mibs/MIBS/hp/HP-ICF-ARP-PROTECT

496 lines
16 KiB
Plaintext
Raw Permalink Normal View History

2023-12-05 12:25:34 +01:00
--
HP-ICF-ARP-PROTECT DEFINITIONS ::= BEGIN
IMPORTS
hpSwitch
FROM HP-ICF-OID
ifIndex
FROM IF-MIB
InetAddressType
FROM INET-ADDRESS-MIB
InetAddress
FROM INET-ADDRESS-MIB
VlanIndex
FROM Q-BRIDGE-MIB
OBJECT-GROUP, MODULE-COMPLIANCE, NOTIFICATION-GROUP
FROM SNMPv2-CONF
Counter32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE
FROM SNMPv2-SMI
TruthValue, MacAddress
FROM SNMPv2-TC;
-- 1.3.6.1.4.1.11.2.14.11.5.1.37
hpicfArpProtect MODULE-IDENTITY
LAST-UPDATED "200708290000Z" -- August 29, 2007 at 00:00 GMT
ORGANIZATION
"Hewlett-Packard Company
ProCurve Networking Business"
CONTACT-INFO
"Hewlett-Packard Company
8000 Foothills Blvd.
Roseville, CA 95747"
DESCRIPTION
"This MIB module contains HP proprietary
objects for managing Dynamic ARP
Protection."
REVISION "200708290000Z" -- August 29, 2007 at 00:00 GMT
DESCRIPTION
"Added hpicfArpProtectNotification and associated objects."
REVISION "200605030027Z" -- May 03, 2006 at 00:27 GMT
DESCRIPTION
"Initial revision."
::= { hpSwitch 37 }
--
-- Node definitions
--
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.0
hpicfArpProtectNotifications OBJECT IDENTIFIER ::= { hpicfArpProtect 0 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.0.1
hpicfArpProtectErrantReply NOTIFICATION-TYPE
OBJECTS { hpicfArpProtectErrantCnt, hpicfArpProtectErrantSrcMac,
hpicfArpProtectErrantSrcIpType, hpicfArpProtectErrantSrcIp,
hpicfArpProtectErrantDestMac, hpicfArpProtectErrantDestIpType,
hpicfArpProtectErrantDestIp }
STATUS current
DESCRIPTION
"An hpicfArpProtectErrantReply notification signifies that
the ARP protection entity is enabled and has detected
an errant ARP reply packet. The source and
destination addresses from the packet header are included
in the notification."
::= { hpicfArpProtectNotifications 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1
hpicfArpProtectObjects OBJECT IDENTIFIER ::= { hpicfArpProtect 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1
hpicfArpProtectConfig OBJECT IDENTIFIER ::= { hpicfArpProtectObjects 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1
hpicfArpProtectGlobalCfg OBJECT IDENTIFIER ::= { hpicfArpProtectConfig 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.1
hpicfArpProtectEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The administrative status of the ARP Protection
feature."
::= { hpicfArpProtectGlobalCfg 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.2
hpicfArpProtectVlanEnable OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (512))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The administrative status for Dynamic ARP Protection
on each VLAN. There will be one bit in this string
for each possible VLAN ID. Each octet within this
value specifies a set of eight VLANs, with the first
octet specifying VLAN IDs 1 through 8, the second
octet specifying VLAN IDs 9 through 16, etc. Within
each octet, the most significant bit represents the
lowest numbered VLAN ID, and the least significant
bit represents the highest numbered VLAN ID. Thus,
each possible VLAN ID of the bridge is represented by
a single bit within the value of this object. If
that bit has a value of '1', then Dynamic ARP
Protection is enabled on that VLAN; Dynamic ARP
Protection is not enabled on the VLAN its bit has a
value of '0'."
::= { hpicfArpProtectGlobalCfg 2 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.3
hpicfArpProtectValidation OBJECT-TYPE
SYNTAX BITS
{
srcMac(0),
dstMac(1),
ip(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Additional validation checks to perform on ARP
packets during Dynamic ARP Protection.
srcMac - Drop any ARP request or response
packet where the source MAC address in
the Ethernet header does not match the
sender MAC address in the body of the
ARP packet.
dstMac - Drop any unicast ARP response packet
where the destination MAC address in the
Ethernet header does not match the target
MAC address in the body of the ARP packet.
ip - Drop any ARP packet where the sender IP
address is invalid. Drop any ARP response
packet where the target IP address is
invalid. Invalid addresses include
0.0.0.0, 255.255.255.255, all IP multicast
addresses, and all class E IP addresses.
These checks are only performed for ARP packets
received on untrusted ports in VLANs that are enabled
for Dynamic ARP Protection. ARP packets received on
trusted ports, and ARP packets in VLANs for which
Dynamic ARP Protection is disabled, are forwarded
without validation."
::= { hpicfArpProtectGlobalCfg 3 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.4
hpicfArpProtectErrantNotifyEnable OBJECT-TYPE
SYNTAX INTEGER
{
enabled(1),
disabled(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Provides operational control of hpicfArpProtectErrantReply."
::= { hpicfArpProtectGlobalCfg 4 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.2
hpicfArpProtectPortTable OBJECT-TYPE
SYNTAX SEQUENCE OF HpicfArpProtectPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Per-interface configuration for Dynamic ARP
Protection."
::= { hpicfArpProtectConfig 2 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.2.1
hpicfArpProtectPortEntry OBJECT-TYPE
SYNTAX HpicfArpProtectPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Dynamic ARP Protection configuration information for
a single port."
INDEX { ifIndex }
::= { hpicfArpProtectPortTable 1 }
HpicfArpProtectPortEntry ::=
SEQUENCE {
hpicfArpProtectPortTrust
TruthValue
}
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.2.1.1
hpicfArpProtectPortTrust OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether this port is
trusted for Dynamic ARP Protection."
::= { hpicfArpProtectPortEntry 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2
hpicfArpProtectStatus OBJECT IDENTIFIER ::= { hpicfArpProtectObjects 2 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1
hpicfArpProtectVlanStatTable OBJECT-TYPE
SYNTAX SEQUENCE OF HpicfArpProtectVlanStatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Per-VLAN statistics for Dynamic ARP Protection."
::= { hpicfArpProtectStatus 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1
hpicfArpProtectVlanStatEntry OBJECT-TYPE
SYNTAX HpicfArpProtectVlanStatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Dynamic ARP Protection statistics for a single VLAN."
INDEX { hpicfArpProtectVlanStatIndex }
::= { hpicfArpProtectVlanStatTable 1 }
HpicfArpProtectVlanStatEntry ::=
SEQUENCE {
hpicfArpProtectVlanStatIndex
VlanIndex,
hpicfArpProtectVlanStatForwards
Counter32,
hpicfArpProtectVlanStatBadPkts
Counter32,
hpicfArpProtectVlanStatBadBindings
Counter32,
hpicfArpProtectVlanStatBadSrcMacs
Counter32,
hpicfArpProtectVlanStatBadDstMacs
Counter32,
hpicfArpProtectVlanStatBadIpAddrs
Counter32
}
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.1
hpicfArpProtectVlanStatIndex OBJECT-TYPE
SYNTAX VlanIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This variable uniquely identifies the VLAN that
the counters in this entry apply to. The VLAN
identified by this object is the same VLAN as
identified by the identical value in the
dot1qVlanIndex object."
::= { hpicfArpProtectVlanStatEntry 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.2
hpicfArpProtectVlanStatForwards OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of ARP packets received on untrusted
ports in this VLAN that were successfully validated
and forwarded. This count does not increment for
VLANs for which Dynamic ARP Protection is not
enabled."
::= { hpicfArpProtectVlanStatEntry 2 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.3
hpicfArpProtectVlanStatBadPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of ARP packets received on untrusted
ports that were dropped because they were malformed
in some way. This may include an unrecognized
opcode, an unrecognized protocol type, an
unrecognized hardware type, an invalid protocol
address length, or an invalid hardware address
length. This count does not increment for VLANs
for which Dynamic ARP Protection is not enabled."
::= { hpicfArpProtectVlanStatEntry 3 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.4
hpicfArpProtectVlanStatBadBindings OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of ARP packets received on untrusted
ports that were dropped because they advertized
a source IP-to-MAC binding that did not match a
known, valid binding. This count does not increment
for VLANs for which Dynamic ARP Protection is not
enabled."
::= { hpicfArpProtectVlanStatEntry 4 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.5
hpicfArpProtectVlanStatBadSrcMacs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of ARP packets received on untrusted
ports that were dropped because the source MAC
address in the Ethernet header did not match the
sender MAC address in the body of the ARP packet.
This count does not increment when source MAC
validation is not enabled. This count does not
increment for VLANs for which Dynamic ARP Protection
is not enabled."
::= { hpicfArpProtectVlanStatEntry 5 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.6
hpicfArpProtectVlanStatBadDstMacs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of unicast ARP response packets received
on untrusted ports that were dropped because the
destination MAC address in the Ethernet header did
not match the target MAC address in the body of the
ARP packet. This count does not increment when
destination address validation is not enabled.
This count does not increment for VLANs for which
Dynamic ARP Protection is not enabled."
::= { hpicfArpProtectVlanStatEntry 6 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.7
hpicfArpProtectVlanStatBadIpAddrs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of ARP packets received on untrusted
ports that were dropped because they contained
an invalid sender IP address, or they contained
an invalid target IP address in an ARP response.
This count does not increment when IP address
validation is not enabled. This count does not
increment for VLANs for which Dynamic ARP Protection
is not enabled."
::= { hpicfArpProtectVlanStatEntry 7 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.3
hpicfArpProtectErrantCnt OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"A count of hpicfArpProtectErrantReply sent
from the ARP Protection entity to the SNMP
entity. This count may differ from the count
of notifications transmitted due to rate
limiting or configuration."
::= { hpicfArpProtectObjects 3 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.4
hpicfArpProtectErrantSrcMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Errant source MAC address included in a
hpicfArpProtectNotification."
::= { hpicfArpProtectObjects 4 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.5
hpicfArpProtectErrantSrcIpType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IP Address type reported in hpicfArpProtectErrantSrcIp."
::= { hpicfArpProtectObjects 5 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.6
hpicfArpProtectErrantSrcIp OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Errant source IP address included in a
hpicfArpProtectNotification."
::= { hpicfArpProtectObjects 6 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.7
hpicfArpProtectErrantDestMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Errant destination MAC address included in a
hpicfArpProtectNotification."
::= { hpicfArpProtectObjects 7 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.8
hpicfArpProtectErrantDestIpType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IP Address type reported in hpicfArpProtectErrantDestIp."
::= { hpicfArpProtectObjects 8 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.9
hpicfArpProtectErrantDestIp OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Errant destination IP address included in a
hpicfArpProtectNotification."
::= { hpicfArpProtectObjects 9 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2
hpicfArpProtectConformance OBJECT IDENTIFIER ::= { hpicfArpProtect 2 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.1
hpicfArpProtectGroups OBJECT IDENTIFIER ::= { hpicfArpProtectConformance 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.1.1
hpicfArpProtectBaseGroup OBJECT-GROUP
OBJECTS { hpicfArpProtectEnable, hpicfArpProtectVlanEnable,
hpicfArpProtectValidation, hpicfArpProtectPortTrust,
hpicfArpProtectVlanStatForwards, hpicfArpProtectVlanStatBadPkts,
hpicfArpProtectVlanStatBadBindings, hpicfArpProtectVlanStatBadSrcMacs,
hpicfArpProtectVlanStatBadDstMacs, hpicfArpProtectVlanStatBadIpAddrs,
hpicfArpProtectErrantSrcMac, hpicfArpProtectErrantSrcIp,
hpicfArpProtectErrantDestMac, hpicfArpProtectErrantSrcIpType,
hpicfArpProtectErrantDestIpType, hpicfArpProtectErrantDestIp,
hpicfArpProtectErrantCnt, hpicfArpProtectErrantNotifyEnable }
STATUS current
DESCRIPTION
"A collection of objects for configuring and
monitoring the base Dynamic ARP Protection
functionality."
::= { hpicfArpProtectGroups 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.1.2
hpicfArpProtectionNotifications NOTIFICATION-GROUP
NOTIFICATIONS { hpicfArpProtectErrantReply }
STATUS current
DESCRIPTION
"A group of Notifications whose implementation is
mandatory when HP-ICF-ARP-PROTECTION is
implemented."
::= { hpicfArpProtectGroups 2 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.2
hpicfArpProtectCompliances OBJECT IDENTIFIER ::= { hpicfArpProtectConformance 2 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.2.1
hpicfArpProtectCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for HP ProCurve switches
that support Dynamic ARP Protection."
MODULE -- this module
MANDATORY-GROUPS { hpicfArpProtectBaseGroup, hpicfArpProtectionNotifications }
::= { hpicfArpProtectCompliances 1 }
END