mibs/MIBS/dlink/DLINKSW-PORT-SECURITY-MIB

551 lines
20 KiB
Plaintext
Raw Permalink Normal View History

2023-12-05 12:25:34 +01:00
-- *****************************************************************
-- DLINKSW-PORT-SECURITY-MIB.mib : Port Security MIB
--
-- Copyright (c) 2013 D-Link Corporation, all rights reserved.
--
-- *****************************************************************
DLINKSW-PORT-SECURITY-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-TYPE,
NOTIFICATION-TYPE,
Unsigned32,
Integer32,
Counter64
FROM SNMPv2-SMI
TruthValue,
MacAddress,
RowStatus
FROM SNMPv2-TC
MODULE-COMPLIANCE,
OBJECT-GROUP
FROM SNMPv2-CONF
ifIndex, InterfaceIndex
FROM IF-MIB
VlanId,
VlanIdOrNone
FROM Q-BRIDGE-MIB
dlinkIndustrialCommon
FROM DLINK-ID-REC-MIB;
dlinkSwPortSecurityMIB MODULE-IDENTITY
LAST-UPDATED "201307300000Z"
ORGANIZATION "D-Link Corp."
CONTACT-INFO
" D-Link Corporation
Postal: No. 289, Sinhu 3rd Rd., Neihu District,
Taipei City 114, Taiwan, R.O.C
Tel: +886-2-66000123
E-mail: tsd@dlink.com.tw
"
DESCRIPTION
"This MIB module defines objects for port security."
REVISION "201307300000Z"
DESCRIPTION
" This is the first version of the MIB file for 'port
security' functionality.
"
::= { dlinkIndustrialCommon 8 }
-- -----------------------------------------------------------------------------
dPortSecNotifications OBJECT IDENTIFIER ::= { dlinkSwPortSecurityMIB 0 }
dPortSecObjects OBJECT IDENTIFIER ::= { dlinkSwPortSecurityMIB 1 }
dPortSecConformance OBJECT IDENTIFIER ::= { dlinkSwPortSecurityMIB 2 }
-- -----------------------------------------------------------------------------
-- dPortSecObjects
-- -----------------------------------------------------------------------------
dPortSecGlobalNotifControl OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Set to 'true' to enable global SNMP Notification
for port security feature. Setting the object to
'false' will disable SNMP notifications."
DEFVAL { false }
::= { dPortSecObjects 1}
dPortSecGlobalNotifRate OBJECT-TYPE
SYNTAX Unsigned32 (0..1000)
UNITS "notifications per second"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Expressed in the number of notifications can be generated
per second.
The global control configures the rate-limit of
SNMP Notification for port security feature. This object
specifies the rate at which SNMP Notification is generated
when dPortSecIfViolationCount increases. When the rate is over
the configured rate, the SNMP Notification is suppressed but it
does not affect dPortSecIfViolationCount.
A value of 0 indicates that an SNMP Notification is generated
for every security violation."
DEFVAL { 0 }
::= { dPortSecObjects 2 }
dPortSecNotifyInfo OBJECT IDENTIFIER ::= { dPortSecObjects 3 }
dPortSecIfViolationMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This object is also used as a variable in the dPortSecMacAddrViolation
notification to contain the value of the MAC address which caused the violation."
::= { dPortSecNotifyInfo 1 }
dPortSecGlobalMaximumNum OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the system maximum addresses number (users) allowed.
A value of -1 means no-limit. The max entry range is (1..N).
The value N means the max number and is determined by the project itself."
DEFVAL { -1 }
::= { dPortSecObjects 4}
dPortSecVlanTable OBJECT-TYPE
SYNTAX SEQUENCE OF DPortSecVlanEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table is used to configure and display port security settings
and status for a particular VLAN."
::= { dPortSecObjects 5}
dPortSecVlanEntry OBJECT-TYPE
SYNTAX DPortSecVlanEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry contains port security information for a particular
VLAN."
INDEX { dPortSecVlanID }
::= { dPortSecVlanTable 1}
DPortSecVlanEntry ::= SEQUENCE {
dPortSecVlanID VlanId,
dPortSecVlanMaximumNum Integer32,
dPortSecVlanCurrentNum Unsigned32
}
dPortSecVlanID OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object specifies the VLAN ID for address learning."
::= { dPortSecVlanEntry 1}
dPortSecVlanMaximumNum OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the VLAN maximum addresses number (users) allowed.
A value of -1 means no-limit. The range is (1..N).
The value N means the upper limit and is determined by the project
itself."
DEFVAL { -1 }
::= { dPortSecVlanEntry 2}
dPortSecVlanCurrentNum OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the current number of secure MAC addresses on this VLAN."
::= { dPortSecVlanEntry 3}
dPortSecIfTable OBJECT-TYPE
SYNTAX SEQUENCE OF DPortSecIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table is used to configure and display port security settings
and status for a particular interface."
::= { dPortSecObjects 6 }
dPortSecIfEntry OBJECT-TYPE
SYNTAX DPortSecIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry containing port security information for a particular
interface."
INDEX { ifIndex }
::= { dPortSecIfTable 1 }
DPortSecIfEntry ::= SEQUENCE {
dPortSecIfEnable TruthValue,
dPortSecIfCurrentStatus INTEGER,
dPortSecIfMaximumNum Unsigned32,
dPortSecIfViolationAction INTEGER,
dPortSecIfSecureMode INTEGER,
dPortSecIfAgingTime INTEGER,
dPortSecIfAgingType INTEGER,
dPortSecIfClearDynamicAddr INTEGER,
dPortSecIfCurrentNum Unsigned32,
dPortSecIfViolationCount Counter64
}
dPortSecIfEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Uses the object to enable or disable port security."
DEFVAL { false }
::= { dPortSecIfEntry 1 }
dPortSecIfCurrentStatus OBJECT-TYPE
SYNTAX INTEGER { notEnabled(1), forwarding(2), errDisabled(3) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents the operational status
of the port security feature on an interface.
notEnabled(1) - This indicates port security
is not enabled.
forwarding(2) - This indicates port security is
operational.
errDisabled(3) - This indicates that the port is
shutdown due to port security
violation when the object
dPortSecIfViolationAction is of type
'shutdown'."
::= { dPortSecIfEntry 2 }
dPortSecIfMaximumNum OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object sets the maximum number of secure MAC addresses
(users) allowed."
DEFVAL { 32 }
::= { dPortSecIfEntry 3 }
dPortSecIfViolationAction OBJECT-TYPE
SYNTAX INTEGER { protect(1), restrict(2), shutdown(3) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object sets the action to be taken when a security violation is detected.
protect(1) - Drops all the packets from the insecure hosts at the
port-security process level but does not increment
the security-violation count.
restrict(2) - Drops all packets from the insecure hosts at the
port-security process level and increments the
security-violation count.
shutdown(3) - Shuts down the port if there is a security violation."
DEFVAL { shutdown }
::= { dPortSecIfEntry 4 }
dPortSecIfSecureMode OBJECT-TYPE
SYNTAX INTEGER {
permanent(1),
deleteOnTimeout(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Use the object to set the port security mode.
permanent(1) - Under this mode all learned MAC addresses won't be
purged unless a user deletes these entries manually.
deleteOnTimeout(2) - Under this mode all learned MAC addresses
will be purged when an entry ages out or a user deletes
these entries manually."
DEFVAL { deleteOnTimeout }
::= { dPortSecIfEntry 5 }
dPortSecIfAgingTime OBJECT-TYPE
SYNTAX INTEGER(0..1440)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Use the object to set aging time for auto-learned dynamic secured address.
When 0 is set on the specified interface, it means the port security aging
has been disabled."
DEFVAL { 0 }
::= { dPortSecIfEntry 6 }
dPortSecIfAgingType OBJECT-TYPE
SYNTAX INTEGER {
absolute(1),
inactivity(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Use the object to set aging type for auto-learned dynamic secured address.
absolute(1) - Under this aging type, all the secured address on this interface will
age out exactly after the time specified.
inactivity(2) - Under this aging type, all learned MAC addresses on this interface
will age out only if there is no data traffic from the secure source
address for the specified time period."
DEFVAL { absolute }
::= { dPortSecIfEntry 7 }
dPortSecIfClearDynamicAddr OBJECT-TYPE
SYNTAX INTEGER {
clear(1),
noOp(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this object to 'clear' to clear the addresses which will be
purged out when an entry is aged out on the corresponding
interface.
No action is taken if this object is set to 'noOp'.
When read, the value 'noOp' is returned."
DEFVAL { noOp }
::= { dPortSecIfEntry 8 }
dPortSecIfCurrentNum OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the current number of secure MAC addresses
on this interface."
::= { dPortSecIfEntry 9 }
dPortSecIfViolationCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of address violations
occurred on a secure interface. The counter will
be initialized to zero when the port security
feature is enabled on an interface."
::= { dPortSecIfEntry 10 }
-- -----------------------------------------------------------------------------
dPortSecAddrTableCurrentNum OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the number of entries present in the dPortSecAddrTable."
::= { dPortSecObjects 7 }
dPortSecAddrTable OBJECT-TYPE
SYNTAX SEQUENCE OF DPortSecAddrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of port security entries containing the secure MAC address
information."
::= { dPortSecObjects 8 }
dPortSecAddrEntry OBJECT-TYPE
SYNTAX DPortSecAddrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry contains secure MAC address information for a particular
interface. A secure MAC address can be added by the user
and can be added when the device learns a new secure MAC address."
INDEX { dPortSecAddrIfIndex, dPortSecAddrVlanID, dPortSecAddrMacAddress }
::= { dPortSecAddrTable 1 }
DPortSecAddrEntry ::= SEQUENCE {
dPortSecAddrIfIndex InterfaceIndex,
dPortSecAddrVlanID VlanIdOrNone,
dPortSecAddrMacAddress MacAddress,
dPortSecAddrSecureMode INTEGER,
dPortSecAddrRemainTime INTEGER,
dPortSecAddrRowStatus RowStatus
}
dPortSecAddrIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ifIndex value of the interface."
::= { dPortSecAddrEntry 1 }
dPortSecAddrVlanID OBJECT-TYPE
SYNTAX VlanIdOrNone
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object specifies the VLAN ID where the user-defined secure
MAC address is located. If this object is set to 0 at row creation
time, the PVID (default port VLAN ID) will be used for the MAC
address."
::= { dPortSecAddrEntry 2 }
dPortSecAddrMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object indicates the secure MAC address to gain port access
rights."
::= { dPortSecAddrEntry 3 }
dPortSecAddrSecureMode OBJECT-TYPE
SYNTAX INTEGER {
permanent(1),
deleteOnTimeout(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the secure mode.
For manually configured secure MAC addresses, the dPortSecAddrSecureMode is
permanent."
::= { dPortSecAddrEntry 4 }
dPortSecAddrRemainTime OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the remaining aging time for the auto-learned dynamic secured address."
::= { dPortSecAddrEntry 5 }
dPortSecAddrRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this conceptual row.
This object is used to create and delete instances
of this table. In other words, besides 'permanent' secure MAC
address, a 'deleteOnTimeout' address can be cleared by
this object."
::= { dPortSecAddrEntry 99 }
-- ***************************************************************************
-- Notifications
-- ***************************************************************************
dPortSecMacAddrViolation NOTIFICATION-TYPE
OBJECTS {
ifIndex,
dPortSecIfCurrentStatus,
dPortSecIfViolationMacAddress
}
STATUS current
DESCRIPTION
"The address violation notification is generated when port security
address violation is detected (dPortSecIfViolationCount increases)."
::= { dPortSecNotifications 1 }
-- ***************************************************************************
-- Conformance
-- ***************************************************************************
dPortSecMIBCompliances
OBJECT IDENTIFIER ::= { dPortSecConformance 1 }
dPortSecMIBGroups
OBJECT IDENTIFIER ::= { dPortSecConformance 2 }
dPortSecMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for the Port Security MIB."
MODULE -- this module
MANDATORY-GROUPS {
dPortSecIfCfgGroup,
dPortSecIfStatusGroup,
dPortSecAddrGroup
}
::= { dPortSecMIBCompliances 1 }
dPortSecIfCfgGroup OBJECT-GROUP
OBJECTS {
dPortSecIfEnable,
dPortSecIfMaximumNum,
dPortSecIfViolationAction,
dPortSecIfSecureMode,
dPortSecIfAgingTime,
dPortSecIfAgingType,
dPortSecIfClearDynamicAddr
}
STATUS current
DESCRIPTION
"A collection of objects for configuring port
security feature."
::= { dPortSecMIBGroups 1 }
dPortSecIfStatusGroup OBJECT-GROUP
OBJECTS {
dPortSecIfCurrentNum,
dPortSecIfCurrentStatus,
dPortSecIfViolationCount
}
STATUS current
DESCRIPTION
"A collection of objects providing the counter
information for the port security feature."
::= { dPortSecMIBGroups 2 }
dPortSecAddrGroup OBJECT-GROUP
OBJECTS {
dPortSecAddrRowStatus,
dPortSecAddrSecureMode,
dPortSecAddrRemainTime,
dPortSecAddrTableCurrentNum
}
STATUS current
DESCRIPTION
"A collection of objects providing the address
information for the port security feature."
::= { dPortSecMIBGroups 3 }
dPortSecAddrNumCtrlGroup OBJECT-GROUP
OBJECTS {
dPortSecGlobalMaximumNum,
dPortSecVlanMaximumNum,
dPortSecVlanCurrentNum
}
STATUS current
DESCRIPTION
"A collection of objects provides the configuration of
the maximum secure MAC address number on system or VLAN specific."
::= { dPortSecMIBGroups 4 }
dPortSecNotifEnableGroup OBJECT-GROUP
OBJECTS {
dPortSecGlobalNotifControl,
dPortSecGlobalNotifRate
}
STATUS current
DESCRIPTION
"A collection of object(s) that provides control over
port security related notification(s)."
::= { dPortSecMIBGroups 5}
dPortSecNotifGroup NOTIFICATION-GROUP
NOTIFICATIONS {
dPortSecMacAddrViolation
}
STATUS current
DESCRIPTION
"A collection of notifications providing information
about address violation."
::= { dPortSecMIBGroups 6}
END