The snmp-agent trap enable feature-name securitytrap command enables the trap function for the security module.
The undo snmp-agent trap enable feature-name securitytrap command disables the trap function for the security module.
By default, the trap function is enabled for the security module.
snmp-agent trap enable feature-name securitytrap [ trap-name { hwarpglobalspeedlimitalarm | hwarpifratelimitblockalarm | hwarpifspeedlimitalarm | hwarpmissglobalspeedlimitalarm | hwarpmissifspeedlimitalarm | hwarpmisssipspeedlimitalarm | hwarpmissvlanspeedlimitalarm | hwarpsdaidropalarm | hwarpsentrycheck | hwarpsgatewayconflict | hwarpsipspeedlimitalarm | hwarpsmacspeedlimitalarm | hwarpspacketcheck | hwarpvlanspeedlimitalarm | hwdefendcpcardroppkt | hwicmpglobaldropalarm | hwicmpifdropalarm | hwipsgdropalarm | hwipsgvlandropalarm | hwmacsecfailnotify | hwolcstartalarm | hwolcstopalarm | hwstrackdenypacket | hwstrackerrordown | hwstrackifvlaninfo | hwstrackportatk | hwstracksrcipinfo | hwstrackuserabnormal | hwstrackuserinfo | hwxqosstormcontroltrap | hwxqosstormcontroltrapext | hwenginesessthresholdalarm | hwenginesessthresholdresume | hwxqostrafficsuppressiontrap | hwweakeaconfigalarm } ]
undo snmp-agent trap enable feature-name securitytrap [ trap-name { hwarpglobalspeedlimitalarm | hwarpifratelimitblockalarm | hwarpifspeedlimitalarm | hwarpmissglobalspeedlimitalarm | hwarpmissifspeedlimitalarm | hwarpmisssipspeedlimitalarm | hwarpmissvlanspeedlimitalarm | hwarpsdaidropalarm | hwarpsentrycheck | hwarpsgatewayconflict | hwarpsipspeedlimitalarm | hwarpsmacspeedlimitalarm | hwarpspacketcheck | hwarpvlanspeedlimitalarm | hwdefendcpcardroppkt | hwicmpglobaldropalarm | hwicmpifdropalarm | hwipsgdropalarm | hwmacsecfailnotify | hwolcstartalarm | hwolcstopalarm | hwstrackdenypacket | hwstrackerrordown | hwstrackifvlaninfo | hwstrackportatk | hwstracksrcipinfo | hwstrackuserabnormal | hwstrackuserinfo | hwxqosstormcontroltrap | hwxqosstormcontroltrapext | hwenginesessthresholdalarm | hwenginesessthresholdresume | hwxqostrafficsuppressiontrap | hwweakeaconfigalarm } ]
Parameter |
Description |
Value |
|---|---|---|
trap-name |
Enables or disables the trap function for the specified event. |
- |
hwarpglobalspeedlimitalarm |
Enables the Huawei proprietary trap sent when the rate of ARP packets received by the device reaches the alarm threshold. |
- |
hwarpifratelimitblockalarm |
Enables the Huawei proprietary trap sent when the rate of ARP packets received by the device exceeds the threshold and ARP packets are discarded on interfaces within block period. |
- |
hwarpifspeedlimitalarm |
Enables the Huawei proprietary trap sent when the rate of ARP packets received by an interface reaches the alarm threshold. |
- |
hwarpmissglobalspeedlimitalarm |
Enables the Huawei proprietary trap sent when the rate of ARP Miss messages on the device exceeds the threshold and the number of discarded ARP Miss messages exceeds the alarm threshold. |
- |
hwarpmissifspeedlimitalarm |
Enables the Huawei proprietary trap sent when the rate of ARP Miss messages on an interface reaches the alarm threshold. |
- |
hwarpmisssipspeedlimitalarm |
Enables the Huawei proprietary trap sent when the rate of ARP Miss messages from a source IP address exceeds the alarm threshold. |
- |
hwarpmissvlanspeedlimitalarm |
Enables the Huawei proprietary trap sent when the rate of ARP Miss messages in a VLAN exceeds the threshold and the number of discarded ARP Miss messages exceeds the alarm threshold. |
- |
hwarpsdaidropalarm |
Enables the Huawei proprietary trap sent when the number of ARP packets discarded by DAI reaches the alarm threshold. |
- |
hwarpsentrycheck |
Enables the Huawei proprietary trap sent when the device detects an attack packet used to modify an ARP entry. |
- |
hwarpsgatewayconflict |
Enables the Huawei proprietary trap sent when the device receives an ARP packet of which the source IP address is the same as gateway IP address. |
- |
hwarpsipspeedlimitalarm |
Enables the Huawei proprietary trap sent when the rate of ARP packets from a source IP address exceeds the alarm threshold. |
- |
hwarpsmacspeedlimitalarm |
Enables the Huawei proprietary trap sent when the rate of ARP packets from a source MAC address exceeds the alarm threshold. |
- |
hwarpspacketcheck |
Enables the Huawei proprietary trap sent when the device detects an invalid ARP packet. |
- |
hwarpvlanspeedlimitalarm |
Enables the Huawei proprietary trap sent when the rate of ARP packets in a VLAN reaches the alarm threshold. |
- |
hwdefendcpcardroppkt |
Enables the Huawei proprietary trap sent when packets are dropped because the rate of protocol packets sent to the CPU exceeds the CPCAR value. |
- |
hwicmpglobaldropalarm |
Enables the Huawei proprietary trap sent when the rate of global ICMP packets reaches the alarm threshold. |
- |
hwicmpifdropalarm |
Enables the Huawei proprietary trap sent when the rate of ICMP packets on an interface reaches the alarm threshold. |
- |
hwipsgdropalarm |
Enables the Huawei-property trap sent when the number of IP packets in a interface discarded by IPSG reaches the alarm threshold. |
- |
hwipsgvlandropalarm |
Enables the Huawei-property trap sent when the number of IP packets in a VLAN discarded by IPSG reaches the alarm threshold. |
- |
hwmacsecfailnotify |
Enables the Huawei proprietary trap sent when MACsec configuration on an interface is invalid. |
- |
hwolcstartalarm |
Enables the Huawei proprietary trap sent when the CPU usage reaches the OLC start threshold. |
- |
hwolcstopalarm |
Enables the Huawei proprietary trap sent when the CPU usage falls below the OLC stop threshold. |
- |
hwstrackdenypacket |
Enables the Huawei proprietary trap sent when the device detects an attack source and discards the packets from this attack source. |
- |
hwstrackerrordown |
Enables the Huawei proprietary trap sent when the device detects an attack source and sets the port status of the attack source to error-down. |
- |
hwstrackifvlaninfo |
Enables the Huawei proprietary trap sent when attack source tracing detects an attack initiated from an interface. |
- |
hwstrackportatk |
Enables the Huawei proprietary trap sent when an interface is attacked by protocol packets and port attack defense is started. |
- |
hwstracksrcipinfo |
Enables the Huawei proprietary trap sent when attack source tracing detects a source IP address-based attack. |
- |
hwstrackuserabnormal |
Enables the Huawei proprietary trap sent when the rate of packets received by a switch exceeds the normal rate. |
- |
hwstrackuserinfo |
Enables the Huawei proprietary trap sent when attack source tracing detects a user-based attack. |
- |
hwxqosstormcontroltrap |
Enables the Huawei proprietary trap sent when storm control detects a port status change. |
- |
hwxqosstormcontroltrapext |
Enables the Huawei proprietary trap sent when the interface state machine changes. |
- |
hwEngineSessThresholdAlarm |
Enables the Huawei proprietary trap sent when the number of IAE sessions exceeds the upper threshold (80% of the session specification). NOTE:
Only the following switch models support the parameter: S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, S6730S-S |
- |
hwEngineSessThresholdResume |
Enables the Huawei proprietary trap sent when the number of IAE sessions falls below the lower threshold (60% of the session specification). NOTE:
Only the following switch models support the parameter: S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, S6730S-S |
- |
hwxqostrafficsuppressiontrap |
Enables the Huawei proprietary trap sent when packet loss occurs in the inbound direction of an interface. NOTE:
Only the following switch models support the trap: S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S |
- |
hwweakeaconfigalarm |
Enables the Huawei proprietary trap sent when the authentication or encryption algorithm with low security is configured on the device. |
- |
When the trap function is enabled, the device generates traps during running and sends traps to the NMS through SNMP. When the trap function is not enabled, the device does not generate traps and the SNMP module does not send traps to the NMS.
You can specify trap-name to enable the trap function for one or more events.