Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-HH3C-PORT-SECURITY-MIB | 80.43 KB |
Contents
HH3C-PORT-SECURITY-MIB
About this MIB
Use this MIB to configure port security feature settings, obtain user information, and report trap notifications.
MIB file name
hh3c-port-security.mib
Notifications
hh3cSecureAddressLearned
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506. 2.26.1.3.1 |
A new secure MAC address was learned. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when a new secure MAC address is learned.
System impact
No negative impact on the system.
Status control
ON
CLI: Use the snmp-agent trap enable port-security address-learned command.
OFF
CLI: Use the undo snmp-agent trap enable port-security address-learned command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
ifIndex |
INTEGER |
INTEGER (1.. 2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
Learned MAC address on a port. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
Recommended action
No action is required.
hh3cSecureViolation
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506. 2.26.1.3.2 |
Intrusion protection event occurred. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when a port receives illegal frames whose source MAC address has not been learned by the port or that fail to pass authentication after you enable intrusion protection.
System impact
The system might be attacked by illegal frames if too many intrusion protection events occur.
Status control
ON
CLI: Use the snmp-agent trap enable port-security intrusion command.
OFF
CLI: Use the undo snmp-agent trap enable port-security intrusion command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
ifIndex |
Integer32 |
Integer32 (1.. 2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
|
1.3.6.1.2.1.2.2.1.7 (ifAdminStatus) |
Link layer status. |
ifIndex |
INTEGER |
up(1) , down(2) , testing(3) |
Recommended action
To resolve this issue:
1.Verify that 802.1X authentication, MAC authentication, and secure MAC addresses are configured correctly.
2.Execute the display dot1x, display mac-authentication, and display port-security mac-address security commands in any view to identify whether the number of online users or secure MAC addresses on the port has reached the upper limit.
- If the number of online users or learned secure MAC addresses on the port has reached the upper limit and the upper limit is too small, change the upper limit.
- If the numbers of online users and learned secure MAC addresses on the port hasn't reached the upper limit and intrusion protections events occur only occasionally, no action is required.
3.If many intrusion protection events occur, the system might be attacked. In this case, contact Technical Support.
hh3cSecureLoginFailure
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506. 2.26.1.3.3 |
An 802.1X user failed authentication. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an 802.1X user fails authentication.
System impact
The system might be attacked by many authentication packets if too many notifications are generated.
Status control
ON
CLI: Use the snmp-agent trap enable port-security dot1x-failure command.
OFF
CLI: Use the undo snmp-agent trap enable port-security dot1x-failure command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
ifIndex |
InterfaceIndex |
Integer32 (1..2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
|
1.0.8802.1.1.1.1.2.4.1.9 (dot1xAuthSessionUserName) |
Username of an 802.1X authentication user. |
dot1xAuthSessionUserName |
SnmpAdminString |
OCTET STRING (SIZE (0..255)) |
Recommended action
To resolve this issue:
1.Verify that 802.1X authentication settings are correct.
2.Execute the dot1x access-user log enable failed-login command to enable logging 802.1X user login failures to identify authentication failure cause. Edit the device or server configuration as needed if an authentication failure is caused by device or server configuration errors, for example:
- The authentication methods configured for the device and the server are different.
- The username is not added to the server.
- The username or password is incorrect.
3.If the system repeatedly generates this notification and the authentication failure log shows that one or multiple 802.1X users continuously failed to pass authentication, the system might be attacked by authentication packets. In this case, contact Technical Support.
hh3cSecureLogon
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506. 2.26.1.3.4 |
An 802.1X user logged on. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an 802.1X user logs on.
System impact
No negative impact on the system.
Status control
ON
CLI: Use the snmp-agent trap enable port-security dot1x-logon command.
OFF
CLI: Use the undo snmp-agent trap enable port-security dot1x-logon command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
ifIndex |
Integer32 |
Integer32 (1..2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
|
1.0.8802.1.1.1.1.2.4.1.9 (dot1xAuthSessionUserName) |
Username of an 802.1X authentication user. |
dot1xAuthSessionUserName |
SnmpAdminString |
OCTET STRING(SIZE (0..255)) |
|
1.0.8802.1.1.1.1.2.4.1.6 (dot1xAuthSessionAuthenticMethod) |
Authentication method. |
dot1xAuthSessionUserName |
INTEGER |
remoteAuthServer(1) , localAuthServer(2) |
|
1.3.6.1.4.1.25506.2.26.1.1.2 (hh3cSecurePortVlanMembershipList) |
VLAN membership assigned to the port on session activation. |
N/A |
DisplayString |
OCTET STRING (0..255) |
Recommended action
No action is required.
hh3cSecureLogoff
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.26.1.3.5 |
An 802.1X user logged off. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when an 802.1X user logs off.
System impact
No negative impact on the system.
Status control
ON
CLI: Use the snmp-agent trap enable port-security dot1x-logoff command.
OFF
CLI: Use the undo snmp-agent trap enable port-security dot1x-logoff command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index |
ifIndex |
Integer32 |
Integer32 (1..2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
|
1.0.8802.1.1.1.1.2.4.1.9 (dot1xAuthSessionUserName) |
Username of an 802.1X authentication user. |
dot1xAuthSessionUserName |
SnmpAdminString |
OCTET STRING(SIZE (0.. 255)) |
|
1.0.8802.1.1.1.1.2.4.1.8 (dot1xAuthSessionTerminateCause) |
802.1X session termination cause. |
dot1xAuthSessionUserName |
INTEGER |
supplicantLogoff(1) , portFailure(2) , supplicantRestart(3) , reauthFailed(4) , authControlForceUnauth(5) portReInit(6) , portAdminDisabled(7) , notTerminatedYet(999) |
|
1.3.6.1.4.1.25506.2.26.1.1.2 (hh3cSecurePortVlanMembershipList) |
VLAN membership assigned to the port on session termination. |
N/A |
DisplayString |
OCTET STRING (0..255) |
Recommended action
No action is required.
hh3cSecureRalmLoginFailure
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.26.1.3.6 |
A MAC authentication user failed authentication. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when a MAC authentication user fails authentication.
System impact
The system might be attacked by many authentication packets if too many notifications are generated.
Status control
ON
CLI: Use the snmp-agent trap enable port-security mac-auth-failure command.
OFF
CLI: Use the undo snmp-agent trap enable port-security mac-auth-failure command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
ifIndex |
Integer32 |
Integer32 (1.. 2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.26.1.1.4.4 (hh3cSecureRalmAuthMode) |
MAC authentication user account format. |
N/A |
INTEGER |
papUsernameAsMacAddress(1) , papUsernameFixed(2) |
|
1.3.6.1.4.1.25506.2.26.1.1.4.5 (hh3cSecureRalmAuthUsername) |
Username of a MAC authentication user. |
N/A |
DisplayString |
OCTET STRING (1..80) |
Recommended action
To resolve this issue:
1.Verify that MAC authentication settings are correct.
2.Execute the mac-authentication access-user log enable failed-login command to enable logging MAC authentication user login failures to identify authentication failure cause. Edit the device or server configuration as needed if an authentication failure is caused by device or server configuration errors, for example:
- The authentication methods configured for the device and the server are different.
- The username is not added to the server.
- The username or password is incorrect.
3.If the system repeatedly generates this notification and the authentication failure log shows that users from different MAC addresses continuously failed to pass authentication, the system might be attacked by authentication packets. In this case, contact Technical Support.
hh3cSecureRalmLogon
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506. 2.26.1.3.7 |
A MAC authentication user logged on. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when a MAC authentication user logs on.
System impact
No negative impact on the system.
Status control
ON
CLI: Use the snmp-agent trap enable port-security mac-auth-logon command.
OFF
CLI: Use the undo snmp-agent trap enable port-security mac-auth-logon command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
ifIndex |
Integer32 |
Integer32 (1.. 2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.26.1.1.4.4 (hh3cSecureRalmAuthMode) |
MAC authentication user account format. |
N/A |
INTEGER |
papUsernameAsMacAddress(1) papUsernameFixed(2) |
|
1.3.6.1.4.1.25506.2.26.1.1.4.5 (hh3cSecureRalmAuthUsername) |
Username of a MAC authentication user. |
N/A |
DisplayString |
OCTET STRING (1..80) |
|
1.3.6.1.4.1.25506.2.26.1.1.2 (hh3cSecurePortVlanMembershipList) |
VLAN membership assigned to the port on session activation. |
N/A |
DisplayString |
OCTET STRING (0..255) |
Recommended action
No action is required.
hh3cSecureRalmLogoff
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506. 2.26.1.3.8 |
A MAC authentication user logged off. |
Informational |
Warning |
N/A (N/A) |
OFF |
Notification triggers
This notification is generated when a MAC authentication user logs off.
System impact
No negative impact on the system.
Status control
ON
CLI: Use the snmp-agent trap enable port-security mac-auth-logoff command.
OFF
CLI: Use the undo snmp-agent trap enable port-security mac-auth-logoff command.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
ifIndex |
Integer32 |
Integer32 (0..2147483647) |
|
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
ifIndex hh3cSecureAddrMAC hh3cSecureAddrVlanID |
MacAddress |
Standard MIB values. |
|
1.3.6.1.4.1.25506.2.26.1.1.4.4 (hh3cSecureRalmAuthMode) |
MAC authentication user account format. |
N/A |
INTEGER |
papUsernameAsMacAddress(1) , papUsernameFixed(2) |
|
1.3.6.1.4.1.25506.2.26.1.1.4.5 (hh3cSecureRalmAuthUsername) |
Username of an MAC authentication user. |
N/A |
DisplayString |
OCTET STRING (1..80) |
|
1.3.6.1.4.1.25506.2.26.1.1.2 (hh3cSecurePortVlanMembershipList) |
VLAN membership assigned to the port on session termination. |
N/A |
DisplayString |
OCTET STRING (0..255) |
Recommended action
No action is required.
