SECE_1.3.6.1.4.1.2011.5.25.165.2.2.1.1 hwStrackUserInfo

Description

SECE/4/STRACKUSER: OID [oid] An attack occurred. (Interface=[OCTET], SourceMAC=[OCTET], InnerVlan=[INTEGER], OuterVlan=[INTEGER], EndTime=[OCTET], TotalPackets=[INTEGER])

The system detects an attack.

Attribute

Alarm ID	Alarm Severity	Alarm Type
1.3.6.1.4.1.2011.5.25.165.2.2.1.1	Warning	securityServiceOrMechanismViolation(10)

Parameters

Name	Meaning
OID	Indicates the MIB object ID of the alarm.
Interface	Indicates the access interface of the attacker.
SourceMAC	Indicates the Source MAC address of packets sent from the attacker.
InnerVlan	Indicates the inner VLAN ID of packets sent from the attacker.
OuterVlan	Indicates the outer VLAN ID of packets sent from the attacker.
EndTime	Indicates the end time of the attack.
TotalPackets	Indicates the number of packets received from the attacker.

Impact on the System

The CPU is busy processing attack packets. As a result, normal service packets cannot be processed in time or even discarded.

Possible Causes

The rate of packets with the specified MAC address and VLAN ID sent to the CPU exceeds the alarm threshold specified by the auto-defend threshold command. By default, the alarm threshold is 60 pps.

Procedure

Run the display auto-defend attack-source detail command to check the possible attack source and check whether the system is normal according to the protocol type and packet increase rate.
If the user initiates the attack, you can configure attack source tracing and set the action taken on attack packets to deny, or configure a traffic policy to discard attack packets.
If the fault cause is unknown, collect device configurations, alarms, and logs, and then contact technical support personnel.
End.

Related Information

None