2179 lines
93 KiB
Plaintext
2179 lines
93 KiB
Plaintext
HP-ICF-GENERIC-RPTR DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
Integer32,
|
|
OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE
|
|
FROM SNMPv2-SMI
|
|
MacAddress, DisplayString, RowStatus, TimeStamp
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
hpicfObjectModules, hpicfGenericRepeater, icfHub,
|
|
hpicfGenRptrTrapsPrefix
|
|
FROM HP-ICF-OID;
|
|
|
|
hpicfGenRptrMib MODULE-IDENTITY
|
|
LAST-UPDATED "200306092237Z" -- June 9, 2003
|
|
ORGANIZATION "Hewlett Packard Company,
|
|
Network Infrastructure Solutions"
|
|
CONTACT-INFO
|
|
"Hewlett Packard Company
|
|
8000 Foothills Blvd.
|
|
Roseville, CA 95747"
|
|
DESCRIPTION
|
|
"This MIB module contains object definitions that
|
|
are common to all repeater devices in the HP
|
|
Integrated Communication Facility product
|
|
line."
|
|
|
|
REVISION "200306092237Z" -- June 9, 2003
|
|
DESCRIPTION "Added learnLimitedContinuous mode to
|
|
hpSecPtLearnMode."
|
|
|
|
REVISION "200011030717Z" -- November 3, 2000
|
|
DESCRIPTION "Deprecate hpSecPtPreventEavesdrop. Update
|
|
division name."
|
|
|
|
REVISION "9807230103Z" -- July 23, 1998
|
|
DESCRIPTION
|
|
"Added the hpicfGenRptrBridgeGroup. Updated
|
|
compliances."
|
|
REVISION "9703060337Z" -- March 6, 1997
|
|
DESCRIPTION
|
|
"Added the hpicfGenRptrSwitchConfigGroup. Added
|
|
NOTIFICATION-GROUP information."
|
|
REVISION "9609100228Z" -- September 10, 1996
|
|
DESCRIPTION
|
|
"Split this MIB module from the former monolithic
|
|
hp-icf MIB. Added the hpicfGenRptrInfoGroup, the
|
|
hpicfGenRptrBkpLinkGroup, and the
|
|
hpicfGenRptrPortMappingGroup."
|
|
REVISION "9510232347Z" -- October 23, 1995
|
|
DESCRIPTION
|
|
"Version of MIB module that added support for
|
|
the HPJ2413A and HPJ2415A 100VG hubs, and the
|
|
HPJ2414B agent module. Added the
|
|
hpicfGenRptrSecPtGroup."
|
|
REVISION "9501180000Z" -- January 18, 1995
|
|
DESCRIPTION
|
|
"Version of MIB module that added support for
|
|
the HPJ2410A 100VG repeater and the HPJ2414A
|
|
agent module. Added the hpicfGenRptrBasicGroup."
|
|
REVISION "9307090000Z" -- July 9, 1993
|
|
DESCRIPTION
|
|
"Initial version of this MIB module. Released
|
|
with the HPJ2355A hub."
|
|
::= { hpicfObjectModules 8 }
|
|
|
|
|
|
hpGRpBasic
|
|
OBJECT IDENTIFIER ::= { hpicfGenericRepeater 1 }
|
|
|
|
hpGRpBasicGlobal
|
|
OBJECT IDENTIFIER ::= { hpGRpBasic 1 }
|
|
|
|
hpGRpSelfHealEnable OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This flag controls whether or not the device will
|
|
send self healing packets. Self healing packets are
|
|
normally sent once per second by the agent when no
|
|
other traffic is present. When there is no traffic
|
|
present on a network, there is no way to detect
|
|
cabling problems (or the repair of cabling problems)
|
|
and status LEDs are not always correct.
|
|
|
|
Enabling this flag allows the agent to detect cabling
|
|
problems on an idle network. This flag can be
|
|
disabled if self healing packets are not wanted.
|
|
|
|
On the 100BaseVG-AnyLAN SNMP/Bridge card, these
|
|
packets are addressed to a unique unused unicast
|
|
station address which has been reserved by HP for
|
|
this purpose. On 802.3 repeaters, these packets are
|
|
self addressed.
|
|
|
|
On an 802.3 repeater, this flag MUST be enabled when
|
|
using the Robust Port Healing feature. Without
|
|
Robust Port Healing either a good transmit or a good
|
|
receive will reconnect an autopartitioned port. With
|
|
Robust Port Healing the criteria is more restrictive
|
|
and only a good transmit will heal a segmented port.
|
|
If all ports are segmented, the repeater will not
|
|
repeat anything until the agent transmits a self
|
|
healing packet and reconnects the autopartitioned
|
|
ports."
|
|
::= { hpGRpBasicGlobal 1 }
|
|
|
|
|
|
hpGRpRepeaterTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpGRpRepeaterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing generic information about the
|
|
current logical repeaters in this managed system."
|
|
::= { hpGRpBasicGlobal 2 }
|
|
|
|
hpGRpRepeaterEntry OBJECT-TYPE
|
|
SYNTAX HpGRpRepeaterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the table, containing information about
|
|
a single logical repeater."
|
|
INDEX { hpGRpRepeaterIndex }
|
|
::= { hpGRpRepeaterTable 1 }
|
|
|
|
HpGRpRepeaterEntry ::=
|
|
SEQUENCE {
|
|
hpGRpRepeaterIndex Integer32,
|
|
hpGRpRepeaterIfIndex Integer32,
|
|
hpGRpRepeaterName DisplayString,
|
|
hpGRpRepeaterVlanIndex Integer32
|
|
}
|
|
|
|
hpGRpRepeaterIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object uniquely identifies the logical repeater
|
|
in the managed system for which this entry contains
|
|
information. This object will have the same value
|
|
as the corresponding 'repeater index' object in the
|
|
media-specific repeater MIB for this repeater. Note
|
|
that it will also have the same value as the
|
|
instance of the Entity MIB's entLogicalIndex for
|
|
the entry in the entLogicalTable that represents
|
|
this repeater."
|
|
::= { hpGRpRepeaterEntry 1 }
|
|
|
|
hpGRpRepeaterIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface on the agent that is used to transmit
|
|
and receive packets through this repeater. The
|
|
ifEntry identified by this value is the same entry
|
|
identified by the same value of the ifIndex object.
|
|
The value zero indicates that the agent has no
|
|
interface through which it can send and receive
|
|
packets on this repeater."
|
|
::= { hpGRpRepeaterEntry 2 }
|
|
|
|
hpGRpRepeaterName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..16))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A friendly name for this repeater. Management
|
|
applications can use this to configure a user
|
|
friendly name for this logical repeater."
|
|
::= { hpGRpRepeaterEntry 3 }
|
|
|
|
hpGRpRepeaterVlanIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The virtual LAN that this repeater is on. Note that
|
|
setting this object does not affect the operation of
|
|
the repeater in any way. It is a 'notepad' for
|
|
management applications to allow them to record
|
|
which VLAN on a connected switch this logical
|
|
repeater is connected to."
|
|
::= { hpGRpRepeaterEntry 4 }
|
|
|
|
|
|
-- The Generic Repeater Security group.
|
|
|
|
hubSecurity OBJECT IDENTIFIER ::= { icfHub 10 }
|
|
|
|
hubSecurePortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HubSecurePortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table containing security configuration for each
|
|
port."
|
|
::= { hubSecurity 1 }
|
|
|
|
hubSecurePortEntry OBJECT-TYPE
|
|
SYNTAX HubSecurePortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the hubSecurePortTable, containing
|
|
the security configuration for a single port."
|
|
INDEX { hubSecPtGroupIndex, hubSecPtPortIndex }
|
|
::= { hubSecurePortTable 1 }
|
|
|
|
HubSecurePortEntry ::=
|
|
SEQUENCE {
|
|
hubSecPtGroupIndex Integer32,
|
|
hubSecPtPortIndex Integer32,
|
|
hubSecPtSecurityAddress MacAddress,
|
|
hubSecPtAuthorizedAddress MacAddress,
|
|
hubSecPtPreventEavesdrop INTEGER,
|
|
hubSecPtAlarmEnable INTEGER,
|
|
hubSecPtIntrusionFlag INTEGER
|
|
}
|
|
|
|
hubSecPtGroupIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the group containing the
|
|
port for which this entry contains security
|
|
configuration information."
|
|
::= { hubSecurePortEntry 1 }
|
|
|
|
hubSecPtPortIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the port within the group
|
|
for which this entry contains security
|
|
configuration information."
|
|
::= { hubSecurePortEntry 2 }
|
|
|
|
hubSecPtSecurityAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The desired authorized MAC address for this port.
|
|
This can be either a regular station address to
|
|
configure a specific address, or it can be one of
|
|
the following special values to specify the
|
|
address learning method:
|
|
FFFF-FFFF-FFFE: learnOnce. First source MAC
|
|
address heard on this port becomes the
|
|
authorized address. Setting this value
|
|
initiates learning of a new authorized
|
|
address. When a new authorized address is
|
|
learned, it will be stored in nonvolatile
|
|
memory. This variable will return
|
|
learnOnceConditionally to a GET operation
|
|
after it has been set to this value.
|
|
FFFF-FFFF-FFFD: learnOnceConditionally. This
|
|
option will initiate learning of a new
|
|
authorized address only if the previous
|
|
hubSecPtSecurityAddress was set to a
|
|
specific address or learnContinuous. No
|
|
action will be performed if the previous
|
|
value was already learnOnceConditionally.
|
|
FFFF-FFFF-FFFC: learnContinuous. Any address
|
|
heard becomes the new authorized address.
|
|
When a new address is learned, it may
|
|
cause an alarm, but it does not store
|
|
anything in nonvolatile memory."
|
|
::= { hubSecurePortEntry 3 }
|
|
|
|
hubSecPtAuthorizedAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of the station authorized to be
|
|
on this port. This address could either have been
|
|
configured by specifying a regular station address
|
|
for hubSecPtSecurityAddress, or it could have been
|
|
learned by the agent if hubSecPtSecurityAddress
|
|
was set to one of the special values listed above.
|
|
Once the agent has learned an authorized address,
|
|
it will be saved across powerfails, unless the
|
|
agent was configured for learnContinuous mode."
|
|
::= { hubSecurePortEntry 4 }
|
|
|
|
hubSecPtPreventEavesdrop OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If enabled, unicast packets not addressed to the
|
|
authorized address for this port will be
|
|
scrambled."
|
|
::= { hubSecurePortEntry 5 }
|
|
|
|
hubSecPtAlarmEnable OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If enabled, the agent will generate an
|
|
intrusionTrap if a packet is received on this port
|
|
with a source MAC address that is different from
|
|
the hubSecPtAuthorizedAddress for this port."
|
|
::= { hubSecurePortEntry 6 }
|
|
|
|
hubSecPtIntrusionFlag OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
intrusion(1),
|
|
noIntrusion(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This flag indicates if an intrusion has occurred
|
|
on this port. The Security LED on the hub will
|
|
blink if any instance of this flag has the value
|
|
intrusion. Setting this flag to noIntrusion will
|
|
turn off the Security LED if no other ports have
|
|
this flag set to intrusion. An intrusion will
|
|
only cause an alarm and an intrusion log entry if
|
|
this flag is equal to noIntrusion."
|
|
::= { hubSecurePortEntry 7 }
|
|
|
|
hubIntruderLogTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HubIntruderLogEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains a record of the twenty most
|
|
recent port security violations. The first entry
|
|
in the table is the oldest."
|
|
::= { hubSecurity 2 }
|
|
|
|
hubIntruderLogEntry OBJECT-TYPE
|
|
SYNTAX HubIntruderLogEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row in the hubIntruderLogTable containing
|
|
information about a single port security
|
|
violation."
|
|
INDEX { hubIntruderIndex }
|
|
::= { hubIntruderLogTable 1 }
|
|
|
|
HubIntruderLogEntry ::=
|
|
SEQUENCE {
|
|
hubIntruderIndex Integer32,
|
|
hubIntruderGroup Integer32,
|
|
hubIntruderPort Integer32,
|
|
hubIntruderAddress MacAddress,
|
|
hubIntruderTime TimeStamp,
|
|
hubIntruderType INTEGER,
|
|
hubIntruderTrainingViolation INTEGER
|
|
}
|
|
|
|
hubIntruderIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..20)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of this entry in the intruder log
|
|
table. Index 1 will always contain the oldest
|
|
entry. If the table is full when a new intrusion
|
|
occurs, the new entry becomes index 20, and all
|
|
earlier entries are shifted down by one entry,
|
|
removing the old index 1."
|
|
::= { hubIntruderLogEntry 1 }
|
|
|
|
hubIntruderGroup OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the group containing the
|
|
port on which this intrusion occurred."
|
|
::= { hubIntruderLogEntry 2 }
|
|
|
|
hubIntruderPort OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the port within the group
|
|
on which this intrusion occurred. A port number
|
|
of zero indicates that this entry is unused and
|
|
the values for the other variables in this entry
|
|
are undefined."
|
|
::= { hubIntruderLogEntry 3 }
|
|
|
|
hubIntruderAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object contains the source MAC address of
|
|
the intruder."
|
|
::= { hubIntruderLogEntry 4 }
|
|
|
|
hubIntruderTime OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of sysUpTime when the intrusion
|
|
occurred. This will be zero if the agent has been
|
|
reset since the intruder was detected, since
|
|
sysUpTime could be misinterpreted in that case."
|
|
::= { hubIntruderLogEntry 5 }
|
|
|
|
hubIntruderType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
address(1),
|
|
training(2),
|
|
both(3),
|
|
none(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the type of violation that
|
|
occured: address, training, or both. The
|
|
hubIntruderTrainingViolation object will indicate
|
|
additional information, if any, on the type of
|
|
training violation. This object will be equal to
|
|
'none' if this log entry is unused. Note that
|
|
the values 'training' and 'both' are only valid
|
|
for 802.12 ports."
|
|
::= { hubIntruderLogEntry 6 }
|
|
|
|
hubIntruderTrainingViolation OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
noViolation(1),
|
|
promiscuousViolation(2),
|
|
repeaterViolation(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the type of training
|
|
violation. Note that for 802.3 ports,
|
|
this object will always be equal to 'noViolation'.
|
|
This object will be equal to 'noViolation' if this
|
|
log entry is unused."
|
|
::= { hubIntruderLogEntry 7 }
|
|
|
|
|
|
hpSecurePortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpSecurePortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table containing security configuration
|
|
for each port, where security for multiple
|
|
MAC addresses per port is desired (e.g.,
|
|
switch systems)."
|
|
::= { hubSecurity 3 }
|
|
|
|
hpSecurePortEntry OBJECT-TYPE
|
|
SYNTAX HpSecurePortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the hpSecurePortTable, containing
|
|
the security configuration for a single port."
|
|
INDEX { hpSecPtGroupIndex, hpSecPtPortIndex }
|
|
::= { hpSecurePortTable 1 }
|
|
|
|
HpSecurePortEntry ::=
|
|
SEQUENCE {
|
|
hpSecPtGroupIndex Integer32,
|
|
hpSecPtPortIndex Integer32,
|
|
hpSecPtAddressLimit Integer32,
|
|
hpSecPtLearnMode INTEGER,
|
|
hpSecPtPreventEavesdrop INTEGER,
|
|
hpSecPtAlarmEnable INTEGER,
|
|
hpSecPtIntrusionFlag INTEGER
|
|
}
|
|
|
|
hpSecPtGroupIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the group containing the
|
|
port for which this entry contains security
|
|
configuration information. On repeater systems,
|
|
this can be used to identify a specific repeater
|
|
within a managed stack of repeaters. On switch
|
|
systems, stacked or unstacked, this value is
|
|
always one."
|
|
::= { hpSecurePortEntry 1 }
|
|
|
|
hpSecPtPortIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the port within the group
|
|
for which this entry contains security
|
|
configuration information. On a switch system,
|
|
this index corresponds to the ifIndex of the port."
|
|
::= { hpSecurePortEntry 2 }
|
|
|
|
hpSecPtAddressLimit OBJECT-TYPE
|
|
SYNTAX Integer32 (1..32)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the maximum number of
|
|
MAC addresses learned on this port when the
|
|
hpSecPtLearnMode is set to learnFirstN or
|
|
learnFirstNConditionally. Changing the limit
|
|
while in these modes clears any addresses for
|
|
this port in the hpSecureAuthAddrTable.
|
|
This limit does not apply when the learn mode
|
|
is set to configureSpecific."
|
|
::= { hpSecurePortEntry 3 }
|
|
|
|
hpSecPtLearnMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
learnContinuous(1),
|
|
learnFirstN(2),
|
|
learnFirstNConditionally(3),
|
|
configureSpecific(4),
|
|
learn8021xAuthorized(5),
|
|
learnLimitedContinuous(6)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the learning mode of the port.
|
|
The modes are as follows:
|
|
LearnContinuous. The port can learn all new MAC
|
|
addresses. When a new address is learned,
|
|
it is stored in a manner such that it can
|
|
be retrieved from the hpSecureAuthAddrTable.
|
|
Changing the mode to this value clears any
|
|
existing addresses for this port in the
|
|
hpSecureAuthAddrTable.
|
|
learnFirstN. First N source MAC addresses heard
|
|
on this port become the authorized addresses.
|
|
N is configured in hpSecPtAddressLimit.
|
|
Setting this value initiates learning of up
|
|
to N new authorized addresses. When a new
|
|
authorized address is learned, it will be
|
|
stored in the hpSecureAuthAddrTable. When
|
|
the table has reached its limit N for this
|
|
port, any new source MAC addresses received
|
|
on the port constitutes an intrusion. See
|
|
hpSecPtAlarmEnable for possible responses
|
|
to the intrusion. This variable will return
|
|
learnFirstNConditionally to a GET operation
|
|
after it has been set to this value.
|
|
learnFirstNConditionally. This option will
|
|
initiate learning of up to N new authorized
|
|
addresses only if the previous hpSecPtLearnMode
|
|
was not set to learnFirstN or learnFirstN-
|
|
Conditionally. N is configured in
|
|
hpSecPtAddressLimit.
|
|
configureSpecific. The port will not learn any
|
|
addresses. Rather, specific authorized
|
|
MAC addresses for this port are explicitly
|
|
configured via the hpSecureCfgAddrTable.
|
|
These addresses are also stored in the
|
|
hpSecureAuthAddrTable. Any source MAC
|
|
address received on this port other than
|
|
those configured, constitutes an intrusion.
|
|
See hpSecPtAlarmEnable for possible responses.
|
|
learn8021xAuthorized. The port will learn only MAC
|
|
address of a client authorized by 802.1X
|
|
authenticator.
|
|
learnLimitedContinuous. First N source MAC addresses
|
|
heard on this port become the authorized addresses.
|
|
N is specified by the hpSecPtAddressLimit
|
|
object. When a new authorized address is learned, it
|
|
will be stored in the hpSecureAuthAddrTable. When
|
|
the table has reached its limit N for this port, any
|
|
new source MAC addresses received on the port
|
|
constitutes an intrusion. See hpSecPtAlarmEnable
|
|
for possible responses. The authorized addresses in
|
|
this mode will age out of the system, therefore the
|
|
list of authorized addresses can be dynamic over
|
|
time."
|
|
::= { hpSecurePortEntry 4 }
|
|
|
|
hpSecPtPreventEavesdrop OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"If enabled on a switch, outbound unknown unicast
|
|
packets will not be forwarded out this port. If
|
|
enabled on a repeater, outbound unknown unicast
|
|
packets for this port will be scrambled."
|
|
::= { hpSecurePortEntry 5 }
|
|
|
|
hpSecPtAlarmEnable OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disable(1),
|
|
sendTrap(2),
|
|
sendTrapAndDisablePort(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the action taken when an
|
|
intrusion occurs. See hpSecPtLearnMode for what
|
|
constitutes an intrusion.
|
|
disable. No trap is sent and the port
|
|
remains enabled.
|
|
SendTrap. If the hpSecPtIntrusionFlag is
|
|
set to noIntrusion, the agent will generate
|
|
an intrusionTrap.
|
|
SendTrapAndDisablePort. If the hpSecPtIntru-
|
|
sionFlag is set to noIntrusion, the agent
|
|
generate an intrusionTrap and disable
|
|
the port. This value does not apply to
|
|
repeaters."
|
|
::= { hpSecurePortEntry 6 }
|
|
|
|
hpSecPtIntrusionFlag OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
intrusion(1),
|
|
noIntrusion(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This flag indicates if an intrusion has occured
|
|
on this port. Security-related LED(s) on the
|
|
device will blink if any instance of this flag
|
|
has the value intrusion. Setting this flag to
|
|
noIntrusion will turn off the appropriate LED(s).
|
|
An intrusion will only cause an alarm and an
|
|
intrusion log entry if this flag is equal to
|
|
noIntrusion. On a switch, packets causing
|
|
intrusions will be not be forwarded."
|
|
::= { hpSecurePortEntry 7 }
|
|
|
|
hpSecureCfgAddrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpSecureCfgAddrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table containing multiple configured authorized
|
|
addresses per port. Facilitates security
|
|
for ports whose hpSecPtLearnMode is set to
|
|
configureSpecific."
|
|
::= { hubSecurity 4 }
|
|
|
|
hpSecureCfgAddrEntry OBJECT-TYPE
|
|
SYNTAX HpSecureCfgAddrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the hpSecureCfgAddrTable, containing
|
|
the configured authorized address for a single
|
|
port. Entries are stored in nonvolatile memory
|
|
when either the hpSecPtrLearnMode for the port
|
|
is changed to configureSpecific, or a new entry
|
|
is configured while hpSecPtrLearnMode for the
|
|
port is currently set to configureSpecific."
|
|
INDEX { hpSecCfgAddrGroupIndex,
|
|
hpSecCfgAddrPortIndex,
|
|
hpSecCfgAddress}
|
|
::= { hpSecureCfgAddrTable 1 }
|
|
|
|
HpSecureCfgAddrEntry ::=
|
|
SEQUENCE {
|
|
hpSecCfgAddrGroupIndex Integer32,
|
|
hpSecCfgAddrPortIndex Integer32,
|
|
hpSecCfgAddress MacAddress,
|
|
hpSecCfgStatus RowStatus
|
|
}
|
|
|
|
hpSecCfgAddrGroupIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the group containing the
|
|
port for which this entry contains the configured
|
|
authorized address. On repeater systems,
|
|
this can be used to identify a specific repeater
|
|
within a managed stack of repeaters. On switch
|
|
systems, stacked or unstacked, this value is
|
|
always one."
|
|
::= { hpSecureCfgAddrEntry 1 }
|
|
|
|
hpSecCfgAddrPortIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the port within the group
|
|
for which this entry contains the configured
|
|
authorized address. On a switch, this index
|
|
corresponds to the ifIndex of the port."
|
|
::= { hpSecureCfgAddrEntry 2 }
|
|
|
|
hpSecCfgAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A specific authorized MAC address for this port
|
|
configured by a management station."
|
|
::= { hpSecureCfgAddrEntry 3 }
|
|
|
|
hpSecCfgStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status of a hpSecureCfgAddrEntry."
|
|
::= { hpSecureCfgAddrEntry 4 }
|
|
|
|
|
|
hpSecureAuthAddrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpSecureAuthAddrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table containing the authorized addresses for
|
|
each port. An authorized address is an address
|
|
learned while the hpSecPtLearnMode for the port
|
|
is set to learnContinuous, learnFirstN,
|
|
learnLimitedContinuous, or learnFirstNConditionally;
|
|
or an address in the hpSecureCfgAddrTable when the
|
|
hpSecPtLearnMode for the port is set to configureSpecific.
|
|
On a switch, for ports whose hpSecPtLearnMode
|
|
is set to learnContinuous or learnLimitedContinuous,
|
|
this table may return MAC address information based
|
|
on the switch's 802.1d forwarding database."
|
|
::= { hubSecurity 5 }
|
|
|
|
hpSecureAuthAddrEntry OBJECT-TYPE
|
|
SYNTAX HpSecureAuthAddrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the hpSecureAuthAddrTable,
|
|
containing the authorized address for a single
|
|
port. Entries are stored in nonvolatile memory
|
|
except when the port's hpSecPtLearnMode is set
|
|
to learnContinuous or learnLimitedContinuous."
|
|
|
|
INDEX { hpSecAuthAddrGroupIndex,
|
|
hpSecAuthAddrPortIndex,
|
|
hpSecAuthAddress }
|
|
::= { hpSecureAuthAddrTable 1 }
|
|
|
|
HpSecureAuthAddrEntry ::=
|
|
SEQUENCE {
|
|
hpSecAuthAddrGroupIndex Integer32,
|
|
hpSecAuthAddrPortIndex Integer32,
|
|
hpSecAuthAddress MacAddress
|
|
}
|
|
|
|
hpSecAuthAddrGroupIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the group containing the
|
|
port for which this entry contains authorized
|
|
address information. On repeater systems,
|
|
this can be used to identify a specific repeater
|
|
within a managed stack of repeaters. On switch
|
|
systems, stacked or unstacked, this value is
|
|
always one."
|
|
::= { hpSecureAuthAddrEntry 1 }
|
|
|
|
hpSecAuthAddrPortIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the port within the group
|
|
for which this entry contains authorized
|
|
address information. On a switch, this index
|
|
corresponds to ifIndex of the port."
|
|
::= { hpSecureAuthAddrEntry 2 }
|
|
|
|
hpSecAuthAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of the station authorized to be
|
|
on this port. See hpSecureAuthAddrTable for
|
|
the definition of 'authorized address'."
|
|
::= { hpSecureAuthAddrEntry 3 }
|
|
|
|
|
|
|
|
-- The Generic Repeater backup links group
|
|
|
|
hpicfGRpBackupLinks
|
|
OBJECT IDENTIFIER ::= { hpicfGenericRepeater 2 }
|
|
|
|
hpicfBackupLinkNextIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A currently unassigned value of
|
|
hpicfBackupLinkIndex. The value 0 indicates that no
|
|
unassigned values are available.
|
|
|
|
In order to cause a non-zero value of this object to
|
|
be assigned for use as the hpicfBackupLinkIndex of a
|
|
future backup link configuration, it must be
|
|
successfully modified by a set operation. When
|
|
modified by a set operation, the new value must
|
|
precisely match the value presently held by the
|
|
object. If not, the management protocol set
|
|
operation will fail.
|
|
|
|
Immediately after the completion of a successful set
|
|
operation, the agent must modify the value of this
|
|
object. The algorithm for modifying the value is
|
|
implementation-dependent, and may use a subset of
|
|
values within the legal range. However, the agent
|
|
must guarantee that the new value is not assigned to
|
|
any in-use value of hpicfBackupLinkIndex.
|
|
|
|
A management station creates a new backup link using
|
|
this algorithm:
|
|
|
|
- issue a management protocol retrieval operation
|
|
to obtain the value of hpicfBackupLinkNextIndex;
|
|
if the retrieved value is zero, a new backup
|
|
link cannot be created at this time;
|
|
|
|
- issue a management protocol set operation for
|
|
hpicfBackupLinkNextIndex, supplying the same
|
|
value as obtained in the previous step;
|
|
|
|
- if the set operation succeeds, use the supplied
|
|
value as the hpicfBackupLinkIndex of the new
|
|
backup link; if the set operation fails, go back
|
|
to the first step and obtain a new value for
|
|
hpicfBackupLinkNextIndex;
|
|
|
|
- issue a management protocol set operation to
|
|
create an instance of the hpicfBackupLinkStatus
|
|
object setting its value to 'createAndGo' or
|
|
'createAndWait' (as specified in the description
|
|
of the RowStatus textual convention).
|
|
|
|
Note that the set of hpicfBackupLinkNextIndex and
|
|
the instance of hpicfBackupLinkStatus may occur in
|
|
the same set operation if desired."
|
|
::= { hpicfGRpBackupLinks 1 }
|
|
|
|
hpicfBackupLinkTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfBackupLinkEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of backup link configuration entries. For
|
|
a given backup link, the agent will periodically send
|
|
a test packet to the device at the specified address.
|
|
If no response is received after a configured number
|
|
of test packets are sent, the agent will enable the
|
|
backup port and disable the primary port, and will
|
|
stop sending periodic test packets. After the agent
|
|
has switched to the backup link, the primary port
|
|
will need to explicitly be re-enabled via management
|
|
action in order to return to using the primary port.
|
|
|
|
At any time, a management station can examine the
|
|
associated instance of the hpicfBackupLinkState
|
|
object to determine if the backup port is currently
|
|
in use.
|
|
|
|
The backup link algorithm enables and disables the
|
|
backup port by modifying the instance of the
|
|
rptrPortAdminStatus object corresponding to that
|
|
port. After the backup port has been enabled by the
|
|
backup link algorithm, if the primary port is
|
|
subsequently enabled via management action, the
|
|
backup port will be turned off and the periodic
|
|
test packets will resume.
|
|
|
|
When a row of this table is activated, the backup
|
|
port will be disabled, the primary port will be
|
|
enabled, and the periodic test packets will be sent.
|
|
The time between test packets is configurable using
|
|
the associated instance of the
|
|
hpicfBackupLinkTestTime object. The number of
|
|
failures needed to switch to the backup port is
|
|
configurable using the associated instance of the
|
|
hpicfBackupLinkConsecFailures object. The backup
|
|
link function can be disabled by setting the relevant
|
|
instance of the hpicfBackupLinkStatus object to
|
|
either 'notInService' or 'destroy'.
|
|
|
|
Note that the primary port for a backup link must
|
|
be mapped to a repeater segment that the agent is
|
|
capable of transmitting through. In addition, a
|
|
given port cannot be used in more than one active
|
|
backup link at the same time."
|
|
::= { hpicfGRpBackupLinks 2 }
|
|
|
|
hpicfBackupLinkEntry OBJECT-TYPE
|
|
SYNTAX HpicfBackupLinkEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row in the table, containing information about a
|
|
single backup link."
|
|
INDEX { hpicfBackupLinkIndex }
|
|
::= { hpicfBackupLinkTable 1 }
|
|
|
|
HpicfBackupLinkEntry ::=
|
|
SEQUENCE {
|
|
hpicfBackupLinkIndex Integer32,
|
|
hpicfBackupLinkPrimaryGroup Integer32,
|
|
hpicfBackupLinkPrimaryPort Integer32,
|
|
hpicfBackupLinkBackupGroup Integer32,
|
|
hpicfBackupLinkBackupPort Integer32,
|
|
hpicfBackupLinkAddress MacAddress,
|
|
hpicfBackupLinkTestTime Integer32,
|
|
hpicfBackupLinkConsecFailures Integer32,
|
|
hpicfBackupLinkState INTEGER,
|
|
hpicfBackupLinkFailEventIndex Integer32,
|
|
hpicfBackupLinkStatus RowStatus
|
|
}
|
|
|
|
hpicfBackupLinkIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of this object uniquely identifies this
|
|
backup link."
|
|
::= { hpicfBackupLinkEntry 1 }
|
|
|
|
hpicfBackupLinkPrimaryGroup OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The group containing the primary port for this
|
|
backup link."
|
|
::= { hpicfBackupLinkEntry 2 }
|
|
|
|
hpicfBackupLinkPrimaryPort OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port number within the group of the primary port
|
|
for this backup link."
|
|
::= { hpicfBackupLinkEntry 3 }
|
|
|
|
hpicfBackupLinkBackupGroup OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The group containing the backup port for this
|
|
backup link."
|
|
::= { hpicfBackupLinkEntry 4 }
|
|
|
|
hpicfBackupLinkBackupPort OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port number within the group of the backup port
|
|
for this backup link."
|
|
::= { hpicfBackupLinkEntry 5 }
|
|
|
|
hpicfBackupLinkAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of the device to which periodic
|
|
test packets are sent in order to determine if the
|
|
primary link is operational."
|
|
::= { hpicfBackupLinkEntry 6 }
|
|
|
|
hpicfBackupLinkTestTime OBJECT-TYPE
|
|
SYNTAX Integer32 (1..15)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The frequency, in seconds, between sending periodic
|
|
test packets. The test packet response timeout is
|
|
fixed at 500ms."
|
|
DEFVAL { 1 }
|
|
::= { hpicfBackupLinkEntry 7 }
|
|
|
|
hpicfBackupLinkConsecFailures OBJECT-TYPE
|
|
SYNTAX Integer32 (1..16)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of consecutive test packet failures which
|
|
will cause the agent to switch to the backup port
|
|
(i.e., backup port turned on, primary port turned
|
|
off). A value of one is generally not recommended
|
|
and will cause the backup link to be enabled upon
|
|
the first failure."
|
|
DEFVAL { 2 }
|
|
::= { hpicfBackupLinkEntry 8 }
|
|
|
|
hpicfBackupLinkState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
notActive(1),
|
|
usingPrimary(2),
|
|
usingBackup(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current state of this backup link. One of the
|
|
following values:
|
|
|
|
notActive - backup link not running because
|
|
this row has not yet been made
|
|
active
|
|
usingPrimary - backup link is running and using
|
|
the primary port
|
|
usingBackup - backup link test has failed; the
|
|
primary port has been disabled
|
|
and the backup port has been
|
|
enabled"
|
|
::= { hpicfBackupLinkEntry 9 }
|
|
|
|
hpicfBackupLinkFailEventIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the eventEntry in the RMON MIB that
|
|
will be triggered whenever the value of
|
|
hpicfBackupLinkState changes from 'usingPrimary' to
|
|
'usingBackup'. The eventEntry identified by a
|
|
particular value of this index is the same as
|
|
identified by the same value of the eventIndex
|
|
object. If there is no corresponding entry in the
|
|
eventTable, then no association exists. In
|
|
particular, if this value is zero, no associated
|
|
event will be generated, as zero is not a valid
|
|
event index."
|
|
::= { hpicfBackupLinkEntry 10 }
|
|
|
|
hpicfBackupLinkStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this entry. This object may not be
|
|
set to 'active' unless the corresponding instance of
|
|
hpicfBackupLinkAddress has been set to a valid
|
|
unicast address, the corresponding instances of
|
|
hpicfBackupLinkPrimaryGroup,
|
|
hpicfBackupLinkPrimaryPort,
|
|
hpicfBackupLinkBackupGroup, and
|
|
hpicfBackupLinkBackupPort have been configured to
|
|
refer to two existing ports and that those ports are
|
|
not used in any other active backup link
|
|
configuration, and the primary port is mapped to a
|
|
repeater segment which the agent is capable of
|
|
transmitting through."
|
|
::= { hpicfBackupLinkEntry 11 }
|
|
|
|
|
|
-- The generic repeater port mapping group
|
|
|
|
hpGRpPortMapping
|
|
OBJECT IDENTIFIER ::= { hpicfGenericRepeater 3 }
|
|
|
|
hpGRpPMSegmentTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpGRpPMSegmentEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table for configuring segment-to-repeater mapping
|
|
for repeater segments in this managed system."
|
|
::= { hpGRpPortMapping 1 }
|
|
|
|
hpGRpPMSegmentEntry OBJECT-TYPE
|
|
SYNTAX HpGRpPMSegmentEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the table, containing mapping
|
|
information about a single repeater segment."
|
|
INDEX { hpGRpPMSegmentIndex }
|
|
::= { hpGRpPMSegmentTable 1 }
|
|
|
|
HpGRpPMSegmentEntry ::=
|
|
SEQUENCE {
|
|
hpGRpPMSegmentIndex Integer32,
|
|
hpGRpPMCurrentRptrIndex Integer32
|
|
}
|
|
|
|
hpGRpPMSegmentIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of an instance of this object uniquely
|
|
identifies a physical repeater segment in this
|
|
managed system. The value of an instance of this
|
|
object will be equal to the instance of the Entity
|
|
MIB's entPhysicalIndex for the entry in the
|
|
entPhysicalTable that represents this segment."
|
|
::= { hpGRpPMSegmentEntry 1 }
|
|
|
|
hpGRpPMCurrentRptrIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the repeater that this segment is
|
|
currently connected to. Changing this value has the
|
|
effect of moving all ports on this segment to a
|
|
different repeater. The hpGRpPMSegAllowedRptrTable
|
|
should be consulted to determine which repeaters
|
|
this segment can be connected to."
|
|
::= { hpGRpPMSegmentEntry 3 }
|
|
|
|
|
|
hpGRpPMSegAllowedRptrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpGRpPMSegAllowedRptrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is used to inform a management
|
|
application about which repeaters a physical segment
|
|
is able to be connected to. There is one row in this
|
|
table for each allowable segment-to-repeater
|
|
connection."
|
|
::= { hpGRpPortMapping 2 }
|
|
|
|
hpGRpPMSegAllowedRptrEntry OBJECT-TYPE
|
|
SYNTAX HpGRpPMSegAllowedRptrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row in the table, containing a single allowable
|
|
segment-to-repeater connection. The presence of a
|
|
row indicates that the segment identified by
|
|
hpGRpPMSegmentIndex can be mapped to the repeater
|
|
identified by hpGRpPMSegAllowedRptrIndex."
|
|
INDEX { hpGRpPMSegmentIndex,
|
|
hpGRpPMSegAllowedRptrIndex }
|
|
::= { hpGRpPMSegAllowedRptrTable 1 }
|
|
|
|
HpGRpPMSegAllowedRptrEntry ::=
|
|
SEQUENCE {
|
|
hpGRpPMSegAllowedRptrIndex Integer32
|
|
}
|
|
|
|
hpGRpPMSegAllowedRptrIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The repeater index that identifies a repeater that
|
|
this segment is able to be connected to."
|
|
::= { hpGRpPMSegAllowedRptrEntry 1 }
|
|
|
|
|
|
hpGRpPMPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpGRpPMPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table for configuring port-to-repeater mapping
|
|
for repeater ports in this managed system."
|
|
::= { hpGRpPortMapping 3 }
|
|
|
|
hpGRpPMPortEntry OBJECT-TYPE
|
|
SYNTAX HpGRpPMPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the table, containing mapping
|
|
information about a single repeater port."
|
|
INDEX { hpGRpPMPortGroupIndex, hpGRpPMPortIndex }
|
|
::= { hpGRpPMPortTable 1 }
|
|
|
|
HpGRpPMPortEntry ::=
|
|
SEQUENCE {
|
|
hpGRpPMPortGroupIndex Integer32,
|
|
hpGRpPMPortIndex Integer32,
|
|
hpGRpPMPortEntPhysicalIndex Integer32,
|
|
hpGRpPMPortCurrentRptrIndex Integer32
|
|
}
|
|
|
|
hpGRpPMPortGroupIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The group containing the port for which this entry
|
|
contains mapping information."
|
|
::= { hpGRpPMPortEntry 1 }
|
|
|
|
hpGRpPMPortIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port within the group for which this entry
|
|
contains mapping information."
|
|
::= { hpGRpPMPortEntry 2 }
|
|
|
|
hpGRpPMPortEntPhysicalIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates which entry in the Entity
|
|
MIB's entPhysicalTable represents this port. The
|
|
entPhysicalEntry identified by this value is the
|
|
same entry identified by the same value of the
|
|
entPhysicalIndex object."
|
|
::= { hpGRpPMPortEntry 3 }
|
|
|
|
hpGRpPMPortCurrentRptrIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the repeater that this port is
|
|
currently mapped to. Changing this value has the
|
|
effect of moving this port to a different repeater.
|
|
The hpGRpPMPortAllowedRptrTable should be consulted
|
|
to determine which repeaters this port can be mapped
|
|
to. A value of zero indicates that this port is
|
|
currently not a member of any repeater."
|
|
::= { hpGRpPMPortEntry 4 }
|
|
|
|
|
|
hpGRpPMPortAllowedRptrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpGRpPMPortAllowedRptrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is used to inform a management
|
|
application about which repeaters a logical port is
|
|
able to be mapped to. There is one row in this table
|
|
for each allowable port to repeater mapping."
|
|
::= { hpGRpPortMapping 4 }
|
|
|
|
hpGRpPMPortAllowedRptrEntry OBJECT-TYPE
|
|
SYNTAX HpGRpPMPortAllowedRptrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row in the table, containing a single allowable
|
|
port to repeater mapping. The presence of a row
|
|
indicates that the port identified by
|
|
hpGRpPMPortGroupIndex, hpGRpPMPortIndex can be
|
|
mapped to the repeater identified by
|
|
hpGRpPMPortAllowedRptrIndex."
|
|
INDEX { hpGRpPMPortGroupIndex, hpGRpPMPortIndex,
|
|
hpGRpPMPortAllowedRptrIndex }
|
|
::= { hpGRpPMPortAllowedRptrTable 1 }
|
|
|
|
HpGRpPMPortAllowedRptrEntry ::=
|
|
SEQUENCE {
|
|
hpGRpPMPortAllowedRptrIndex Integer32
|
|
}
|
|
|
|
hpGRpPMPortAllowedRptrIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The repeater index that identifies a repeater that
|
|
this port is able to be mapped to."
|
|
::= { hpGRpPMPortAllowedRptrEntry 1 }
|
|
|
|
|
|
-- The generic repeater load balancing group
|
|
|
|
hpGRpLoadBalancing
|
|
OBJECT IDENTIFIER ::= { hpicfGenericRepeater 4 }
|
|
|
|
hpGRpPortMapAutoConfigEnable OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If this object has the value 'enabled', when a
|
|
switch is discovered in the stack, the repeater
|
|
ports will be evenly distributed across the repeater
|
|
segments if they had not previously been assigned
|
|
to segments (in other words, if they are in their
|
|
default state). If this object has the value
|
|
'disabled', this automatic distribution of ports
|
|
will not occur."
|
|
::= { hpGRpLoadBalancing 1 }
|
|
|
|
hpGRpLoadBalanceNow OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
cantUndo(1),
|
|
balancing(2),
|
|
completed(3),
|
|
undoLast(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting this object to 'balancing' will cause the
|
|
agent to distribute ports in the stack across the
|
|
repeater segments, attempting to balance the
|
|
traffic load on each segment. When the agent has
|
|
finished the load balancing, it will set the value
|
|
of this object to 'completed'. Setting this object
|
|
to 'undoLast' will cause the agent to return all of
|
|
the ports to the segment they were on before the
|
|
last load balancing. This object will have the
|
|
value of 'cantUndo' if there has been no load
|
|
balancing since the last agent reset or if the last
|
|
load balancing has already been undone. This object
|
|
can only be set to 'undoLast' when its current value
|
|
is 'completed'."
|
|
::= { hpGRpLoadBalancing 2 }
|
|
|
|
hpGRpLastLoadBalanceTime OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object contains the value of sysUpTime for
|
|
the last time the hpGRPLoadBalanceNow object was
|
|
set to 'balancing'. If load balancing has not been
|
|
performed since the last agent reset, this object
|
|
will have the value 0."
|
|
::= { hpGRpLoadBalancing 3 }
|
|
|
|
|
|
-- Objects for configuring internal and external switches
|
|
-- for switching between repeater segments in a repeater
|
|
-- system.
|
|
|
|
hpicfGRpSwitchConfig
|
|
OBJECT IDENTIFIER ::= { hpicfGenericRepeater 5 }
|
|
|
|
hpicfGRpSwitchTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfGRpSwitchEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of switches, both internal and external,
|
|
connected to ports in this repeater system.
|
|
Typically, internal switches are added by the agent
|
|
and cannot be removed by a management operation.
|
|
External switches may be added or removed by
|
|
management operations using the hpicfGRpSwitchStatus
|
|
object."
|
|
::= { hpicfGRpSwitchConfig 1 }
|
|
|
|
hpicfGRpSwitchEntry OBJECT-TYPE
|
|
SYNTAX HpicfGRpSwitchEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the table, representing a single
|
|
attached switch."
|
|
INDEX { hpicfGRpSwitchIndex }
|
|
::= { hpicfGRpSwitchTable 1 }
|
|
|
|
HpicfGRpSwitchEntry ::=
|
|
SEQUENCE {
|
|
hpicfGRpSwitchIndex Integer32,
|
|
hpicfGRpSwitchType INTEGER,
|
|
hpicfGRpSwitchEntPhysicalIndex Integer32,
|
|
hpicfGRpSwitchLinkCount Integer32,
|
|
hpicfGRpSwitchStatus RowStatus
|
|
}
|
|
|
|
hpicfGRpSwitchIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..31)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index used to uniquely identify this switch."
|
|
::= { hpicfGRpSwitchEntry 1 }
|
|
|
|
hpicfGRpSwitchType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
internal(1),
|
|
external(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether this switch is an
|
|
internal switch card or a switch external to the
|
|
repeater system. This object will always be equal
|
|
to 'external' for rows that are created using
|
|
hpicfGRpSwitchStatus. For internal switches, the
|
|
type of internal switch can be determined by
|
|
examining the relevant instance of the
|
|
entPhysicalType object."
|
|
::= { hpicfGRpSwitchEntry 2 }
|
|
|
|
hpicfGRpSwitchEntPhysicalIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"For an internal switch, this object is the index
|
|
in the entPhysicalTable for the internal switch
|
|
card. For an external switch, the value of this
|
|
object will be zero."
|
|
::= { hpicfGRpSwitchEntry 3 }
|
|
|
|
hpicfGRpSwitchLinkCount OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of links from this switch's ports to
|
|
repeater ports in this repeater system. For internal
|
|
switches, this object cannot be modified by a network
|
|
management operation. For an external switch, when
|
|
this object is set, a number of rows will be added to
|
|
the hpicfGRpSwitchLinkTable equal to the value of
|
|
this object. The values of hpicfGRpSwitchLinkIndex
|
|
will be numbered from 1 to the value of this object.
|
|
|
|
An instance of this object may not be modified if
|
|
the corresponding instance of the
|
|
hpicfGRpSwitchStatus object would be equal to
|
|
'active' both before and after the modification
|
|
attempt."
|
|
::= { hpicfGRpSwitchEntry 4 }
|
|
|
|
hpicfGRpSwitchStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this hpicfGRpSwitchEntry.
|
|
|
|
An entry may not exist in the active state unless
|
|
the associated instance of the
|
|
hpicfGRpSwitchLinkCount has been set to a non-zero
|
|
value, and all associated instances of the
|
|
hpicfGRpSwitchLinkRptrGroup and
|
|
hpicfGRpSwitchLinkRptrPort objects have been set to
|
|
non-zero values.
|
|
|
|
If this object is set to 'destroy', all associated
|
|
entries in the hpicfGRpSwitchLinkTable shall be
|
|
deleted."
|
|
::= { hpicfGRpSwitchEntry 5 }
|
|
|
|
|
|
hpicfGRpSwitchLinkTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfGRpSwitchLinkEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of links to switch ports for both internal
|
|
and external switches that are connected to repeater
|
|
ports in this repeater system."
|
|
::= { hpicfGRpSwitchConfig 2 }
|
|
|
|
hpicfGRpSwitchLinkEntry OBJECT-TYPE
|
|
SYNTAX HpicfGRpSwitchLinkEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the table, representing a single link
|
|
to a switch port."
|
|
INDEX { hpicfGRpSwitchIndex,
|
|
hpicfGRpSwitchLinkIndex }
|
|
::= { hpicfGRpSwitchLinkTable 1 }
|
|
|
|
HpicfGRpSwitchLinkEntry ::=
|
|
SEQUENCE {
|
|
hpicfGRpSwitchLinkIndex Integer32,
|
|
hpicfGRpSwitchLinkRptrGroup Integer32,
|
|
hpicfGRpSwitchLinkRptrPort Integer32,
|
|
hpicfGRpSwitchLinkState INTEGER
|
|
}
|
|
|
|
hpicfGRpSwitchLinkIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..255)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An identifier that uniquely identifies this switch
|
|
link among all of the links associated with this
|
|
switch. The values of this object are numbered
|
|
consecutively from 1 to the value of the instance
|
|
of the hpicfGRpSwitchLinkCount associated with this
|
|
switch."
|
|
::= { hpicfGRpSwitchLinkEntry 1 }
|
|
|
|
hpicfGRpSwitchLinkRptrGroup OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The group containing the repeater port to which this
|
|
switch link is attached. For internal switches, this
|
|
object may not be modified by a network management
|
|
operation. For external switches, an instance of
|
|
this object will be created with the value of zero.
|
|
It must be modified to a non-zero value corresponding
|
|
to a known repeater group index before the instance
|
|
of the hpicfGRpSwitchStatus object associated with
|
|
this switch can be set to 'active'.
|
|
|
|
An instance of this object may not be modified if
|
|
the instance of the hpicfGRpSwitchStatus object
|
|
associated with this switch would be equal to
|
|
'active' both before and after the modification
|
|
attempt."
|
|
::= { hpicfGRpSwitchLinkEntry 2 }
|
|
|
|
hpicfGRpSwitchLinkRptrPort OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The repeater port within the group to which this
|
|
switch link is attached. For internal switches, this
|
|
object may not be modified by a network management
|
|
operation. For external switches, an instance of
|
|
this object will be created with the value of zero.
|
|
It must be modified to a non-zero value corresponding
|
|
to a known repeater port index before the instance
|
|
of the hpicfGRpSwitchStatus object associated with
|
|
this switch can be set to 'active'.
|
|
|
|
An instance of this object may not be modified if
|
|
the instance of the hpicfGRpSwitchStatus object
|
|
associated with this switch would be equal to
|
|
'active' both before and after the modification
|
|
attempt."
|
|
::= { hpicfGRpSwitchLinkEntry 3 }
|
|
|
|
hpicfGRpSwitchLinkState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
redundant(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether this switch link is
|
|
enabled ('active') or disabled ('redundant') due to
|
|
one of the following:
|
|
|
|
- There are more links to this switch than there
|
|
are repeater segments.
|
|
- The agent detected a switching loop.
|
|
- The link is intended as a backup connection for
|
|
other links on this switch.
|
|
|
|
There can only be one active link to the switch from
|
|
each repeater segment, otherwise you will have a
|
|
switching loop. Therefore, if more than one switch
|
|
link is connected to repeater ports on the same
|
|
repeater segment, only one of them may have the value
|
|
'active'. All of the others must have the value
|
|
'redundant."
|
|
::= { hpicfGRpSwitchLinkEntry 4 }
|
|
|
|
|
|
hpicfGRpCurrentPrimarySwitch OBJECT-TYPE
|
|
SYNTAX Integer32 (0..31)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The hpicfGRpSwitchIndex of the switch that is
|
|
currently the primary switch for this stack. The
|
|
automatic port-to-segment distribution feature will
|
|
make decisions based on which switch is the primary
|
|
switch. A value of 0 indicates that there are no
|
|
internal switches in the system, and no external
|
|
switches have been configured."
|
|
::= { hpicfGRpSwitchConfig 3 }
|
|
|
|
hpicfGRpDesiredPrimarySwitch OBJECT-TYPE
|
|
SYNTAX Integer32 (0..31)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The hpicfGRpSwitchIndex of the switch that the
|
|
network administrator wants to be the primary switch
|
|
for this stack. If the value of this object is zero,
|
|
the agent will select the primary switch. Note that
|
|
the agent may choose to use a different switch as the
|
|
primary switch if it is unable to locate the switch
|
|
identified by this object."
|
|
::= { hpicfGRpSwitchConfig 4 }
|
|
|
|
|
|
-- Objects for configuring an internal bridge for
|
|
-- bridging between repeater segments in a repeater
|
|
-- system.
|
|
|
|
hpicfGRpBridge
|
|
OBJECT IDENTIFIER ::= { hpicfGenericRepeater 6 }
|
|
|
|
hpGRpBridgeAdminStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { hpicfGRpBridge 1 }
|
|
|
|
|
|
-- Generic repeater notifications
|
|
|
|
hpicfIntrusionTrap NOTIFICATION-TYPE
|
|
OBJECTS { hubIntruderGroup, hubIntruderPort,
|
|
hubIntruderAddress, hubIntruderType,
|
|
hubIntruderTrainingViolation }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The hpicfIntrusionTrap signifies that a port
|
|
security violation has been detected on a port which
|
|
has the hubSecPtAlarmEnable flag set to 'enabled'.
|
|
or hpSecPtrIntrusionResponse set to 'SendTrap'
|
|
or 'SendTrapAndDisablePort'.
|
|
hubIntruderGroup identifies the group containing the
|
|
port on which this intrusion occurred.
|
|
hubIntruderPort identifies the port within the group
|
|
on which this intrusion occurred. hubIntruderAddress
|
|
contains the souce MAC address of the intruder.
|
|
hubIntruderType identifies the type of violation that
|
|
occured: address, training, or both. If the
|
|
violation is of type 'training', the
|
|
hubIntruderTrainingViolation object will indicate
|
|
additional information on the type of violation."
|
|
::= { hpicfGenRptrTrapsPrefix 1 }
|
|
|
|
hpicfBackupLinkTrap NOTIFICATION-TYPE
|
|
OBJECTS { hpicfBackupLinkState }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The hpicfBackupLinkTrap signifies that the primary
|
|
link for a backup link configuration has failed, and
|
|
the agent has switched over to using the backup link.
|
|
The instance of the hpicfBackupLinkState for the
|
|
backup link configuration that experienced the
|
|
primary link failure is included in the trap."
|
|
::= { hpicfGenRptrTrapsPrefix 2 }
|
|
|
|
|
|
-- conformance information
|
|
|
|
hpicfGenRptrConformance
|
|
OBJECT IDENTIFIER ::= { hpicfGenRptrMib 1 }
|
|
|
|
hpicfGenRptrCompliances
|
|
OBJECT IDENTIFIER ::= { hpicfGenRptrConformance 1 }
|
|
hpicfGenRptrGroups
|
|
OBJECT IDENTIFIER ::= { hpicfGenRptrConformance 2 }
|
|
|
|
|
|
-- compliance statements
|
|
|
|
hpicfHubSecurityCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS COMPLIANCE IS DEPRECATED *********
|
|
|
|
The compliance statement for agents implementing
|
|
per-port security in a single-repeater 802.3
|
|
repeater system."
|
|
MODULE
|
|
MANDATORY-GROUPS { hpicfHubSecurityGroup }
|
|
|
|
::= { hpicfGenRptrCompliances 1 }
|
|
|
|
hpicfGenRptrBasicCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS COMPLIANCE IS DEPRECATED *********
|
|
|
|
The compliance statement for agents implementing
|
|
management for a single repeater."
|
|
MODULE
|
|
MANDATORY-GROUPS { hpicfGenRptrBasicGroup }
|
|
|
|
GROUP hpicfGenRptrSecPtGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support per-port security."
|
|
|
|
GROUP hpicfGenRptrSecNotifyGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support per-port security."
|
|
|
|
OBJECT hubSecPtPreventEavesdrop
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"100VG hubs implement this object as read-only,
|
|
since eavesdrop prevention is controlled by
|
|
whether or not a port is allowed to train as
|
|
promiscuous."
|
|
|
|
::= { hpicfGenRptrCompliances 2 }
|
|
|
|
hpicfGenRptrSecurityCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS COMPLIANCE IS DEPRECATED *********
|
|
|
|
The compliance statement for AdvanceStack 100VG
|
|
slaves implementing security."
|
|
MODULE
|
|
MANDATORY-GROUPS { hpicfGenRptrSecPtGroup,
|
|
hpicfGenRptrSecNotifyGroup }
|
|
|
|
OBJECT hubSecPtPreventEavesdrop
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"100VG hubs implement this object as read-only,
|
|
since eavesdrop prevention is controlled by
|
|
whether or not a port is allowed to train as
|
|
promiscuous."
|
|
|
|
::= { hpicfGenRptrCompliances 3 }
|
|
|
|
hpicfGenRptrCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS COMPLIANCE IS DEPRECATED *********
|
|
|
|
The compliance statement for HP managed repeater
|
|
systems."
|
|
MODULE
|
|
MANDATORY-GROUPS { hpicfGenRptrBasicGroup,
|
|
hpicfGenRptrInfoGroup }
|
|
|
|
GROUP hpicfGenRptrSecPtGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support per-port security."
|
|
|
|
GROUP hpicfGenRptrSecNotifyGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support per-port security."
|
|
|
|
GROUP hpicfGenRptrBkpLinkGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support backup link functionality."
|
|
|
|
GROUP hpicfGenRptrBkpLinkNotifyGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support backup link functionality."
|
|
|
|
GROUP hpicfGenRptrPortMappingGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support moving segments or ports between
|
|
logical repeaters."
|
|
|
|
GROUP hpicfGenRptrLoadBalanceGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that have multiple repeater segments and an
|
|
internal switch card and that support load
|
|
balancing between segments."
|
|
|
|
OBJECT hubSecPtPreventEavesdrop
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"100VG hubs implement this object as read-only,
|
|
since eavesdrop prevention is controlled by
|
|
whether or not a port is allowed to train as
|
|
promiscuous."
|
|
|
|
::= { hpicfGenRptrCompliances 4 }
|
|
|
|
hpicfGenRptrCompliance2 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for HP managed repeater
|
|
systems."
|
|
MODULE
|
|
MANDATORY-GROUPS { hpicfGenRptrBasicGroup,
|
|
hpicfGenRptrInfoGroup }
|
|
|
|
GROUP hpicfGenRptrSecPtGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support per-port security."
|
|
|
|
GROUP hpicfGenRptrSecNotifyGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support per-port security."
|
|
|
|
GROUP hpicfGenRptrBkpLinkGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support backup link functionality."
|
|
|
|
GROUP hpicfGenRptrBkpLinkNotifyGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support backup link functionality."
|
|
|
|
GROUP hpicfGenRptrPortMappingGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support moving segments or ports between
|
|
logical repeaters."
|
|
|
|
GROUP hpicfGenRptrLoadBalanceGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that have multiple repeater segments, that can
|
|
support internal switch cards and/or
|
|
configuration of external switch links, and that
|
|
support load balancing between segments."
|
|
|
|
GROUP hpicfGenRptrSwitchConfigGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for repeaters
|
|
that have multiple repeater segments and support
|
|
internal switch cards and/or configuration of
|
|
external switch links."
|
|
|
|
OBJECT hubSecPtPreventEavesdrop
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"100VG hubs implement this object as read-only,
|
|
since eavesdrop prevention is controlled by
|
|
whether or not a port is allowed to train as
|
|
promiscuous."
|
|
|
|
::= { hpicfGenRptrCompliances 5 }
|
|
|
|
hpicfGenRptrCompliance3 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for HP managed repeater
|
|
systems."
|
|
MODULE
|
|
MANDATORY-GROUPS { hpicfGenRptrBasicGroup }
|
|
|
|
GROUP hpicfGenRptrInfoGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support multiple repeater segments
|
|
running at the same speed."
|
|
|
|
GROUP hpicfGenRptrSecPtGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support per-port security."
|
|
|
|
GROUP hpicfSecPtGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support per-port security with multiple
|
|
authorized addresses per port."
|
|
|
|
GROUP hpicfGenRptrSecNotifyGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support per-port security."
|
|
|
|
GROUP hpicfGenRptrBkpLinkGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support backup link functionality."
|
|
|
|
GROUP hpicfGenRptrBkpLinkNotifyGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support backup link functionality."
|
|
|
|
GROUP hpicfGenRptrPortMappingGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that support moving segments or ports between
|
|
logical repeaters."
|
|
|
|
GROUP hpicfGenRptrLoadBalanceGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for devices
|
|
that have multiple repeater segments, that can
|
|
support internal switch cards and/or
|
|
configuration of external switch links, and that
|
|
support load balancing between segments."
|
|
|
|
GROUP hpicfGenRptrSwitchConfigGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for repeaters
|
|
that have multiple repeater segments and support
|
|
internal switch cards and/or configuration of
|
|
external switch links."
|
|
|
|
GROUP hpicfGenRptrBridgeGroup
|
|
DESCRIPTION
|
|
"This group should be implemented for repeater
|
|
systems that have an internal unmanaged bridge."
|
|
|
|
OBJECT hubSecPtPreventEavesdrop
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"100VG hubs implement this object as read-only,
|
|
since eavesdrop prevention is controlled by
|
|
whether or not a port is allowed to train as
|
|
promiscuous."
|
|
|
|
::= { hpicfGenRptrCompliances 6 }
|
|
|
|
hpicfGenRptrMultiSecOnlyCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION "********* THIS COMPLIANCE IS DEPRECATED *********
|
|
|
|
The compliance statement for non-repeater devices
|
|
that implement per-port security with multiple
|
|
authorized address per port."
|
|
MODULE
|
|
MANDATORY-GROUPS { hpicfSecPtGroup }
|
|
|
|
::= { hpicfGenRptrCompliances 7 }
|
|
|
|
hpicfGenRptrMultiSecOnlyCompliance2 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The updated compliance statement for non-repeater
|
|
devices that implement per-port security with multiple
|
|
authorized address per port."
|
|
MODULE
|
|
MANDATORY-GROUPS { hpicfSecPtGroup2 }
|
|
|
|
::= { hpicfGenRptrCompliances 8 }
|
|
|
|
|
|
-- units of conformance
|
|
|
|
|
|
hpicfHubSecurityGroup OBJECT-GROUP
|
|
OBJECTS { hubSecPtGroupIndex,
|
|
hubSecPtPortIndex,
|
|
hubSecPtSecurityAddress,
|
|
hubSecPtAuthorizedAddress,
|
|
hubSecPtPreventEavesdrop,
|
|
hubSecPtAlarmEnable,
|
|
hubSecPtIntrusionFlag,
|
|
hubIntruderIndex,
|
|
hubIntruderGroup,
|
|
hubIntruderPort,
|
|
hubIntruderAddress,
|
|
hubIntruderTime
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS GROUP IS DEPRECATED *********
|
|
|
|
A collection of objects for managing per-port
|
|
security violations for a managed 802.3 repeater
|
|
system."
|
|
::= { hpicfGenRptrGroups 1 }
|
|
|
|
hpicfGenRptrBasicGroup OBJECT-GROUP
|
|
OBJECTS { hpGRpSelfHealEnable }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for basic configuration
|
|
of a system containing repeaters."
|
|
::= { hpicfGenRptrGroups 2 }
|
|
|
|
hpicfGenRptrSecPtGroup OBJECT-GROUP
|
|
OBJECTS { hubSecPtGroupIndex,
|
|
hubSecPtPortIndex,
|
|
hubSecPtSecurityAddress,
|
|
hubSecPtAuthorizedAddress,
|
|
hubSecPtPreventEavesdrop,
|
|
hubSecPtAlarmEnable,
|
|
hubSecPtIntrusionFlag,
|
|
hubIntruderIndex,
|
|
hubIntruderGroup,
|
|
hubIntruderPort,
|
|
hubIntruderAddress,
|
|
hubIntruderTime,
|
|
hubIntruderType,
|
|
hubIntruderTrainingViolation
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for managing per-port
|
|
security in a managed repeater system."
|
|
::= { hpicfGenRptrGroups 3 }
|
|
|
|
hpicfGenRptrInfoGroup OBJECT-GROUP
|
|
OBJECTS { hpGRpRepeaterIfIndex,
|
|
hpGRpRepeaterName,
|
|
hpGRpRepeaterVlanIndex
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing information
|
|
about logical repeaters in a system."
|
|
::= { hpicfGenRptrGroups 4 }
|
|
|
|
hpicfGenRptrBkpLinkGroup OBJECT-GROUP
|
|
OBJECTS { hpicfBackupLinkNextIndex,
|
|
hpicfBackupLinkPrimaryGroup,
|
|
hpicfBackupLinkPrimaryPort,
|
|
hpicfBackupLinkBackupGroup,
|
|
hpicfBackupLinkBackupPort,
|
|
hpicfBackupLinkAddress,
|
|
hpicfBackupLinkTestTime,
|
|
hpicfBackupLinkConsecFailures,
|
|
hpicfBackupLinkState,
|
|
hpicfBackupLinkFailEventIndex,
|
|
hpicfBackupLinkStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for configuring backup
|
|
links in a managed repeater system."
|
|
::= { hpicfGenRptrGroups 5 }
|
|
|
|
hpicfGenRptrPortMappingGroup OBJECT-GROUP
|
|
OBJECTS { hpGRpPMCurrentRptrIndex,
|
|
hpGRpPMSegAllowedRptrIndex,
|
|
hpGRpPMPortEntPhysicalIndex,
|
|
hpGRpPMPortCurrentRptrIndex,
|
|
hpGRpPMPortAllowedRptrIndex,
|
|
hpGRpPortMapAutoConfigEnable
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for mapping repeater
|
|
segments and repeater ports to logical repeaters."
|
|
::= { hpicfGenRptrGroups 6 }
|
|
|
|
hpicfGenRptrLoadBalanceGroup OBJECT-GROUP
|
|
OBJECTS { hpGRpLoadBalanceNow,
|
|
hpGRpLastLoadBalanceTime
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for managing segment
|
|
load balancing on multisegment repeaters with
|
|
internal switches."
|
|
::= { hpicfGenRptrGroups 7 }
|
|
|
|
hpicfGenRptrSwitchConfigGroup OBJECT-GROUP
|
|
OBJECTS { hpicfGRpSwitchType,
|
|
hpicfGRpSwitchEntPhysicalIndex,
|
|
hpicfGRpSwitchLinkCount,
|
|
hpicfGRpSwitchStatus,
|
|
hpicfGRpSwitchLinkRptrGroup,
|
|
hpicfGRpSwitchLinkRptrPort,
|
|
hpicfGRpSwitchLinkState,
|
|
hpicfGRpCurrentPrimarySwitch,
|
|
hpicfGRpDesiredPrimarySwitch
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of Objects for configuring internal and
|
|
external switches for switching between repeater
|
|
segments in a repeater system."
|
|
::= { hpicfGenRptrGroups 8 }
|
|
|
|
hpicfGenRptrSecNotifyGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS { hpicfIntrusionTrap }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications used to indicate
|
|
per-port security violations."
|
|
::= { hpicfGenRptrGroups 9 }
|
|
|
|
hpicfGenRptrBkpLinkNotifyGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS { hpicfBackupLinkTrap }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications used to indicate
|
|
state changes on a backup link."
|
|
::= { hpicfGenRptrGroups 10 }
|
|
|
|
hpicfSecPtGroup OBJECT-GROUP
|
|
OBJECTS { hpSecPtAddressLimit,
|
|
hpSecPtLearnMode,
|
|
hpSecPtPreventEavesdrop,
|
|
hpSecPtAlarmEnable,
|
|
hpSecPtIntrusionFlag,
|
|
hpSecCfgStatus,
|
|
hpSecAuthAddress,
|
|
hubIntruderIndex,
|
|
hubIntruderGroup,
|
|
hubIntruderPort,
|
|
hubIntruderAddress,
|
|
hubIntruderTime,
|
|
hubIntruderType,
|
|
hubIntruderTrainingViolation
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"********* THIS GROUP IS DEPRECATED *********
|
|
|
|
A collection of objects for managing per-port
|
|
security in a managed repeater or switch system."
|
|
::= { hpicfGenRptrGroups 11 }
|
|
|
|
hpicfGenRptrBridgeGroup OBJECT-GROUP
|
|
OBJECTS { hpGRpBridgeAdminStatus }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for basic configuration
|
|
of repeater system containing internal bridging."
|
|
::= { hpicfGenRptrGroups 12 }
|
|
|
|
hpicfSecPtGroup2 OBJECT-GROUP
|
|
OBJECTS { hpSecPtAddressLimit,
|
|
hpSecPtLearnMode,
|
|
hpSecPtAlarmEnable,
|
|
hpSecPtIntrusionFlag,
|
|
hpSecCfgStatus,
|
|
hpSecAuthAddress,
|
|
hubIntruderIndex,
|
|
hubIntruderGroup,
|
|
hubIntruderPort,
|
|
hubIntruderAddress,
|
|
hubIntruderTime,
|
|
hubIntruderType,
|
|
hubIntruderTrainingViolation
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for managing per-port
|
|
security in a managed repeater or switch system."
|
|
::= { hpicfGenRptrGroups 13 }
|
|
|
|
END
|
|
|