-- ***************************************************************** -- TN-IP-SOURCE-GUARD-MIB -- -- Copyright (c) 2012, Transition Networks Inc. -- All rights reserved. -- ***************************************************************** -- TN-IP-SOURCE-GUARD-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32 FROM SNMPv2-SMI NOTIFICATION-GROUP FROM SNMPv2-CONF TEXTUAL-CONVENTION, TimeStamp, RowStatus, TruthValue, MacAddress FROM SNMPv2-TC InetAddressType, InetAddress, InetAddressPrefixLength FROM INET-ADDRESS-MIB entPhysicalIndex FROM ENTITY-MIB tnProducts FROM TRANSITION-SMI ifIndex, InterfaceIndex FROM IF-MIB; tnIPSourceGuardMIB MODULE-IDENTITY LAST-UPDATED "201209100000Z" ORGANIZATION "Transition Networks, Inc." CONTACT-INFO "Transition Networks Technical Support 10900 Red Circle Drive Minnetonka, MN 55343 USA Tel: +1-800-526-9267 E-mail: techsupport@transition.com" DESCRIPTION "The mib module for IP Source Guard. IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually configured IP Source Bindings. It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host. " REVISION "201209260000Z" DESCRIPTION "Initial Revision of this module" ::= { tnProducts 31 } tnIPSourceGuardMIBObjects OBJECT IDENTIFIER ::= { tnIPSourceGuardMIB 1 } tnIPSourceGuardMIBNotifications OBJECT IDENTIFIER ::= { tnIPSourceGuardMIB 2 } -- -- Textual Conventions -- -- -- MIB variables -- tnIPSourceGuardMgmt OBJECT IDENTIFIER ::= { tnIPSourceGuardMIBObjects 1 } -- -- tnIPSourceGuardTable -- tnIPSourceGuardTable OBJECT-TYPE SYNTAX SEQUENCE OF TnIPSourceGuardEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is for user to configure the global settings of IP Source Guard." ::= { tnIPSourceGuardMgmt 1 } tnIPSourceGuardEntry OBJECT-TYPE SYNTAX TnIPSourceGuardEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry represents a global configuration of IP Source Guard." INDEX { entPhysicalIndex } ::= { tnIPSourceGuardTable 1 } TnIPSourceGuardEntry ::= SEQUENCE { tnIPSourceGuardGlobalMode TruthValue, tnIPSourceGuardDynamicToStatic TruthValue } tnIPSourceGuardGlobalMode OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Set true(1) to enable or false(2) to disable the global IP Source Guard function. Only when both Global Mode and Port Mode on a given port are enabled, IP Source Guard is enabled on this given port." DEFVAL { false } ::= { tnIPSourceGuardEntry 1 } tnIPSourceGuardDynamicToStatic OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Set true(1) to translate all dynamic entries to static entries. It will be always returned the default value false(2) when queried." DEFVAL { false } ::= { tnIPSourceGuardEntry 2 } -- -- tnIPSourceGuardIfTable -- tnIPSourceGuardIfTable OBJECT-TYPE SYNTAX SEQUENCE OF TnIPSourceGuardIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lets user to configure the IP Source Guard for each port." ::= { tnIPSourceGuardMgmt 2 } tnIPSourceGuardIfEntry OBJECT-TYPE SYNTAX TnIPSourceGuardIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry represents a IP Source Guard setting on a port." INDEX { ifIndex } ::= { tnIPSourceGuardIfTable 1 } TnIPSourceGuardIfEntry ::= SEQUENCE { tnIPSourceGuardIfMode TruthValue, tnIPSourceGuardIfMaxDynamicClients INTEGER } tnIPSourceGuardIfMode OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Set true(1) to enable or false(2) to disable the IP Source Guard function on the given port. Only when both Global Mode and Port Mode on a given port are enabled, IP Source Guard is enabled on this given port. " DEFVAL { false } ::= { tnIPSourceGuardIfEntry 1 } tnIPSourceGuardIfMaxDynamicClients OBJECT-TYPE SYNTAX INTEGER { zero (0), -- only allow the IP packets forwarding that are -- matched in static entries on the specific port. one (1), -- only one dynamic client that can be learned -- on the given port. two (2), -- only two dynamic clients that can be learned -- on the given port. unlimited (65535) -- no limitation for dynamic clients that can be -- learned on the given port. } MAX-ACCESS read-write STATUS current DESCRIPTION "Specify the maximum number of dynamic clients that can be learned on given port. This value can be 0, 1, 2 or unlimited. If the port mode is enabled and the value of max dynamic client is equal to 0, it means only allow the IP packets forwarding that are matched in static entries on the specific port." DEFVAL { unlimited } ::= { tnIPSourceGuardIfEntry 2 } -- -- tnIPSourceGuardStaticTable -- tnIPSourceGuardStaticTable OBJECT-TYPE SYNTAX SEQUENCE OF TnIPSourceGuardStaticEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lets user to configure the static entries for IP Source Guard." ::= { tnIPSourceGuardMgmt 3 } tnIPSourceGuardStaticEntry OBJECT-TYPE SYNTAX TnIPSourceGuardStaticEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry represents a static entry of IP Source Guard." INDEX { tnIPSourceGuardStaticPort, tnIPSourceGuardStaticVlanID, tnIPSourceGuardStaticAddrType, tnIPSourceGuardStaticAddr, tnIPSourceGuardStaticMask } ::= { tnIPSourceGuardStaticTable 1 } TnIPSourceGuardStaticEntry ::= SEQUENCE { tnIPSourceGuardStaticPort InterfaceIndex, tnIPSourceGuardStaticVlanID INTEGER, tnIPSourceGuardStaticAddrType InetAddressType, tnIPSourceGuardStaticAddr InetAddress, tnIPSourceGuardStaticMask InetAddressPrefixLength, tnIPSourceGuardStaticMacAddress MacAddress, tnIPSourceGuardStaticRowStatus RowStatus } tnIPSourceGuardStaticPort OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The port number for the settings." ::= { tnIPSourceGuardStaticEntry 1 } tnIPSourceGuardStaticVlanID OBJECT-TYPE SYNTAX INTEGER (1..4094) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The vlan id for the settings." ::= { tnIPSourceGuardStaticEntry 2 } tnIPSourceGuardStaticAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "Address type of Source IP. For a detailed description of this type, please refer to INET-ADDRESS-MIB." ::= { tnIPSourceGuardStaticEntry 3 } tnIPSourceGuardStaticAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Address of Source IP. For a detailed description of this type, please refer to INET-ADDRESS-MIB." ::= { tnIPSourceGuardStaticEntry 4 } tnIPSourceGuardStaticMask OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS not-accessible STATUS current DESCRIPTION "Mask of Source IP. For a detailed description of this type, please refer to INET-ADDRESS-MIB." ::= { tnIPSourceGuardStaticEntry 5 } tnIPSourceGuardStaticMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Mac Address of Source IP." ::= { tnIPSourceGuardStaticEntry 6 } tnIPSourceGuardStaticRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Row status of static IP Source Guard." ::= { tnIPSourceGuardStaticEntry 7} -- -- tnIPSourceGuardDynamicTable -- tnIPSourceGuardDynamicTable OBJECT-TYPE SYNTAX SEQUENCE OF TnIPSourceGuardDynamicEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lets user to configure the dynamic entries for IP Source Guard." ::= { tnIPSourceGuardMgmt 4 } tnIPSourceGuardDynamicEntry OBJECT-TYPE SYNTAX TnIPSourceGuardDynamicEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry represents a dynamic entry of IP Source Guard." INDEX { tnIPSourceGuardDynamicPort, tnIPSourceGuardDynamicVlanID, tnIPSourceGuardDynamicAddrType, tnIPSourceGuardDynamicAddr, tnIPSourceGuardDynamicMask } ::= { tnIPSourceGuardDynamicTable 1 } TnIPSourceGuardDynamicEntry ::= SEQUENCE { tnIPSourceGuardDynamicPort InterfaceIndex, tnIPSourceGuardDynamicVlanID INTEGER, tnIPSourceGuardDynamicAddrType InetAddressType, tnIPSourceGuardDynamicAddr InetAddress, tnIPSourceGuardDynamicMask InetAddressPrefixLength, tnIPSourceGuardDynamicMacAddress MacAddress } tnIPSourceGuardDynamicPort OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The port number for the settings." ::= { tnIPSourceGuardDynamicEntry 1 } tnIPSourceGuardDynamicVlanID OBJECT-TYPE SYNTAX INTEGER (1..4094) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The vlan id for the settings. " ::= { tnIPSourceGuardDynamicEntry 2 } tnIPSourceGuardDynamicAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "Address type of Source IP. For a detailed description of this type, please refer to INET-ADDRESS-MIB." ::= { tnIPSourceGuardDynamicEntry 3 } tnIPSourceGuardDynamicAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Address of Source IP. For a detailed description of this type, please refer to INET-ADDRESS-MIB." ::= { tnIPSourceGuardDynamicEntry 4 } tnIPSourceGuardDynamicMask OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS not-accessible STATUS current DESCRIPTION "Mask of Source IP. For a detailed description of this type, please refer to INET-ADDRESS-MIB." ::= { tnIPSourceGuardDynamicEntry 5 } tnIPSourceGuardDynamicMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Mac Address of Source IP." ::= { tnIPSourceGuardDynamicEntry 6 } -- -- Notifications -- END