-- ***************************************************************** -- DLINKSW-IP-SOURCE-GUARD-MIB.mib : IP Source Guard MIB -- -- Copyright (c) 2013 D-Link Corporation, all rights reserved. -- -- ***************************************************************** DLINKSW-IP-SOURCE-GUARD-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF MacAddress, RowStatus FROM SNMPv2-TC ifIndex, InterfaceIndex FROM IF-MIB InetAddressIPv4 FROM INET-ADDRESS-MIB VlanId FROM Q-BRIDGE-MIB Dlink2kVlanList FROM DLINKSW-TC-MIB dlinkIndustrialCommon FROM DLINK-ID-REC-MIB; dlinkSwIpSourceGuardMIB MODULE-IDENTITY LAST-UPDATED "201307180000Z" ORGANIZATION "D-Link Corp." CONTACT-INFO " D-Link Corporation Postal: No. 289, Sinhu 3rd Rd., Neihu District, Taipei City 114, Taiwan, R.O.C Tel: +886-2-66000123 E-mail: tsd@dlink.com.tw " DESCRIPTION "The MIB module is for configuration of IP Source Guard feature." REVISION "201307180000Z" DESCRIPTION "Initial revision of this MIB module." ::= { dlinkIndustrialCommon 132 } dIpSourceGuardMIBNotifs OBJECT IDENTIFIER ::= { dlinkSwIpSourceGuardMIB 0 } dIpSourceGuardMIBObjects OBJECT IDENTIFIER ::= { dlinkSwIpSourceGuardMIB 1 } dIpSourceGuardMIBConformance OBJECT IDENTIFIER ::= { dlinkSwIpSourceGuardMIB 2 } -- ----------------------------------------------------------------------------- dIpsgBindings OBJECT IDENTIFIER ::= { dIpSourceGuardMIBObjects 1 } dIpsgSrcGuard OBJECT IDENTIFIER ::= { dIpSourceGuardMIBObjects 2 } -- ----------------------------------------------------------------------------- dIpsgStaticBindingsTable OBJECT-TYPE SYNTAX SEQUENCE OF DigStaticBindingsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table provides the manual bindings information. e.g. VLAN MAC Address IP Address Interface ---- ----------------- ---------- --------- 2000 00.01.02.03.04.05 172.18.1.1 8 3000 00.05.06.07.08.09 10.1.1.1 3 4094 00.10.20.30.40.55 1.1.1.1 5 4094 00.10.20.30.40.55 1.1.1.1 6 4094 00.10.20.30.40.55 1.1.1.1 8 " ::= { dIpsgBindings 1 } dIpsgStaticBindingsEntry OBJECT-TYPE SYNTAX DigStaticBindingsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry defines a manual binding. " INDEX { dIpsgStaticBindingsVlan, dIpsgStaticBindingsMacAddress, dIpsgStaticBindingsIpAddress, dIpsgStaticBindingsInterface } ::= { dIpsgStaticBindingsTable 1 } DigStaticBindingsEntry ::= SEQUENCE { dIpsgStaticBindingsVlan VlanId, dIpsgStaticBindingsMacAddress MacAddress, dIpsgStaticBindingsIpAddress InetAddressIPv4, dIpsgStaticBindingsInterface InterfaceIndex, dIpsgStaticBindingsRowStatus RowStatus } dIpsgStaticBindingsVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the VLAN to which a host belongs." ::= { dIpsgStaticBindingsEntry 1 } dIpsgStaticBindingsMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the MAC address of a host." ::= { dIpsgStaticBindingsEntry 2 } dIpsgStaticBindingsIpAddress OBJECT-TYPE SYNTAX InetAddressIPv4 MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the allocated IP address of host." ::= { dIpsgStaticBindingsEntry 3 } dIpsgStaticBindingsInterface OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the ifIndex value of the interface where a host connects to." ::= { dIpsgStaticBindingsEntry 4 } dIpsgStaticBindingsRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to manage the creation and deletion of rows in this table. " ::= { dIpsgStaticBindingsEntry 99 } -- ----------------------------------------------------------------------------- dIpsgIfSrcGuardConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF DigIfSrcGuardConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table provides the mechanism to enable or disable IP Source Guard at every interface capable of this feature. When DHCP Snooping is enabled at an interface, a list of IP addresses is obtained through DHCP Snooping for this particular interface. If IP Source Guard is enabled, only traffic from these IP addresses is allowed to pass through the interface." ::= { dIpsgSrcGuard 1 } dIpsgIfSrcGuardConfigEntry OBJECT-TYPE SYNTAX DigIfSrcGuardConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row instance contains the configuration to enable or disable IP Source Guard as well as the configuration of the filter type at each interface capable of IP Source Guard feature." INDEX { ifIndex } ::= { dIpsgIfSrcGuardConfigTable 1 } DigIfSrcGuardConfigEntry ::= SEQUENCE { dIpsgIfSrcGuardFilterType INTEGER } dIpsgIfSrcGuardFilterType OBJECT-TYPE SYNTAX INTEGER { disable(1), ip(2), ipMac(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the traffic filter type applied at this interface. 'disable' - indicates that IP Source Guard feature is disabled. 'ip' - the validation is based on source IP address and VLAN only. 'ipMac' - the validation is based on the source MAC address, VLAN and IP address. " ::= { dIpsgIfSrcGuardConfigEntry 1 } -- ----------------------------------------------------------------------------- dIpsgIfSrcGuardAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF DigIfSrcGuardAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table provides the information on IP addresses used for IP Source Guard purpose at every interface capable of this feature." ::= { dIpsgSrcGuard 2 } dIpsgIfSrcGuardAddrEntry OBJECT-TYPE SYNTAX DigIfSrcGuardAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry defines a binding information that is used to guard the IP traffic. The binding entry may be either manually configured or automatically learned via DHCP snooping. " INDEX { ifIndex, dIpsgIfSrcGuardIndex } ::= { dIpsgIfSrcGuardAddrTable 1 } DigIfSrcGuardAddrEntry ::= SEQUENCE { dIpsgIfSrcGuardIndex Unsigned32, dIpsgIfSrcGuardFilterMode INTEGER, dIpsgIfSrcGuardIpAddress InetAddressIPv4, dIpsgIfSrcGuardIpFilterAction INTEGER, dIpsgIfSrcGuardMacAddress MacAddress, dIpsgIfSrcGuardMacFilterAction INTEGER, dIpsgIfSrcGuardVlansFirst2K Dlink2kVlanList, dIpsgIfSrcGuardVlansSecond2K Dlink2kVlanList } dIpsgIfSrcGuardIndex OBJECT-TYPE SYNTAX Unsigned32 ( 1 ..65535 ) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object is used to index the dIpsgIfSrcGuardAddrTable. This index is for SNMP purposes only, and has no intrinsic meaning." ::= { dIpsgIfSrcGuardAddrEntry 1 } dIpsgIfSrcGuardFilterMode OBJECT-TYPE SYNTAX INTEGER { active(1), inactiveTrustPort(2), inactiveNoSnoopingVlan(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the Source Guard filter mode at this interface. active(1) indicates that the Source Guard feature is active at this interface. inactiveTrustPort(2) indicates that the Source Guard feature is inactive because this interface is a DHCP Snooping trust interface and all IP traffic is permitted. In this case, dIpsgIfSrcGuardIpFilterAction is 'permitAllIpAdress'. inactiveNoSnoopingVlan(3) indicates that the Source Guard feature is inactive because this interface does not have a VLAN which has DHCP Snooping enabled and no IP source verify entry is active. In this case, all IP traffic is denied and dIpsgIfSrcGuardIpFilterAction is 'denyAllIpAddress'. If this object is not 'active', the entry is a special entry: traffic from any VLANs on the interface has the same behavior indicated by dIpsgIfSrcGuardIpFilterAction and both dIpsgIfSrcGuardVlansFirst2K and dIpsgIfSrcGuardVlansSecond2K are empty. " ::= { dIpsgIfSrcGuardAddrEntry 2 } dIpsgIfSrcGuardIpAddress OBJECT-TYPE SYNTAX InetAddressIPv4 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the IP address of the entry. A special value of '0.0.0.0' indicates this object is meaningless. " ::= { dIpsgIfSrcGuardAddrEntry 3 } dIpsgIfSrcGuardIpFilterAction OBJECT-TYPE SYNTAX INTEGER { permitIpAddress(1), permitAllIpAdress(2), denyAllIpAddress(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the IP Source Guard action applied at this interface with respect to IP traffic. permitIpAddress(1) - indicates that matching IP traffic will be allowed to go through. What is matching traffic depends on the value of dIpsgIfSrcGuardMacFilterAction. permitAllIpAdress(2) indicates that all IP traffic coming to this interface will be allowed. In this case, dIpsgIfSrcGuardIpAddress is 0.0.0.0. denyAllIpAdress(3) indicates that all IP traffic coming to this interface will be dropped. In this case, dIpsgIfSrcGuardIpAddress is 0.0.0.0. When this object is not 'permitIpAddress', the value of dIpsgIfSrcGuardMacFilterAction is meaningless. " ::= { dIpsgIfSrcGuardAddrEntry 4 } dIpsgIfSrcGuardMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the MAC address of the entry. A special value of '000000000000'H indicates this object is meaningless. " ::= { dIpsgIfSrcGuardAddrEntry 5 } dIpsgIfSrcGuardMacFilterAction OBJECT-TYPE SYNTAX INTEGER { allowMacAddress(1), permitAllMacAddresses(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the Source Guard action applied when the traffic matching the entry: allowMacAddress(1) - indicates that the IP traffic (compared source IP and source MAC with dIpsgIfSrcGuardIpAddress and dIpsgIfSrcGuardMacAddress respectively) will be allowed to go through. permitAllMacAddresses(2) - If dIpsgIfSrcGuardIpFilterAction is 'permitIpAddress', this value indicates that all the IP matching traffic (compared source IP with dIpsgIfSrcGuardIpAddress only) will be allowed to go through. When dIpsgIfSrcGuardIpFilterAction is 'permitAllIpAdress' or 'denyAllIpAdress', this object is meaningless. When dIpsgIfSrcGuardMacFilterAction is 'permitAllMacAddresses', dIpsgIfSrcGuardMacAddress is meaningless and '000000000000'H is used to indicate it. " ::= { dIpsgIfSrcGuardAddrEntry 6 } dIpsgIfSrcGuardVlansFirst2K OBJECT-TYPE SYNTAX Dlink2kVlanList MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the VLANs the entry is applied to in a string of octets containing one bit per VLAN for VLANs 1 to 2048. If the bit is set to '1', then the IP Source Guard is enabled on the VLAN. " ::= { dIpsgIfSrcGuardAddrEntry 7 } dIpsgIfSrcGuardVlansSecond2K OBJECT-TYPE SYNTAX Dlink2kVlanList MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the VLANs the entry is applied to in a string of octets containing one bit per VLAN for VLANs 2049 to 4094. If the bit is set to '1', then the IP Source Guard is enabled on the VLAN. " ::= { dIpsgIfSrcGuardAddrEntry 8 } -- Conformance dIpsgMIBCompliances OBJECT IDENTIFIER ::= { dIpSourceGuardMIBConformance 1 } dIpsgMIBGroups OBJECT IDENTIFIER ::= { dIpSourceGuardMIBConformance 2 } dIpsgMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the DLINKSW-IP-SOURCE-GUARD-MIB." MODULE -- this module MANDATORY-GROUPS { dIpsgIfSrcGuardTrafficFilterGroup, dIpsgVerifySrcInfoGroup } GROUP dIpsgStaticBindingsGroup DESCRIPTION "This group is mandatory only for platforms which support the DHCP bindings data statically configured by (local or network) management." GROUP dIpsgVerifySrcInfoExtGroup DESCRIPTION "This group is mandatory only for platforms which support interface IP and MAC source guard feature." ::= { dIpsgMIBCompliances 1 } -- Units of Conformance dIpsgStaticBindingsGroup OBJECT-GROUP OBJECTS { dIpsgStaticBindingsRowStatus } STATUS current DESCRIPTION "A collection of objects which are used to configure as well as show information regarding the static binding data for IP Source Guard." ::= { dIpsgMIBGroups 1 } dIpsgVerifySrcInfoGroup OBJECT-GROUP OBJECTS { dIpsgIfSrcGuardIpAddress, dIpsgIfSrcGuardIpFilterAction, dIpsgIfSrcGuardFilterMode } STATUS current DESCRIPTION "A collection of objects which are used to show information regarding interface IP source guard purpose." ::= { dIpsgMIBGroups 2 } dIpsgVerifySrcInfoExtGroup OBJECT-GROUP OBJECTS { dIpsgIfSrcGuardMacAddress, dIpsgIfSrcGuardMacFilterAction, dIpsgIfSrcGuardVlansFirst2K, dIpsgIfSrcGuardVlansSecond2K } STATUS current DESCRIPTION "A collection of objects which are used to indicate additional information regarding the IP source guard feature." ::= { dIpsgMIBGroups 3 } dIpsgIfSrcGuardTrafficFilterGroup OBJECT-GROUP OBJECTS { dIpsgIfSrcGuardFilterType } STATUS current DESCRIPTION "A collection of objects which are used to configure the type of traffic to be filtered by IP source guard feature." ::= { dIpsgMIBGroups 4 } END