SECE_1.3.6.1.4.1.2011.5.25.165.2.2.1.4 hwStrackErrorDown

Description

SECE/4/STRACK_ERROR_DOWN: OID [oid] Interface's status is changed to error-down because an attack is detected, Interface [OCTET].

The system detected an attack source and set the source interface of the attack packets to error-down state.

Attribute

Alarm ID	Alarm Severity	Alarm Type
1.3.6.1.4.1.2011.5.25.165.2.2.1.4	Warning	securityServiceOrMechanismViolation(10)

Parameters

Name	Meaning
OID	Indicates the MIB object ID of the alarm.
Interface	Indicates the access interface of the attacker.

Impact on the System

The interface in error-down state cannot work.

Possible Causes

The device received a large number of packets from the interface, and the rate of received packets exceeded the alarm threshold specified by the auto-defend threshold command to identify an attack. Therefore, the device identified the interface as an attack source. By default, the alarm threshold is 60 pps.

Procedure

Run the display auto-defend attack-source detail command to check the detected attack source and check whether it is an authorized user.
If the interface is attacked and it connects to only one user, you do not need to take any actions because the attack has been blocked. Go to Step 5.
If the interface connects to multiple users and some users initiate attacks, you can configure attack source tracing and set the action taken on attack packets to deny, or configure a traffic policy to discard attack packets.
If only entries exist on the interface or entries cannot be determined, collect device configurations, alarms, and logs, and then contact technical support personnel.
End.

Related Information

None