348 lines
12 KiB
Plaintext
348 lines
12 KiB
Plaintext
-- ============================================================================
|
|
-- AT-DHCPSN-MIB, Allied Telesis enterprise MIB: DHCP Snooping
|
|
--
|
|
-- Copyright (c) 2009 by Allied Telesis, Inc.
|
|
-- All rights reserved.
|
|
--
|
|
-- ============================================================================
|
|
|
|
|
|
AT-DHCPSN-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
modules
|
|
FROM AT-SMI-MIB
|
|
IpAddress, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE
|
|
FROM SNMPv2-SMI
|
|
DisplayString
|
|
FROM SNMPv2-TC;
|
|
|
|
|
|
atDhcpsn MODULE-IDENTITY
|
|
LAST-UPDATED "201009070000Z"
|
|
ORGANIZATION
|
|
"Allied Telesis, Inc"
|
|
CONTACT-INFO
|
|
"http://www.alliedtelesis.com"
|
|
DESCRIPTION
|
|
"Added two more violation types for DHCP Snooping."
|
|
REVISION "201009070000Z"
|
|
DESCRIPTION
|
|
"Generic syntax tidy up"
|
|
REVISION "201006140445Z"
|
|
DESCRIPTION
|
|
"MIB revision history dates in descriptions updated."
|
|
REVISION "201002090130Z"
|
|
DESCRIPTION
|
|
"This MIB file contains definitions of managed objects for DHCP
|
|
Snooping in AlliedWare Plus."
|
|
REVISION "200912100130Z"
|
|
DESCRIPTION
|
|
"Initial Revision"
|
|
::= { modules 537 }
|
|
|
|
|
|
|
|
|
|
--
|
|
-- Node definitions
|
|
--
|
|
|
|
atDhcpsnEvents OBJECT IDENTIFIER ::= { atDhcpsn 0 }
|
|
|
|
|
|
atDhcpsnTrap NOTIFICATION-TYPE
|
|
OBJECTS { atDhcpsnIfIndex, atDhcpsnVid, atDhcpsnSmac, atDhcpsnOpcode, atDhcpsnCiaddr,
|
|
atDhcpsnYiaddr, atDhcpsnGiaddr, atDhcpsnSiaddr, atDhcpsnChaddr, atDhcpsnVioType
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"DHCP Snooping violation trap."
|
|
::= { atDhcpsnEvents 1 }
|
|
|
|
|
|
atArpsecTrap NOTIFICATION-TYPE
|
|
OBJECTS { atArpsecIfIndex, atArpsecClientIP, atArpsecSrcMac, atArpsecVid, atArpsecVioType
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"DHCP Snooping ARP Security violation trap."
|
|
::= { atDhcpsnEvents 2 }
|
|
|
|
|
|
atDhcpsnVariablesTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AtDhcpsnVariablesEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains rows of DHCP Snooping information."
|
|
::= { atDhcpsn 1 }
|
|
|
|
|
|
atDhcpsnVariablesEntry OBJECT-TYPE
|
|
SYNTAX AtDhcpsnVariablesEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A set of parameters that describe the DHCP Snooping features."
|
|
INDEX { atDhcpsnIfIndex }
|
|
::= { atDhcpsnVariablesTable 1 }
|
|
|
|
|
|
AtDhcpsnVariablesEntry ::=
|
|
SEQUENCE {
|
|
atDhcpsnIfIndex
|
|
INTEGER,
|
|
atDhcpsnVid
|
|
INTEGER,
|
|
atDhcpsnSmac
|
|
DisplayString,
|
|
atDhcpsnOpcode
|
|
INTEGER,
|
|
atDhcpsnCiaddr
|
|
IpAddress,
|
|
atDhcpsnYiaddr
|
|
IpAddress,
|
|
atDhcpsnGiaddr
|
|
IpAddress,
|
|
atDhcpsnSiaddr
|
|
IpAddress,
|
|
atDhcpsnChaddr
|
|
DisplayString,
|
|
atDhcpsnVioType
|
|
INTEGER
|
|
}
|
|
|
|
atDhcpsnIfIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (1..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Ifindex of the port that the packet was received on."
|
|
::= { atDhcpsnVariablesEntry 1 }
|
|
|
|
|
|
atDhcpsnVid OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VLAN ID of the port that the packet was received on."
|
|
::= { atDhcpsnVariablesEntry 2 }
|
|
|
|
|
|
atDhcpsnSmac OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC address of the packet that caused the trap."
|
|
::= { atDhcpsnVariablesEntry 3 }
|
|
|
|
|
|
atDhcpsnOpcode OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
bootpRequest(1),
|
|
bootpReply(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Opcode value of the BOOTP packet that caused the trap. Only
|
|
bootpRequest(1) or bootpReply(2) is valid."
|
|
::= { atDhcpsnVariablesEntry 4 }
|
|
|
|
|
|
atDhcpsnCiaddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Ciaddr value of the BOOTP packet that caused the trap."
|
|
::= { atDhcpsnVariablesEntry 5 }
|
|
|
|
|
|
atDhcpsnYiaddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Yiaddr value of the BOOTP packet that caused the trap."
|
|
::= { atDhcpsnVariablesEntry 6 }
|
|
|
|
|
|
atDhcpsnGiaddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Giaddr value of the BOOTP packet that caused the trap."
|
|
::= { atDhcpsnVariablesEntry 7 }
|
|
|
|
|
|
atDhcpsnSiaddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Siaddr value of the BOOTP packet that caused the trap."
|
|
::= { atDhcpsnVariablesEntry 8 }
|
|
|
|
|
|
atDhcpsnChaddr OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Chaddr value of the BOOTP packet that caused the trap."
|
|
::= { atDhcpsnVariablesEntry 9 }
|
|
|
|
|
|
atDhcpsnVioType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalidBootp(1),
|
|
invalidDhcpAck(2),
|
|
invalidDhcpRelDec(3),
|
|
invalidIp(4),
|
|
maxBindExceeded(5),
|
|
opt82InsertErr(6),
|
|
opt82RxInvalid(7),
|
|
opt82RxUntrusted(8),
|
|
opt82TxUntrusted(9),
|
|
replyRxUntrusted(10),
|
|
srcMacChaddrMismatch(11),
|
|
staticEntryExisted(12),
|
|
dbAddErr(13)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The reason that the trap was generated. invalidBootp(1) indicates
|
|
that the received BOOTP packet was invalid. For example, it is
|
|
neither BootpRequest nor BootpReply. invalidDhcpAck(2) indicates
|
|
that the received DHCP ACK was invalid. invalidDhcpRelDec(3) indicates
|
|
the DHCP Release or Decline was invalid. invalidIp(4) indicates
|
|
that the received IP packet was invalid. maxBindExceeded(5) indicates
|
|
that if the entry was added, the maximum bindings configured for
|
|
the port would be exceeded. opt82InsertErr(6) indicates that the
|
|
insertion of Option 82 failed. opt82RxInvalid(7) indicates that
|
|
the received Option 82 information was invalid. opt82RxUntrusted(8)
|
|
indicates that Option 82 information was received on an untrusted
|
|
port. opt82TxUntrusted(9) indicates that Option 82 would have been
|
|
transmitted out an untrusted port. replyRxUntrusted(10) indicates
|
|
that a BOOTP Reply was received on an untrusted port.
|
|
srcMacChaddrMismatch(11) indicates that the source MAC address of
|
|
the packet did not match the BOOTP CHADDR of the packet.
|
|
staticEntryExisted(12) indicates that the static entry to be added
|
|
already exists. dbAddErr(13) indicates that adding an entry to the
|
|
database failed."
|
|
::= { atDhcpsnVariablesEntry 10 }
|
|
|
|
-- -------------------------------------------- --
|
|
-- The ARP Security violation table
|
|
-- -------------------------------------------- --
|
|
atArpsecVariablesTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AtArpsecVariablesEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains rows of DHCP Snooping ARP Security information."
|
|
::= { atDhcpsn 2 }
|
|
|
|
|
|
atArpsecVariablesEntry OBJECT-TYPE
|
|
SYNTAX AtArpsecVariablesEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A set of parameters that describe the DHCP Snooping ARP Security features."
|
|
INDEX { atArpsecIfIndex }
|
|
::= { atArpsecVariablesTable 1 }
|
|
|
|
|
|
AtArpsecVariablesEntry ::=
|
|
SEQUENCE {
|
|
atArpsecIfIndex
|
|
INTEGER,
|
|
atArpsecClientIP
|
|
IpAddress,
|
|
atArpsecSrcMac
|
|
DisplayString,
|
|
atArpsecVid
|
|
INTEGER,
|
|
atArpsecVioType
|
|
INTEGER
|
|
}
|
|
|
|
atArpsecIfIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (1..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Ifindex of the port that the ARP packet was received on."
|
|
::= { atArpsecVariablesEntry 1 }
|
|
|
|
|
|
atArpsecClientIP OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP address of the ARP packet."
|
|
::= { atArpsecVariablesEntry 2 }
|
|
|
|
|
|
atArpsecSrcMac OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC address of the ARP packet."
|
|
::= { atArpsecVariablesEntry 3 }
|
|
|
|
|
|
atArpsecVid OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VLAN ID of the port that the ARP packet was received on."
|
|
::= { atArpsecVariablesEntry 4 }
|
|
|
|
|
|
atArpsecVioType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
srcIpNotFound(1),
|
|
badVLAN(2),
|
|
badPort(3),
|
|
srcIpNotAllocated(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The reason that the trap was generated. srcIpNotFound(1) indicates
|
|
that the Sender IP address of the ARP packet was not found in the
|
|
DHCP Snooping database. badVLAN(2) indicates that the VLAN of the
|
|
DHCP Snooping binding entry associated with the Sender IP address
|
|
of the ARP packet does not match the VLAN that the ARP packet was
|
|
received on. badPort(3) indicates that the port of the DHCP
|
|
Snooping binding entry associated with the Sender IP address of the
|
|
ARP packet does not match the port that the ARP packet was received
|
|
on. srcIpNotAllocated(4) indicates that the CHADDR of the DHCP
|
|
Snooping binding entry associated with the Sender IP address of
|
|
the ARP packet does not match the Source MAC and/or the ARP source
|
|
MAC of the ARP packet."
|
|
::= { atArpsecVariablesEntry 5 }
|
|
|
|
|
|
|
|
END
|
|
|
|
--
|
|
-- at-dhcpsn.mib
|
|
--
|
|
|