david/mibs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
mibs/MIBS/comware/HH3C-DHCPSNOOP-MIB
David Leutgeb 98a672123c Initial commit
2023-12-05 12:25:34 +01:00

306 lines
10 KiB
Plaintext
Raw Permalink Blame History

-- ==================================================================
-- Copyright (C) 2004-2014 New H3C Tech. Co., Ltd. All rights reserved.
--
-- Description: DHCP Snooping MIB
-- Reference:
-- Version: V1.3
-- History:
-- V1.0 The initial version, created by FuJiajia, 2004.12.29
-- V1.1 2006-03-08 updated by HeHangjun
-- Added hh3cDhcpSnoopVlanTable
-- V1.2 2007-06-18 updated by qizhenglin
-- Added hh3cDhcpSnoopSpoofServerDetected
-- hh3cDhcpSnoopSpoofServerMac
-- hh3cDhcpSnoopSpoofServerIP
-- V1.3 2013-10-16 updated by xuyufei
-- Added hh3cDhcpSnoopNewBinding
-- hh3cDhcpSnoopBindingIP
-- hh3cDhcpSnoopBindingMac
-- ==================================================================
-- ==================================================================
--
-- Varibles and types be imported
--
-- ==================================================================
HH3C-DHCPSNOOP-MIB DEFINITIONS ::= BEGIN
IMPORTS
MacAddress
FROM SNMPv2-TC
MODULE-IDENTITY,OBJECT-TYPE,NOTIFICATION-TYPE,IpAddress,Integer32
FROM SNMPv2-SMI
ifIndex
FROM IF-MIB
hh3cdot1qVlanIndex
FROM HH3C-LswVLAN-MIB
InetAddressType, InetAddress
FROM INET-ADDRESS-MIB
hh3cCommon
FROM HH3C-OID-MIB
TruthValue
FROM SNMPv2-TC;
-- ==================================================================
--
-- ======================= definition begin =========================
--
-- ==================================================================
hh3cDhcpSnoop MODULE-IDENTITY
LAST-UPDATED "200501140000Z"
ORGANIZATION
"New H3C Tech. Co., Ltd."
CONTACT-INFO
"Platform Team New H3C Tech. Co., Ltd.
Hai-Dian District Beijing P.R. China
http://www.h3c.com
Zip:100085
"
DESCRIPTION
"The private MIB file includes the DHCP Snooping profile."
::= { hh3cCommon 36 }
hh3cDhcpSnoopMibObject OBJECT IDENTIFIER ::= { hh3cDhcpSnoop 1 }
hh3cDhcpSnoopEnable OBJECT-TYPE
SYNTAX INTEGER
{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION "DHCP Snooping status (enable or disable)."
DEFVAL { disable }
::= { hh3cDhcpSnoopMibObject 1 }
hh3cDhcpSnoopTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hh3cDhcpSnoopEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The table containing information of DHCP clients listened by
DHCP snooping and it's enabled or disabled by setting
hh3cDhcpSnoopEnable node."
::= { hh3cDhcpSnoopMibObject 2 }
hh3cDhcpSnoopEntry OBJECT-TYPE
SYNTAX Hh3cDhcpSnoopEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "An entry containing information of DHCP clients."
INDEX { hh3cDhcpSnoopClientIpAddressType, hh3cDhcpSnoopClientIpAddress }
::= { hh3cDhcpSnoopTable 1 }
Hh3cDhcpSnoopEntry ::=
SEQUENCE {
hh3cDhcpSnoopClientIpAddressType InetAddressType,
hh3cDhcpSnoopClientIpAddress InetAddress,
hh3cDhcpSnoopClientMacAddress MacAddress,
hh3cDhcpSnoopClientProperty INTEGER ,
hh3cDhcpSnoopClientUnitNum Integer32
}
hh3cDhcpSnoopClientIpAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "DHCP clients' IP addresses type (IPv4 or IPv6)."
DEFVAL { ipv4 }
::= { hh3cDhcpSnoopEntry 1 }
hh3cDhcpSnoopClientIpAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "DHCP clients' IP addresses collected by DHCP snooping."
::= { hh3cDhcpSnoopEntry 2 }
hh3cDhcpSnoopClientMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "DHCP clients' MAC addresses collected by DHCP snooping."
::= { hh3cDhcpSnoopEntry 3 }
hh3cDhcpSnoopClientProperty OBJECT-TYPE
SYNTAX INTEGER
{
static(1),
dynamic(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Method of getting IP addresses collected by DHCP snooping."
::= { hh3cDhcpSnoopEntry 4 }
hh3cDhcpSnoopClientUnitNum OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "IRF (Intelligent Resilient Fabric) unit number via whom the clients
get their IP addresses. The value 0 means this device does not support IRF."
::= { hh3cDhcpSnoopEntry 5 }
hh3cDhcpSnoopTrustTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hh3cDhcpSnoopTrustEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "A table is used to configure and monitor port trusted status."
::= { hh3cDhcpSnoopMibObject 3 }
hh3cDhcpSnoopTrustEntry OBJECT-TYPE
SYNTAX Hh3cDhcpSnoopTrustEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "An entry containing information about trusted status of ports."
INDEX { ifIndex }
::= { hh3cDhcpSnoopTrustTable 1 }
Hh3cDhcpSnoopTrustEntry ::=
SEQUENCE {
hh3cDhcpSnoopTrustStatus INTEGER
}
hh3cDhcpSnoopTrustStatus OBJECT-TYPE
SYNTAX INTEGER
{
untrusted(0),
trusted(1)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION "Trusted status of current port which supports both get and
set operation."
DEFVAL { untrusted }
::= { hh3cDhcpSnoopTrustEntry 1 }
hh3cDhcpSnoopVlanTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hh3cDhcpSnoopVlanEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "A table is used to configure and monitor DHCP Snooping
status of VLANs."
::= { hh3cDhcpSnoopMibObject 4 }
hh3cDhcpSnoopVlanEntry OBJECT-TYPE
SYNTAX Hh3cDhcpSnoopVlanEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The entry information about hh3cDhcpSnoopVlanTable."
INDEX
{
hh3cDhcpSnoopVlanIndex
}
::= { hh3cDhcpSnoopVlanTable 1 }
Hh3cDhcpSnoopVlanEntry ::=
SEQUENCE
{
hh3cDhcpSnoopVlanIndex Integer32,
hh3cDhcpSnoopVlanEnable TruthValue
}
hh3cDhcpSnoopVlanIndex OBJECT-TYPE
SYNTAX Integer32(0..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Current VLAN index."
::= { hh3cDhcpSnoopVlanEntry 1 }
hh3cDhcpSnoopVlanEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION "DHCP Snooping status of current VLAN."
DEFVAL { false }
::= { hh3cDhcpSnoopVlanEntry 2 }
-- ==================================================================
--
-- ======================= trap definition begin ====================
--
-- ==================================================================
hh3cDhcpSnoopTraps OBJECT IDENTIFIER ::= { hh3cDhcpSnoop 2 }
hh3cDhcpSnoopTrapsPrefix OBJECT IDENTIFIER ::= { hh3cDhcpSnoopTraps 0 }
hh3cDhcpSnoopTrapsObject OBJECT IDENTIFIER ::= { hh3cDhcpSnoopTraps 1 }
hh3cDhcpSnoopSpoofServerMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION "MAC address of the spoofing server and it is derived from
link-layer header of offer packet. If the offer packet is relayed
by dhcp relay entity, it may be the MAC address of relay entity.
"
::= { hh3cDhcpSnoopTrapsObject 1 }
hh3cDhcpSnoopSpoofServerIP OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION "IP address of the spoofing server and it is derived from
IP header of offer packet. A tricksy host may send offer packet use
other host's address, so this address can not always be trust.
"
::= { hh3cDhcpSnoopTrapsObject 2 }
hh3cDhcpSnoopBindingIP OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION "IP address of a new binding. "
::= { hh3cDhcpSnoopTrapsObject 3 }
hh3cDhcpSnoopBindingMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION "MAC address of a new binding. "
::= { hh3cDhcpSnoopTrapsObject 4 }
hh3cDhcpSnoopSpoofServerDetected NOTIFICATION-TYPE
OBJECTS
{
ifIndex, -- The interface from which an
-- illegal dhcp server accessed
hh3cdot1qVlanIndex, -- The vlan from which an illegal
-- dhcp server accessed
hh3cDhcpSnoopSpoofServerMac,
hh3cDhcpSnoopSpoofServerIP
}
STATUS current
DESCRIPTION
"To detect unauthorized DHCP servers on a network, the DHCP snooping
device sends DHCP-DISCOVER messages through its downstream port
(which is connected to the DHCP clients).
If any response (DHCP-OFFER message) is received from the downstream port,
an unauthorized DHCP server is considered present, and then the device
sends a trap.
With unauthorized DHCP server detection enabled, the interface sends a
DHCP-DISCOVER message to detect unauthorized DHCP servers on the network.
If this interface receives a DHCP-OFFER message, the DHCP server which
sent it is considered unauthorized. "
::= { hh3cDhcpSnoopTrapsPrefix 1 }
hh3cDhcpSnoopNewBinding NOTIFICATION-TYPE
OBJECTS
{
hh3cDhcpSnoopBindingIP,
hh3cDhcpSnoopBindingMac
}
STATUS current
DESCRIPTION
"The device sends a trap when adding a new binding."
::= { hh3cDhcpSnoopTrapsPrefix 2 }
END
Reference in New Issue View Git Blame Copy Permalink