ALCATEL-IND1-LPS-MIB DEFINITIONS ::= BEGIN IMPORTS OBJECT-TYPE, OBJECT-IDENTITY, NOTIFICATION-TYPE, MODULE-IDENTITY, IpAddress, Integer32 FROM SNMPv2-SMI MacAddress, RowStatus FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB ifIndex, InterfaceIndex FROM IF-MIB systemServicesDate, systemServicesTime FROM ALCATEL-IND1-SYSTEM-MIB MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF softentIND1MacAddress FROM ALCATEL-IND1-BASE; alcatelIND1LearnedPortSecurityMIB MODULE-IDENTITY LAST-UPDATED "201005130000Z" ORGANIZATION "Alcatel-Lucent, Enterprise Solutions Division" CONTACT-INFO "Please consult with Customer Service to ensure the most appropriate version of this document is used with the products in question: Alcatel-Lucent, Enterprise Solutions Division (Formerly Alcatel Internetworking, Incorporated) 26801 West Agoura Road Agoura Hills, CA 91301-5122 United States Of America Telephone: North America +1 800 995 2696 Latin America +1 877 919 9526 Europe +31 23 556 0100 Asia +65 394 7933 All Other +1 818 878 4507 Electronic Mail: support@ind.alcatel.com World Wide Web: http://alcatel-lucent.com/wps/portal/enterprise File Transfer Protocol: ftp://ftp.ind.alcatel.com/pub/products/mibs" DESCRIPTION "This module describes an authoritative enterprise-specific Simple Network Management Protocol (SNMP) Management Information Base (MIB): For the Birds Of Prey Product Line, this is the MIB module for address learning mac addresses entity. The right to make changes in specification and other information contained in this document without prior notice is reserved. No liability shall be assumed for any incidental, indirect, special, or consequential damages whatsoever arising from or related to this document or the information contained herein. Vendors, end-users, and other interested parties are granted non-exclusive license to use this specification in connection with management of the products for which it is intended to be used. Copyright (C) 1995-2007 Alcatel-Lucent ALL RIGHTS RESERVED WORLDWIDE" REVISION "201005130000Z" DESCRIPTION "Fixed the Notifications to use MIB Module OID.0 as Notifications root." REVISION "200704030000Z" DESCRIPTION "The MIB module for Learned Port Security entity." ::= { softentIND1MacAddress 2 } -- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -- Hook into the Alcatel Tree -- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx alcatelIND1LearnedPortSecurityMIBNotifications OBJECT-IDENTITY STATUS current DESCRIPTION "Branch For LAG MIB Subsystem Notifications." ::= { alcatelIND1LearnedPortSecurityMIB 0 } alcatelIND1LearnedPortSecurityMIBObjects OBJECT-IDENTITY STATUS current DESCRIPTION "Branch For Learned Port Security Module MIB Subsystem Managed Objects." ::= { alcatelIND1LearnedPortSecurityMIB 1 } alcatelIND1LearnedPortSecurityMIBConformance OBJECT-IDENTITY STATUS current DESCRIPTION "Branch for Learned Port Security Module MIB Subsystem Conformance Information." ::= { alcatelIND1LearnedPortSecurityMIB 2 } alcatelIND1LearnedPortSecurityMIBGroups OBJECT-IDENTITY STATUS current DESCRIPTION "Branch for Learned Port Security Module MIB Subsystem Units of Conformance." ::= { alcatelIND1LearnedPortSecurityMIBConformance 1 } alcatelIND1LearnedPortSecurityMIBCompliances OBJECT-IDENTITY STATUS current DESCRIPTION "Branch for Learned Port Security Module MIB Subsystem Compliance Statements." ::= { alcatelIND1LearnedPortSecurityMIBConformance 2 } --- Learned Port Security MIB Tables learnedPortSecurityTable OBJECT-TYPE SYNTAX SEQUENCE OF LearnedPortSecurityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table contains Learned Port Security information." ::= { alcatelIND1LearnedPortSecurityMIBObjects 1 } learnedPortSecurityEntry OBJECT-TYPE SYNTAX LearnedPortSecurityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Definition of the Learned Port Security port security table entries." INDEX { ifIndex } ::= { learnedPortSecurityTable 1 } LearnedPortSecurityEntry ::= SEQUENCE { lpsViolationOption INTEGER, lpsMaxMacNum Integer32, lpsLoMacRange MacAddress, lpsHiMacRange MacAddress, lpsAdminStatus INTEGER, lpsOperStatus INTEGER, lpsRowStatus RowStatus, lpsRelease INTEGER, lpsMaxFilteredMacNum Integer32, lpsLearnTrapThreshold Integer32, lpsViolatingMac MacAddress } lpsViolationOption OBJECT-TYPE SYNTAX INTEGER { restrict (1), shutdown (2), discard (3) } MAX-ACCESS read-create STATUS current DESCRIPTION "The handle option for LPS violation " DEFVAL {restrict} ::= { learnedPortSecurityEntry 1 } lpsMaxMacNum OBJECT-TYPE SYNTAX Integer32 ( 1 .. 1000 ) MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum number of MAC addresses that the LPS port could learn." DEFVAL {1} ::= { learnedPortSecurityEntry 2 } lpsLoMacRange OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The low end of Mac range which is allowed to be learned on LPS port" DEFVAL { '000000000000'h } ::= { learnedPortSecurityEntry 3 } lpsHiMacRange OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The high end of Mac range which is allowed to be learned on LPS port" DEFVAL { 'ffffffffffff'h } ::= { learnedPortSecurityEntry 4 } lpsAdminStatus OBJECT-TYPE SYNTAX INTEGER { enabled (1), disabled (2), locked (3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the desired administrative state of the Learned Port Security feature on this port. " DEFVAL { enabled } ::= { learnedPortSecurityEntry 5 } lpsOperStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), securityViolated(3), locked(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object identifies the current operational state of the LPS port." ::= { learnedPortSecurityEntry 6 } lpsRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The RowStatus for this table." ::= { learnedPortSecurityEntry 7 } lpsRelease OBJECT-TYPE SYNTAX INTEGER { release(1) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object causes the release of LPS port if it is in violated state." ::= { learnedPortSecurityEntry 8 } lpsMaxFilteredMacNum OBJECT-TYPE SYNTAX Integer32 ( 0 .. 100 ) MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum number of Filtered MAC addresses that the LPS port could learn. The default is 5." DEFVAL {5} ::= { learnedPortSecurityEntry 9 } lpsLearnTrapThreshold OBJECT-TYPE SYNTAX Integer32 ( 0 .. 1000 ) MAX-ACCESS read-create STATUS current DESCRIPTION "When the number of bridged MACs learned goes over this value, a trap will be generated for every additional MAC that is learned." DEFVAL {5} ::= { learnedPortSecurityEntry 10 } lpsViolatingMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The MAC Address which cause the Violation on this Port. This field is set when LPS port is in Violated state, it is cleared when Port comes out of violation" DEFVAL { '000000000000'H } ::= { learnedPortSecurityEntry 11 } -- Learned Port Security Global Group for configurable paramaters applying to the whole switch. learnedPortSecurityGlobalGroup OBJECT IDENTIFIER ::= {alcatelIND1LearnedPortSecurityMIBObjects 3 } lpsLearningWindowTime OBJECT-TYPE SYNTAX Integer32 ( 0 .. 2880) MAX-ACCESS read-write STATUS current DESCRIPTION "The learning time window that can be configured on the switch to learn new MACs on the LPS port. This paramater applies to the whole switch and the granularity is in minutes." ::= { learnedPortSecurityGlobalGroup 1 } lpsLearningWindowTimeWithStaticConversion OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If it is enabled, when the learning window is expired, the dynamic MACs learned on all LPS ports will be converted to static. It is configurable only when the learning window is enabled." ::= { learnedPortSecurityGlobalGroup 2 } lpsConvertToStatic OBJECT-TYPE SYNTAX Integer32 (2147483647 | 1001..17000) MAX-ACCESS read-write STATUS current DESCRIPTION "It converts the L2 addresses learned on the given port in IfIndex format from dynamic to static, Value 2147483647 converts the L2 addresses learned for all ports." ::= { learnedPortSecurityGlobalGroup 3 } lpsLearningWindowNoAging OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If it is enabled, all mac-address learnt on the port would be deffered from aging" ::= { learnedPortSecurityGlobalGroup 4 } lpsLearningWindowBootupStatus OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If it is enabled, Learning window will start at boot-up time" ::= { learnedPortSecurityGlobalGroup 5 } lpsLearningWindowTimeRemaining OBJECT-TYPE SYNTAX Integer32 (0..172800) MAX-ACCESS read-only STATUS current DESCRIPTION "Amount of time (in seconds) remaining until the learning window expires." ::= { learnedPortSecurityGlobalGroup 6 } lpsLearningWindowLearnAsStatic OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If it is enabled, all mac-address learnt on the port would be directly converted to static." ::= { learnedPortSecurityGlobalGroup 7 } lpsLearningWindowPseudoMacMove OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If it is enabled, pseudo-static MACs will be subject to MAC move." ::= { learnedPortSecurityGlobalGroup 8 } --- Learned Port Security L2 Mac Address MIB Table learnedPortSecurityL2MacAddressTable OBJECT-TYPE SYNTAX SEQUENCE OF LearnedPortSecurityL2MacAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table contains Learned Port Security L2 Mac addresses." ::= { alcatelIND1LearnedPortSecurityMIBObjects 4 } learnedPortSecurityL2MacAddressEntry OBJECT-TYPE SYNTAX LearnedPortSecurityL2MacAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Definition of the Learned Port Security port security mac-address table entries." INDEX { ifIndex , lpsL2VlanId, lpsL2MacAddress } ::= { learnedPortSecurityL2MacAddressTable 1 } LearnedPortSecurityL2MacAddressEntry ::= SEQUENCE { lpsL2VlanId Integer32, lpsL2MacAddress MacAddress, lpsL2MacAddressLearnType INTEGER, lpsL2MacAddressRowStatus RowStatus } lpsL2VlanId OBJECT-TYPE SYNTAX Integer32 (1..4094) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Vlan Id assigned to the packet." ::= { learnedPortSecurityL2MacAddressEntry 1 } lpsL2MacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The MacAddress that is either configured or dynamically learnt on the LPS port." ::= { learnedPortSecurityL2MacAddressEntry 2 } lpsL2MacAddressLearnType OBJECT-TYPE SYNTAX INTEGER { configured (1), dynamic (2), filtered (3), quarantined (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Learned L2 MAC address type." ::= { learnedPortSecurityL2MacAddressEntry 3 } lpsL2MacAddressRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The RowStatus for this table." ::= { learnedPortSecurityL2MacAddressEntry 4 } learnedPortSecurityAgL2MacAddressTable OBJECT-TYPE SYNTAX SEQUENCE OF LearnedPortSecurityAgL2MacAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table contains Learned Port Security L2 Mac addresses." ::= { alcatelIND1LearnedPortSecurityMIBObjects 6 } learnedPortSecurityAgL2MacAddressEntry OBJECT-TYPE SYNTAX LearnedPortSecurityAgL2MacAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Definition of the Learned Port Security port security mac-address table entries." INDEX { ifIndex , lpsAgL2MacAddress, lpsAgL2VlanId } ::= { learnedPortSecurityAgL2MacAddressTable 1 } LearnedPortSecurityAgL2MacAddressEntry ::= SEQUENCE { lpsAgL2MacAddress MacAddress, lpsAgL2VlanId Integer32, lpsAgL2MacAddressLearnType INTEGER, lpsAgL2MacAddressRowStatus RowStatus } lpsAgL2MacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The MacAddress that is either configured or dynamically learnt on the LPS port." ::= { learnedPortSecurityAgL2MacAddressEntry 1 } lpsAgL2VlanId OBJECT-TYPE SYNTAX Integer32 (1..4094) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Vlan Id assigned to the packet." ::= { learnedPortSecurityAgL2MacAddressEntry 2 } lpsAgL2MacAddressLearnType OBJECT-TYPE SYNTAX INTEGER { configured (1), dynamic (2), filtered (3), quarantined (4), configuredFiltered (5), pseudoStatic (6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Learned L2 MAC address type." ::= { learnedPortSecurityAgL2MacAddressEntry 3 } lpsAgL2MacAddressRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The RowStatus for this table." ::= { learnedPortSecurityAgL2MacAddressEntry 4 } -- -- LPS Traps -- lpsTrapsObj OBJECT IDENTIFIER ::= { alcatelIND1LearnedPortSecurityMIBObjects 5 } -- -- Traps description -- -- LPS Security Violation Trap lpsViolationTrap NOTIFICATION-TYPE OBJECTS { lpsTrapSwitchName, lpsTrapSwitchIpAddr, lpsTrapSwitchSlice, --deprecated lpsTrapSwitchPort, --deprecated lpsTrapViolatingMac, lpsTrapViolationType, lpsTrapSwitchVlan, systemServicesDate, systemServicesTime, lpsTrapIfIndex } STATUS current DESCRIPTION "Learned Port Security Violation Trap." ::= { alcatelIND1LearnedPortSecurityMIBNotifications 1 } lpsPortUpAfterLearningWindowExpiredTrap NOTIFICATION-TYPE OBJECTS { lpsTrapSwitchName, lpsTrapSwitchSlice, --deprecated lpsTrapSwitchPort, --deprecated systemServicesDate, systemServicesTime } STATUS current DESCRIPTION "When an LPS port joins or is enabled after the Learning Window is expired, the MAC address learning on the port will be disabled, and this trap is generated as a notification." ::= { alcatelIND1LearnedPortSecurityMIBNotifications 2 } lpsLearnMac NOTIFICATION-TYPE OBJECTS { lpsTrapSwitchName, lpsTrapSwitchSlice, --deprecated lpsTrapSwitchPort, --deprecated lpsTrapSwitchVlan, lpsTrapBridgeMac, systemServicesDate, systemServicesTime, lpsTrapIfIndex } STATUS current DESCRIPTION "When the number of bridged MACs learned goes over the configured threshold value, a trap will be generated for every additional MAC that is learned." ::= { alcatelIND1LearnedPortSecurityMIBNotifications 3 } -- -- Trap objects -- -- Switch Name lpsTrapSwitchName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the switch." ::= { lpsTrapsObj 1 } -- Switch IP lpsTrapSwitchIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of switch." ::= { lpsTrapsObj 2 } -- Switch Slice lpsTrapSwitchSlice OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The physical slice number for the LPS port on which violation occured. " ::= { lpsTrapsObj 3 } -- Switch Port lpsTrapSwitchPort OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The physical port number on which violation occured. " ::= { lpsTrapsObj 4 } -- Violating Mac Address lpsTrapViolatingMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The violating MAC address. " ::= { lpsTrapsObj 5 } -- Violation Type lpsTrapViolationType OBJECT-TYPE SYNTAX INTEGER { restrict(1), shutdown(2), discard(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The type of violation that occured on the LPS port." ::= { lpsTrapsObj 6 } -- Switch VLAN lpsTrapSwitchVlan OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The VLAN number on which violation occured. " ::= { lpsTrapsObj 7 } -- Switch Bridge MAC address lpsTrapBridgeMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The Bridge MAC address when learn trap threshold exceeds." ::= { lpsTrapsObj 8 } -- Switch Port IfIndex lpsTrapIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The ifIndex of the physical port on which violation occured. " ::= { lpsTrapsObj 9 } -- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -- COMPLIANCE -- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx alcatelIND1LearnedPortSecurityMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Compliance statement for Learned Port Security." MODULE MANDATORY-GROUPS { learnedPortSecurityGroup, learnedPortSecurityGlobGroup, learnedPortSecurityTrapsGroup, learnedPortSecurityTrapsObjGroup } ::= { alcatelIND1LearnedPortSecurityMIBCompliances 1 } -- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -- UNITS OF CONFORMANCE -- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx learnedPortSecurityGroup OBJECT-GROUP OBJECTS { lpsViolationOption, lpsMaxMacNum, lpsLoMacRange, lpsHiMacRange, lpsAdminStatus, lpsOperStatus, lpsRowStatus, lpsRelease, lpsMaxFilteredMacNum, lpsLearnTrapThreshold, lpsViolatingMac } STATUS current DESCRIPTION "Collection of objects for learned port security table." ::= { alcatelIND1LearnedPortSecurityMIBGroups 1 } learnedPortSecurityGlobGroup OBJECT-GROUP OBJECTS { lpsLearningWindowTime, lpsLearningWindowTimeWithStaticConversion, lpsConvertToStatic, lpsLearningWindowNoAging, lpsLearningWindowBootupStatus, lpsLearningWindowTimeRemaining, lpsLearningWindowLearnAsStatic, lpsLearningWindowPseudoMacMove } STATUS current DESCRIPTION "Collection of objects for learned port security global group." ::= {alcatelIND1LearnedPortSecurityMIBGroups 2 } learnedPortSecurityTrapsGroup NOTIFICATION-GROUP NOTIFICATIONS { lpsViolationTrap, lpsPortUpAfterLearningWindowExpiredTrap, lpsLearnMac } STATUS current DESCRIPTION "Collection of notifications for learned port security." ::= { alcatelIND1LearnedPortSecurityMIBGroups 3 } learnedPortSecurityL2MacAddressGroup OBJECT-GROUP OBJECTS { lpsL2MacAddressLearnType, lpsAgL2MacAddressLearnType, lpsL2MacAddressRowStatus, lpsAgL2MacAddressRowStatus } STATUS current DESCRIPTION "Collection of objects for learned port security MacAddress table." ::= { alcatelIND1LearnedPortSecurityMIBGroups 4 } learnedPortSecurityTrapsObjGroup OBJECT-GROUP OBJECTS { lpsTrapSwitchName, lpsTrapSwitchIpAddr, lpsTrapSwitchSlice, --deprecated lpsTrapSwitchPort, --deprecated lpsTrapViolatingMac, lpsTrapViolationType, lpsTrapSwitchVlan, lpsTrapBridgeMac, lpsTrapIfIndex } STATUS current DESCRIPTION "Collection of objects for learned port security Notofocation Object Group." ::= { alcatelIND1LearnedPortSecurityMIBGroups 6 } learnedPortSecurityNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { lpsLearnMac } STATUS current DESCRIPTION "Collection of notifications for LPS." ::= { alcatelIND1LearnedPortSecurityMIBGroups 7 } END