Login
- Table of Contents
-
- 08-Layer 3 - IP Services
- 01-HH3C-ARP-RATELIMIT-MIB
- 02-HH3C-ARP-SUPPRESSION-MIB
- 03-HH3C-ARP-TRAP-MIB
- 04-HH3C-BPA-MIB
- 05-HH3C-DHCP-SNOOP2-MIB
- 06-HH3C-DHCP4-CLIENT-MIB
- 07-HH3C-DHCP4-MIB
- 08-HH3C-DHCP6-MIB
- 09-HH3C-FIB-MIB
- 10-HH3C-IP-ADDRESS-MIB
- 11-HH3C-IPFW-MIB
- 12-HH3C-IPV6-ADDRESS-MIB
- 13-HH3C-NAT-MIB
- 14-HH3C-ND-TRAP-MIB
- 15-HH3C-SESSION-MIB
- 16-HH3C-TCP-MIB
- 17-HH3C-DNS-MIB
- 18-IP-MIB
- 19-IPV6-ICMP-MIB
- 20-IPV6-MIB
- 21-IPV6-TCP-MIB
- 22-IPV6-UDP-MIB
- 23-TCP-MIB
- 24-UDP-MIB
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 16-HH3C-TCP-MIB | 159.26 KB |
Contents
hh3cTcpConnLocalAddressTCP (1.3.6.1.4.1.25506.2.215.1.1.1)
hh3cTcpConnLocalPortTCP (1.3.6.1.4.1.25506.2.215.1.1.2)
hh3cTcpConnRemAddressTCP (1.3.6.1.4.1.25506.2.215.1.1.3)
hh3cTcpConnRemPortTCP (1.3.6.1.4.1.25506.2.215.1.1.4)
hh3cTcpProtocol (1.3.6.1.4.1.25506.2.215.1.1.5)
hh3cTcpVrfNameVRF (1.3.6.1.4.1.25506.2.215.1.1.6)
hh3cTcpNumExceedState (1.3.6.1.4.1.25506.2.215.1.1.7)
hh3cTcpRcvVrfName (1.3.6.1.4.1.25506.2.215.1.1.8)
hh3cTcpSndVrfName (1.3.6.1.4.1.25506.2.215.1.1.9)
hh3cTcpSynFloodFlowChassis (1.3.6.1.4.1.25506.2.215.2.1.1)
hh3cTcpSynFloodFlowSlot (1.3.6.1.4.1.25506.2.215.2.1.2)
hh3cTcpSynFloodFlowIpType (1.3.6.1.4.1.25506.2.215.2.1.3)
hh3cTcpSynFloodFlowIpAddress (1.3.6.1.4.1.25506.2.215.2.1.4)
hh3cTcpSynFloodFlowPort (1.3.6.1.4.1.25506.2.215.2.1.5)
hh3cTcpSynFloodFlowVrfName (1.3.6.1.4.1.25506.2.215.2.1.6)
hh3cTcpSynFloodFlowPktType (1.3.6.1.4.1.25506.2.215.2.1.7)
hh3cTcpSynFloodFlowRate (1.3.6.1.4.1.25506.2.215.2.1.8)
hh3cTcpSynFloodIfChassis (1.3.6.1.4.1.25506.2.215.3.1.1)
hh3cTcpSynFloodIfSlot (1.3.6.1.4.1.25506.2.215.3.1.2)
hh3cTcpSynFloodIfIndex (1.3.6.1.4.1.25506.2.215.3.1.3)
hh3cTcpSynFloodIfPktType (1.3.6.1.4.1.25506.2.215.3.1.4)
hh3cTcpSynFloodIfRate (1.3.6.1.4.1.25506.2.215.3.1.5)
HH3C-TCP-MIB
About this MIB
Use this MIB to test whether the MD5 authentication for the current TCP connection is successful.
MIB file name
hh3c-tcp.mib
Root object
iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).hh3c(25506).hh3cCommon(2).hh3cTcp(215)
Scalar objects
hh3cTcpConnLocalAddressTCP (1.3.6.1.4.1.25506.2.215.1.1.1)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpConnLocalAddressTCP (1.3.6.1.4.1.25506.2.215.1.1.1) |
accessible-for-notify |
OCTET STRING |
OCTET STRING (0..255) |
Local IP address of the TCP connection |
As per the MIB. |
hh3cTcpConnLocalPortTCP (1.3.6.1.4.1.25506.2.215.1.1.2)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpConnLocalPortTCP (1.3.6.1.4.1.25506.2.215.1.1.2) |
accessible-for-notify |
Integer32 |
Integer32(0..65535) |
Local port number of the TCP connection |
As per the MIB. |
hh3cTcpConnRemAddressTCP (1.3.6.1.4.1.25506.2.215.1.1.3)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpConnRemAddressTCP (1.3.6.1.4.1.25506.2.215.1.1.3) |
accessible-for-notify |
OCTET STRING |
OCTET STRING (0..255) |
Remote IP address of the TCP connection |
As per the MIB. |
hh3cTcpConnRemPortTCP (1.3.6.1.4.1.25506.2.215.1.1.4)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpConnRemPortTCP (1.3.6.1.4.1.25506.2.215.1.1.4) |
accessible-for-notify |
Integer32 |
Integer32(0..65535) |
Remote port number of the TCP connection |
As per the MIB. |
hh3cTcpProtocol (1.3.6.1.4.1.25506.2.215.1.1.5)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpProtocol (1.3.6.1.4.1.25506.2.215.1.1.5) |
accessible-for-notify |
OCTET STRING |
OCTET STRING (0..255) |
Name of the upper layer protocol of TCP |
As per the MIB. |
hh3cTcpVrfNameVRF (1.3.6.1.4.1.25506.2.215.1.1.6)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpVrfNameVRF (1.3.6.1.4.1.25506.2.215.1.1.6) |
accessible-for-notify |
OCTET STRING |
OCTET STRING (0..255) |
Name of the VRF of the TCP connection |
As per the MIB. |
hh3cTcpNumExceedState (1.3.6.1.4.1.25506.2.215.1.1.7)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpNumExceedState (1.3.6.1.4.1.25506.2.215.1.1.7) |
accessible-for-notify |
INTEGER |
established(1) finWait1(2) closing(3) lastAck(4) finWait2(5) |
State of the TCP connection. |
As per the MIB. |
hh3cTcpRcvVrfName (1.3.6.1.4.1.25506.2.215.1.1.8)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpRcvVrfName (1.3.6.1.4.1.25506.2.215.1.1.8) |
accessible-for-notify |
OCTET STRING |
OCTET STRING (0..255) |
VPN receiving the TCP packet. |
As per the MIB. |
hh3cTcpSndVrfName (1.3.6.1.4.1.25506.2.215.1.1.9)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpSndVrfName (1.3.6.1.4.1.25506.2.215.1.1.9) |
accessible-for-notify |
OCTET STRING |
OCTET STRING (0..255) |
VPN sending the TCP packet. |
As per the MIB. |
hh3cTcpSynFloodFlowChassis (1.3.6.1.4.1.25506.2.215.2.1.1)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpSynFloodFlowChassis (1.3.6.1.4.1.25506.2.215.2.1.1) |
accessible-for-notify |
Unsigned32 |
Standard MIB values. |
Chassis number |
As per the MIB. |
hh3cTcpSynFloodFlowSlot (1.3.6.1.4.1.25506.2.215.2.1.2)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpSynFloodFlowSlot (1.3.6.1.4.1.25506.2.215.2.1.2) |
accessible-for-notify |
Unsigned32 |
Standard MIB values. |
Slot number |
As per the MIB. |
hh3cTcpSynFloodFlowIpType (1.3.6.1.4.1.25506.2.215.2.1.3)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpSynFloodFlowIpType (1.3.6.1.4.1.25506.2.215.2.1.3) |
accessible-for-notify |
InetAddressType |
Standard MIB values. |
Address type |
As per the MIB. |
hh3cTcpSynFloodFlowIpAddress (1.3.6.1.4.1.25506.2.215.2.1.4)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpSynFloodFlowIpAddress (1.3.6.1.4.1.25506.2.215.2.1.4) |
accessible-for-notify |
InetAddress |
OCTET STRING (0..255) |
Source address of the flow-based SYN attack packets |
As per the MIB. |
hh3cTcpSynFloodFlowPort (1.3.6.1.4.1.25506.2.215.2.1.5)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpSynFloodFlowPort (1.3.6.1.4.1.25506.2.215.2.1.5) |
accessible-for-notify |
Integer32 |
Integer32 (0..65535) |
Destination port number of the flow-based SYN attack packets |
As per the MIB. |
hh3cTcpSynFloodFlowVrfName (1.3.6.1.4.1.25506.2.215.2.1.6)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpSynFloodFlowVrfName (1.3.6.1.4.1.25506.2.215.2.1.6) |
accessible-for-notify |
OCTET STRING |
OCTET STRING (0..255) |
VRF name |
As per the MIB. |
hh3cTcpSynFloodFlowPktType (1.3.6.1.4.1.25506.2.215.2.1.7)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpSynFloodFlowPktType (1.3.6.1.4.1.25506.2.215.2.1.7) |
accessible-for-notify |
INTEGER |
ip(1) mpls(2) |
Type of the flow-based SYN attack packets |
As per the MIB. |
hh3cTcpSynFloodFlowRate (1.3.6.1.4.1.25506.2.215.2.1.8)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpSynFloodFlowRate (1.3.6.1.4.1.25506.2.215.2.1.8) |
accessible-for-notify |
Unsigned32 |
Standard MIB values. |
Rate of the flow-based SYN attack packets |
As per the MIB. |
hh3cTcpSynFloodIfChassis (1.3.6.1.4.1.25506.2.215.3.1.1)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpSynFloodIfChassis (1.3.6.1.4.1.25506.2.215.3.1.1) |
accessible-for-notify |
Unsigned32 |
Standard MIB values. |
Chassis number |
As per the MIB. |
hh3cTcpSynFloodIfSlot (1.3.6.1.4.1.25506.2.215.3.1.2)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpSynFloodIfSlot (1.3.6.1.4.1.25506.2.215.3.1.2) |
accessible-for-notify |
Unsigned32 |
Standard MIB values. |
Slot number |
As per the MIB. |
hh3cTcpSynFloodIfIndex (1.3.6.1.4.1.25506.2.215.3.1.3)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpSynFloodIfIndex (1.3.6.1.4.1.25506.2.215.3.1.3) |
accessible-for-notify |
InterfaceIndex |
Standard MIB values. |
Index of the interface that received the interface-based SYN attack packets |
As per the MIB. |
hh3cTcpSynFloodIfPktType (1.3.6.1.4.1.25506.2.215.3.1.4)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpSynFloodIfPktType (1.3.6.1.4.1.25506.2.215.3.1.4) |
accessible-for-notify |
INTEGER |
ip(1) mpls(2) |
Type of the interface-based SYN attack packets |
As per the MIB. |
hh3cTcpSynFloodIfRate (1.3.6.1.4.1.25506.2.215.3.1.5)
|
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
|
hh3cTcpSynFloodIfRate (1.3.6.1.4.1.25506.2.215.3.1.5) |
accessible-for-notify |
Unsigned32 |
Standard MIB values. |
Rate of the interface-based SYN attack packets |
As per the MIB. |
Notifications
hh3cTcpMD5AuthenFail
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.215.1.0.1 |
TCP connection MD5 authentication failed. |
Error |
Warning |
N/A (N/A) |
ON |
Notification triggers
This notification is generated when the MD5 keys of the two ends of a TCP connection are different or only one end is configured with an MD5 key.
System impact
The TCP connection cannot be established, upper-layer routing protocols, such as LDP and BGP, cannot establish sessions.
Status control
ON
CLI: Use the snmp-agent trap enable tcp command.
OFF
CLI: Use the undo snmp-agent trap enable tcp command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.215.1.1.1 (hh3cTcpConnLocalAddressTCP) |
Local IP address of the TCP connection |
N/A |
OCTET STRING |
OCTET STRING (0..255) |
|
1.3.6.1.4.1.25506.2.215.1.1.2 (hh3cTcpConnLocalPortTCP) |
Local port number of the TCP connection |
N/A |
Integer32 |
Integer32(0..65535) |
|
1.3.6.1.4.1.25506.2.215.1.1.3 (hh3cTcpConnRemAddressTCP) |
Remote IP address of the TCP connection |
N/A |
OCTET STRING |
OCTET STRING (0..255) |
|
1.3.6.1.4.1.25506.2.215.1.1.4 (hh3cTcpConnRemPortTCP) |
Remote port number of the TCP connection |
N/A |
Integer32 |
Integer32(0..65535) |
|
1.3.6.1.4.1.25506.2.215.1.1.5 (hh3cTcpProtocol) |
Name of the upper layer protocol of TCP |
N/A |
OCTET STRING |
OCTET STRING (0..255) |
|
1.3.6.1.4.1.25506.2.215.1.1.6 (hh3cTcpVrfNameVRF) |
Name of the VRF of the TCP connection |
N/A |
OCTET STRING |
OCTET STRING (0..255) |
Recommended action
To resolve this issue:
1.Use the display current-configuration command on each end to check whether an MD5 key is configured.
- If only one end is configured with an MD5 key, configure an MD5 key on the other end. If the issue persists, go to step 3.
- If the MD5 keys configured on the two ends are different, go to step 2.
2.Configure the same MD5 key on the two ends.
3.Collect alarm information and configuration data, and then contact H3C Support for help.
hh3cTcpNumExceedAlarm
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.215.1.0.2 |
The number of TCP connections has exceeded the maximum. |
Error |
Warning |
1.3.6.1.4.1.25506.2.215.1.0.3 (hh3cTcpNumExceedResume) |
ON |
Notification triggers
After Naptha attack prevention is enabled, this notification will be generated when the number of TCP connections of a state exceeds the maximum allowed.
System impact
New TCP connections cannot be established.
Status control
ON
CLI: Use the snmp-agent trap enable tcp command.
OFF
CLI: Use the undo snmp-agent trap enable tcp command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.215.1.1.7 (hh3cTcpNumExceedState) |
TCP connection state |
N/A |
INTEGER |
established(1), finWait1(2), closing(3), lastAck(4), finWait2(5) |
Recommended action
1.Execute the display tcp command to view all TCP connections on the device.
2.Check for attacks, identify and then shut down the attacked services, or configure attack defense features on the firewall.
3.Check for any unnecessary connections and close services that are not needed.
4.If the issue persists, collect configuration data and alarm information, and then contact Technical Support.
hh3cTcpNumExceedResume
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.215.1.0.3 |
The number of connections dropped below the upper limit. |
Recovery |
Warning |
N/A (N/A) |
ON |
Notification triggers
After Naptha attack prevention is enabled, this notification will be generated when the number of TCP connections of a state returns to normal.
System impact
No negative impact on the system.
Status control
ON
CLI: Use the snmp-agent trap enable tcp command.
OFF
CLI: Use the undo snmp-agent trap enable tcp command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.215.1.1.7 (hh3cTcpNumExceedState) |
TCP connection state |
N/A |
INTEGER |
established(1), finWait1(2), closing(3), lastAck(4), finWait2(5) |
Recommended action
No action is required.
hh3cTcpExceptionClose
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.215.1.0.4 |
The TCP connection was disconnected duo to abnormal TCP packets. |
Error |
Warning |
N/A (N/A) |
ON |
Notification triggers
After TCP connection attack prevention is enabled, if the device receives too many abnormal TCP packets within a certain period, it will disconnect the TCP connection and generate a notification for this event.
System impact
TCP may be vulnerable to attacks, resulting in connections and affecting service operations.
Status control
ON
CLI: Use the snmp-agent trap enable tcp command.
OFF
CLI: Use the undo snmp-agent trap enable tcp command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.215.1.1.1 (hh3cTcpConnLocalAddressTCP) |
TCP packet source IP address |
N/A |
OCTET STRING |
OCTET STRING (0..255) |
|
1.3.6.1.4.1.25506.2.215.1.1.2 (hh3cTcpConnLocalPortTCP) |
TCP message source port ID |
N/A |
Integer32 |
Integer32(0..65535) |
|
1.3.6.1.4.1.25506.2.215.1.1.3 (hh3cTcpConnRemAddressTCP) |
Destination IP address of the TCP packet. |
N/A |
OCTET STRING |
OCTET STRING (0..255) |
|
1.3.6.1.4.1.25506.2.215.1.1.4 (hh3cTcpConnRemPortTCP) |
Destination port number of the TCP packet. |
N/A |
Integer32 |
Integer32(0..65535) |
|
1.3.6.1.4.1.25506.2.215.1.1.8 (hh3cTcpRcvVrfName) |
VPN receiving the TCP packet. |
N/A |
OCTET STRING |
OCTET STRING (0..255) |
|
1.3.6.1.4.1.25506.2.215.1.1.9 (hh3cTcpSndVrfName) |
VPN sending the TCP packet. |
N/A |
OCTET STRING |
OCTET STRING (0..255) |
Recommended action
1.As a best practice, capture and analyze the packets received by the device.
2.Identify whether the device is suffered a whitelist attack. Configure attack defense on the firewall.
3.If the issue persists, collect configuration data and alarm information, and then contact Technical Support.
hh3cTcpSynFloodFlow
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.215.2.0.1 |
A flow-based TCP SYN flood attack occurs. |
Error |
Warning |
N/A (N/A) |
ON |
Notification triggers
A flow-based TCP SYN flood attack occurs.
System impact
The device is under attack, which might affect normal TCP services.
Status control
ON
CLI: Use the snmp-agent trap enable tcp command.
OFF
CLI: Use the undo snmp-agent trap enable tcp command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.215.2.1.1 (hh3cTcpSynFloodFlowChassis) |
Chassis number |
N/A |
Unsigned32 |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.215.2.1.2 (hh3cTcpSynFloodFlowSlot) |
Slot number |
N/A |
Unsigned32 |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.215.2.1.3 (hh3cTcpSynFloodFlowIpType) |
Address type |
N/A |
InetAddressType |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.215.2.1.4 (hh3cTcpSynFloodFlowIpAddress) |
Source address of the SYN attack packets |
N/A |
InetAddress |
OCTET STRING (0..255) |
|
1.3.6.1.4.1.25506.2.215.2.1.5 (hh3cTcpSynFloodFlowPort) |
Destination port number of the SYN attack packets |
N/A |
Integer32 |
Integer32 (0..65535) |
|
1.3.6.1.4.1.25506.2.215.2.1.6 (hh3cTcpSynFloodFlowVrfName) |
VRF name |
N/A |
OCTET STRING |
OCTET STRING (0..255) |
|
1.3.6.1.4.1.25506.2.215.2.1.7 (hh3cTcpSynFloodFlowPktType) |
Type of the SYN attack packets |
N/A |
INTEGER |
ip(1), mpls(2) |
|
1.3.6.1.4.1.25506.2.215.2.1.8 (hh3cTcpSynFloodFlowRate) |
Rate of the SYN attack packets |
N/A |
Unsigned32 |
Standard MIB values. |
Recommended action
Check whether attack packets exist in the current network environment.
hh3cTcpSynFloodIf
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.215.3.0.1 |
An interface-based TCP SYN flood attack occurs. |
Error |
Warning |
N/A (N/A) |
ON |
Notification triggers
An interface-based TCP SYN flood attack occurs.
System impact
The device is under attack, which might affect normal TCP services.
Status control
ON
CLI: Use the snmp-agent trap enable tcp command.
OFF
CLI: Use the undo snmp-agent trap enable tcp command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.215.3.1.1 (hh3cTcpSynFloodIfChassis) |
Chassis number |
N/A |
Unsigned32 |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.215.3.1.2 (hh3cTcpSynFloodIfSlot) |
Slot number |
N/A |
Unsigned32 |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.215.3.1.3 (hh3cTcpSynFloodIfIndex) |
Index of the interface that received the SYN attack packets |
N/A |
InterfaceIndex |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.215.3.1.4 (hh3cTcpSynFloodIfPktType) |
Type of the SYN attack packets |
N/A |
INTEGER |
ip(1), mpls(2) |
|
1.3.6.1.4.1.25506.2.215.3.1.5 (hh3cTcpSynFloodIfRate) |
Rate of the SYN attack packets |
N/A |
Unsigned32 |
Standard MIB values. |
Recommended action
Check whether attack packets exist in the current network environment.
