502 lines
16 KiB
Plaintext
502 lines
16 KiB
Plaintext
|
|
GBNL2PortSecurity-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE,
|
|
Integer32, IpAddress,
|
|
NOTIFICATION-TYPE FROM SNMPv2-SMI
|
|
|
|
DisplayString, MacAddress,
|
|
RowStatus, TruthValue FROM SNMPv2-TC
|
|
|
|
MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF
|
|
|
|
gbnL2 FROM ADMIN-MASTER-MIB
|
|
;
|
|
|
|
gbnL2Switch OBJECT IDENTIFIER ::= { gbnL2 1 }
|
|
|
|
gbnL2PortSecurityMib MODULE-IDENTITY
|
|
LAST-UPDATED "201301240000Z" -- Jan 24, 2013
|
|
ORGANIZATION "Admin"
|
|
CONTACT-INFO "Admin
|
|
E-mail: support@admin.com"
|
|
|
|
DESCRIPTION "gbn PortSecurity Enterprise MIB definition."
|
|
|
|
REVISION "201301240000Z" -- Jan 24, 2013
|
|
DESCRIPTION "Initial MIB creation."
|
|
|
|
::= { gbnL2Switch 8 }
|
|
|
|
|
|
------------------------------------------------------------------------------
|
|
-- Textual Conventions (i.e., these do not affect object encoding):
|
|
------------------------------------------------------------------------------
|
|
--
|
|
-- "DURABLE":
|
|
-- Objects that are saved across a system reset and/or power cycle
|
|
-- are noted as "DURABLE" for convenience in the DESCRIPTION
|
|
-- section of the object definition. Code must be explicitly
|
|
-- written to implement these DURABLE objects.
|
|
--
|
|
|
|
------------------------------------------------------------------------------
|
|
-- define groups in gbn-PortSecurity-MIB
|
|
|
|
portSecurityNotifications OBJECT IDENTIFIER ::= { gbnL2PortSecurityMib 0 }
|
|
|
|
portSecurityPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF PortSecurityPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"table of information of ports."
|
|
REFERENCE
|
|
"9.6.1"
|
|
::= { gbnL2PortSecurityMib 1 }
|
|
|
|
portSecurityPortEntry OBJECT-TYPE
|
|
SYNTAX PortSecurityPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"table of information of ports."
|
|
INDEX { portSecurityPortNum }
|
|
::= { portSecurityPortTable 1 }
|
|
|
|
PortSecurityPortEntry ::=
|
|
SEQUENCE {
|
|
portSecurityPortNum
|
|
Unsigned32,
|
|
portSecurityEnable
|
|
TruthValue,
|
|
portSecurityMaxNum
|
|
Integer32,
|
|
portSecurityCurrentNum
|
|
Integer32,
|
|
portSecurityViolationMode
|
|
INTEGER,
|
|
portSecurityAgingStatic
|
|
TruthValue,
|
|
portSecurityAgingTime
|
|
Integer32,
|
|
portSecuritySticky
|
|
TruthValue,
|
|
portSecurityShutdown
|
|
TruthValue,
|
|
portSecurityRecovery
|
|
TruthValue,
|
|
portSecurityRecoveryTime
|
|
Integer32
|
|
}
|
|
|
|
portSecurityPortNum OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Port number associated with this Port."
|
|
::= { portSecurityPortEntry 1 }
|
|
|
|
|
|
portSecurityEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable/disable port security of this Port.default is disabled."
|
|
::= { portSecurityPortEntry 2 }
|
|
|
|
portSecurityMaxNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4000)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Max secure mac address.default is 0."
|
|
::= { portSecurityPortEntry 3 }
|
|
|
|
portSecurityCurrentNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4000)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Current mac address."
|
|
::= { portSecurityPortEntry 4 }
|
|
|
|
portSecurityViolationMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
protect(0), -- drop packets
|
|
restrict(1), -- drop packets, send trap
|
|
shutdown(2) -- drop packets, send trap, shutdown port
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"action when receive illegal packets.default is protect."
|
|
::= { portSecurityPortEntry 5 }
|
|
|
|
portSecurityAgingStatic OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"enable static mac aging.default is false."
|
|
::= { portSecurityPortEntry 6 }
|
|
|
|
portSecurityAgingTime OBJECT-TYPE
|
|
SYNTAX Integer32 (1..1440)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"value of aging time.default is 1 minute"
|
|
::= { portSecurityPortEntry 7 }
|
|
|
|
portSecuritySticky OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"enable sticky function.default is false."
|
|
::= { portSecurityPortEntry 8 }
|
|
|
|
portSecurityShutdown OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"whether port is shutdown by port-security."
|
|
::= { portSecurityPortEntry 9 }
|
|
|
|
portSecurityRecovery OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"whether port auto recovery after shutdown."
|
|
::= { portSecurityPortEntry 10 }
|
|
|
|
portSecurityRecoveryTime OBJECT-TYPE
|
|
SYNTAX Integer32 (1..3660)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"value of auto recovery time.default is 5 minute"
|
|
::= { portSecurityPortEntry 11 }
|
|
|
|
portSecurityMacRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF PortSecurityMacRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"table of mac rules of ports."
|
|
REFERENCE
|
|
"9.6.1"
|
|
::= { gbnL2PortSecurityMib 2 }
|
|
|
|
portSecurityMacRuleEntry OBJECT-TYPE
|
|
SYNTAX PortSecurityMacRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"table of mac rules of ports."
|
|
INDEX { portSecurityMacRulePortNum, portSecurityMacRuleMac }
|
|
::= { portSecurityMacRuleTable 1 }
|
|
|
|
PortSecurityMacRuleEntry ::=
|
|
SEQUENCE {
|
|
portSecurityMacRulePortNum
|
|
Unsigned32,
|
|
portSecurityMacRuleMac
|
|
MacAddress,
|
|
portSecurityMacRuleAction
|
|
INTEGER,
|
|
portSecurityMacRuleVid
|
|
Integer32,
|
|
portSecurityMacRuleIpv4
|
|
IpAddress,
|
|
portSecurityMacRuleType
|
|
INTEGER,
|
|
portsecurityMacRuleRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
portSecurityMacRulePortNum OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Port number associated with this Port."
|
|
::= { portSecurityMacRuleEntry 1 }
|
|
|
|
portSecurityMacRuleMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"mac address."
|
|
::= { portSecurityMacRuleEntry 2 }
|
|
|
|
portSecurityMacRuleAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
permit(0),
|
|
deny(1),
|
|
sticky(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"forward action of mac address."
|
|
::= { portSecurityMacRuleEntry 3 }
|
|
|
|
portSecurityMacRuleVid OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4094)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"vlan id of mac address.0 means no configured."
|
|
::= { portSecurityMacRuleEntry 4 }
|
|
|
|
portSecurityMacRuleIpv4 OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"vlan if of mac address.0.0.0.0 means no configured."
|
|
::= { portSecurityMacRuleEntry 5 }
|
|
|
|
portSecurityMacRuleType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
mac(0),
|
|
macvid(1),
|
|
macip(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"type of mac address."
|
|
::= { portSecurityMacRuleEntry 6 }
|
|
|
|
portsecurityMacRuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"use to create or delete a rule.step:1)portsecurityMacRuleRowStatus with value 5(create and wait);2)other mib needed;
|
|
for mac rule just portSecurityMacRuleType and portSecurityMacRuleAction, for mac+vid rule just portSecurityMacRuleType, portSecurityMacRuleAction,
|
|
and portSecurityMacRuleVid, for mac+ip rule just portSecurityMacRuleType, portSecurityMacRuleAction, and portSecurityMacRuleIpv4;
|
|
3)portsecurityMacRuleRowStatus with value 4(create and go) to create, or portsecurityMacRuleRowStatus with value 6(destroy) to delete"
|
|
::= { portSecurityMacRuleEntry 7 }
|
|
|
|
portSecurityIpRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF PortSecurityIpRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"table of ip rules of ports."
|
|
REFERENCE
|
|
"9.6.1"
|
|
::= { gbnL2PortSecurityMib 3 }
|
|
|
|
portSecurityIpRuleEntry OBJECT-TYPE
|
|
SYNTAX PortSecurityIpRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"table of ip rules of ports."
|
|
INDEX { portSecurityIpRulePortNum, portSecurityIpRuleIpv4Start, portSecurityIpRuleIpv4End }
|
|
::= { portSecurityIpRuleTable 1 }
|
|
|
|
PortSecurityIpRuleEntry ::=
|
|
SEQUENCE {
|
|
portSecurityIpRulePortNum
|
|
Unsigned32,
|
|
portSecurityIpRuleIpv4Start
|
|
IpAddress,
|
|
portSecurityIpRuleIpv4End
|
|
IpAddress,
|
|
portSecurityIpRuleAction
|
|
INTEGER,
|
|
portsecurityIpRuleRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
portSecurityIpRulePortNum OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Port number associated with this Port."
|
|
::= { portSecurityIpRuleEntry 1 }
|
|
|
|
portSecurityIpRuleIpv4Start OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"start ip address of this rule."
|
|
::= { portSecurityIpRuleEntry 2 }
|
|
|
|
portSecurityIpRuleIpv4End OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"end ip address of this rule."
|
|
::= { portSecurityIpRuleEntry 3 }
|
|
|
|
portSecurityIpRuleAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
permit(0),
|
|
deny(1)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"forward action of ip address."
|
|
::= { portSecurityIpRuleEntry 4 }
|
|
|
|
portsecurityIpRuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"use to create or delete a rule.step:1)portsecurityIpRuleRowStatus with value 5(create and wait);2)portSecurityIpRuleAction;
|
|
3)portsecurityIpRuleRowStatus with value 4(create and go) to create, or portsecurityIpRuleRowStatus with value 6(destroy) to delete"
|
|
::= { portSecurityIpRuleEntry 5 }
|
|
|
|
portSecurityActiveMacTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF PortSecurityActiveMacEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"table of active mac."
|
|
REFERENCE
|
|
"9.6.1"
|
|
::= { gbnL2PortSecurityMib 4 }
|
|
|
|
portSecurityActiveMacEntry OBJECT-TYPE
|
|
SYNTAX PortSecurityActiveMacEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"table of active mac."
|
|
INDEX { portSecurityActiveMacDevice, portSecurityActiveMacMacAddr }
|
|
::= { portSecurityActiveMacTable 1 }
|
|
|
|
PortSecurityActiveMacEntry ::=
|
|
SEQUENCE {
|
|
portSecurityActiveMacDevice
|
|
Integer32,
|
|
portSecurityActiveMacMacAddr
|
|
MacAddress,
|
|
portSecurityActiveMacPortNum
|
|
Unsigned32,
|
|
portSecurityActiveMacAction
|
|
INTEGER,
|
|
portSecurityActiveMacVid
|
|
Integer32,
|
|
portSecurityActiveMacIpv4
|
|
IpAddress,
|
|
portSecurityActiveMacType
|
|
INTEGER,
|
|
}
|
|
|
|
portSecurityActiveMacDevice OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"member unit of the switch."
|
|
::= { portSecurityActiveMacEntry 0 }
|
|
|
|
portSecurityActiveMacMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"mac address."
|
|
::= { portSecurityActiveMacEntry 1 }
|
|
|
|
portSecurityActiveMacPortNum OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Port number associated with this Port."
|
|
::= { portSecurityActiveMacEntry 2 }
|
|
|
|
portSecurityActiveMacAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
permit(0),
|
|
deny(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"forward action of ip address."
|
|
::= { portSecurityActiveMacEntry 3 }
|
|
|
|
portSecurityActiveMacVid OBJECT-TYPE
|
|
SYNTAX Integer32 (1..4094)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"vlan id of mac address."
|
|
::= { portSecurityActiveMacEntry 4 }
|
|
|
|
portSecurityActiveMacIpv4 OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"vlan if of mac address.0.0.0.0 means no information."
|
|
::= { portSecurityActiveMacEntry 5 }
|
|
|
|
portSecurityActiveMacType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
mac(0),
|
|
macvid(1),
|
|
macip(2),
|
|
ip(3),
|
|
learned(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"type of mac address."
|
|
::= { portSecurityActiveMacEntry 6 }
|
|
|
|
--
|
|
-- Notifications Section
|
|
--
|
|
--
|
|
|
|
portSecurityMacDenyNotification NOTIFICATION-TYPE
|
|
OBJECTS { portSecurityActiveMacPortNum, portSecurityActiveMacVid, portSecurityActiveMacIpv4, portSecurityActiveMacType }
|
|
STATUS current
|
|
DESCRIPTION
|
|
" This notification indicates that a mac address matching a deny rule."
|
|
::= { portSecurityNotifications 1 }
|
|
|
|
portSecurityMaxDenyNotification NOTIFICATION-TYPE
|
|
OBJECTS { portSecurityCurrentNum }
|
|
STATUS current
|
|
DESCRIPTION
|
|
" This notification indicates that current learned mac address number is bigger than max number."
|
|
::= { portSecurityNotifications 2 }
|
|
|
|
portSecurityShutdownNotification NOTIFICATION-TYPE
|
|
OBJECTS { portSecurityShutdown }
|
|
STATUS current
|
|
DESCRIPTION
|
|
" This notification indicates that port is shutdown by port-security."
|
|
::= { portSecurityNotifications 3 }
|
|
|
|
--
|
|
-- END of gbn-PortSecurity-MIB
|
|
--
|
|
|
|
END
|
|
|