ALM-3276800474 The number of DHCPv6 Request messages that were discarded on an interface because they did not match the binding entries exceeded the threshold
Description
DHCP/1/DHCPV6REQUESTTRAP:OID [OID] The number of the discarded DHCPv6 request packets that do not match the binding table exceeds the threshold on the interface. (Interface=[OCTET], VlanID=[INTEGER], BdID=[INTEGER], LastDroppedSourceMac=[OCTET], DiscardedNumber=[INTEGER])
The number of DHCPv6 Request messages that were discarded on an interface because they did not match the binding entries exceeded the threshold.
Attribute
Alarm ID |
Alarm Severity |
Alarm Type |
---|---|---|
3276800474 |
Warning |
Equipment alarm |
Parameters
Name |
Meaning |
---|---|
OID |
Indicates the MIB object ID of the alarm. |
Interface |
Interface name. |
VlanID |
VLAN ID. |
BdID |
Indicates the BD ID. |
LastDroppedSourceMac |
Source MAC address of the last discarded message. |
DiscardedNumber |
Number of discarded messages. |
Impact on the System
Invalid DHCPv6 Request messages are discarded.
Possible Causes
Attacks from bogus DHCPv6 users were received.
Procedure
-
Run the display dhcpv6 snooping user-bind command to check information about DHCPv6 snooping binding entries on the interface and determine the interface or VLAN from which the user goes online based on the source MAC address of the last discarded message.
-
Obtain the DHCPv6 Request messages received on the interface or in the VLAN using the port mirroring method.
-
If a user connected to the interface sends a large number of DHCPv6 Request messages that do not match the binding entries, the user is an unauthorized user and the sent messages are attack messages. The device discards the attack messages. Check the attack source based on the user's IPv6 address or MAC address.
-
If users connected to the interface do not send a large number of DHCPv6 Request messages that do not match the binding entries, the messages sent by the users are not attack messages. To ensure that the users pass the check, cancel the dhcp snooping check dhcp-request enable command configuration on the interface.
-
Related Information
None
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot