diff options
Diffstat (limited to 'MIBS/dlink/DLINKSW-PORT-SECURITY-MIB')
| -rw-r--r-- | MIBS/dlink/DLINKSW-PORT-SECURITY-MIB | 550 |
1 files changed, 550 insertions, 0 deletions
diff --git a/MIBS/dlink/DLINKSW-PORT-SECURITY-MIB b/MIBS/dlink/DLINKSW-PORT-SECURITY-MIB new file mode 100644 index 0000000..f334521 --- /dev/null +++ b/MIBS/dlink/DLINKSW-PORT-SECURITY-MIB @@ -0,0 +1,550 @@ +-- *****************************************************************
+-- DLINKSW-PORT-SECURITY-MIB.mib : Port Security MIB
+--
+-- Copyright (c) 2013 D-Link Corporation, all rights reserved.
+--
+-- *****************************************************************
+DLINKSW-PORT-SECURITY-MIB DEFINITIONS ::= BEGIN
+
+ IMPORTS
+ MODULE-IDENTITY,
+ OBJECT-TYPE,
+ NOTIFICATION-TYPE,
+ Unsigned32,
+ Integer32,
+ Counter64
+ FROM SNMPv2-SMI
+ TruthValue,
+ MacAddress,
+ RowStatus
+ FROM SNMPv2-TC
+ MODULE-COMPLIANCE,
+ OBJECT-GROUP
+ FROM SNMPv2-CONF
+ ifIndex, InterfaceIndex
+ FROM IF-MIB
+ VlanId,
+ VlanIdOrNone
+ FROM Q-BRIDGE-MIB
+ dlinkIndustrialCommon
+ FROM DLINK-ID-REC-MIB;
+
+
+ dlinkSwPortSecurityMIB MODULE-IDENTITY
+ LAST-UPDATED "201307300000Z"
+ ORGANIZATION "D-Link Corp."
+ CONTACT-INFO
+ " D-Link Corporation
+
+ Postal: No. 289, Sinhu 3rd Rd., Neihu District,
+ Taipei City 114, Taiwan, R.O.C
+ Tel: +886-2-66000123
+ E-mail: tsd@dlink.com.tw
+ "
+ DESCRIPTION
+ "This MIB module defines objects for port security."
+
+ REVISION "201307300000Z"
+ DESCRIPTION
+ " This is the first version of the MIB file for 'port
+ security' functionality.
+ "
+ ::= { dlinkIndustrialCommon 8 }
+
+-- -----------------------------------------------------------------------------
+ dPortSecNotifications OBJECT IDENTIFIER ::= { dlinkSwPortSecurityMIB 0 }
+ dPortSecObjects OBJECT IDENTIFIER ::= { dlinkSwPortSecurityMIB 1 }
+ dPortSecConformance OBJECT IDENTIFIER ::= { dlinkSwPortSecurityMIB 2 }
+
+-- -----------------------------------------------------------------------------
+-- dPortSecObjects
+-- -----------------------------------------------------------------------------
+ dPortSecGlobalNotifControl OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Set to 'true' to enable global SNMP Notification
+ for port security feature. Setting the object to
+ 'false' will disable SNMP notifications."
+ DEFVAL { false }
+ ::= { dPortSecObjects 1}
+
+ dPortSecGlobalNotifRate OBJECT-TYPE
+ SYNTAX Unsigned32 (0..1000)
+ UNITS "notifications per second"
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Expressed in the number of notifications can be generated
+ per second.
+ The global control configures the rate-limit of
+ SNMP Notification for port security feature. This object
+ specifies the rate at which SNMP Notification is generated
+ when dPortSecIfViolationCount increases. When the rate is over
+ the configured rate, the SNMP Notification is suppressed but it
+ does not affect dPortSecIfViolationCount.
+ A value of 0 indicates that an SNMP Notification is generated
+ for every security violation."
+ DEFVAL { 0 }
+ ::= { dPortSecObjects 2 }
+
+ dPortSecNotifyInfo OBJECT IDENTIFIER ::= { dPortSecObjects 3 }
+
+ dPortSecIfViolationMacAddress OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "This object is also used as a variable in the dPortSecMacAddrViolation
+ notification to contain the value of the MAC address which caused the violation."
+ ::= { dPortSecNotifyInfo 1 }
+
+ dPortSecGlobalMaximumNum OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Indicates the system maximum addresses number (users) allowed.
+ A value of -1 means no-limit. The max entry range is (1..N).
+ The value N means the max number and is determined by the project itself."
+ DEFVAL { -1 }
+ ::= { dPortSecObjects 4}
+
+ dPortSecVlanTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF DPortSecVlanEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The table is used to configure and display port security settings
+ and status for a particular VLAN."
+ ::= { dPortSecObjects 5}
+
+ dPortSecVlanEntry OBJECT-TYPE
+ SYNTAX DPortSecVlanEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry contains port security information for a particular
+ VLAN."
+ INDEX { dPortSecVlanID }
+ ::= { dPortSecVlanTable 1}
+
+ DPortSecVlanEntry ::= SEQUENCE {
+ dPortSecVlanID VlanId,
+ dPortSecVlanMaximumNum Integer32,
+ dPortSecVlanCurrentNum Unsigned32
+ }
+
+ dPortSecVlanID OBJECT-TYPE
+ SYNTAX VlanId
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "This object specifies the VLAN ID for address learning."
+ ::= { dPortSecVlanEntry 1}
+
+ dPortSecVlanMaximumNum OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Indicates the VLAN maximum addresses number (users) allowed.
+ A value of -1 means no-limit. The range is (1..N).
+ The value N means the upper limit and is determined by the project
+ itself."
+ DEFVAL { -1 }
+ ::= { dPortSecVlanEntry 2}
+
+ dPortSecVlanCurrentNum OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Indicates the current number of secure MAC addresses on this VLAN."
+ ::= { dPortSecVlanEntry 3}
+
+ dPortSecIfTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF DPortSecIfEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The table is used to configure and display port security settings
+ and status for a particular interface."
+ ::= { dPortSecObjects 6 }
+
+ dPortSecIfEntry OBJECT-TYPE
+ SYNTAX DPortSecIfEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Entry containing port security information for a particular
+ interface."
+ INDEX { ifIndex }
+ ::= { dPortSecIfTable 1 }
+
+ DPortSecIfEntry ::= SEQUENCE {
+ dPortSecIfEnable TruthValue,
+ dPortSecIfCurrentStatus INTEGER,
+ dPortSecIfMaximumNum Unsigned32,
+ dPortSecIfViolationAction INTEGER,
+ dPortSecIfSecureMode INTEGER,
+ dPortSecIfAgingTime INTEGER,
+ dPortSecIfAgingType INTEGER,
+ dPortSecIfClearDynamicAddr INTEGER,
+ dPortSecIfCurrentNum Unsigned32,
+ dPortSecIfViolationCount Counter64
+ }
+
+ dPortSecIfEnable OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Uses the object to enable or disable port security."
+ DEFVAL { false }
+ ::= { dPortSecIfEntry 1 }
+
+ dPortSecIfCurrentStatus OBJECT-TYPE
+ SYNTAX INTEGER { notEnabled(1), forwarding(2), errDisabled(3) }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "This object represents the operational status
+ of the port security feature on an interface.
+
+ notEnabled(1) - This indicates port security
+ is not enabled.
+ forwarding(2) - This indicates port security is
+ operational.
+ errDisabled(3) - This indicates that the port is
+ shutdown due to port security
+ violation when the object
+ dPortSecIfViolationAction is of type
+ 'shutdown'."
+ ::= { dPortSecIfEntry 2 }
+
+ dPortSecIfMaximumNum OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "This object sets the maximum number of secure MAC addresses
+ (users) allowed."
+ DEFVAL { 32 }
+ ::= { dPortSecIfEntry 3 }
+
+ dPortSecIfViolationAction OBJECT-TYPE
+ SYNTAX INTEGER { protect(1), restrict(2), shutdown(3) }
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "This object sets the action to be taken when a security violation is detected.
+
+ protect(1) - Drops all the packets from the insecure hosts at the
+ port-security process level but does not increment
+ the security-violation count.
+ restrict(2) - Drops all packets from the insecure hosts at the
+ port-security process level and increments the
+ security-violation count.
+ shutdown(3) - Shuts down the port if there is a security violation."
+ DEFVAL { shutdown }
+ ::= { dPortSecIfEntry 4 }
+
+ dPortSecIfSecureMode OBJECT-TYPE
+ SYNTAX INTEGER {
+ permanent(1),
+ deleteOnTimeout(2)
+ }
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Use the object to set the port security mode.
+
+ permanent(1) - Under this mode all learned MAC addresses won't be
+ purged unless a user deletes these entries manually.
+ deleteOnTimeout(2) - Under this mode all learned MAC addresses
+ will be purged when an entry ages out or a user deletes
+ these entries manually."
+ DEFVAL { deleteOnTimeout }
+ ::= { dPortSecIfEntry 5 }
+
+ dPortSecIfAgingTime OBJECT-TYPE
+ SYNTAX INTEGER(0..1440)
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Use the object to set aging time for auto-learned dynamic secured address.
+ When 0 is set on the specified interface, it means the port security aging
+ has been disabled."
+ DEFVAL { 0 }
+ ::= { dPortSecIfEntry 6 }
+
+ dPortSecIfAgingType OBJECT-TYPE
+ SYNTAX INTEGER {
+ absolute(1),
+ inactivity(2)
+ }
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Use the object to set aging type for auto-learned dynamic secured address.
+
+ absolute(1) - Under this aging type, all the secured address on this interface will
+ age out exactly after the time specified.
+ inactivity(2) - Under this aging type, all learned MAC addresses on this interface
+ will age out only if there is no data traffic from the secure source
+ address for the specified time period."
+ DEFVAL { absolute }
+ ::= { dPortSecIfEntry 7 }
+
+ dPortSecIfClearDynamicAddr OBJECT-TYPE
+ SYNTAX INTEGER {
+ clear(1),
+ noOp(2)
+ }
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Setting this object to 'clear' to clear the addresses which will be
+ purged out when an entry is aged out on the corresponding
+ interface.
+ No action is taken if this object is set to 'noOp'.
+ When read, the value 'noOp' is returned."
+ DEFVAL { noOp }
+ ::= { dPortSecIfEntry 8 }
+
+ dPortSecIfCurrentNum OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Indicates the current number of secure MAC addresses
+ on this interface."
+ ::= { dPortSecIfEntry 9 }
+
+ dPortSecIfViolationCount OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Indicates the number of address violations
+ occurred on a secure interface. The counter will
+ be initialized to zero when the port security
+ feature is enabled on an interface."
+ ::= { dPortSecIfEntry 10 }
+-- -----------------------------------------------------------------------------
+ dPortSecAddrTableCurrentNum OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "This object indicates the number of entries present in the dPortSecAddrTable."
+ ::= { dPortSecObjects 7 }
+
+ dPortSecAddrTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF DPortSecAddrEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A list of port security entries containing the secure MAC address
+ information."
+ ::= { dPortSecObjects 8 }
+
+ dPortSecAddrEntry OBJECT-TYPE
+ SYNTAX DPortSecAddrEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry contains secure MAC address information for a particular
+ interface. A secure MAC address can be added by the user
+ and can be added when the device learns a new secure MAC address."
+ INDEX { dPortSecAddrIfIndex, dPortSecAddrVlanID, dPortSecAddrMacAddress }
+ ::= { dPortSecAddrTable 1 }
+
+ DPortSecAddrEntry ::= SEQUENCE {
+ dPortSecAddrIfIndex InterfaceIndex,
+ dPortSecAddrVlanID VlanIdOrNone,
+ dPortSecAddrMacAddress MacAddress,
+ dPortSecAddrSecureMode INTEGER,
+ dPortSecAddrRemainTime INTEGER,
+ dPortSecAddrRowStatus RowStatus
+ }
+
+ dPortSecAddrIfIndex OBJECT-TYPE
+ SYNTAX InterfaceIndex
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The ifIndex value of the interface."
+ ::= { dPortSecAddrEntry 1 }
+
+ dPortSecAddrVlanID OBJECT-TYPE
+ SYNTAX VlanIdOrNone
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "This object specifies the VLAN ID where the user-defined secure
+ MAC address is located. If this object is set to 0 at row creation
+ time, the PVID (default port VLAN ID) will be used for the MAC
+ address."
+ ::= { dPortSecAddrEntry 2 }
+
+ dPortSecAddrMacAddress OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "This object indicates the secure MAC address to gain port access
+ rights."
+ ::= { dPortSecAddrEntry 3 }
+
+ dPortSecAddrSecureMode OBJECT-TYPE
+ SYNTAX INTEGER {
+ permanent(1),
+ deleteOnTimeout(2)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Specifies the secure mode.
+ For manually configured secure MAC addresses, the dPortSecAddrSecureMode is
+ permanent."
+ ::= { dPortSecAddrEntry 4 }
+
+ dPortSecAddrRemainTime OBJECT-TYPE
+ SYNTAX INTEGER
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Specifies the remaining aging time for the auto-learned dynamic secured address."
+ ::= { dPortSecAddrEntry 5 }
+
+ dPortSecAddrRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The status of this conceptual row.
+ This object is used to create and delete instances
+ of this table. In other words, besides 'permanent' secure MAC
+ address, a 'deleteOnTimeout' address can be cleared by
+ this object."
+ ::= { dPortSecAddrEntry 99 }
+
+-- ***************************************************************************
+-- Notifications
+-- ***************************************************************************
+
+ dPortSecMacAddrViolation NOTIFICATION-TYPE
+ OBJECTS {
+ ifIndex,
+ dPortSecIfCurrentStatus,
+ dPortSecIfViolationMacAddress
+ }
+ STATUS current
+ DESCRIPTION
+ "The address violation notification is generated when port security
+ address violation is detected (dPortSecIfViolationCount increases)."
+ ::= { dPortSecNotifications 1 }
+
+-- ***************************************************************************
+-- Conformance
+-- ***************************************************************************
+ dPortSecMIBCompliances
+ OBJECT IDENTIFIER ::= { dPortSecConformance 1 }
+ dPortSecMIBGroups
+ OBJECT IDENTIFIER ::= { dPortSecConformance 2 }
+
+ dPortSecMIBCompliance MODULE-COMPLIANCE
+ STATUS current
+ DESCRIPTION
+ "The compliance statement for the Port Security MIB."
+ MODULE -- this module
+ MANDATORY-GROUPS {
+ dPortSecIfCfgGroup,
+ dPortSecIfStatusGroup,
+ dPortSecAddrGroup
+ }
+ ::= { dPortSecMIBCompliances 1 }
+
+ dPortSecIfCfgGroup OBJECT-GROUP
+ OBJECTS {
+ dPortSecIfEnable,
+ dPortSecIfMaximumNum,
+ dPortSecIfViolationAction,
+ dPortSecIfSecureMode,
+ dPortSecIfAgingTime,
+ dPortSecIfAgingType,
+ dPortSecIfClearDynamicAddr
+ }
+ STATUS current
+ DESCRIPTION
+ "A collection of objects for configuring port
+ security feature."
+ ::= { dPortSecMIBGroups 1 }
+
+ dPortSecIfStatusGroup OBJECT-GROUP
+ OBJECTS {
+ dPortSecIfCurrentNum,
+ dPortSecIfCurrentStatus,
+ dPortSecIfViolationCount
+ }
+ STATUS current
+ DESCRIPTION
+ "A collection of objects providing the counter
+ information for the port security feature."
+ ::= { dPortSecMIBGroups 2 }
+
+ dPortSecAddrGroup OBJECT-GROUP
+ OBJECTS {
+ dPortSecAddrRowStatus,
+ dPortSecAddrSecureMode,
+ dPortSecAddrRemainTime,
+ dPortSecAddrTableCurrentNum
+ }
+ STATUS current
+ DESCRIPTION
+ "A collection of objects providing the address
+ information for the port security feature."
+ ::= { dPortSecMIBGroups 3 }
+
+ dPortSecAddrNumCtrlGroup OBJECT-GROUP
+ OBJECTS {
+ dPortSecGlobalMaximumNum,
+ dPortSecVlanMaximumNum,
+ dPortSecVlanCurrentNum
+ }
+ STATUS current
+ DESCRIPTION
+ "A collection of objects provides the configuration of
+ the maximum secure MAC address number on system or VLAN specific."
+ ::= { dPortSecMIBGroups 4 }
+
+ dPortSecNotifEnableGroup OBJECT-GROUP
+ OBJECTS {
+ dPortSecGlobalNotifControl,
+ dPortSecGlobalNotifRate
+ }
+ STATUS current
+ DESCRIPTION
+ "A collection of object(s) that provides control over
+ port security related notification(s)."
+ ::= { dPortSecMIBGroups 5}
+
+ dPortSecNotifGroup NOTIFICATION-GROUP
+ NOTIFICATIONS {
+ dPortSecMacAddrViolation
+ }
+ STATUS current
+ DESCRIPTION
+ "A collection of notifications providing information
+ about address violation."
+ ::= { dPortSecMIBGroups 6}
+
+
+
+END
+
+
+
|