping. |
N/A |
Counter64 |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.124.1.2.5 (hh3cDhcpSnoop2PktVlanID) |
VLAN ID of the DHCP packets dropped by DHCP snooping. |
N/A |
Unsigned32(1..4094) |
Standard MIB values. |
Recommended action
To resolve this issue:
1.Locate the interface for which this notification is generated, and then use port mirroring to obtain replicas of the DHCP server replies received on the interface.
2.Verify that the DHCP server address carried in each reply is legitimate.
- If the DHCP server address in a reply is illegitimate, the reply is an attack packet, and no action is required.
- If the DHCP server address in a reply is legitimate, execute the dhcp snooping trust command to specify the interface as a trusted interface. If the notification recurs, proceed to the next step.
3.If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help.
hh3cDhcpSnoop2RateLimitAlm
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.124.3.0.8 |
The number of DHCP requests dropped due to rate limiting reaches the alarm threshold. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when the number of DHCP requests dropped due to rate limiting reaches the alarm threshold. DHCP snooping drops DHCP requests when the rate of incoming DHCP requests exceeds the limit.
System impact
DHCP snooping drops the DHCP requests that exceed the rate limit. DHCP requests from some legitimate users might be discarded.
Status control
ON
CLI: Use the snmp-agent trap enable dhcp snooping rate-limit command.
OFF
CLI: Use the undo snmp-agent trap enable dhcp snooping rate-limit command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.31.1.1.1.1 (ifName) |
Interface name. |
ifindex |
DisplayString |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.124.1.2.4 (hh3cDhcpSnoop2TrapDropNum) |
Number of DHCP packets dropped by DHCP snooping. This value is recorded in the notification. |
N/A |
Counter64 |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.124.1.2.5 (hh3cDhcpSnoop2PktVlanID) |
VLAN ID of the DHCP packets dropped by DHCP snooping. |
N/A |
Unsigned32(1..4094) |
Standard MIB values. |
Recommended action
To resolve this issue:
1.Locate the interface for which this notification is generated, use port mirroring to obtain replicas of the DHCP requests received on the interface, and then identify whether these DHCP requests are malicious.
- If the interface receives a large number of DHCP requests from a user, the user might be launching an attack. In this situation, locate the source of the attack by using source address information in the received DHCP requests.
- If no users send a large number of DHCP requests to the interface, you can determine that the DHCP requests received on the interface are all legitimate. In this situation, perform the following tasks:
Use the dhcp snooping rate-limit command in interface view to set a higher rate limit.
(Optional.) Use the dhcp snooping trap rate-limit threshold command in interface view or system view to set a higher alarm threshold.
If the notification recurs after you perform these tasks, proceed to the next step.
2.If the issue persists, collect alarm information, log messages, and configuration data, and then contact H3C Support for help.
