HP ProCurve Series 3400cl Release Notes page 81

Procurve series

Hide thumbs Also See for ProCurve Series 3400cl:

Management manual (664 pages)

Management and configuration manual (508 pages)

Access security manual (404 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

page of 197

/ 197
Contents
Table of Contents
Bookmarks

Table of Contents

Parameter Name

ip-address-count

system-resource-usage

(Denial of Service logging)

port-auth-failures/min

system-delay

mac-address-count

mac-moves/min

learn-discards/min

Operating Notes

To generate alerts for monitored events, you must enable the instrumentation monitoring

■

log and/or SNMP trap. The threshold for each monitored parameter is configurable and can

be adjusted to minimize false alarms (see

When a parameter exceeds its threshold, an alert (event log message and/or SNMP trap) is

■

generated to inform network administrators of this condition. The following example shows

an event log message that occurs when the number of MAC addresses learned in the

forwarding table exceeds the configured threshold:

Standard Date/Time Prefix

for Event Log Messages

W 05/27/06 12:10:16 inst-mon: Limit for MAC addr count (300) is exceeded (321)

Figure 16. Example of Event Log Message generated by Instrumentation Monitor

Description

The number of destination IP addresses learned in the IP forwarding table. Some

attacks fill the IP forwarding table causing legitimate traffic to be dropped.

The percentage of system resources in use. Some Denial-of-Service (DoS) attacks

will cause excessive system resource usage, resulting in insufficient resources for

legitimate traffic.

The count of failed CLI login attempts or SNMP management authentication failures.

This indicates an attempt has been made to manage the switch with an invalid login

or password. Also, it might indicate a network management station has not been

configured with the correct SNMP authentication parameters for the switch.

The count of times a client has been unsuccessful logging into the network

The response time, in seconds, of the CPU to new network events such as BPDU

packets or packets for other network protocols. Some DoS attacks can cause the

CPU to take too long to respond to new network events, which can lead to a

breakdown of Spanning Tree or other features. A delay of several seconds indicates

a problem.

The number of MAC addresses learned in the forwarding table. Some attacks fill the

forwarding table so that new conversations are flooded to all parts of the network.

The average number of MAC address moves from one port to another per minute.

This usually indicates a network loop, but can also be caused by DoS attacks.

Number of MAC address learn events per minute discarded to help free CPU

resources when busy.

"inst-mon" label indicates an

Instrumentation Monitor event

"Configuring Instrumentation Monitor" on page

Monitored

Parameter

Enhancements

Release M.10.04 Enhancements

Threshold

Value

73).

Current

Value

Table of Contents

This manual is also suitable for:

Procurve 3400cl-48g Procurve 6400cl-6xg Procurve 6410cl-6xg Procurve 3400cl-24g

HP ProCurve Series 3400cl Release Notes page 81

Related Manuals for HP ProCurve Series 3400cl

Related Products for HP ProCurve Series 3400cl

This manual is also suitable for:

Table of Contents