< Home

display snmp-agent trap feature-name securitytrap all

Function

The display snmp-agent trap feature-name securitytrap all command displays the status of all traps on the security module.

Format

display snmp-agent trap feature-name securitytrap all

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

After the trap function of a specified feature is enabled, you can run the display snmp-agent trap feature-name securitytrap all command to check the status of all traps of security. You can use the snmp-agent trap enable feature-name securitytrap command to enable the trap function of security.

Prerequisites

SNMP has been enabled. See snmp-agent.

Example

# Display all the traps of the security module.

<HUAWEI>display snmp-agent trap feature-name securitytrap all
------------------------------------------------------------------------------
Feature name: SECURITYTRAP
Trap number : 35
------------------------------------------------------------------------------
Trap name                       Default switch status   Current switch status
hwStrackUserInfo                on                      on
hwStrackIfVlanInfo              on                      on
hwStrackSrcIpInfo               on                      on
hwXQoSStormControlTrap          on                      on
hwXQoSStormControlTrapExt       on                      on
hwARPSGatewayConflict           on                      on
hwARPSEntryCheck                on                      on
hwARPSPacketCheck               on                      on
hwARPSDaiDropALarm              on                      on
hwARPGlobalSpeedLimitALarm      on                      on
hwARPIfSpeedLimitALarm          on                      on
hwARPVlanSpeedLimitALarm        on                      on
hwARPMissGlobalSpeedLimitALarm  on                      on
hwARPMissIfSpeedLimitALarm      on                      on
hwARPMissVlanSpeedLimitALarm    on                      on
hwARPSIPSpeedLimitALarm         on                      on
hwARPSMACSpeedLimitALarm        on                      on
hwARPMissSIPSpeedLimitALarm     on                      on
hwArpIfRateLimitBlockALarm      on                      on
hwIPSGDropALarm                 on                      on
hwIPSGVlanDropALarm             on                      on
hwICMPGlobalDropALarm           on                      on
hwICMPIfDropALarm               on                      on
hwStrackDenyPacket              on                      on
hwStrackErrorDown               on                      on
hwDefendCpcarDropPkt            on                      on
hwMACsecFailNotify              on                      on
hwStrackPortAtk                 on                      on
hwStrackUserAbnormal            on                      on
hwOlcStartAlarm                 on                      on                      
hwOlcStopAlarm                  on                      on
hwXQoSTrafficSuppressionTrap    on                      on
hwEngineSessThresholdAlarm      on                      on
hwEngineSessThresholdResume     on                      on
hwWeakEAConfigAlarm             on                      on
Choose Columns...
Table 1 Description of the display snmp-agent trap feature-name securitytrap all command output

Item

Description

Feature name

Name of the module that the trap belongs to.

Trap number

Number of traps.

Trap name

Trap name. The ACL module uses the following Huawei proprietary traps:

  • hwStrackUserInfo: sent when attack source tracing detects a user-based attack.

  • hwStrackIfVlanInfo: sent when attack source tracing detects an attack initiated from an interface.

  • hwStrackSrcIpInfo: sent when attack source tracing detects a source IP address-based attack.

  • hwXQoSStormControlTrap: sent when storm control detects a port status change.

  • hwXQoSStormControlTrapExt: sent when the interface state machine changes.

  • hwARPSGatewayConflict: sent when the device receives an ARP packet of which the source IP address is the same as gateway IP address.

  • hwARPSEntryCheck: sent when the device detects an attack packet used to modify an ARP entry.

  • hwARPSPacketCheck: sent when the device detects an invalid ARP packet.

  • hwARPSDaiDropALarm: sent when the number of ARP packets discarded by DAI reaches the alarm threshold.

  • hwARPGlobalSpeedLimitALarm: sent when the rate of ARP packets received by the device reaches the alarm threshold.

  • hwARPIfSpeedLimitALarm: sent when the rate of ARP packets received by an interface reaches the alarm threshold.

  • hwARPVlanSpeedLimitALarm: sent when the rate of ARP packets in a VLAN reaches the alarm threshold.

  • hwARPMissGlobalSpeedLimitALarm: sent when the rate of ARP Miss messages on the device exceeds the threshold and the number of discarded ARP Miss messages exceeds the alarm threshold.

  • hwARPMissIfSpeedLimitALarm: sent when the rate of ARP Miss messages on an interface reaches the alarm threshold.

  • hwARPMissVlanSpeedLimitALarm: sent when the rate of ARP Miss messages in a VLAN exceeds the threshold and the number of discarded ARP Miss messages exceeds the alarm threshold.

  • hwARPSIPSpeedLimitALarm: sent when the rate of ARP packets from a source IP address exceeds the alarm threshold.

  • hwARPSMACSpeedLimitALarm: sent when the rate of ARP packets from a source MAC address exceeds the alarm threshold.

  • hwARPMissSIPSpeedLimitALarm: sent when the rate of ARP Miss messages from a source IP address exceeds the alarm threshold.

  • hwArpIfRateLimitBlockALarm: sent when the rate of ARP packets received by the device exceeds the threshold and ARP packets are discarded on interfaces within block period.

  • hwIPSGDropALarm: sent when the number of IP packets in a interface discarded by IPSG reaches the alarm threshold.

  • hwIPSGVlanDropALarm: sent when the number of IP packets in a VLAN discarded by IPSG reaches the alarm threshold.

  • hwICMPGlobalDropALarm: sent when the rate of global ICMP packets reaches the alarm threshold.

  • hwICMPIfDropALarm: sent when the rate of ICMP packets on an interface reaches the alarm threshold.

  • hwStrackDenyPacket: sent when the device detects an attack source and discards the packets from this attack source.

  • hwStrackErrorDown: sent when the device detects an attack source and sets the port status of the attack source to error-down.

  • hwDefendCpcarDropPkt: sent when packets are dropped because the rate of protocol packets sent to the CPU exceeds the CPCAR value.
  • hwMACsecFailNotify: sent when MACsec configuration on an interface is invalid.
  • hwStrackPortAtk: sent when an interface is attacked by protocol packets and port attack defense is started.
  • hwStrackUserAbnormal: sent when the rate of packets received by a switch exceeds the normal rate.
  • hwOlcStartAlarm: sent when the CPU usage reaches the OLC start threshold.
  • hwOlcStopAlarm: sent when the CPU usage falls below the OLC stop threshold.
  • hwXQoSTrafficSuppressionTrap: sent when packet loss occurs in the inbound direction of an interface.
  • hwEngineSessThresholdAlarm: sent when the number of IAE sessions exceeds the upper threshold (80% of the session specification).
  • hwEngineSessThresholdResume: sent when the number of IAE sessions falls below the lower threshold (60% of the session specification).
  • hwWeakEAConfigAlarm: sent when the authentication or encryption algorithm with low security is configured on the device.

Default switch status
Default status of the trap function:

  • on: indicates that the trap function is enabled by default.

  • off: indicates that the trap function is disabled by default.

Current switch status

Status of the trap function:

  • on: indicates that the trap function is enabled.

  • off: indicates that the trap function is disabled.
Parent Topic: Local Attack Defense Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >