Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-HH3C-IPSEC-MONITOR-V2-MIB | 114.94 KB |
Contents
HH3C-IPSEC-MONITOR-V2-MIB
About this MIB
Use this MIB to obtain information about IPsec tunnels, IPsec-protected traffic, IPsec SAs, IPsec tunnel packet statistics, and IPsec trap notifications.
MIB file name
hh3c-ipsec-monitor-v2.mib
Notifications
hh3cIPsecTunnelStartV2
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.126.1.9.0.1 |
IPsec tunnel created. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an IPsec tunnel is created.
System impact
No negative impact on services.
Status control
ON
CLI: Use the snmp-agent trap enable ipsec tunnel-start command.
MIB: Set hh3cIPsecTunnelStartTrapCntlV2 to true(1).
OFF
CLI: Use the undo snmp-agent trap enable ipsec tunnel-start command.
MIB: Set hh3cIPsecTunnelStartTrapCntlV2 to false(2).
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.126.1.2.1.1 (hh3cIPsecTunIndexV2) |
Index of an IPsec tunnel. |
hh3cIPsecTunIndexV2 |
Integer32 |
1..2147483647 |
|
1.3.6.1.4.1.25506.2.126.1.2.1.10 (hh3cIPsecTunLocalAddrTypeV2) |
Type of the IP address of the IPsec tunnel local end. |
hh3cIPsecTunIndexV2 |
InetAddressType |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.11 (hh3cIPsecTunLocalAddrV2) |
IP address of the IPsec tunnel local end. |
hh3cIPsecTunIndexV2 |
InetAddress |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.12 (hh3cIPsecTunRemoteAddrTypeV2) |
Type of the IP address of the IPsec tunnel remote end. |
hh3cIPsecTunIndexV2 |
InetAddressType |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.13 (hh3cIPsecTunRemoteAddrV2) |
IP address of the IPsec tunnel remote end. |
hh3cIPsecTunIndexV2 |
InetAddress |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.18 (hh3cIPsecTunLifeTimeV2) |
Time-based lifetime of the IPsec tunnel, in seconds. |
hh3cIPsecTunIndexV2 |
Integer32 |
1..2147483647 |
|
1.3.6.1.4.1.25506.2.126.1.2.1.17 (hh3cIPsecTunLifeSizeV2) |
Time-based lifetime of the IPsec tunnel, in kilobytes. |
hh3cIPsecTunIndexV2 |
Gauge32 |
Standard MIB values. |
Recommended action
No action is required.
hh3cIPsecTunnelStopV2
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.126.1.9.0.2 |
IPsec tunnel deleted. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an IPsec tunnel is deleted.
This notification might be generated when the following events occur:
Hard timeout of the phase-2 IKE negotiation occurs.
The IPsec SA is accidentally deleted when you modify other configurations or manually deleted.
A new IPsec SA takes over the old IPsec SA.
IPsec SA idle timer expires.
The remote end asks to delete the IPsec SA.
Other events.
System impact
The IPsec tunnel is deleted.
Status control
ON
CLI: Use the snmp-agent trap enable ipsec tunnel-stop command.
MIB: Set hh3cIPsecTunnelStopTrapCntlV2 to true(1).
OFF
CLI: Use the undo snmp-agent trap enable ipsec tunnel-stop command.
MIB: Set hh3cIPsecTunnelStopTrapCntlV2 to false(2).
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.126.1.2.1.1 (hh3cIPsecTunIndexV2) |
Index of an IPsec tunnel. |
hh3cIPsecTunIndexV2 |
Integer32 |
1..2147483647 |
|
1.3.6.1.4.1.25506.2.126.1.2.1.10 (hh3cIPsecTunLocalAddrTypeV2) |
Type of the IP address of the IPsec tunnel local end. |
hh3cIPsecTunIndexV2 |
InetAddressType |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.11 (hh3cIPsecTunLocalAddrV2) |
IP address of the IPsec tunnel local end. |
hh3cIPsecTunIndexV2 |
InetAddress |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.12 (hh3cIPsecTunRemoteAddrTypeV2) |
Type of the IP address of the IPsec tunnel remote end. |
hh3cIPsecTunIndexV2 |
InetAddressType |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.13 (hh3cIPsecTunRemoteAddrV2) |
IP address of the IPsec tunnel remote end. |
hh3cIPsecTunIndexV2 |
InetAddress |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.20 (hh3cIPsecTunActiveTimeV2) |
Active period of time of the IPsec tunnel. |
hh3cIPsecTunIndexV2 |
Integer32 |
0..2147483647 |
Recommended action
To resolve this issue, take the following operations according to the corresponding notification generation reasons:
● Check whether the IPsec SA lifetime is appropriate. If no, modify the IPsec SA lifetime.
● Check whether the reset ipsec sa command has been executed to delete the IPsec SA. If yes, no action is required. Then check whether an IPsec policy application has been removed from the interface and whether the removement is appropriate. If no, apply an IPsec policy to the interface again.
● If a new IPsec SA takes over the old IPsec SA, no action is required.
● Check whether the IPsec SA idle timeout is appropriate. If no, modify the IPsec SA idle timeout.
● View the logs on the remote end and identify the IPsec tunnel deletion reasons.
● Collect alarm information and configuration data, and then contact H3C Support for help.
hh3cIPsecNoSaFailureV2
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.126.1.9.0.3 |
No SA for IPsec tunnel. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when no SA is available for an IPsec tunnel.
System impact
If the IPsec tunnel exists, IPsec-related services are unavailable.
If this notification is generated when negotiation is triggered, there is no impact on services.
Status control
ON
CLI: Use the snmp-agent trap enable ipsec no-sa-failure command.
MIB: Set hh3cIPsecNoSaTrapCntlV2 to true(1).
OFF
CLI: Use the undo snmp-agent trap enable ipsec no-sa-failure command.
MIB: Set hh3cIPsecNoSaTrapCntlV2 to false(2).
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.126.1.2.1.1 (hh3cIPsecTunIndexV2) |
Index of an IPsec tunnel. |
hh3cIPsecTunIndexV2 |
Integer32 |
1..2147483647 |
|
1.3.6.1.4.1.25506.2.126.1.2.1.10 (hh3cIPsecTunLocalAddrTypeV2) |
Type of the IP address of the IPsec tunnel local end. |
hh3cIPsecTunIndexV2 |
InetAddressType |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.11 (hh3cIPsecTunLocalAddrV2) |
IP address of the IPsec tunnel local end. |
hh3cIPsecTunIndexV2 |
InetAddress |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.12 (hh3cIPsecTunRemoteAddrTypeV2) |
Type of the IP address of the IPsec tunnel remote end. |
hh3cIPsecTunIndexV2 |
InetAddressType |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.13 (hh3cIPsecTunRemoteAddrV2) |
IP address of the IPsec tunnel remote end. |
hh3cIPsecTunIndexV2 |
InetAddress |
Standard MIB values. |
Recommended action
To resolve this issue:
1.Check whether this notification is generated when negotiation is triggered:
- If yes, no action is required.
- If no, use the reset ipsec sa command to delete IPsec SAs and use the reset ike sa command to delete IKE SAs so as to trigger IKE SA negotiation. If the negotiation is successful and this notification still exists, go to step 2.
If the issue persists, collect alarm information and configuration data, and then contact H3C Support for help.
hh3cIPsecAuthFailFailureV2
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.126.1.9.0.4 |
IPsec authentication failure. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an IPsec authentication failure occurs.
System impact
IPsec-related services are unavailable.
Status control
ON
CLI: Use the snmp-agent trap enable ipsec auth-failure command.
MIB: Set hh3cIPsecAuthFailureTrapCntlV2 to true(1).
OFF
CLI: Use the undo snmp-agent trap enable ipsec auth-failure command.
MIB: Set hh3cIPsecAuthFailureTrapCntlV2 to false(2).
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.126.1.2.1.1 (hh3cIPsecTunIndexV2) |
Index of an IPsec tunnel. |
hh3cIPsecTunIndexV2 |
Integer32 |
1..2147483647 |
|
1.3.6.1.4.1.25506.2.126.1.2.1.10 (hh3cIPsecTunLocalAddrTypeV2) |
Type of the IP address of the IPsec tunnel local end. |
hh3cIPsecTunIndexV2 |
InetAddressType |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.11 (hh3cIPsecTunLocalAddrV2) |
IP address of the IPsec tunnel local end. |
hh3cIPsecTunIndexV2 |
InetAddress |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.12 (hh3cIPsecTunRemoteAddrTypeV2) |
Type of the IP address of the IPsec tunnel remote end. |
hh3cIPsecTunIndexV2 |
InetAddressType |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.13 (hh3cIPsecTunRemoteAddrV2) |
IP address of the IPsec tunnel remote end. |
hh3cIPsecTunIndexV2 |
InetAddress |
Standard MIB values. |
Recommended action
To resolve this issue:
1.Use the reset ipsec sa command to delete IPsec SAs and use the reset ike sa command to delete IKE SAs so as to trigger IKE SA negotiation.
If the issue persists, collect alarm information and configuration data, and then contact H3C Support for help.
hh3cIPsecEncryFailFailureV2
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.126.1.9.0.5 |
IPsec tunnel encryption failure. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an IPsec tunnel has an encryption failure.
System impact
IPsec-related services are unavailable.
Status control
ON
CLI: Use the snmp-agent trap enable ipsec encrypt-failure command.
MIB: Set hh3cIPsecEncryFailureTrapCntlV2 to true(1).
OFF
CLI: Use the undo snmp-agent trap enable ipsec encrypt-failure command.
MIB: Set hh3cIPsecEncryFailureTrapCntlV2 to false(2).
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.126.1.2.1.1 (hh3cIPsecTunIndexV2) |
Index of an IPsec tunnel. |
hh3cIPsecTunIndexV2 |
Integer32 |
1..2147483647 |
|
1.3.6.1.4.1.25506.2.126.1.2.1.10 (hh3cIPsecTunLocalAddrTypeV2) |
Type of the IP address of the IPsec tunnel local end. |
hh3cIPsecTunIndexV2 |
InetAddressType |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.11 (hh3cIPsecTunLocalAddrV2) |
IP address of the IPsec tunnel local end. |
hh3cIPsecTunIndexV2 |
InetAddress |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.12 (hh3cIPsecTunRemoteAddrTypeV2) |
Type of the IP address of the IPsec tunnel remote end. |
hh3cIPsecTunIndexV2 |
InetAddressType |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.13 (hh3cIPsecTunRemoteAddrV2) |
IP address of the IPsec tunnel remote end. |
hh3cIPsecTunIndexV2 |
InetAddress |
Standard MIB values. |
Recommended action
To resolve this issue:
1.Use the reset ipsec sa command to delete IPsec SAs and use the reset ike sa command to delete IKE SAs so as to trigger IKE SA negotiation.
2.If the issue persists, collect alarm information and configuration data, and then contact H3C Support for help.
hh3cIPsecDecryFailFailureV2
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.126.1.9.0.6 |
IPsec tunnel encryption failure. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an IPsec tunnel has a decryption failure.
System impact
IPsec-related services are unavailable.
Status control
ON
CLI: Use the snmp-agent trap enable ipsec decrypt-failure command.
MIB: Set hh3cIPsecDecryFailureTrapCntlV2 to true(1).
OFF
CLI: Use the undo snmp-agent trap enable ipsec decrypt-failure command.
MIB: Set hh3cIPsecDecryFailureTrapCntlV2 to false(2).
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.126.1.2.1.1 (hh3cIPsecTunIndexV2) |
Index of an IPsec tunnel. |
hh3cIPsecTunIndexV2 |
Integer32 |
1..2147483647 |
|
1.3.6.1.4.1.25506.2.126.1.2.1.10 (hh3cIPsecTunLocalAddrTypeV2) |
Type of the IP address of the IPsec tunnel local end. |
hh3cIPsecTunIndexV2 |
InetAddressType |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.11 (hh3cIPsecTunLocalAddrV2) |
IP address of the IPsec tunnel local end. |
hh3cIPsecTunIndexV2 |
InetAddress |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.12 (hh3cIPsecTunRemoteAddrTypeV2) |
Type of the IP address of the IPsec tunnel remote end. |
hh3cIPsecTunIndexV2 |
InetAddressType |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.126.1.2.1.13 (hh3cIPsecTunRemoteAddrV2) |
IP address of the IPsec tunnel remote end. |
hh3cIPsecTunIndexV2 |
InetAddress |
Standard MIB values. |
Recommended action
To resolve this issue:
1.Use the reset ipsec sa command to delete IPsec SAs and use the reset ike sa command to delete IKE SAs so as to trigger IKE SA negotiation.
2.If the issue persists, collect alarm information and configuration data, and then contact H3C Support for help.
hh3cIPsecPolicyAddV2
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.126.1.9.0.8 |
IPsec policy or profile added. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an IPsec policy or profile is added.
System impact
No negative impact on services.
Status control
ON
CLI: Use the snmp-agent trap enable ipsec policy-add command.
MIB: Set hh3cIPsecPolicyAddTrapCntlV2 to true(1).
OFF
CLI: Use the undo snmp-agent trap enable ipsec policy-add command.
MIB: Set hh3cIPsecPolicyAddTrapCntlV2 to false(2).
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.126.1.7.1 (hh3cIPsecPolicyNameV2) |
Name of an IPsec policy. |
N/A |
DisplayString |
OCTET STRING (SIZE (0..255)) |
|
1.3.6.1.4.1.25506.2.126.1.7.2 (hh3cIPsecPolicySeqNumV2) |
Sequence number an IPsec policy entry. |
N/A |
Integer32 |
1..2147483647 |
|
1.3.6.1.4.1.25506.2.126.1.7.3 (hh3cIPsecPolicySizeV2) |
Number of the IPsec policy entries. |
N/A |
InetAddressType |
Standard MIB values. |
Recommended action
No action is required.
hh3cIPsecPolicyDelV2
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.126.1.9.0.9 |
IPsec policy or profile deleted. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an IPsec policy or profile is deleted.
System impact
No negative impact on services.
Status control
ON
CLI: Use the snmp-agent trap enable ipsec policy-delete command.
MIB: Set hh3cIPsecPolicyDelTrapCntlV2 to true(1).
OFF
CLI: Use the undo snmp-agent trap enable ipsec policy-delete command.
MIB: Set hh3cIPsecPolicyDelTrapCntlV2 to false(2).
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.126.1.7.1 (hh3cIPsecPolicyNameV2) |
Name of an IPsec policy. |
N/A |
DisplayString |
OCTET STRING (SIZE (0..255)) |
|
1.3.6.1.4.1.25506.2.126.1.7.2 (hh3cIPsecPolicySeqNumV2) |
Sequence number of an IPsec policy entry. |
N/A |
Integer32 |
1..2147483647 |
|
1.3.6.1.4.1.25506.2.126.1.7.3 (hh3cIPsecPolicySizeV2) |
Number of the IPsec policy entries. |
N/A |
InetAddressType |
Standard MIB values. |
Recommended action
No action is required.
hh3cIPsecPolicyAttachV2
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.126.1.9.0.10 |
IPsec policy or profile applied to interface. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an IPsec policy or profile is applied to an interface.
System impact
No negative impact on services.
Status control
ON
CLI: Use the snmp-agent trap enable ipsec policy-attach command.
MIB: Set hh3cIPsecPolicyAttachTrapCntlV2 to true(1).
OFF
CLI: Use the undo snmp-agent trap enable ipsec policy-attach command.
MIB: Set hh3cIPsecPolicyAttachTrapCntlV2 to false(2).
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.126.1.7.1 (hh3cIPsecPolicyNameV2) |
Name of an IPsec policy. |
N/A |
DisplayString |
OCTET STRING (SIZE (0..255)) |
|
1.3.6.1.4.1.25506.2.126.1.7.3 (hh3cIPsecPolicySizeV2) |
Number of the IPsec policy entries. |
N/A |
Integer32 |
1..2147483647 |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Index of an interface. |
ifIndex |
InterfaceIndex |
Integer32(1..2147483647) |
Recommended action
No action is required.
hh3cIPsecPolicyDetachV2
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.126.1.9.0.11 |
IPsec policy or profile application removed from interface. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an IPsec policy or profile application is removed from an interface.
System impact
If an IPsec tunnel exists, the running IPsec tunnel will be disconnected.
If no IPsec tunnel exists, there is no impact on services.
Status control
ON
CLI: Use the snmp-agent trap enable ipsec policy-detach command.
MIB: Set hh3cIPsecPolicyDetachTrapCntlV2 to true(1).
OFF
CLI: Use the undo snmp-agent trap enable ipsec policy-detach command.
MIB: Set hh3cIPsecPolicyDetachTrapCntlV2 to false(2).
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.126.1.7.1 (hh3cIPsecPolicyNameV2) |
Name of an IPsec policy. |
N/A |
DisplayString |
OCTET STRING (SIZE (0..255)) |
|
1.3.6.1.4.1.25506.2.126.1.7.3 (hh3cIPsecPolicySizeV2) |
Number of the IPsec policy entries. |
N/A |
Integer32 |
1..2147483647 |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Index of an interface. |
ifIndex |
InterfaceIndex |
Integer32(1..2147483647) |
Recommended action
No action is required.
