LINKSYS-BRIDGE-SECURITY DEFINITIONS ::= BEGIN -- Version: 7.43 -- Date: 02-Apr-2006 IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, IpAddress, Counter32 FROM SNMPv2-SMI InterfaceIndex, ifIndex FROM IF-MIB RowStatus, TEXTUAL-CONVENTION, MacAddress, DisplayString, TruthValue FROM SNMPv2-TC VlanId FROM Q-BRIDGE-MIB rnd FROM LINKSYS-MIB; rlBridgeSecurity MODULE-IDENTITY LAST-UPDATED "200604020000Z" ORGANIZATION "" CONTACT-INFO "" DESCRIPTION "The private MIB module definition for DHCP Snoop, ARP Inspection and Ip source Guard features." ::= { rnd 112} rlIpDhcpSnoop OBJECT IDENTIFIER ::= { rlBridgeSecurity 1} rlIpSourceGuard OBJECT IDENTIFIER ::= { rlBridgeSecurity 2} rlIpArpInspect OBJECT IDENTIFIER ::= { rlBridgeSecurity 3} rlProtocolFiltering OBJECT IDENTIFIER ::= { rlBridgeSecurity 4} -- -- DHCP Snoop -- rlIpDhcpSnoopMibVersion OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "MIB's version, the current version is 1." ::= { rlIpDhcpSnoop 1 } rlIpDhcpSnoopEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies a system DHCP Snoop enable state." ::= { rlIpDhcpSnoop 2 } rlIpDhcpSnoopFileEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies a system DHCP Snoop file enable state." ::= { rlIpDhcpSnoop 3 } rlIpDhcpSnoopClearAction OBJECT-TYPE SYNTAX INTEGER { noAction(1), -- for get only clearNow(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Used to clear DHCP Snoop Table." ::= { rlIpDhcpSnoop 4 } rlIpDhcpSnoopFileUpdateTime OBJECT-TYPE SYNTAX INTEGER(600..86400) MAX-ACCESS read-write STATUS current DESCRIPTION "Configures in seconds the period of time between file updates. The valid range is 600 - 86400." ::= { rlIpDhcpSnoop 5 } rlIpDhcpSnoopVerifyMacAddress OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Configures on an un-trusted port whether the source MAC address in a DHCP packet matches the client hardware address." ::= { rlIpDhcpSnoop 6 } rlIpDhcpSnoopCurrentEntiresNumber OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Contain the current number of DHCP snooping entries for all types." ::= { rlIpDhcpSnoop 7 } rlIpDhcpOpt82InsertionEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies a DHCP option 82 insertion enable state." ::= { rlIpDhcpSnoop 8 } rlIpDhcpOpt82RxOnUntrustedEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies a DHCP option 82 receive on untrusted port enable state." ::= { rlIpDhcpSnoop 9 } -- -- Dhcp Snoop Static table -- rlIpDhcpSnoopStaticTable OBJECT-TYPE SYNTAX SEQUENCE OF RlIpDhcpSnoopStaticEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table specifies all DHCP Snoop Static (configured by user) entries. The entry contains a local IP address of the DHCP client, a Port interface to which a DHCP client is connected to the switch." ::= { rlIpDhcpSnoop 10 } rlIpDhcpSnoopStaticEntry OBJECT-TYPE SYNTAX RlIpDhcpSnoopStaticEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The row definition for this table." INDEX {rlIpDhcpSnoopStaticVLANTag, rlIpDhcpSnoopStaticMACAddress} ::= { rlIpDhcpSnoopStaticTable 1 } RlIpDhcpSnoopStaticEntry ::= SEQUENCE { rlIpDhcpSnoopStaticVLANTag VlanId, rlIpDhcpSnoopStaticMACAddress MacAddress, rlIpDhcpSnoopStaticIPAddress IpAddress, rlIpDhcpSnoopStaticPortInterface InterfaceIndex, rlIpDhcpSnoopStaticRowStatus RowStatus } rlIpDhcpSnoopStaticVLANTag OBJECT-TYPE SYNTAX VlanId MAX-ACCESS not-accessible STATUS current DESCRIPTION "A DHCP Snoop Static entry vlan tag." ::= { rlIpDhcpSnoopStaticEntry 1 } rlIpDhcpSnoopStaticMACAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "A DHCP Snoop Static entry mac address" ::= { rlIpDhcpSnoopStaticEntry 2 } rlIpDhcpSnoopStaticIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "A DHCP Snoop Static entry IP address." ::= { rlIpDhcpSnoopStaticEntry 3 } rlIpDhcpSnoopStaticPortInterface OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-write STATUS current DESCRIPTION "A DHCP Snoop Static entry Port interface." ::= { rlIpDhcpSnoopStaticEntry 4 } rlIpDhcpSnoopStaticRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "A status can be destroy, active or createAndGo" ::= { rlIpDhcpSnoopStaticEntry 5 } -- -- Dhcp Snoop table -- RlIpDhcpSnoopType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Ip Dhcp Snoop entry type." SYNTAX INTEGER { learnedByProtocol(1), deletedByTimeout(2), static(3) } rlIpDhcpSnoopTable OBJECT-TYPE SYNTAX SEQUENCE OF RlIpDhcpSnoopEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "DHCP Snoop entry. Use to add/delete a dynamic entries and to view all entries (dynamic and static)" ::= { rlIpDhcpSnoop 11 } rlIpDhcpSnoopEntry OBJECT-TYPE SYNTAX RlIpDhcpSnoopEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The row definition for this table." INDEX {rlIpDhcpSnoopVLANTag, rlIpDhcpSnoopMACAddress} ::= { rlIpDhcpSnoopTable 1 } RlIpDhcpSnoopEntry ::= SEQUENCE { rlIpDhcpSnoopVLANTag VlanId, rlIpDhcpSnoopMACAddress MacAddress, rlIpDhcpSnoopType RlIpDhcpSnoopType, rlIpDhcpSnoopLeaseTime Unsigned32, rlIpDhcpSnoopIPAddress IpAddress, rlIpDhcpSnoopPortInterface InterfaceIndex, rlIpDhcpSnoopRowStatus RowStatus } rlIpDhcpSnoopVLANTag OBJECT-TYPE SYNTAX VlanId MAX-ACCESS not-accessible STATUS current DESCRIPTION "A DHCP Snoop entry vlan tag." ::= { rlIpDhcpSnoopEntry 1 } rlIpDhcpSnoopMACAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "A DHCP Snoop entry mac address" ::= { rlIpDhcpSnoopEntry 2 } rlIpDhcpSnoopType OBJECT-TYPE SYNTAX RlIpDhcpSnoopType MAX-ACCESS read-write STATUS current DESCRIPTION "A DHCP Snoop entry type: static or dynamic." ::= { rlIpDhcpSnoopEntry 3 } rlIpDhcpSnoopLeaseTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "A DHCP Snoop lease time. For static entry the lease time is 0xFFFFFFFF" ::= { rlIpDhcpSnoopEntry 4 } rlIpDhcpSnoopIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The IP address of the DHCP client referred to in this table entry." ::= { rlIpDhcpSnoopEntry 5 } rlIpDhcpSnoopPortInterface OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-write STATUS current DESCRIPTION "Identifies the port Interface ifindex, which connected to DHCP client identified with the entry." ::= { rlIpDhcpSnoopEntry 6 } rlIpDhcpSnoopRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Entry status. A valid status is CreateandGo or Delete." ::= { rlIpDhcpSnoopEntry 7 } -- -- Dhcp Snoop Enable VLAN Table -- rlIpDhcpSnoopEnableVlanTable OBJECT-TYPE SYNTAX SEQUENCE OF RlIpDhcpSnoopEnableVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An Ip Dhcp Snooping enabled VLAN table." ::= { rlIpDhcpSnoop 12 } rlIpDhcpSnoopEnableVlanEntry OBJECT-TYPE SYNTAX RlIpDhcpSnoopEnableVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An Ip Dhcp Snooping enabled VLAN entry." INDEX {rlIpDhcpSnoopEnableVlanTag} ::= { rlIpDhcpSnoopEnableVlanTable 1 } RlIpDhcpSnoopEnableVlanEntry ::= SEQUENCE { rlIpDhcpSnoopEnableVlanTag VlanId, rlIpDhcpSnoopEnableVlanRowStatus RowStatus } rlIpDhcpSnoopEnableVlanTag OBJECT-TYPE SYNTAX VlanId MAX-ACCESS not-accessible STATUS current DESCRIPTION "A DHCP Snoop entry vlan tag." ::= { rlIpDhcpSnoopEnableVlanEntry 1 } rlIpDhcpSnoopEnableVlanRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Entry status. A valid status is CreateandGo and Delete." ::= { rlIpDhcpSnoopEnableVlanEntry 2 } -- -- Dhcp Snoop Trusted ports Table -- rlIpDhcpSnoopTrustedPortTable OBJECT-TYPE SYNTAX SEQUENCE OF RlIpDhcpSnoopTrustedPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "DHCP Snoop Trusted ports entry. The entry created when port is configured as trusted." ::= { rlIpDhcpSnoop 13 } rlIpDhcpSnoopTrustedPortEntry OBJECT-TYPE SYNTAX RlIpDhcpSnoopTrustedPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The row definition for this table." INDEX {ifIndex} ::= { rlIpDhcpSnoopTrustedPortTable 1 } RlIpDhcpSnoopTrustedPortEntry ::= SEQUENCE { rlIpDhcpSnoopTrustedPortRowStatus RowStatus } rlIpDhcpSnoopTrustedPortRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Entry status. A valid status is CreateandGo or Delete." ::= { rlIpDhcpSnoopTrustedPortEntry 2 } -- -- IP Source Guard -- rlIpSourceGuardMibVersion OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "MIB's version, the current version is 1." ::= { rlIpSourceGuard 1 } rlIpSourceGuardEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "FALSE - There is no Ip Source Guard in the system. TRUE - Ip Source Guard is enabled on system." ::= { rlIpSourceGuard 2 } rlIpSourceGuardRetryToInsert OBJECT-TYPE SYNTAX INTEGER { noAction(0), -- for get only retryToInsertNow(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "When setted to retryToInsertNow all IP Source Guard inactive entries due to resource problem reinserted in the Policy. On get always return noAction." ::= { rlIpSourceGuard 3 } rlIpSourceGuardRetryTime OBJECT-TYPE SYNTAX INTEGER (0..600) MAX-ACCESS read-write STATUS current DESCRIPTION "Configures in seconds the period of time the application retries to insert inactive by resource problem rules. The actual range is 10-600. 0 used to sign that the timer is not active." ::= { rlIpSourceGuard 4 } -- -- IP Source Guard Ports table -- rlIpSourceGuardPortTable OBJECT-TYPE SYNTAX SEQUENCE OF RlIpSourceGuardPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "IP Source Guard ports entry. The entry created when IP Source Guard enabled on port." ::= { rlIpSourceGuard 5 } rlIpSourceGuardPortEntry OBJECT-TYPE SYNTAX RlIpSourceGuardPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The row definition for this table." INDEX {ifIndex} ::= { rlIpSourceGuardPortTable 1 } RlIpSourceGuardPortEntry ::= SEQUENCE { rlIpSourceGuardPortRowStatus RowStatus } rlIpSourceGuardPortRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Entry status. A valid status is CreateAndGo or Delete." ::= { rlIpSourceGuardPortEntry 2 } -- -- IP Source Guard table -- RlIpSourceGuardType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Ip IP Source Guard entry type." SYNTAX INTEGER { dynamic(1), static(2) } RlIpSourceGuardStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Ip IP Source Guard entry status." SYNTAX INTEGER { active(1), inactive(2) } RlIpSourceGuardFailReason ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Ip IP Source Guard entry reason." SYNTAX INTEGER { noProblem(1), noResource(2), noSnoopVlan(3), trustPort(4) } rlIpSourceGuardTable OBJECT-TYPE SYNTAX SEQUENCE OF RlIpSourceGuardEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "IP Source Guard entry. Use to view all entries (dynamic and static)" ::= { rlIpSourceGuard 6 } rlIpSourceGuardEntry OBJECT-TYPE SYNTAX RlIpSourceGuardEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The row definition for this table." INDEX {ifIndex, rlIpSourceGuardIPAddress, rlIpSourceGuardVLANTag} ::= { rlIpSourceGuardTable 1 } RlIpSourceGuardEntry ::= SEQUENCE { rlIpSourceGuardIPAddress IpAddress, rlIpSourceGuardVLANTag VlanId, rlIpSourceGuardMACAddress MacAddress, rlIpSourceGuardType RlIpSourceGuardType, rlIpSourceGuardStatus RlIpSourceGuardStatus, rlIpSourceGuardFailReason RlIpSourceGuardFailReason } rlIpSourceGuardIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP address of the Ip Source Guard entry." ::= { rlIpSourceGuardEntry 1 } rlIpSourceGuardVLANTag OBJECT-TYPE SYNTAX VlanId MAX-ACCESS not-accessible STATUS current DESCRIPTION "A Ip Source Guard entry vlan tag." ::= { rlIpSourceGuardEntry 2 } rlIpSourceGuardMACAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "A Ip Source Guard entry mac address" ::= { rlIpSourceGuardEntry 3 } rlIpSourceGuardType OBJECT-TYPE SYNTAX RlIpSourceGuardType MAX-ACCESS read-only STATUS current DESCRIPTION "A Ip Source Guard entry type: static or dynamic." ::= { rlIpSourceGuardEntry 4 } rlIpSourceGuardStatus OBJECT-TYPE SYNTAX RlIpSourceGuardStatus MAX-ACCESS read-only STATUS current DESCRIPTION "Identifies the status of Ip Source Guard entry." ::= { rlIpSourceGuardEntry 5 } rlIpSourceGuardFailReason OBJECT-TYPE SYNTAX RlIpSourceGuardFailReason MAX-ACCESS read-only STATUS current DESCRIPTION "Identifies the reason for in-activity of Ip Source Guard entry." ::= { rlIpSourceGuardEntry 6 } -- -- IP Source Guard Permitted rules counter table -- rlIpSourceGuardPermittedRuleCounterTable OBJECT-TYPE SYNTAX SEQUENCE OF RlIpSourceGuardPermittedRuleCounterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table includes, per vlan, the IP Source Guard permitted rules counters." ::= { rlIpSourceGuard 7 } rlIpSourceGuardPermittedRuleCounterEntry OBJECT-TYPE SYNTAX RlIpSourceGuardPermittedRuleCounterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The row definition for this table." INDEX {rlIpSourceGuardPermittedRuleCounterVLANTag} ::= { rlIpSourceGuardPermittedRuleCounterTable 1 } RlIpSourceGuardPermittedRuleCounterEntry ::= SEQUENCE { rlIpSourceGuardPermittedRuleCounterVLANTag VlanId, rlIpSourceGuardPermittedRuleCounterNumOfStaticRules Counter32, rlIpSourceGuardPermittedRuleCounterNumOfDhcpRules Counter32 } rlIpSourceGuardPermittedRuleCounterVLANTag OBJECT-TYPE SYNTAX VlanId MAX-ACCESS not-accessible STATUS current DESCRIPTION "Ip Source Guard permitted rules counters entry Vlan tag." ::= { rlIpSourceGuardPermittedRuleCounterEntry 1 } rlIpSourceGuardPermittedRuleCounterNumOfStaticRules OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of static rules added by IP Source Guard for the permitted Hosts" ::= { rlIpSourceGuardPermittedRuleCounterEntry 2 } rlIpSourceGuardPermittedRuleCounterNumOfDhcpRules OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of rules added by IP Source Guard for the permitted Hosts, as a result of DHCP Snooping dynamic information." ::= { rlIpSourceGuardPermittedRuleCounterEntry 3 } -- -- ARP Inspection -- RlIpArpInspectListNameType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Ip arp inspection list name type." SYNTAX DisplayString(SIZE(1..32)) rlIpArpInspectMibVersion OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "MIB's version, the current version is 1." ::= { rlIpArpInspect 1 } rlIpArpInspectEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies a system ARP Inspection enable state." ::= { rlIpArpInspect 2 } rlIpArpInspectLogInterval OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "Specify the minimal interval between successive ARP SYSLOG messages. 0 - message is immediately generated. 0xFFFFFFFF - messages would not be generated. A legal range is 0-86400." ::= { rlIpArpInspect 3 } rlIpArpInspectValidation OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Defined a specific check on incoming ARP packets: Source MAC: Compare the source MAC address in the Ethernet header against the sender MAC address in the ARP body. This check is performed on both ARP requests and responses. Destination MAC: Compare the destination MAC address in the Ethernet header against the target MAC address in ARP body. This check is performed for ARP responses. IP addresses: Compare the ARP body for invalid and unexpected IP addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP multicast addresses." ::= { rlIpArpInspect 4 } -- -- ARP Inspection List table -- rlIpArpInspectListTable OBJECT-TYPE SYNTAX SEQUENCE OF RlIpArpInspectListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table specifies all ARP Inspection List entries. The entry contains a list name, list IP address, a list Mac address." ::= { rlIpArpInspect 5 } rlIpArpInspectListEntry OBJECT-TYPE SYNTAX RlIpArpInspectListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The row definition for this table." INDEX {rlIpArpInspectListName, rlIpArpInspectListIPAddress} ::= { rlIpArpInspectListTable 1 } RlIpArpInspectListEntry ::= SEQUENCE { rlIpArpInspectListName RlIpArpInspectListNameType, rlIpArpInspectListIPAddress IpAddress, rlIpArpInspectListMACAddress MacAddress, rlIpArpInspectListRowStatus RowStatus } rlIpArpInspectListName OBJECT-TYPE SYNTAX RlIpArpInspectListNameType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Name of the Access List." ::= { rlIpArpInspectListEntry 1} rlIpArpInspectListIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "ARP Inspection List IP address." ::= { rlIpArpInspectListEntry 2 } rlIpArpInspectListMACAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-write STATUS current DESCRIPTION "ARP Inspection List mac address" ::= { rlIpArpInspectListEntry 3 } rlIpArpInspectListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "A status can be destroy, active or createAndGo" ::= { rlIpArpInspectListEntry 4 } -- -- Arp Inspection Enable VLAN Table -- rlIpArpInspectEnableVlanTable OBJECT-TYPE SYNTAX SEQUENCE OF RlIpArpInspectEnableVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An Ip ARP Inspection enabled VLAN table." ::= { rlIpArpInspect 6 } rlIpArpInspectEnableVlanEntry OBJECT-TYPE SYNTAX RlIpArpInspectEnableVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An Ip ARP Inspection enabled VLAN entry." INDEX {rlIpArpInspectEnableVlanTag} ::= { rlIpArpInspectEnableVlanTable 1 } RlIpArpInspectEnableVlanEntry ::= SEQUENCE { rlIpArpInspectEnableVlanTag VlanId, rlIpArpInspectAssignedListName RlIpArpInspectListNameType, rlIpArpInspectEnableVlanRowStatus RowStatus, rlIpArpInspectVlanNumOfArpForwarded Counter32, rlIpArpInspectVlanNumOfArpDropped Counter32, rlIpArpInspectVlanNumOfArpMismatched Counter32, rlIpArpInspectVlanClearCountersAction TruthValue } rlIpArpInspectEnableVlanTag OBJECT-TYPE SYNTAX VlanId MAX-ACCESS not-accessible STATUS current DESCRIPTION "An Ip ARP Inspection entry vlan tag." ::= { rlIpArpInspectEnableVlanEntry 1 } rlIpArpInspectAssignedListName OBJECT-TYPE SYNTAX RlIpArpInspectListNameType MAX-ACCESS read-write STATUS current DESCRIPTION "An Ip ARP Inspection assigned ACL name." ::= { rlIpArpInspectEnableVlanEntry 2 } rlIpArpInspectEnableVlanRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Entry status. A valid status is CreateandGo and Delete." ::= { rlIpArpInspectEnableVlanEntry 3 } rlIpArpInspectVlanNumOfArpForwarded OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Total number of forwarded ARP packets, packets which were validated by ARP inspection " ::= { rlIpArpInspectEnableVlanEntry 4 } rlIpArpInspectVlanNumOfArpDropped OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of dropped ARP packets, which were validated by ARP inspection (mismatch , not-found and dropped for any reason)" ::= { rlIpArpInspectEnableVlanEntry 5 } rlIpArpInspectVlanNumOfArpMismatched OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of dropped ARP packets, which were validated by ARP inspection and inconsistency was found for IP and MAC (mismatch)" ::= { rlIpArpInspectEnableVlanEntry 6 } rlIpArpInspectVlanClearCountersAction OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If true, clear (set to zero) all Arp Inspection counters: rlIpArpInspectVlanNumOfArpForwarded , rlIpArpInspectVlanNumOfArpDropped and rlIpArpInspectVlanNumOfArpMismatched" DEFVAL{ false } ::= { rlIpArpInspectEnableVlanEntry 7 } -- -- ARP Inspection Trusted ports Table -- rlIpArpInspectTrustedPortTable OBJECT-TYPE SYNTAX SEQUENCE OF RlIpArpInspectTrustedPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "ARP Inspection Trusted ports entry. The entry created when port is configured as trusted." ::= { rlIpArpInspect 7 } rlIpArpInspectTrustedPortEntry OBJECT-TYPE SYNTAX RlIpArpInspectTrustedPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The row definition for this table." INDEX {ifIndex} ::= { rlIpArpInspectTrustedPortTable 1 } RlIpArpInspectTrustedPortEntry ::= SEQUENCE { rlIpArpInspectTrustedPortRowStatus RowStatus } rlIpArpInspectTrustedPortRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Entry status. A valid status is CreateandGo or Delete." ::= { rlIpArpInspectTrustedPortEntry 2 } rlIpArpInspectClearCountersAction OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If true, clear (set to zero) on all vlans: all Arp Inspection counters: rlIpArpInspectVlanNumOfArpForwarded , rlIpArpInspectVlanNumOfArpDropped and rlIpArpInspectVlanNumOfArpMismatched" DEFVAL{ false } ::= { rlIpArpInspect 8 } -- -- Protocol Filtering -- ProtocolFilteringMap ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This TC describes the list of protocol to be filtered. The bit 'all(0)' indicates all Cisco protocols in range 0100.0ccc.ccc0 - 0100.0ccc.cccf The bit 'cdp(1)' indicates Cisco CDP protocol. Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2000. The bit 'vtp(2)' indicates Cisco VTP protocol. Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2003. The bit 'dtp(3)' indicates Cisco DTP protocol. Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2004. The bit 'udld (4)' indicates Cisco UDLD protocol. Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x0111. The bit 'pagp(5)' indicates Cisco PAGP protocol. Identified by destination mac address: 0100.0ccc.cccc and protocol type: 0x0104. The bit 'sstp(6)' indicates Cisco SSTP protocol. Identified by destination mac address: 0100.0ccc.cccd. " SYNTAX BITS { all(0), cdp(1), vtp(2), dtp(3), udld(4), pagp(5), sstp(6) } rlProtocolFilteringTable OBJECT-TYPE SYNTAX SEQUENCE OF RlProtocolFilteringEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Protocol filter configuration entry" ::= { rlProtocolFiltering 1 } rlProtocolFilteringEntry OBJECT-TYPE SYNTAX RlProtocolFilteringEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The row definition for this table." INDEX {ifIndex} ::= { rlProtocolFilteringTable 1 } RlProtocolFilteringEntry::= SEQUENCE { rlProtocolFilteringList ProtocolFilteringMap, rlProtocolFilteringRowStatus RowStatus } rlProtocolFilteringList OBJECT-TYPE SYNTAX ProtocolFilteringMap MAX-ACCESS read-write STATUS current DESCRIPTION "The list of protocol to be filtered." ::= { rlProtocolFilteringEntry 1 } rlProtocolFilteringRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "A status can be destroy, active or createAndGo" ::= { rlProtocolFilteringEntry 2 } END