ALM-3276800480 The number of packets discarded by DAI exceeds the alarm threshold

Description

SECE/4/DAI_BDDROP_ALARM: OID [oid] The packet dropped by DAI exceeds the alarm threshold. (DroppedNum=[INTEGER], Threshold=[INTEGER], BD=[INTEGER], PacketInfo=[OCTET]).

The number of packets discarded by Dynamic ARP Inspection (DAI) in a BD exceeds the alarm threshold.

Attribute

Alarm ID	Alarm Severity	Alarm Type
3276800480	Warning	Equipment alarm

Parameters

Name	Meaning
OID	Indicates the MIB object ID of the alarm.
DroppedNum	Indicates the number of discarded packets.
Threshold	Indicates the alarm threshold.
BD	Indicates the ID of the BD where the DAI alarm function is configured.
PacketInfo	Indicates the interface, VLAN, source MAC address, and source IP address of the packets.

Impact on the System

If this alarm is generated, the device may be attacked. If the attack traffic volume is heavy, the device is busy processing attack packets. As a result, services of authorized users are interrupted.

Possible Causes

The number of packets discarded by DAI in a BD exceeds the alarm threshold. By default, the alarm threshold for ARP packets discarded by DAI is 100.

Procedure

If user services are not affected, the alarm does not need to be handled.
If user services are interrupted, perform the following operations:
1. Run the display dhcp snooping user-bind { { interface interface-type interface-number | ip-address ip-address | mac-address mac-address | vlan vlan-id | bridge-domain bd-id } ^* | all } [ verbose ] command to check the dynamic binding entries to see whether they are correct.
2. Find out the interface and user host that initiate the attack. Check whether the host is attacked. If not, the host belongs to the attacker. Take measures to defend against the attack, for example, disconnect the attacker's host.
3. Collect alarm and configuration information, and contact technical support.