ARP_1.3.6.1.4.1.2011.5.25.123.2.1 hwEthernetARPSpeedLimitAlarm

Description

ARP/4/ARP_SUPP_TRAP:OID [OID] Exceed the speed limit value configured. (Ifnet index=[INTEGER], Configured value=[COUNTER], Sampling value=[COUNTER], Speed-limit type=[OCTET], Source Ip address=[IPADDR], Destination Ip address=[IPADDR], VPN-Instance name=[OCTET]).

The trap was generated when the transmitting rate of ARP packets or ARP Miss Messages was greater than the rate limit. You can run the arp speed-limit command to set the rate limit. The default rate limit is 500 bit/s.

Attribute

Alarm ID	Alarm Severity	Alarm Type
1.3.6.1.4.1.2011.5.25.123.2.1	Warning	processingErrorAlarm(4)

Parameters

Name	Meaning
OID	Indicates the MIB object ID of the alarm.
Ifnet index	Indicates the interface index.
Configured value	Indicates the configured rate limit.
Sampling value	Indicates the sampling of the number of packets received within a period.
Speed-limit type	Indicates the type of packets configured with timestamp suppression, for example, ARP and ARP Miss.
Source Ip address	Indicates source IP addresses.
Destination Ip address	Indicates the destination IP address.
VPN-Instance name	Indicates the VPN instance name.

Impact on the System

View the type of packets configured with timestamp suppression in trap messages.

If ARP packets are configured with timestamp suppression, some normal ARP packets are discarded. As a result, traffic cannot be forwarded normally.

If ARP Miss messages are configured with timestamp suppression, some ARP Miss messages are discarded. As a result, ARP Request messages cannot be triggered and thus traffic cannot be forwarded normally.

If this trap is cleared shortly, services will not be affected and the system will resume the normal operation.

If this trap is not cleared for a long time, the service processing capability of the system will be affected.

Possible Causes

The interval for enabling the log function and sending traps for potential attack behaviors was set to Ns. Within the period of N+1s, the number of sent ARP packets was greater than the threshold. Within the first Ns, the average number of sent ARP packets was greater than the threshold.

The interval for enabling the log function and sending traps for potential attack behaviors was set to Ns. Within the period of N+1s, the number of sent ARP Miss messages was greater than the threshold. Within the first Ns, the average number of sent ARP Miss messages was greater than the threshold.

Procedure

Check the type of packets with timestamp suppression configured in trap messages.
- If the type of packets is ARP, go to Step 2.
- If the type of packets is ARP Miss, go to Step 4.
Run the display arp speed-limit destination-ip command to obtain the ARP rate limit value on interfaces.
Run the arp speed-limit destination-ip maximum maximum command to reconfigure the maximum value for timestamp suppression of ARP packets. This value must be greater than the value obtained in Step 2 but must be less than 16384; otherwise, the trap cannot be cleared. Check whether the trap is cleared.
- If the trap is cleared, go to Step 7.
- If the trap is not cleared, go to Step 6.
Run the display arp_anti-attack configuration command to obtain the ARP Miss rate limit value on interfaces.
Run the arp-miss speed-limit [ ip-address ] source-ip maximum maximum command to reconfigure the maximum value for timestamp suppression of ARP Miss packets. This value must be greater than the value obtained in Step 4 but must be less than 16384; otherwise, the trap cannot be cleared. Check whether the trap is cleared.
- If the trap is cleared, go to Step 7.
- If the trap is not cleared, go to Step 6.
Collect alarm information and configuration information, and then contact technical support personnel.
End.

Related Information

None