mibs/MIBS/linksys/LINKSYS-BRIDGE-SECURITY

LINKSYS-BRIDGE-SECURITY DEFINITIONS ::= BEGIN

-- Version:    7.43
-- Date:       02-Apr-2006

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE,
    Unsigned32, IpAddress, Counter32                FROM SNMPv2-SMI
    InterfaceIndex, ifIndex                         FROM IF-MIB
    RowStatus, TEXTUAL-CONVENTION, MacAddress,
    DisplayString, TruthValue                       FROM SNMPv2-TC
    VlanId                                          FROM Q-BRIDGE-MIB
    rnd                                             FROM LINKSYS-MIB;

rlBridgeSecurity MODULE-IDENTITY
        LAST-UPDATED "200604020000Z"
        ORGANIZATION ""
        CONTACT-INFO ""
        DESCRIPTION
                "The private MIB module definition for DHCP Snoop, ARP Inspection
                and Ip source Guard features."
        ::= { rnd  112}

rlIpDhcpSnoop OBJECT IDENTIFIER ::= { rlBridgeSecurity  1}

rlIpSourceGuard OBJECT IDENTIFIER ::= { rlBridgeSecurity  2}

rlIpArpInspect OBJECT IDENTIFIER ::= { rlBridgeSecurity  3}

rlProtocolFiltering OBJECT IDENTIFIER ::= { rlBridgeSecurity  4}
--
-- DHCP Snoop
--
rlIpDhcpSnoopMibVersion OBJECT-TYPE
    SYNTAX      INTEGER
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "MIB's version, the current version is 1."
    ::= { rlIpDhcpSnoop 1 }

rlIpDhcpSnoopEnable OBJECT-TYPE
    SYNTAX INTEGER{
       enable(1),
       disable(2)
    }
   MAX-ACCESS read-write
   STATUS current
   DESCRIPTION       "Specifies a system DHCP Snoop enable state."
   ::= { rlIpDhcpSnoop 2 }

rlIpDhcpSnoopFileEnable OBJECT-TYPE
    SYNTAX INTEGER{
       enable(1),
       disable(2)
    }
   MAX-ACCESS read-write
   STATUS current
   DESCRIPTION       "Specifies a system DHCP Snoop file enable state."
   ::= { rlIpDhcpSnoop 3 }

rlIpDhcpSnoopClearAction OBJECT-TYPE
    SYNTAX      INTEGER {
       noAction(1),  -- for get only
       clearNow(2)
     }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Used to clear DHCP Snoop Table."
    ::= { rlIpDhcpSnoop 4 }

rlIpDhcpSnoopFileUpdateTime OBJECT-TYPE
    SYNTAX      INTEGER(600..86400)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Configures in seconds the period of time between file updates.
        The valid range is 600 - 86400."
    ::= { rlIpDhcpSnoop 5 }

rlIpDhcpSnoopVerifyMacAddress OBJECT-TYPE
    SYNTAX INTEGER{
       enable(1),
       disable(2)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Configures on an un-trusted port whether the source MAC address in a DHCP packet matches
         the client hardware address."
    ::= { rlIpDhcpSnoop 6 }

rlIpDhcpSnoopCurrentEntiresNumber OBJECT-TYPE
    SYNTAX      INTEGER
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contain the current number of DHCP snooping entries for all types."
    ::= { rlIpDhcpSnoop 7 }

rlIpDhcpOpt82InsertionEnable OBJECT-TYPE
    SYNTAX INTEGER{
       enable(1),
       disable(2)
    }
   MAX-ACCESS read-write
   STATUS current
   DESCRIPTION       "Specifies a DHCP option 82 insertion enable state."
   ::= { rlIpDhcpSnoop 8 }

rlIpDhcpOpt82RxOnUntrustedEnable OBJECT-TYPE
    SYNTAX INTEGER{
       enable(1),
       disable(2)
    }
   MAX-ACCESS read-write
   STATUS current
   DESCRIPTION       "Specifies a DHCP option 82 receive on untrusted port enable state."
   ::= { rlIpDhcpSnoop 9 }

--
-- Dhcp Snoop Static table
--
rlIpDhcpSnoopStaticTable  OBJECT-TYPE
  SYNTAX  SEQUENCE OF RlIpDhcpSnoopStaticEntry
  MAX-ACCESS  not-accessible
  STATUS current
  DESCRIPTION      "The table specifies all DHCP Snoop Static (configured by user) entries.
                   The entry contains a local IP address of the DHCP client, a Port interface to which a DHCP client is connected to the switch."
  ::= { rlIpDhcpSnoop 10 }

rlIpDhcpSnoopStaticEntry OBJECT-TYPE
   SYNTAX  RlIpDhcpSnoopStaticEntry
   MAX-ACCESS  not-accessible
   STATUS current
   DESCRIPTION        "The row definition for this table."
   INDEX {rlIpDhcpSnoopStaticVLANTag,
           rlIpDhcpSnoopStaticMACAddress}
::= { rlIpDhcpSnoopStaticTable 1 }

RlIpDhcpSnoopStaticEntry ::= SEQUENCE {
   rlIpDhcpSnoopStaticVLANTag          VlanId,
   rlIpDhcpSnoopStaticMACAddress       MacAddress,
   rlIpDhcpSnoopStaticIPAddress        IpAddress,
   rlIpDhcpSnoopStaticPortInterface    InterfaceIndex,
   rlIpDhcpSnoopStaticRowStatus        RowStatus
}
rlIpDhcpSnoopStaticVLANTag OBJECT-TYPE
    SYNTAX      VlanId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "A DHCP Snoop Static entry vlan tag."
    ::= { rlIpDhcpSnoopStaticEntry 1 }

rlIpDhcpSnoopStaticMACAddress OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "A DHCP Snoop Static entry mac address"
    ::= { rlIpDhcpSnoopStaticEntry 2 }

rlIpDhcpSnoopStaticIPAddress OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "A DHCP Snoop Static entry IP address."
  ::= { rlIpDhcpSnoopStaticEntry  3 }

rlIpDhcpSnoopStaticPortInterface OBJECT-TYPE
  SYNTAX       InterfaceIndex
  MAX-ACCESS   read-write
  STATUS       current
  DESCRIPTION
     "A DHCP Snoop Static entry Port interface."
  ::= { rlIpDhcpSnoopStaticEntry  4 }

rlIpDhcpSnoopStaticRowStatus OBJECT-TYPE
   SYNTAX      RowStatus
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
     "A status can be destroy, active or createAndGo"
  ::= { rlIpDhcpSnoopStaticEntry  5 }

--
-- Dhcp Snoop table
--

RlIpDhcpSnoopType  ::= TEXTUAL-CONVENTION
   STATUS current
   DESCRIPTION    "Ip Dhcp Snoop entry type."
   SYNTAX INTEGER {
      learnedByProtocol(1),
      deletedByTimeout(2),
      static(3)
}

rlIpDhcpSnoopTable  OBJECT-TYPE
  SYNTAX  SEQUENCE OF RlIpDhcpSnoopEntry
  MAX-ACCESS  not-accessible
  STATUS      current
  DESCRIPTION      "DHCP Snoop entry. Use to add/delete a dynamic entries and to view all entries (dynamic and static)"
  ::= { rlIpDhcpSnoop 11 }

rlIpDhcpSnoopEntry OBJECT-TYPE
   SYNTAX      RlIpDhcpSnoopEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION        "The row definition for this table."
   INDEX {rlIpDhcpSnoopVLANTag,
           rlIpDhcpSnoopMACAddress}
::= { rlIpDhcpSnoopTable 1 }

RlIpDhcpSnoopEntry ::= SEQUENCE {
   rlIpDhcpSnoopVLANTag          VlanId,
   rlIpDhcpSnoopMACAddress       MacAddress,
   rlIpDhcpSnoopType             RlIpDhcpSnoopType,
   rlIpDhcpSnoopLeaseTime        Unsigned32,
   rlIpDhcpSnoopIPAddress        IpAddress,
   rlIpDhcpSnoopPortInterface    InterfaceIndex,
   rlIpDhcpSnoopRowStatus        RowStatus
}
rlIpDhcpSnoopVLANTag OBJECT-TYPE
    SYNTAX      VlanId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "A DHCP Snoop entry vlan tag."
    ::= { rlIpDhcpSnoopEntry 1 }

rlIpDhcpSnoopMACAddress OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "A DHCP Snoop entry mac address"
    ::= { rlIpDhcpSnoopEntry 2 }

rlIpDhcpSnoopType OBJECT-TYPE
   SYNTAX       RlIpDhcpSnoopType
   MAX-ACCESS   read-write
   STATUS       current
   DESCRIPTION
         "A DHCP Snoop entry type: static or dynamic."
   ::= { rlIpDhcpSnoopEntry 3 }

rlIpDhcpSnoopLeaseTime OBJECT-TYPE
  SYNTAX        Unsigned32
  MAX-ACCESS    read-write
  STATUS        current
  DESCRIPTION
        "A DHCP Snoop lease time. For static entry the lease time is 0xFFFFFFFF"
  ::= { rlIpDhcpSnoopEntry  4 }

rlIpDhcpSnoopIPAddress OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The IP address of the DHCP client referred to in this table entry."
  ::= { rlIpDhcpSnoopEntry  5 }

rlIpDhcpSnoopPortInterface OBJECT-TYPE
  SYNTAX        InterfaceIndex
  MAX-ACCESS    read-write
   STATUS       current
  DESCRIPTION
        "Identifies the port Interface ifindex, which connected to DHCP client identified with the entry."
  ::= { rlIpDhcpSnoopEntry  6 }

rlIpDhcpSnoopRowStatus OBJECT-TYPE
   SYNTAX       RowStatus
   MAX-ACCESS   read-write
   STATUS current
   DESCRIPTION
       "Entry status. A valid status is CreateandGo or Delete."
  ::= { rlIpDhcpSnoopEntry  7 }

--
-- Dhcp Snoop Enable VLAN Table
--
rlIpDhcpSnoopEnableVlanTable  OBJECT-TYPE
  SYNTAX  SEQUENCE OF RlIpDhcpSnoopEnableVlanEntry
  MAX-ACCESS  not-accessible
  STATUS      current
  DESCRIPTION      "An Ip Dhcp Snooping enabled VLAN table."
  ::= { rlIpDhcpSnoop 12 }

rlIpDhcpSnoopEnableVlanEntry OBJECT-TYPE
   SYNTAX      RlIpDhcpSnoopEnableVlanEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION        "An Ip Dhcp Snooping enabled VLAN entry."
   INDEX {rlIpDhcpSnoopEnableVlanTag}
::= { rlIpDhcpSnoopEnableVlanTable 1 }

RlIpDhcpSnoopEnableVlanEntry ::= SEQUENCE {
   rlIpDhcpSnoopEnableVlanTag          VlanId,
   rlIpDhcpSnoopEnableVlanRowStatus    RowStatus
}
rlIpDhcpSnoopEnableVlanTag OBJECT-TYPE
    SYNTAX      VlanId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "A DHCP Snoop entry vlan tag."
    ::= { rlIpDhcpSnoopEnableVlanEntry 1 }

rlIpDhcpSnoopEnableVlanRowStatus OBJECT-TYPE
   SYNTAX       RowStatus
   MAX-ACCESS   read-write
   STATUS current
   DESCRIPTION
       "Entry status. A valid status is CreateandGo and Delete."
  ::= { rlIpDhcpSnoopEnableVlanEntry  2 }

--
-- Dhcp Snoop Trusted ports Table
--
rlIpDhcpSnoopTrustedPortTable  OBJECT-TYPE
  SYNTAX  SEQUENCE OF RlIpDhcpSnoopTrustedPortEntry
  MAX-ACCESS  not-accessible
  STATUS      current
  DESCRIPTION
    "DHCP Snoop Trusted ports entry. The entry created when port is configured as trusted."
  ::= { rlIpDhcpSnoop 13 }

rlIpDhcpSnoopTrustedPortEntry OBJECT-TYPE
   SYNTAX      RlIpDhcpSnoopTrustedPortEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION        "The row definition for this table."
   INDEX {ifIndex}
::= { rlIpDhcpSnoopTrustedPortTable 1 }

RlIpDhcpSnoopTrustedPortEntry ::= SEQUENCE {
   rlIpDhcpSnoopTrustedPortRowStatus       RowStatus
}

rlIpDhcpSnoopTrustedPortRowStatus OBJECT-TYPE
   SYNTAX       RowStatus
   MAX-ACCESS   read-write
   STATUS       current
   DESCRIPTION
       "Entry status. A valid status is CreateandGo or Delete."
  ::= { rlIpDhcpSnoopTrustedPortEntry  2 }

--
--  IP Source Guard
--

rlIpSourceGuardMibVersion OBJECT-TYPE
    SYNTAX      INTEGER
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "MIB's version, the current version is 1."
    ::= { rlIpSourceGuard 1 }

rlIpSourceGuardEnable OBJECT-TYPE
    SYNTAX INTEGER{
       enable(1),
       disable(2)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "FALSE - There is no Ip Source Guard in the system.
        TRUE - Ip Source Guard is enabled on system."
    ::= { rlIpSourceGuard 2 }

rlIpSourceGuardRetryToInsert OBJECT-TYPE
    SYNTAX      INTEGER {
       noAction(0),  -- for get only
       retryToInsertNow(1)
     }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When setted to retryToInsertNow all IP Source Guard inactive entries
        due to resource problem reinserted in the Policy.
        On get always return noAction."
    ::= { rlIpSourceGuard 3 }

rlIpSourceGuardRetryTime OBJECT-TYPE
    SYNTAX      INTEGER (0..600)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Configures in seconds the period of time the application retries to
        insert inactive by resource problem rules. The actual range is 10-600.
        0 used to sign that the timer is not active."
    ::= { rlIpSourceGuard 4 }

--
--  IP Source Guard Ports table
--

rlIpSourceGuardPortTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF RlIpSourceGuardPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "IP Source Guard ports entry. The entry created when IP Source Guard
        enabled on port."
  ::= { rlIpSourceGuard 5 }

rlIpSourceGuardPortEntry OBJECT-TYPE
   SYNTAX      RlIpSourceGuardPortEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION        "The row definition for this table."
   INDEX {ifIndex}
::= { rlIpSourceGuardPortTable 1 }

RlIpSourceGuardPortEntry ::= SEQUENCE {
   rlIpSourceGuardPortRowStatus       RowStatus
}
rlIpSourceGuardPortRowStatus OBJECT-TYPE
   SYNTAX       RowStatus
   MAX-ACCESS   read-write
   STATUS       current
   DESCRIPTION
       "Entry status. A valid status is CreateAndGo or Delete."
  ::= { rlIpSourceGuardPortEntry  2 }

--
--  IP Source Guard table
--

RlIpSourceGuardType  ::= TEXTUAL-CONVENTION
   STATUS current
   DESCRIPTION    "Ip IP Source Guard entry type."
   SYNTAX INTEGER {
      dynamic(1),
      static(2)
}
RlIpSourceGuardStatus  ::= TEXTUAL-CONVENTION
   STATUS current
   DESCRIPTION    "Ip IP Source Guard entry status."
   SYNTAX INTEGER {
      active(1),
      inactive(2)
}
RlIpSourceGuardFailReason  ::= TEXTUAL-CONVENTION
   STATUS current
   DESCRIPTION    "Ip IP Source Guard entry reason."
   SYNTAX INTEGER {
      noProblem(1),
      noResource(2),
      noSnoopVlan(3),
      trustPort(4)
}

rlIpSourceGuardTable  OBJECT-TYPE
  SYNTAX  SEQUENCE OF RlIpSourceGuardEntry
  MAX-ACCESS  not-accessible
  STATUS      current
  DESCRIPTION "IP Source Guard entry. Use to view all entries (dynamic and static)"
  ::= { rlIpSourceGuard 6 }

rlIpSourceGuardEntry OBJECT-TYPE
   SYNTAX      RlIpSourceGuardEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION        "The row definition for this table."
   INDEX {ifIndex,
          rlIpSourceGuardIPAddress,
          rlIpSourceGuardVLANTag}
::= { rlIpSourceGuardTable 1 }

RlIpSourceGuardEntry ::= SEQUENCE {
   rlIpSourceGuardIPAddress         IpAddress,
   rlIpSourceGuardVLANTag           VlanId,
   rlIpSourceGuardMACAddress        MacAddress,
   rlIpSourceGuardType              RlIpSourceGuardType,
   rlIpSourceGuardStatus            RlIpSourceGuardStatus,
   rlIpSourceGuardFailReason        RlIpSourceGuardFailReason
}

rlIpSourceGuardIPAddress OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The IP address of the Ip Source Guard entry."
  ::= { rlIpSourceGuardEntry  1 }

rlIpSourceGuardVLANTag OBJECT-TYPE
    SYNTAX      VlanId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "A Ip Source Guard entry vlan tag."
    ::= { rlIpSourceGuardEntry 2 }

rlIpSourceGuardMACAddress OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
         "A Ip Source Guard entry mac address"
    ::= { rlIpSourceGuardEntry 3 }

rlIpSourceGuardType OBJECT-TYPE
   SYNTAX       RlIpSourceGuardType
   MAX-ACCESS   read-only
   STATUS       current
   DESCRIPTION
         "A Ip Source Guard entry type: static or dynamic."
   ::= { rlIpSourceGuardEntry 4 }

rlIpSourceGuardStatus OBJECT-TYPE
  SYNTAX        RlIpSourceGuardStatus
  MAX-ACCESS    read-only
  STATUS        current
  DESCRIPTION
        "Identifies the status of Ip Source Guard entry."
  ::= { rlIpSourceGuardEntry 5 }

rlIpSourceGuardFailReason OBJECT-TYPE
  SYNTAX        RlIpSourceGuardFailReason
  MAX-ACCESS    read-only
  STATUS        current
  DESCRIPTION
        "Identifies the reason for in-activity of Ip Source Guard entry."
  ::= { rlIpSourceGuardEntry 6 }

--
--  IP Source Guard Permitted rules counter table
--

rlIpSourceGuardPermittedRuleCounterTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF RlIpSourceGuardPermittedRuleCounterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The table includes, per vlan, the IP Source Guard permitted rules counters."
  ::= { rlIpSourceGuard 7 }

rlIpSourceGuardPermittedRuleCounterEntry OBJECT-TYPE
   SYNTAX      RlIpSourceGuardPermittedRuleCounterEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION        "The row definition for this table."
   INDEX {rlIpSourceGuardPermittedRuleCounterVLANTag}
::= { rlIpSourceGuardPermittedRuleCounterTable 1 }

RlIpSourceGuardPermittedRuleCounterEntry ::= SEQUENCE {
   rlIpSourceGuardPermittedRuleCounterVLANTag           VlanId,
   rlIpSourceGuardPermittedRuleCounterNumOfStaticRules  Counter32,
   rlIpSourceGuardPermittedRuleCounterNumOfDhcpRules    Counter32
}
rlIpSourceGuardPermittedRuleCounterVLANTag OBJECT-TYPE
   SYNTAX       VlanId
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
       "Ip Source Guard permitted rules counters entry Vlan tag."
  ::= { rlIpSourceGuardPermittedRuleCounterEntry  1 }

rlIpSourceGuardPermittedRuleCounterNumOfStaticRules OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Number of static rules added by IP Source Guard for the permitted Hosts"
  ::= { rlIpSourceGuardPermittedRuleCounterEntry  2 }

rlIpSourceGuardPermittedRuleCounterNumOfDhcpRules OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Number of rules added by IP Source Guard for the permitted Hosts,
        as a result of DHCP Snooping dynamic information."
  ::= { rlIpSourceGuardPermittedRuleCounterEntry  3 }

--
-- ARP Inspection
--
RlIpArpInspectListNameType  ::= TEXTUAL-CONVENTION
   STATUS current
   DESCRIPTION    "Ip arp inspection list name type."
   SYNTAX DisplayString(SIZE(1..32))

rlIpArpInspectMibVersion OBJECT-TYPE
    SYNTAX      INTEGER
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "MIB's version, the current version is 1."
    ::= { rlIpArpInspect 1 }

rlIpArpInspectEnable OBJECT-TYPE
    SYNTAX INTEGER{
       enable(1),
       disable(2)
    }
   MAX-ACCESS read-write
   STATUS current
   DESCRIPTION       "Specifies a system ARP Inspection enable state."
   ::= { rlIpArpInspect 2 }

rlIpArpInspectLogInterval OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Specify the minimal interval between successive ARP SYSLOG messages.
         0 - message is immediately generated.
         0xFFFFFFFF - messages would not be generated. A legal range is 0-86400."
    ::= { rlIpArpInspect 3 }

rlIpArpInspectValidation OBJECT-TYPE
    SYNTAX INTEGER{
       enable(1),
       disable(2)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Defined a specific check on incoming ARP packets:
         Source MAC: Compare the source MAC address in the Ethernet header against
         the sender MAC address in the ARP body. This check is performed on both ARP requests and responses.
         Destination MAC: Compare the destination MAC address in the Ethernet header against
         the target MAC address in ARP body. This check is performed for ARP responses.
         IP addresses: Compare the ARP body for invalid and unexpected IP addresses.
         Addresses include 0.0.0.0, 255.255.255.255, and all IP multicast addresses."
    ::= { rlIpArpInspect 4 }

--
-- ARP Inspection List table
--
rlIpArpInspectListTable  OBJECT-TYPE
  SYNTAX  SEQUENCE OF RlIpArpInspectListEntry
  MAX-ACCESS  not-accessible
  STATUS current
  DESCRIPTION      "The table specifies all ARP Inspection List entries.
                   The entry contains a list name, list IP address, a list Mac address."
  ::= { rlIpArpInspect 5 }

rlIpArpInspectListEntry OBJECT-TYPE
   SYNTAX  RlIpArpInspectListEntry
   MAX-ACCESS  not-accessible
   STATUS current
   DESCRIPTION        "The row definition for this table."
   INDEX {rlIpArpInspectListName,
           rlIpArpInspectListIPAddress}
::= { rlIpArpInspectListTable 1 }

RlIpArpInspectListEntry ::= SEQUENCE {
    rlIpArpInspectListName         RlIpArpInspectListNameType,
    rlIpArpInspectListIPAddress    IpAddress,
    rlIpArpInspectListMACAddress   MacAddress,
    rlIpArpInspectListRowStatus    RowStatus
}

rlIpArpInspectListName OBJECT-TYPE
    SYNTAX  RlIpArpInspectListNameType
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "The Name of the Access List."
    ::= { rlIpArpInspectListEntry 1}

rlIpArpInspectListIPAddress OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "ARP Inspection List IP address."
  ::= { rlIpArpInspectListEntry  2 }

rlIpArpInspectListMACAddress OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "ARP Inspection List mac address"
    ::= { rlIpArpInspectListEntry 3 }

rlIpArpInspectListRowStatus OBJECT-TYPE
   SYNTAX      RowStatus
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
       "A status can be destroy, active or createAndGo"
  ::= { rlIpArpInspectListEntry  4 }

--
-- Arp Inspection Enable VLAN Table
--
rlIpArpInspectEnableVlanTable  OBJECT-TYPE
  SYNTAX  SEQUENCE OF RlIpArpInspectEnableVlanEntry
  MAX-ACCESS  not-accessible
  STATUS      current
  DESCRIPTION      "An Ip ARP Inspection enabled VLAN table."
  ::= { rlIpArpInspect 6 }

rlIpArpInspectEnableVlanEntry OBJECT-TYPE
   SYNTAX      RlIpArpInspectEnableVlanEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION        "An Ip ARP Inspection enabled VLAN entry."
   INDEX {rlIpArpInspectEnableVlanTag}
::= { rlIpArpInspectEnableVlanTable 1 }

RlIpArpInspectEnableVlanEntry ::= SEQUENCE {
   rlIpArpInspectEnableVlanTag              VlanId,
   rlIpArpInspectAssignedListName           RlIpArpInspectListNameType,
   rlIpArpInspectEnableVlanRowStatus        RowStatus,
   rlIpArpInspectVlanNumOfArpForwarded      Counter32,
   rlIpArpInspectVlanNumOfArpDropped        Counter32,
   rlIpArpInspectVlanNumOfArpMismatched     Counter32,
   rlIpArpInspectVlanClearCountersAction    TruthValue
}

rlIpArpInspectEnableVlanTag OBJECT-TYPE
    SYNTAX      VlanId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
      "An Ip ARP Inspection entry vlan tag."
    ::= { rlIpArpInspectEnableVlanEntry 1 }

rlIpArpInspectAssignedListName OBJECT-TYPE
  SYNTAX        RlIpArpInspectListNameType
  MAX-ACCESS    read-write
  STATUS        current
  DESCRIPTION
    "An Ip ARP Inspection assigned ACL name."
  ::= { rlIpArpInspectEnableVlanEntry 2 }

rlIpArpInspectEnableVlanRowStatus OBJECT-TYPE
   SYNTAX       RowStatus
   MAX-ACCESS   read-write
   STATUS current
   DESCRIPTION
       "Entry status. A valid status is CreateandGo and Delete."
  ::= { rlIpArpInspectEnableVlanEntry  3 }

rlIpArpInspectVlanNumOfArpForwarded OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Total number of forwarded ARP packets, packets which were validated by ARP inspection "
    ::= { rlIpArpInspectEnableVlanEntry 4 }

rlIpArpInspectVlanNumOfArpDropped OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Number of dropped ARP packets, which were validated by ARP inspection
        (mismatch , not-found and dropped for any reason)"
    ::= { rlIpArpInspectEnableVlanEntry 5 }

rlIpArpInspectVlanNumOfArpMismatched OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Number of dropped ARP packets, which were validated by ARP inspection
        and inconsistency was found for IP and MAC (mismatch)"
    ::= { rlIpArpInspectEnableVlanEntry 6 }

rlIpArpInspectVlanClearCountersAction OBJECT-TYPE
    SYNTAX TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "If true, clear (set to zero) all Arp Inspection counters: rlIpArpInspectVlanNumOfArpForwarded ,
        rlIpArpInspectVlanNumOfArpDropped and rlIpArpInspectVlanNumOfArpMismatched"
    DEFVAL{ false }
    ::= { rlIpArpInspectEnableVlanEntry 7 }


--
-- ARP Inspection Trusted ports Table
--
rlIpArpInspectTrustedPortTable  OBJECT-TYPE
  SYNTAX  SEQUENCE OF RlIpArpInspectTrustedPortEntry
  MAX-ACCESS  not-accessible
  STATUS      current
  DESCRIPTION      "ARP Inspection Trusted ports entry. The entry created when port is configured as trusted."
  ::= { rlIpArpInspect 7 }

rlIpArpInspectTrustedPortEntry OBJECT-TYPE
   SYNTAX      RlIpArpInspectTrustedPortEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION        "The row definition for this table."
   INDEX {ifIndex}
::= { rlIpArpInspectTrustedPortTable 1 }

RlIpArpInspectTrustedPortEntry ::= SEQUENCE {
   rlIpArpInspectTrustedPortRowStatus       RowStatus
}
rlIpArpInspectTrustedPortRowStatus OBJECT-TYPE
   SYNTAX       RowStatus
   MAX-ACCESS   read-write
   STATUS current
   DESCRIPTION
       "Entry status. A valid status is CreateandGo or Delete."
  ::= { rlIpArpInspectTrustedPortEntry  2 }


rlIpArpInspectClearCountersAction OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "If true, clear (set to zero) on all vlans: all Arp Inspection counters: rlIpArpInspectVlanNumOfArpForwarded ,
        rlIpArpInspectVlanNumOfArpDropped and rlIpArpInspectVlanNumOfArpMismatched"
    DEFVAL{ false }
    ::= { rlIpArpInspect 8 }

--
-- Protocol Filtering
--
ProtocolFilteringMap ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
    "This TC describes the list of protocol to be filtered.
     The bit 'all(0)' indicates all Cisco protocols in range 0100.0ccc.ccc0 - 0100.0ccc.cccf
     The bit 'cdp(1)' indicates Cisco CDP protocol.
        Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2000.

    The bit 'vtp(2)' indicates Cisco VTP protocol.
        Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2003.

    The bit 'dtp(3)' indicates Cisco DTP protocol.
        Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2004.

    The bit 'udld (4)' indicates Cisco UDLD protocol.
        Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x0111.

    The bit 'pagp(5)' indicates Cisco PAGP protocol.
        Identified by destination mac address: 0100.0ccc.cccc and protocol type: 0x0104.

    The bit 'sstp(6)' indicates Cisco SSTP protocol.
        Identified by destination mac address: 0100.0ccc.cccd.

     "
    SYNTAX  BITS {
            all(0),
            cdp(1),
            vtp(2),
            dtp(3),
            udld(4),
            pagp(5),
            sstp(6)
    }

rlProtocolFilteringTable  OBJECT-TYPE
  SYNTAX  SEQUENCE OF RlProtocolFilteringEntry
  MAX-ACCESS  not-accessible
  STATUS      current
  DESCRIPTION "Protocol filter configuration entry"
  ::= { rlProtocolFiltering 1 }

rlProtocolFilteringEntry OBJECT-TYPE
   SYNTAX      RlProtocolFilteringEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION        "The row definition for this table."
   INDEX {ifIndex}
::= { rlProtocolFilteringTable  1 }

RlProtocolFilteringEntry::= SEQUENCE {
   rlProtocolFilteringList                      ProtocolFilteringMap,
   rlProtocolFilteringRowStatus                 RowStatus
}

rlProtocolFilteringList       OBJECT-TYPE
    SYNTAX      ProtocolFilteringMap
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The list of protocol to be filtered."
  ::= { rlProtocolFilteringEntry 1 }
rlProtocolFilteringRowStatus       OBJECT-TYPE
   SYNTAX      RowStatus
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
     "A status can be destroy, active or createAndGo"
  ::= { rlProtocolFilteringEntry 2 }

END