Help Center/ Huawei Qiankun CloudService/ More Documents/ Device Alarm Handling/ V200 LSW Alarms/ ALM-3276800476 The number of the discarded DHCP request packets that do not match the binding table exceeds the threshold on the interface
Updated on 2024-01-25 GMT+08:00

ALM-3276800476 The number of the discarded DHCP request packets that do not match the binding table exceeds the threshold on the interface

Description

DHCP/1/REQUESTTRAP:OID [OID] The number of the discarded DHCP request packets that do not match the binding table exceeds the threshold on the interface. (IfIndex=[INTEGER], VlanIndex=[INTEGER], Interface=[OCTET], VlanID=[INTEGER], BdID=[INTEGER], DiscardedNumber=[INTEGER])

The number of DHCP Request packets discarded on the interface because they do not match the binding table exceeded the threshold.

Attribute

Alarm ID

Alarm Severity

Alarm Type

3276800476

Warning

Equipment alarm

Parameters

Name

Meaning

OID

Indicates the MIB object ID of the alarm.

IfIndex

Indicates the interface index.

VlanIndex

Indicates the VLAN index.

Interface

Indicates the interface name.

VlanID

Indicates the VLAN ID.

BdID

Indicates the BD ID.

DiscardedNumber

Indicates the number of discarded packets.

Impact on the System

Invalid DHCP packets are discarded.

Possible Causes

DHCP attacks occurred.

Procedure

  1. Run the display dhcp snooping user-bind command to check DHCP snooping binding entries on the interface to determine users' IP addresses and MAC addresses.

  2. Configure port mirroring to obtain DHCP packets received by the interface. Check users' IP addresses and MAC addresses in DHCP Request packets that do not match the binding table.

    • If a user connected to the interface sends a large number of DHCP Request packets that do not match the binding table, the user is an unauthorized user and the DHCP Request packets are attack packets. The device discards the attack packets. Check the attack source based on the user's IP address or MAC address.

    • If users connected to the interface do not send a large number of DHCP Request packets that do not match the binding table, DHCP packets sent by the users are not attack packets. To ensure that the users pass the check, cancel the dhcp snooping check dhcp-request enable command configuration on the interface.

Related Information

None