465 lines
17 KiB
Plaintext
465 lines
17 KiB
Plaintext
-- *****************************************************************
|
|
-- DLINKSW-IP-SOURCE-GUARD-MIB.mib : IP Source Guard MIB
|
|
--
|
|
-- Copyright (c) 2013 D-Link Corporation, all rights reserved.
|
|
--
|
|
-- *****************************************************************
|
|
|
|
DLINKSW-IP-SOURCE-GUARD-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
MacAddress,
|
|
RowStatus
|
|
FROM SNMPv2-TC
|
|
ifIndex,
|
|
InterfaceIndex
|
|
FROM IF-MIB
|
|
InetAddressIPv4
|
|
FROM INET-ADDRESS-MIB
|
|
VlanId
|
|
FROM Q-BRIDGE-MIB
|
|
Dlink2kVlanList
|
|
FROM DLINKSW-TC-MIB
|
|
dlinkIndustrialCommon
|
|
FROM DLINK-ID-REC-MIB;
|
|
|
|
|
|
dlinkSwIpSourceGuardMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201307180000Z"
|
|
ORGANIZATION "D-Link Corp."
|
|
CONTACT-INFO
|
|
" D-Link Corporation
|
|
|
|
Postal: No. 289, Sinhu 3rd Rd., Neihu District,
|
|
Taipei City 114, Taiwan, R.O.C
|
|
Tel: +886-2-66000123
|
|
E-mail: tsd@dlink.com.tw
|
|
"
|
|
DESCRIPTION
|
|
"The MIB module is for configuration of IP Source Guard feature."
|
|
|
|
REVISION "201307180000Z"
|
|
DESCRIPTION
|
|
"Initial revision of this MIB module."
|
|
::= { dlinkIndustrialCommon 132 }
|
|
|
|
|
|
dIpSourceGuardMIBNotifs OBJECT IDENTIFIER ::= { dlinkSwIpSourceGuardMIB 0 }
|
|
dIpSourceGuardMIBObjects OBJECT IDENTIFIER ::= { dlinkSwIpSourceGuardMIB 1 }
|
|
dIpSourceGuardMIBConformance OBJECT IDENTIFIER ::= { dlinkSwIpSourceGuardMIB 2 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dIpsgBindings OBJECT IDENTIFIER ::= { dIpSourceGuardMIBObjects 1 }
|
|
dIpsgSrcGuard OBJECT IDENTIFIER ::= { dIpSourceGuardMIBObjects 2 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dIpsgStaticBindingsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DigStaticBindingsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table provides the manual bindings information.
|
|
e.g.
|
|
VLAN MAC Address IP Address Interface
|
|
---- ----------------- ---------- ---------
|
|
2000 00.01.02.03.04.05 172.18.1.1 8
|
|
3000 00.05.06.07.08.09 10.1.1.1 3
|
|
4094 00.10.20.30.40.55 1.1.1.1 5
|
|
4094 00.10.20.30.40.55 1.1.1.1 6
|
|
4094 00.10.20.30.40.55 1.1.1.1 8
|
|
"
|
|
::= { dIpsgBindings 1 }
|
|
|
|
dIpsgStaticBindingsEntry OBJECT-TYPE
|
|
SYNTAX DigStaticBindingsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry defines a manual binding.
|
|
"
|
|
INDEX {
|
|
dIpsgStaticBindingsVlan,
|
|
dIpsgStaticBindingsMacAddress,
|
|
dIpsgStaticBindingsIpAddress,
|
|
dIpsgStaticBindingsInterface
|
|
}
|
|
::= { dIpsgStaticBindingsTable 1 }
|
|
|
|
DigStaticBindingsEntry ::= SEQUENCE {
|
|
dIpsgStaticBindingsVlan VlanId,
|
|
dIpsgStaticBindingsMacAddress MacAddress,
|
|
dIpsgStaticBindingsIpAddress InetAddressIPv4,
|
|
dIpsgStaticBindingsInterface InterfaceIndex,
|
|
dIpsgStaticBindingsRowStatus RowStatus
|
|
}
|
|
|
|
dIpsgStaticBindingsVlan OBJECT-TYPE
|
|
SYNTAX VlanId
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the VLAN to which a host belongs."
|
|
::= { dIpsgStaticBindingsEntry 1 }
|
|
|
|
dIpsgStaticBindingsMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the MAC address of a host."
|
|
::= { dIpsgStaticBindingsEntry 2 }
|
|
|
|
dIpsgStaticBindingsIpAddress OBJECT-TYPE
|
|
SYNTAX InetAddressIPv4
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the allocated IP address of host."
|
|
::= { dIpsgStaticBindingsEntry 3 }
|
|
|
|
dIpsgStaticBindingsInterface OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the ifIndex value of the interface
|
|
where a host connects to."
|
|
::= { dIpsgStaticBindingsEntry 4 }
|
|
|
|
dIpsgStaticBindingsRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to manage the creation and deletion
|
|
of rows in this table.
|
|
"
|
|
::= { dIpsgStaticBindingsEntry 99 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dIpsgIfSrcGuardConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DigIfSrcGuardConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table provides the mechanism to enable or disable
|
|
IP Source Guard at every interface capable of
|
|
this feature.
|
|
|
|
When DHCP Snooping is enabled at an interface, a list of
|
|
IP addresses is obtained through DHCP Snooping for this
|
|
particular interface. If IP Source Guard is enabled, only
|
|
traffic from these IP addresses is allowed to pass through
|
|
the interface."
|
|
::= { dIpsgSrcGuard 1 }
|
|
|
|
dIpsgIfSrcGuardConfigEntry OBJECT-TYPE
|
|
SYNTAX DigIfSrcGuardConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row instance contains the configuration to enable
|
|
or disable IP Source Guard as well as the configuration
|
|
of the filter type at each interface capable
|
|
of IP Source Guard feature."
|
|
INDEX { ifIndex }
|
|
::= { dIpsgIfSrcGuardConfigTable 1 }
|
|
|
|
DigIfSrcGuardConfigEntry ::= SEQUENCE {
|
|
dIpsgIfSrcGuardFilterType INTEGER
|
|
}
|
|
|
|
dIpsgIfSrcGuardFilterType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disable(1),
|
|
ip(2),
|
|
ipMac(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the traffic filter type applied
|
|
at this interface.
|
|
|
|
'disable' - indicates that IP Source Guard feature is disabled.
|
|
|
|
'ip' - the validation is based on source IP address and VLAN only.
|
|
|
|
'ipMac' - the validation is based on the source MAC address, VLAN and IP address.
|
|
"
|
|
::= { dIpsgIfSrcGuardConfigEntry 1 }
|
|
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dIpsgIfSrcGuardAddrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DigIfSrcGuardAddrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table provides the information on IP addresses used
|
|
for IP Source Guard purpose at every interface capable of this
|
|
feature."
|
|
::= { dIpsgSrcGuard 2 }
|
|
|
|
dIpsgIfSrcGuardAddrEntry OBJECT-TYPE
|
|
SYNTAX DigIfSrcGuardAddrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry defines a binding information that is used to guard the
|
|
IP traffic.
|
|
The binding entry may be either manually configured or
|
|
automatically learned via DHCP snooping.
|
|
"
|
|
INDEX {
|
|
ifIndex,
|
|
dIpsgIfSrcGuardIndex
|
|
}
|
|
::= { dIpsgIfSrcGuardAddrTable 1 }
|
|
|
|
DigIfSrcGuardAddrEntry ::= SEQUENCE {
|
|
dIpsgIfSrcGuardIndex Unsigned32,
|
|
dIpsgIfSrcGuardFilterMode INTEGER,
|
|
dIpsgIfSrcGuardIpAddress InetAddressIPv4,
|
|
dIpsgIfSrcGuardIpFilterAction INTEGER,
|
|
dIpsgIfSrcGuardMacAddress MacAddress,
|
|
dIpsgIfSrcGuardMacFilterAction INTEGER,
|
|
dIpsgIfSrcGuardVlansFirst2K Dlink2kVlanList,
|
|
dIpsgIfSrcGuardVlansSecond2K Dlink2kVlanList
|
|
}
|
|
|
|
dIpsgIfSrcGuardIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 ( 1 ..65535 )
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to index the dIpsgIfSrcGuardAddrTable.
|
|
This index is for SNMP purposes only, and has no intrinsic meaning."
|
|
::= { dIpsgIfSrcGuardAddrEntry 1 }
|
|
|
|
dIpsgIfSrcGuardFilterMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
inactiveTrustPort(2),
|
|
inactiveNoSnoopingVlan(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the Source Guard filter mode at
|
|
this interface.
|
|
|
|
active(1) indicates that the Source Guard feature is
|
|
active at this interface.
|
|
|
|
inactiveTrustPort(2) indicates that the Source Guard
|
|
feature is inactive because this interface is a DHCP
|
|
Snooping trust interface and all IP traffic is permitted.
|
|
In this case, dIpsgIfSrcGuardIpFilterAction is 'permitAllIpAdress'.
|
|
|
|
inactiveNoSnoopingVlan(3) indicates that the Source
|
|
Guard feature is inactive because this interface
|
|
does not have a VLAN which has DHCP Snooping enabled and
|
|
no IP source verify entry is active. In this case, all IP traffic
|
|
is denied and dIpsgIfSrcGuardIpFilterAction is 'denyAllIpAddress'.
|
|
|
|
If this object is not 'active', the entry is a special entry:
|
|
traffic from any VLANs on the interface has the same behavior
|
|
indicated by dIpsgIfSrcGuardIpFilterAction and both
|
|
dIpsgIfSrcGuardVlansFirst2K and dIpsgIfSrcGuardVlansSecond2K
|
|
are empty.
|
|
"
|
|
::= { dIpsgIfSrcGuardAddrEntry 2 }
|
|
|
|
dIpsgIfSrcGuardIpAddress OBJECT-TYPE
|
|
SYNTAX InetAddressIPv4
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the IP address of the entry.
|
|
A special value of '0.0.0.0' indicates this object is meaningless.
|
|
"
|
|
::= { dIpsgIfSrcGuardAddrEntry 3 }
|
|
|
|
dIpsgIfSrcGuardIpFilterAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
permitIpAddress(1),
|
|
permitAllIpAdress(2),
|
|
denyAllIpAddress(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the IP Source Guard action
|
|
applied at this interface with respect to IP traffic.
|
|
|
|
permitIpAddress(1) - indicates that matching IP traffic will be allowed
|
|
to go through. What is matching traffic depends on the value of
|
|
dIpsgIfSrcGuardMacFilterAction.
|
|
|
|
permitAllIpAdress(2) indicates that all IP traffic coming to this
|
|
interface will be allowed. In this case, dIpsgIfSrcGuardIpAddress
|
|
is 0.0.0.0.
|
|
|
|
denyAllIpAdress(3) indicates that all IP traffic coming to this
|
|
interface will be dropped. In this case, dIpsgIfSrcGuardIpAddress
|
|
is 0.0.0.0.
|
|
|
|
When this object is not 'permitIpAddress', the value of
|
|
dIpsgIfSrcGuardMacFilterAction is meaningless.
|
|
"
|
|
::= { dIpsgIfSrcGuardAddrEntry 4 }
|
|
|
|
dIpsgIfSrcGuardMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the MAC address of the entry.
|
|
A special value of '000000000000'H indicates this object is
|
|
meaningless.
|
|
"
|
|
::= { dIpsgIfSrcGuardAddrEntry 5 }
|
|
|
|
dIpsgIfSrcGuardMacFilterAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
allowMacAddress(1),
|
|
permitAllMacAddresses(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the Source Guard action
|
|
applied when the traffic matching the entry:
|
|
|
|
allowMacAddress(1) - indicates that the IP traffic (compared
|
|
source IP and source MAC with dIpsgIfSrcGuardIpAddress and
|
|
dIpsgIfSrcGuardMacAddress respectively) will be allowed
|
|
to go through.
|
|
|
|
permitAllMacAddresses(2) - If dIpsgIfSrcGuardIpFilterAction is
|
|
'permitIpAddress', this value indicates that all the IP matching
|
|
traffic (compared source IP with dIpsgIfSrcGuardIpAddress only)
|
|
will be allowed to go through.
|
|
|
|
When dIpsgIfSrcGuardIpFilterAction is 'permitAllIpAdress' or
|
|
'denyAllIpAdress', this object is meaningless.
|
|
|
|
When dIpsgIfSrcGuardMacFilterAction is 'permitAllMacAddresses',
|
|
dIpsgIfSrcGuardMacAddress is meaningless and
|
|
'000000000000'H is used to indicate it.
|
|
"
|
|
::= { dIpsgIfSrcGuardAddrEntry 6 }
|
|
|
|
dIpsgIfSrcGuardVlansFirst2K OBJECT-TYPE
|
|
SYNTAX Dlink2kVlanList
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the VLANs the entry is applied to in a
|
|
string of octets containing one bit per VLAN for VLANs 1 to 2048.
|
|
If the bit is set to '1', then the IP Source Guard is enabled on
|
|
the VLAN.
|
|
"
|
|
::= { dIpsgIfSrcGuardAddrEntry 7 }
|
|
|
|
dIpsgIfSrcGuardVlansSecond2K OBJECT-TYPE
|
|
SYNTAX Dlink2kVlanList
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the VLANs the entry is applied to in a
|
|
string of octets containing one bit per VLAN for VLANs 2049 to 4094.
|
|
If the bit is set to '1', then the IP Source Guard is enabled on
|
|
the VLAN.
|
|
"
|
|
::= { dIpsgIfSrcGuardAddrEntry 8 }
|
|
|
|
|
|
-- Conformance
|
|
|
|
dIpsgMIBCompliances OBJECT IDENTIFIER ::= { dIpSourceGuardMIBConformance 1 }
|
|
dIpsgMIBGroups OBJECT IDENTIFIER ::= { dIpSourceGuardMIBConformance 2 }
|
|
|
|
|
|
dIpsgMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for the DLINKSW-IP-SOURCE-GUARD-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
dIpsgIfSrcGuardTrafficFilterGroup,
|
|
dIpsgVerifySrcInfoGroup
|
|
}
|
|
|
|
GROUP dIpsgStaticBindingsGroup
|
|
DESCRIPTION
|
|
"This group is mandatory only for platforms which support
|
|
the DHCP bindings data statically configured by (local
|
|
or network) management."
|
|
|
|
|
|
GROUP dIpsgVerifySrcInfoExtGroup
|
|
DESCRIPTION
|
|
"This group is mandatory only for platforms which support
|
|
interface IP and MAC source guard feature."
|
|
|
|
::= { dIpsgMIBCompliances 1 }
|
|
|
|
-- Units of Conformance
|
|
|
|
dIpsgStaticBindingsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
dIpsgStaticBindingsRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects which are used to configure
|
|
as well as show information regarding the static binding data
|
|
for IP Source Guard."
|
|
::= { dIpsgMIBGroups 1 }
|
|
|
|
dIpsgVerifySrcInfoGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
dIpsgIfSrcGuardIpAddress,
|
|
dIpsgIfSrcGuardIpFilterAction,
|
|
dIpsgIfSrcGuardFilterMode
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects which are used to show information
|
|
regarding interface IP source guard purpose."
|
|
::= { dIpsgMIBGroups 2 }
|
|
|
|
dIpsgVerifySrcInfoExtGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
dIpsgIfSrcGuardMacAddress,
|
|
dIpsgIfSrcGuardMacFilterAction,
|
|
dIpsgIfSrcGuardVlansFirst2K,
|
|
dIpsgIfSrcGuardVlansSecond2K
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects which are used to indicate additional
|
|
information regarding the IP source guard feature."
|
|
::= { dIpsgMIBGroups 3 }
|
|
|
|
dIpsgIfSrcGuardTrafficFilterGroup OBJECT-GROUP
|
|
OBJECTS { dIpsgIfSrcGuardFilterType }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects which are used to configure the
|
|
type of traffic to be filtered by IP source guard feature."
|
|
::= { dIpsgMIBGroups 4 }
|
|
|
|
END
|
|
|
|
|